Revert "[wpa_supplicant] Cumulative patch from c4e90da6d"
This reverts commit 39bc25d3a79c1375de430a7918d949c1a86f70c6.
Test: Compilation
Change-Id: Iae7670429466958911b5296cb1359bceecc0b03e
Exempt-From-Owner-Approval: Revert since it's breaking the build
diff --git a/src/ap/acs.c b/src/ap/acs.c
index 3b45075..6d4c041 100644
--- a/src/ap/acs.c
+++ b/src/ap/acs.c
@@ -13,7 +13,6 @@
#include "utils/common.h"
#include "utils/list.h"
#include "common/ieee802_11_defs.h"
-#include "common/hw_features_common.h"
#include "common/wpa_ctrl.h"
#include "drivers/driver.h"
#include "hostapd.h"
@@ -363,7 +362,7 @@
}
-static int acs_usable_ht40_chan(const struct hostapd_channel_data *chan)
+static int acs_usable_ht40_chan(struct hostapd_channel_data *chan)
{
const int allowed[] = { 36, 44, 52, 60, 100, 108, 116, 124, 132, 149,
157, 184, 192 };
@@ -377,7 +376,7 @@
}
-static int acs_usable_vht80_chan(const struct hostapd_channel_data *chan)
+static int acs_usable_vht80_chan(struct hostapd_channel_data *chan)
{
const int allowed[] = { 36, 52, 100, 116, 132, 149 };
unsigned int i;
@@ -390,19 +389,6 @@
}
-static int acs_usable_vht160_chan(const struct hostapd_channel_data *chan)
-{
- const int allowed[] = { 36, 100 };
- unsigned int i;
-
- for (i = 0; i < ARRAY_SIZE(allowed); i++)
- if (chan->chan == allowed[i])
- return 1;
-
- return 0;
-}
-
-
static int acs_survey_is_sufficient(struct freq_survey *survey)
{
if (!(survey->filled & SURVEY_HAS_NF)) {
@@ -579,7 +565,6 @@
long double factor, ideal_factor = 0;
int i, j;
int n_chans = 1;
- u32 bw;
unsigned int k;
/* TODO: HT40- support */
@@ -594,23 +579,16 @@
iface->conf->secondary_channel)
n_chans = 2;
- if (iface->conf->ieee80211ac) {
- switch (iface->conf->vht_oper_chwidth) {
- case VHT_CHANWIDTH_80MHZ:
- n_chans = 4;
- break;
- case VHT_CHANWIDTH_160MHZ:
- n_chans = 8;
- break;
- }
- }
+ if (iface->conf->ieee80211ac &&
+ iface->conf->vht_oper_chwidth == 1)
+ n_chans = 4;
- bw = num_chan_to_bw(n_chans);
+ /* TODO: VHT80+80, VHT160. Update acs_adjust_vht_center_freq() too. */
- /* TODO: VHT80+80. Update acs_adjust_vht_center_freq() too. */
-
- wpa_printf(MSG_DEBUG,
- "ACS: Survey analysis for selected bandwidth %d MHz", bw);
+ wpa_printf(MSG_DEBUG, "ACS: Survey analysis for selected bandwidth %d MHz",
+ n_chans == 1 ? 20 :
+ n_chans == 2 ? 40 :
+ 80);
for (i = 0; i < iface->current_mode->num_channels; i++) {
double total_weight;
@@ -618,23 +596,12 @@
chan = &iface->current_mode->channels[i];
- /* Since in the current ACS implementation the first channel is
- * always a primary channel, skip channels not available as
- * primary until more sophisticated channel selection is
- * implemented. */
- if (!chan_pri_allowed(chan))
+ if (chan->flag & HOSTAPD_CHAN_DISABLED)
continue;
if (!is_in_chanlist(iface, chan))
continue;
- if (!chan_bw_allowed(chan, bw, 1, 1)) {
- wpa_printf(MSG_DEBUG,
- "ACS: Channel %d: BW %u is not supported",
- chan->chan, bw);
- continue;
- }
-
/* HT40 on 5 GHz has a limited set of primary channels as per
* 11n Annex J */
if (iface->current_mode->mode == HOSTAPD_MODE_IEEE80211A &&
@@ -647,24 +614,12 @@
}
if (iface->current_mode->mode == HOSTAPD_MODE_IEEE80211A &&
- iface->conf->ieee80211ac) {
- if (iface->conf->vht_oper_chwidth ==
- VHT_CHANWIDTH_80MHZ &&
- !acs_usable_vht80_chan(chan)) {
- wpa_printf(MSG_DEBUG,
- "ACS: Channel %d: not allowed as primary channel for VHT80",
- chan->chan);
- continue;
- }
-
- if (iface->conf->vht_oper_chwidth ==
- VHT_CHANWIDTH_160MHZ &&
- !acs_usable_vht160_chan(chan)) {
- wpa_printf(MSG_DEBUG,
- "ACS: Channel %d: not allowed as primary channel for VHT160",
- chan->chan);
- continue;
- }
+ iface->conf->ieee80211ac &&
+ iface->conf->vht_oper_chwidth == 1 &&
+ !acs_usable_vht80_chan(chan)) {
+ wpa_printf(MSG_DEBUG, "ACS: Channel %d: not allowed as primary channel for VHT80",
+ chan->chan);
+ continue;
}
factor = 0;
@@ -677,13 +632,6 @@
if (!adj_chan)
break;
- if (!chan_bw_allowed(adj_chan, bw, 1, 0)) {
- wpa_printf(MSG_DEBUG,
- "ACS: PRI Channel %d: secondary channel %d BW %u is not supported",
- chan->chan, adj_chan->chan, bw);
- break;
- }
-
if (acs_usable_chan(adj_chan)) {
factor += adj_chan->interference_factor;
total_weight += 1;
@@ -796,14 +744,10 @@
case VHT_CHANWIDTH_80MHZ:
offset = 6;
break;
- case VHT_CHANWIDTH_160MHZ:
- offset = 14;
- break;
default:
/* TODO: How can this be calculated? Adjust
* acs_find_ideal_chan() */
- wpa_printf(MSG_INFO,
- "ACS: Only VHT20/40/80/160 is supported now");
+ wpa_printf(MSG_INFO, "ACS: Only VHT20/40/80 is supported now");
return;
}
diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c
index 9611dc0..f9b6f29 100644
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@@ -131,15 +131,6 @@
* This can be enabled by default once the implementation has been fully
* completed and tested with other implementations. */
bss->tls_flags = TLS_CONN_DISABLE_TLSv1_3;
-
- bss->send_probe_response = 1;
-
-#ifdef CONFIG_HS20
- bss->hs20_release = (HS20_VERSION >> 4) + 1;
-#endif /* CONFIG_HS20 */
-
- /* Default to strict CRL checking. */
- bss->check_crl_strict = 1;
}
@@ -202,6 +193,7 @@
conf->beacon_int = 100;
conf->rts_threshold = -1; /* use driver default: 2347 */
conf->fragm_threshold = -1; /* user driver default: 2346 */
+ conf->send_probe_response = 1;
/* Set to invalid value means do not add Power Constraint IE */
conf->local_pwr_constraint = -1;
@@ -241,9 +233,6 @@
* environments for the current frequency band in the country. */
conf->country[2] = ' ';
- conf->rssi_reject_assoc_rssi = 0;
- conf->rssi_reject_assoc_timeout = 30;
-
return conf;
}
@@ -259,12 +248,6 @@
{
FILE *f;
char buf[128], *pos;
- const char *keyid;
- char *context;
- char *context2;
- char *token;
- char *name;
- char *value;
int line = 0, ret = 0, len, ok;
u8 addr[ETH_ALEN];
struct hostapd_wpa_psk *psk;
@@ -294,35 +277,9 @@
if (buf[0] == '\0')
continue;
- context = NULL;
- keyid = NULL;
- while ((token = str_token(buf, " ", &context))) {
- if (!os_strchr(token, '='))
- break;
- context2 = NULL;
- name = str_token(token, "=", &context2);
- value = str_token(token, "", &context2);
- if (!value)
- value = "";
- if (!os_strcmp(name, "keyid")) {
- keyid = value;
- } else {
- wpa_printf(MSG_ERROR,
- "Unrecognized '%s=%s' on line %d in '%s'",
- name, value, line, fname);
- ret = -1;
- break;
- }
- }
-
- if (ret == -1)
- break;
-
- if (!token)
- token = "";
- if (hwaddr_aton(token, addr)) {
+ if (hwaddr_aton(buf, addr)) {
wpa_printf(MSG_ERROR, "Invalid MAC address '%s' on "
- "line %d in '%s'", token, line, fname);
+ "line %d in '%s'", buf, line, fname);
ret = -1;
break;
}
@@ -338,14 +295,15 @@
else
os_memcpy(psk->addr, addr, ETH_ALEN);
- pos = str_token(buf, "", &context);
- if (!pos) {
+ pos = buf + 17;
+ if (*pos == '\0') {
wpa_printf(MSG_ERROR, "No PSK on line %d in '%s'",
line, fname);
os_free(psk);
ret = -1;
break;
}
+ pos++;
ok = 0;
len = os_strlen(pos);
@@ -364,18 +322,6 @@
break;
}
- if (keyid) {
- len = os_strlcpy(psk->keyid, keyid, sizeof(psk->keyid));
- if ((size_t) len >= sizeof(psk->keyid)) {
- wpa_printf(MSG_ERROR,
- "PSK keyid too long on line %d in '%s'",
- line, fname);
- os_free(psk);
- ret = -1;
- break;
- }
- }
-
psk->next = ssid->wpa_psk;
ssid->wpa_psk = psk;
}
@@ -592,7 +538,6 @@
os_free(conf->ocsp_stapling_response_multi);
os_free(conf->dh_file);
os_free(conf->openssl_ciphers);
- os_free(conf->openssl_ecdh_curves);
os_free(conf->pac_opaque_encr_key);
os_free(conf->eap_fast_a_id);
os_free(conf->eap_fast_a_id_info);
@@ -699,7 +644,6 @@
os_free(conf->hs20_operator_icon);
}
os_free(conf->subscr_remediation_url);
- os_free(conf->hs20_sim_provisioning_url);
os_free(conf->t_c_filename);
os_free(conf->t_c_server_url);
#endif /* CONFIG_HS20 */
@@ -1059,15 +1003,6 @@
}
#endif /* CONFIG_MBO */
-#ifdef CONFIG_OCV
- if (full_config && bss->ieee80211w == NO_MGMT_FRAME_PROTECTION &&
- bss->ocv) {
- wpa_printf(MSG_ERROR,
- "OCV: PMF needs to be enabled whenever using OCV");
- return -1;
- }
-#endif /* CONFIG_OCV */
-
return 0;
}
@@ -1211,26 +1146,3 @@
}
}
}
-
-
-int hostapd_sae_pw_id_in_use(struct hostapd_bss_config *conf)
-{
- int with_id = 0, without_id = 0;
- struct sae_password_entry *pw;
-
- if (conf->ssid.wpa_passphrase)
- without_id = 1;
-
- for (pw = conf->sae_passwords; pw; pw = pw->next) {
- if (pw->identifier)
- with_id = 1;
- else
- without_id = 1;
- if (with_id && without_id)
- break;
- }
-
- if (with_id && !without_id)
- return 2;
- return with_id;
-}
diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
index 6963df4..778366d 100644
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -42,7 +42,6 @@
#define MESH_CONF_SEC_AMPE BIT(2)
unsigned int security;
enum mfp_options ieee80211w;
- int ocv;
unsigned int pairwise_cipher;
unsigned int group_cipher;
unsigned int mgmt_group_cipher;
@@ -123,7 +122,6 @@
int vlan_id; /* VLAN ID or -1 (VLAN_ID_WILDCARD) for wildcard entry */
struct vlan_description vlan_desc;
char ifname[IFNAMSIZ + 1];
- char bridge[IFNAMSIZ + 1];
int configured;
int dynamic_vlan;
#ifdef CONFIG_FULL_DYNAMIC_VLAN
@@ -134,7 +132,6 @@
};
#define PMK_LEN 32
-#define KEYID_LEN 32
#define MIN_PASSPHRASE_LEN 8
#define MAX_PASSPHRASE_LEN 63
struct hostapd_sta_wpa_psk_short {
@@ -148,7 +145,6 @@
struct hostapd_wpa_psk {
struct hostapd_wpa_psk *next;
int group;
- char keyid[KEYID_LEN];
u8 psk[PMK_LEN];
u8 addr[ETH_ALEN];
u8 p2p_dev_addr[ETH_ALEN];
@@ -339,9 +335,6 @@
/* dot11AssociationSAQueryRetryTimeout (in TUs) */
int assoc_sa_query_retry_timeout;
#endif /* CONFIG_IEEE80211W */
-#ifdef CONFIG_OCV
- int ocv; /* Operating Channel Validation */
-#endif /* CONFIG_OCV */
enum {
PSK_RADIUS_IGNORED = 0,
PSK_RADIUS_ACCEPTED = 1,
@@ -391,15 +384,12 @@
char *private_key;
char *private_key_passwd;
int check_crl;
- int check_crl_strict;
- unsigned int crl_reload_interval;
unsigned int tls_session_lifetime;
unsigned int tls_flags;
char *ocsp_stapling_response;
char *ocsp_stapling_response_multi;
char *dh_file;
char *openssl_ciphers;
- char *openssl_ecdh_curves;
u8 *pac_opaque_encr_key;
u8 *eap_fast_a_id;
size_t eap_fast_a_id_len;
@@ -567,7 +557,6 @@
int na_mcast_to_ucast;
#ifdef CONFIG_HS20
int hs20;
- int hs20_release;
int disable_dgaf;
u16 anqp_domain_id;
unsigned int hs20_oper_friendly_name_count;
@@ -607,7 +596,6 @@
unsigned int hs20_deauth_req_timeout;
char *subscr_remediation_url;
u8 subscr_remediation_method;
- char *hs20_sim_provisioning_url;
char *t_c_filename;
u32 t_c_timestamp;
char *t_c_server_url;
@@ -698,12 +686,6 @@
#endif /* CONFIG_OWE */
int coloc_intf_reporting;
-
- u8 send_probe_response;
-
-#define BACKHAUL_BSS 1
-#define FRONTHAUL_BSS 2
- int multi_ap; /* bitmap of BACKHAUL_BSS, FRONTHAUL_BSS */
};
/**
@@ -735,6 +717,7 @@
u16 beacon_int;
int rts_threshold;
int fragm_threshold;
+ u8 send_probe_response;
u8 channel;
u8 acs;
struct wpa_freq_range_list acs_ch_list;
@@ -846,16 +829,12 @@
#ifdef CONFIG_IEEE80211AX
struct he_phy_capabilities_info he_phy_capab;
struct he_operation he_op;
- struct ieee80211_he_mu_edca_parameter_set he_mu_edca;
#endif /* CONFIG_IEEE80211AX */
/* VHT enable/disable config from CHAN_SWITCH */
#define CH_SWITCH_VHT_ENABLED BIT(0)
#define CH_SWITCH_VHT_DISABLED BIT(1)
unsigned int ch_switch_vht_config;
-
- int rssi_reject_assoc_rssi;
- int rssi_reject_assoc_timeout;
};
@@ -883,6 +862,5 @@
int hostapd_config_check(struct hostapd_config *conf, int full_config);
void hostapd_set_security_params(struct hostapd_bss_config *bss,
int full_config);
-int hostapd_sae_pw_id_in_use(struct hostapd_bss_config *conf);
#endif /* HOSTAPD_CONFIG_H */
diff --git a/src/ap/ap_drv_ops.c b/src/ap/ap_drv_ops.c
index 067cf86..728d7f0 100644
--- a/src/ap/ap_drv_ops.c
+++ b/src/ap/ap_drv_ops.c
@@ -176,8 +176,7 @@
#endif /* CONFIG_HS20 */
#ifdef CONFIG_MBO
- if (hapd->conf->mbo_enabled ||
- OCE_STA_CFON_ENABLED(hapd) || OCE_AP_ENABLED(hapd)) {
+ if (hapd->conf->mbo_enabled || hapd->enable_oce) {
pos = hostapd_eid_mbo(hapd, buf, sizeof(buf));
if (add_buf_data(&beacon, buf, pos - buf) < 0 ||
add_buf_data(&proberesp, buf, pos - buf) < 0 ||
diff --git a/src/ap/ap_drv_ops.h b/src/ap/ap_drv_ops.h
index d45ab84..db93fde 100644
--- a/src/ap/ap_drv_ops.h
+++ b/src/ap/ap_drv_ops.h
@@ -356,12 +356,4 @@
return hapd->driver->stop_ap(hapd->drv_priv);
}
-static inline int hostapd_drv_channel_info(struct hostapd_data *hapd,
- struct wpa_channel_info *ci)
-{
- if (!hapd->driver || !hapd->driver->channel_info)
- return -1;
- return hapd->driver->channel_info(hapd->drv_priv, ci);
-}
-
#endif /* AP_DRV_OPS */
diff --git a/src/ap/authsrv.c b/src/ap/authsrv.c
index 1bb3d9f..95d004e 100644
--- a/src/ap/authsrv.c
+++ b/src/ap/authsrv.c
@@ -136,7 +136,6 @@
#ifdef CONFIG_HS20
srv.subscr_remediation_url = conf->subscr_remediation_url;
srv.subscr_remediation_method = conf->subscr_remediation_method;
- srv.hs20_sim_provisioning_url = conf->hs20_sim_provisioning_url;
srv.t_c_server_url = conf->t_c_server_url;
#endif /* CONFIG_HS20 */
srv.erp = conf->eap_server_erp;
@@ -201,16 +200,6 @@
os_memset(&conf, 0, sizeof(conf));
conf.tls_session_lifetime = hapd->conf->tls_session_lifetime;
- if (hapd->conf->crl_reload_interval > 0 &&
- hapd->conf->check_crl <= 0) {
- wpa_printf(MSG_INFO,
- "Cannot enable CRL reload functionality - it depends on check_crl being set");
- } else if (hapd->conf->crl_reload_interval > 0) {
- conf.crl_reload_interval =
- hapd->conf->crl_reload_interval;
- wpa_printf(MSG_INFO,
- "Enabled CRL reload functionality");
- }
conf.tls_flags = hapd->conf->tls_flags;
conf.event_cb = authsrv_tls_event;
conf.cb_ctx = hapd;
@@ -228,7 +217,6 @@
params.private_key_passwd = hapd->conf->private_key_passwd;
params.dh_file = hapd->conf->dh_file;
params.openssl_ciphers = hapd->conf->openssl_ciphers;
- params.openssl_ecdh_curves = hapd->conf->openssl_ecdh_curves;
params.ocsp_stapling_response =
hapd->conf->ocsp_stapling_response;
params.ocsp_stapling_response_multi =
@@ -241,8 +229,7 @@
}
if (tls_global_set_verify(hapd->ssl_ctx,
- hapd->conf->check_crl,
- hapd->conf->check_crl_strict)) {
+ hapd->conf->check_crl)) {
wpa_printf(MSG_ERROR, "Failed to enable check_crl");
authsrv_deinit(hapd);
return -1;
diff --git a/src/ap/beacon.c b/src/ap/beacon.c
index 3e62991..59bd4af 100644
--- a/src/ap/beacon.c
+++ b/src/ap/beacon.c
@@ -397,8 +397,7 @@
#ifdef CONFIG_IEEE80211AX
if (hapd->iconf->ieee80211ax) {
buflen += 3 + sizeof(struct ieee80211_he_capabilities) +
- 3 + sizeof(struct ieee80211_he_operation) +
- 3 + sizeof(struct ieee80211_he_mu_edca_parameter_set);
+ 3 + sizeof(struct ieee80211_he_operation);
}
#endif /* CONFIG_IEEE80211AX */
@@ -511,7 +510,6 @@
if (hapd->iconf->ieee80211ax) {
pos = hostapd_eid_he_capab(hapd, pos);
pos = hostapd_eid_he_operation(hapd, pos);
- pos = hostapd_eid_he_mu_edca_parameter_set(hapd, pos);
}
#endif /* CONFIG_IEEE80211AX */
@@ -769,7 +767,7 @@
ie, ie_len, ssi_signal) > 0)
return;
- if (!hapd->conf->send_probe_response)
+ if (!hapd->iconf->send_probe_response)
return;
if (ieee802_11_parse_elems(ie, ie_len, &elems, 0) == ParseFailed) {
@@ -1087,8 +1085,7 @@
#ifdef CONFIG_IEEE80211AX
if (hapd->iconf->ieee80211ax) {
tail_len += 3 + sizeof(struct ieee80211_he_capabilities) +
- 3 + sizeof(struct ieee80211_he_operation) +
- 3 + sizeof(struct ieee80211_he_mu_edca_parameter_set);
+ 3 + sizeof(struct ieee80211_he_operation);
}
#endif /* CONFIG_IEEE80211AX */
@@ -1225,7 +1222,6 @@
if (hapd->iconf->ieee80211ax) {
tailpos = hostapd_eid_he_capab(hapd, tailpos);
tailpos = hostapd_eid_he_operation(hapd, tailpos);
- tailpos = hostapd_eid_he_mu_edca_parameter_set(hapd, tailpos);
}
#endif /* CONFIG_IEEE80211AX */
@@ -1361,18 +1357,6 @@
#endif /* CONFIG_HS20 */
params->multicast_to_unicast = hapd->conf->multicast_to_unicast;
params->pbss = hapd->conf->pbss;
-
- if (hapd->conf->ftm_responder) {
- if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_FTM_RESPONDER) {
- params->ftm_responder = 1;
- params->lci = hapd->iface->conf->lci;
- params->civic = hapd->iface->conf->civic;
- } else {
- wpa_printf(MSG_WARNING,
- "Not configuring FTM responder as the driver doesn't advertise support for it");
- }
- }
-
return 0;
}
diff --git a/src/ap/ctrl_iface_ap.c b/src/ap/ctrl_iface_ap.c
index 3128aed..21b813e 100644
--- a/src/ap/ctrl_iface_ap.c
+++ b/src/ap/ctrl_iface_ap.c
@@ -207,7 +207,6 @@
char *buf, size_t buflen)
{
int len, res, ret, i;
- const char *keyid;
if (!sta)
return 0;
@@ -342,13 +341,6 @@
len += ret;
}
- keyid = ap_sta_wpa_get_keyid(hapd, sta);
- if (keyid) {
- ret = os_snprintf(buf + len, buflen - len, "keyid=%s\n", keyid);
- if (!os_snprintf_error(buflen - len, ret))
- len += ret;
- }
-
return len;
}
diff --git a/src/ap/dfs.c b/src/ap/dfs.c
index 79cd00f..993dd19 100644
--- a/src/ap/dfs.c
+++ b/src/ap/dfs.c
@@ -142,30 +142,18 @@
{
struct hostapd_channel_data *first_chan, *chan;
int i;
- u32 bw = num_chan_to_bw(num_chans);
if (first_chan_idx + num_chans > mode->num_channels)
return 0;
first_chan = &mode->channels[first_chan_idx];
- /* hostapd DFS implementation assumes the first channel as primary.
- * If it's not allowed to use the first channel as primary, decline the
- * whole channel range. */
- if (!chan_pri_allowed(first_chan))
- return 0;
-
for (i = 0; i < num_chans; i++) {
chan = dfs_get_chan_data(mode, first_chan->freq + i * 20,
first_chan_idx);
if (!chan)
return 0;
- /* HT 40 MHz secondary channel availability checked only for
- * primary channel */
- if (!chan_bw_allowed(chan, bw, 1, !i))
- return 0;
-
if (!dfs_channel_available(chan, skip_radar))
return 0;
}
@@ -209,8 +197,7 @@
/* Skip HT40/VHT incompatible channels */
if (iface->conf->ieee80211n &&
iface->conf->secondary_channel &&
- (!dfs_is_chan_allowed(chan, n_chans) ||
- !(chan->allowed_bw & HOSTAPD_CHAN_WIDTH_40P)))
+ !dfs_is_chan_allowed(chan, n_chans))
continue;
/* Skip incompatible chandefs */
diff --git a/src/ap/dhcp_snoop.c b/src/ap/dhcp_snoop.c
index ed37fc8..6d8c2f4 100644
--- a/src/ap/dhcp_snoop.c
+++ b/src/ap/dhcp_snoop.c
@@ -88,15 +88,6 @@
}
}
- if (hapd->conf->disable_dgaf && is_broadcast_ether_addr(buf)) {
- for (sta = hapd->sta_list; sta; sta = sta->next) {
- if (!(sta->flags & WLAN_STA_AUTHORIZED))
- continue;
- x_snoop_mcast_to_ucast_convert_send(hapd, sta,
- (u8 *) buf, len);
- }
- }
-
if (msgtype == DHCPACK) {
if (b->your_ip == 0)
return;
@@ -133,6 +124,15 @@
}
sta->ipaddr = b->your_ip;
}
+
+ if (hapd->conf->disable_dgaf && is_broadcast_ether_addr(buf)) {
+ for (sta = hapd->sta_list; sta; sta = sta->next) {
+ if (!(sta->flags & WLAN_STA_AUTHORIZED))
+ continue;
+ x_snoop_mcast_to_ucast_convert_send(hapd, sta,
+ (u8 *) buf, len);
+ }
+ }
}
diff --git a/src/ap/dpp_hostapd.c b/src/ap/dpp_hostapd.c
index 149f389..4ec044e 100644
--- a/src/ap/dpp_hostapd.c
+++ b/src/ap/dpp_hostapd.c
@@ -505,9 +505,9 @@
}
-static int hostapd_dpp_set_configurator(struct hostapd_data *hapd,
- struct dpp_authentication *auth,
- const char *cmd)
+static void hostapd_dpp_set_configurator(struct hostapd_data *hapd,
+ struct dpp_authentication *auth,
+ const char *cmd)
{
const char *pos, *end;
struct dpp_configuration *conf_sta = NULL, *conf_ap = NULL;
@@ -521,7 +521,7 @@
char *group_id = NULL;
if (!cmd)
- return 0;
+ return;
wpa_printf(MSG_DEBUG, "DPP: Set configurator parameters: %s", cmd);
pos = os_strstr(cmd, " ssid=");
@@ -618,12 +618,10 @@
conf_ap->akm = DPP_AKM_PSK;
if (psk_set) {
os_memcpy(conf_ap->psk, psk, PMK_LEN);
- } else if (pass_len > 0) {
+ } else {
conf_ap->passphrase = os_strdup(pass);
if (!conf_ap->passphrase)
goto fail;
- } else {
- goto fail;
}
} else if (os_strstr(cmd, " conf=ap-dpp")) {
conf_ap->akm = DPP_AKM_DPP;
@@ -665,15 +663,13 @@
auth->conf_ap = conf_ap;
auth->conf = conf;
os_free(group_id);
- return 0;
+ return;
fail:
- wpa_msg(hapd->msg_ctx, MSG_INFO,
- "DPP: Failed to set configurator parameters");
+ wpa_printf(MSG_DEBUG, "DPP: Failed to set configurator parameters");
dpp_configuration_free(conf_sta);
dpp_configuration_free(conf_ap);
os_free(group_id);
- return -1;
}
@@ -846,11 +842,7 @@
if (!hapd->dpp_auth)
goto fail;
hostapd_dpp_set_testing_options(hapd, hapd->dpp_auth);
- if (hostapd_dpp_set_configurator(hapd, hapd->dpp_auth, cmd) < 0) {
- dpp_auth_deinit(hapd->dpp_auth);
- hapd->dpp_auth = NULL;
- goto fail;
- }
+ hostapd_dpp_set_configurator(hapd, hapd->dpp_auth, cmd);
hapd->dpp_auth->neg_freq = neg_freq;
@@ -975,12 +967,8 @@
return;
}
hostapd_dpp_set_testing_options(hapd, hapd->dpp_auth);
- if (hostapd_dpp_set_configurator(hapd, hapd->dpp_auth,
- hapd->dpp_configurator_params) < 0) {
- dpp_auth_deinit(hapd->dpp_auth);
- hapd->dpp_auth = NULL;
- return;
- }
+ hostapd_dpp_set_configurator(hapd, hapd->dpp_auth,
+ hapd->dpp_configurator_params);
os_memcpy(hapd->dpp_auth->peer_mac_addr, src, ETH_ALEN);
wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
@@ -1904,9 +1892,9 @@
return -1;
curve = get_param(cmd, " curve=");
- hostapd_dpp_set_testing_options(hapd, auth);
- if (hostapd_dpp_set_configurator(hapd, auth, cmd) == 0 &&
- dpp_configurator_own_config(auth, curve, 1) == 0) {
+ hostapd_dpp_set_configurator(hapd, auth, cmd);
+
+ if (dpp_configurator_own_config(auth, curve, 1) == 0) {
hostapd_dpp_handle_config_obj(hapd, auth);
ret = 0;
}
diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
index 54be3b5..1135aea 100644
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -38,7 +38,6 @@
#include "mbo_ap.h"
#include "dpp_hostapd.h"
#include "fils_hlp.h"
-#include "neighbor_db.h"
#ifdef CONFIG_FILS
@@ -740,12 +739,9 @@
void hostapd_event_ch_switch(struct hostapd_data *hapd, int freq, int ht,
int offset, int width, int cf1, int cf2)
{
- /* TODO: If OCV is enabled deauth STAs that don't perform a SA Query */
-
#ifdef NEED_AP_MLME
int channel, chwidth, is_dfs;
u8 seg0_idx = 0, seg1_idx = 0;
- size_t i;
hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE80211,
HOSTAPD_LEVEL_INFO,
@@ -828,9 +824,6 @@
wpa_msg(hapd->msg_ctx, MSG_INFO, AP_CSA_FINISHED
"freq=%d dfs=%d", freq, is_dfs);
}
-
- for (i = 0; i < hapd->iface->num_bss; i++)
- hostapd_neighbor_set_own_report(hapd->iface->bss[i]);
#endif /* NEED_AP_MLME */
}
@@ -1079,23 +1072,19 @@
struct sta_info *sta;
size_t plen __maybe_unused;
u16 fc;
- u8 *action __maybe_unused;
- if (drv_mgmt->frame_len < IEEE80211_HDRLEN + 2 + 1)
+ if (drv_mgmt->frame_len < 24 + 1)
return;
- plen = drv_mgmt->frame_len - IEEE80211_HDRLEN - 1;
+ plen = drv_mgmt->frame_len - 24 - 1;
mgmt = (struct ieee80211_mgmt *) drv_mgmt->frame;
fc = le_to_host16(mgmt->frame_control);
if (WLAN_FC_GET_STYPE(fc) != WLAN_FC_STYPE_ACTION)
return; /* handled by the driver */
- action = (u8 *) &mgmt->u.action.u;
- wpa_printf(MSG_DEBUG, "RX_ACTION category %u action %u sa " MACSTR
- " da " MACSTR " plen %d",
- mgmt->u.action.category, *action,
- MAC2STR(mgmt->sa), MAC2STR(mgmt->da), (int) plen);
+ wpa_printf(MSG_DEBUG, "RX_ACTION cat %d action plen %d",
+ mgmt->u.action.category, (int) plen);
sta = ap_get_sta(hapd, mgmt->sa);
if (sta == NULL) {
@@ -1111,7 +1100,10 @@
#endif /* CONFIG_IEEE80211R_AP */
#ifdef CONFIG_IEEE80211W
if (mgmt->u.action.category == WLAN_ACTION_SA_QUERY && plen >= 4) {
- ieee802_11_sa_query_action(hapd, mgmt, drv_mgmt->frame_len);
+ ieee802_11_sa_query_action(
+ hapd, mgmt->sa,
+ mgmt->u.action.u.sa_query_resp.action,
+ mgmt->u.action.u.sa_query_resp.trans_id);
}
#endif /* CONFIG_IEEE80211W */
#ifdef CONFIG_WNM_AP
@@ -1729,11 +1721,6 @@
hostapd_reconfig_encryption(hapd);
hapd->reenable_beacon = 1;
ieee802_11_set_beacon(hapd);
-#ifdef NEED_AP_MLME
- } else if (hapd->disabled && hapd->iface->cac_started) {
- wpa_printf(MSG_DEBUG, "DFS: restarting pending CAC");
- hostapd_handle_dfs(hapd->iface);
-#endif /* NEED_AP_MLME */
}
break;
case EVENT_INTERFACE_DISABLED:
diff --git a/src/ap/eap_user_db.c b/src/ap/eap_user_db.c
index a510ee3..fab307f 100644
--- a/src/ap/eap_user_db.c
+++ b/src/ap/eap_user_db.c
@@ -92,7 +92,7 @@
} else if (os_strcmp(col[i], "remediation") == 0 && argv[i]) {
user->remediation = strlen(argv[i]) > 0;
} else if (os_strcmp(col[i], "t_c_timestamp") == 0 && argv[i]) {
- user->t_c_timestamp = strtol(argv[i], NULL, 10);
+ user->t_c_timestamp = strtol(argv[i], 0, 10);
}
}
@@ -139,7 +139,6 @@
struct hostapd_eap_user *user = NULL;
char id_str[256], cmd[300];
size_t i;
- int res;
if (identity_len >= sizeof(id_str)) {
wpa_printf(MSG_DEBUG, "%s: identity len too big: %d >= %d",
@@ -175,7 +174,6 @@
if (hapd->tmp_eap_user.identity == NULL)
return NULL;
os_memcpy(hapd->tmp_eap_user.identity, identity, identity_len);
- hapd->tmp_eap_user.identity_len = identity_len;
if (sqlite3_open(hapd->conf->eap_user_sqlite, &db)) {
wpa_printf(MSG_INFO, "DB: Failed to open database %s: %s",
@@ -184,12 +182,9 @@
return NULL;
}
- res = os_snprintf(cmd, sizeof(cmd),
- "SELECT * FROM users WHERE identity='%s' AND phase2=%d;",
- id_str, phase2);
- if (os_snprintf_error(sizeof(cmd), res))
- goto fail;
-
+ os_snprintf(cmd, sizeof(cmd),
+ "SELECT * FROM users WHERE identity='%s' AND phase2=%d;",
+ id_str, phase2);
wpa_printf(MSG_DEBUG, "DB: %s", cmd);
if (sqlite3_exec(db, cmd, get_user_cb, &hapd->tmp_eap_user, NULL) !=
SQLITE_OK) {
@@ -219,7 +214,6 @@
}
}
-fail:
sqlite3_close(db);
return user;
diff --git a/src/ap/fils_hlp.c b/src/ap/fils_hlp.c
index 6da514a..2a359ab 100644
--- a/src/ap/fils_hlp.c
+++ b/src/ap/fils_hlp.c
@@ -580,19 +580,6 @@
u8 *tmp, *tmp_pos;
int ret = 0;
- if (sta->fils_pending_assoc_req &&
- eloop_is_timeout_registered(fils_hlp_timeout, hapd, sta)) {
- /* Do not process FILS HLP request again if the station
- * retransmits (Re)Association Request frame before the previous
- * HLP response has either been received or timed out. */
- wpa_printf(MSG_DEBUG,
- "FILS: Do not relay another HLP request from "
- MACSTR
- " before processing of the already pending one has been completed",
- MAC2STR(sta->addr));
- return 1;
- }
-
/* Old DHCPDISCOVER is not needed anymore, if it was still pending */
wpabuf_free(sta->hlp_dhcp_discover);
sta->hlp_dhcp_discover = NULL;
diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c
index 342585f..117ee08 100644
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -176,27 +176,8 @@
}
-static int hostapd_iface_conf_changed(struct hostapd_config *newconf,
- struct hostapd_config *oldconf)
-{
- size_t i;
-
- if (newconf->num_bss != oldconf->num_bss)
- return 1;
-
- for (i = 0; i < newconf->num_bss; i++) {
- if (os_strcmp(newconf->bss[i]->iface,
- oldconf->bss[i]->iface) != 0)
- return 1;
- }
-
- return 0;
-}
-
-
int hostapd_reload_config(struct hostapd_iface *iface)
{
- struct hapd_interfaces *interfaces = iface->interfaces;
struct hostapd_data *hapd = iface->bss[0];
struct hostapd_config *newconf, *oldconf;
size_t j;
@@ -219,35 +200,6 @@
hostapd_clear_old(iface);
oldconf = hapd->iconf;
- if (hostapd_iface_conf_changed(newconf, oldconf)) {
- char *fname;
- int res;
-
- wpa_printf(MSG_DEBUG,
- "Configuration changes include interface/BSS modification - force full disable+enable sequence");
- fname = os_strdup(iface->config_fname);
- if (!fname) {
- hostapd_config_free(newconf);
- return -1;
- }
- hostapd_remove_iface(interfaces, hapd->conf->iface);
- iface = hostapd_init(interfaces, fname);
- os_free(fname);
- hostapd_config_free(newconf);
- if (!iface) {
- wpa_printf(MSG_ERROR,
- "Failed to initialize interface on config reload");
- return -1;
- }
- iface->interfaces = interfaces;
- interfaces->iface[interfaces->count] = iface;
- interfaces->count++;
- res = hostapd_enable_iface(iface);
- if (res < 0)
- wpa_printf(MSG_ERROR,
- "Failed to enable interface on config reload");
- return res;
- }
iface->conf = newconf;
for (j = 0; j < iface->num_bss; j++) {
@@ -1668,6 +1620,127 @@
#endif /* CONFIG_FST */
+
+#ifdef NEED_AP_MLME
+static enum nr_chan_width hostapd_get_nr_chan_width(struct hostapd_data *hapd,
+ int ht, int vht)
+{
+ if (!ht && !vht)
+ return NR_CHAN_WIDTH_20;
+ if (!hapd->iconf->secondary_channel)
+ return NR_CHAN_WIDTH_20;
+ if (!vht || hapd->iconf->vht_oper_chwidth == VHT_CHANWIDTH_USE_HT)
+ return NR_CHAN_WIDTH_40;
+ if (hapd->iconf->vht_oper_chwidth == VHT_CHANWIDTH_80MHZ)
+ return NR_CHAN_WIDTH_80;
+ if (hapd->iconf->vht_oper_chwidth == VHT_CHANWIDTH_160MHZ)
+ return NR_CHAN_WIDTH_160;
+ if (hapd->iconf->vht_oper_chwidth == VHT_CHANWIDTH_80P80MHZ)
+ return NR_CHAN_WIDTH_80P80;
+ return NR_CHAN_WIDTH_20;
+}
+#endif /* NEED_AP_MLME */
+
+
+static void hostapd_set_own_neighbor_report(struct hostapd_data *hapd)
+{
+#ifdef NEED_AP_MLME
+ u16 capab = hostapd_own_capab_info(hapd);
+ int ht = hapd->iconf->ieee80211n && !hapd->conf->disable_11n;
+ int vht = hapd->iconf->ieee80211ac && !hapd->conf->disable_11ac;
+ struct wpa_ssid_value ssid;
+ u8 channel, op_class;
+ u8 center_freq1_idx = 0, center_freq2_idx = 0;
+ enum nr_chan_width width;
+ u32 bssid_info;
+ struct wpabuf *nr;
+
+ if (!(hapd->conf->radio_measurements[0] &
+ WLAN_RRM_CAPS_NEIGHBOR_REPORT))
+ return;
+
+ bssid_info = 3; /* AP is reachable */
+ bssid_info |= NEI_REP_BSSID_INFO_SECURITY; /* "same as the AP" */
+ bssid_info |= NEI_REP_BSSID_INFO_KEY_SCOPE; /* "same as the AP" */
+
+ if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT)
+ bssid_info |= NEI_REP_BSSID_INFO_SPECTRUM_MGMT;
+
+ bssid_info |= NEI_REP_BSSID_INFO_RM; /* RRM is supported */
+
+ if (hapd->conf->wmm_enabled) {
+ bssid_info |= NEI_REP_BSSID_INFO_QOS;
+
+ if (hapd->conf->wmm_uapsd &&
+ (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_AP_UAPSD))
+ bssid_info |= NEI_REP_BSSID_INFO_APSD;
+ }
+
+ if (ht) {
+ bssid_info |= NEI_REP_BSSID_INFO_HT |
+ NEI_REP_BSSID_INFO_DELAYED_BA;
+
+ /* VHT bit added in IEEE P802.11-REVmc/D4.3 */
+ if (vht)
+ bssid_info |= NEI_REP_BSSID_INFO_VHT;
+ }
+
+ /* TODO: Set NEI_REP_BSSID_INFO_MOBILITY_DOMAIN if MDE is set */
+
+ if (ieee80211_freq_to_channel_ext(hapd->iface->freq,
+ hapd->iconf->secondary_channel,
+ hapd->iconf->vht_oper_chwidth,
+ &op_class, &channel) ==
+ NUM_HOSTAPD_MODES)
+ return;
+ width = hostapd_get_nr_chan_width(hapd, ht, vht);
+ if (vht) {
+ center_freq1_idx = hapd->iconf->vht_oper_centr_freq_seg0_idx;
+ if (width == NR_CHAN_WIDTH_80P80)
+ center_freq2_idx =
+ hapd->iconf->vht_oper_centr_freq_seg1_idx;
+ } else if (ht) {
+ ieee80211_freq_to_chan(hapd->iface->freq +
+ 10 * hapd->iconf->secondary_channel,
+ ¢er_freq1_idx);
+ }
+
+ ssid.ssid_len = hapd->conf->ssid.ssid_len;
+ os_memcpy(ssid.ssid, hapd->conf->ssid.ssid, ssid.ssid_len);
+
+ /*
+ * Neighbor Report element size = BSSID + BSSID info + op_class + chan +
+ * phy type + wide bandwidth channel subelement.
+ */
+ nr = wpabuf_alloc(ETH_ALEN + 4 + 1 + 1 + 1 + 5);
+ if (!nr)
+ return;
+
+ wpabuf_put_data(nr, hapd->own_addr, ETH_ALEN);
+ wpabuf_put_le32(nr, bssid_info);
+ wpabuf_put_u8(nr, op_class);
+ wpabuf_put_u8(nr, channel);
+ wpabuf_put_u8(nr, ieee80211_get_phy_type(hapd->iface->freq, ht, vht));
+
+ /*
+ * Wide Bandwidth Channel subelement may be needed to allow the
+ * receiving STA to send packets to the AP. See IEEE P802.11-REVmc/D5.0
+ * Figure 9-301.
+ */
+ wpabuf_put_u8(nr, WNM_NEIGHBOR_WIDE_BW_CHAN);
+ wpabuf_put_u8(nr, 3);
+ wpabuf_put_u8(nr, width);
+ wpabuf_put_u8(nr, center_freq1_idx);
+ wpabuf_put_u8(nr, center_freq2_idx);
+
+ hostapd_neighbor_set(hapd, hapd->own_addr, &ssid, nr, hapd->iconf->lci,
+ hapd->iconf->civic, hapd->iconf->stationary_ap);
+
+ wpabuf_free(nr);
+#endif /* NEED_AP_MLME */
+}
+
+
#ifdef CONFIG_OWE
static int hostapd_owe_iface_iter(struct hostapd_iface *iface, void *ctx)
@@ -1964,7 +2037,7 @@
iface->interfaces->terminate_on_error--;
for (j = 0; j < iface->num_bss; j++)
- hostapd_neighbor_set_own_report(iface->bss[j]);
+ hostapd_set_own_neighbor_report(iface->bss[j]);
return 0;
@@ -2609,7 +2682,7 @@
if (conf == NULL) {
wpa_printf(MSG_ERROR, "%s: Failed to allocate memory for "
"configuration", __func__);
- return NULL;
+ return NULL;
}
if (driver) {
diff --git a/src/ap/hostapd.h b/src/ap/hostapd.h
index 85e63d3..28b3a1c 100644
--- a/src/ap/hostapd.h
+++ b/src/ap/hostapd.h
@@ -14,13 +14,6 @@
#include "ap_config.h"
#include "drivers/driver.h"
-#define OCE_STA_CFON_ENABLED(hapd) \
- ((hapd->conf->oce & OCE_STA_CFON) && \
- (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_OCE_STA_CFON))
-#define OCE_AP_ENABLED(hapd) \
- ((hapd->conf->oce & OCE_AP) && \
- (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_OCE_AP))
-
struct wpa_ctrl_dst;
struct radius_server_data;
struct upnp_wps_device_sm;
@@ -331,6 +324,11 @@
#ifdef CONFIG_MBO
unsigned int mbo_assoc_disallow;
+ /**
+ * enable_oce - Enable OCE if it is enabled by user and device also
+ * supports OCE.
+ */
+ u8 enable_oce;
#endif /* CONFIG_MBO */
struct dl_list nr_db;
diff --git a/src/ap/hs20.c b/src/ap/hs20.c
index 532580e..98d016d 100644
--- a/src/ap/hs20.c
+++ b/src/ap/hs20.c
@@ -25,20 +25,17 @@
if (!hapd->conf->hs20)
return eid;
*eid++ = WLAN_EID_VENDOR_SPECIFIC;
- *eid++ = hapd->conf->hs20_release < 2 ? 5 : 7;
+ *eid++ = 7;
WPA_PUT_BE24(eid, OUI_WFA);
eid += 3;
*eid++ = HS20_INDICATION_OUI_TYPE;
- conf = (hapd->conf->hs20_release - 1) << 4; /* Release Number */
- if (hapd->conf->hs20_release >= 2)
- conf |= HS20_ANQP_DOMAIN_ID_PRESENT;
+ conf = HS20_VERSION; /* Release Number */
+ conf |= HS20_ANQP_DOMAIN_ID_PRESENT;
if (hapd->conf->disable_dgaf)
conf |= HS20_DGAF_DISABLED;
*eid++ = conf;
- if (hapd->conf->hs20_release >= 2) {
- WPA_PUT_LE16(eid, hapd->conf->anqp_domain_id);
- eid += 2;
- }
+ WPA_PUT_LE16(eid, hapd->conf->anqp_domain_id);
+ eid += 2;
return eid;
}
@@ -87,10 +84,6 @@
capab |= WPA_CAPABILITY_MFPR;
}
#endif /* CONFIG_IEEE80211W */
-#ifdef CONFIG_OCV
- if (hapd->conf->ocv)
- capab |= WPA_CAPABILITY_OCVC;
-#endif /* CONFIG_OCV */
WPA_PUT_LE16(eid, capab);
eid += 2;
@@ -191,14 +184,13 @@
{
struct wpabuf *buf;
int ret;
- size_t url_len;
+ size_t url_len = os_strlen(url);
if (!url) {
wpa_printf(MSG_INFO, "HS 2.0: No T&C Server URL available");
return -1;
}
- url_len = os_strlen(url);
if (5 + url_len > 255) {
wpa_printf(MSG_INFO,
"HS 2.0: Too long T&C Server URL for WNM-Notification: '%s'",
diff --git a/src/ap/hw_features.c b/src/ap/hw_features.c
index 9d3d990..5279abc 100644
--- a/src/ap/hw_features.c
+++ b/src/ap/hw_features.c
@@ -229,6 +229,9 @@
{
int pri_chan, sec_chan;
+ if (!iface->conf->secondary_channel)
+ return 1; /* HT40 not used */
+
pri_chan = iface->conf->channel;
sec_chan = pri_chan + iface->conf->secondary_channel * 4;
@@ -694,25 +697,30 @@
static int hostapd_is_usable_chan(struct hostapd_iface *iface,
int channel, int primary)
{
+ int i;
struct hostapd_channel_data *chan;
if (!iface->current_mode)
return 0;
- chan = hw_get_channel_chan(iface->current_mode, channel, NULL);
- if (!chan)
- return 0;
+ for (i = 0; i < iface->current_mode->num_channels; i++) {
+ chan = &iface->current_mode->channels[i];
+ if (chan->chan != channel)
+ continue;
- if ((primary && chan_pri_allowed(chan)) ||
- (!primary && !(chan->flag & HOSTAPD_CHAN_DISABLED)))
- return 1;
+ if (!(chan->flag & HOSTAPD_CHAN_DISABLED))
+ return 1;
- wpa_printf(MSG_INFO,
- "Channel %d (%s) not allowed for AP mode, flags: 0x%x%s%s",
- channel, primary ? "primary" : "secondary",
- chan->flag,
- chan->flag & HOSTAPD_CHAN_NO_IR ? " NO-IR" : "",
- chan->flag & HOSTAPD_CHAN_RADAR ? " RADAR" : "");
+ wpa_printf(MSG_DEBUG,
+ "%schannel [%i] (%i) is disabled for use in AP mode, flags: 0x%x%s%s",
+ primary ? "" : "Configured HT40 secondary ",
+ i, chan->chan, chan->flag,
+ chan->flag & HOSTAPD_CHAN_NO_IR ? " NO-IR" : "",
+ chan->flag & HOSTAPD_CHAN_RADAR ? " RADAR" : "");
+ }
+
+ wpa_printf(MSG_INFO, "Channel %d (%s) not allowed for AP mode",
+ channel, primary ? "primary" : "secondary");
return 0;
}
@@ -720,12 +728,6 @@
static int hostapd_is_usable_chans(struct hostapd_iface *iface)
{
int secondary_chan;
- struct hostapd_channel_data *pri_chan;
-
- pri_chan = hw_get_channel_chan(iface->current_mode,
- iface->conf->channel, NULL);
- if (!pri_chan)
- return 0;
if (!hostapd_is_usable_chan(iface, iface->conf->channel, 1))
return 0;
@@ -740,15 +742,13 @@
/* Both HT40+ and HT40- are set, pick a valid secondary channel */
secondary_chan = iface->conf->channel + 4;
- if (hostapd_is_usable_chan(iface, secondary_chan, 0) &&
- (pri_chan->allowed_bw & HOSTAPD_CHAN_WIDTH_40P)) {
+ if (hostapd_is_usable_chan(iface, secondary_chan, 0)) {
iface->conf->secondary_channel = 1;
return 1;
}
secondary_chan = iface->conf->channel - 4;
- if (hostapd_is_usable_chan(iface, secondary_chan, 0) &&
- (pri_chan->allowed_bw & HOSTAPD_CHAN_WIDTH_40M)) {
+ if (hostapd_is_usable_chan(iface, secondary_chan, 0)) {
iface->conf->secondary_channel = -1;
return 1;
}
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 376bbd8..90788de 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -21,7 +21,6 @@
#include "common/ieee802_11_common.h"
#include "common/wpa_ctrl.h"
#include "common/sae.h"
-#include "common/ocv.h"
#include "radius/radius.h"
#include "radius/radius_client.h"
#include "p2p/p2p.h"
@@ -63,22 +62,6 @@
int *is_pub);
#endif /* CONFIG_FILS */
-
-u8 * hostapd_eid_multi_ap(struct hostapd_data *hapd, u8 *eid)
-{
- u8 multi_ap_val = 0;
-
- if (!hapd->conf->multi_ap)
- return eid;
- if (hapd->conf->multi_ap & BACKHAUL_BSS)
- multi_ap_val |= MULTI_AP_BACKHAUL_BSS;
- if (hapd->conf->multi_ap & FRONTHAUL_BSS)
- multi_ap_val |= MULTI_AP_FRONTHAUL_BSS;
-
- return eid + add_multi_ap_ie(eid, 9, multi_ap_val);
-}
-
-
u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid)
{
u8 *pos = eid;
@@ -1760,8 +1743,7 @@
static void handle_auth(struct hostapd_data *hapd,
- const struct ieee80211_mgmt *mgmt, size_t len,
- int rssi)
+ const struct ieee80211_mgmt *mgmt, size_t len)
{
u16 auth_alg, auth_transaction, status_code;
u16 resp = WLAN_STATUS_SUCCESS;
@@ -1943,7 +1925,6 @@
sta = ap_get_sta(hapd, mgmt->sa);
if (sta) {
sta->flags &= ~WLAN_STA_PENDING_FILS_ERP;
- sta->ft_over_ds = 0;
if ((fc & WLAN_FC_RETRY) &&
sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ &&
sta->last_seq_ctrl == seq_ctrl &&
@@ -1992,9 +1973,6 @@
}
sta->last_seq_ctrl = seq_ctrl;
sta->last_subtype = WLAN_FC_STYPE_AUTH;
-#ifdef CONFIG_MBO
- sta->auth_rssi = rssi;
-#endif /* CONFIG_MBO */
res = ieee802_11_set_radius_info(
hapd, sta, res, session_timeout, acct_interim_interval,
@@ -2232,57 +2210,6 @@
return WLAN_STATUS_SUCCESS;
}
-static u16 check_multi_ap(struct hostapd_data *hapd, struct sta_info *sta,
- const u8 *multi_ap_ie, size_t multi_ap_len)
-{
- u8 multi_ap_value = 0;
-
- sta->flags &= ~WLAN_STA_MULTI_AP;
-
- if (!hapd->conf->multi_ap)
- return WLAN_STATUS_SUCCESS;
-
- if (multi_ap_ie) {
- const u8 *multi_ap_subelem;
-
- multi_ap_subelem = get_ie(multi_ap_ie + 4,
- multi_ap_len - 4,
- MULTI_AP_SUB_ELEM_TYPE);
- if (multi_ap_subelem && multi_ap_subelem[1] == 1) {
- multi_ap_value = multi_ap_subelem[2];
- } else {
- hostapd_logger(hapd, sta->addr,
- HOSTAPD_MODULE_IEEE80211,
- HOSTAPD_LEVEL_INFO,
- "Multi-AP IE has missing or invalid Multi-AP subelement");
- return WLAN_STATUS_INVALID_IE;
- }
- }
-
- if (multi_ap_value == MULTI_AP_BACKHAUL_STA)
- sta->flags |= WLAN_STA_MULTI_AP;
-
- if ((hapd->conf->multi_ap & BACKHAUL_BSS) &&
- multi_ap_value == MULTI_AP_BACKHAUL_STA)
- return WLAN_STATUS_SUCCESS;
-
- if (hapd->conf->multi_ap & FRONTHAUL_BSS) {
- if (multi_ap_value == MULTI_AP_BACKHAUL_STA) {
- hostapd_logger(hapd, sta->addr,
- HOSTAPD_MODULE_IEEE80211,
- HOSTAPD_LEVEL_INFO,
- "Backhaul STA tries to associate with fronthaul-only BSS");
- return WLAN_STATUS_ASSOC_DENIED_UNSPEC;
- }
- return WLAN_STATUS_SUCCESS;
- }
-
- hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
- HOSTAPD_LEVEL_INFO,
- "Non-Multi-AP STA tries to associate with backhaul-only BSS");
- return WLAN_STATUS_ASSOC_DENIED_UNSPEC;
-}
-
static u16 copy_supp_rates(struct hostapd_data *hapd, struct sta_info *sta,
struct ieee802_11_elems *elems)
@@ -2539,11 +2466,6 @@
resp = copy_supp_rates(hapd, sta, &elems);
if (resp != WLAN_STATUS_SUCCESS)
return resp;
-
- resp = check_multi_ap(hapd, sta, elems.multi_ap, elems.multi_ap_len);
- if (resp != WLAN_STATUS_SUCCESS)
- return resp;
-
#ifdef CONFIG_IEEE80211N
resp = copy_sta_ht_capab(hapd, sta, elems.ht_capabilities);
if (resp != WLAN_STATUS_SUCCESS)
@@ -2563,10 +2485,6 @@
if (resp != WLAN_STATUS_SUCCESS)
return resp;
- resp = copy_sta_vht_oper(hapd, sta, elems.vht_operation);
- if (resp != WLAN_STATUS_SUCCESS)
- return resp;
-
resp = set_sta_vht_opmode(hapd, sta, elems.vht_opmode_notif);
if (resp != WLAN_STATUS_SUCCESS)
return resp;
@@ -2795,20 +2713,10 @@
#ifdef CONFIG_HS20
wpabuf_free(sta->hs20_ie);
if (elems.hs20 && elems.hs20_len > 4) {
- int release;
-
sta->hs20_ie = wpabuf_alloc_copy(elems.hs20 + 4,
elems.hs20_len - 4);
- release = ((elems.hs20[4] >> 4) & 0x0f) + 1;
- if (release >= 2 && !wpa_auth_uses_mfp(sta->wpa_sm)) {
- wpa_printf(MSG_DEBUG,
- "HS 2.0: PMF not negotiated by release %d station "
- MACSTR, release, MAC2STR(sta->addr));
- return WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION;
- }
- } else {
+ } else
sta->hs20_ie = NULL;
- }
wpabuf_free(sta->roaming_consortium);
if (elems.roaming_cons_sel)
@@ -2839,35 +2747,6 @@
}
#endif /* CONFIG_MBO */
-#if defined(CONFIG_FILS) && defined(CONFIG_OCV)
- if (wpa_auth_uses_ocv(sta->wpa_sm) &&
- (sta->auth_alg == WLAN_AUTH_FILS_SK ||
- sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
- sta->auth_alg == WLAN_AUTH_FILS_PK)) {
- struct wpa_channel_info ci;
- int tx_chanwidth;
- int tx_seg1_idx;
-
- if (hostapd_drv_channel_info(hapd, &ci) != 0) {
- wpa_printf(MSG_WARNING,
- "Failed to get channel info to validate received OCI in FILS (Re)Association Request frame");
- return WLAN_STATUS_UNSPECIFIED_FAILURE;
- }
-
- if (get_sta_tx_parameters(sta->wpa_sm,
- channel_width_to_int(ci.chanwidth),
- ci.seg1_idx, &tx_chanwidth,
- &tx_seg1_idx) < 0)
- return WLAN_STATUS_UNSPECIFIED_FAILURE;
-
- if (ocv_verify_tx_params(elems.oci, elems.oci_len, &ci,
- tx_chanwidth, tx_seg1_idx) != 0) {
- wpa_printf(MSG_WARNING, "FILS: %s", ocv_errorstr);
- return WLAN_STATUS_UNSPECIFIED_FAILURE;
- }
- }
-#endif /* CONFIG_FILS && CONFIG_OCV */
-
ap_copy_sta_supp_op_classes(sta, elems.supp_op_classes,
elems.supp_op_classes_len);
@@ -2912,7 +2791,7 @@
static int add_associated_sta(struct hostapd_data *hapd,
- struct sta_info *sta, int reassoc)
+ struct sta_info *sta)
{
struct ieee80211_ht_capabilities ht_cap;
struct ieee80211_vht_capabilities vht_cap;
@@ -2928,36 +2807,14 @@
* Skip this if the STA has already completed FT reassociation and the
* TK has been configured since the TX/RX PN must not be reset to 0 for
* the same key.
- *
- * FT-over-the-DS has a special case where the STA entry (and as such,
- * the TK) has not yet been configured to the driver depending on which
- * driver interface is used. For that case, allow add-STA operation to
- * be used (instead of set-STA). This is needed to allow mac80211-based
- * drivers to accept the STA parameter configuration. Since this is
- * after a new FT-over-DS exchange, a new TK has been derived, so key
- * reinstallation is not a concern for this case.
*/
- wpa_printf(MSG_DEBUG, "Add associated STA " MACSTR
- " (added_unassoc=%d auth_alg=%u ft_over_ds=%u reassoc=%d authorized=%d ft_tk=%d fils_tk=%d)",
- MAC2STR(sta->addr), sta->added_unassoc, sta->auth_alg,
- sta->ft_over_ds, reassoc,
- !!(sta->flags & WLAN_STA_AUTHORIZED),
- wpa_auth_sta_ft_tk_already_set(sta->wpa_sm),
- wpa_auth_sta_fils_tk_already_set(sta->wpa_sm));
-
if (!sta->added_unassoc &&
(!(sta->flags & WLAN_STA_AUTHORIZED) ||
- (reassoc && sta->ft_over_ds && sta->auth_alg == WLAN_AUTH_FT) ||
(!wpa_auth_sta_ft_tk_already_set(sta->wpa_sm) &&
!wpa_auth_sta_fils_tk_already_set(sta->wpa_sm)))) {
hostapd_drv_sta_remove(hapd, sta->addr);
wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
set = 0;
-
- /* Do not allow the FT-over-DS exception to be used more than
- * once per authentication exchange to guarantee a new TK is
- * used here */
- sta->ft_over_ds = 0;
}
#ifdef CONFIG_IEEE80211N
@@ -3003,7 +2860,7 @@
static u16 send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta,
const u8 *addr, u16 status_code, int reassoc,
- const u8 *ies, size_t ies_len, int rssi)
+ const u8 *ies, size_t ies_len)
{
int send_len;
u8 *buf;
@@ -3048,16 +2905,6 @@
/* Extended supported rates */
p = hostapd_eid_ext_supp_rates(hapd, p);
-#ifdef CONFIG_MBO
- if (status_code == WLAN_STATUS_DENIED_POOR_CHANNEL_CONDITIONS &&
- rssi != 0) {
- int delta = hapd->iconf->rssi_reject_assoc_rssi - rssi;
-
- p = hostapd_eid_mbo_rssi_assoc_rej(hapd, p, buf + buflen - p,
- delta);
- }
-#endif /* CONFIG_MBO */
-
#ifdef CONFIG_IEEE80211R_AP
if (sta && status_code == WLAN_STATUS_SUCCESS) {
/* IEEE 802.11r: Mobility Domain Information, Fast BSS
@@ -3075,8 +2922,7 @@
#endif /* CONFIG_IEEE80211R_AP */
#ifdef CONFIG_OWE
- if (sta && status_code == WLAN_STATUS_SUCCESS &&
- (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE))
+ if (sta && (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE))
p = wpa_auth_write_assoc_resp_owe(sta->wpa_sm, p,
buf + buflen - p,
ies, ies_len);
@@ -3149,9 +2995,6 @@
}
#endif /* CONFIG_WPS */
- if (sta && (sta->flags & WLAN_STA_MULTI_AP))
- p = hostapd_eid_multi_ap(hapd, p);
-
#ifdef CONFIG_P2P
if (sta && sta->p2p_ie && hapd->p2p_group) {
struct wpabuf *p2p_resp_ie;
@@ -3226,7 +3069,7 @@
#ifdef CONFIG_OWE
if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) &&
- sta && sta->owe_ecdh && status_code == WLAN_STATUS_SUCCESS &&
+ sta && sta->owe_ecdh &&
wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE) {
struct wpabuf *pub;
@@ -3329,7 +3172,7 @@
reply_res = send_assoc_resp(hapd, sta, sta->addr, WLAN_STATUS_SUCCESS,
sta->fils_pending_assoc_is_reassoc,
sta->fils_pending_assoc_req,
- sta->fils_pending_assoc_req_len, 0);
+ sta->fils_pending_assoc_req_len);
os_free(sta->fils_pending_assoc_req);
sta->fils_pending_assoc_req = NULL;
sta->fils_pending_assoc_req_len = 0;
@@ -3366,7 +3209,7 @@
static void handle_assoc(struct hostapd_data *hapd,
const struct ieee80211_mgmt *mgmt, size_t len,
- int reassoc, int rssi)
+ int reassoc)
{
u16 capab_info, listen_interval, seq_ctrl, fc;
u16 resp = WLAN_STATUS_SUCCESS, reply_res;
@@ -3549,14 +3392,6 @@
resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
goto fail;
}
-
- if (hapd->iconf->rssi_reject_assoc_rssi && rssi &&
- rssi < hapd->iconf->rssi_reject_assoc_rssi &&
- (sta->auth_rssi == 0 ||
- sta->auth_rssi < hapd->iconf->rssi_reject_assoc_rssi)) {
- resp = WLAN_STATUS_DENIED_POOR_CHANNEL_CONDITIONS;
- goto fail;
- }
#endif /* CONFIG_MBO */
/*
@@ -3714,24 +3549,10 @@
* issues with processing other non-Data Class 3 frames during this
* window.
*/
- if (resp == WLAN_STATUS_SUCCESS && sta &&
- add_associated_sta(hapd, sta, reassoc))
+ if (resp == WLAN_STATUS_SUCCESS && sta && add_associated_sta(hapd, sta))
resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
#ifdef CONFIG_FILS
- if (sta && delay_assoc && resp == WLAN_STATUS_SUCCESS &&
- eloop_is_timeout_registered(fils_hlp_timeout, hapd, sta) &&
- sta->fils_pending_assoc_req) {
- /* Do not reschedule fils_hlp_timeout in case the station
- * retransmits (Re)Association Request frame while waiting for
- * the previously started FILS HLP wait, so that the timeout can
- * be determined from the first pending attempt. */
- wpa_printf(MSG_DEBUG,
- "FILS: Continue waiting for HLP processing before sending (Re)Association Response frame to "
- MACSTR, MAC2STR(sta->addr));
- os_free(tmp);
- return;
- }
if (sta) {
eloop_cancel_timeout(fils_hlp_timeout, hapd, sta);
os_free(sta->fils_pending_assoc_req);
@@ -3756,7 +3577,7 @@
#endif /* CONFIG_FILS */
reply_res = send_assoc_resp(hapd, sta, mgmt->sa, resp, reassoc, pos,
- left, rssi);
+ left);
os_free(tmp);
/*
@@ -3911,7 +3732,9 @@
return 0;
}
- ieee802_11_sa_query_action(hapd, mgmt, len);
+ ieee802_11_sa_query_action(hapd, mgmt->sa,
+ mgmt->u.action.u.sa_query_resp.action,
+ mgmt->u.action.u.sa_query_resp.trans_id);
return 1;
}
@@ -3929,9 +3752,9 @@
unsigned int freq)
{
struct sta_info *sta;
- u8 *action __maybe_unused;
+ sta = ap_get_sta(hapd, mgmt->sa);
- if (len < IEEE80211_HDRLEN + 2 + 1) {
+ if (len < IEEE80211_HDRLEN + 1) {
hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
HOSTAPD_LEVEL_DEBUG,
"handle_action - too short payload (len=%lu)",
@@ -3939,14 +3762,6 @@
return 0;
}
- action = (u8 *) &mgmt->u.action.u;
- wpa_printf(MSG_DEBUG, "RX_ACTION category %u action %u sa " MACSTR
- " da " MACSTR " len %d freq %u",
- mgmt->u.action.category, *action,
- MAC2STR(mgmt->sa), MAC2STR(mgmt->da), (int) len, freq);
-
- sta = ap_get_sta(hapd, mgmt->sa);
-
if (mgmt->u.action.category != WLAN_ACTION_PUBLIC &&
(sta == NULL || !(sta->flags & WLAN_STA_ASSOC))) {
wpa_printf(MSG_DEBUG, "IEEE 802.11: Ignored Action "
@@ -4196,17 +4011,17 @@
switch (stype) {
case WLAN_FC_STYPE_AUTH:
wpa_printf(MSG_DEBUG, "mgmt::auth");
- handle_auth(hapd, mgmt, len, ssi_signal);
+ handle_auth(hapd, mgmt, len);
ret = 1;
break;
case WLAN_FC_STYPE_ASSOC_REQ:
wpa_printf(MSG_DEBUG, "mgmt::assoc_req");
- handle_assoc(hapd, mgmt, len, 0, ssi_signal);
+ handle_assoc(hapd, mgmt, len, 0);
ret = 1;
break;
case WLAN_FC_STYPE_REASSOC_REQ:
wpa_printf(MSG_DEBUG, "mgmt::reassoc_req");
- handle_assoc(hapd, mgmt, len, 1, ssi_signal);
+ handle_assoc(hapd, mgmt, len, 1);
ret = 1;
break;
case WLAN_FC_STYPE_DISASSOC:
@@ -4418,7 +4233,7 @@
sta->flags |= WLAN_STA_WDS;
}
- if (sta->flags & (WLAN_STA_WDS | WLAN_STA_MULTI_AP)) {
+ if (sta->flags & WLAN_STA_WDS) {
int ret;
char ifname_wds[IFNAMSIZ + 1];
diff --git a/src/ap/ieee802_11.h b/src/ap/ieee802_11.h
index 5082226..2f3b4da 100644
--- a/src/ap/ieee802_11.h
+++ b/src/ap/ieee802_11.h
@@ -59,7 +59,6 @@
u8 * hostapd_eid_txpower_envelope(struct hostapd_data *hapd, u8 *eid);
u8 * hostapd_eid_he_capab(struct hostapd_data *hapd, u8 *eid);
u8 * hostapd_eid_he_operation(struct hostapd_data *hapd, u8 *eid);
-u8 * hostapd_eid_he_mu_edca_parameter_set(struct hostapd_data *hapd, u8 *eid);
int hostapd_ht_operation_update(struct hostapd_iface *iface);
void ieee802_11_send_sa_query_req(struct hostapd_data *hapd,
@@ -81,8 +80,6 @@
void ht40_intolerant_remove(struct hostapd_iface *iface, struct sta_info *sta);
u16 copy_sta_vht_capab(struct hostapd_data *hapd, struct sta_info *sta,
const u8 *vht_capab);
-u16 copy_sta_vht_oper(struct hostapd_data *hapd, struct sta_info *sta,
- const u8 *vht_oper);
u16 set_sta_vht_opmode(struct hostapd_data *hapd, struct sta_info *sta,
const u8 *vht_opmode);
void hostapd_tx_status(struct hostapd_data *hapd, const u8 *addr,
@@ -94,8 +91,8 @@
u8 * hostapd_eid_assoc_comeback_time(struct hostapd_data *hapd,
struct sta_info *sta, u8 *eid);
void ieee802_11_sa_query_action(struct hostapd_data *hapd,
- const struct ieee80211_mgmt *mgmt,
- size_t len);
+ const u8 *sa, const u8 action_type,
+ const u8 *trans_id);
u8 * hostapd_eid_interworking(struct hostapd_data *hapd, u8 *eid);
u8 * hostapd_eid_adv_proto(struct hostapd_data *hapd, u8 *eid);
u8 * hostapd_eid_roaming_consortium(struct hostapd_data *hapd, u8 *eid);
@@ -123,9 +120,6 @@
u8 hostapd_mbo_ie_len(struct hostapd_data *hapd);
-u8 * hostapd_eid_mbo_rssi_assoc_rej(struct hostapd_data *hapd, u8 *eid,
- size_t len, int delta);
-
#else /* CONFIG_MBO */
static inline u8 * hostapd_eid_mbo(struct hostapd_data *hapd, u8 *eid,
@@ -172,7 +166,4 @@
char **identity, char **radius_cui,
int is_probe_req);
-int get_tx_parameters(struct sta_info *sta, int ap_max_chanwidth,
- int ap_seg1_idx, int *bandwidth, int *seg1_idx);
-
#endif /* IEEE802_11_H */
diff --git a/src/ap/ieee802_11_auth.c b/src/ap/ieee802_11_auth.c
index 931d4d0..5cb7fb1 100644
--- a/src/ap/ieee802_11_auth.c
+++ b/src/ap/ieee802_11_auth.c
@@ -289,9 +289,6 @@
return HOSTAPD_ACL_ACCEPT;
};
- if (hapd->conf->ssid.dynamic_vlan == DYNAMIC_VLAN_DISABLED)
- vlan_id = NULL;
-
/* Check whether ACL cache has an entry for this station */
res = hostapd_acl_cache_get(hapd, addr, session_timeout,
acct_interim_interval, vlan_id, psk,
@@ -519,6 +516,7 @@
struct hostapd_acl_query_data *query, *prev;
struct hostapd_cached_radius_acl *cache;
struct radius_hdr *hdr = radius_msg_get_hdr(msg);
+ int *untagged, *tagged, *notempty;
query = hapd->acl_queries;
prev = NULL;
@@ -576,10 +574,12 @@
cache->acct_interim_interval = 0;
}
- if (hapd->conf->ssid.dynamic_vlan != DYNAMIC_VLAN_DISABLED)
- cache->vlan_id.notempty = !!radius_msg_get_vlanid(
- msg, &cache->vlan_id.untagged,
- MAX_NUM_TAGGED_VLAN, cache->vlan_id.tagged);
+ notempty = &cache->vlan_id.notempty;
+ untagged = &cache->vlan_id.untagged;
+ tagged = cache->vlan_id.tagged;
+ *notempty = !!radius_msg_get_vlanid(msg, untagged,
+ MAX_NUM_TAGGED_VLAN,
+ tagged);
decode_tunnel_passwords(hapd, shared_secret, shared_secret_len,
msg, req, cache);
diff --git a/src/ap/ieee802_11_he.c b/src/ap/ieee802_11_he.c
index 0721358..1a8d469 100644
--- a/src/ap/ieee802_11_he.c
+++ b/src/ap/ieee802_11_he.c
@@ -86,34 +86,3 @@
return pos;
}
-
-
-u8 * hostapd_eid_he_mu_edca_parameter_set(struct hostapd_data *hapd, u8 *eid)
-{
- struct ieee80211_he_mu_edca_parameter_set *edca;
- u8 *pos;
- size_t i;
-
- pos = (u8 *) &hapd->iface->conf->he_mu_edca;
- for (i = 0; i < sizeof(*edca); i++) {
- if (pos[i])
- break;
- }
- if (i == sizeof(*edca))
- return eid; /* no MU EDCA Parameters configured */
-
- pos = eid;
- *pos++ = WLAN_EID_EXTENSION;
- *pos++ = 1 + sizeof(*edca);
- *pos++ = WLAN_EID_EXT_HE_MU_EDCA_PARAMS;
-
- edca = (struct ieee80211_he_mu_edca_parameter_set *) pos;
- os_memcpy(edca, &hapd->iface->conf->he_mu_edca, sizeof(*edca));
-
- wpa_hexdump(MSG_DEBUG, "HE: MU EDCA Parameter Set element",
- pos, sizeof(*edca));
-
- pos += sizeof(*edca);
-
- return pos;
-}
diff --git a/src/ap/ieee802_11_shared.c b/src/ap/ieee802_11_shared.c
index d70d6c1..c481399 100644
--- a/src/ap/ieee802_11_shared.c
+++ b/src/ap/ieee802_11_shared.c
@@ -10,12 +10,10 @@
#include "utils/common.h"
#include "common/ieee802_11_defs.h"
-#include "common/ocv.h"
#include "hostapd.h"
#include "sta_info.h"
#include "ap_config.h"
#include "ap_drv_ops.h"
-#include "wpa_auth.h"
#include "ieee802_11.h"
@@ -51,12 +49,7 @@
void ieee802_11_send_sa_query_req(struct hostapd_data *hapd,
const u8 *addr, const u8 *trans_id)
{
-#ifdef CONFIG_OCV
- struct sta_info *sta;
-#endif /* CONFIG_OCV */
- struct ieee80211_mgmt *mgmt;
- u8 *oci_ie = NULL;
- u8 oci_ie_len = 0;
+ struct ieee80211_mgmt mgmt;
u8 *end;
wpa_printf(MSG_DEBUG, "IEEE 802.11: Sending SA Query Request to "
@@ -64,61 +57,19 @@
wpa_hexdump(MSG_DEBUG, "IEEE 802.11: SA Query Transaction ID",
trans_id, WLAN_SA_QUERY_TR_ID_LEN);
-#ifdef CONFIG_OCV
- sta = ap_get_sta(hapd, addr);
- if (sta && wpa_auth_uses_ocv(sta->wpa_sm)) {
- struct wpa_channel_info ci;
-
- if (hostapd_drv_channel_info(hapd, &ci) != 0) {
- wpa_printf(MSG_WARNING,
- "Failed to get channel info for OCI element in SA Query Request");
- return;
- }
-
- oci_ie_len = OCV_OCI_EXTENDED_LEN;
- oci_ie = os_zalloc(oci_ie_len);
- if (!oci_ie) {
- wpa_printf(MSG_WARNING,
- "Failed to allocate buffer for OCI element in SA Query Request");
- return;
- }
-
- if (ocv_insert_extended_oci(&ci, oci_ie) < 0) {
- os_free(oci_ie);
- return;
- }
- }
-#endif /* CONFIG_OCV */
-
- mgmt = os_zalloc(sizeof(*mgmt) + oci_ie_len);
- if (!mgmt) {
- wpa_printf(MSG_DEBUG,
- "Failed to allocate buffer for SA Query Response frame");
- os_free(oci_ie);
- return;
- }
-
- mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
- WLAN_FC_STYPE_ACTION);
- os_memcpy(mgmt->da, addr, ETH_ALEN);
- os_memcpy(mgmt->sa, hapd->own_addr, ETH_ALEN);
- os_memcpy(mgmt->bssid, hapd->own_addr, ETH_ALEN);
- mgmt->u.action.category = WLAN_ACTION_SA_QUERY;
- mgmt->u.action.u.sa_query_req.action = WLAN_SA_QUERY_REQUEST;
- os_memcpy(mgmt->u.action.u.sa_query_req.trans_id, trans_id,
+ os_memset(&mgmt, 0, sizeof(mgmt));
+ mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
+ WLAN_FC_STYPE_ACTION);
+ os_memcpy(mgmt.da, addr, ETH_ALEN);
+ os_memcpy(mgmt.sa, hapd->own_addr, ETH_ALEN);
+ os_memcpy(mgmt.bssid, hapd->own_addr, ETH_ALEN);
+ mgmt.u.action.category = WLAN_ACTION_SA_QUERY;
+ mgmt.u.action.u.sa_query_req.action = WLAN_SA_QUERY_REQUEST;
+ os_memcpy(mgmt.u.action.u.sa_query_req.trans_id, trans_id,
WLAN_SA_QUERY_TR_ID_LEN);
- end = mgmt->u.action.u.sa_query_req.variable;
-#ifdef CONFIG_OCV
- if (oci_ie_len > 0) {
- os_memcpy(end, oci_ie, oci_ie_len);
- end += oci_ie_len;
- }
-#endif /* CONFIG_OCV */
- if (hostapd_drv_send_mlme(hapd, mgmt, end - (u8 *) mgmt, 0) < 0)
+ end = mgmt.u.action.u.sa_query_req.trans_id + WLAN_SA_QUERY_TR_ID_LEN;
+ if (hostapd_drv_send_mlme(hapd, &mgmt, end - (u8 *) &mgmt, 0) < 0)
wpa_printf(MSG_INFO, "ieee802_11_send_sa_query_req: send failed");
-
- os_free(mgmt);
- os_free(oci_ie);
}
@@ -126,9 +77,7 @@
const u8 *sa, const u8 *trans_id)
{
struct sta_info *sta;
- struct ieee80211_mgmt *resp;
- u8 *oci_ie = NULL;
- u8 oci_ie_len = 0;
+ struct ieee80211_mgmt resp;
u8 *end;
wpa_printf(MSG_DEBUG, "IEEE 802.11: Received SA Query Request from "
@@ -143,115 +92,30 @@
return;
}
-#ifdef CONFIG_OCV
- if (wpa_auth_uses_ocv(sta->wpa_sm)) {
- struct wpa_channel_info ci;
-
- if (hostapd_drv_channel_info(hapd, &ci) != 0) {
- wpa_printf(MSG_WARNING,
- "Failed to get channel info for OCI element in SA Query Response");
- return;
- }
-
- oci_ie_len = OCV_OCI_EXTENDED_LEN;
- oci_ie = os_zalloc(oci_ie_len);
- if (!oci_ie) {
- wpa_printf(MSG_WARNING,
- "Failed to allocate buffer for for OCI element in SA Query Response");
- return;
- }
-
- if (ocv_insert_extended_oci(&ci, oci_ie) < 0) {
- os_free(oci_ie);
- return;
- }
- }
-#endif /* CONFIG_OCV */
-
- resp = os_zalloc(sizeof(*resp) + oci_ie_len);
- if (!resp) {
- wpa_printf(MSG_DEBUG,
- "Failed to allocate buffer for SA Query Response frame");
- os_free(oci_ie);
- return;
- }
-
wpa_printf(MSG_DEBUG, "IEEE 802.11: Sending SA Query Response to "
MACSTR, MAC2STR(sa));
- resp->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
- WLAN_FC_STYPE_ACTION);
- os_memcpy(resp->da, sa, ETH_ALEN);
- os_memcpy(resp->sa, hapd->own_addr, ETH_ALEN);
- os_memcpy(resp->bssid, hapd->own_addr, ETH_ALEN);
- resp->u.action.category = WLAN_ACTION_SA_QUERY;
- resp->u.action.u.sa_query_req.action = WLAN_SA_QUERY_RESPONSE;
- os_memcpy(resp->u.action.u.sa_query_req.trans_id, trans_id,
+ os_memset(&resp, 0, sizeof(resp));
+ resp.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
+ WLAN_FC_STYPE_ACTION);
+ os_memcpy(resp.da, sa, ETH_ALEN);
+ os_memcpy(resp.sa, hapd->own_addr, ETH_ALEN);
+ os_memcpy(resp.bssid, hapd->own_addr, ETH_ALEN);
+ resp.u.action.category = WLAN_ACTION_SA_QUERY;
+ resp.u.action.u.sa_query_req.action = WLAN_SA_QUERY_RESPONSE;
+ os_memcpy(resp.u.action.u.sa_query_req.trans_id, trans_id,
WLAN_SA_QUERY_TR_ID_LEN);
- end = resp->u.action.u.sa_query_req.variable;
-#ifdef CONFIG_OCV
- if (oci_ie_len > 0) {
- os_memcpy(end, oci_ie, oci_ie_len);
- end += oci_ie_len;
- }
-#endif /* CONFIG_OCV */
- if (hostapd_drv_send_mlme(hapd, resp, end - (u8 *) resp, 0) < 0)
+ end = resp.u.action.u.sa_query_req.trans_id + WLAN_SA_QUERY_TR_ID_LEN;
+ if (hostapd_drv_send_mlme(hapd, &resp, end - (u8 *) &resp, 0) < 0)
wpa_printf(MSG_INFO, "ieee80211_mgmt_sa_query_request: send failed");
-
- os_free(resp);
- os_free(oci_ie);
}
-void ieee802_11_sa_query_action(struct hostapd_data *hapd,
- const struct ieee80211_mgmt *mgmt,
- size_t len)
+void ieee802_11_sa_query_action(struct hostapd_data *hapd, const u8 *sa,
+ const u8 action_type, const u8 *trans_id)
{
struct sta_info *sta;
int i;
- const u8 *sa = mgmt->sa;
- const u8 action_type = mgmt->u.action.u.sa_query_resp.action;
- const u8 *trans_id = mgmt->u.action.u.sa_query_resp.trans_id;
-
- sta = ap_get_sta(hapd, sa);
-
-#ifdef CONFIG_OCV
- if (sta && wpa_auth_uses_ocv(sta->wpa_sm)) {
- struct ieee802_11_elems elems;
- struct wpa_channel_info ci;
- int tx_chanwidth;
- int tx_seg1_idx;
- size_t ies_len;
- const u8 *ies;
-
- ies = mgmt->u.action.u.sa_query_resp.variable;
- ies_len = len - (ies - (u8 *) mgmt);
- if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) ==
- ParseFailed) {
- wpa_printf(MSG_DEBUG,
- "SA Query: Failed to parse elements");
- return;
- }
-
- if (hostapd_drv_channel_info(hapd, &ci) != 0) {
- wpa_printf(MSG_WARNING,
- "Failed to get channel info to validate received OCI in SA Query Action frame");
- return;
- }
-
- if (get_sta_tx_parameters(sta->wpa_sm,
- channel_width_to_int(ci.chanwidth),
- ci.seg1_idx, &tx_chanwidth,
- &tx_seg1_idx) < 0)
- return;
-
- if (ocv_verify_tx_params(elems.oci, elems.oci_len, &ci,
- tx_chanwidth, tx_seg1_idx) != 0) {
- wpa_printf(MSG_WARNING, "%s", ocv_errorstr);
- return;
- }
- }
-#endif /* CONFIG_OCV */
if (action_type == WLAN_SA_QUERY_REQUEST) {
ieee802_11_send_sa_query_resp(hapd, sa, trans_id);
@@ -271,6 +135,7 @@
/* MLME-SAQuery.confirm */
+ sta = ap_get_sta(hapd, sa);
if (sta == NULL || sta->sa_query_trans_id == NULL) {
wpa_printf(MSG_DEBUG, "IEEE 802.11: No matching STA with "
"pending SA Query request found");
@@ -372,21 +237,6 @@
*pos |= 0x01;
#endif /* CONFIG_FILS */
break;
- case 10: /* Bits 80-87 */
-#ifdef CONFIG_SAE
- if (hapd->conf->wpa &&
- wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt)) {
- int in_use = hostapd_sae_pw_id_in_use(hapd->conf);
-
- if (in_use)
- *pos |= 0x02; /* Bit 81 - SAE Password
- * Identifiers In Use */
- if (in_use == 2)
- *pos |= 0x04; /* Bit 82 - SAE Password
- * Identifiers Used Exclusively */
- }
-#endif /* CONFIG_SAE */
- break;
}
}
@@ -426,12 +276,6 @@
!wpa_key_mgmt_fils(hapd->conf->wpa_key_mgmt)) && len < 10)
len = 10;
#endif /* CONFIG_FILS */
-#ifdef CONFIG_SAE
- if (len < 11 && hapd->conf->wpa &&
- wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt) &&
- hostapd_sae_pw_id_in_use(hapd->conf))
- len = 11;
-#endif /* CONFIG_SAE */
if (len < hapd->iface->extended_capa_len)
len = hapd->iface->extended_capa_len;
if (len == 0)
@@ -703,29 +547,12 @@
#ifdef CONFIG_MBO
-u8 * hostapd_eid_mbo_rssi_assoc_rej(struct hostapd_data *hapd, u8 *eid,
- size_t len, int delta)
-{
- u8 mbo[4];
-
- mbo[0] = OCE_ATTR_ID_RSSI_BASED_ASSOC_REJECT;
- mbo[1] = 2;
- /* Delta RSSI */
- mbo[2] = delta;
- /* Retry delay */
- mbo[3] = hapd->iconf->rssi_reject_assoc_timeout;
-
- return eid + mbo_add_ie(eid, len, mbo, 4);
-}
-
-
u8 * hostapd_eid_mbo(struct hostapd_data *hapd, u8 *eid, size_t len)
{
u8 mbo[9], *mbo_pos = mbo;
u8 *pos = eid;
- if (!hapd->conf->mbo_enabled &&
- !OCE_STA_CFON_ENABLED(hapd) && !OCE_AP_ENABLED(hapd))
+ if (!hapd->conf->mbo_enabled && !hapd->enable_oce)
return eid;
if (hapd->conf->mbo_enabled) {
@@ -741,11 +568,12 @@
*mbo_pos++ = hapd->mbo_assoc_disallow;
}
- if (OCE_STA_CFON_ENABLED(hapd) || OCE_AP_ENABLED(hapd)) {
+ if (hapd->enable_oce & (OCE_AP | OCE_STA_CFON)) {
u8 ctrl;
ctrl = OCE_RELEASE;
- if (OCE_STA_CFON_ENABLED(hapd) && !OCE_AP_ENABLED(hapd))
+ if ((hapd->enable_oce & (OCE_AP | OCE_STA_CFON)) ==
+ OCE_STA_CFON)
ctrl |= OCE_IS_STA_CFON;
*mbo_pos++ = OCE_ATTR_ID_CAPA_IND;
@@ -763,8 +591,7 @@
{
u8 len;
- if (!hapd->conf->mbo_enabled &&
- !OCE_STA_CFON_ENABLED(hapd) && !OCE_AP_ENABLED(hapd))
+ if (!hapd->conf->mbo_enabled && !hapd->enable_oce)
return 0;
/*
@@ -776,7 +603,7 @@
len += 3 + (hapd->mbo_assoc_disallow ? 3 : 0);
/* OCE capability indication attribute (3) */
- if (OCE_STA_CFON_ENABLED(hapd) || OCE_AP_ENABLED(hapd))
+ if (hapd->enable_oce & (OCE_AP | OCE_STA_CFON))
len += 3;
return len;
@@ -924,71 +751,3 @@
return pos;
}
-
-
-#ifdef CONFIG_OCV
-int get_tx_parameters(struct sta_info *sta, int ap_max_chanwidth,
- int ap_seg1_idx, int *bandwidth, int *seg1_idx)
-{
- int ht_40mhz = 0;
- int vht_80p80 = 0;
- int requested_bw;
-
- if (sta->ht_capabilities)
- ht_40mhz = !!(sta->ht_capabilities->ht_capabilities_info &
- HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET);
-
- if (sta->vht_operation) {
- struct ieee80211_vht_operation *oper = sta->vht_operation;
-
- /*
- * If a VHT Operation element was present, use it to determine
- * the supported channel bandwidth.
- */
- if (oper->vht_op_info_chwidth == 0) {
- requested_bw = ht_40mhz ? 40 : 20;
- } else if (oper->vht_op_info_chan_center_freq_seg1_idx == 0) {
- requested_bw = 80;
- } else {
- int diff;
-
- requested_bw = 160;
- diff = abs((int)
- oper->vht_op_info_chan_center_freq_seg0_idx -
- (int)
- oper->vht_op_info_chan_center_freq_seg1_idx);
- vht_80p80 = oper->vht_op_info_chan_center_freq_seg1_idx
- != 0 && diff > 16;
- }
- } else if (sta->vht_capabilities) {
- struct ieee80211_vht_capabilities *capab;
- int vht_chanwidth;
-
- capab = sta->vht_capabilities;
-
- /*
- * If only the VHT Capabilities element is present (e.g., for
- * normal clients), use it to determine the supported channel
- * bandwidth.
- */
- vht_chanwidth = capab->vht_capabilities_info &
- VHT_CAP_SUPP_CHAN_WIDTH_MASK;
- vht_80p80 = capab->vht_capabilities_info &
- VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ;
-
- /* TODO: Also take into account Extended NSS BW Support field */
- requested_bw = vht_chanwidth ? 160 : 80;
- } else {
- requested_bw = ht_40mhz ? 40 : 20;
- }
-
- *bandwidth = requested_bw < ap_max_chanwidth ?
- requested_bw : ap_max_chanwidth;
-
- *seg1_idx = 0;
- if (ap_seg1_idx && vht_80p80)
- *seg1_idx = ap_seg1_idx;
-
- return 0;
-}
-#endif /* CONFIG_OCV */
diff --git a/src/ap/ieee802_11_vht.c b/src/ap/ieee802_11_vht.c
index 54ee080..8d06620 100644
--- a/src/ap/ieee802_11_vht.c
+++ b/src/ap/ieee802_11_vht.c
@@ -357,29 +357,6 @@
}
-u16 copy_sta_vht_oper(struct hostapd_data *hapd, struct sta_info *sta,
- const u8 *vht_oper)
-{
- if (!vht_oper) {
- os_free(sta->vht_operation);
- sta->vht_operation = NULL;
- return WLAN_STATUS_SUCCESS;
- }
-
- if (!sta->vht_operation) {
- sta->vht_operation =
- os_zalloc(sizeof(struct ieee80211_vht_operation));
- if (!sta->vht_operation)
- return WLAN_STATUS_UNSPECIFIED_FAILURE;
- }
-
- os_memcpy(sta->vht_operation, vht_oper,
- sizeof(struct ieee80211_vht_operation));
-
- return WLAN_STATUS_SUCCESS;
-}
-
-
u16 copy_sta_vendor_vht(struct hostapd_data *hapd, struct sta_info *sta,
const u8 *ie, size_t len)
{
diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
index a56c82e..985f8b7 100644
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
@@ -1,6 +1,6 @@
/*
* hostapd / IEEE 802.1X-2004 Authenticator
- * Copyright (c) 2002-2019, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -682,8 +682,7 @@
#ifdef CONFIG_HS20
if (hapd->conf->hs20) {
- u8 ver = hapd->conf->hs20_release - 1;
-
+ u8 ver = 1; /* Release 2 */
if (!radius_msg_add_wfa(
msg, RADIUS_VENDOR_ATTR_WFA_HS20_AP_VERSION,
&ver, 1)) {
@@ -1742,45 +1741,6 @@
}
-#ifndef CONFIG_NO_VLAN
-static int ieee802_1x_update_vlan(struct radius_msg *msg,
- struct hostapd_data *hapd,
- struct sta_info *sta)
-{
- struct vlan_description vlan_desc;
-
- os_memset(&vlan_desc, 0, sizeof(vlan_desc));
- vlan_desc.notempty = !!radius_msg_get_vlanid(msg, &vlan_desc.untagged,
- MAX_NUM_TAGGED_VLAN,
- vlan_desc.tagged);
-
- if (vlan_desc.notempty &&
- !hostapd_vlan_valid(hapd->conf->vlan, &vlan_desc)) {
- sta->eapol_sm->authFail = TRUE;
- hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
- HOSTAPD_LEVEL_INFO,
- "Invalid VLAN %d%s received from RADIUS server",
- vlan_desc.untagged,
- vlan_desc.tagged[0] ? "+" : "");
- os_memset(&vlan_desc, 0, sizeof(vlan_desc));
- ap_sta_set_vlan(hapd, sta, &vlan_desc);
- return -1;
- }
-
- if (hapd->conf->ssid.dynamic_vlan == DYNAMIC_VLAN_REQUIRED &&
- !vlan_desc.notempty) {
- sta->eapol_sm->authFail = TRUE;
- hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
- HOSTAPD_LEVEL_INFO,
- "authentication server did not include required VLAN ID in Access-Accept");
- return -1;
- }
-
- return ap_sta_set_vlan(hapd, sta, &vlan_desc);
-}
-#endif /* CONFIG_NO_VLAN */
-
-
/**
* ieee802_1x_receive_auth - Process RADIUS frames from Authentication Server
* @msg: RADIUS response message
@@ -1803,6 +1763,12 @@
struct eapol_state_machine *sm;
int override_eapReq = 0;
struct radius_hdr *hdr = radius_msg_get_hdr(msg);
+ struct vlan_description vlan_desc;
+#ifndef CONFIG_NO_VLAN
+ int *untagged, *tagged, *notempty;
+#endif /* CONFIG_NO_VLAN */
+
+ os_memset(&vlan_desc, 0, sizeof(vlan_desc));
sm = ieee802_1x_search_radius_identifier(hapd, hdr->identifier);
if (sm == NULL) {
@@ -1867,21 +1833,56 @@
switch (hdr->code) {
case RADIUS_CODE_ACCESS_ACCEPT:
#ifndef CONFIG_NO_VLAN
- if (hapd->conf->ssid.dynamic_vlan != DYNAMIC_VLAN_DISABLED &&
- ieee802_1x_update_vlan(msg, hapd, sta) < 0)
+ if (hapd->conf->ssid.dynamic_vlan != DYNAMIC_VLAN_DISABLED) {
+ notempty = &vlan_desc.notempty;
+ untagged = &vlan_desc.untagged;
+ tagged = vlan_desc.tagged;
+ *notempty = !!radius_msg_get_vlanid(msg, untagged,
+ MAX_NUM_TAGGED_VLAN,
+ tagged);
+ }
+
+ if (vlan_desc.notempty &&
+ !hostapd_vlan_valid(hapd->conf->vlan, &vlan_desc)) {
+ sta->eapol_sm->authFail = TRUE;
+ hostapd_logger(hapd, sta->addr,
+ HOSTAPD_MODULE_RADIUS,
+ HOSTAPD_LEVEL_INFO,
+ "Invalid VLAN %d%s received from RADIUS server",
+ vlan_desc.untagged,
+ vlan_desc.tagged[0] ? "+" : "");
+ os_memset(&vlan_desc, 0, sizeof(vlan_desc));
+ ap_sta_set_vlan(hapd, sta, &vlan_desc);
+ break;
+ }
+
+ if (hapd->conf->ssid.dynamic_vlan == DYNAMIC_VLAN_REQUIRED &&
+ !vlan_desc.notempty) {
+ sta->eapol_sm->authFail = TRUE;
+ hostapd_logger(hapd, sta->addr,
+ HOSTAPD_MODULE_IEEE8021X,
+ HOSTAPD_LEVEL_INFO, "authentication "
+ "server did not include required VLAN "
+ "ID in Access-Accept");
+ break;
+ }
+#endif /* CONFIG_NO_VLAN */
+
+ if (ap_sta_set_vlan(hapd, sta, &vlan_desc) < 0)
break;
+#ifndef CONFIG_NO_VLAN
if (sta->vlan_id > 0) {
hostapd_logger(hapd, sta->addr,
HOSTAPD_MODULE_RADIUS,
HOSTAPD_LEVEL_INFO,
"VLAN ID %d", sta->vlan_id);
}
+#endif /* CONFIG_NO_VLAN */
if ((sta->flags & WLAN_STA_ASSOC) &&
ap_sta_bind_vlan(hapd, sta) < 0)
break;
-#endif /* CONFIG_NO_VLAN */
sta->session_timeout_set = !!session_timeout_set;
os_get_reltime(&sta->session_timeout);
@@ -2594,7 +2595,6 @@
struct os_reltime diff;
const char *name1;
const char *name2;
- char *identity_buf = NULL;
if (sm == NULL)
return 0;
@@ -2710,14 +2710,6 @@
/* dot1xAuthSessionStatsTable */
os_reltime_age(&sta->acct_session_start, &diff);
- if (sm->eap && !sm->identity) {
- const u8 *id;
- size_t id_len;
-
- id = eap_get_identity(sm->eap, &id_len);
- if (id)
- identity_buf = dup_binstr(id, id_len);
- }
ret = os_snprintf(buf + len, buflen - len,
/* TODO: dot1xAuthSessionOctetsRx */
/* TODO: dot1xAuthSessionOctetsTx */
@@ -2733,8 +2725,7 @@
wpa_auth_sta_key_mgmt(sta->wpa_sm))) ?
1 : 2,
(unsigned int) diff.sec,
- sm->identity ? (char *) sm->identity : identity_buf);
- os_free(identity_buf);
+ sm->identity);
if (os_snprintf_error(buflen - len, ret))
return len;
len += ret;
diff --git a/src/ap/neighbor_db.c b/src/ap/neighbor_db.c
index 2b6f727..b8fd592 100644
--- a/src/ap/neighbor_db.c
+++ b/src/ap/neighbor_db.c
@@ -11,7 +11,6 @@
#include "utils/common.h"
#include "hostapd.h"
-#include "ieee802_11.h"
#include "neighbor_db.h"
@@ -124,7 +123,7 @@
}
-void hostapd_free_neighbor_db(struct hostapd_data *hapd)
+void hostpad_free_neighbor_db(struct hostapd_data *hapd)
{
struct hostapd_neighbor_entry *nr, *prev;
@@ -135,123 +134,3 @@
os_free(nr);
}
}
-
-
-#ifdef NEED_AP_MLME
-static enum nr_chan_width hostapd_get_nr_chan_width(struct hostapd_data *hapd,
- int ht, int vht)
-{
- if (!ht && !vht)
- return NR_CHAN_WIDTH_20;
- if (!hapd->iconf->secondary_channel)
- return NR_CHAN_WIDTH_20;
- if (!vht || hapd->iconf->vht_oper_chwidth == VHT_CHANWIDTH_USE_HT)
- return NR_CHAN_WIDTH_40;
- if (hapd->iconf->vht_oper_chwidth == VHT_CHANWIDTH_80MHZ)
- return NR_CHAN_WIDTH_80;
- if (hapd->iconf->vht_oper_chwidth == VHT_CHANWIDTH_160MHZ)
- return NR_CHAN_WIDTH_160;
- if (hapd->iconf->vht_oper_chwidth == VHT_CHANWIDTH_80P80MHZ)
- return NR_CHAN_WIDTH_80P80;
- return NR_CHAN_WIDTH_20;
-}
-#endif /* NEED_AP_MLME */
-
-
-void hostapd_neighbor_set_own_report(struct hostapd_data *hapd)
-{
-#ifdef NEED_AP_MLME
- u16 capab = hostapd_own_capab_info(hapd);
- int ht = hapd->iconf->ieee80211n && !hapd->conf->disable_11n;
- int vht = hapd->iconf->ieee80211ac && !hapd->conf->disable_11ac;
- struct wpa_ssid_value ssid;
- u8 channel, op_class;
- u8 center_freq1_idx = 0, center_freq2_idx = 0;
- enum nr_chan_width width;
- u32 bssid_info;
- struct wpabuf *nr;
-
- if (!(hapd->conf->radio_measurements[0] &
- WLAN_RRM_CAPS_NEIGHBOR_REPORT))
- return;
-
- bssid_info = 3; /* AP is reachable */
- bssid_info |= NEI_REP_BSSID_INFO_SECURITY; /* "same as the AP" */
- bssid_info |= NEI_REP_BSSID_INFO_KEY_SCOPE; /* "same as the AP" */
-
- if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT)
- bssid_info |= NEI_REP_BSSID_INFO_SPECTRUM_MGMT;
-
- bssid_info |= NEI_REP_BSSID_INFO_RM; /* RRM is supported */
-
- if (hapd->conf->wmm_enabled) {
- bssid_info |= NEI_REP_BSSID_INFO_QOS;
-
- if (hapd->conf->wmm_uapsd &&
- (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_AP_UAPSD))
- bssid_info |= NEI_REP_BSSID_INFO_APSD;
- }
-
- if (ht) {
- bssid_info |= NEI_REP_BSSID_INFO_HT |
- NEI_REP_BSSID_INFO_DELAYED_BA;
-
- /* VHT bit added in IEEE P802.11-REVmc/D4.3 */
- if (vht)
- bssid_info |= NEI_REP_BSSID_INFO_VHT;
- }
-
- /* TODO: Set NEI_REP_BSSID_INFO_MOBILITY_DOMAIN if MDE is set */
-
- if (ieee80211_freq_to_channel_ext(hapd->iface->freq,
- hapd->iconf->secondary_channel,
- hapd->iconf->vht_oper_chwidth,
- &op_class, &channel) ==
- NUM_HOSTAPD_MODES)
- return;
- width = hostapd_get_nr_chan_width(hapd, ht, vht);
- if (vht) {
- center_freq1_idx = hapd->iconf->vht_oper_centr_freq_seg0_idx;
- if (width == NR_CHAN_WIDTH_80P80)
- center_freq2_idx =
- hapd->iconf->vht_oper_centr_freq_seg1_idx;
- } else if (ht) {
- ieee80211_freq_to_chan(hapd->iface->freq +
- 10 * hapd->iconf->secondary_channel,
- ¢er_freq1_idx);
- }
-
- ssid.ssid_len = hapd->conf->ssid.ssid_len;
- os_memcpy(ssid.ssid, hapd->conf->ssid.ssid, ssid.ssid_len);
-
- /*
- * Neighbor Report element size = BSSID + BSSID info + op_class + chan +
- * phy type + wide bandwidth channel subelement.
- */
- nr = wpabuf_alloc(ETH_ALEN + 4 + 1 + 1 + 1 + 5);
- if (!nr)
- return;
-
- wpabuf_put_data(nr, hapd->own_addr, ETH_ALEN);
- wpabuf_put_le32(nr, bssid_info);
- wpabuf_put_u8(nr, op_class);
- wpabuf_put_u8(nr, channel);
- wpabuf_put_u8(nr, ieee80211_get_phy_type(hapd->iface->freq, ht, vht));
-
- /*
- * Wide Bandwidth Channel subelement may be needed to allow the
- * receiving STA to send packets to the AP. See IEEE P802.11-REVmc/D5.0
- * Figure 9-301.
- */
- wpabuf_put_u8(nr, WNM_NEIGHBOR_WIDE_BW_CHAN);
- wpabuf_put_u8(nr, 3);
- wpabuf_put_u8(nr, width);
- wpabuf_put_u8(nr, center_freq1_idx);
- wpabuf_put_u8(nr, center_freq2_idx);
-
- hostapd_neighbor_set(hapd, hapd->own_addr, &ssid, nr, hapd->iconf->lci,
- hapd->iconf->civic, hapd->iconf->stationary_ap);
-
- wpabuf_free(nr);
-#endif /* NEED_AP_MLME */
-}
diff --git a/src/ap/neighbor_db.h b/src/ap/neighbor_db.h
index 9c8f4f2..ba46d88 100644
--- a/src/ap/neighbor_db.h
+++ b/src/ap/neighbor_db.h
@@ -17,9 +17,8 @@
const struct wpa_ssid_value *ssid,
const struct wpabuf *nr, const struct wpabuf *lci,
const struct wpabuf *civic, int stationary);
-void hostapd_neighbor_set_own_report(struct hostapd_data *hapd);
int hostapd_neighbor_remove(struct hostapd_data *hapd, const u8 *bssid,
const struct wpa_ssid_value *ssid);
-void hostapd_free_neighbor_db(struct hostapd_data *hapd);
+void hostpad_free_neighbor_db(struct hostapd_data *hapd);
#endif /* NEIGHBOR_DB_H */
diff --git a/src/ap/rrm.c b/src/ap/rrm.c
index f2d5cd1..56ed29c 100644
--- a/src/ap/rrm.c
+++ b/src/ap/rrm.c
@@ -558,7 +558,7 @@
void hostapd_clean_rrm(struct hostapd_data *hapd)
{
- hostapd_free_neighbor_db(hapd);
+ hostpad_free_neighbor_db(hapd);
eloop_cancel_timeout(hostapd_lci_rep_timeout_handler, hapd, NULL);
hapd->lci_req_active = 0;
eloop_cancel_timeout(hostapd_range_rep_timeout_handler, hapd, NULL);
diff --git a/src/ap/sta_info.c b/src/ap/sta_info.c
index 8858a34..179cf43 100644
--- a/src/ap/sta_info.c
+++ b/src/ap/sta_info.c
@@ -166,7 +166,7 @@
/* just in case */
ap_sta_set_authorized(hapd, sta, 0);
- if (sta->flags & (WLAN_STA_WDS | WLAN_STA_MULTI_AP))
+ if (sta->flags & WLAN_STA_WDS)
hostapd_set_wds_sta(hapd, NULL, sta->addr, sta->aid, 0);
if (sta->ipaddr)
@@ -328,7 +328,6 @@
os_free(sta->ht_capabilities);
os_free(sta->vht_capabilities);
- os_free(sta->vht_operation);
hostapd_free_psk_list(sta->psk);
os_free(sta->identity);
os_free(sta->radius_cui);
@@ -897,6 +896,9 @@
struct hostapd_vlan *vlan = NULL, *wildcard_vlan = NULL;
int old_vlan_id, vlan_id = 0, ret = 0;
+ if (hapd->conf->ssid.dynamic_vlan == DYNAMIC_VLAN_DISABLED)
+ vlan_desc = NULL;
+
/* Check if there is something to do */
if (hapd->conf->ssid.per_sta_vif && !sta->vlan_id) {
/* This sta is lacking its own vif */
@@ -1163,32 +1165,6 @@
#endif /* CONFIG_IEEE80211W */
-const char * ap_sta_wpa_get_keyid(struct hostapd_data *hapd,
- struct sta_info *sta)
-{
- struct hostapd_wpa_psk *psk;
- struct hostapd_ssid *ssid;
- const u8 *pmk;
- int pmk_len;
-
- ssid = &hapd->conf->ssid;
-
- pmk = wpa_auth_get_pmk(sta->wpa_sm, &pmk_len);
- if (!pmk || pmk_len != PMK_LEN)
- return NULL;
-
- for (psk = ssid->wpa_psk; psk; psk = psk->next)
- if (os_memcmp(pmk, psk->psk, PMK_LEN) == 0)
- break;
- if (!psk)
- return NULL;
- if (!psk || !psk->keyid[0])
- return NULL;
-
- return psk->keyid;
-}
-
-
void ap_sta_set_authorized(struct hostapd_data *hapd, struct sta_info *sta,
int authorized)
{
@@ -1227,11 +1203,7 @@
sta->addr, authorized, dev_addr);
if (authorized) {
- const char *keyid;
- char keyid_buf[100];
char ip_addr[100];
-
- keyid_buf[0] = '\0';
ip_addr[0] = '\0';
#ifdef CONFIG_P2P
if (wpa_auth_get_ip_addr(sta->wpa_sm, ip_addr_buf) == 0) {
@@ -1242,20 +1214,14 @@
}
#endif /* CONFIG_P2P */
- keyid = ap_sta_wpa_get_keyid(hapd, sta);
- if (keyid) {
- os_snprintf(keyid_buf, sizeof(keyid_buf),
- " keyid=%s", keyid);
- }
-
- wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s",
- buf, ip_addr, keyid_buf);
+ wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s",
+ buf, ip_addr);
if (hapd->msg_ctx_parent &&
hapd->msg_ctx_parent != hapd->msg_ctx)
wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO,
- AP_STA_CONNECTED "%s%s%s",
- buf, ip_addr, keyid_buf);
+ AP_STA_CONNECTED "%s%s",
+ buf, ip_addr);
} else {
wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_DISCONNECTED "%s", buf);
diff --git a/src/ap/sta_info.h b/src/ap/sta_info.h
index ee3f628..9cac6f1 100644
--- a/src/ap/sta_info.h
+++ b/src/ap/sta_info.h
@@ -36,7 +36,6 @@
#define WLAN_STA_VHT_OPMODE_ENABLED BIT(20)
#define WLAN_STA_VENDOR_VHT BIT(21)
#define WLAN_STA_PENDING_FILS_ERP BIT(22)
-#define WLAN_STA_MULTI_AP BIT(23)
#define WLAN_STA_PENDING_DISASSOC_CB BIT(29)
#define WLAN_STA_PENDING_DEAUTH_CB BIT(30)
#define WLAN_STA_NONERP BIT(31)
@@ -118,7 +117,6 @@
unsigned int power_capab:1;
unsigned int agreed_to_steer:1;
unsigned int hs20_t_c_filtering:1;
- unsigned int ft_over_ds:1;
u16 auth_alg;
@@ -164,7 +162,6 @@
struct ieee80211_ht_capabilities *ht_capabilities;
struct ieee80211_vht_capabilities *vht_capabilities;
- struct ieee80211_vht_operation *vht_operation;
u8 vht_opmode;
#ifdef CONFIG_IEEE80211W
@@ -218,7 +215,6 @@
u8 cell_capa; /* 0 = unknown (not an MBO STA); otherwise,
* enum mbo_cellular_capa values */
struct mbo_non_pref_chan_info *non_pref_chan;
- int auth_rssi; /* Last Authentication frame RSSI */
#endif /* CONFIG_MBO */
u8 *supp_op_classes; /* Supported Operating Classes element, if
@@ -324,8 +320,6 @@
void ap_sta_start_sa_query(struct hostapd_data *hapd, struct sta_info *sta);
void ap_sta_stop_sa_query(struct hostapd_data *hapd, struct sta_info *sta);
int ap_check_sa_query_timeout(struct hostapd_data *hapd, struct sta_info *sta);
-const char * ap_sta_wpa_get_keyid(struct hostapd_data *hapd,
- struct sta_info *sta);
void ap_sta_disconnect(struct hostapd_data *hapd, struct sta_info *sta,
const u8 *addr, u16 reason);
diff --git a/src/ap/vlan_full.c b/src/ap/vlan_full.c
index 19aa3c6..aa42335 100644
--- a/src/ap/vlan_full.c
+++ b/src/ap/vlan_full.c
@@ -16,7 +16,6 @@
#include "utils/common.h"
#include "drivers/priv_netlink.h"
-#include "drivers/linux_ioctl.h"
#include "common/linux_bridge.h"
#include "common/linux_vlan.h"
#include "utils/eloop.h"
@@ -144,9 +143,6 @@
return -1;
}
- if (linux_br_del_if(fd, br_name, if_name) == 0)
- goto done;
-
if_index = if_nametoindex(if_name);
if (if_index == 0) {
@@ -172,7 +168,6 @@
return -1;
}
-done:
close(fd);
return 0;
}
@@ -199,14 +194,6 @@
return -1;
}
- if (linux_br_add_if(fd, br_name, if_name) == 0)
- goto done;
- if (errno == EBUSY) {
- /* The interface is already added. */
- close(fd);
- return 1;
- }
-
if_index = if_nametoindex(if_name);
if (if_index == 0) {
@@ -237,7 +224,6 @@
return -1;
}
-done:
close(fd);
return 0;
}
@@ -255,9 +241,6 @@
return -1;
}
- if (linux_br_del(fd, br_name) == 0)
- goto done;
-
arg[0] = BRCTL_DEL_BRIDGE;
arg[1] = (unsigned long) br_name;
@@ -269,7 +252,6 @@
return -1;
}
-done:
close(fd);
return 0;
}
@@ -295,19 +277,11 @@
return -1;
}
- if (linux_br_add(fd, br_name) == 0)
- goto done;
- if (errno == EEXIST) {
- /* The bridge is already added. */
- close(fd);
- return 1;
- }
-
arg[0] = BRCTL_ADD_BRIDGE;
arg[1] = (unsigned long) br_name;
if (ioctl(fd, SIOCGIFBR, arg) < 0) {
- if (errno == EEXIST) {
+ if (errno == EEXIST) {
/* The bridge is already added. */
close(fd);
return 1;
@@ -320,7 +294,6 @@
}
}
-done:
/* Decrease forwarding delay to avoid EAPOL timeouts. */
os_memset(&ifr, 0, sizeof(ifr));
os_strlcpy(ifr.ifr_name, br_name, IFNAMSIZ);
@@ -390,18 +363,12 @@
{
char vlan_ifname[IFNAMSIZ];
int clean;
- int ret;
if (vlan_naming == DYNAMIC_VLAN_NAMING_WITH_DEVICE)
- ret = os_snprintf(vlan_ifname, sizeof(vlan_ifname), "%s.%d",
- tagged_interface, vid);
+ os_snprintf(vlan_ifname, sizeof(vlan_ifname), "%s.%d",
+ tagged_interface, vid);
else
- ret = os_snprintf(vlan_ifname, sizeof(vlan_ifname), "vlan%d",
- vid);
- if (ret >= (int) sizeof(vlan_ifname))
- wpa_printf(MSG_WARNING,
- "VLAN: Interface name was truncated to %s",
- vlan_ifname);
+ os_snprintf(vlan_ifname, sizeof(vlan_ifname), "vlan%d", vid);
clean = 0;
ifconfig_up(tagged_interface);
@@ -417,28 +384,19 @@
}
-static void vlan_bridge_name(char *br_name, struct hostapd_data *hapd,
- struct hostapd_vlan *vlan, int vid)
+static void vlan_bridge_name(char *br_name, struct hostapd_data *hapd, int vid)
{
char *tagged_interface = hapd->conf->ssid.vlan_tagged_interface;
- int ret;
- if (vlan->bridge[0]) {
- os_strlcpy(br_name, vlan->bridge, IFNAMSIZ);
- ret = 0;
- } else if (hapd->conf->vlan_bridge[0]) {
- ret = os_snprintf(br_name, IFNAMSIZ, "%s%d",
- hapd->conf->vlan_bridge, vid);
+ if (hapd->conf->vlan_bridge[0]) {
+ os_snprintf(br_name, IFNAMSIZ, "%s%d",
+ hapd->conf->vlan_bridge, vid);
} else if (tagged_interface) {
- ret = os_snprintf(br_name, IFNAMSIZ, "br%s.%d",
- tagged_interface, vid);
+ os_snprintf(br_name, IFNAMSIZ, "br%s.%d",
+ tagged_interface, vid);
} else {
- ret = os_snprintf(br_name, IFNAMSIZ, "brvlan%d", vid);
+ os_snprintf(br_name, IFNAMSIZ, "brvlan%d", vid);
}
- if (ret >= IFNAMSIZ)
- wpa_printf(MSG_WARNING,
- "VLAN: Interface name was truncated to %s",
- br_name);
}
@@ -487,7 +445,7 @@
!br_addif(hapd->conf->bridge, ifname))
vlan->clean |= DVLAN_CLEAN_WLAN_PORT;
} else if (untagged > 0 && untagged <= MAX_VLAN_ID) {
- vlan_bridge_name(br_name, hapd, vlan, untagged);
+ vlan_bridge_name(br_name, hapd, untagged);
vlan_get_bridge(br_name, hapd, untagged);
@@ -500,7 +458,7 @@
tagged[i] <= 0 || tagged[i] > MAX_VLAN_ID ||
(i > 0 && tagged[i] == tagged[i - 1]))
continue;
- vlan_bridge_name(br_name, hapd, vlan, tagged[i]);
+ vlan_bridge_name(br_name, hapd, tagged[i]);
vlan_get_bridge(br_name, hapd, tagged[i]);
vlan_newlink_tagged(DYNAMIC_VLAN_NAMING_WITH_DEVICE,
ifname, br_name, tagged[i], hapd);
@@ -516,19 +474,12 @@
{
char vlan_ifname[IFNAMSIZ];
int clean;
- int ret;
if (vlan_naming == DYNAMIC_VLAN_NAMING_WITH_DEVICE)
- ret = os_snprintf(vlan_ifname, sizeof(vlan_ifname), "%s.%d",
- tagged_interface, vid);
+ os_snprintf(vlan_ifname, sizeof(vlan_ifname), "%s.%d",
+ tagged_interface, vid);
else
- ret = os_snprintf(vlan_ifname, sizeof(vlan_ifname), "vlan%d",
- vid);
- if (ret >= (int) sizeof(vlan_ifname))
- wpa_printf(MSG_WARNING,
- "VLAN: Interface name was truncated to %s",
- vlan_ifname);
-
+ os_snprintf(vlan_ifname, sizeof(vlan_ifname), "vlan%d", vid);
clean = dyn_iface_put(hapd, vlan_ifname);
@@ -592,7 +543,7 @@
tagged[i] <= 0 || tagged[i] > MAX_VLAN_ID ||
(i > 0 && tagged[i] == tagged[i - 1]))
continue;
- vlan_bridge_name(br_name, hapd, vlan, tagged[i]);
+ vlan_bridge_name(br_name, hapd, tagged[i]);
vlan_dellink_tagged(DYNAMIC_VLAN_NAMING_WITH_DEVICE,
ifname, br_name, tagged[i], hapd);
vlan_put_bridge(br_name, hapd, tagged[i]);
@@ -604,7 +555,7 @@
(vlan->clean & DVLAN_CLEAN_WLAN_PORT))
br_delif(hapd->conf->bridge, ifname);
} else if (untagged > 0 && untagged <= MAX_VLAN_ID) {
- vlan_bridge_name(br_name, hapd, vlan, untagged);
+ vlan_bridge_name(br_name, hapd, untagged);
if (vlan->clean & DVLAN_CLEAN_WLAN_PORT)
br_delif(br_name, vlan->ifname);
diff --git a/src/ap/vlan_init.c b/src/ap/vlan_init.c
index e293a00..01fecee 100644
--- a/src/ap/vlan_init.c
+++ b/src/ap/vlan_init.c
@@ -187,7 +187,6 @@
{
struct hostapd_vlan *n;
char ifname[IFNAMSIZ + 1], *pos;
- int ret;
if (vlan == NULL || vlan->vlan_id != VLAN_ID_WILDCARD)
return NULL;
@@ -209,13 +208,8 @@
n->vlan_desc = *vlan_desc;
n->dynamic_vlan = 1;
- ret = os_snprintf(n->ifname, sizeof(n->ifname), "%s%d%s",
- ifname, vlan_id, pos);
- if (os_snprintf_error(sizeof(n->ifname), ret)) {
- os_free(n);
- return NULL;
- }
- os_strlcpy(n->bridge, vlan->bridge, sizeof(n->bridge));
+ os_snprintf(n->ifname, sizeof(n->ifname), "%s%d%s", ifname, vlan_id,
+ pos);
n->next = hapd->conf->vlan;
hapd->conf->vlan = n;
diff --git a/src/ap/wnm_ap.c b/src/ap/wnm_ap.c
index 27c69d3..61d2f65 100644
--- a/src/ap/wnm_ap.c
+++ b/src/ap/wnm_ap.c
@@ -12,7 +12,6 @@
#include "utils/eloop.h"
#include "common/ieee802_11_defs.h"
#include "common/wpa_ctrl.h"
-#include "common/ocv.h"
#include "ap/hostapd.h"
#include "ap/sta_info.h"
#include "ap/ap_config.h"
@@ -55,8 +54,8 @@
size_t gtk_elem_len = 0;
size_t igtk_elem_len = 0;
struct wnm_sleep_element wnmsleep_ie;
- u8 *wnmtfs_ie, *oci_ie;
- u8 wnmsleep_ie_len, oci_ie_len;
+ u8 *wnmtfs_ie;
+ u8 wnmsleep_ie_len;
u16 wnmtfs_ie_len;
u8 *pos;
struct sta_info *sta;
@@ -89,42 +88,10 @@
wnmtfs_ie = NULL;
}
- oci_ie = NULL;
- oci_ie_len = 0;
-#ifdef CONFIG_OCV
- if (action_type == WNM_SLEEP_MODE_EXIT &&
- wpa_auth_uses_ocv(sta->wpa_sm)) {
- struct wpa_channel_info ci;
-
- if (hostapd_drv_channel_info(hapd, &ci) != 0) {
- wpa_printf(MSG_WARNING,
- "Failed to get channel info for OCI element in WNM-Sleep Mode frame");
- os_free(wnmtfs_ie);
- return -1;
- }
-
- oci_ie_len = OCV_OCI_EXTENDED_LEN;
- oci_ie = os_zalloc(oci_ie_len);
- if (!oci_ie) {
- wpa_printf(MSG_WARNING,
- "Failed to allocate buffer for OCI element in WNM-Sleep Mode frame");
- os_free(wnmtfs_ie);
- return -1;
- }
-
- if (ocv_insert_extended_oci(&ci, oci_ie) < 0) {
- os_free(wnmtfs_ie);
- os_free(oci_ie);
- return -1;
- }
- }
-#endif /* CONFIG_OCV */
-
#define MAX_GTK_SUBELEM_LEN 45
#define MAX_IGTK_SUBELEM_LEN 26
mgmt = os_zalloc(sizeof(*mgmt) + wnmsleep_ie_len +
- MAX_GTK_SUBELEM_LEN + MAX_IGTK_SUBELEM_LEN +
- oci_ie_len);
+ MAX_GTK_SUBELEM_LEN + MAX_IGTK_SUBELEM_LEN);
if (mgmt == NULL) {
wpa_printf(MSG_DEBUG, "MLME: Failed to allocate buffer for "
"WNM-Sleep Response action frame");
@@ -167,18 +134,11 @@
os_memcpy(pos, &wnmsleep_ie, wnmsleep_ie_len);
/* copy TFS IE here */
pos += wnmsleep_ie_len;
- if (wnmtfs_ie) {
+ if (wnmtfs_ie)
os_memcpy(pos, wnmtfs_ie, wnmtfs_ie_len);
- pos += wnmtfs_ie_len;
- }
-#ifdef CONFIG_OCV
- /* copy OCV OCI here */
- if (oci_ie_len > 0)
- os_memcpy(pos, oci_ie, oci_ie_len);
-#endif /* CONFIG_OCV */
len = 1 + sizeof(mgmt->u.action.u.wnm_sleep_resp) + gtk_elem_len +
- igtk_elem_len + wnmsleep_ie_len + wnmtfs_ie_len + oci_ie_len;
+ igtk_elem_len + wnmsleep_ie_len + wnmtfs_ie_len;
/* In driver, response frame should be forced to sent when STA is in
* PS mode */
@@ -225,7 +185,6 @@
#undef MAX_IGTK_SUBELEM_LEN
fail:
os_free(wnmtfs_ie);
- os_free(oci_ie);
os_free(mgmt);
return res;
}
@@ -242,11 +201,6 @@
u8 *tfsreq_ie_start = NULL;
u8 *tfsreq_ie_end = NULL;
u16 tfsreq_ie_len = 0;
-#ifdef CONFIG_OCV
- struct sta_info *sta;
- const u8 *oci_ie = NULL;
- u8 oci_ie_len = 0;
-#endif /* CONFIG_OCV */
if (!hapd->conf->wnm_sleep_mode) {
wpa_printf(MSG_DEBUG, "Ignore WNM-Sleep Mode Request from "
@@ -274,12 +228,6 @@
if (!tfsreq_ie_start)
tfsreq_ie_start = (u8 *) pos;
tfsreq_ie_end = (u8 *) pos;
-#ifdef CONFIG_OCV
- } else if (*pos == WLAN_EID_EXTENSION && ie_len >= 1 &&
- pos[2] == WLAN_EID_EXT_OCV_OCI) {
- oci_ie = pos + 3;
- oci_ie_len = ie_len - 1;
-#endif /* CONFIG_OCV */
} else
wpa_printf(MSG_DEBUG, "WNM: EID %d not recognized",
*pos);
@@ -291,27 +239,6 @@
return;
}
-#ifdef CONFIG_OCV
- sta = ap_get_sta(hapd, addr);
- if (wnmsleep_ie->action_type == WNM_SLEEP_MODE_EXIT &&
- sta && wpa_auth_uses_ocv(sta->wpa_sm)) {
- struct wpa_channel_info ci;
-
- if (hostapd_drv_channel_info(hapd, &ci) != 0) {
- wpa_printf(MSG_WARNING,
- "Failed to get channel info to validate received OCI in WNM-Sleep Mode frame");
- return;
- }
-
- if (ocv_verify_tx_params(oci_ie, oci_ie_len, &ci,
- channel_width_to_int(ci.chanwidth),
- ci.seg1_idx) != 0) {
- wpa_msg(hapd, MSG_WARNING, "WNM: %s", ocv_errorstr);
- return;
- }
- }
-#endif /* CONFIG_OCV */
-
if (wnmsleep_ie->action_type == WNM_SLEEP_MODE_ENTER &&
tfsreq_ie_start && tfsreq_ie_end &&
tfsreq_ie_end - tfsreq_ie_start >= 0) {
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 8e2b48e..34969e7 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -13,7 +13,6 @@
#include "utils/state_machine.h"
#include "utils/bitfield.h"
#include "common/ieee802_11_defs.h"
-#include "common/ocv.h"
#include "crypto/aes.h"
#include "crypto/aes_wrap.h"
#include "crypto/aes_siv.h"
@@ -23,7 +22,6 @@
#include "crypto/sha384.h"
#include "crypto/random.h"
#include "eapol_auth/eapol_auth_sm.h"
-#include "drivers/driver.h"
#include "ap_config.h"
#include "ieee802_11.h"
#include "wpa_auth.h"
@@ -240,17 +238,6 @@
}
-#ifdef CONFIG_OCV
-static int wpa_channel_info(struct wpa_authenticator *wpa_auth,
- struct wpa_channel_info *ci)
-{
- if (!wpa_auth->cb->channel_info)
- return -1;
- return wpa_auth->cb->channel_info(wpa_auth->cb_ctx, ci);
-}
-#endif /* CONFIG_OCV */
-
-
static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx)
{
struct wpa_authenticator *wpa_auth = eloop_ctx;
@@ -873,8 +860,6 @@
if (wpa_verify_key_mic(sm->wpa_key_mgmt, pmk_len, &PTK,
data, data_len) == 0) {
- os_memcpy(sm->PMK, pmk, pmk_len);
- sm->pmk_len = pmk_len;
ok = 1;
break;
}
@@ -2574,27 +2559,6 @@
wpabuf_put(plain, tmp2 - tmp);
*len = (u8 *) wpabuf_put(plain, 0) - len - 1;
-
-#ifdef CONFIG_OCV
- if (wpa_auth_uses_ocv(sm)) {
- struct wpa_channel_info ci;
- u8 *pos;
-
- if (wpa_channel_info(sm->wpa_auth, &ci) != 0) {
- wpa_printf(MSG_WARNING,
- "FILS: Failed to get channel info for OCI element");
- wpabuf_free(plain);
- return NULL;
- }
-
- pos = wpabuf_put(plain, OCV_OCI_EXTENDED_LEN);
- if (ocv_insert_extended_oci(&ci, pos) < 0) {
- wpabuf_free(plain);
- return NULL;
- }
- }
-#endif /* CONFIG_OCV */
-
return plain;
}
@@ -2660,21 +2624,6 @@
#endif /* CONFIG_FILS */
-#ifdef CONFIG_OCV
-int get_sta_tx_parameters(struct wpa_state_machine *sm, int ap_max_chanwidth,
- int ap_seg1_idx, int *bandwidth, int *seg1_idx)
-{
- struct wpa_authenticator *wpa_auth = sm->wpa_auth;
-
- if (!wpa_auth->cb->get_sta_tx_params)
- return -1;
- return wpa_auth->cb->get_sta_tx_params(wpa_auth->cb_ctx, sm->addr,
- ap_max_chanwidth, ap_seg1_idx,
- bandwidth, seg1_idx);
-}
-#endif /* CONFIG_OCV */
-
-
SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
{
struct wpa_authenticator *wpa_auth = sm->wpa_auth;
@@ -2726,8 +2675,6 @@
wpa_verify_key_mic(sm->wpa_key_mgmt, pmk_len, &PTK,
sm->last_rx_eapol_key,
sm->last_rx_eapol_key_len) == 0) {
- os_memcpy(sm->PMK, pmk, pmk_len);
- sm->pmk_len = pmk_len;
ok = 1;
break;
}
@@ -2799,32 +2746,6 @@
WLAN_REASON_PREV_AUTH_NOT_VALID);
return;
}
-#ifdef CONFIG_OCV
- if (wpa_auth_uses_ocv(sm)) {
- struct wpa_channel_info ci;
- int tx_chanwidth;
- int tx_seg1_idx;
-
- if (wpa_channel_info(wpa_auth, &ci) != 0) {
- wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
- "Failed to get channel info to validate received OCI in EAPOL-Key 2/4");
- return;
- }
-
- if (get_sta_tx_parameters(sm,
- channel_width_to_int(ci.chanwidth),
- ci.seg1_idx, &tx_chanwidth,
- &tx_seg1_idx) < 0)
- return;
-
- if (ocv_verify_tx_params(kde.oci, kde.oci_len, &ci,
- tx_chanwidth, tx_seg1_idx) != 0) {
- wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
- ocv_errorstr);
- return;
- }
- }
-#endif /* CONFIG_OCV */
#ifdef CONFIG_IEEE80211R_AP
if (ft && ft_check_msg_2_of_4(wpa_auth, sm, &kde) < 0) {
wpa_sta_disconnect(wpa_auth, sm->addr,
@@ -2962,36 +2883,6 @@
#endif /* CONFIG_IEEE80211W */
-static int ocv_oci_len(struct wpa_state_machine *sm)
-{
-#ifdef CONFIG_OCV
- if (wpa_auth_uses_ocv(sm))
- return OCV_OCI_KDE_LEN;
-#endif /* CONFIG_OCV */
- return 0;
-}
-
-static int ocv_oci_add(struct wpa_state_machine *sm, u8 **argpos)
-{
-#ifdef CONFIG_OCV
- struct wpa_channel_info ci;
-
- if (!wpa_auth_uses_ocv(sm))
- return 0;
-
- if (wpa_channel_info(sm->wpa_auth, &ci) != 0) {
- wpa_printf(MSG_WARNING,
- "Failed to get channel info for OCI element");
- return -1;
- }
-
- return ocv_insert_oci_kde(&ci, argpos);
-#else /* CONFIG_OCV */
- return 0;
-#endif /* CONFIG_OCV */
-}
-
-
SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
{
u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde, *pos, dummy_gtk[32];
@@ -3075,7 +2966,7 @@
}
}
- kde_len = wpa_ie_len + ieee80211w_kde_len(sm) + ocv_oci_len(sm);
+ kde_len = wpa_ie_len + ieee80211w_kde_len(sm);
if (gtk)
kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len;
#ifdef CONFIG_IEEE80211R_AP
@@ -3120,10 +3011,6 @@
gtk, gtk_len);
}
pos = ieee80211w_kde_add(sm, pos);
- if (ocv_oci_add(sm, &pos) < 0) {
- os_free(kde);
- return;
- }
#ifdef CONFIG_IEEE80211R_AP
if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
@@ -3435,7 +3322,7 @@
}
if (sm->wpa == WPA_VERSION_WPA2) {
kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len +
- ieee80211w_kde_len(sm) + ocv_oci_len(sm);
+ ieee80211w_kde_len(sm);
kde_buf = os_malloc(kde_len);
if (kde_buf == NULL)
return;
@@ -3446,10 +3333,6 @@
pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
gtk, gsm->GTK_len);
pos = ieee80211w_kde_add(sm, pos);
- if (ocv_oci_add(sm, &pos) < 0) {
- os_free(kde_buf);
- return;
- }
kde_len = pos - kde;
} else {
kde = gtk;
@@ -3470,67 +3353,8 @@
SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
{
-#ifdef CONFIG_OCV
- struct wpa_authenticator *wpa_auth = sm->wpa_auth;
- const u8 *key_data, *mic;
- struct ieee802_1x_hdr *hdr;
- struct wpa_eapol_key *key;
- struct wpa_eapol_ie_parse kde;
- size_t mic_len;
- u16 key_data_length;
-#endif /* CONFIG_OCV */
-
SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group);
sm->EAPOLKeyReceived = FALSE;
-
-#ifdef CONFIG_OCV
- mic_len = wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len);
-
- /*
- * Note: last_rx_eapol_key length fields have already been validated in
- * wpa_receive().
- */
- hdr = (struct ieee802_1x_hdr *) sm->last_rx_eapol_key;
- key = (struct wpa_eapol_key *) (hdr + 1);
- mic = (u8 *) (key + 1);
- key_data = mic + mic_len + 2;
- key_data_length = WPA_GET_BE16(mic + mic_len);
- if (key_data_length > sm->last_rx_eapol_key_len - sizeof(*hdr) -
- sizeof(*key) - mic_len - 2)
- return;
-
- if (wpa_parse_kde_ies(key_data, key_data_length, &kde) < 0) {
- wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
- "received EAPOL-Key group msg 2/2 with invalid Key Data contents");
- return;
- }
-
- if (wpa_auth_uses_ocv(sm)) {
- struct wpa_channel_info ci;
- int tx_chanwidth;
- int tx_seg1_idx;
-
- if (wpa_channel_info(wpa_auth, &ci) != 0) {
- wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
- "Failed to get channel info to validate received OCI in EAPOL-Key group 1/2");
- return;
- }
-
- if (get_sta_tx_parameters(sm,
- channel_width_to_int(ci.chanwidth),
- ci.seg1_idx, &tx_chanwidth,
- &tx_seg1_idx) < 0)
- return;
-
- if (ocv_verify_tx_params(kde.oci, kde.oci_len, &ci,
- tx_chanwidth, tx_seg1_idx) != 0) {
- wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
- ocv_errorstr);
- return;
- }
- }
-#endif /* CONFIG_OCV */
-
if (sm->GUpdateStationKeys)
sm->group->GKeyDoneStations--;
sm->GUpdateStationKeys = FALSE;
@@ -4139,15 +3963,6 @@
}
-const u8 * wpa_auth_get_pmk(struct wpa_state_machine *sm, int *len)
-{
- if (!sm)
- return NULL;
- *len = sm->pmk_len;
- return sm->PMK;
-}
-
-
int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm)
{
if (sm == NULL)
@@ -4851,7 +4666,7 @@
}
}
- kde_len = wpa_ie_len + ieee80211w_kde_len(sm) + ocv_oci_len(sm);
+ kde_len = wpa_ie_len + ieee80211w_kde_len(sm);
if (gtk)
kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len;
#ifdef CONFIG_IEEE80211R_AP
@@ -4900,10 +4715,6 @@
os_memset(opos, 0, 6); /* clear PN */
}
#endif /* CONFIG_IEEE80211W */
- if (ocv_oci_add(sm, &pos) < 0) {
- os_free(kde);
- return -1;
- }
#ifdef CONFIG_IEEE80211R_AP
if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
@@ -4985,7 +4796,7 @@
gtk = gsm->GTK[gsm->GN - 1];
if (sm->wpa == WPA_VERSION_WPA2) {
kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len +
- ieee80211w_kde_len(sm) + ocv_oci_len(sm);
+ ieee80211w_kde_len(sm);
kde_buf = os_malloc(kde_len);
if (kde_buf == NULL)
return -1;
@@ -5005,10 +4816,6 @@
os_memset(opos, 0, 6); /* clear PN */
}
#endif /* CONFIG_IEEE80211W */
- if (ocv_oci_add(sm, &pos) < 0) {
- os_free(kde_buf);
- return -1;
- }
kde_len = pos - kde;
} else {
kde = gtk;
diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index e61648d..fad5536 100644
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -145,7 +145,6 @@
struct rsn_pmksa_cache_entry;
struct eapol_state_machine;
struct ft_remote_seq;
-struct wpa_channel_info;
struct ft_remote_r0kh {
@@ -192,9 +191,6 @@
int group_mgmt_cipher;
int sae_require_mfp;
#endif /* CONFIG_IEEE80211W */
-#ifdef CONFIG_OCV
- int ocv; /* Operating Channel Validation */
-#endif /* CONFIG_OCV */
#ifdef CONFIG_IEEE80211R_AP
u8 ssid[SSID_MAX_LEN];
size_t ssid_len;
@@ -269,10 +265,6 @@
size_t data_len);
int (*send_oui)(void *ctx, const u8 *dst, u8 oui_suffix, const u8 *data,
size_t data_len);
- int (*channel_info)(void *ctx, struct wpa_channel_info *ci);
- int (*get_sta_tx_params)(void *ctx, const u8 *addr,
- int ap_max_chanwidth, int ap_seg1_idx,
- int *bandwidth, int *seg1_idx);
#ifdef CONFIG_IEEE80211R_AP
struct wpa_state_machine * (*add_sta)(void *ctx, const u8 *sta_addr);
int (*set_vlan)(void *ctx, const u8 *sta_addr,
@@ -324,8 +316,6 @@
struct wpa_state_machine *sm,
const u8 *osen_ie, size_t osen_ie_len);
int wpa_auth_uses_mfp(struct wpa_state_machine *sm);
-void wpa_auth_set_ocv(struct wpa_state_machine *sm, int ocv);
-int wpa_auth_uses_ocv(struct wpa_state_machine *sm);
struct wpa_state_machine *
wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr,
const u8 *p2p_dev_addr);
@@ -349,7 +339,6 @@
void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth);
int wpa_auth_pairwise_set(struct wpa_state_machine *sm);
int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
-const u8 * wpa_auth_get_pmk(struct wpa_state_machine *sm, int *len);
int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
@@ -460,9 +449,6 @@
int wpa_fils_validate_key_confirm(struct wpa_state_machine *sm, const u8 *ies,
size_t ies_len);
-int get_sta_tx_parameters(struct wpa_state_machine *sm, int ap_max_chanwidth,
- int ap_seg1_idx, int *bandwidth, int *seg1_idx);
-
int wpa_auth_write_fte(struct wpa_authenticator *wpa_auth, int use_sha384,
u8 *buf, size_t len);
void wpa_auth_get_fils_aead_params(struct wpa_state_machine *sm,
diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
index ac736f0..e8d46ab 100644
--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
@@ -13,8 +13,6 @@
#include "utils/list.h"
#include "common/ieee802_11_defs.h"
#include "common/ieee802_11_common.h"
-#include "common/ocv.h"
-#include "drivers/driver.h"
#include "crypto/aes.h"
#include "crypto/aes_siv.h"
#include "crypto/aes_wrap.h"
@@ -729,17 +727,6 @@
}
-#ifdef CONFIG_OCV
-static int wpa_channel_info(struct wpa_authenticator *wpa_auth,
- struct wpa_channel_info *ci)
-{
- if (!wpa_auth->cb->channel_info)
- return -1;
- return wpa_auth->cb->channel_info(wpa_auth->cb_ctx, ci);
-}
-#endif /* CONFIG_OCV */
-
-
int wpa_write_mdie(struct wpa_auth_config *conf, u8 *buf, size_t len)
{
u8 *pos = buf;
@@ -1464,7 +1451,7 @@
now.sec;
else if (session_timeout && r1->session_timeout)
*session_timeout = 1;
- else if (session_timeout)
+ else
*session_timeout = 0;
return 0;
}
@@ -2443,35 +2430,6 @@
os_free(igtk);
}
#endif /* CONFIG_IEEE80211W */
-#ifdef CONFIG_OCV
- if (wpa_auth_uses_ocv(sm)) {
- struct wpa_channel_info ci;
- u8 *nbuf, *ocipos;
-
- if (wpa_channel_info(sm->wpa_auth, &ci) != 0) {
- wpa_printf(MSG_WARNING,
- "Failed to get channel info for OCI element");
- os_free(subelem);
- return NULL;
- }
-
- subelem_len += 2 + OCV_OCI_LEN;
- nbuf = os_realloc(subelem, subelem_len);
- if (!nbuf) {
- os_free(subelem);
- return NULL;
- }
- subelem = nbuf;
-
- ocipos = subelem + subelem_len - 2 - OCV_OCI_LEN;
- *ocipos++ = FTIE_SUBELEM_OCI;
- *ocipos++ = OCV_OCI_LEN;
- if (ocv_insert_oci(&ci, &ocipos) < 0) {
- os_free(subelem);
- return NULL;
- }
- }
-#endif /* CONFIG_OCV */
} else {
r0kh_id = conf->r0_key_holder;
r0kh_id_len = conf->r0_key_holder_len;
@@ -2638,8 +2596,6 @@
os_memcpy(out_pmk_r1, pmk_r1, PMK_LEN);
if (out_pairwise)
*out_pairwise = pairwise;
- os_memcpy(sm->PMK, pmk, PMK_LEN);
- sm->pmk_len = PMK_LEN;
if (out_vlan &&
wpa_ft_get_vlan(sm->wpa_auth, sm->addr, out_vlan) < 0) {
wpa_printf(MSG_DEBUG, "FT: vlan not available for STA "
@@ -3222,32 +3178,6 @@
return WLAN_STATUS_INVALID_FTIE;
}
-#ifdef CONFIG_OCV
- if (wpa_auth_uses_ocv(sm)) {
- struct wpa_channel_info ci;
- int tx_chanwidth;
- int tx_seg1_idx;
-
- if (wpa_channel_info(sm->wpa_auth, &ci) != 0) {
- wpa_printf(MSG_WARNING,
- "Failed to get channel info to validate received OCI in (Re)Assoc Request");
- return WLAN_STATUS_UNSPECIFIED_FAILURE;
- }
-
- if (get_sta_tx_parameters(sm,
- channel_width_to_int(ci.chanwidth),
- ci.seg1_idx, &tx_chanwidth,
- &tx_seg1_idx) < 0)
- return WLAN_STATUS_UNSPECIFIED_FAILURE;
-
- if (ocv_verify_tx_params(parse.oci, parse.oci_len, &ci,
- tx_chanwidth, tx_seg1_idx) != 0) {
- wpa_printf(MSG_WARNING, "%s", ocv_errorstr);
- return WLAN_STATUS_UNSPECIFIED_FAILURE;
- }
- }
-#endif /* CONFIG_OCV */
-
return WLAN_STATUS_SUCCESS;
}
diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index 9091f43..8127403 100644
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -27,7 +27,6 @@
#include "tkip_countermeasures.h"
#include "ap_drv_ops.h"
#include "ap_config.h"
-#include "ieee802_11.h"
#include "pmksa_cache_auth.h"
#include "wpa_auth.h"
#include "wpa_auth_glue.h"
@@ -56,9 +55,6 @@
wconf->wmm_enabled = conf->wmm_enabled;
wconf->wmm_uapsd = conf->wmm_uapsd;
wconf->disable_pmksa_caching = conf->disable_pmksa_caching;
-#ifdef CONFIG_OCV
- wconf->ocv = conf->ocv;
-#endif /* CONFIG_OCV */
wconf->okc = conf->okc;
#ifdef CONFIG_IEEE80211W
wconf->ieee80211w = conf->ieee80211w;
@@ -780,35 +776,6 @@
}
-static int hostapd_channel_info(void *ctx, struct wpa_channel_info *ci)
-{
- struct hostapd_data *hapd = ctx;
-
- return hostapd_drv_channel_info(hapd, ci);
-}
-
-
-#ifdef CONFIG_OCV
-static int hostapd_get_sta_tx_params(void *ctx, const u8 *addr,
- int ap_max_chanwidth, int ap_seg1_idx,
- int *bandwidth, int *seg1_idx)
-{
- struct hostapd_data *hapd = ctx;
- struct sta_info *sta;
-
- sta = ap_get_sta(hapd, addr);
- if (!sta) {
- hostapd_wpa_auth_logger(hapd, addr, LOGGER_INFO,
- "Failed to get STA info to validate received OCI");
- return -1;
- }
-
- return get_tx_parameters(sta, ap_max_chanwidth, ap_seg1_idx, bandwidth,
- seg1_idx);
-}
-#endif /* CONFIG_OCV */
-
-
#ifdef CONFIG_IEEE80211R_AP
static int hostapd_wpa_auth_send_ft_action(void *ctx, const u8 *dst,
@@ -847,18 +814,12 @@
struct hostapd_data *hapd = ctx;
struct sta_info *sta;
- wpa_printf(MSG_DEBUG, "Add station entry for " MACSTR
- " based on WPA authenticator callback",
- MAC2STR(sta_addr));
if (hostapd_add_sta_node(hapd, sta_addr, WLAN_AUTH_FT) < 0)
return NULL;
sta = ap_sta_add(hapd, sta_addr);
if (sta == NULL)
return NULL;
- if (hapd->driver && hapd->driver->add_sta_node)
- sta->added_unassoc = 1;
- sta->ft_over_ds = 1;
if (sta->wpa_sm) {
sta->auth_alg = WLAN_AUTH_FT;
return sta->wpa_sm;
@@ -1228,10 +1189,6 @@
.for_each_auth = hostapd_wpa_auth_for_each_auth,
.send_ether = hostapd_wpa_auth_send_ether,
.send_oui = hostapd_wpa_auth_send_oui,
- .channel_info = hostapd_channel_info,
-#ifdef CONFIG_OCV
- .get_sta_tx_params = hostapd_get_sta_tx_params,
-#endif /* CONFIG_OCV */
#ifdef CONFIG_IEEE80211R_AP
.send_ft_action = hostapd_wpa_auth_send_ft_action,
.add_sta = hostapd_wpa_auth_add_sta,
diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
index a349304..b1cea1b 100644
--- a/src/ap/wpa_auth_i.h
+++ b/src/ap/wpa_auth_i.h
@@ -92,9 +92,6 @@
#endif /* CONFIG_IEEE80211R_AP */
unsigned int is_wnmsleep:1;
unsigned int pmkid_set:1;
-#ifdef CONFIG_OCV
- unsigned int ocv_enabled:1;
-#endif /* CONFIG_OCV */
u8 req_replay_counter[WPA_REPLAY_COUNTER_LEN];
int req_replay_counter_used;
diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c
index 3bcbef7..253fe6e 100644
--- a/src/ap/wpa_auth_ie.c
+++ b/src/ap/wpa_auth_ie.c
@@ -293,13 +293,9 @@
capab |= WPA_CAPABILITY_MFPR;
}
#endif /* CONFIG_IEEE80211W */
-#ifdef CONFIG_OCV
- if (conf->ocv)
- capab |= WPA_CAPABILITY_OCVC;
-#endif /* CONFIG_OCV */
#ifdef CONFIG_RSN_TESTING
if (rsn_testing)
- capab |= BIT(8) | BIT(15);
+ capab |= BIT(8) | BIT(14) | BIT(15);
#endif /* CONFIG_RSN_TESTING */
WPA_PUT_LE16(pos, capab);
pos += 2;
@@ -418,10 +414,6 @@
capab |= WPA_CAPABILITY_MFPR;
}
#endif /* CONFIG_IEEE80211W */
-#ifdef CONFIG_OCV
- if (conf->ocv)
- capab |= WPA_CAPABILITY_OCVC;
-#endif /* CONFIG_OCV */
WPA_PUT_LE16(eid, capab);
eid += 2;
@@ -561,19 +553,6 @@
if (version == WPA_PROTO_RSN) {
res = wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, &data);
- if (wpa_key_mgmt_ft(data.key_mgmt) && !mdie &&
- !wpa_key_mgmt_only_ft(data.key_mgmt)) {
- /* Workaround for some HP and Epson printers that seem
- * to incorrectly copy the FT-PSK + WPA-PSK AKMs from AP
- * advertised RSNE to Association Request frame. */
- wpa_printf(MSG_DEBUG,
- "RSN: FT set in RSNE AKM but MDE is missing from "
- MACSTR
- " - ignore FT AKM(s) because there's also a non-FT AKM",
- MAC2STR(sm->addr));
- data.key_mgmt &= ~WPA_KEY_MGMT_FT;
- }
-
selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
if (0) {
}
@@ -781,17 +760,6 @@
}
#endif /* CONFIG_SAE */
-#ifdef CONFIG_OCV
- if ((data.capabilities & WPA_CAPABILITY_OCVC) &&
- !(data.capabilities & WPA_CAPABILITY_MFPC)) {
- wpa_printf(MSG_DEBUG,
- "Management frame protection required with OCV, but client did not enable it");
- return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
- }
- wpa_auth_set_ocv(sm, wpa_auth->conf.ocv &&
- (data.capabilities & WPA_CAPABILITY_OCVC));
-#endif /* CONFIG_OCV */
-
if (wpa_auth->conf.ieee80211w == NO_MGMT_FRAME_PROTECTION ||
!(data.capabilities & WPA_CAPABILITY_MFPC))
sm->mgmt_frame_prot = 0;
@@ -1027,15 +995,6 @@
}
#endif /* CONFIG_P2P */
-#ifdef CONFIG_OCV
- if (pos[1] > RSN_SELECTOR_LEN + 2 &&
- RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_OCI) {
- ie->oci = pos + 2 + RSN_SELECTOR_LEN;
- ie->oci_len = pos[1] - RSN_SELECTOR_LEN;
- return 0;
- }
-#endif /* CONFIG_OCV */
-
return 0;
}
@@ -1103,34 +1062,13 @@
}
-#ifdef CONFIG_OCV
-
-void wpa_auth_set_ocv(struct wpa_state_machine *sm, int ocv)
-{
- if (sm)
- sm->ocv_enabled = ocv;
-}
-
-
-int wpa_auth_uses_ocv(struct wpa_state_machine *sm)
-{
- return sm ? sm->ocv_enabled : 0;
-}
-
-#endif /* CONFIG_OCV */
-
-
#ifdef CONFIG_OWE
u8 * wpa_auth_write_assoc_resp_owe(struct wpa_state_machine *sm,
u8 *pos, size_t max_len,
const u8 *req_ies, size_t req_ies_len)
{
int res;
- struct wpa_auth_config *conf;
-
- if (!sm)
- return pos;
- conf = &sm->wpa_auth->conf;
+ struct wpa_auth_config *conf = &sm->wpa_auth->conf;
#ifdef CONFIG_TESTING_OPTIONS
if (conf->own_ie_override_len) {
@@ -1144,7 +1082,7 @@
}
#endif /* CONFIG_TESTING_OPTIONS */
- res = wpa_write_rsn_ie(conf, pos, max_len,
+ res = wpa_write_rsn_ie(&sm->wpa_auth->conf, pos, max_len,
sm->pmksa ? sm->pmksa->pmkid : NULL);
if (res < 0)
return pos;
diff --git a/src/ap/wpa_auth_ie.h b/src/ap/wpa_auth_ie.h
index a38b206..73e4333 100644
--- a/src/ap/wpa_auth_ie.h
+++ b/src/ap/wpa_auth_ie.h
@@ -33,10 +33,6 @@
const u8 *ip_addr_req;
const u8 *ip_addr_alloc;
#endif /* CONFIG_P2P */
-#ifdef CONFIG_OCV
- const u8 *oci;
- size_t oci_len;
-#endif /* CONFIG_OCV */
const u8 *osen;
size_t osen_len;
diff --git a/src/common/defs.h b/src/common/defs.h
index 4faf1c8..c968cd6 100644
--- a/src/common/defs.h
+++ b/src/common/defs.h
@@ -59,13 +59,6 @@
#define WPA_KEY_MGMT_DPP BIT(23)
#define WPA_KEY_MGMT_FT_IEEE8021X_SHA384 BIT(24)
-#define WPA_KEY_MGMT_FT (WPA_KEY_MGMT_FT_PSK | \
- WPA_KEY_MGMT_FT_IEEE8021X | \
- WPA_KEY_MGMT_FT_IEEE8021X_SHA384 | \
- WPA_KEY_MGMT_FT_SAE | \
- WPA_KEY_MGMT_FT_FILS_SHA256 | \
- WPA_KEY_MGMT_FT_FILS_SHA384)
-
static inline int wpa_key_mgmt_wpa_ieee8021x(int akm)
{
return !!(akm & (WPA_KEY_MGMT_IEEE8021X |
@@ -93,14 +86,12 @@
static inline int wpa_key_mgmt_ft(int akm)
{
- return !!(akm & WPA_KEY_MGMT_FT);
-}
-
-static inline int wpa_key_mgmt_only_ft(int akm)
-{
- int ft = wpa_key_mgmt_ft(akm);
- akm &= ~WPA_KEY_MGMT_FT;
- return ft && !akm;
+ return !!(akm & (WPA_KEY_MGMT_FT_PSK |
+ WPA_KEY_MGMT_FT_IEEE8021X |
+ WPA_KEY_MGMT_FT_IEEE8021X_SHA384 |
+ WPA_KEY_MGMT_FT_SAE |
+ WPA_KEY_MGMT_FT_FILS_SHA256 |
+ WPA_KEY_MGMT_FT_FILS_SHA384));
}
static inline int wpa_key_mgmt_ft_psk(int akm)
@@ -408,15 +399,4 @@
#define OCE_STA_CFON BIT(1)
#define OCE_AP BIT(2)
-/* enum chan_width - Channel width definitions */
-enum chan_width {
- CHAN_WIDTH_20_NOHT,
- CHAN_WIDTH_20,
- CHAN_WIDTH_40,
- CHAN_WIDTH_80,
- CHAN_WIDTH_80P80,
- CHAN_WIDTH_160,
- CHAN_WIDTH_UNKNOWN
-};
-
#endif /* DEFS_H */
diff --git a/src/common/dpp.c b/src/common/dpp.c
index bcb694b..677f586 100644
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -813,9 +813,7 @@
const unsigned char *pk;
int ppklen;
X509_ALGOR *pa;
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
- (defined(LIBRESSL_VERSION_NUMBER) && \
- LIBRESSL_VERSION_NUMBER < 0x20800000L)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
ASN1_OBJECT *pa_oid;
#else
const ASN1_OBJECT *pa_oid;
@@ -2856,7 +2854,7 @@
i_pubkey_hash = test_hash;
} else if (dpp_test == DPP_TEST_NO_STATUS_AUTH_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no Status");
- status = 255;
+ status = -1;
} else if (dpp_test == DPP_TEST_NO_I_NONCE_AUTH_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no I-nonce");
i_nonce = NULL;
@@ -3459,7 +3457,7 @@
}
#endif /* CONFIG_TESTING_OPTIONS */
- if (!auth->initiator || !auth->peer_bi) {
+ if (!auth->initiator) {
dpp_auth_fail(auth, "Unexpected Authentication Response");
return NULL;
}
@@ -3640,7 +3638,7 @@
goto fail;
}
- if (auth->own_bi) {
+ if (auth->own_bi && auth->peer_bi) {
/* Mutual authentication */
if (dpp_auth_derive_l_initiator(auth) < 0)
goto fail;
@@ -3848,7 +3846,7 @@
}
#endif /* CONFIG_TESTING_OPTIONS */
- if (auth->initiator || !auth->own_bi) {
+ if (auth->initiator) {
dpp_auth_fail(auth, "Unexpected Authentication Confirm");
return -1;
}
@@ -3906,7 +3904,7 @@
"Initiator Bootstrapping Key Hash mismatch");
return -1;
}
- } else if (auth->peer_bi) {
+ } else if (auth->own_bi && auth->peer_bi) {
/* Mutual authentication and peer did not include its
* Bootstrapping Key Hash attribute. */
dpp_auth_fail(auth,
@@ -4759,7 +4757,7 @@
goto fail;
}
if (os_strcmp(token->string, "EC") != 0) {
- wpa_printf(MSG_DEBUG, "DPP: Unexpected JWK kty '%s'",
+ wpa_printf(MSG_DEBUG, "DPP: Unexpected JWK kty '%s",
token->string);
goto fail;
}
@@ -6588,32 +6586,6 @@
}
-static int dpp_pkex_identifier_match(const u8 *attr_id, u16 attr_id_len,
- const char *identifier)
-{
- if (!attr_id && identifier) {
- wpa_printf(MSG_DEBUG,
- "DPP: No PKEX code identifier received, but expected one");
- return 0;
- }
-
- if (attr_id && !identifier) {
- wpa_printf(MSG_DEBUG,
- "DPP: PKEX code identifier received, but not expecting one");
- return 0;
- }
-
- if (attr_id && identifier &&
- (os_strlen(identifier) != attr_id_len ||
- os_memcmp(identifier, attr_id, attr_id_len) != 0)) {
- wpa_printf(MSG_DEBUG, "DPP: PKEX code identifier mismatch");
- return 0;
- }
-
- return 1;
-}
-
-
struct dpp_pkex * dpp_pkex_rx_exchange_req(void *msg_ctx,
struct dpp_bootstrap_info *bi,
const u8 *own_mac,
@@ -6658,11 +6630,19 @@
}
#endif /* CONFIG_TESTING_OPTIONS */
- attr_id_len = 0;
attr_id = dpp_get_attr(buf, len, DPP_ATTR_CODE_IDENTIFIER,
&attr_id_len);
- if (!dpp_pkex_identifier_match(attr_id, attr_id_len, identifier))
+ if (!attr_id && identifier) {
+ wpa_printf(MSG_DEBUG,
+ "DPP: No PKEX code identifier received, but expected one");
return NULL;
+ }
+ if (attr_id && identifier &&
+ (os_strlen(identifier) != attr_id_len ||
+ os_memcmp(identifier, attr_id, attr_id_len) != 0)) {
+ wpa_printf(MSG_DEBUG, "DPP: PKEX code identifier mismatch");
+ return NULL;
+ }
attr_group = dpp_get_attr(buf, len, DPP_ATTR_FINITE_CYCLIC_GROUP,
&attr_group_len);
@@ -7034,11 +7014,16 @@
return NULL;
}
- attr_id_len = 0;
attr_id = dpp_get_attr(buf, buflen, DPP_ATTR_CODE_IDENTIFIER,
&attr_id_len);
- if (!dpp_pkex_identifier_match(attr_id, attr_id_len,
- pkex->identifier)) {
+ if (!attr_id && pkex->identifier) {
+ wpa_printf(MSG_DEBUG,
+ "DPP: No PKEX code identifier received, but expected one");
+ return NULL;
+ }
+ if (attr_id && pkex->identifier &&
+ (os_strlen(pkex->identifier) != attr_id_len ||
+ os_memcmp(pkex->identifier, attr_id, attr_id_len) != 0)) {
dpp_pkex_fail(pkex, "PKEX code identifier mismatch");
return NULL;
}
diff --git a/src/common/gas_server.c b/src/common/gas_server.c
index ca46758..b258675 100644
--- a/src/common/gas_server.c
+++ b/src/common/gas_server.c
@@ -97,10 +97,8 @@
return;
response = os_zalloc(sizeof(*response));
- if (!response) {
- wpabuf_free(query_resp);
+ if (!response)
return;
- }
wpa_printf(MSG_DEBUG, "DPP: Allocated GAS response @%p", response);
response->freq = freq;
response->handler = handler;
@@ -121,7 +119,6 @@
handler->adv_proto_id_len +
resp_frag_len);
if (!resp) {
- wpabuf_free(query_resp);
gas_server_free_response(response);
return;
}
@@ -260,7 +257,6 @@
handler->adv_proto_id_len +
resp_frag_len);
if (!resp) {
- dl_list_del(&response->list);
gas_server_free_response(response);
return;
}
diff --git a/src/common/hw_features_common.c b/src/common/hw_features_common.c
index 49ed806..db40379 100644
--- a/src/common/hw_features_common.c
+++ b/src/common/hw_features_common.c
@@ -87,29 +87,13 @@
int allowed_ht40_channel_pair(struct hostapd_hw_modes *mode, int pri_chan,
int sec_chan)
{
- int ok, first;
+ int ok, j, first;
int allowed[] = { 36, 44, 52, 60, 100, 108, 116, 124, 132, 140,
149, 157, 165, 184, 192 };
size_t k;
- struct hostapd_channel_data *p_chan, *s_chan;
- const int ht40_plus = pri_chan < sec_chan;
- p_chan = hw_get_channel_chan(mode, pri_chan, NULL);
- if (!p_chan)
- return 0;
-
- if (pri_chan == sec_chan || !sec_chan) {
- if (chan_pri_allowed(p_chan))
- return 1; /* HT40 not used */
-
- wpa_printf(MSG_ERROR, "Channel %d is not allowed as primary",
- pri_chan);
- return 0;
- }
-
- s_chan = hw_get_channel_chan(mode, sec_chan, NULL);
- if (!s_chan)
- return 0;
+ if (pri_chan == sec_chan || !sec_chan)
+ return 1; /* HT40 not used */
wpa_printf(MSG_DEBUG,
"HT40: control channel: %d secondary channel: %d",
@@ -117,9 +101,16 @@
/* Verify that HT40 secondary channel is an allowed 20 MHz
* channel */
- if ((s_chan->flag & HOSTAPD_CHAN_DISABLED) ||
- (ht40_plus && !(p_chan->allowed_bw & HOSTAPD_CHAN_WIDTH_40P)) ||
- (!ht40_plus && !(p_chan->allowed_bw & HOSTAPD_CHAN_WIDTH_40M))) {
+ ok = 0;
+ for (j = 0; j < mode->num_channels; j++) {
+ struct hostapd_channel_data *chan = &mode->channels[j];
+ if (!(chan->flag & HOSTAPD_CHAN_DISABLED) &&
+ chan->chan == sec_chan) {
+ ok = 1;
+ break;
+ }
+ }
+ if (!ok) {
wpa_printf(MSG_ERROR, "HT40 secondary channel %d not allowed",
sec_chan);
return 0;
@@ -562,59 +553,3 @@
}
#endif /* CONFIG_IEEE80211AC */
-
-
-u32 num_chan_to_bw(int num_chans)
-{
- switch (num_chans) {
- case 2:
- case 4:
- case 8:
- return num_chans * 20;
- default:
- return 20;
- }
-}
-
-
-/* check if BW is applicable for channel */
-int chan_bw_allowed(const struct hostapd_channel_data *chan, u32 bw,
- int ht40_plus, int pri)
-{
- u32 bw_mask;
-
- switch (bw) {
- case 20:
- bw_mask = HOSTAPD_CHAN_WIDTH_20;
- break;
- case 40:
- /* HT 40 MHz support declared only for primary channel,
- * just skip 40 MHz secondary checking */
- if (pri && ht40_plus)
- bw_mask = HOSTAPD_CHAN_WIDTH_40P;
- else if (pri && !ht40_plus)
- bw_mask = HOSTAPD_CHAN_WIDTH_40M;
- else
- bw_mask = 0;
- break;
- case 80:
- bw_mask = HOSTAPD_CHAN_WIDTH_80;
- break;
- case 160:
- bw_mask = HOSTAPD_CHAN_WIDTH_160;
- break;
- default:
- bw_mask = 0;
- break;
- }
-
- return (chan->allowed_bw & bw_mask) == bw_mask;
-}
-
-
-/* check if channel is allowed to be used as primary */
-int chan_pri_allowed(const struct hostapd_channel_data *chan)
-{
- return !(chan->flag & HOSTAPD_CHAN_DISABLED) &&
- (chan->allowed_bw & HOSTAPD_CHAN_WIDTH_20);
-}
diff --git a/src/common/hw_features_common.h b/src/common/hw_features_common.h
index eb1f1c5..9cddbd5 100644
--- a/src/common/hw_features_common.h
+++ b/src/common/hw_features_common.h
@@ -39,9 +39,4 @@
int disabled);
int ieee80211ac_cap_check(u32 hw, u32 conf);
-u32 num_chan_to_bw(int num_chans);
-int chan_bw_allowed(const struct hostapd_channel_data *chan, u32 bw,
- int ht40_plus, int pri);
-int chan_pri_allowed(const struct hostapd_channel_data *chan);
-
#endif /* HW_FEATURES_COMMON_H */
diff --git a/src/common/ieee802_11_common.c b/src/common/ieee802_11_common.c
index 9627799..4fd3357 100644
--- a/src/common/ieee802_11_common.c
+++ b/src/common/ieee802_11_common.c
@@ -1,6 +1,6 @@
/*
* IEEE 802.11 Common routines
- * Copyright (c) 2002-2019, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2002-2015, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -126,10 +126,6 @@
elems->roaming_cons_sel = pos;
elems->roaming_cons_sel_len = elen;
break;
- case MULTI_AP_OUI_TYPE:
- elems->multi_ap = pos;
- elems->multi_ap_len = elen;
- break;
default:
wpa_printf(MSG_MSGDUMP, "Unknown WFA "
"information element ignored "
@@ -270,10 +266,6 @@
elems->password_id = pos;
elems->password_id_len = elen;
break;
- case WLAN_EID_EXT_OCV_OCI:
- elems->oci = pos;
- elems->oci_len = elen;
- break;
default:
if (show_errors) {
wpa_printf(MSG_MSGDUMP,
@@ -906,41 +898,6 @@
}
-int ieee80211_chaninfo_to_channel(unsigned int freq, enum chan_width chanwidth,
- int sec_channel, u8 *op_class, u8 *channel)
-{
- int vht = CHAN_WIDTH_UNKNOWN;
-
- switch (chanwidth) {
- case CHAN_WIDTH_UNKNOWN:
- case CHAN_WIDTH_20_NOHT:
- case CHAN_WIDTH_20:
- case CHAN_WIDTH_40:
- vht = VHT_CHANWIDTH_USE_HT;
- break;
- case CHAN_WIDTH_80:
- vht = VHT_CHANWIDTH_80MHZ;
- break;
- case CHAN_WIDTH_80P80:
- vht = VHT_CHANWIDTH_80P80MHZ;
- break;
- case CHAN_WIDTH_160:
- vht = VHT_CHANWIDTH_160MHZ;
- break;
- }
-
- if (ieee80211_freq_to_channel_ext(freq, sec_channel, vht, op_class,
- channel) == NUM_HOSTAPD_MODES) {
- wpa_printf(MSG_WARNING,
- "Cannot determine operating class and channel (freq=%u chanwidth=%d sec_channel=%d)",
- freq, chanwidth, sec_channel);
- return -1;
- }
-
- return 0;
-}
-
-
static const char *const us_op_class_cc[] = {
"US", "CA", NULL
};
@@ -1540,24 +1497,6 @@
}
-const u8 * get_vendor_ie(const u8 *ies, size_t len, u32 vendor_type)
-{
- const u8 *pos = ies, *end = ies + len;
-
- while (end - pos > 1) {
- if (2 + pos[1] > end - pos)
- break;
-
- if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 &&
- vendor_type == WPA_GET_BE32(&pos[2]))
- return pos;
- pos += 2 + pos[1];
- }
-
- return NULL;
-}
-
-
size_t mbo_add_ie(u8 *buf, size_t len, const u8 *attr, size_t attr_len)
{
/*
@@ -1582,26 +1521,6 @@
}
-size_t add_multi_ap_ie(u8 *buf, size_t len, u8 value)
-{
- u8 *pos = buf;
-
- if (len < 9)
- return 0;
-
- *pos++ = WLAN_EID_VENDOR_SPECIFIC;
- *pos++ = 7; /* len */
- WPA_PUT_BE24(pos, OUI_WFA);
- pos += 3;
- *pos++ = MULTI_AP_OUI_TYPE;
- *pos++ = MULTI_AP_SUB_ELEM_TYPE;
- *pos++ = 1; /* len */
- *pos++ = value;
-
- return pos - buf;
-}
-
-
static const struct country_op_class us_op_class[] = {
{ 1, 115 },
{ 2, 118 },
@@ -1747,27 +1666,6 @@
}
-int oper_class_bw_to_int(const struct oper_class_map *map)
-{
- switch (map->bw) {
- case BW20:
- return 20;
- case BW40PLUS:
- case BW40MINUS:
- return 40;
- case BW80:
- return 80;
- case BW80P80:
- case BW160:
- return 160;
- case BW2160:
- return 2160;
- default:
- return 0;
- }
-}
-
-
int ieee802_11_parse_candidate_list(const char *pos, u8 *nei_rep,
size_t nei_rep_len)
{
@@ -1868,11 +1766,3 @@
return nei_pos - nei_rep;
}
-
-
-int ieee802_11_ext_capab(const u8 *ie, unsigned int capab)
-{
- if (!ie || ie[1] <= capab / 8)
- return 0;
- return !!(ie[2 + capab / 8] & BIT(capab % 8));
-}
diff --git a/src/common/ieee802_11_common.h b/src/common/ieee802_11_common.h
index ce3bb8b..ff7e51d 100644
--- a/src/common/ieee802_11_common.h
+++ b/src/common/ieee802_11_common.h
@@ -1,6 +1,6 @@
/*
* IEEE 802.11 Common routines
- * Copyright (c) 2002-2019, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -10,7 +10,6 @@
#define IEEE802_11_COMMON_H
#include "defs.h"
-#include "ieee802_11_defs.h"
struct hostapd_hw_modes;
@@ -85,8 +84,6 @@
const u8 *power_capab;
const u8 *roaming_cons_sel;
const u8 *password_id;
- const u8 *oci;
- const u8 *multi_ap;
u8 ssid_len;
u8 supp_rates_len;
@@ -133,8 +130,6 @@
u8 power_capab_len;
u8 roaming_cons_sel_len;
u8 password_id_len;
- u8 oci_len;
- u8 multi_ap_len;
struct mb_ies_info mb_ies;
};
@@ -165,8 +160,6 @@
enum hostapd_hw_mode ieee80211_freq_to_channel_ext(unsigned int freq,
int sec_channel, int vht,
u8 *op_class, u8 *channel);
-int ieee80211_chaninfo_to_channel(unsigned int freq, enum chan_width chanwidth,
- int sec_channel, u8 *op_class, u8 *channel);
int ieee80211_is_dfs(int freq, const struct hostapd_hw_modes *modes,
u16 num_modes);
enum phy_type ieee80211_get_phy_type(int freq, int ht, int vht);
@@ -193,12 +186,9 @@
const u8 * get_ie(const u8 *ies, size_t len, u8 eid);
const u8 * get_ie_ext(const u8 *ies, size_t len, u8 ext);
-const u8 * get_vendor_ie(const u8 *ies, size_t len, u32 vendor_type);
size_t mbo_add_ie(u8 *buf, size_t len, const u8 *attr, size_t attr_len);
-size_t add_multi_ap_ie(u8 *buf, size_t len, u8 value);
-
struct country_op_class {
u8 country_op_class;
u8 global_op_class;
@@ -207,11 +197,8 @@
u8 country_to_global_op_class(const char *country, u8 op_class);
const struct oper_class_map * get_oper_class(const char *country, u8 op_class);
-int oper_class_bw_to_int(const struct oper_class_map *map);
int ieee802_11_parse_candidate_list(const char *pos, u8 *nei_rep,
size_t nei_rep_len);
-int ieee802_11_ext_capab(const u8 *ie, unsigned int capab);
-
#endif /* IEEE802_11_COMMON_H */
diff --git a/src/common/ieee802_11_defs.h b/src/common/ieee802_11_defs.h
index b285d13..762e731 100644
--- a/src/common/ieee802_11_defs.h
+++ b/src/common/ieee802_11_defs.h
@@ -1,6 +1,6 @@
/*
* IEEE 802.11 Frame type definitions
- * Copyright (c) 2002-2019, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2002-2015, Jouni Malinen <j@w1.fi>
* Copyright (c) 2007-2008 Intel Corporation
*
* This software may be distributed under the terms of the BSD license.
@@ -467,89 +467,7 @@
#define WLAN_EID_EXT_PASSWORD_IDENTIFIER 33
#define WLAN_EID_EXT_HE_CAPABILITIES 35
#define WLAN_EID_EXT_HE_OPERATION 36
-#define WLAN_EID_EXT_HE_MU_EDCA_PARAMS 38
-#define WLAN_EID_EXT_OCV_OCI 54
-/* Extended Capabilities field */
-#define WLAN_EXT_CAPAB_20_40_COEX 0
-#define WLAN_EXT_CAPAB_GLK 1
-#define WLAN_EXT_CAPAB_EXT_CHAN_SWITCH 2
-#define WLAN_EXT_CAPAB_GLK_GCR 3
-#define WLAN_EXT_CAPAB_PSMP 4
-/* 5 - Reserved */
-#define WLAN_EXT_CAPAB_S_PSMP 6
-#define WLAN_EXT_CAPAB_EVENT 7
-#define WLAN_EXT_CAPAB_DIAGNOSTICS 8
-#define WLAN_EXT_CAPAB_MULTICAST_DIAGNOSTICS 9
-#define WLAN_EXT_CAPAB_LOCATION_TRACKING 10
-#define WLAN_EXT_CAPAB_FMS 11
-#define WLAN_EXT_CAPAB_PROXY_ARP 12
-#define WLAN_EXT_CAPAB_COLL_INTERF_REP 13
-#define WLAN_EXT_CAPAB_CIVIC_LOCATION 14
-#define WLAN_EXT_CAPAB_GEOSPATIAL_LOCATION 15
-#define WLAN_EXT_CAPAB_TFS 16
-#define WLAN_EXT_CAPAB_WNM_SLEEP_MODE 17
-#define WLAN_EXT_CAPAB_TIM_BROADCAST 18
-#define WLAN_EXT_CAPAB_BSS_TRANSITION 19
-#define WLAN_EXT_CAPAB_QOS_TRAFFIC 20
-#define WLAN_EXT_CAPAB_AC_STA_COUNT 21
-#define WLAN_EXT_CAPAB_MULTIPLE_BSSID 22
-#define WLAN_EXT_CAPAB_TIMING_MEASUREMENT 23
-#define WLAN_EXT_CAPAB_CHANNEL_USAGE 24
-#define WLAN_EXT_CAPAB_SSID_LIST 25
-#define WLAN_EXT_CAPAB_DMS 26
-#define WLAN_EXT_CAPAB_UTF_TSF_OFFSET 27
-#define WLAN_EXT_CAPAB_TPU_BUFFER_STA 28
-#define WLAN_EXT_CAPAB_TDLS_PEER_PSM 29
-#define WLAN_EXT_CAPAB_TDLS_CHANNEL_SWITCH 30
-#define WLAN_EXT_CAPAB_INTERWORKING 31
-#define WLAN_EXT_CAPAB_QOS_MAP 32
-#define WLAN_EXT_CAPAB_EBR 33
-#define WLAN_EXT_CAPAB_SSPN_INTERFACE 34
-/* 35 - Reserved */
-#define WLAN_EXT_CAPAB_MSGCF 36
-#define WLAN_EXT_CAPAB_TDLS 37
-#define WLAN_EXT_CAPAB_TDLS_PROHIBITED 38
-#define WLAN_EXT_CAPAB_TDLS_CHANNEL_SWITCH_PROHIBITED 39
-#define WLAN_EXT_CAPAB_REJECT_UNADMITTED_FRAME 40
-#define WLAN_EXT_CAPAB_
-/* 41-43 - Service Interval Granularity */
-#define WLAN_EXT_CAPAB_IDENTIFIER_LOCATION 44
-#define WLAN_EXT_CAPAB_U_APSD_COEX 45
-#define WLAN_EXT_CAPAB_WNM_NOTIFCATION 46
-#define WLAN_EXT_CAPAB_QAB 47
-#define WLAN_EXT_CAPAB_UTF_8_SSID 48
-#define WLAN_EXT_CAPAB_QMF 49
-#define WLAN_EXT_CAPAB_QMF_RECONFIG 50
-#define WLAN_EXT_CAPAB_ROBUST_AV_STREAMING 51
-#define WLAN_EXT_CAPAB_ADVANCED_GCR 52
-#define WLAN_EXT_CAPAB_MESH_GCR 53
-#define WLAN_EXT_CAPAB_SCS 54
-#define WLAN_EXT_CAPAB_QLOAD_REPORT 55
-#define WLAN_EXT_CAPAB_ALT_EDCA 56
-#define WLAN_EXT_CAPAB_UNPROT_TXOP_NEG 57
-#define WLAN_EXT_CAPAB_PROT_TXOP_NEG 58
-/* 59 - Reserved */
-#define WLAN_EXT_CAPAB_PROT_QLOAD_REPORT 60
-#define WLAN_EXT_CAPAB_TDLS_WIDER_BW 61
-#define WLAN_EXT_CAPAB_OPMODE_NOTIF 62
-#define WLAN_EXT_CAPAB_
-/* 63-64 - Max Number of MSDUs In A-MSDU */
-#define WLAN_EXT_CAPAB_CHANNEL_SCHEDULE_MGMT 65
-#define WLAN_EXT_CAPAB_GEODB_INBAND_ENABLING_SIGNAL 66
-#define WLAN_EXT_CAPAB_NETWORK_CHANNEL_CTRL 67
-#define WLAN_EXT_CAPAB_WHITE_SPACE_MAP 68
-#define WLAN_EXT_CAPAB_CHANNEL_AVAIL_QUERY 69
-#define WLAN_EXT_CAPAB_FTM_RESPONDER 70
-#define WLAN_EXT_CAPAB_FTM_INITIATOR 71
-#define WLAN_EXT_CAPAB_FILS 72
-#define WLAN_EXT_CAPAB_EXT_SPECTRUM_MGMT 73
-#define WLAN_EXT_CAPAB_FUTURE_CHANNEL_GUIDANCE 74
-#define WLAN_EXT_CAPAB_PAD 75
-/* 76-79 - Reserved */
-#define WLAN_EXT_CAPAB_COMPLETE_NON_TX_BSSID_PROFILE 80
-#define WLAN_EXT_CAPAB_SAE_PW_ID 81
-#define WLAN_EXT_CAPAB_SAE_PW_ID_EXCLUSIVELY 82
/* Action frame categories (IEEE Std 802.11-2016, 9.4.1.11, Table 9-76) */
#define WLAN_ACTION_SPECTRUM_MGMT 0
@@ -947,12 +865,10 @@
struct {
u8 action;
u8 trans_id[WLAN_SA_QUERY_TR_ID_LEN];
- u8 variable[]; /* OCI element */
} STRUCT_PACKED sa_query_req;
struct {
u8 action; /* */
u8 trans_id[WLAN_SA_QUERY_TR_ID_LEN];
- u8 variable[]; /* OCI element */
} STRUCT_PACKED sa_query_resp;
struct {
u8 action;
@@ -1294,13 +1210,6 @@
#define MBO_OUI_TYPE 22
#define OWE_IE_VENDOR_TYPE 0x506f9a1c
#define OWE_OUI_TYPE 28
-#define MULTI_AP_OUI_TYPE 0x1B
-
-#define MULTI_AP_SUB_ELEM_TYPE 0x06
-#define MULTI_AP_TEAR_DOWN BIT(4)
-#define MULTI_AP_FRONTHAUL_BSS BIT(5)
-#define MULTI_AP_BACKHAUL_BSS BIT(6)
-#define MULTI_AP_BACKHAUL_STA BIT(7)
#define WMM_OUI_TYPE 2
#define WMM_OUI_SUBTYPE_INFORMATION_ELEMENT 0
@@ -1438,15 +1347,13 @@
#define HS20_PPS_MO_ID_PRESENT 0x02
#define HS20_ANQP_DOMAIN_ID_PRESENT 0x04
#ifndef HS20_VERSION
-#define HS20_VERSION 0x20 /* Release 3 */
+#define HS20_VERSION 0x10 /* Release 2 */
#endif /* HS20_VERSION */
/* WNM-Notification WFA vendors specific subtypes */
#define HS20_WNM_SUB_REM_NEEDED 0
#define HS20_WNM_DEAUTH_IMMINENT_NOTICE 1
-#define WFA_WNM_NOTIF_SUBELEM_NON_PREF_CHAN_REPORT 2
-#define WFA_WNM_NOTIF_SUBELEM_CELL_DATA_CAPA 3
-#define HS20_WNM_T_C_ACCEPTANCE 4
+#define HS20_WNM_T_C_ACCEPTANCE 2
#define HS20_DEAUTH_REASON_CODE_BSS 0
#define HS20_DEAUTH_REASON_CODE_ESS 1
@@ -1535,6 +1442,12 @@
MBO_TRANSITION_REJECT_REASON_SERVICES = 6,
};
+/* MBO v0.0_r19, 4.4: WNM-Notification vendor subelements */
+enum wfa_wnm_notif_subelem_id {
+ WFA_WNM_NOTIF_SUBELEM_NON_PREF_CHAN_REPORT = 2,
+ WFA_WNM_NOTIF_SUBELEM_CELL_DATA_CAPA = 3,
+};
+
/* MBO v0.0_r27, 4.3: MBO ANQP-elements */
#define MBO_ANQP_OUI_TYPE 0x12
#define MBO_ANQP_SUBTYPE_QUERY_LIST 1
@@ -1928,14 +1841,11 @@
};
/* IEEE Std 802.11-2016, Table 9-88 - Beacon Request subelement IDs */
-/* IEEE P802.11-REVmd/D2.0, Table 9-106 - Optional subelement IDs for
- * Beacon request */
#define WLAN_BEACON_REQUEST_SUBELEM_SSID 0
#define WLAN_BEACON_REQUEST_SUBELEM_INFO 1 /* Beacon Reporting */
#define WLAN_BEACON_REQUEST_SUBELEM_DETAIL 2 /* Reporting Detail */
#define WLAN_BEACON_REQUEST_SUBELEM_REQUEST 10
#define WLAN_BEACON_REQUEST_SUBELEM_AP_CHANNEL 51 /* AP Channel Report */
-#define WLAN_BEACON_REQUEST_SUBELEM_LAST_INDICATION 164
#define WLAN_BEACON_REQUEST_SUBELEM_VENDOR 221
/*
@@ -1985,21 +1895,9 @@
} STRUCT_PACKED;
/* IEEE Std 802.11-2016, Table 9-112 - Beacon report Subelement IDs */
-/* IEEE P802.11-REVmd/D2.0, Table 9-130 - Optional subelement IDs for
- * Beacon report */
#define WLAN_BEACON_REPORT_SUBELEM_FRAME_BODY 1
-#define WLAN_BEACON_REPORT_SUBELEM_FRAME_BODY_FRAGMENT_ID 2
-#define WLAN_BEACON_REPORT_SUBELEM_LAST_INDICATION 164
#define WLAN_BEACON_REPORT_SUBELEM_VENDOR 221
-/* IEEE P802.11-REVmd/D2.0, Table 9-232 - Data field format of the
- * Reported Frame Body Fragment ID subelement */
-#define REPORTED_FRAME_BODY_SUBELEM_LEN 4
-#define REPORTED_FRAME_BODY_MORE_FRAGMENTS BIT(7)
-
-/* IEEE P802.11-REVmd/D2.0, 9.4.2.21.7 - Beacon report */
-#define BEACON_REPORT_LAST_INDICATION_SUBELEM_LEN 3
-
/* IEEE Std 802.11ad-2012 - Multi-band element */
struct multi_band_ie {
u8 eid; /* WLAN_EID_MULTI_BAND */
@@ -2102,15 +2000,14 @@
};
struct ieee80211_he_capabilities {
- u8 he_mac_capab_info[6];
- u8 he_phy_capab_info[11];
+ u8 he_mac_capab_info[5];
+ u8 he_phy_capab_info[9];
u8 he_txrx_mcs_support[12]; /* TODO: 4, 8, or 12 octets */
/* PPE Thresholds (optional) */
} STRUCT_PACKED;
struct ieee80211_he_operation {
- u32 he_oper_params; /* HE Operation Parameters[3] and
- * BSS Color Information[1] */
+ u32 he_oper_params;
u8 he_mcs_nss_set[2];
u8 vht_op_info_chwidth;
u8 vht_op_info_chan_center_freq_seg0_idx;
@@ -2127,55 +2024,28 @@
#define HE_PHYCAP_MU_BEAMFORMER_CAPAB ((u8) BIT(1))
/* HE Operation defines */
-/* HE Operation Parameters and BSS Color Information fields */
#define HE_OPERATION_BSS_COLOR_MASK ((u32) (BIT(0) | BIT(1) | \
BIT(2) | BIT(3) | \
BIT(4) | BIT(5)))
-#define HE_OPERATION_PARTIAL_BSS_COLOR ((u32) BIT(6))
-#define HE_OPERATION_BSS_COLOR_DISABLED ((u32) BIT(7))
-#define HE_OPERATION_DFLT_PE_DURATION_MASK ((u32) (BIT(8) | BIT(9) | \
- BIT(10)))
-#define HE_OPERATION_DFLT_PE_DURATION_OFFSET 8
-#define HE_OPERATION_TWT_REQUIRED ((u32) BIT(11))
-#define HE_OPERATION_RTS_THRESHOLD_MASK ((u32) (BIT(12) | BIT(13) | \
+#define HE_OPERATION_DFLT_PE_DURATION_MASK ((u32) (BIT(6) | BIT(7) | \
+ BIT(8)))
+#define HE_OPERATION_DFLT_PE_DURATION_OFFSET 6
+#define HE_OPERATION_TWT_REQUIRED ((u32) BIT(9))
+#define HE_OPERATION_RTS_THRESHOLD_MASK ((u32) (BIT(10) | BIT(11) | \
+ BIT(12) | BIT(13) | \
BIT(14) | BIT(15) | \
BIT(16) | BIT(17) | \
- BIT(18) | BIT(19) | \
- BIT(20) | BIT(21)))
-#define HE_OPERATION_RTS_THRESHOLD_OFFSET 12
-
-struct ieee80211_he_mu_edca_parameter_set {
- u8 he_qos_info;
- u8 he_mu_ac_be_param[3];
- u8 he_mu_ac_bk_param[3];
- u8 he_mu_ac_vi_param[3];
- u8 he_mu_ac_vo_param[3];
-} STRUCT_PACKED;
-
-/* HE MU AC parameter record field format */
-/* ACI/AIFSN */
-#define HE_MU_AC_PARAM_ACI_IDX 0
-#define HE_MU_AC_PARAM_AIFSN ((u8) (BIT(0) | BIT(1) | BIT(2) | BIT(3)))
-#define HE_MU_AC_PARAM_ACM ((u8) BIT(4))
-#define HE_MU_AC_PARAM_ACI ((u8) (BIT(5) | BIT(6)))
-/* B7: Reserved */
-
-/* ECWmin/ECWmax */
-#define HE_MU_AC_PARAM_ECW_IDX 1
-#define HE_MU_AC_PARAM_ECWMIN ((u8) (BIT(0) | BIT(1) | BIT(2) | BIT(3)))
-#define HE_MU_AC_PARAM_ECWMAX ((u8) (BIT(4) | BIT(5) | BIT(6) | BIT(7)))
-
-/* MU EDCA Timer */
-#define HE_MU_AC_PARAM_TIMER_IDX 2
-
-/* HE QoS Info field */
-#define HE_QOS_INFO_EDCA_PARAM_SET_COUNT ((u8) (BIT(0) | BIT(1) | \
- BIT(2) | BIT(3)))
-#define HE_QOS_INFO_Q_ACK ((u8) (BIT(4)))
-#define HE_QOS_INFO_QUEUE_REQUEST ((u8) (BIT(5)))
-#define HE_QOS_INFO_TXOP_REQUEST ((u8) (BIT(6)))
-/* B7: Reserved if sent by an AP; More Data Ack if sent by a non-AP STA */
-#define HE_QOS_INFO_MORE_DATA_ACK ((u8) (BIT(7)))
+ BIT(18) | BIT(19)))
+#define HE_OPERATION_RTS_THRESHOLD_OFFSET 10
+#define HE_OPERATION_PARTIAL_BSS_COLOR ((u32) BIT(20))
+#define HE_OPERATION_MAX_BSSID_INDICATOR_MASK ((u32) (BIT(21) | BIT(22) | \
+ BIT(23) | BIT(24) | \
+ BIT(25) | BIT(26) | \
+ BIT(27) | BIT(28)))
+#define HE_OPERATION_MAX_BSSID_INDICATOR_OFFSET 21
+#define HE_OPERATION_TX_BSSID_INDICATOR ((u32) BIT(29))
+#define HE_OPERATION_BSS_COLOR_DISABLED ((u32) BIT(30))
+#define HE_OPERATION_BSS_DUAL_BEACON ((u32) BIT(31))
/* DPP Public Action frame identifiers - OUI_WFA */
#define DPP_OUI_TYPE 0x1A
diff --git a/src/common/linux_bridge.h b/src/common/linux_bridge.h
index 84386e6..7b76846 100644
--- a/src/common/linux_bridge.h
+++ b/src/common/linux_bridge.h
@@ -9,21 +9,6 @@
#ifndef LINUX_BRIDGE_H
#define LINUX_BRIDGE_H
-/* This ioctl is defined in linux/sockios.h */
-
-#ifndef SIOCBRADDBR
-#define SIOCBRADDBR 0x89a0
-#endif
-#ifndef SIOCBRDELBR
-#define SIOCBRDELBR 0x89a1
-#endif
-#ifndef SIOCBRADDIF
-#define SIOCBRADDIF 0x89a2
-#endif
-#ifndef SIOCBRDELIF
-#define SIOCBRDELIF 0x89a3
-#endif
-
/* This interface is defined in linux/if_bridge.h */
#define BRCTL_GET_VERSION 0
diff --git a/src/common/ocv.c b/src/common/ocv.c
deleted file mode 100644
index 06badfb..0000000
--- a/src/common/ocv.c
+++ /dev/null
@@ -1,172 +0,0 @@
-/*
- * Operating Channel Validation (OCV)
- * Copyright (c) 2018, Mathy Vanhoef
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-#include "utils/common.h"
-#include "drivers/driver.h"
-#include "common/ieee802_11_common.h"
-#include "ocv.h"
-
-/**
- * Caller of OCV functionality may use various debug output functions, so store
- * the error here and let the caller use an appropriate debug output function.
- */
-char ocv_errorstr[256];
-
-
-int ocv_derive_all_parameters(struct oci_info *oci)
-{
- const struct oper_class_map *op_class_map;
-
- oci->freq = ieee80211_chan_to_freq(NULL, oci->op_class, oci->channel);
- if (oci->freq < 0) {
- wpa_printf(MSG_INFO,
- "Error interpreting OCI: unrecognized opclass/channel pair (%d/%d)",
- oci->op_class, oci->channel);
- return -1;
- }
-
- op_class_map = get_oper_class(NULL, oci->op_class);
- if (!op_class_map) {
- wpa_printf(MSG_INFO,
- "Error interpreting OCI: Unrecognized opclass (%d)",
- oci->op_class);
- return -1;
- }
-
- oci->chanwidth = oper_class_bw_to_int(op_class_map);
- oci->sec_channel = 0;
- if (op_class_map->bw == BW40PLUS)
- oci->sec_channel = 1;
- else if (op_class_map->bw == BW40MINUS)
- oci->sec_channel = -1;
-
- return 0;
-}
-
-
-int ocv_insert_oci(struct wpa_channel_info *ci, u8 **argpos)
-{
- u8 op_class, channel;
- u8 *pos = *argpos;
-
- if (ieee80211_chaninfo_to_channel(ci->frequency, ci->chanwidth,
- ci->sec_channel,
- &op_class, &channel) < 0) {
- wpa_printf(MSG_WARNING,
- "Cannot determine operating class and channel for OCI element");
- return -1;
- }
-
- *pos++ = op_class;
- *pos++ = channel;
- *pos++ = ci->seg1_idx;
-
- *argpos = pos;
- return 0;
-}
-
-
-int ocv_insert_oci_kde(struct wpa_channel_info *ci, u8 **argpos)
-{
- u8 *pos = *argpos;
-
- *pos++ = WLAN_EID_VENDOR_SPECIFIC;
- *pos++ = RSN_SELECTOR_LEN + 3;
- RSN_SELECTOR_PUT(pos, RSN_KEY_DATA_OCI);
- pos += RSN_SELECTOR_LEN;
-
- *argpos = pos;
- return ocv_insert_oci(ci, argpos);
-}
-
-
-int ocv_insert_extended_oci(struct wpa_channel_info *ci, u8 *pos)
-{
- *pos++ = WLAN_EID_EXTENSION;
- *pos++ = 1 + OCV_OCI_LEN;
- *pos++ = WLAN_EID_EXT_OCV_OCI;
- return ocv_insert_oci(ci, &pos);
-}
-
-
-int ocv_verify_tx_params(const u8 *oci_ie, size_t oci_ie_len,
- struct wpa_channel_info *ci, int tx_chanwidth,
- int tx_seg1_idx)
-{
- struct oci_info oci;
-
- if (!oci_ie) {
- os_snprintf(ocv_errorstr, sizeof(ocv_errorstr),
- "OCV failed: did not receive mandatory OCI");
- return -1;
- }
-
- if (oci_ie_len != 3) {
- os_snprintf(ocv_errorstr, sizeof(ocv_errorstr),
- "OCV failed: received OCI of unexpected length (%d)",
- (int) oci_ie_len);
- return -1;
- }
-
- os_memset(&oci, 0, sizeof(oci));
- oci.op_class = oci_ie[0];
- oci.channel = oci_ie[1];
- oci.seg1_idx = oci_ie[2];
- if (ocv_derive_all_parameters(&oci) != 0) {
- os_snprintf(ocv_errorstr, sizeof(ocv_errorstr),
- "OCV failed: unable to interpret received OCI");
- return -1;
- }
-
- /* Primary frequency used to send frames to STA must match the STA's */
- if ((int) ci->frequency != oci.freq) {
- os_snprintf(ocv_errorstr, sizeof(ocv_errorstr),
- "OCV failed: primary channel mismatch in received OCI (we use %d but receiver is using %d)",
- ci->frequency, oci.freq);
- return -1;
- }
-
- /* We shouldn't transmit with a higher bandwidth than the STA supports
- */
- if (tx_chanwidth > oci.chanwidth) {
- os_snprintf(ocv_errorstr, sizeof(ocv_errorstr),
- "OCV failed: channel bandwidth mismatch in received OCI (we use %d but receiver only supports %d)",
- tx_chanwidth, oci.chanwidth);
- return -1;
- }
-
- /*
- * Secondary channel only needs be checked for 40 MHz in the 2.4 GHz
- * band. In the 5 GHz band it's verified through the primary frequency.
- * Note that the field ci->sec_channel is only filled in when we use
- * 40 MHz.
- */
- if (tx_chanwidth == 40 && ci->frequency < 2500 &&
- ci->sec_channel != oci.sec_channel) {
- os_snprintf(ocv_errorstr, sizeof(ocv_errorstr),
- "OCV failed: secondary channel mismatch in received OCI (we use %d but receiver is using %d)",
- ci->sec_channel, oci.sec_channel);
- return -1;
- }
-
- /*
- * When using a 160 or 80+80 MHz channel to transmit, verify that we use
- * the same segments as the receiver by comparing frequency segment 1.
- */
- if ((ci->chanwidth == CHAN_WIDTH_160 ||
- ci->chanwidth == CHAN_WIDTH_80P80) &&
- tx_seg1_idx != oci.seg1_idx) {
- os_snprintf(ocv_errorstr, sizeof(ocv_errorstr),
- "OCV failed: frequency segment 1 mismatch in received OCI (we use %d but receiver is using %d)",
- tx_seg1_idx, oci.seg1_idx);
- return -1;
- }
-
- return 0;
-}
diff --git a/src/common/ocv.h b/src/common/ocv.h
deleted file mode 100644
index 6379d9d..0000000
--- a/src/common/ocv.h
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Operating Channel Validation (OCV)
- * Copyright (c) 2018, Mathy Vanhoef
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef OCV_H
-#define OCV_H
-
-struct wpa_channel_info;
-
-struct oci_info {
- /* Values in the OCI element */
- u8 op_class;
- u8 channel;
- u8 seg1_idx;
-
- /* Derived values for easier verification */
- int freq;
- int sec_channel;
- int chanwidth;
-};
-
-#define OCV_OCI_LEN 3
-#define OCV_OCI_EXTENDED_LEN (3 + OCV_OCI_LEN)
-#define OCV_OCI_KDE_LEN (2 + RSN_SELECTOR_LEN + OCV_OCI_LEN)
-
-extern char ocv_errorstr[256];
-
-int ocv_derive_all_parameters(struct oci_info *oci);
-int ocv_insert_oci(struct wpa_channel_info *ci, u8 **argpos);
-int ocv_insert_oci_kde(struct wpa_channel_info *ci, u8 **argpos);
-int ocv_insert_extended_oci(struct wpa_channel_info *ci, u8 *pos);
-int ocv_verify_tx_params(const u8 *oci_ie, size_t oci_ie_len,
- struct wpa_channel_info *ci, int tx_chanwidth,
- int tx_seg1_idx);
-
-#endif /* OCV_H */
diff --git a/src/common/qca-vendor.h b/src/common/qca-vendor.h
index 6f5b87e..7a4da46 100644
--- a/src/common/qca-vendor.h
+++ b/src/common/qca-vendor.h
@@ -42,12 +42,8 @@
*
* @QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY: Recommendation of frequency
* ranges to avoid to reduce issues due to interference or internal
- * co-existence information in the driver. These frequencies aim to
- * minimize the traffic but not to totally avoid the traffic. That said
- * for a P2P use case, these frequencies are allowed for the P2P
- * discovery/negotiation but avoid the group to get formed on these
- * frequencies. The event data structure is defined in
- * struct qca_avoid_freq_list.
+ * co-existence information in the driver. The event data structure is
+ * defined in struct qca_avoid_freq_list.
*
* @QCA_NL80211_VENDOR_SUBCMD_DFS_CAPABILITY: Command to check driver support
* for DFS offloading.
@@ -162,11 +158,6 @@
* timer value. Uses the attributes defines in
* enum qca_wlan_vendor_attr_ocb_get_tsf_resp.
*
- * @QCA_NL80211_VENDOR_SUBCMD_LINK_PROPERTIES: Command/event to update the
- * link properties of the respective interface. As an event, is used
- * to notify the connected station's status. The attributes for this
- * command are defined in enum qca_wlan_vendor_attr_link_properties.
- *
* @QCA_NL80211_VENDOR_SUBCMD_P2P_LISTEN_OFFLOAD_START: Command used to
* start the P2P Listen offload function in device and pass the listen
* channel, period, interval, count, device types, and vendor specific
@@ -483,30 +474,6 @@
* configure parameters per peer to capture Channel Frequency Response
* (CFR) and enable Periodic CFR capture. The attributes for this command
* are defined in enum qca_wlan_vendor_peer_cfr_capture_attr.
- *
- * @QCA_NL80211_VENDOR_SUBCMD_THROUGHPUT_CHANGE_EVENT: Event to indicate changes
- * in throughput dynamically. The driver estimates the throughput based on
- * number of packets being transmitted/received per second and indicates
- * the changes in throughput to user space. Userspace tools can use this
- * information to configure kernel's TCP parameters in order to achieve
- * peak throughput. Optionally, the driver will also send guidance on
- * modifications to kernel's TCP parameters which can be referred by
- * userspace tools. The attributes used with this event are defined in enum
- * qca_wlan_vendor_attr_throughput_change.
- *
- * @QCA_NL80211_VENDOR_SUBCMD_COEX_CONFIG: This command is used to set
- * priorities among different types of traffic during coex scenarios.
- * Current supported prioritization is among WLAN/BT/ZIGBEE with different
- * profiles mentioned in enum qca_coex_config_profiles. The associated
- * attributes used with this command are defined in enum
- * qca_vendor_attr_coex_config.
- *
- * Based on the config provided, FW will boost the weight and prioritize
- * the traffic for that subsystem (WLAN/BT/Zigbee).
- *
- * @QCA_NL80211_VENDOR_SUBCMD_GET_SUPPORTED_AKMS: This command is used to query
- * the supported AKM suite selectorss from the driver. It returns the list
- * of supported AKMs in the attribute NL80211_ATTR_AKM_SUITES.
*/
enum qca_nl80211_vendor_subcmds {
QCA_NL80211_VENDOR_SUBCMD_UNSPEC = 0,
@@ -669,9 +636,6 @@
QCA_NL80211_VENDOR_SUBCMD_NAN_EXT = 171,
QCA_NL80211_VENDOR_SUBCMD_ROAM_SCAN_EVENT = 172,
QCA_NL80211_VENDOR_SUBCMD_PEER_CFR_CAPTURE_CFG = 173,
- QCA_NL80211_VENDOR_SUBCMD_THROUGHPUT_CHANGE_EVENT = 174,
- QCA_NL80211_VENDOR_SUBCMD_COEX_CONFIG = 175,
- QCA_NL80211_VENDOR_SUBCMD_GET_SUPPORTED_AKMS = 176,
};
enum qca_wlan_vendor_attr {
@@ -852,12 +816,6 @@
* to report the corresponding antenna index to the chain RSSI value
*/
QCA_WLAN_VENDOR_ATTR_ANTENNA_INFO = 40,
- /* Used in QCA_NL80211_VENDOR_SUBCMD_GET_CHAIN_RSSI command to report
- * the specific antenna EVM value (unsigned 32 bit value). With a
- * determinate group of antennas, the driver specifies the EVM value
- * for each antenna ID, and application extract them in user space.
- */
- QCA_WLAN_VENDOR_ATTR_CHAIN_EVM = 41,
/* keep last */
QCA_WLAN_VENDOR_ATTR_AFTER_LAST,
@@ -4448,27 +4406,6 @@
* qca_wlan_vendor_spectral_scan_cap_hw_gen.
*/
QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_HW_GEN = 5,
- /* Spectral bin scaling formula ID. u16 attribute.
- * It uses values defined in enum
- * qca_wlan_vendor_spectral_scan_cap_formula_id.
- */
- QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_FORMULA_ID = 6,
- /* Spectral bin scaling param - low level offset.
- * s16 attribute.
- */
- QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_LOW_LEVEL_OFFSET = 7,
- /* Spectral bin scaling param - high level offset.
- * s16 attribute.
- */
- QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_HIGH_LEVEL_OFFSET = 8,
- /* Spectral bin scaling param - RSSI threshold.
- * s16 attribute.
- */
- QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_RSSI_THR = 9,
- /* Spectral bin scaling param - default AGC max gain.
- * u8 attribute.
- */
- QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_DEFAULT_AGC_MAX_GAIN = 10,
QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_AFTER_LAST,
QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_MAX =
@@ -4614,20 +4551,6 @@
};
/**
- * qca_wlan_vendor_spectral_scan_cap_formula_id: Attribute values for
- * QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_FORMULA_ID in the vendor subcmd
- * QCA_NL80211_VENDOR_SUBCMD_SPECTRAL_SCAN_GET_CAP_INFO. This represents the
- * Spectral bin scaling formula ID.
- * @QCA_WLAN_VENDOR_SPECTRAL_SCAN_CAP_NO_SCALING: No scaling
- * @QCA_WLAN_VENDOR_SPECTRAL_SCAN_CAP_AGC_GAIN_RSSI_CORR_BASED: AGC gain
- * and RSSI threshold based formula.
- */
-enum qca_wlan_vendor_spectral_scan_cap_formula_id {
- QCA_WLAN_VENDOR_SPECTRAL_SCAN_CAP_NO_SCALING = 0,
- QCA_WLAN_VENDOR_SPECTRAL_SCAN_CAP_AGC_GAIN_RSSI_CORR_BASED = 1,
-};
-
-/**
* enum qca_wlan_vendor_attr_rropavail_info - Specifies whether Representative
* RF Operating Parameter (RROP) information is available, and if so, at which
* point in the application-driver interaction sequence it can be retrieved by
@@ -5490,60 +5413,6 @@
QCA_WLAN_HE_16US_OF_PROCESS_TIME = 2,
};
-/**
- * enum qca_wlan_he_om_ctrl_ch_bw - HE OM control field BW configuration
- *
- * Indicates the HE Operating mode control channel width setting value.
- *
- * @QCA_WLAN_HE_OM_CTRL_BW_20M: Primary 20 MHz
- * @QCA_WLAN_HE_OM_CTRL_BW_40M: Primary 40 MHz
- * @QCA_WLAN_HE_OM_CTRL_BW_80M: Primary 80 MHz
- * @QCA_WLAN_HE_OM_CTRL_BW_160M: 160 MHz and 80+80 MHz
- */
-enum qca_wlan_he_om_ctrl_ch_bw {
- QCA_WLAN_HE_OM_CTRL_BW_20M = 0,
- QCA_WLAN_HE_OM_CTRL_BW_40M = 1,
- QCA_WLAN_HE_OM_CTRL_BW_80M = 2,
- QCA_WLAN_HE_OM_CTRL_BW_160M = 3,
-};
-
-/**
- * enum qca_wlan_vendor_attr_he_omi_tx: Represents attributes for
- * HE operating mode control transmit request. These attributes are
- * sent as part of QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_HE_OMI_TX and
- * QCA_NL80211_VENDOR_SUBCMD_WIFI_TEST_CONFIGURATION.
- *
- * @QCA_WLAN_VENDOR_ATTR_HE_OMI_RX_NSS: Mandatory 8-bit unsigned value
- * indicates the maximum number of spatial streams, NSS, that the STA
- * supports in reception for PPDU bandwidths less than or equal to 80 MHz
- * and is set to NSS - 1.
- *
- * @QCA_WLAN_VENDOR_ATTR_HE_OMI_CH_BW: Mandatory 8-bit unsigned value
- * indicates the operating channel width supported by the STA for both
- * reception and transmission. Uses enum qca_wlan_he_om_ctrl_ch_bw values.
- *
- * @QCA_WLAN_VENDOR_ATTR_HE_OMI_ULMU_DISABLE: Mandatory 8-bit unsigned value
- * indicates the all trigger based UL MU operations by the STA.
- * 0 - UL MU operations are enabled by the STA.
- * 1 - All triggered UL MU transmissions are suspended by the STA.
- *
- * @QCA_WLAN_VENDOR_ATTR_HE_OMI_TX_NSTS: Mandatory 8-bit unsigned value
- * indicates the maximum number of space-time streams, NSTS, that
- * the STA supports in transmission and is set to NSTS - 1.
- */
-enum qca_wlan_vendor_attr_he_omi_tx {
- QCA_WLAN_VENDOR_ATTR_HE_OMI_INVALID = 0,
- QCA_WLAN_VENDOR_ATTR_HE_OMI_RX_NSS = 1,
- QCA_WLAN_VENDOR_ATTR_HE_OMI_CH_BW = 2,
- QCA_WLAN_VENDOR_ATTR_HE_OMI_ULMU_DISABLE = 3,
- QCA_WLAN_VENDOR_ATTR_HE_OMI_TX_NSTS = 4,
-
- /* keep last */
- QCA_WLAN_VENDOR_ATTR_HE_OMI_AFTER_LAST,
- QCA_WLAN_VENDOR_ATTR_HE_OMI_MAX =
- QCA_WLAN_VENDOR_ATTR_HE_OMI_AFTER_LAST - 1,
-};
-
/* Attributes for data used by
* QCA_NL80211_VENDOR_SUBCMD_WIFI_TEST_CONFIGURATION
*/
@@ -5735,79 +5604,6 @@
*/
QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_TWT_RESUME = 26,
- /* 8-bit unsigned value to set the HE operating mode control
- * (OM CTRL) Channel Width subfield.
- * The Channel Width subfield indicates the operating channel width
- * supported by the STA for both reception and transmission.
- * Uses the enum qca_wlan_he_om_ctrl_ch_bw values.
- * This setting is cleared with the
- * QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_CLEAR_HE_OM_CTRL_CONFIG
- * flag attribute to reset defaults.
- * This attribute is used to configure the testbed device.
- */
- QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_HE_OM_CTRL_BW = 27,
-
- /* 8-bit unsigned value to configure the number of spatial
- * streams in HE operating mode control field.
- * This setting is cleared with the
- * QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_CLEAR_HE_OM_CTRL_CONFIG
- * flag attribute to reset defaults.
- * This attribute is used to configure the testbed device.
- */
- QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_HE_OM_CTRL_NSS = 28,
-
- /* Flag attribute to configure the UL MU disable bit in
- * HE operating mode control field.
- * This setting is cleared with the
- * QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_CLEAR_HE_OM_CTRL_CONFIG
- * flag attribute to reset defaults.
- * This attribute is used to configure the testbed device.
- */
- QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_HE_OM_CTRL_UL_MU_DISABLE = 29,
-
- /* Flag attribute to clear the previously set HE operating mode
- * control field configuration.
- * This attribute is used to configure the testbed device to reset
- * defaults to clear any previously set HE operating mode control
- * field configuration.
- */
- QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_CLEAR_HE_OM_CTRL_CONFIG = 30,
-
- /* 8-bit unsigned value to configure HE single user PPDU
- * transmission. By default this setting is disabled and it
- * is disabled in the reset defaults of the device configuration.
- * This attribute is used to configure the testbed device.
- * 1-enable, 0-disable
- */
- QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_HE_TX_SUPPDU = 31,
-
- /* 8-bit unsigned value to configure action frame transmission
- * in HE trigger based PPDU transmission.
- * By default this setting is disabled and it is disabled in
- * the reset defaults of the device configuration.
- * This attribute is used to configure the testbed device.
- * 1-enable, 0-disable
- */
- QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_HE_ACTION_TX_TB_PPDU = 32,
-
- /* Nested attribute to indicate HE operating mode control field
- * transmission. It contains operating mode control field Nss,
- * channel bandwidth, Tx Nsts and UL MU disable attributes.
- * These nested attributes are used to send HE operating mode control
- * with configured values.
- * Uses the enum qca_wlan_vendor_attr_he_omi_tx attributes.
- * This attribute is used to configure the testbed device.
- */
- QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_HE_OMI_TX = 33,
-
- /* 8-bit unsigned value to configure +HTC_HE support to indicate the
- * support for the reception of a frame that carries an HE variant
- * HT Control field.
- * This attribute is used to configure the testbed device.
- * 1-enable, 0-disable
- */
- QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_HE_HTC_HE_SUPP = 34,
-
/* keep last */
QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_AFTER_LAST,
QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_MAX =
@@ -6194,159 +5990,4 @@
QCA_WLAN_VENDOR_ATTR_PEER_CFR_AFTER_LAST - 1,
};
-/**
- * enum qca_wlan_throughput_level - Current throughput level
- *
- * Indicates the current level of throughput calculated by the driver. The
- * driver may choose different thresholds to decide whether the throughput level
- * is low or medium or high based on variety of parameters like physical link
- * capacity of the current connection, the number of packets being dispatched
- * per second, etc. The throughput level events might not be consistent with the
- * actual current throughput value being observed.
- *
- * @QCA_WLAN_THROUGHPUT_LEVEL_LOW: Low level of throughput
- * @QCA_WLAN_THROUGHPUT_LEVEL_MEDIUM: Medium level of throughput
- * @QCA_WLAN_THROUGHPUT_LEVEL_HIGH: High level of throughput
- */
-enum qca_wlan_throughput_level {
- QCA_WLAN_THROUGHPUT_LEVEL_LOW = 0,
- QCA_WLAN_THROUGHPUT_LEVEL_MEDIUM = 1,
- QCA_WLAN_THROUGHPUT_LEVEL_HIGH = 2,
-};
-
-/**
- * enum qca_wlan_vendor_attr_throughput_change - Vendor subcmd attributes to
- * report throughput changes from the driver to user space. enum values are used
- * for netlink attributes sent with
- * %QCA_NL80211_VENDOR_SUBCMD_THROUGHPUT_CHANGE_EVENT sub command.
- */
-enum qca_wlan_vendor_attr_throughput_change {
- QCA_WLAN_VENDOR_ATTR_THROUGHPUT_CHANGE_INVALID = 0,
- /* Indicates the direction of throughput in which the change is being
- * reported. u8 attribute. Value is 0 for TX and 1 for RX.
- */
- QCA_WLAN_VENDOR_ATTR_THROUGHPUT_CHANGE_DIRECTION = 1,
- /* Indicates the newly observed throughput level. enum
- * qca_wlan_throughput_level describes the possible range of values.
- * u8 attribute.
- */
- QCA_WLAN_VENDOR_ATTR_THROUGHPUT_CHANGE_THROUGHPUT_LEVEL = 2,
- /* Indicates the driver's guidance on the new value to be set to
- * kernel's TCP parameter tcp_limit_output_bytes. u32 attribute. The
- * driver may optionally include this attribute.
- */
- QCA_WLAN_VENDOR_ATTR_THROUGHPUT_CHANGE_TCP_LIMIT_OUTPUT_BYTES = 3,
- /* Indicates the driver's guidance on the new value to be set to
- * kernel's TCP parameter tcp_adv_win_scale. s8 attribute. Possible
- * values are from -31 to 31. The driver may optionally include this
- * attribute.
- */
- QCA_WLAN_VENDOR_ATTR_THROUGHPUT_CHANGE_TCP_ADV_WIN_SCALE = 4,
- /* Indicates the driver's guidance on the new value to be set to
- * kernel's TCP parameter tcp_delack_seg. u32 attribute. The driver may
- * optionally include this attribute.
- */
- QCA_WLAN_VENDOR_ATTR_THROUGHPUT_CHANGE_TCP_DELACK_SEG = 5,
-
- /* keep last */
- QCA_WLAN_VENDOR_ATTR_THROUGHPUT_CHANGE_AFTER_LAST,
- QCA_WLAN_VENDOR_ATTR_THROUGHPUT_CHANGE_MAX =
- QCA_WLAN_VENDOR_ATTR_THROUGHPUT_CHANGE_AFTER_LAST - 1,
-};
-
-/**
- * enum qca_coex_config_profiles - This enum defines different types of
- * traffic streams that can be prioritized one over the other during coex
- * scenarios.
- * The types defined in this enum are categorized in the below manner.
- * 0 - 31 values corresponds to WLAN
- * 32 - 63 values corresponds to BT
- * 64 - 95 values corresponds to Zigbee
- * @QCA_WIFI_STA_DISCOVERY: Prioritize discovery frames for WLAN STA
- * @QCA_WIFI_STA_CONNECTION: Prioritize connection frames for WLAN STA
- * @QCA_WIFI_STA_CLASS_3_MGMT: Prioritize class 3 mgmt frames for WLAN STA
- * @QCA_WIFI_STA_DATA : Prioritize data frames for WLAN STA
- * @QCA_WIFI_STA_ALL: Priritize all frames for WLAN STA
- * @QCA_WIFI_SAP_DISCOVERY: Prioritize discovery frames for WLAN SAP
- * @QCA_WIFI_SAP_CONNECTION: Prioritize connection frames for WLAN SAP
- * @QCA_WIFI_SAP_CLASS_3_MGMT: Prioritize class 3 mgmt frames for WLAN SAP
- * @QCA_WIFI_SAP_DATA: Prioritize data frames for WLAN SAP
- * @QCA_WIFI_SAP_ALL: Prioritize all frames for WLAN SAP
- * @QCA_BT_A2DP: Prioritize BT A2DP
- * @QCA_BT_BLE: Prioritize BT BLE
- * @QCA_BT_SCO: Prioritize BT SCO
- * @QCA_ZB_LOW: Prioritize Zigbee Low
- * @QCA_ZB_HIGH: Prioritize Zigbee High
- */
-enum qca_coex_config_profiles {
- /* 0 - 31 corresponds to WLAN */
- QCA_WIFI_STA_DISCOVERY = 0,
- QCA_WIFI_STA_CONNECTION = 1,
- QCA_WIFI_STA_CLASS_3_MGMT = 2,
- QCA_WIFI_STA_DATA = 3,
- QCA_WIFI_STA_ALL = 4,
- QCA_WIFI_SAP_DISCOVERY = 5,
- QCA_WIFI_SAP_CONNECTION = 6,
- QCA_WIFI_SAP_CLASS_3_MGMT = 7,
- QCA_WIFI_SAP_DATA = 8,
- QCA_WIFI_SAP_ALL = 9,
- /* 32 - 63 corresponds to BT */
- QCA_BT_A2DP = 32,
- QCA_BT_BLE = 33,
- QCA_BT_SCO = 34,
- /* 64 - 95 corresponds to Zigbee */
- QCA_ZB_LOW = 64,
- QCA_ZB_HIGH = 65
-};
-
-/**
- * enum qca_vendor_attr_coex_config - Specifies vendor coex config attributes
- *
- * @QCA_VENDOR_ATTR_COEX_CONFIG_PROFILES: This attribute contains variable
- * length array of 8-bit values from enum qca_coex_config_profiles.
- * FW will prioritize the profiles in the order given in the array encapsulated
- * in this attribute.
- * For example:
- * -----------------------------------------------------------------------
- * | 1 | 34 | 32 | 65 |
- * -----------------------------------------------------------------------
- * If the attribute contains the values defined in above array then it means
- * 1) Wifi STA connection has priority over BT_SCO, BT_A2DP and ZIGBEE HIGH.
- * 2) BT_SCO has priority over BT_A2DP.
- * 3) BT_A2DP has priority over ZIGBEE HIGH.
- * Profiles which are not listed in this array shall not be preferred over the
- * profiles which are listed in the array as a part of this attribute.
- */
-enum qca_vendor_attr_coex_config {
- QCA_VENDOR_ATTR_COEX_CONFIG_INVALID = 0,
- QCA_VENDOR_ATTR_COEX_CONFIG_PROFILES = 1,
-
- /* Keep last */
- QCA_VENDOR_ATTR_COEX_CONFIG_AFTER_LAST,
- QCA_VENDOR_ATTR_COEX_CONFIG_MAX =
- QCA_VENDOR_ATTR_COEX_CONFIG_AFTER_LAST - 1,
-};
-
-/**
- * enum qca_wlan_vendor_attr_link_properties - Represent the link properties.
- *
- * @QCA_WLAN_VENDOR_ATTR_LINK_PROPERTIES_MAC_ADDR: MAC address of the peer
- * (STA/AP) for the connected link.
- * @QCA_WLAN_VENDOR_ATTR_LINK_PROPERTIES_STA_FLAGS: Attribute containing a
- * &struct nl80211_sta_flag_update for the respective connected link. MAC
- * address of the peer represented by
- * QCA_WLAN_VENDOR_ATTR_LINK_PROPERTIES_MAC_ADDR.
- */
-enum qca_wlan_vendor_attr_link_properties {
- QCA_WLAN_VENDOR_ATTR_LINK_PROPERTIES_INVALID = 0,
- /* 1 - 3 are reserved */
- QCA_WLAN_VENDOR_ATTR_LINK_PROPERTIES_MAC_ADDR = 4,
- QCA_WLAN_VENDOR_ATTR_LINK_PROPERTIES_STA_FLAGS = 5,
-
- /* Keep last */
- QCA_VENDOR_ATTR_LINK_PROPERTIES_AFTER_LAST,
- QCA_VENDOR_ATTR_LINK_PROPERTIES_MAX =
- QCA_VENDOR_ATTR_LINK_PROPERTIES_AFTER_LAST - 1,
-};
-
#endif /* QCA_VENDOR_H */
diff --git a/src/common/version.h b/src/common/version.h
index eb4f313..16c1004 100644
--- a/src/common/version.h
+++ b/src/common/version.h
@@ -9,6 +9,6 @@
#define GIT_VERSION_STR_POSTFIX ""
#endif /* GIT_VERSION_STR_POSTFIX */
-#define VERSION_STR "2.8-devel" VERSION_STR_POSTFIX GIT_VERSION_STR_POSTFIX
+#define VERSION_STR "2.7-devel" VERSION_STR_POSTFIX GIT_VERSION_STR_POSTFIX
#endif /* VERSION_H */
diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c
index b47f632..14c5769 100644
--- a/src/common/wpa_common.c
+++ b/src/common/wpa_common.c
@@ -880,12 +880,6 @@
parse->igtk_len = len;
break;
#endif /* CONFIG_IEEE80211W */
-#ifdef CONFIG_OCV
- case FTIE_SUBELEM_OCI:
- parse->oci = pos;
- parse->oci_len = len;
- break;
-#endif /* CONFIG_OCV */
default:
wpa_printf(MSG_DEBUG, "FT: Unknown subelem id %u", id);
break;
@@ -1208,8 +1202,6 @@
pos = rsn_ie + 6;
left = rsn_ie_len - 6;
- data->group_cipher = WPA_CIPHER_GTK_NOT_USED;
- data->key_mgmt = WPA_KEY_MGMT_OSEN;
data->proto = WPA_PROTO_OSEN;
} else {
const struct rsn_ie_hdr *hdr;
diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
index 37b5834..6261744 100644
--- a/src/common/wpa_common.h
+++ b/src/common/wpa_common.h
@@ -110,7 +110,6 @@
#define RSN_KEY_DATA_KEYID RSN_SELECTOR(0x00, 0x0f, 0xac, 10)
#define RSN_KEY_DATA_MULTIBAND_GTK RSN_SELECTOR(0x00, 0x0f, 0xac, 11)
#define RSN_KEY_DATA_MULTIBAND_KEYID RSN_SELECTOR(0x00, 0x0f, 0xac, 12)
-#define RSN_KEY_DATA_OCI RSN_SELECTOR(0x00, 0x0f, 0xac, 13)
#define WFA_KEY_DATA_IP_ADDR_REQ RSN_SELECTOR(0x50, 0x6f, 0x9a, 4)
#define WFA_KEY_DATA_IP_ADDR_ALLOC RSN_SELECTOR(0x50, 0x6f, 0x9a, 5)
@@ -149,8 +148,7 @@
#define WPA_CAPABILITY_SPP_A_MSDU_REQUIRED BIT(11)
#define WPA_CAPABILITY_PBAC BIT(12)
#define WPA_CAPABILITY_EXT_KEY_ID_FOR_UNICAST BIT(13)
-#define WPA_CAPABILITY_OCVC BIT(14)
-/* B15: Reserved */
+/* B14-B15: Reserved */
/* IEEE 802.11r */
@@ -328,7 +326,6 @@
#define FTIE_SUBELEM_GTK 2
#define FTIE_SUBELEM_R0KH_ID 3
#define FTIE_SUBELEM_IGTK 4
-#define FTIE_SUBELEM_OCI 5
struct rsn_rdie {
u8 id;
@@ -454,10 +451,6 @@
size_t tie_len;
const u8 *igtk;
size_t igtk_len;
-#ifdef CONFIG_OCV
- const u8 *oci;
- size_t oci_len;
-#endif /* CONFIG_OCV */
const u8 *ric;
size_t ric_len;
int key_mgmt;
diff --git a/src/common/wpa_ctrl.c b/src/common/wpa_ctrl.c
index 8722b19..a0fe822 100644
--- a/src/common/wpa_ctrl.c
+++ b/src/common/wpa_ctrl.c
@@ -11,8 +11,6 @@
#ifdef CONFIG_CTRL_IFACE
#ifdef CONFIG_CTRL_IFACE_UNIX
-#include <sys/stat.h>
-#include <fcntl.h>
#include <sys/un.h>
#include <unistd.h>
#include <fcntl.h>
@@ -143,19 +141,6 @@
return NULL;
}
tries++;
-#ifdef ANDROID
- /* Set client socket file permissions so that bind() creates the client
- * socket with these permissions and there is no need to try to change
- * them with chmod() after bind() which would have potential issues with
- * race conditions. These permissions are needed to make sure the server
- * side (wpa_supplicant or hostapd) can reply to the control interface
- * messages.
- *
- * The lchown() calls below after bind() are also part of the needed
- * operations to allow the response to go through. Those are using the
- * no-deference-symlinks version to avoid races. */
- fchmod(ctrl->s, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
-#endif /* ANDROID */
if (bind(ctrl->s, (struct sockaddr *) &ctrl->local,
sizeof(ctrl->local)) < 0) {
if (errno == EADDRINUSE && tries < 2) {
@@ -174,6 +159,7 @@
}
#ifdef ANDROID
+ chmod(ctrl->local.sun_path, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
/* Set group even if we do not have privileges to change owner */
grp_wifi = getgrnam("wifi");
gid_wifi = grp_wifi ? grp_wifi->gr_gid : 0;
@@ -185,8 +171,8 @@
os_free(ctrl);
return NULL;
}
- lchown(ctrl->local.sun_path, -1, gid_wifi);
- lchown(ctrl->local.sun_path, uid_system, gid_wifi);
+ chown(ctrl->local.sun_path, -1, gid_wifi);
+ chown(ctrl->local.sun_path, uid_system, gid_wifi);
if (os_strncmp(ctrl_path, "@android:", 9) == 0) {
if (socket_local_client_connect(
@@ -572,8 +558,7 @@
res = recv(ctrl->s, reply, *reply_len, 0);
if (res < 0)
return res;
- if ((res > 0 && reply[0] == '<') ||
- (res > 6 && strncmp(reply, "IFNAME=", 7) == 0)) {
+ if (res > 0 && reply[0] == '<') {
/* This is an unsolicited message from
* wpa_supplicant, not the reply to the
* request. Use msg_cb to report this to the
diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index f89053a..f4cff43 100644
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -29,7 +29,6 @@
#include "sha1.h"
#include "sha256.h"
#include "sha384.h"
-#include "sha512.h"
#include "md5.h"
#include "aes_wrap.h"
#include "crypto.h"
diff --git a/src/crypto/md4-internal.c b/src/crypto/md4-internal.c
index cf408e8..d9c737a 100644
--- a/src/crypto/md4-internal.c
+++ b/src/crypto/md4-internal.c
@@ -85,7 +85,7 @@
(cp)[1] = (value) >> 8; \
(cp)[0] = (value); } while (0)
-static const u8 PADDING[MD4_BLOCK_LENGTH] = {
+static u8 PADDING[MD4_BLOCK_LENGTH] = {
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
diff --git a/src/crypto/random.c b/src/crypto/random.c
index ca9c0c8..6f4cf81 100644
--- a/src/crypto/random.c
+++ b/src/crypto/random.c
@@ -25,9 +25,6 @@
#include "utils/includes.h"
#ifdef __linux__
#include <fcntl.h>
-#ifdef CONFIG_GETRANDOM
-#include <sys/random.h>
-#endif /* CONFIG_GETRANDOM */
#endif /* __linux__ */
#include "utils/common.h"
@@ -238,52 +235,30 @@
return 1; /* Already initialized - good to continue */
/*
- * Try to fetch some more data from the kernel high quality RNG.
- * There may not be enough data available at this point,
+ * Try to fetch some more data from the kernel high quality
+ * /dev/random. There may not be enough data available at this point,
* so use non-blocking read to avoid blocking the application
* completely.
*/
-
-#ifdef CONFIG_GETRANDOM
- res = getrandom(dummy_key + dummy_key_avail,
- sizeof(dummy_key) - dummy_key_avail, GRND_NONBLOCK);
- if (res < 0) {
- if (errno == ENOSYS) {
- wpa_printf(MSG_DEBUG,
- "random: getrandom() not supported, falling back to /dev/random");
- } else {
- wpa_printf(MSG_INFO,
- "random: no data from getrandom(): %s",
- strerror(errno));
- res = 0;
- }
- }
-#else /* CONFIG_GETRANDOM */
- res = -1;
-#endif /* CONFIG_GETRANDOM */
- if (res < 0) {
- fd = open("/dev/random", O_RDONLY | O_NONBLOCK);
- if (fd < 0) {
- wpa_printf(MSG_ERROR,
- "random: Cannot open /dev/random: %s",
- strerror(errno));
- return -1;
- }
-
- res = read(fd, dummy_key + dummy_key_avail,
- sizeof(dummy_key) - dummy_key_avail);
- if (res < 0) {
- wpa_printf(MSG_ERROR,
- "random: Cannot read from /dev/random: %s",
- strerror(errno));
- res = 0;
- }
- close(fd);
+ fd = open("/dev/random", O_RDONLY | O_NONBLOCK);
+ if (fd < 0) {
+ wpa_printf(MSG_ERROR, "random: Cannot open /dev/random: %s",
+ strerror(errno));
+ return -1;
}
- wpa_printf(MSG_DEBUG, "random: Got %u/%u random bytes", (unsigned) res,
+ res = read(fd, dummy_key + dummy_key_avail,
+ sizeof(dummy_key) - dummy_key_avail);
+ if (res < 0) {
+ wpa_printf(MSG_ERROR, "random: Cannot read from /dev/random: "
+ "%s", strerror(errno));
+ res = 0;
+ }
+ wpa_printf(MSG_DEBUG, "random: Got %u/%u bytes from "
+ "/dev/random", (unsigned) res,
(unsigned) (sizeof(dummy_key) - dummy_key_avail));
dummy_key_avail += res;
+ close(fd);
if (dummy_key_avail == sizeof(dummy_key)) {
if (own_pool_ready < MIN_READY_MARK)
@@ -293,7 +268,7 @@
}
wpa_printf(MSG_INFO, "random: Only %u/%u bytes of strong "
- "random data available",
+ "random data available from /dev/random",
(unsigned) dummy_key_avail, (unsigned) sizeof(dummy_key));
if (own_pool_ready >= MIN_READY_MARK ||
@@ -445,19 +420,6 @@
if (random_fd >= 0)
return;
-#ifdef CONFIG_GETRANDOM
- {
- u8 dummy;
-
- if (getrandom(&dummy, 0, GRND_NONBLOCK) == 0 ||
- errno != ENOSYS) {
- wpa_printf(MSG_DEBUG,
- "random: getrandom() support available");
- return;
- }
- }
-#endif /* CONFIG_GETRANDOM */
-
random_fd = open("/dev/random", O_RDONLY | O_NONBLOCK);
if (random_fd < 0) {
wpa_printf(MSG_ERROR, "random: Cannot open /dev/random: %s",
diff --git a/src/crypto/sha512-internal.c b/src/crypto/sha512-internal.c
index c026394..76c4fe7 100644
--- a/src/crypto/sha512-internal.c
+++ b/src/crypto/sha512-internal.c
@@ -109,14 +109,9 @@
/* compress 1024-bits */
static int sha512_compress(struct sha512_state *md, unsigned char *buf)
{
- u64 S[8], t0, t1;
- u64 *W;
+ u64 S[8], W[80], t0, t1;
int i;
- W = os_malloc(80 * sizeof(u64));
- if (!W)
- return -1;
-
/* copy state into S */
for (i = 0; i < 8; i++) {
S[i] = md->state[i];
@@ -151,7 +146,6 @@
md->state[i] = md->state[i] + S[i];
}
- os_free(W);
return 0;
}
diff --git a/src/crypto/sha512.c b/src/crypto/sha512.c
deleted file mode 100644
index 66311c3..0000000
--- a/src/crypto/sha512.c
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
- * SHA-512 hash implementation and interface functions
- * Copyright (c) 2003-2018, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "sha512.h"
-#include "crypto.h"
-
-
-/**
- * hmac_sha512_vector - HMAC-SHA512 over data vector (RFC 2104)
- * @key: Key for HMAC operations
- * @key_len: Length of the key in bytes
- * @num_elem: Number of elements in the data vector
- * @addr: Pointers to the data areas
- * @len: Lengths of the data blocks
- * @mac: Buffer for the hash (64 bytes)
- * Returns: 0 on success, -1 on failure
- */
-int hmac_sha512_vector(const u8 *key, size_t key_len, size_t num_elem,
- const u8 *addr[], const size_t *len, u8 *mac)
-{
- unsigned char k_pad[128]; /* padding - key XORd with ipad/opad */
- unsigned char tk[64];
- const u8 *_addr[6];
- size_t _len[6], i;
-
- if (num_elem > 5) {
- /*
- * Fixed limit on the number of fragments to avoid having to
- * allocate memory (which could fail).
- */
- return -1;
- }
-
- /* if key is longer than 128 bytes reset it to key = SHA512(key) */
- if (key_len > 128) {
- if (sha512_vector(1, &key, &key_len, tk) < 0)
- return -1;
- key = tk;
- key_len = 64;
- }
-
- /* the HMAC_SHA512 transform looks like:
- *
- * SHA512(K XOR opad, SHA512(K XOR ipad, text))
- *
- * where K is an n byte key
- * ipad is the byte 0x36 repeated 128 times
- * opad is the byte 0x5c repeated 128 times
- * and text is the data being protected */
-
- /* start out by storing key in ipad */
- os_memset(k_pad, 0, sizeof(k_pad));
- os_memcpy(k_pad, key, key_len);
- /* XOR key with ipad values */
- for (i = 0; i < 128; i++)
- k_pad[i] ^= 0x36;
-
- /* perform inner SHA512 */
- _addr[0] = k_pad;
- _len[0] = 128;
- for (i = 0; i < num_elem; i++) {
- _addr[i + 1] = addr[i];
- _len[i + 1] = len[i];
- }
- if (sha512_vector(1 + num_elem, _addr, _len, mac) < 0)
- return -1;
-
- os_memset(k_pad, 0, sizeof(k_pad));
- os_memcpy(k_pad, key, key_len);
- /* XOR key with opad values */
- for (i = 0; i < 128; i++)
- k_pad[i] ^= 0x5c;
-
- /* perform outer SHA512 */
- _addr[0] = k_pad;
- _len[0] = 128;
- _addr[1] = mac;
- _len[1] = SHA512_MAC_LEN;
- return sha512_vector(2, _addr, _len, mac);
-}
-
-
-/**
- * hmac_sha512 - HMAC-SHA512 over data buffer (RFC 2104)
- * @key: Key for HMAC operations
- * @key_len: Length of the key in bytes
- * @data: Pointers to the data area
- * @data_len: Length of the data area
- * @mac: Buffer for the hash (64 bytes)
- * Returns: 0 on success, -1 on failure
- */
-int hmac_sha512(const u8 *key, size_t key_len, const u8 *data,
- size_t data_len, u8 *mac)
-{
- return hmac_sha512_vector(key, key_len, 1, &data, &data_len, mac);
-}
diff --git a/src/crypto/tls.h b/src/crypto/tls.h
index 413cccd..481b346 100644
--- a/src/crypto/tls.h
+++ b/src/crypto/tls.h
@@ -82,7 +82,6 @@
int cert_in_cb;
const char *openssl_ciphers;
unsigned int tls_session_lifetime;
- unsigned int crl_reload_interval;
unsigned int tls_flags;
void (*event_cb)(void *ctx, enum tls_event ev,
@@ -104,9 +103,6 @@
#define TLS_CONN_SUITEB BIT(11)
#define TLS_CONN_SUITEB_NO_ECDH BIT(12)
#define TLS_CONN_DISABLE_TLSv1_3 BIT(13)
-#define TLS_CONN_ENABLE_TLSv1_0 BIT(14)
-#define TLS_CONN_ENABLE_TLSv1_1 BIT(15)
-#define TLS_CONN_ENABLE_TLSv1_2 BIT(16)
/**
* struct tls_connection_params - Parameters for TLS connection
@@ -148,8 +144,6 @@
* @cert_id: the certificate's id when using engine
* @ca_cert_id: the CA certificate's id when using engine
* @openssl_ciphers: OpenSSL cipher configuration
- * @openssl_ecdh_curves: OpenSSL ECDH curve configuration. %NULL for auto if
- * supported, empty string to disable, or a colon-separated curve list.
* @flags: Parameter options (TLS_CONN_*)
* @ocsp_stapling_response: DER encoded file with cached OCSP stapling response
* or %NULL if OCSP is not enabled
@@ -193,7 +187,6 @@
const char *cert_id;
const char *ca_cert_id;
const char *openssl_ciphers;
- const char *openssl_ecdh_curves;
unsigned int flags;
const char *ocsp_stapling_response;
@@ -328,11 +321,9 @@
* @tls_ctx: TLS context data from tls_init()
* @check_crl: 0 = do not verify CRLs, 1 = verify CRL for the user certificate,
* 2 = verify CRL for all certificates
- * @strict: 0 = allow CRL time errors, 1 = do not allow CRL time errors
* Returns: 0 on success, -1 on failure
*/
-int __must_check tls_global_set_verify(void *tls_ctx, int check_crl,
- int strict);
+int __must_check tls_global_set_verify(void *tls_ctx, int check_crl);
/**
* tls_connection_set_verify - Set certificate verification options
diff --git a/src/crypto/tls_gnutls.c b/src/crypto/tls_gnutls.c
index 527d01e..36dafd2 100644
--- a/src/crypto/tls_gnutls.c
+++ b/src/crypto/tls_gnutls.c
@@ -461,12 +461,6 @@
}
}
- if (params->openssl_ecdh_curves) {
- wpa_printf(MSG_INFO,
- "GnuTLS: openssl_ecdh_curves not supported");
- return -1;
- }
-
/* TODO: gnutls_certificate_set_verify_flags(xcred, flags);
* to force peer validation(?) */
@@ -848,7 +842,7 @@
}
-int tls_global_set_verify(void *ssl_ctx, int check_crl, int strict)
+int tls_global_set_verify(void *ssl_ctx, int check_crl)
{
/* TODO */
return 0;
diff --git a/src/crypto/tls_internal.c b/src/crypto/tls_internal.c
index 9c57ab2..d289c94 100644
--- a/src/crypto/tls_internal.c
+++ b/src/crypto/tls_internal.c
@@ -248,12 +248,6 @@
return -1;
}
- if (params->openssl_ecdh_curves) {
- wpa_printf(MSG_INFO, "TLS: openssl_ecdh_curves not supported");
- tlsv1_cred_free(cred);
- return -1;
- }
-
if (tlsv1_set_ca_cert(cred, params->ca_cert,
params->ca_cert_blob, params->ca_cert_blob_len,
params->ca_path)) {
@@ -359,7 +353,7 @@
}
-int tls_global_set_verify(void *tls_ctx, int check_crl, int strict)
+int tls_global_set_verify(void *tls_ctx, int check_crl)
{
struct tls_global *global = tls_ctx;
global->check_crl = check_crl;
diff --git a/src/crypto/tls_none.c b/src/crypto/tls_none.c
index 108e9aa..5d0c6bd 100644
--- a/src/crypto/tls_none.c
+++ b/src/crypto/tls_none.c
@@ -72,7 +72,7 @@
}
-int tls_global_set_verify(void *tls_ctx, int check_crl, int strict)
+int tls_global_set_verify(void *tls_ctx, int check_crl)
{
return -1;
}
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 181e64d..5bb14e2 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -104,9 +104,7 @@
#endif
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
- (defined(LIBRESSL_VERSION_NUMBER) && \
- LIBRESSL_VERSION_NUMBER < 0x20700000L)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
#ifdef CONFIG_SUITEB
static int RSA_bits(const RSA *r)
{
@@ -228,16 +226,10 @@
struct tls_data {
SSL_CTX *ssl;
unsigned int tls_session_lifetime;
- int check_crl;
- int check_crl_strict;
- char *ca_cert;
- unsigned int crl_reload_interval;
- struct os_reltime crl_last_reload;
};
struct tls_connection {
struct tls_context *context;
- struct tls_data *data;
SSL_CTX *ssl_ctx;
SSL *ssl;
BIO *ssl_in, *ssl_out;
@@ -323,37 +315,6 @@
#endif /* CONFIG_NO_STDOUT_DEBUG */
-static X509_STORE * tls_crl_cert_reload(const char *ca_cert, int check_crl)
-{
- int flags;
- X509_STORE *store;
-
- store = X509_STORE_new();
- if (!store) {
- wpa_printf(MSG_DEBUG,
- "OpenSSL: %s - failed to allocate new certificate store",
- __func__);
- return NULL;
- }
-
- if (ca_cert && X509_STORE_load_locations(store, ca_cert, NULL) != 1) {
- tls_show_errors(MSG_WARNING, __func__,
- "Failed to load root certificates");
- X509_STORE_free(store);
- return NULL;
- }
-
- if (check_crl)
- flags = X509_V_FLAG_CRL_CHECK;
- if (check_crl == 2)
- flags |= X509_V_FLAG_CRL_CHECK_ALL;
-
- X509_STORE_set_flags(store, flags);
-
- return store;
-}
-
-
#ifdef CONFIG_NATIVE_WINDOWS
/* Windows CryptoAPI and access to certificate stores */
@@ -1042,10 +1003,8 @@
return NULL;
}
data->ssl = ssl;
- if (conf) {
+ if (conf)
data->tls_session_lifetime = conf->tls_session_lifetime;
- data->crl_reload_interval = conf->crl_reload_interval;
- }
SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv2);
SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv3);
@@ -1127,7 +1086,6 @@
os_free(context);
if (data->tls_session_lifetime > 0)
SSL_CTX_flush_sessions(ssl, 0);
- os_free(data->ca_cert);
SSL_CTX_free(ssl);
tls_openssl_ref_count--;
@@ -1523,32 +1481,11 @@
SSL_CTX *ssl = data->ssl;
struct tls_connection *conn;
long options;
- X509_STORE *new_cert_store;
- struct os_reltime now;
struct tls_context *context = SSL_CTX_get_app_data(ssl);
- /* Replace X509 store if it is time to update CRL. */
- if (data->crl_reload_interval > 0 && os_get_reltime(&now) == 0 &&
- os_reltime_expired(&now, &data->crl_last_reload,
- data->crl_reload_interval)) {
- wpa_printf(MSG_INFO,
- "OpenSSL: Flushing X509 store with ca_cert file");
- new_cert_store = tls_crl_cert_reload(data->ca_cert,
- data->check_crl);
- if (!new_cert_store) {
- wpa_printf(MSG_ERROR,
- "OpenSSL: Error replacing X509 store with ca_cert file");
- } else {
- /* Replace old store */
- SSL_CTX_set_cert_store(ssl, new_cert_store);
- data->crl_last_reload = now;
- }
- }
-
conn = os_zalloc(sizeof(*conn));
if (conn == NULL)
return NULL;
- conn->data = data;
conn->ssl_ctx = ssl;
conn->ssl = SSL_new(ssl);
if (conn->ssl == NULL) {
@@ -2072,13 +2009,6 @@
"time mismatch");
preverify_ok = 1;
}
- if (!preverify_ok && !conn->data->check_crl_strict &&
- (err == X509_V_ERR_CRL_HAS_EXPIRED ||
- err == X509_V_ERR_CRL_NOT_YET_VALID)) {
- wpa_printf(MSG_DEBUG,
- "OpenSSL: Ignore certificate validity CRL time mismatch");
- preverify_ok = 1;
- }
err_str = X509_verify_cert_error_string(err);
@@ -2469,16 +2399,13 @@
SSL_CTX_set_client_CA_list(ssl_ctx,
SSL_load_client_CA_file(ca_cert));
#endif /* OPENSSL_NO_STDIO */
-
- os_free(data->ca_cert);
- data->ca_cert = os_strdup(ca_cert);
}
return 0;
}
-int tls_global_set_verify(void *ssl_ctx, int check_crl, int strict)
+int tls_global_set_verify(void *ssl_ctx, int check_crl)
{
int flags;
@@ -2495,10 +2422,6 @@
if (check_crl == 2)
flags |= X509_V_FLAG_CRL_CHECK_ALL;
X509_STORE_set_flags(cs, flags);
-
- data->check_crl = check_crl;
- data->check_crl_strict = strict;
- os_get_reltime(&data->crl_last_reload);
}
return 0;
}
@@ -2614,38 +2537,6 @@
else
SSL_clear_options(ssl, SSL_OP_NO_TLSv1_3);
#endif /* SSL_OP_NO_TLSv1_3 */
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
- if (flags & (TLS_CONN_ENABLE_TLSv1_0 |
- TLS_CONN_ENABLE_TLSv1_1 |
- TLS_CONN_ENABLE_TLSv1_2)) {
- int version = 0;
-
- /* Explicit request to enable TLS versions even if needing to
- * override systemwide policies. */
- if (flags & TLS_CONN_ENABLE_TLSv1_0) {
- version = TLS1_VERSION;
- } else if (flags & TLS_CONN_ENABLE_TLSv1_1) {
- if (!(flags & TLS_CONN_DISABLE_TLSv1_0))
- version = TLS1_1_VERSION;
- } else if (flags & TLS_CONN_ENABLE_TLSv1_2) {
- if (!(flags & (TLS_CONN_DISABLE_TLSv1_0 |
- TLS_CONN_DISABLE_TLSv1_1)))
- version = TLS1_2_VERSION;
- }
- if (!version) {
- wpa_printf(MSG_DEBUG,
- "OpenSSL: Invalid TLS version configuration");
- return -1;
- }
-
- if (SSL_set_min_proto_version(ssl, version) != 1) {
- wpa_printf(MSG_DEBUG,
- "OpenSSL: Failed to set minimum TLS version");
- return -1;
- }
- }
-#endif /* >= 1.1.0 */
-
#ifdef CONFIG_SUITEB
#ifdef OPENSSL_IS_BORINGSSL
/* Start with defaults from BoringSSL */
@@ -2748,22 +2639,7 @@
return -1;
}
}
-#else /* OPENSSL_IS_BORINGSSL */
- if (!(flags & (TLS_CONN_SUITEB | TLS_CONN_SUITEB_NO_ECDH)) &&
- openssl_ciphers && SSL_set_cipher_list(ssl, openssl_ciphers) != 1) {
- wpa_printf(MSG_INFO,
- "OpenSSL: Failed to set openssl_ciphers '%s'",
- openssl_ciphers);
- return -1;
- }
#endif /* OPENSSL_IS_BORINGSSL */
-#else /* CONFIG_SUITEB */
- if (openssl_ciphers && SSL_set_cipher_list(ssl, openssl_ciphers) != 1) {
- wpa_printf(MSG_INFO,
- "OpenSSL: Failed to set openssl_ciphers '%s'",
- openssl_ciphers);
- return -1;
- }
#endif /* CONFIG_SUITEB */
return 0;
@@ -2885,15 +2761,6 @@
return 0;
}
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)\
- && !defined(ANDROID)
- if (SSL_use_certificate_chain_file(conn->ssl, client_cert) == 1) {
- ERR_clear_error();
- wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_chain_file"
- " --> OK");
- return 0;
- }
-#else
if (SSL_use_certificate_file(conn->ssl, client_cert,
SSL_FILETYPE_PEM) == 1) {
ERR_clear_error();
@@ -2901,7 +2768,6 @@
" --> OK");
return 0;
}
-#endif
tls_show_errors(MSG_DEBUG, __func__,
"SSL_use_certificate_file failed");
@@ -4655,40 +4521,6 @@
return -1;
}
- if (!params->openssl_ecdh_curves) {
-#ifndef OPENSSL_IS_BORINGSSL
-#ifndef OPENSSL_NO_EC
-#if (OPENSSL_VERSION_NUMBER >= 0x10002000L) && \
- (OPENSSL_VERSION_NUMBER < 0x10100000L)
- if (SSL_set_ecdh_auto(conn->ssl, 1) != 1) {
- wpa_printf(MSG_INFO,
- "OpenSSL: Failed to set ECDH curves to auto");
- return -1;
- }
-#endif /* >= 1.0.2 && < 1.1.0 */
-#endif /* OPENSSL_NO_EC */
-#endif /* OPENSSL_IS_BORINGSSL */
- } else if (params->openssl_ecdh_curves[0]) {
-#if defined(OPENSSL_IS_BORINGSSL) || (OPENSSL_VERSION_NUMBER < 0x10002000L)
- wpa_printf(MSG_INFO,
- "OpenSSL: ECDH configuration nnot supported");
- return -1;
-#else /* OPENSSL_IS_BORINGSSL || < 1.0.2 */
-#ifndef OPENSSL_NO_EC
- if (SSL_set1_curves_list(conn->ssl,
- params->openssl_ecdh_curves) != 1) {
- wpa_printf(MSG_INFO,
- "OpenSSL: Failed to set ECDH curves '%s'",
- params->openssl_ecdh_curves);
- return -1;
- }
-#else /* OPENSSL_NO_EC */
- wpa_printf(MSG_INFO, "OpenSSL: ECDH not supported");
- return -1;
-#endif /* OPENSSL_NO_EC */
-#endif /* OPENSSL_IS_BORINGSSL */
- }
-
if (tls_set_conn_flags(conn, params->flags,
params->openssl_ciphers) < 0)
return -1;
@@ -4755,41 +4587,6 @@
return -1;
}
- if (!params->openssl_ecdh_curves) {
-#ifndef OPENSSL_IS_BORINGSSL
-#ifndef OPENSSL_NO_EC
-#if (OPENSSL_VERSION_NUMBER >= 0x10002000L) && \
- (OPENSSL_VERSION_NUMBER < 0x10100000L)
- if (SSL_CTX_set_ecdh_auto(ssl_ctx, 1) != 1) {
- wpa_printf(MSG_INFO,
- "OpenSSL: Failed to set ECDH curves to auto");
- return -1;
- }
-#endif /* >= 1.0.2 && < 1.1.0 */
-#endif /* OPENSSL_NO_EC */
-#endif /* OPENSSL_IS_BORINGSSL */
- } else if (params->openssl_ecdh_curves[0]) {
-#if defined(OPENSSL_IS_BORINGSSL) || (OPENSSL_VERSION_NUMBER < 0x10002000L)
- wpa_printf(MSG_INFO,
- "OpenSSL: ECDH configuration nnot supported");
- return -1;
-#else /* OPENSSL_IS_BORINGSSL || < 1.0.2 */
-#ifndef OPENSSL_NO_EC
- if (SSL_CTX_set1_curves_list(ssl_ctx,
- params->openssl_ecdh_curves) !=
- 1) {
- wpa_printf(MSG_INFO,
- "OpenSSL: Failed to set ECDH curves '%s'",
- params->openssl_ecdh_curves);
- return -1;
- }
-#else /* OPENSSL_NO_EC */
- wpa_printf(MSG_INFO, "OpenSSL: ECDH not supported");
- return -1;
-#endif /* OPENSSL_NO_EC */
-#endif /* OPENSSL_IS_BORINGSSL */
- }
-
#ifdef SSL_OP_NO_TICKET
if (params->flags & TLS_CONN_DISABLE_SESSION_TICKET)
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TICKET);
diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c
index b59622e..cc8c704 100644
--- a/src/crypto/tls_wolfssl.c
+++ b/src/crypto/tls_wolfssl.c
@@ -1524,12 +1524,6 @@
return -1;
}
- if (params->openssl_ecdh_curves) {
- wpa_printf(MSG_INFO,
- "wolfSSL: openssl_ecdh_curves not supported");
- return -1;
- }
-
#ifdef HAVE_SESSION_TICKET
/* Session ticket is off by default - can't disable once on. */
if (!(params->flags & TLS_CONN_DISABLE_SESSION_TICKET))
@@ -1549,7 +1543,7 @@
}
-int tls_global_set_verify(void *tls_ctx, int check_crl, int strict)
+int tls_global_set_verify(void *tls_ctx, int check_crl)
{
wpa_printf(MSG_DEBUG, "SSL: global set verify: %d", check_crl);
diff --git a/src/drivers/driver.h b/src/drivers/driver.h
index 23423d9..d34c679 100644
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -58,16 +58,6 @@
#define HOSTAPD_CHAN_VHT_130_30 0x04000000
#define HOSTAPD_CHAN_VHT_150_10 0x08000000
-/* Allowed bandwidth mask */
-enum hostapd_chan_width_attr {
- HOSTAPD_CHAN_WIDTH_10 = BIT(0),
- HOSTAPD_CHAN_WIDTH_20 = BIT(1),
- HOSTAPD_CHAN_WIDTH_40P = BIT(2),
- HOSTAPD_CHAN_WIDTH_40M = BIT(3),
- HOSTAPD_CHAN_WIDTH_80 = BIT(4),
- HOSTAPD_CHAN_WIDTH_160 = BIT(5),
-};
-
/* Filter gratuitous ARP */
#define WPA_DATA_FRAME_FILTER_FLAG_ARP BIT(0)
/* Filter unsolicited Neighbor Advertisement */
@@ -121,13 +111,6 @@
int flag;
/**
- * allowed_bw - Allowed channel width bitmask
- *
- * See enum hostapd_chan_width_attr.
- */
- u32 allowed_bw;
-
- /**
* max_tx_power - Regulatory transmit power limit in dBm
*/
u8 max_tx_power;
@@ -931,10 +914,10 @@
* passphrase - RSN passphrase for PSK
*
* This value is made available only for WPA/WPA2-Personal (PSK) and
- * only for drivers that set WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK. This
- * is the 8..63 character ASCII passphrase, if available. Please note
- * that this can be %NULL if passphrase was not used to generate the
- * PSK. In that case, the psk field must be used to fetch the PSK.
+ * only for drivers that set WPA_DRIVER_FLAGS_4WAY_HANDSHAKE. This is
+ * the 8..63 character ASCII passphrase, if available. Please note that
+ * this can be %NULL if passphrase was not used to generate the PSK. In
+ * that case, the psk field must be used to fetch the PSK.
*/
const char *passphrase;
@@ -942,9 +925,9 @@
* psk - RSN PSK (alternative for passphrase for PSK)
*
* This value is made available only for WPA/WPA2-Personal (PSK) and
- * only for drivers that set WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK. This
- * is the 32-octet (256-bit) PSK, if available. The driver wrapper
- * should be prepared to handle %NULL value as an error.
+ * only for drivers that set WPA_DRIVER_FLAGS_4WAY_HANDSHAKE. This is
+ * the 32-octet (256-bit) PSK, if available. The driver wrapper should
+ * be prepared to handle %NULL value as an error.
*/
const u8 *psk;
@@ -1384,23 +1367,6 @@
* service).
*/
int multicast_to_unicast;
-
- /**
- * ftm_responder - Whether FTM responder is enabled
- */
- int ftm_responder;
-
- /**
- * lci - Binary data, the content of an LCI report IE with type 8 as
- * defined in IEEE Std 802.11-2016, 9.4.2.22.10
- */
- const struct wpabuf *lci;
-
- /**
- * civic - Binary data, the content of a measurement report IE with
- * type 11 as defined in IEEE Std 802.11-2016, 9.4.2.22.13
- */
- const struct wpabuf *civic;
};
struct wpa_driver_mesh_bss_params {
@@ -1458,7 +1424,6 @@
#define WPA_DRIVER_CAPA_KEY_MGMT_FILS_SHA384 0x00002000
#define WPA_DRIVER_CAPA_KEY_MGMT_FT_FILS_SHA256 0x00004000
#define WPA_DRIVER_CAPA_KEY_MGMT_FT_FILS_SHA384 0x00008000
-#define WPA_DRIVER_CAPA_KEY_MGMT_SAE 0x00010000
/** Bitfield of supported key management suites */
unsigned int key_mgmt;
@@ -1492,7 +1457,7 @@
#define WPA_DRIVER_FLAGS_DFS_OFFLOAD 0x00000004
/** Driver takes care of RSN 4-way handshake internally; PMK is configured with
* struct wpa_driver_ops::set_key using alg = WPA_ALG_PMK */
-#define WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X 0x00000008
+#define WPA_DRIVER_FLAGS_4WAY_HANDSHAKE 0x00000008
/** Driver is for a wired Ethernet interface */
#define WPA_DRIVER_FLAGS_WIRED 0x00000010
/** Driver provides separate commands for authentication and association (SME in
@@ -1614,10 +1579,6 @@
#define WPA_DRIVER_FLAGS_MFP_OPTIONAL 0x0040000000000000ULL
/** Driver is a self-managed regulatory device */
#define WPA_DRIVER_FLAGS_SELF_MANAGED_REGULATORY 0x0080000000000000ULL
-/** Driver supports FTM responder functionality */
-#define WPA_DRIVER_FLAGS_FTM_RESPONDER 0x0100000000000000ULL
-/** Driver support 4-way handshake offload for WPA-Personal */
-#define WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK 0x0200000000000000ULL
u64 flags;
#define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \
@@ -1941,21 +1902,19 @@
SMPS_INVALID,
};
-#define WPA_INVALID_NOISE 9999
+/* enum chan_width - Channel width definitions */
+enum chan_width {
+ CHAN_WIDTH_20_NOHT,
+ CHAN_WIDTH_20,
+ CHAN_WIDTH_40,
+ CHAN_WIDTH_80,
+ CHAN_WIDTH_80P80,
+ CHAN_WIDTH_160,
+ CHAN_WIDTH_UNKNOWN
+};
/**
* struct wpa_signal_info - Information about channel signal quality
- * @frequency: control frequency
- * @above_threshold: true if the above threshold was crossed
- * (relevant for a CQM event)
- * @current_signal: in dBm
- * @avg_signal: in dBm
- * @avg_beacon_signal: in dBm
- * @current_noise: %WPA_INVALID_NOISE if not supported
- * @current_txrate: current TX rate
- * @chanwidth: channel width
- * @center_frq1: center frequency for the first segment
- * @center_frq2: center frequency for the second segment (if relevant)
*/
struct wpa_signal_info {
u32 frequency;
@@ -1971,26 +1930,6 @@
};
/**
- * struct wpa_channel_info - Information about the current channel
- * @frequency: Center frequency of the primary 20 MHz channel
- * @chanwidth: Width of the current operating channel
- * @sec_channel: Location of the secondary 20 MHz channel (either +1 or -1).
- * This field is only filled in when using a 40 MHz channel.
- * @center_frq1: Center frequency of frequency segment 0
- * @center_frq2: Center frequency of frequency segment 1 (for 80+80 channels)
- * @seg1_idx: Frequency segment 1 index when using a 80+80 channel. This is
- * derived from center_frq2 for convenience.
- */
-struct wpa_channel_info {
- u32 frequency;
- enum chan_width chanwidth;
- int sec_channel;
- int center_frq1;
- int center_frq2;
- u8 seg1_idx;
-};
-
-/**
* struct beacon_data - Beacon data
* @head: Head portion of Beacon frame (before TIM IE)
* @tail: Tail portion of Beacon frame (after TIM IE)
@@ -3426,14 +3365,6 @@
int (*signal_poll)(void *priv, struct wpa_signal_info *signal_info);
/**
- * channel_info - Get parameters of the current operating channel
- * @priv: Private driver interface data
- * @channel_info: Channel info structure
- * Returns: 0 on success, negative (<0) on failure
- */
- int (*channel_info)(void *priv, struct wpa_channel_info *channel_info);
-
- /**
* set_authmode - Set authentication algorithm(s) for static WEP
* @priv: Private driver interface data
* @authmode: 1=Open System, 2=Shared Key, 3=both
@@ -3714,7 +3645,7 @@
/**
* status - Get driver interface status information
* @priv: Private driver interface data
- * @buf: Buffer for printing the status information
+ * @buf: Buffer for printing tou the status information
* @buflen: Maximum length of the buffer
* Returns: Length of written status information or -1 on failure
*/
@@ -3838,14 +3769,6 @@
int (*set_transmit_next_pn)(void *priv, struct transmit_sa *sa);
/**
- * set_receive_lowest_pn - Set receive lowest PN
- * @priv: Private driver interface data
- * @sa: secure association
- * Returns: 0 on success, -1 on failure (or if not supported)
- */
- int (*set_receive_lowest_pn)(void *priv, struct receive_sa *sa);
-
- /**
* create_receive_sc - create secure channel for receiving
* @priv: Private driver interface data
* @sc: secure channel
@@ -4156,15 +4079,6 @@
*/
int (*send_external_auth_status)(void *priv,
struct external_auth *params);
-
- /**
- * set_4addr_mode - Set 4-address mode
- * @priv: Private driver interface data
- * @bridge_ifname: Bridge interface name
- * @val: 0 - disable 4addr mode, 1 - enable 4addr mode
- * Returns: 0 on success, < 0 on failure
- */
- int (*set_4addr_mode)(void *priv, const char *bridge_ifname, int val);
};
/**
@@ -5607,8 +5521,6 @@
/* Convert chan_width to a string for logging and control interfaces */
const char * channel_width_to_string(enum chan_width width);
-int channel_width_to_int(enum chan_width width);
-
int ht_supported(const struct hostapd_hw_modes *mode);
int vht_supported(const struct hostapd_hw_modes *mode);
diff --git a/src/drivers/driver_atheros.c b/src/drivers/driver_atheros.c
index 62f5baa..16c2ae9 100644
--- a/src/drivers/driver_atheros.c
+++ b/src/drivers/driver_atheros.c
@@ -1329,11 +1329,11 @@
}
atheros_raw_receive(drv, NULL,
(u8 *) custom + MGMT_FRAM_TAG_SIZE, len);
- } else if (os_strncmp(custom, "Manage.auth ", 12) == 0) {
+ } else if (os_strncmp(custom, "Manage.auth ", 12) == 0) {
/* Format: "Manage.auth <frame len>" | zero padding | frame */
int len = atoi(custom + 12);
- if (len < 0 ||
- MGMT_FRAM_TAG_SIZE + len > end - custom) {
+ if (len < 0 ||
+ MGMT_FRAM_TAG_SIZE + len > end - custom) {
wpa_printf(MSG_DEBUG,
"Invalid Manage.auth event length %d", len);
return;
@@ -1342,7 +1342,7 @@
(u8 *) custom + MGMT_FRAM_TAG_SIZE, len);
#endif /* CONFIG_IEEE80211W || CONFIG_IEEE80211R || CONFIG_FILS */
#ifdef ATHEROS_USE_RAW_RECEIVE
- } else if (os_strncmp(custom, "Manage.action ", 14) == 0) {
+ } else if (os_strncmp(custom, "Manage.action ", 14) == 0) {
/* Format: "Manage.assoc_req <frame len>" | zero padding | frame
*/
int len = atoi(custom + 14);
diff --git a/src/drivers/driver_common.c b/src/drivers/driver_common.c
index e55e6cd..ac0916e 100644
--- a/src/drivers/driver_common.c
+++ b/src/drivers/driver_common.c
@@ -115,25 +115,6 @@
}
-int channel_width_to_int(enum chan_width width)
-{
- switch (width) {
- case CHAN_WIDTH_20_NOHT:
- case CHAN_WIDTH_20:
- return 20;
- case CHAN_WIDTH_40:
- return 40;
- case CHAN_WIDTH_80:
- return 80;
- case CHAN_WIDTH_80P80:
- case CHAN_WIDTH_160:
- return 160;
- default:
- return 0;
- }
-}
-
-
int ht_supported(const struct hostapd_hw_modes *mode)
{
if (!(mode->flags & HOSTAPD_MODE_FLAG_HT_INFO_KNOWN)) {
@@ -253,8 +234,7 @@
DF2S(DRIVER_IE);
DF2S(SET_KEYS_AFTER_ASSOC);
DF2S(DFS_OFFLOAD);
- DF2S(4WAY_HANDSHAKE_PSK);
- DF2S(4WAY_HANDSHAKE_8021X);
+ DF2S(4WAY_HANDSHAKE);
DF2S(WIRED);
DF2S(SME);
DF2S(AP);
diff --git a/src/drivers/driver_hostap.c b/src/drivers/driver_hostap.c
index 61b39b1..597da33 100644
--- a/src/drivers/driver_hostap.c
+++ b/src/drivers/driver_hostap.c
@@ -231,11 +231,7 @@
}
memset(&ifr, 0, sizeof(ifr));
- if (os_snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%sap",
- drv->iface) >= (int) sizeof(ifr.ifr_name)) {
- wpa_printf(MSG_ERROR, "hostap: AP interface name truncated");
- return -1;
- }
+ snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%sap", drv->iface);
if (ioctl(drv->sock, SIOCGIFINDEX, &ifr) != 0) {
wpa_printf(MSG_ERROR, "ioctl(SIOCGIFINDEX): %s",
strerror(errno));
@@ -352,10 +348,7 @@
struct ifreq ifr;
char ifname[IFNAMSIZ];
- if (os_snprintf(ifname, IFNAMSIZ, "%sap", drv->iface) >= IFNAMSIZ) {
- wpa_printf(MSG_ERROR, "hostap: AP interface name truncated");
- return -1;
- }
+ os_snprintf(ifname, IFNAMSIZ, "%sap", drv->iface);
if (linux_set_iface_flags(drv->ioctl_sock, ifname, dev_up) < 0)
return -1;
@@ -1131,7 +1124,6 @@
for (i = 0; i < 14; i++) {
mode->channels[i].chan = i + 1;
mode->channels[i].freq = chan2freq[i];
- mode->channels[i].allowed_bw = HOSTAPD_CHAN_WIDTH_20;
/* TODO: Get allowed channel list from the driver */
if (i >= 11)
mode->channels[i].flag = HOSTAPD_CHAN_DISABLED;
diff --git a/src/drivers/driver_macsec_linux.c b/src/drivers/driver_macsec_linux.c
index 9d981bb..e89b3ba 100644
--- a/src/drivers/driver_macsec_linux.c
+++ b/src/drivers/driver_macsec_linux.c
@@ -177,9 +177,6 @@
if (drv->controlled_port_enabled_set) {
struct rtnl_link *change = rtnl_link_alloc();
- wpa_printf(MSG_DEBUG, DRV_PREFIX
- "%s: try_commit controlled_port_enabled=%d",
- drv->ifname, drv->controlled_port_enabled);
if (!change)
return -1;
@@ -199,24 +196,13 @@
drv->controlled_port_enabled_set = FALSE;
}
- if (drv->protect_frames_set) {
- wpa_printf(MSG_DEBUG, DRV_PREFIX
- "%s: try_commit protect_frames=%d",
- drv->ifname, drv->protect_frames);
+ if (drv->protect_frames_set)
rtnl_link_macsec_set_protect(drv->link, drv->protect_frames);
- }
- if (drv->encrypt_set) {
- wpa_printf(MSG_DEBUG, DRV_PREFIX "%s: try_commit encrypt=%d",
- drv->ifname, drv->encrypt);
+ if (drv->encrypt_set)
rtnl_link_macsec_set_encrypt(drv->link, drv->encrypt);
- }
if (drv->replay_protect_set) {
- wpa_printf(MSG_DEBUG, DRV_PREFIX
- "%s: try_commit replay_protect=%d replay_window=%d",
- drv->ifname, drv->replay_protect,
- drv->replay_window);
rtnl_link_macsec_set_replay_protect(drv->link,
drv->replay_protect);
if (drv->replay_protect)
@@ -224,12 +210,8 @@
drv->replay_window);
}
- if (drv->encoding_sa_set) {
- wpa_printf(MSG_DEBUG, DRV_PREFIX
- "%s: try_commit encoding_sa=%d",
- drv->ifname, drv->encoding_sa);
+ if (drv->encoding_sa_set)
rtnl_link_macsec_set_encoding_sa(drv->link, drv->encoding_sa);
- }
err = rtnl_link_add(drv->sk, drv->link, 0);
if (err < 0)
@@ -336,8 +318,6 @@
drv->common.ifname);
goto cache;
}
- wpa_printf(MSG_DEBUG, DRV_PREFIX "ifname=%s parent_ifi=%d",
- drv->common.ifname, drv->parent_ifi);
err = init_genl_ctx(drv);
if (err < 0)
@@ -659,7 +639,7 @@
DRV_PREFIX "failed to communicate: %d (%s)",
ret, nl_geterror(-ret));
- ctx->cb_arg.pn = NULL;
+ ctx->cb_arg.pn = 0;
out_free_msg:
nlmsg_free(msg);
@@ -690,50 +670,6 @@
/**
- * macsec_drv_set_receive_lowest_pn - Set receive lowest PN
- * @priv: Private driver interface data
- * @sa: secure association
- * Returns: 0 on success, -1 on failure (or if not supported)
- */
-static int macsec_drv_set_receive_lowest_pn(void *priv, struct receive_sa *sa)
-{
- struct macsec_drv_data *drv = priv;
- struct macsec_genl_ctx *ctx = &drv->ctx;
- struct nl_msg *msg;
- struct nlattr *nest;
- int ret = -1;
-
- wpa_printf(MSG_DEBUG,
- DRV_PREFIX "%s: set_receive_lowest_pn -> %d: %d",
- drv->ifname, sa->an, sa->next_pn);
-
- msg = msg_prepare(MACSEC_CMD_UPD_RXSA, ctx, drv->ifi);
- if (!msg)
- return ret;
-
- nest = nla_nest_start(msg, MACSEC_ATTR_SA_CONFIG);
- if (!nest)
- goto nla_put_failure;
-
- NLA_PUT_U8(msg, MACSEC_SA_ATTR_AN, sa->an);
- NLA_PUT_U32(msg, MACSEC_SA_ATTR_PN, sa->next_pn);
-
- nla_nest_end(msg, nest);
-
- ret = nl_send_recv(ctx->sk, msg);
- if (ret < 0) {
- wpa_printf(MSG_ERROR,
- DRV_PREFIX "failed to communicate: %d (%s)",
- ret, nl_geterror(-ret));
- }
-
-nla_put_failure:
- nlmsg_free(msg);
- return ret;
-}
-
-
-/**
* macsec_drv_get_transmit_next_pn - Get transmit next PN
* @priv: Private driver interface data
* @sa: secure association
@@ -818,10 +754,8 @@
struct nl_msg *msg;
int ret = -1;
- wpa_printf(MSG_DEBUG, DRV_PREFIX "%s: create_receive_sc -> " SCISTR
- " (conf_offset=%u validation=%d)",
- drv->ifname, SCI2STR(sc->sci.addr, sc->sci.port),
- conf_offset, validation);
+ wpa_printf(MSG_DEBUG, "%s -> " SCISTR, __func__,
+ SCI2STR(sc->sci.addr, sc->sci.port));
msg = msg_prepare(MACSEC_CMD_ADD_RXSC, ctx, drv->ifi);
if (!msg)
@@ -856,8 +790,8 @@
struct nl_msg *msg;
int ret = -1;
- wpa_printf(MSG_DEBUG, DRV_PREFIX "%s: delete_receive_sc -> " SCISTR,
- drv->ifname, SCI2STR(sc->sci.addr, sc->sci.port));
+ wpa_printf(MSG_DEBUG, "%s -> " SCISTR, __func__,
+ SCI2STR(sc->sci.addr, sc->sci.port));
msg = msg_prepare(MACSEC_CMD_DEL_RXSC, ctx, drv->ifi);
if (!msg)
@@ -893,17 +827,8 @@
struct nlattr *nest;
int ret = -1;
- wpa_printf(MSG_DEBUG,
- DRV_PREFIX "%s: create_receive_sa -> %d on " SCISTR
- " (enable_receive=%d next_pn=%u)",
- drv->ifname, sa->an,
- SCI2STR(sa->sc->sci.addr, sa->sc->sci.port),
- sa->enable_receive, sa->next_pn);
- wpa_hexdump(MSG_DEBUG, DRV_PREFIX "SA keyid",
- &sa->pkey->key_identifier,
- sizeof(sa->pkey->key_identifier));
- wpa_hexdump_key(MSG_DEBUG, DRV_PREFIX "SA key",
- sa->pkey->key, sa->pkey->key_len);
+ wpa_printf(MSG_DEBUG, "%s -> %d on " SCISTR, __func__, sa->an,
+ SCI2STR(sa->sc->sci.addr, sa->sc->sci.port));
msg = msg_prepare(MACSEC_CMD_ADD_RXSA, ctx, drv->ifi);
if (!msg)
@@ -952,8 +877,7 @@
struct nlattr *nest;
int ret = -1;
- wpa_printf(MSG_DEBUG, DRV_PREFIX "%s: delete_receive_sa -> %d on "
- SCISTR, drv->ifname, sa->an,
+ wpa_printf(MSG_DEBUG, "%s -> %d on " SCISTR, __func__, sa->an,
SCI2STR(sa->sc->sci.addr, sa->sc->sci.port));
msg = msg_prepare(MACSEC_CMD_DEL_RXSA, ctx, drv->ifi);
@@ -1030,8 +954,7 @@
struct macsec_drv_data *drv = priv;
struct macsec_genl_ctx *ctx = &drv->ctx;
- wpa_printf(MSG_DEBUG, DRV_PREFIX "%s: enable_receive_sa -> %d on "
- SCISTR, drv->ifname, sa->an,
+ wpa_printf(MSG_DEBUG, "%s -> %d on " SCISTR, __func__, sa->an,
SCI2STR(sa->sc->sci.addr, sa->sc->sci.port));
return set_active_rx_sa(ctx, drv->ifi, mka_sci_u64(&sa->sc->sci),
@@ -1050,8 +973,7 @@
struct macsec_drv_data *drv = priv;
struct macsec_genl_ctx *ctx = &drv->ctx;
- wpa_printf(MSG_DEBUG, DRV_PREFIX "%s: disable_receive_sa -> %d on "
- SCISTR, drv->ifname, sa->an,
+ wpa_printf(MSG_DEBUG, "%s -> %d on " SCISTR, __func__, sa->an,
SCI2STR(sa->sc->sci.addr, sa->sc->sci.port));
return set_active_rx_sa(ctx, drv->ifi, mka_sci_u64(&sa->sc->sci),
@@ -1087,7 +1009,7 @@
*/
static int macsec_drv_create_transmit_sc(
void *priv, struct transmit_sc *sc,
- unsigned int conf_offset)
+ enum confidentiality_offset conf_offset)
{
struct macsec_drv_data *drv = priv;
struct rtnl_link *link;
@@ -1095,10 +1017,7 @@
u64 sci;
int err;
- wpa_printf(MSG_DEBUG, DRV_PREFIX
- "%s: create_transmit_sc -> " SCISTR " (conf_offset=%d)",
- drv->common.ifname, SCI2STR(sc->sci.addr, sc->sci.port),
- conf_offset);
+ wpa_printf(MSG_DEBUG, "%s", __func__);
if (!drv->sk) {
wpa_printf(MSG_ERROR, DRV_PREFIX "NULL rtnl socket");
@@ -1141,9 +1060,6 @@
drv->ifi = rtnl_link_get_ifindex(link);
ifname = rtnl_link_get_name(link);
- wpa_printf(MSG_DEBUG,
- DRV_PREFIX "%s: create_transmit_sc: ifi=%d ifname=%s",
- drv->common.ifname, drv->ifi, ifname);
os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname));
rtnl_link_put(link);
@@ -1172,8 +1088,7 @@
struct macsec_drv_data *drv = priv;
int err;
- wpa_printf(MSG_DEBUG, DRV_PREFIX "%s: delete_transmit_sc -> " SCISTR,
- drv->ifname, SCI2STR(sc->sci.addr, sc->sci.port));
+ wpa_printf(MSG_DEBUG, "%s", __func__);
if (!drv->sk)
return 0;
@@ -1210,16 +1125,7 @@
struct nlattr *nest;
int ret = -1;
- wpa_printf(MSG_DEBUG, DRV_PREFIX "%s: create_transmit_sa -> %d on "
- SCISTR " (enable_transmit=%d next_pn=%u)",
- drv->ifname, sa->an,
- SCI2STR(sa->sc->sci.addr, sa->sc->sci.port),
- sa->enable_transmit, sa->next_pn);
- wpa_hexdump(MSG_DEBUG, DRV_PREFIX "SA keyid",
- &sa->pkey->key_identifier,
- sizeof(sa->pkey->key_identifier));
- wpa_hexdump_key(MSG_DEBUG, DRV_PREFIX "SA key",
- sa->pkey->key, sa->pkey->key_len);
+ wpa_printf(MSG_DEBUG, "%s -> %d", __func__, sa->an);
msg = msg_prepare(MACSEC_CMD_ADD_TXSA, ctx, drv->ifi);
if (!msg)
@@ -1265,9 +1171,7 @@
struct nlattr *nest;
int ret = -1;
- wpa_printf(MSG_DEBUG, DRV_PREFIX "%s: delete_transmit_sa -> %d on "
- SCISTR, drv->ifname, sa->an,
- SCI2STR(sa->sc->sci.addr, sa->sc->sci.port));
+ wpa_printf(MSG_DEBUG, "%s -> %d", __func__, sa->an);
msg = msg_prepare(MACSEC_CMD_DEL_TXSA, ctx, drv->ifi);
if (!msg)
@@ -1339,9 +1243,7 @@
struct macsec_genl_ctx *ctx = &drv->ctx;
int ret;
- wpa_printf(MSG_DEBUG, DRV_PREFIX "%s: enable_transmit_sa -> %d on "
- SCISTR, drv->ifname, sa->an,
- SCI2STR(sa->sc->sci.addr, sa->sc->sci.port));
+ wpa_printf(MSG_DEBUG, "%s -> %d", __func__, sa->an);
ret = set_active_tx_sa(ctx, drv->ifi, sa->an, TRUE);
if (ret < 0) {
@@ -1367,38 +1269,12 @@
struct macsec_drv_data *drv = priv;
struct macsec_genl_ctx *ctx = &drv->ctx;
- wpa_printf(MSG_DEBUG, DRV_PREFIX "%s: disable_transmit_sa -> %d on "
- SCISTR, drv->ifname, sa->an,
- SCI2STR(sa->sc->sci.addr, sa->sc->sci.port));
+ wpa_printf(MSG_DEBUG, "%s -> %d", __func__, sa->an);
return set_active_tx_sa(ctx, drv->ifi, sa->an, FALSE);
}
-static int macsec_drv_status(void *priv, char *buf, size_t buflen)
-{
- struct macsec_drv_data *drv = priv;
- int res;
- char *pos, *end;
-
- pos = buf;
- end = buf + buflen;
-
- res = os_snprintf(pos, end - pos,
- "ifname=%s\n"
- "ifi=%d\n"
- "parent_ifname=%s\n"
- "parent_ifi=%d\n",
- drv->common.ifname, drv->ifi,
- drv->ifname, drv->parent_ifi);
- if (os_snprintf_error(end - pos, res))
- return pos - buf;
- pos += res;
-
- return pos - buf;
-}
-
-
const struct wpa_driver_ops wpa_driver_macsec_linux_ops = {
.name = "macsec_linux",
.desc = "MACsec Ethernet driver for Linux",
@@ -1417,7 +1293,6 @@
.set_current_cipher_suite = macsec_drv_set_current_cipher_suite,
.enable_controlled_port = macsec_drv_enable_controlled_port,
.get_receive_lowest_pn = macsec_drv_get_receive_lowest_pn,
- .set_receive_lowest_pn = macsec_drv_set_receive_lowest_pn,
.get_transmit_next_pn = macsec_drv_get_transmit_next_pn,
.set_transmit_next_pn = macsec_drv_set_transmit_next_pn,
.create_receive_sc = macsec_drv_create_receive_sc,
@@ -1432,6 +1307,4 @@
.delete_transmit_sa = macsec_drv_delete_transmit_sa,
.enable_transmit_sa = macsec_drv_enable_transmit_sa,
.disable_transmit_sa = macsec_drv_disable_transmit_sa,
-
- .status = macsec_drv_status,
};
diff --git a/src/drivers/driver_macsec_qca.c b/src/drivers/driver_macsec_qca.c
index 8372393..e397950 100644
--- a/src/drivers/driver_macsec_qca.c
+++ b/src/drivers/driver_macsec_qca.c
@@ -383,7 +383,7 @@
}
-static int macsec_qca_set_transmit_next_pn(void *priv, struct transmit_sa *sa)
+int macsec_qca_set_transmit_next_pn(void *priv, struct transmit_sa *sa)
{
struct macsec_qca_data *drv = priv;
int ret = 0;
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index 0a70e22..771e766 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -40,9 +40,6 @@
#include "driver_nl80211.h"
-#ifndef NETLINK_CAP_ACK
-#define NETLINK_CAP_ACK 10
-#endif /* NETLINK_CAP_ACK */
/* support for extack if compilation headers are too old */
#ifndef NETLINK_EXT_ACK
#define NETLINK_EXT_ACK 11
@@ -409,11 +406,6 @@
setsockopt(nl_socket_get_fd(nl_handle), SOL_NETLINK,
NETLINK_EXT_ACK, &opt, sizeof(opt));
- /* try to set NETLINK_CAP_ACK to 1, ignoring errors */
- opt = 1;
- setsockopt(nl_socket_get_fd(nl_handle), SOL_NETLINK,
- NETLINK_CAP_ACK, &opt, sizeof(opt));
-
err = nl_send_auto_complete(nl_handle, msg);
if (err < 0)
goto out;
@@ -1477,7 +1469,7 @@
{
struct nl_msg *msg;
- sig->current_signal = -WPA_INVALID_NOISE;
+ sig->current_signal = -9999;
sig->current_txrate = 0;
if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_GET_STATION)) ||
@@ -1539,7 +1531,7 @@
{
struct nl_msg *msg;
- sig_change->current_noise = WPA_INVALID_NOISE;
+ sig_change->current_noise = 9999;
sig_change->frequency = drv->assoc_freq;
msg = nl80211_drv_msg(drv, NLM_F_DUMP, NL80211_CMD_GET_SURVEY);
@@ -1547,70 +1539,6 @@
}
-static int get_channel_info(struct nl_msg *msg, void *arg)
-{
- struct nlattr *tb[NL80211_ATTR_MAX + 1] = { 0 };
- struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
- struct wpa_channel_info *chan_info = arg;
-
- nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
- genlmsg_attrlen(gnlh, 0), NULL);
-
- os_memset(chan_info, 0, sizeof(struct wpa_channel_info));
- chan_info->chanwidth = CHAN_WIDTH_UNKNOWN;
-
- if (tb[NL80211_ATTR_WIPHY_FREQ])
- chan_info->frequency =
- nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]);
- if (tb[NL80211_ATTR_CHANNEL_WIDTH])
- chan_info->chanwidth = convert2width(
- nla_get_u32(tb[NL80211_ATTR_CHANNEL_WIDTH]));
- if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
- enum nl80211_channel_type ct =
- nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
-
- switch (ct) {
- case NL80211_CHAN_HT40MINUS:
- chan_info->sec_channel = -1;
- break;
- case NL80211_CHAN_HT40PLUS:
- chan_info->sec_channel = 1;
- break;
- default:
- chan_info->sec_channel = 0;
- break;
- }
- }
- if (tb[NL80211_ATTR_CENTER_FREQ1])
- chan_info->center_frq1 =
- nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ1]);
- if (tb[NL80211_ATTR_CENTER_FREQ2])
- chan_info->center_frq2 =
- nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ2]);
-
- if (chan_info->center_frq2) {
- u8 seg1_idx = 0;
-
- if (ieee80211_freq_to_chan(chan_info->center_frq2, &seg1_idx) !=
- NUM_HOSTAPD_MODES)
- chan_info->seg1_idx = seg1_idx;
- }
-
- return NL_SKIP;
-}
-
-
-static int nl80211_channel_info(void *priv, struct wpa_channel_info *ci)
-{
- struct i802_bss *bss = priv;
- struct wpa_driver_nl80211_data *drv = bss->drv;
- struct nl_msg *msg;
-
- msg = nl80211_drv_msg(drv, 0, NL80211_CMD_GET_INTERFACE);
- return send_and_recv_msgs(drv, msg, get_channel_info, ci);
-}
-
-
static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx,
void *handle)
{
@@ -2241,11 +2169,6 @@
ret = -1;
#endif /* CONFIG_DPP */
#ifdef CONFIG_IEEE80211W
-#ifdef CONFIG_OCV
- /* SA Query Request */
- if (nl80211_register_action_frame(bss, (u8 *) "\x08\x00", 2) < 0)
- ret = -1;
-#endif /* CONFIG_OCV */
/* SA Query Response */
if (nl80211_register_action_frame(bss, (u8 *) "\x08\x01", 2) < 0)
ret = -1;
@@ -3039,7 +2962,7 @@
#endif /* CONFIG_DRIVER_NL80211_QCA */
if (alg == WPA_ALG_PMK &&
- (drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X))
+ (drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
return nl80211_set_pmk(drv, key, key_len, addr);
if (alg == WPA_ALG_NONE) {
@@ -3242,8 +3165,7 @@
int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
const u8 *addr, int cmd, u16 reason_code,
- int local_state_change,
- struct nl_handle *nl_connect)
+ int local_state_change)
{
int ret;
struct nl_msg *msg;
@@ -3257,10 +3179,7 @@
return -1;
}
- if (nl_connect)
- ret = send_and_recv(drv->global, nl_connect, msg, NULL, NULL);
- else
- ret = send_and_recv_msgs(drv, msg, NULL, NULL);
+ ret = send_and_recv_msgs(drv, msg, NULL, NULL);
if (ret) {
wpa_dbg(drv->ctx, MSG_DEBUG,
"nl80211: MLME command failed: reason=%u ret=%d (%s)",
@@ -3271,8 +3190,7 @@
static int wpa_driver_nl80211_disconnect(struct wpa_driver_nl80211_data *drv,
- int reason_code,
- struct nl_handle *nl_connect)
+ int reason_code)
{
int ret;
int drv_associated = drv->associated;
@@ -3281,7 +3199,7 @@
nl80211_mark_disconnected(drv);
/* Disconnect command doesn't need BSSID - it uses cached value */
ret = wpa_driver_nl80211_mlme(drv, NULL, NL80211_CMD_DISCONNECT,
- reason_code, 0, nl_connect);
+ reason_code, 0);
/*
* For locally generated disconnect, supplicant already generates a
* DEAUTH event, so ignore the event from NL80211.
@@ -3303,19 +3221,13 @@
nl80211_mark_disconnected(drv);
return nl80211_leave_ibss(drv, 1);
}
- if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) {
- struct nl_handle *nl_connect = NULL;
-
- if (bss->use_nl_connect)
- nl_connect = bss->nl_connect;
- return wpa_driver_nl80211_disconnect(drv, reason_code,
- nl_connect);
- }
+ if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME))
+ return wpa_driver_nl80211_disconnect(drv, reason_code);
wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)",
__func__, MAC2STR(addr), reason_code);
nl80211_mark_disconnected(drv);
ret = wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE,
- reason_code, 0, NULL);
+ reason_code, 0);
/*
* For locally generated deauthenticate, supplicant already generates a
* DEAUTH event, so ignore the event from NL80211.
@@ -4045,7 +3957,7 @@
struct wpa_driver_nl80211_data *drv = bss->drv;
struct nl_msg *msg;
u8 cmd = NL80211_CMD_NEW_BEACON;
- int ret = -ENOBUFS;
+ int ret;
int beacon_set;
int num_suites;
int smps_mode;
@@ -4251,29 +4163,6 @@
goto fail;
}
- if (params->ftm_responder) {
- struct nlattr *ftm;
-
- if (!(drv->capa.flags & WPA_DRIVER_FLAGS_FTM_RESPONDER)) {
- ret = -ENOTSUP;
- goto fail;
- }
-
- ftm = nla_nest_start(msg, NL80211_ATTR_FTM_RESPONDER);
- if (!ftm ||
- nla_put_flag(msg, NL80211_FTM_RESP_ATTR_ENABLED) ||
- (params->lci &&
- nla_put(msg, NL80211_FTM_RESP_ATTR_LCI,
- wpabuf_len(params->lci),
- wpabuf_head(params->lci))) ||
- (params->civic &&
- nla_put(msg, NL80211_FTM_RESP_ATTR_CIVICLOC,
- wpabuf_len(params->civic),
- wpabuf_head(params->civic))))
- goto fail;
- nla_nest_end(msg, ftm);
- }
-
ret = send_and_recv_msgs(drv, msg, NULL, NULL);
if (ret) {
wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)",
@@ -4325,7 +4214,7 @@
return ret;
fail:
nlmsg_free(msg);
- return ret;
+ return -ENOBUFS;
}
@@ -5576,16 +5465,9 @@
return -1;
}
- if (params->req_key_mgmt_offload &&
- (drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X)) {
- wpa_printf(MSG_DEBUG, " * WANT_1X_4WAY_HS");
- if (nla_put_flag(msg, NL80211_ATTR_WANT_1X_4WAY_HS))
- return -1;
- }
-
/* Add PSK in case of 4-way handshake offload */
if (params->psk &&
- (drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK)) {
+ (drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE)) {
wpa_hexdump_key(MSG_DEBUG, " * PSK", params->psk, 32);
if (nla_put(msg, NL80211_ATTR_PMK, 32, params->psk))
return -1;
@@ -5716,10 +5598,9 @@
goto fail;
if (nl_connect)
- ret = send_and_recv(drv->global, nl_connect, msg,
- NULL, (void *) -1);
+ ret = send_and_recv(drv->global, nl_connect, msg, NULL, NULL);
else
- ret = send_and_recv_msgs(drv, msg, NULL, (void *) -1);
+ ret = send_and_recv_msgs(drv, msg, NULL, NULL);
msg = NULL;
if (ret) {
@@ -5731,7 +5612,6 @@
}
fail:
- nl80211_nlmsg_clear(msg);
nlmsg_free(msg);
return ret;
@@ -5762,7 +5642,7 @@
"disconnecting before reassociation "
"attempt");
if (wpa_driver_nl80211_disconnect(
- drv, WLAN_REASON_PREV_AUTH_NOT_VALID, nl_connect))
+ drv, WLAN_REASON_PREV_AUTH_NOT_VALID))
return -1;
ret = wpa_driver_nl80211_try_connect(drv, params, nl_connect);
}
@@ -5793,13 +5673,8 @@
if (wpa_driver_nl80211_set_mode(priv, nlmode) < 0)
return -1;
- if (params->auth_alg & WPA_AUTH_ALG_SAE) {
+ if (params->auth_alg & WPA_AUTH_ALG_SAE)
nl_connect = bss->nl_connect;
- bss->use_nl_connect = 1;
- } else {
- bss->use_nl_connect = 0;
- }
-
return wpa_driver_nl80211_connect(drv, params, nl_connect);
}
@@ -6406,7 +6281,6 @@
struct wpa_driver_nl80211_data *drv = bss->drv;
struct nl_msg *msg;
struct nlattr *txq, *params;
- int res;
msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_WIPHY);
if (!msg)
@@ -6452,11 +6326,7 @@
nla_nest_end(msg, txq);
- res = send_and_recv_msgs(drv, msg, NULL, NULL);
- wpa_printf(MSG_DEBUG,
- "nl80211: TX queue param set: queue=%d aifs=%d cw_min=%d cw_max=%d burst_time=%d --> res=%d",
- queue, aifs, cw_min, cw_max, burst_time, res);
- if (res == 0)
+ if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
return 0;
msg = NULL;
fail:
@@ -6755,12 +6625,9 @@
}
return i802_set_sta_vlan(priv, addr, name, 0);
} else {
- if (bridge_ifname &&
- linux_br_del_if(drv->global->ioctl_sock, bridge_ifname,
- name) < 0)
- wpa_printf(MSG_INFO,
- "nl80211: Failed to remove interface %s from bridge %s: %s",
- name, bridge_ifname, strerror(errno));
+ if (bridge_ifname)
+ linux_br_del_if(drv->global->ioctl_sock, bridge_ifname,
+ name);
i802_set_sta_vlan(priv, addr, bss->ifname, 0);
nl80211_remove_iface(drv, if_nametoindex(name));
@@ -7929,12 +7796,11 @@
params->fils_cache_id)) ||
(params->pmk_len && params->pmk_len <= PMK_MAX_LEN &&
nla_put(msg, NL80211_ATTR_PMK, params->pmk_len, params->pmk))) {
- nl80211_nlmsg_clear(msg);
nlmsg_free(msg);
return -ENOBUFS;
}
- return send_and_recv_msgs(bss->drv, msg, NULL, (void *) -1);
+ return send_and_recv_msgs(bss->drv, msg, NULL, NULL);
}
@@ -8706,8 +8572,6 @@
struct wpa_driver_nl80211_data *drv = bss->drv;
int res;
char *pos, *end;
- struct nl_msg *msg;
- char alpha2[3] = { 0, 0, 0 };
pos = buf;
end = buf + buflen;
@@ -8852,23 +8716,6 @@
pos += res;
}
- msg = nlmsg_alloc();
- if (msg &&
- nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_REG) &&
- nla_put_u32(msg, NL80211_ATTR_WIPHY, drv->wiphy_idx) == 0) {
- if (send_and_recv_msgs(drv, msg, nl80211_get_country,
- alpha2) == 0 &&
- alpha2[0]) {
- res = os_snprintf(pos, end - pos, "country=%s\n",
- alpha2);
- if (os_snprintf_error(end - pos, res))
- return pos - buf;
- pos += res;
- }
- } else {
- nlmsg_free(msg);
- }
-
return pos - buf;
}
@@ -10801,49 +10648,6 @@
}
-static int nl80211_set_4addr_mode(void *priv, const char *bridge_ifname,
- int val)
-{
- struct i802_bss *bss = priv;
- struct wpa_driver_nl80211_data *drv = bss->drv;
- struct nl_msg *msg;
- int ret = -ENOBUFS;
-
- wpa_printf(MSG_DEBUG, "nl80211: %s 4addr mode (bridge_ifname: %s)",
- val ? "Enable" : "Disable", bridge_ifname);
-
- msg = nl80211_cmd_msg(drv->first_bss, 0, NL80211_CMD_SET_INTERFACE);
- if (!msg || nla_put_u8(msg, NL80211_ATTR_4ADDR, val))
- goto fail;
-
- if (bridge_ifname[0] && bss->added_if_into_bridge && !val) {
- if (linux_br_del_if(drv->global->ioctl_sock,
- bridge_ifname, bss->ifname)) {
- wpa_printf(MSG_ERROR,
- "nl80211: Failed to remove interface %s from bridge %s",
- bss->ifname, bridge_ifname);
- return -1;
- }
- bss->added_if_into_bridge = 0;
- }
-
- ret = send_and_recv_msgs(drv, msg, NULL, NULL);
- msg = NULL;
- if (!ret) {
- if (bridge_ifname[0] && val &&
- i802_check_bridge(drv, bss, bridge_ifname, bss->ifname) < 0)
- return -1;
- return 0;
- }
-
-fail:
- nlmsg_free(msg);
- wpa_printf(MSG_ERROR, "nl80211: Failed to enable/disable 4addr");
-
- return ret;
-}
-
-
const struct wpa_driver_ops wpa_driver_nl80211_ops = {
.name = "nl80211",
.desc = "Linux nl80211/cfg80211",
@@ -10903,7 +10707,6 @@
.resume = wpa_driver_nl80211_resume,
.signal_monitor = nl80211_signal_monitor,
.signal_poll = nl80211_signal_poll,
- .channel_info = nl80211_channel_info,
.send_frame = nl80211_send_frame,
.set_param = nl80211_set_param,
.get_radio_name = nl80211_get_radio_name,
@@ -10973,5 +10776,4 @@
.get_ext_capab = nl80211_get_ext_capab,
.update_connect_params = nl80211_update_connection_params,
.send_external_auth_status = nl80211_send_external_auth_status,
- .set_4addr_mode = nl80211_set_4addr_mode,
};
diff --git a/src/drivers/driver_nl80211.h b/src/drivers/driver_nl80211.h
index 1e7fe7a..5ac0c7d 100644
--- a/src/drivers/driver_nl80211.h
+++ b/src/drivers/driver_nl80211.h
@@ -66,7 +66,6 @@
unsigned int wdev_id_set:1;
unsigned int added_if:1;
unsigned int static_ap:1;
- unsigned int use_nl_connect:1;
u8 addr[ETH_ALEN];
@@ -166,7 +165,6 @@
unsigned int he_capab_vendor_cmd_avail:1;
unsigned int fetch_bss_trans_status:1;
unsigned int roam_vendor_cmd_avail:1;
- unsigned int get_supported_akm_suites_avail:1;
u64 vendor_scan_cookie;
u64 remain_on_chan_cookie;
@@ -254,8 +252,7 @@
enum nl80211_iftype nlmode);
int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
const u8 *addr, int cmd, u16 reason_code,
- int local_state_change,
- struct nl_handle *nl_connect);
+ int local_state_change);
int nl80211_create_monitor_interface(struct wpa_driver_nl80211_data *drv);
void nl80211_remove_monitor_interface(struct wpa_driver_nl80211_data *drv);
diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c
index 37eeb5e..7b360d2 100644
--- a/src/drivers/driver_nl80211_capa.c
+++ b/src/drivers/driver_nl80211_capa.c
@@ -403,11 +403,10 @@
capa->flags |= WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD;
if (ext_feature_isset(ext_features, len,
- NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK))
- capa->flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK;
- if (ext_feature_isset(ext_features, len,
+ NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK) &&
+ ext_feature_isset(ext_features, len,
NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
- capa->flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X;
+ capa->flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE;
if (ext_feature_isset(ext_features, len,
NL80211_EXT_FEATURE_MFP_OPTIONAL))
@@ -429,10 +428,6 @@
NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION))
capa->flags |= WPA_DRIVER_FLAGS_OCE_STA;
#endif /* CONFIG_MBO */
-
- if (ext_feature_isset(ext_features, len,
- NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER))
- capa->flags |= WPA_DRIVER_FLAGS_FTM_RESPONDER;
}
@@ -787,9 +782,6 @@
case QCA_NL80211_VENDOR_SUBCMD_ROAM:
drv->roam_vendor_cmd_avail = 1;
break;
- case QCA_NL80211_VENDOR_SUBCMD_GET_SUPPORTED_AKMS:
- drv->get_supported_akm_suites_avail = 1;
- break;
#endif /* CONFIG_DRIVER_NL80211_QCA */
}
}
@@ -962,126 +954,6 @@
}
-static unsigned int get_akm_suites_info(struct nlattr *tb)
-{
- int i, num;
- unsigned int key_mgmt = 0;
- u32 *akms;
-
- if (!tb)
- return 0;
-
- num = nla_len(tb) / sizeof(u32);
- akms = nla_data(tb);
- for (i = 0; i < num; i++) {
- u32 a = akms[i];
-
- wpa_printf(MSG_DEBUG,
- "nl80211: Supported AKM %02x-%02x-%02x:%u",
- a >> 24, (a >> 16) & 0xff,
- (a >> 8) & 0xff, a & 0xff);
- switch (a) {
- case RSN_AUTH_KEY_MGMT_UNSPEC_802_1X:
- key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA |
- WPA_DRIVER_CAPA_KEY_MGMT_WPA2;
- break;
- case RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X:
- key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK |
- WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
- break;
- case RSN_AUTH_KEY_MGMT_FT_802_1X:
- key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FT;
- break;
- case RSN_AUTH_KEY_MGMT_FT_PSK:
- key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK;
- break;
- case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B:
- key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_SUITE_B;
- break;
- case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192:
- key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_SUITE_B_192;
- break;
- case RSN_AUTH_KEY_MGMT_OWE:
- key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_OWE;
- break;
- case RSN_AUTH_KEY_MGMT_DPP:
- key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_DPP;
- break;
- case RSN_AUTH_KEY_MGMT_FILS_SHA256:
- key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FILS_SHA256;
- break;
- case RSN_AUTH_KEY_MGMT_FILS_SHA384:
- key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FILS_SHA384;
- break;
- case RSN_AUTH_KEY_MGMT_FT_FILS_SHA256:
- key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FT_FILS_SHA256;
- break;
- case RSN_AUTH_KEY_MGMT_FT_FILS_SHA384:
- key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FT_FILS_SHA384;
- break;
- case RSN_AUTH_KEY_MGMT_SAE:
- key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_SAE;
- break;
- }
- }
-
- return key_mgmt;
-}
-
-
-static int get_akm_suites_handler(struct nl_msg *msg, void *arg)
-{
- struct nlattr *tb[NL80211_ATTR_MAX + 1];
- struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
- unsigned int *key_mgmt = arg;
-
- nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
- genlmsg_attrlen(gnlh, 0), NULL);
-
- if (tb[NL80211_ATTR_VENDOR_DATA]) {
- struct nlattr *nl_vend = tb[NL80211_ATTR_VENDOR_DATA];
- struct nlattr *tb_data[NL80211_ATTR_MAX + 1];
-
- nla_parse(tb_data, NL80211_ATTR_MAX,
- nla_data(nl_vend), nla_len(nl_vend), NULL);
-
- *key_mgmt =
- get_akm_suites_info(tb_data[NL80211_ATTR_AKM_SUITES]);
- }
-
- return NL_SKIP;
-}
-
-
-static int qca_nl80211_get_akm_suites(struct wpa_driver_nl80211_data *drv)
-{
- struct nl_msg *msg;
- unsigned int key_mgmt = 0;
- int ret;
-
- if (!drv->get_supported_akm_suites_avail)
- return -1;
-
- if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
- nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
- nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
- QCA_NL80211_VENDOR_SUBCMD_GET_SUPPORTED_AKMS)) {
- nlmsg_free(msg);
- return -1;
- }
-
- ret = send_and_recv_msgs(drv, msg, get_akm_suites_handler, &key_mgmt);
- if (!ret) {
- wpa_printf(MSG_DEBUG,
- "nl80211: Replace capa.key_mgmt based on driver advertised capabilities: 0x%x",
- key_mgmt);
- drv->capa.key_mgmt = key_mgmt;
- }
-
- return ret;
-}
-
-
static int qca_nl80211_he_capab_handler(struct nl_msg *msg, void *arg)
{
struct nlattr *tb[NL80211_ATTR_MAX + 1];
@@ -1307,18 +1179,11 @@
drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FILS_SHA256 |
WPA_DRIVER_CAPA_KEY_MGMT_FILS_SHA384 |
WPA_DRIVER_CAPA_KEY_MGMT_FT_FILS_SHA256 |
- WPA_DRIVER_CAPA_KEY_MGMT_FT_FILS_SHA384 |
- WPA_DRIVER_CAPA_KEY_MGMT_SAE;
+ WPA_DRIVER_CAPA_KEY_MGMT_FT_FILS_SHA384;
else if (drv->capa.flags & WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD)
drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FILS_SHA256 |
WPA_DRIVER_CAPA_KEY_MGMT_FILS_SHA384;
-#ifdef CONFIG_DRIVER_NL80211_QCA
- /* Override drv->capa.key_mgmt based on driver advertised capability
- * constraints, if available. */
- qca_nl80211_get_akm_suites(drv);
-#endif /* CONFIG_DRIVER_NL80211_QCA */
-
drv->capa.auth = WPA_DRIVER_AUTH_OPEN |
WPA_DRIVER_AUTH_SHARED |
WPA_DRIVER_AUTH_LEAP;
@@ -1442,7 +1307,6 @@
u8 channel;
chan->freq = nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_FREQ]);
chan->flag = 0;
- chan->allowed_bw = ~0;
chan->dfs_cac_ms = 0;
if (ieee80211_freq_to_chan(chan->freq, &channel) != NUM_HOSTAPD_MODES)
chan->chan = channel;
@@ -1458,19 +1322,6 @@
if (tb_freq[NL80211_FREQUENCY_ATTR_GO_CONCURRENT])
chan->flag |= HOSTAPD_CHAN_GO_CONCURRENT;
- if (tb_freq[NL80211_FREQUENCY_ATTR_NO_10MHZ])
- chan->allowed_bw &= ~HOSTAPD_CHAN_WIDTH_10;
- if (tb_freq[NL80211_FREQUENCY_ATTR_NO_20MHZ])
- chan->allowed_bw &= ~HOSTAPD_CHAN_WIDTH_20;
- if (tb_freq[NL80211_FREQUENCY_ATTR_NO_HT40_PLUS])
- chan->allowed_bw &= ~HOSTAPD_CHAN_WIDTH_40P;
- if (tb_freq[NL80211_FREQUENCY_ATTR_NO_HT40_MINUS])
- chan->allowed_bw &= ~HOSTAPD_CHAN_WIDTH_40M;
- if (tb_freq[NL80211_FREQUENCY_ATTR_NO_80MHZ])
- chan->allowed_bw &= ~HOSTAPD_CHAN_WIDTH_80;
- if (tb_freq[NL80211_FREQUENCY_ATTR_NO_160MHZ])
- chan->allowed_bw &= ~HOSTAPD_CHAN_WIDTH_160;
-
if (tb_freq[NL80211_FREQUENCY_ATTR_DFS_STATE]) {
enum nl80211_dfs_state state =
nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_DFS_STATE]);
@@ -1505,12 +1356,6 @@
[NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG },
[NL80211_FREQUENCY_ATTR_MAX_TX_POWER] = { .type = NLA_U32 },
[NL80211_FREQUENCY_ATTR_DFS_STATE] = { .type = NLA_U32 },
- [NL80211_FREQUENCY_ATTR_NO_10MHZ] = { .type = NLA_FLAG },
- [NL80211_FREQUENCY_ATTR_NO_20MHZ] = { .type = NLA_FLAG },
- [NL80211_FREQUENCY_ATTR_NO_HT40_PLUS] = { .type = NLA_FLAG },
- [NL80211_FREQUENCY_ATTR_NO_HT40_MINUS] = { .type = NLA_FLAG },
- [NL80211_FREQUENCY_ATTR_NO_80MHZ] = { .type = NLA_FLAG },
- [NL80211_FREQUENCY_ATTR_NO_160MHZ] = { .type = NLA_FLAG },
};
int new_channels = 0;
struct hostapd_channel_data *channel;
@@ -2087,61 +1932,6 @@
}
-static const char * modestr(enum hostapd_hw_mode mode)
-{
- switch (mode) {
- case HOSTAPD_MODE_IEEE80211B:
- return "802.11b";
- case HOSTAPD_MODE_IEEE80211G:
- return "802.11g";
- case HOSTAPD_MODE_IEEE80211A:
- return "802.11a";
- case HOSTAPD_MODE_IEEE80211AD:
- return "802.11ad";
- default:
- return "?";
- }
-}
-
-
-static void nl80211_dump_chan_list(struct hostapd_hw_modes *modes,
- u16 num_modes)
-{
- int i;
-
- if (!modes)
- return;
-
- for (i = 0; i < num_modes; i++) {
- struct hostapd_hw_modes *mode = &modes[i];
- char str[200];
- char *pos = str;
- char *end = pos + sizeof(str);
- int j, res;
-
- for (j = 0; j < mode->num_channels; j++) {
- struct hostapd_channel_data *chan = &mode->channels[j];
-
- res = os_snprintf(pos, end - pos, " %d%s%s%s",
- chan->freq,
- (chan->flag & HOSTAPD_CHAN_DISABLED) ?
- "[DISABLED]" : "",
- (chan->flag & HOSTAPD_CHAN_NO_IR) ?
- "[NO_IR]" : "",
- (chan->flag & HOSTAPD_CHAN_RADAR) ?
- "[RADAR]" : "");
- if (os_snprintf_error(end - pos, res))
- break;
- pos += res;
- }
-
- *pos = '\0';
- wpa_printf(MSG_DEBUG, "nl80211: Mode IEEE %s:%s",
- modestr(mode->mode), str);
- }
-}
-
-
struct hostapd_hw_modes *
nl80211_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags,
u8 *dfs_domain)
@@ -2173,8 +1963,6 @@
}
if (send_and_recv_msgs(drv, msg, phy_info_handler, &result) == 0) {
- struct hostapd_hw_modes *modes;
-
nl80211_set_regulatory_flags(drv, &result);
if (result.failed) {
int i;
@@ -2190,10 +1978,8 @@
*dfs_domain = result.dfs_domain;
- modes = wpa_driver_nl80211_postprocess_modes(result.modes,
- num_modes);
- nl80211_dump_chan_list(modes, *num_modes);
- return modes;
+ return wpa_driver_nl80211_postprocess_modes(result.modes,
+ num_modes);
}
return NULL;
diff --git a/src/drivers/driver_nl80211_event.c b/src/drivers/driver_nl80211_event.c
index 06e619b..5b8efbc 100644
--- a/src/drivers/driver_nl80211_event.c
+++ b/src/drivers/driver_nl80211_event.c
@@ -754,12 +754,12 @@
* disconnection event for the old AP may show up after
* we have started connection with the new AP.
*/
- wpa_printf(MSG_DEBUG,
- "nl80211: Ignore deauth/disassoc event from old AP "
- MACSTR
- " when already connecting with " MACSTR,
- MAC2STR(bssid),
- MAC2STR(drv->auth_attempt_bssid));
+ wpa_printf(MSG_DEBUG,
+ "nl80211: Ignore deauth/disassoc event from old AP "
+ MACSTR
+ " when already connecting with " MACSTR,
+ MAC2STR(bssid),
+ MAC2STR(drv->auth_attempt_bssid));
return;
}
@@ -2183,54 +2183,6 @@
}
-static void nl80211_dump_freq(const char *title, struct nlattr *nl_freq)
-{
- static struct nla_policy freq_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = {
- [NL80211_FREQUENCY_ATTR_FREQ] = { .type = NLA_U32 },
- [NL80211_FREQUENCY_ATTR_DISABLED] = { .type = NLA_FLAG },
- [NL80211_FREQUENCY_ATTR_NO_IR] = { .type = NLA_FLAG },
- [NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG },
- [NL80211_FREQUENCY_ATTR_MAX_TX_POWER] = { .type = NLA_U32 },
- };
- struct nlattr *tb[NL80211_FREQUENCY_ATTR_MAX + 1];
- u32 freq = 0, max_tx_power = 0;
-
- nla_parse(tb, NL80211_FREQUENCY_ATTR_MAX,
- nla_data(nl_freq), nla_len(nl_freq), freq_policy);
-
- if (tb[NL80211_FREQUENCY_ATTR_FREQ])
- freq = nla_get_u32(tb[NL80211_FREQUENCY_ATTR_FREQ]);
- if (tb[NL80211_FREQUENCY_ATTR_MAX_TX_POWER])
- max_tx_power =
- nla_get_u32(tb[NL80211_FREQUENCY_ATTR_MAX_TX_POWER]);
-
- wpa_printf(MSG_DEBUG,
- "nl80211: Channel (%s): freq=%u max_tx_power=%u%s%s%s",
- title, freq, max_tx_power,
- tb[NL80211_FREQUENCY_ATTR_DISABLED] ? " disabled" : "",
- tb[NL80211_FREQUENCY_ATTR_NO_IR] ? " no-IR" : "",
- tb[NL80211_FREQUENCY_ATTR_RADAR] ? " radar" : "");
-}
-
-
-static void nl80211_reg_beacon_hint_event(struct wpa_driver_nl80211_data *drv,
- struct nlattr *tb[])
-{
- union wpa_event_data data;
-
- wpa_printf(MSG_DEBUG, "nl80211: Regulatory beacon hint");
- os_memset(&data, 0, sizeof(data));
- data.channel_list_changed.initiator = REGDOM_BEACON_HINT;
-
- if (tb[NL80211_ATTR_FREQ_BEFORE])
- nl80211_dump_freq("before", tb[NL80211_ATTR_FREQ_BEFORE]);
- if (tb[NL80211_ATTR_FREQ_AFTER])
- nl80211_dump_freq("after", tb[NL80211_ATTR_FREQ_AFTER]);
-
- wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, &data);
-}
-
-
static void nl80211_external_auth(struct wpa_driver_nl80211_data *drv,
struct nlattr **tb)
{
@@ -2319,7 +2271,7 @@
ed.sta_opmode.addr = nla_data(tb[NL80211_ATTR_MAC]);
if (tb[NL80211_ATTR_SMPS_MODE]) {
- smps_mode = nla_get_u8(tb[NL80211_ATTR_SMPS_MODE]);
+ smps_mode = nla_get_u32(tb[NL80211_ATTR_SMPS_MODE]);
switch (smps_mode) {
case NL80211_SMPS_OFF:
ed.sta_opmode.smps_mode = SMPS_OFF;
@@ -2375,6 +2327,7 @@
struct nlattr **tb)
{
struct wpa_driver_nl80211_data *drv = bss->drv;
+ union wpa_event_data data;
int external_scan_event = 0;
wpa_printf(MSG_DEBUG, "nl80211: Drv Event %d (%s) received for %s",
@@ -2527,7 +2480,11 @@
nl80211_reg_change_event(drv, tb);
break;
case NL80211_CMD_REG_BEACON_HINT:
- nl80211_reg_beacon_hint_event(drv, tb);
+ wpa_printf(MSG_DEBUG, "nl80211: Regulatory beacon hint");
+ os_memset(&data, 0, sizeof(data));
+ data.channel_list_changed.initiator = REGDOM_BEACON_HINT;
+ wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED,
+ &data);
break;
case NL80211_CMD_NEW_STATION:
nl80211_new_station_event(drv, bss, tb);
diff --git a/src/drivers/driver_nl80211_scan.c b/src/drivers/driver_nl80211_scan.c
index 33a8d35..86501f4 100644
--- a/src/drivers/driver_nl80211_scan.c
+++ b/src/drivers/driver_nl80211_scan.c
@@ -866,8 +866,7 @@
"mismatch (" MACSTR ")", MAC2STR(addr));
wpa_driver_nl80211_mlme(drv, addr,
NL80211_CMD_DEAUTHENTICATE,
- WLAN_REASON_PREV_AUTH_NOT_VALID, 1,
- NULL);
+ WLAN_REASON_PREV_AUTH_NOT_VALID, 1);
}
}
diff --git a/src/drivers/driver_openbsd.c b/src/drivers/driver_openbsd.c
index c06e75c..e94eda0 100644
--- a/src/drivers/driver_openbsd.c
+++ b/src/drivers/driver_openbsd.c
@@ -62,8 +62,7 @@
wpa_driver_openbsd_get_capa(void *priv, struct wpa_driver_capa *capa)
{
os_memset(capa, 0, sizeof(*capa));
- capa->flags = WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK |
- WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X;
+ capa->flags = WPA_DRIVER_FLAGS_4WAY_HANDSHAKE;
return 0;
}
diff --git a/src/drivers/driver_wext.c b/src/drivers/driver_wext.c
index f7755cc..933b8d9 100644
--- a/src/drivers/driver_wext.c
+++ b/src/drivers/driver_wext.c
@@ -868,16 +868,14 @@
const char *ifname)
{
char buf[200], *res;
- int type, ret;
+ int type;
FILE *f;
if (strcmp(ifname, ".") == 0 || strcmp(ifname, "..") == 0)
return -1;
- ret = snprintf(buf, sizeof(buf), "/sys/class/net/%s/device/net/%s/type",
- drv->ifname, ifname);
- if (os_snprintf_error(sizeof(buf), ret))
- return -1;
+ snprintf(buf, sizeof(buf), "/sys/class/net/%s/device/net/%s/type",
+ drv->ifname, ifname);
f = fopen(buf, "r");
if (!f)
@@ -1647,8 +1645,7 @@
if (range->enc_capa & IW_ENC_CAPA_CIPHER_CCMP)
drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP;
if (range->enc_capa & IW_ENC_CAPA_4WAY_HANDSHAKE)
- drv->capa.flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK |
- WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X;
+ drv->capa.flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE;
drv->capa.auth = WPA_DRIVER_AUTH_OPEN |
WPA_DRIVER_AUTH_SHARED |
WPA_DRIVER_AUTH_LEAP;
@@ -1679,7 +1676,7 @@
wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
- if (!(drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X))
+ if (!(drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
return 0;
if (!psk)
@@ -2431,8 +2428,8 @@
struct iwreq iwr;
os_memset(si, 0, sizeof(*si));
- si->current_signal = -WPA_INVALID_NOISE;
- si->current_noise = WPA_INVALID_NOISE;
+ si->current_signal = -9999;
+ si->current_noise = 9999;
si->chanwidth = CHAN_WIDTH_UNKNOWN;
os_memset(&iwr, 0, sizeof(iwr));
diff --git a/src/drivers/driver_wired.c b/src/drivers/driver_wired.c
index c7537b7..7e09dcf 100644
--- a/src/drivers/driver_wired.c
+++ b/src/drivers/driver_wired.c
@@ -96,16 +96,16 @@
hdr = (struct ieee8023_hdr *) buf;
switch (ntohs(hdr->ethertype)) {
- case ETH_P_PAE:
- wpa_printf(MSG_MSGDUMP, "Received EAPOL packet");
- sa = hdr->src;
- os_memset(&event, 0, sizeof(event));
- event.new_sta.addr = sa;
- wpa_supplicant_event(ctx, EVENT_NEW_STA, &event);
+ case ETH_P_PAE:
+ wpa_printf(MSG_MSGDUMP, "Received EAPOL packet");
+ sa = hdr->src;
+ os_memset(&event, 0, sizeof(event));
+ event.new_sta.addr = sa;
+ wpa_supplicant_event(ctx, EVENT_NEW_STA, &event);
- pos = (u8 *) (hdr + 1);
- left = len - sizeof(*hdr);
- drv_event_eapol_rx(ctx, sa, pos, left);
+ pos = (u8 *) (hdr + 1);
+ left = len - sizeof(*hdr);
+ drv_event_eapol_rx(ctx, sa, pos, left);
break;
default:
diff --git a/src/drivers/drivers.mak b/src/drivers/drivers.mak
index 442c59c..1496b47 100644
--- a/src/drivers/drivers.mak
+++ b/src/drivers/drivers.mak
@@ -22,7 +22,6 @@
DRV_CFLAGS += -DCONFIG_DRIVER_MACSEC_LINUX
DRV_OBJS += ../src/drivers/driver_macsec_linux.o
NEED_DRV_WIRED_COMMON=1
-NEED_LIBNL=y
CONFIG_LIBNL3_ROUTE=y
endif
@@ -52,7 +51,37 @@
NEED_LINUX_IOCTL=y
NEED_RFKILL=y
NEED_RADIOTAP=y
-NEED_LIBNL=y
+
+ifdef CONFIG_LIBNL32
+ DRV_LIBS += -lnl-3
+ DRV_LIBS += -lnl-genl-3
+ DRV_CFLAGS += -DCONFIG_LIBNL20
+ ifdef LIBNL_INC
+ DRV_CFLAGS += -I$(LIBNL_INC)
+ else
+ PKG_CONFIG ?= pkg-config
+ DRV_CFLAGS += $(shell $(PKG_CONFIG) --cflags libnl-3.0)
+ endif
+ifdef CONFIG_LIBNL3_ROUTE
+ DRV_LIBS += -lnl-route-3
+ DRV_CFLAGS += -DCONFIG_LIBNL3_ROUTE
+endif
+else
+ ifdef CONFIG_LIBNL_TINY
+ DRV_LIBS += -lnl-tiny
+ else
+ ifndef CONFIG_OSX
+ DRV_LIBS += -lnl
+ endif
+ endif
+
+ ifdef CONFIG_LIBNL20
+ ifndef CONFIG_LIBNL_TINY
+ DRV_LIBS += -lnl-genl
+ endif
+ DRV_CFLAGS += -DCONFIG_LIBNL20
+ endif
+endif
endif
ifdef CONFIG_DRIVER_BSD
@@ -154,55 +183,26 @@
ifdef CONFIG_VLAN_NETLINK
ifdef CONFIG_FULL_DYNAMIC_VLAN
-NEED_LIBNL=y
-CONFIG_LIBNL3_ROUTE=y
-endif
-endif
-
-ifdef NEED_LIBNL
-ifndef CONFIG_LIBNL32
-ifndef CONFIG_LIBNL20
-ifndef CONFIG_LIBNL_TINY
-PKG_CONFIG ?= pkg-config
-HAVE_LIBNL3 := $(shell $(PKG_CONFIG) --exists libnl-3.0; echo $$?)
-ifeq ($(HAVE_LIBNL3),0)
-CONFIG_LIBNL32=y
-endif
-endif
-endif
-endif
-
ifdef CONFIG_LIBNL32
DRV_LIBS += -lnl-3
DRV_LIBS += -lnl-genl-3
+ DRV_LIBS += -lnl-route-3
DRV_CFLAGS += -DCONFIG_LIBNL20
- ifdef LIBNL_INC
- DRV_CFLAGS += -I$(LIBNL_INC)
- else
- PKG_CONFIG ?= pkg-config
- DRV_CFLAGS += $(shell $(PKG_CONFIG) --cflags libnl-3.0)
- endif
- ifdef CONFIG_LIBNL3_ROUTE
- DRV_LIBS += -lnl-route-3
- DRV_CFLAGS += -DCONFIG_LIBNL3_ROUTE
- endif
else
ifdef CONFIG_LIBNL_TINY
DRV_LIBS += -lnl-tiny
else
- ifndef CONFIG_OSX
- DRV_LIBS += -lnl
- endif
+ DRV_LIBS += -lnl
endif
ifdef CONFIG_LIBNL20
- ifndef CONFIG_LIBNL_TINY
- DRV_LIBS += -lnl-genl
- endif
+ DRV_LIBS += -lnl-genl
+ DRV_LIBS += -lnl-route
DRV_CFLAGS += -DCONFIG_LIBNL20
endif
endif
endif
+endif
##### COMMON VARS
DRV_BOTH_CFLAGS := $(DRV_CFLAGS) $(DRV_WPA_CFLAGS) $(DRV_AP_CFLAGS)
diff --git a/src/drivers/drivers.mk b/src/drivers/drivers.mk
index 599a0b5..cd25133 100644
--- a/src/drivers/drivers.mk
+++ b/src/drivers/drivers.mk
@@ -23,7 +23,6 @@
DRV_OBJS += src/drivers/driver_macsec_linux.c
NEED_DRV_WIRED_COMMON=1
CONFIG_LIBNL3_ROUTE=y
-NEED_LIBNL=y
endif
ifdef NEED_DRV_WIRED_COMMON
@@ -47,7 +46,29 @@
NEED_LINUX_IOCTL=y
NEED_RFKILL=y
NEED_RADIOTAP=y
-NEED_LIBNL=y
+
+ifdef CONFIG_LIBNL32
+ DRV_LIBS += -lnl-3
+ DRV_LIBS += -lnl-genl-3
+ DRV_CFLAGS += -DCONFIG_LIBNL20 -I/usr/include/libnl3
+ifdef CONFIG_LIBNL3_ROUTE
+ DRV_LIBS += -lnl-route-3
+ DRV_CFLAGS += -DCONFIG_LIBNL3_ROUTE
+endif
+else
+ ifdef CONFIG_LIBNL_TINY
+ DRV_LIBS += -lnl-tiny
+ else
+ DRV_LIBS += -lnl
+ endif
+
+ ifdef CONFIG_LIBNL20
+ ifndef CONFIG_LIBNL_TINY
+ DRV_LIBS += -lnl-genl
+ endif
+ DRV_CFLAGS += -DCONFIG_LIBNL20
+ endif
+endif
endif
ifdef CONFIG_DRIVER_BSD
@@ -150,20 +171,11 @@
ifdef CONFIG_VLAN_NETLINK
ifdef CONFIG_FULL_DYNAMIC_VLAN
-NEED_LIBNL=y
-CONFIG_LIBNL3_ROUTE=y
-endif
-endif
-
-ifdef NEED_LIBNL
ifdef CONFIG_LIBNL32
DRV_LIBS += -lnl-3
DRV_LIBS += -lnl-genl-3
- DRV_CFLAGS += -DCONFIG_LIBNL20 -I/usr/include/libnl3
-ifdef CONFIG_LIBNL3_ROUTE
DRV_LIBS += -lnl-route-3
- DRV_CFLAGS += -DCONFIG_LIBNL3_ROUTE
-endif
+ DRV_CFLAGS += -DCONFIG_LIBNL20
else
ifdef CONFIG_LIBNL_TINY
DRV_LIBS += -lnl-tiny
@@ -172,13 +184,13 @@
endif
ifdef CONFIG_LIBNL20
- ifndef CONFIG_LIBNL_TINY
- DRV_LIBS += -lnl-genl
- endif
+ DRV_LIBS += -lnl-genl
+ DRV_LIBS += -lnl-route
DRV_CFLAGS += -DCONFIG_LIBNL20
endif
endif
endif
+endif
##### COMMON VARS
DRV_BOTH_CFLAGS := $(DRV_CFLAGS) $(DRV_WPA_CFLAGS) $(DRV_AP_CFLAGS)
diff --git a/src/drivers/linux_ioctl.c b/src/drivers/linux_ioctl.c
index 7edb9df..e21147a 100644
--- a/src/drivers/linux_ioctl.c
+++ b/src/drivers/linux_ioctl.c
@@ -12,7 +12,6 @@
#include <net/if_arp.h>
#include "utils/common.h"
-#include "common/linux_bridge.h"
#include "linux_ioctl.h"
@@ -120,14 +119,25 @@
}
+#ifndef SIOCBRADDBR
+#define SIOCBRADDBR 0x89a0
+#endif
+#ifndef SIOCBRDELBR
+#define SIOCBRDELBR 0x89a1
+#endif
+#ifndef SIOCBRADDIF
+#define SIOCBRADDIF 0x89a2
+#endif
+#ifndef SIOCBRDELIF
+#define SIOCBRDELIF 0x89a3
+#endif
+
+
int linux_br_add(int sock, const char *brname)
{
if (ioctl(sock, SIOCBRADDBR, brname) < 0) {
- int saved_errno = errno;
-
wpa_printf(MSG_DEBUG, "Could not add bridge %s: %s",
brname, strerror(errno));
- errno = saved_errno;
return -1;
}
@@ -160,11 +170,8 @@
os_strlcpy(ifr.ifr_name, brname, IFNAMSIZ);
ifr.ifr_ifindex = ifindex;
if (ioctl(sock, SIOCBRADDIF, &ifr) < 0) {
- int saved_errno = errno;
-
wpa_printf(MSG_DEBUG, "Could not add interface %s into bridge "
"%s: %s", ifname, brname, strerror(errno));
- errno = saved_errno;
return -1;
}
diff --git a/src/drivers/nl80211_copy.h b/src/drivers/nl80211_copy.h
index 31ae5c7..1766a12 100644
--- a/src/drivers/nl80211_copy.h
+++ b/src/drivers/nl80211_copy.h
@@ -1033,38 +1033,6 @@
* %NL80211_ATTR_CHANNEL_WIDTH,%NL80211_ATTR_NSS attributes with its
* address(specified in %NL80211_ATTR_MAC).
*
- * @NL80211_CMD_GET_FTM_RESPONDER_STATS: Retrieve FTM responder statistics, in
- * the %NL80211_ATTR_FTM_RESPONDER_STATS attribute.
- *
- * @NL80211_CMD_PEER_MEASUREMENT_START: start a (set of) peer measurement(s)
- * with the given parameters, which are encapsulated in the nested
- * %NL80211_ATTR_PEER_MEASUREMENTS attribute. Optionally, MAC address
- * randomization may be enabled and configured by specifying the
- * %NL80211_ATTR_MAC and %NL80211_ATTR_MAC_MASK attributes.
- * If a timeout is requested, use the %NL80211_ATTR_TIMEOUT attribute.
- * A u64 cookie for further %NL80211_ATTR_COOKIE use is is returned in
- * the netlink extended ack message.
- *
- * To cancel a measurement, close the socket that requested it.
- *
- * Measurement results are reported to the socket that requested the
- * measurement using @NL80211_CMD_PEER_MEASUREMENT_RESULT when they
- * become available, so applications must ensure a large enough socket
- * buffer size.
- *
- * Depending on driver support it may or may not be possible to start
- * multiple concurrent measurements.
- * @NL80211_CMD_PEER_MEASUREMENT_RESULT: This command number is used for the
- * result notification from the driver to the requesting socket.
- * @NL80211_CMD_PEER_MEASUREMENT_COMPLETE: Notification only, indicating that
- * the measurement completed, using the measurement cookie
- * (%NL80211_ATTR_COOKIE).
- *
- * @NL80211_CMD_NOTIFY_RADAR: Notify the kernel that a radar signal was
- * detected and reported by a neighboring device on the channel
- * indicated by %NL80211_ATTR_WIPHY_FREQ and other attributes
- * determining the width and type.
- *
* @NL80211_CMD_MAX: highest used command number
* @__NL80211_CMD_AFTER_LAST: internal use
*/
@@ -1277,14 +1245,6 @@
NL80211_CMD_CONTROL_PORT_FRAME,
- NL80211_CMD_GET_FTM_RESPONDER_STATS,
-
- NL80211_CMD_PEER_MEASUREMENT_START,
- NL80211_CMD_PEER_MEASUREMENT_RESULT,
- NL80211_CMD_PEER_MEASUREMENT_COMPLETE,
-
- NL80211_CMD_NOTIFY_RADAR,
-
/* add new commands above here */
/* used to define NL80211_CMD_MAX below */
@@ -1741,7 +1701,7 @@
* the values passed in @NL80211_ATTR_SCAN_SSIDS (eg. if an SSID
* is included in the probe request, but the match attributes
* will never let it go through), -EINVAL may be returned.
- * If omitted, no filtering is done.
+ * If ommited, no filtering is done.
*
* @NL80211_ATTR_INTERFACE_COMBINATIONS: Nested attribute listing the supported
* interface combinations. In each nested item, it contains attributes
@@ -1846,7 +1806,7 @@
*
* @NL80211_ATTR_INACTIVITY_TIMEOUT: timeout value in seconds, this can be
* used by the drivers which has MLME in firmware and does not have support
- * to report per station tx/rx activity to free up the station entry from
+ * to report per station tx/rx activity to free up the staion entry from
* the list. This needs to be used when the driver advertises the
* capability to timeout the stations.
*
@@ -2207,7 +2167,7 @@
*
* @NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST: When present the RSSI level for BSSs in
* the specified band is to be adjusted before doing
- * %NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI based comparison to figure out
+ * %NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI based comparision to figure out
* better BSSs. The attribute value is a packed structure
* value as specified by &struct nl80211_bss_select_rssi_adjust.
*
@@ -2281,24 +2241,6 @@
* association request when used with NL80211_CMD_NEW_STATION). Can be set
* only if %NL80211_STA_FLAG_WME is set.
*
- * @NL80211_ATTR_FTM_RESPONDER: nested attribute which user-space can include
- * in %NL80211_CMD_START_AP or %NL80211_CMD_SET_BEACON for fine timing
- * measurement (FTM) responder functionality and containing parameters as
- * possible, see &enum nl80211_ftm_responder_attr
- *
- * @NL80211_ATTR_FTM_RESPONDER_STATS: Nested attribute with FTM responder
- * statistics, see &enum nl80211_ftm_responder_stats.
- *
- * @NL80211_ATTR_TIMEOUT: Timeout for the given operation in milliseconds (u32),
- * if the attribute is not given no timeout is requested. Note that 0 is an
- * invalid value.
- *
- * @NL80211_ATTR_PEER_MEASUREMENTS: peer measurements request (and result)
- * data, uses nested attributes specified in
- * &enum nl80211_peer_measurement_attrs.
- * This is also used for capability advertisement in the wiphy information,
- * with the appropriate sub-attributes.
- *
* @NUM_NL80211_ATTR: total number of nl80211_attrs available
* @NL80211_ATTR_MAX: highest attribute number currently defined
* @__NL80211_ATTR_AFTER_LAST: internal use
@@ -2740,14 +2682,6 @@
NL80211_ATTR_HE_CAPABILITY,
- NL80211_ATTR_FTM_RESPONDER,
-
- NL80211_ATTR_FTM_RESPONDER_STATS,
-
- NL80211_ATTR_TIMEOUT,
-
- NL80211_ATTR_PEER_MEASUREMENTS,
-
/* add attributes here, update the policy in nl80211.c */
__NL80211_ATTR_AFTER_LAST,
@@ -3117,14 +3051,6 @@
* @NL80211_STA_INFO_PAD: attribute used for padding for 64-bit alignment
* @NL80211_STA_INFO_ACK_SIGNAL: signal strength of the last ACK frame(u8, dBm)
* @NL80211_STA_INFO_ACK_SIGNAL_AVG: avg signal strength of ACK frames (s8, dBm)
- * @NL80211_STA_INFO_RX_MPDUS: total number of received packets (MPDUs)
- * (u32, from this station)
- * @NL80211_STA_INFO_FCS_ERROR_COUNT: total number of packets (MPDUs) received
- * with an FCS error (u32, from this station). This count may not include
- * some packets with an FCS error due to TA corruption. Hence this counter
- * might not be fully accurate.
- * @NL80211_STA_INFO_CONNECTED_TO_GATE: set to true if STA has a path to a
- * mesh gate (u8, 0 or 1)
* @__NL80211_STA_INFO_AFTER_LAST: internal
* @NL80211_STA_INFO_MAX: highest possible station info attribute
*/
@@ -3165,9 +3091,6 @@
NL80211_STA_INFO_PAD,
NL80211_STA_INFO_ACK_SIGNAL,
NL80211_STA_INFO_ACK_SIGNAL_AVG,
- NL80211_STA_INFO_RX_MPDUS,
- NL80211_STA_INFO_FCS_ERROR_COUNT,
- NL80211_STA_INFO_CONNECTED_TO_GATE,
/* keep last */
__NL80211_STA_INFO_AFTER_LAST,
@@ -3947,11 +3870,6 @@
* remove it from the STA's list of peers. You may set this to 0 to disable
* the removal of the STA. Default is 30 minutes.
*
- * @NL80211_MESHCONF_CONNECTED_TO_GATE: If set to true then this mesh STA
- * will advertise that it is connected to a gate in the mesh formation
- * field. If left unset then the mesh formation field will only
- * advertise such if there is an active root mesh path.
- *
* @__NL80211_MESHCONF_ATTR_AFTER_LAST: internal use
*/
enum nl80211_meshconf_params {
@@ -3984,7 +3902,6 @@
NL80211_MESHCONF_POWER_MODE,
NL80211_MESHCONF_AWAKE_WINDOW,
NL80211_MESHCONF_PLINK_TIMEOUT,
- NL80211_MESHCONF_CONNECTED_TO_GATE,
/* keep last */
__NL80211_MESHCONF_ATTR_AFTER_LAST,
@@ -4917,7 +4834,7 @@
* numbers = [ #{STA} <= 1, #{P2P-client,P2P-GO} <= 3 ], max = 4
* => allows a STA plus three P2P interfaces
*
- * The list of these four possibilities could completely be contained
+ * The list of these four possiblities could completely be contained
* within the %NL80211_ATTR_INTERFACE_COMBINATIONS attribute to indicate
* that any of these groups must match.
*
@@ -4947,7 +4864,7 @@
* enum nl80211_plink_state - state of a mesh peer link finite state machine
*
* @NL80211_PLINK_LISTEN: initial state, considered the implicit
- * state of non existent mesh peer links
+ * state of non existant mesh peer links
* @NL80211_PLINK_OPN_SNT: mesh plink open frame has been sent to
* this mesh peer
* @NL80211_PLINK_OPN_RCVD: mesh plink open frame has been received
@@ -5308,13 +5225,6 @@
* @NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT: Driver/device can omit all data
* except for supported rates from the probe request content if requested
* by the %NL80211_SCAN_FLAG_MIN_PREQ_CONTENT flag.
- * @NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER: Driver supports enabling fine
- * timing measurement responder role.
- *
- * @NL80211_EXT_FEATURE_CAN_REPLACE_PTK0: Driver/device confirm that they are
- * able to rekey an in-use key correctly. Userspace must not rekey PTK keys
- * if this flag is not set. Ignoring this can leak clear text packets and/or
- * freeze the connection.
*
* @NUM_NL80211_EXT_FEATURES: number of extended features.
* @MAX_NL80211_EXT_FEATURES: highest extended feature index.
@@ -5353,8 +5263,6 @@
NL80211_EXT_FEATURE_TXQS,
NL80211_EXT_FEATURE_SCAN_RANDOM_SN,
NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT,
- NL80211_EXT_FEATURE_CAN_REPLACE_PTK0,
- NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER,
/* add new features before the definition below */
NUM_NL80211_EXT_FEATURES,
@@ -5439,7 +5347,7 @@
* request parameters IE in the probe request
* @NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP: accept broadcast probe responses
* @NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE: send probe request frames at
- * rate of at least 5.5M. In case non OCE AP is discovered in the channel,
+ * rate of at least 5.5M. In case non OCE AP is dicovered in the channel,
* only the first probe req in the channel will be sent in high rate.
* @NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION: allow probe request
* tx deferral (dot11FILSProbeDelay shall be set to 15ms)
@@ -5894,458 +5802,4 @@
NL80211_EXTERNAL_AUTH_ABORT,
};
-/**
- * enum nl80211_ftm_responder_attributes - fine timing measurement
- * responder attributes
- * @__NL80211_FTM_RESP_ATTR_INVALID: Invalid
- * @NL80211_FTM_RESP_ATTR_ENABLED: FTM responder is enabled
- * @NL80211_FTM_RESP_ATTR_LCI: The content of Measurement Report Element
- * (9.4.2.22 in 802.11-2016) with type 8 - LCI (9.4.2.22.10),
- * i.e. starting with the measurement token
- * @NL80211_FTM_RESP_ATTR_CIVIC: The content of Measurement Report Element
- * (9.4.2.22 in 802.11-2016) with type 11 - Civic (Section 9.4.2.22.13),
- * i.e. starting with the measurement token
- * @__NL80211_FTM_RESP_ATTR_LAST: Internal
- * @NL80211_FTM_RESP_ATTR_MAX: highest FTM responder attribute.
- */
-enum nl80211_ftm_responder_attributes {
- __NL80211_FTM_RESP_ATTR_INVALID,
-
- NL80211_FTM_RESP_ATTR_ENABLED,
- NL80211_FTM_RESP_ATTR_LCI,
- NL80211_FTM_RESP_ATTR_CIVICLOC,
-
- /* keep last */
- __NL80211_FTM_RESP_ATTR_LAST,
- NL80211_FTM_RESP_ATTR_MAX = __NL80211_FTM_RESP_ATTR_LAST - 1,
-};
-
-/*
- * enum nl80211_ftm_responder_stats - FTM responder statistics
- *
- * These attribute types are used with %NL80211_ATTR_FTM_RESPONDER_STATS
- * when getting FTM responder statistics.
- *
- * @__NL80211_FTM_STATS_INVALID: attribute number 0 is reserved
- * @NL80211_FTM_STATS_SUCCESS_NUM: number of FTM sessions in which all frames
- * were ssfully answered (u32)
- * @NL80211_FTM_STATS_PARTIAL_NUM: number of FTM sessions in which part of the
- * frames were successfully answered (u32)
- * @NL80211_FTM_STATS_FAILED_NUM: number of failed FTM sessions (u32)
- * @NL80211_FTM_STATS_ASAP_NUM: number of ASAP sessions (u32)
- * @NL80211_FTM_STATS_NON_ASAP_NUM: number of non-ASAP sessions (u32)
- * @NL80211_FTM_STATS_TOTAL_DURATION_MSEC: total sessions durations - gives an
- * indication of how much time the responder was busy (u64, msec)
- * @NL80211_FTM_STATS_UNKNOWN_TRIGGERS_NUM: number of unknown FTM triggers -
- * triggers from initiators that didn't finish successfully the negotiation
- * phase with the responder (u32)
- * @NL80211_FTM_STATS_RESCHEDULE_REQUESTS_NUM: number of FTM reschedule requests
- * - initiator asks for a new scheduling although it already has scheduled
- * FTM slot (u32)
- * @NL80211_FTM_STATS_OUT_OF_WINDOW_TRIGGERS_NUM: number of FTM triggers out of
- * scheduled window (u32)
- * @NL80211_FTM_STATS_PAD: used for padding, ignore
- * @__NL80211_TXQ_ATTR_AFTER_LAST: Internal
- * @NL80211_FTM_STATS_MAX: highest possible FTM responder stats attribute
- */
-enum nl80211_ftm_responder_stats {
- __NL80211_FTM_STATS_INVALID,
- NL80211_FTM_STATS_SUCCESS_NUM,
- NL80211_FTM_STATS_PARTIAL_NUM,
- NL80211_FTM_STATS_FAILED_NUM,
- NL80211_FTM_STATS_ASAP_NUM,
- NL80211_FTM_STATS_NON_ASAP_NUM,
- NL80211_FTM_STATS_TOTAL_DURATION_MSEC,
- NL80211_FTM_STATS_UNKNOWN_TRIGGERS_NUM,
- NL80211_FTM_STATS_RESCHEDULE_REQUESTS_NUM,
- NL80211_FTM_STATS_OUT_OF_WINDOW_TRIGGERS_NUM,
- NL80211_FTM_STATS_PAD,
-
- /* keep last */
- __NL80211_FTM_STATS_AFTER_LAST,
- NL80211_FTM_STATS_MAX = __NL80211_FTM_STATS_AFTER_LAST - 1
-};
-
-/**
- * enum nl80211_preamble - frame preamble types
- * @NL80211_PREAMBLE_LEGACY: legacy (HR/DSSS, OFDM, ERP PHY) preamble
- * @NL80211_PREAMBLE_HT: HT preamble
- * @NL80211_PREAMBLE_VHT: VHT preamble
- * @NL80211_PREAMBLE_DMG: DMG preamble
- */
-enum nl80211_preamble {
- NL80211_PREAMBLE_LEGACY,
- NL80211_PREAMBLE_HT,
- NL80211_PREAMBLE_VHT,
- NL80211_PREAMBLE_DMG,
-};
-
-/**
- * enum nl80211_peer_measurement_type - peer measurement types
- * @NL80211_PMSR_TYPE_INVALID: invalid/unused, needed as we use
- * these numbers also for attributes
- *
- * @NL80211_PMSR_TYPE_FTM: flight time measurement
- *
- * @NUM_NL80211_PMSR_TYPES: internal
- * @NL80211_PMSR_TYPE_MAX: highest type number
- */
-enum nl80211_peer_measurement_type {
- NL80211_PMSR_TYPE_INVALID,
-
- NL80211_PMSR_TYPE_FTM,
-
- NUM_NL80211_PMSR_TYPES,
- NL80211_PMSR_TYPE_MAX = NUM_NL80211_PMSR_TYPES - 1
-};
-
-/**
- * enum nl80211_peer_measurement_status - peer measurement status
- * @NL80211_PMSR_STATUS_SUCCESS: measurement completed successfully
- * @NL80211_PMSR_STATUS_REFUSED: measurement was locally refused
- * @NL80211_PMSR_STATUS_TIMEOUT: measurement timed out
- * @NL80211_PMSR_STATUS_FAILURE: measurement failed, a type-dependent
- * reason may be available in the response data
- */
-enum nl80211_peer_measurement_status {
- NL80211_PMSR_STATUS_SUCCESS,
- NL80211_PMSR_STATUS_REFUSED,
- NL80211_PMSR_STATUS_TIMEOUT,
- NL80211_PMSR_STATUS_FAILURE,
-};
-
-/**
- * enum nl80211_peer_measurement_req - peer measurement request attributes
- * @__NL80211_PMSR_REQ_ATTR_INVALID: invalid
- *
- * @NL80211_PMSR_REQ_ATTR_DATA: This is a nested attribute with measurement
- * type-specific request data inside. The attributes used are from the
- * enums named nl80211_peer_measurement_<type>_req.
- * @NL80211_PMSR_REQ_ATTR_GET_AP_TSF: include AP TSF timestamp, if supported
- * (flag attribute)
- *
- * @NUM_NL80211_PMSR_REQ_ATTRS: internal
- * @NL80211_PMSR_REQ_ATTR_MAX: highest attribute number
- */
-enum nl80211_peer_measurement_req {
- __NL80211_PMSR_REQ_ATTR_INVALID,
-
- NL80211_PMSR_REQ_ATTR_DATA,
- NL80211_PMSR_REQ_ATTR_GET_AP_TSF,
-
- /* keep last */
- NUM_NL80211_PMSR_REQ_ATTRS,
- NL80211_PMSR_REQ_ATTR_MAX = NUM_NL80211_PMSR_REQ_ATTRS - 1
-};
-
-/**
- * enum nl80211_peer_measurement_resp - peer measurement response attributes
- * @__NL80211_PMSR_RESP_ATTR_INVALID: invalid
- *
- * @NL80211_PMSR_RESP_ATTR_DATA: This is a nested attribute with measurement
- * type-specific results inside. The attributes used are from the enums
- * named nl80211_peer_measurement_<type>_resp.
- * @NL80211_PMSR_RESP_ATTR_STATUS: u32 value with the measurement status
- * (using values from &enum nl80211_peer_measurement_status.)
- * @NL80211_PMSR_RESP_ATTR_HOST_TIME: host time (%CLOCK_BOOTTIME) when the
- * result was measured; this value is not expected to be accurate to
- * more than 20ms. (u64, nanoseconds)
- * @NL80211_PMSR_RESP_ATTR_AP_TSF: TSF of the AP that the interface
- * doing the measurement is connected to when the result was measured.
- * This shall be accurately reported if supported and requested
- * (u64, usec)
- * @NL80211_PMSR_RESP_ATTR_FINAL: If results are sent to the host partially
- * (*e.g. with FTM per-burst data) this flag will be cleared on all but
- * the last result; if all results are combined it's set on the single
- * result.
- * @NL80211_PMSR_RESP_ATTR_PAD: padding for 64-bit attributes, ignore
- *
- * @NUM_NL80211_PMSR_RESP_ATTRS: internal
- * @NL80211_PMSR_RESP_ATTR_MAX: highest attribute number
- */
-enum nl80211_peer_measurement_resp {
- __NL80211_PMSR_RESP_ATTR_INVALID,
-
- NL80211_PMSR_RESP_ATTR_DATA,
- NL80211_PMSR_RESP_ATTR_STATUS,
- NL80211_PMSR_RESP_ATTR_HOST_TIME,
- NL80211_PMSR_RESP_ATTR_AP_TSF,
- NL80211_PMSR_RESP_ATTR_FINAL,
- NL80211_PMSR_RESP_ATTR_PAD,
-
- /* keep last */
- NUM_NL80211_PMSR_RESP_ATTRS,
- NL80211_PMSR_RESP_ATTR_MAX = NUM_NL80211_PMSR_RESP_ATTRS - 1
-};
-
-/**
- * enum nl80211_peer_measurement_peer_attrs - peer attributes for measurement
- * @__NL80211_PMSR_PEER_ATTR_INVALID: invalid
- *
- * @NL80211_PMSR_PEER_ATTR_ADDR: peer's MAC address
- * @NL80211_PMSR_PEER_ATTR_CHAN: channel definition, nested, using top-level
- * attributes like %NL80211_ATTR_WIPHY_FREQ etc.
- * @NL80211_PMSR_PEER_ATTR_REQ: This is a nested attribute indexed by
- * measurement type, with attributes from the
- * &enum nl80211_peer_measurement_req inside.
- * @NL80211_PMSR_PEER_ATTR_RESP: This is a nested attribute indexed by
- * measurement type, with attributes from the
- * &enum nl80211_peer_measurement_resp inside.
- *
- * @NUM_NL80211_PMSR_PEER_ATTRS: internal
- * @NL80211_PMSR_PEER_ATTR_MAX: highest attribute number
- */
-enum nl80211_peer_measurement_peer_attrs {
- __NL80211_PMSR_PEER_ATTR_INVALID,
-
- NL80211_PMSR_PEER_ATTR_ADDR,
- NL80211_PMSR_PEER_ATTR_CHAN,
- NL80211_PMSR_PEER_ATTR_REQ,
- NL80211_PMSR_PEER_ATTR_RESP,
-
- /* keep last */
- NUM_NL80211_PMSR_PEER_ATTRS,
- NL80211_PMSR_PEER_ATTR_MAX = NUM_NL80211_PMSR_PEER_ATTRS - 1,
-};
-
-/**
- * enum nl80211_peer_measurement_attrs - peer measurement attributes
- * @__NL80211_PMSR_ATTR_INVALID: invalid
- *
- * @NL80211_PMSR_ATTR_MAX_PEERS: u32 attribute used for capability
- * advertisement only, indicates the maximum number of peers
- * measurements can be done with in a single request
- * @NL80211_PMSR_ATTR_REPORT_AP_TSF: flag attribute in capability
- * indicating that the connected AP's TSF can be reported in
- * measurement results
- * @NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR: flag attribute in capability
- * indicating that MAC address randomization is supported.
- * @NL80211_PMSR_ATTR_TYPE_CAPA: capabilities reported by the device,
- * this contains a nesting indexed by measurement type, and
- * type-specific capabilities inside, which are from the enums
- * named nl80211_peer_measurement_<type>_capa.
- * @NL80211_PMSR_ATTR_PEERS: nested attribute, the nesting index is
- * meaningless, just a list of peers to measure with, with the
- * sub-attributes taken from
- * &enum nl80211_peer_measurement_peer_attrs.
- *
- * @NUM_NL80211_PMSR_ATTR: internal
- * @NL80211_PMSR_ATTR_MAX: highest attribute number
- */
-enum nl80211_peer_measurement_attrs {
- __NL80211_PMSR_ATTR_INVALID,
-
- NL80211_PMSR_ATTR_MAX_PEERS,
- NL80211_PMSR_ATTR_REPORT_AP_TSF,
- NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR,
- NL80211_PMSR_ATTR_TYPE_CAPA,
- NL80211_PMSR_ATTR_PEERS,
-
- /* keep last */
- NUM_NL80211_PMSR_ATTR,
- NL80211_PMSR_ATTR_MAX = NUM_NL80211_PMSR_ATTR - 1
-};
-
-/**
- * enum nl80211_peer_measurement_ftm_capa - FTM capabilities
- * @__NL80211_PMSR_FTM_CAPA_ATTR_INVALID: invalid
- *
- * @NL80211_PMSR_FTM_CAPA_ATTR_ASAP: flag attribute indicating ASAP mode
- * is supported
- * @NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP: flag attribute indicating non-ASAP
- * mode is supported
- * @NL80211_PMSR_FTM_CAPA_ATTR_REQ_LCI: flag attribute indicating if LCI
- * data can be requested during the measurement
- * @NL80211_PMSR_FTM_CAPA_ATTR_REQ_CIVICLOC: flag attribute indicating if civic
- * location data can be requested during the measurement
- * @NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES: u32 bitmap attribute of bits
- * from &enum nl80211_preamble.
- * @NL80211_PMSR_FTM_CAPA_ATTR_BANDWIDTHS: bitmap of values from
- * &enum nl80211_chan_width indicating the supported channel
- * bandwidths for FTM. Note that a higher channel bandwidth may be
- * configured to allow for other measurements types with different
- * bandwidth requirement in the same measurement.
- * @NL80211_PMSR_FTM_CAPA_ATTR_MAX_BURSTS_EXPONENT: u32 attribute indicating
- * the maximum bursts exponent that can be used (if not present anything
- * is valid)
- * @NL80211_PMSR_FTM_CAPA_ATTR_MAX_FTMS_PER_BURST: u32 attribute indicating
- * the maximum FTMs per burst (if not present anything is valid)
- *
- * @NUM_NL80211_PMSR_FTM_CAPA_ATTR: internal
- * @NL80211_PMSR_FTM_CAPA_ATTR_MAX: highest attribute number
- */
-enum nl80211_peer_measurement_ftm_capa {
- __NL80211_PMSR_FTM_CAPA_ATTR_INVALID,
-
- NL80211_PMSR_FTM_CAPA_ATTR_ASAP,
- NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP,
- NL80211_PMSR_FTM_CAPA_ATTR_REQ_LCI,
- NL80211_PMSR_FTM_CAPA_ATTR_REQ_CIVICLOC,
- NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES,
- NL80211_PMSR_FTM_CAPA_ATTR_BANDWIDTHS,
- NL80211_PMSR_FTM_CAPA_ATTR_MAX_BURSTS_EXPONENT,
- NL80211_PMSR_FTM_CAPA_ATTR_MAX_FTMS_PER_BURST,
-
- /* keep last */
- NUM_NL80211_PMSR_FTM_CAPA_ATTR,
- NL80211_PMSR_FTM_CAPA_ATTR_MAX = NUM_NL80211_PMSR_FTM_CAPA_ATTR - 1
-};
-
-/**
- * enum nl80211_peer_measurement_ftm_req - FTM request attributes
- * @__NL80211_PMSR_FTM_REQ_ATTR_INVALID: invalid
- *
- * @NL80211_PMSR_FTM_REQ_ATTR_ASAP: ASAP mode requested (flag)
- * @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE: preamble type (see
- * &enum nl80211_preamble), optional for DMG (u32)
- * @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP: number of bursts exponent as in
- * 802.11-2016 9.4.2.168 "Fine Timing Measurement Parameters element"
- * (u8, 0-15, optional with default 15 i.e. "no preference")
- * @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD: interval between bursts in units
- * of 100ms (u16, optional with default 0)
- * @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION: burst duration, as in 802.11-2016
- * Table 9-257 "Burst Duration field encoding" (u8, 0-15, optional with
- * default 15 i.e. "no preference")
- * @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST: number of successful FTM frames
- * requested per burst
- * (u8, 0-31, optional with default 0 i.e. "no preference")
- * @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES: number of FTMR frame retries
- * (u8, default 3)
- * @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI: request LCI data (flag)
- * @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC: request civic location data
- * (flag)
- *
- * @NUM_NL80211_PMSR_FTM_REQ_ATTR: internal
- * @NL80211_PMSR_FTM_REQ_ATTR_MAX: highest attribute number
- */
-enum nl80211_peer_measurement_ftm_req {
- __NL80211_PMSR_FTM_REQ_ATTR_INVALID,
-
- NL80211_PMSR_FTM_REQ_ATTR_ASAP,
- NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE,
- NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP,
- NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD,
- NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION,
- NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST,
- NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES,
- NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI,
- NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC,
-
- /* keep last */
- NUM_NL80211_PMSR_FTM_REQ_ATTR,
- NL80211_PMSR_FTM_REQ_ATTR_MAX = NUM_NL80211_PMSR_FTM_REQ_ATTR - 1
-};
-
-/**
- * enum nl80211_peer_measurement_ftm_failure_reasons - FTM failure reasons
- * @NL80211_PMSR_FTM_FAILURE_UNSPECIFIED: unspecified failure, not used
- * @NL80211_PMSR_FTM_FAILURE_NO_RESPONSE: no response from the FTM responder
- * @NL80211_PMSR_FTM_FAILURE_REJECTED: FTM responder rejected measurement
- * @NL80211_PMSR_FTM_FAILURE_WRONG_CHANNEL: we already know the peer is
- * on a different channel, so can't measure (if we didn't know, we'd
- * try and get no response)
- * @NL80211_PMSR_FTM_FAILURE_PEER_NOT_CAPABLE: peer can't actually do FTM
- * @NL80211_PMSR_FTM_FAILURE_INVALID_TIMESTAMP: invalid T1/T4 timestamps
- * received
- * @NL80211_PMSR_FTM_FAILURE_PEER_BUSY: peer reports busy, you may retry
- * later (see %NL80211_PMSR_FTM_RESP_ATTR_BUSY_RETRY_TIME)
- * @NL80211_PMSR_FTM_FAILURE_BAD_CHANGED_PARAMS: parameters were changed
- * by the peer and are no longer supported
- */
-enum nl80211_peer_measurement_ftm_failure_reasons {
- NL80211_PMSR_FTM_FAILURE_UNSPECIFIED,
- NL80211_PMSR_FTM_FAILURE_NO_RESPONSE,
- NL80211_PMSR_FTM_FAILURE_REJECTED,
- NL80211_PMSR_FTM_FAILURE_WRONG_CHANNEL,
- NL80211_PMSR_FTM_FAILURE_PEER_NOT_CAPABLE,
- NL80211_PMSR_FTM_FAILURE_INVALID_TIMESTAMP,
- NL80211_PMSR_FTM_FAILURE_PEER_BUSY,
- NL80211_PMSR_FTM_FAILURE_BAD_CHANGED_PARAMS,
-};
-
-/**
- * enum nl80211_peer_measurement_ftm_resp - FTM response attributes
- * @__NL80211_PMSR_FTM_RESP_ATTR_INVALID: invalid
- *
- * @NL80211_PMSR_FTM_RESP_ATTR_FAIL_REASON: FTM-specific failure reason
- * (u32, optional)
- * @NL80211_PMSR_FTM_RESP_ATTR_BURST_INDEX: optional, if bursts are reported
- * as separate results then it will be the burst index 0...(N-1) and
- * the top level will indicate partial results (u32)
- * @NL80211_PMSR_FTM_RESP_ATTR_NUM_FTMR_ATTEMPTS: number of FTM Request frames
- * transmitted (u32, optional)
- * @NL80211_PMSR_FTM_RESP_ATTR_NUM_FTMR_SUCCESSES: number of FTM Request frames
- * that were acknowleged (u32, optional)
- * @NL80211_PMSR_FTM_RESP_ATTR_BUSY_RETRY_TIME: retry time received from the
- * busy peer (u32, seconds)
- * @NL80211_PMSR_FTM_RESP_ATTR_NUM_BURSTS_EXP: actual number of bursts exponent
- * used by the responder (similar to request, u8)
- * @NL80211_PMSR_FTM_RESP_ATTR_BURST_DURATION: actual burst duration used by
- * the responder (similar to request, u8)
- * @NL80211_PMSR_FTM_RESP_ATTR_FTMS_PER_BURST: actual FTMs per burst used
- * by the responder (similar to request, u8)
- * @NL80211_PMSR_FTM_RESP_ATTR_RSSI_AVG: average RSSI across all FTM action
- * frames (optional, s32, 1/2 dBm)
- * @NL80211_PMSR_FTM_RESP_ATTR_RSSI_SPREAD: RSSI spread across all FTM action
- * frames (optional, s32, 1/2 dBm)
- * @NL80211_PMSR_FTM_RESP_ATTR_TX_RATE: bitrate we used for the response to the
- * FTM action frame (optional, nested, using &enum nl80211_rate_info
- * attributes)
- * @NL80211_PMSR_FTM_RESP_ATTR_RX_RATE: bitrate the responder used for the FTM
- * action frame (optional, nested, using &enum nl80211_rate_info attrs)
- * @NL80211_PMSR_FTM_RESP_ATTR_RTT_AVG: average RTT (s64, picoseconds, optional
- * but one of RTT/DIST must be present)
- * @NL80211_PMSR_FTM_RESP_ATTR_RTT_VARIANCE: RTT variance (u64, ps^2, note that
- * standard deviation is the square root of variance, optional)
- * @NL80211_PMSR_FTM_RESP_ATTR_RTT_SPREAD: RTT spread (u64, picoseconds,
- * optional)
- * @NL80211_PMSR_FTM_RESP_ATTR_DIST_AVG: average distance (s64, mm, optional
- * but one of RTT/DIST must be present)
- * @NL80211_PMSR_FTM_RESP_ATTR_DIST_VARIANCE: distance variance (u64, mm^2, note
- * that standard deviation is the square root of variance, optional)
- * @NL80211_PMSR_FTM_RESP_ATTR_DIST_SPREAD: distance spread (u64, mm, optional)
- * @NL80211_PMSR_FTM_RESP_ATTR_LCI: LCI data from peer (binary, optional);
- * this is the contents of the Measurement Report Element (802.11-2016
- * 9.4.2.22.1) starting with the Measurement Token, with Measurement
- * Type 8.
- * @NL80211_PMSR_FTM_RESP_ATTR_CIVICLOC: civic location data from peer
- * (binary, optional);
- * this is the contents of the Measurement Report Element (802.11-2016
- * 9.4.2.22.1) starting with the Measurement Token, with Measurement
- * Type 11.
- * @NL80211_PMSR_FTM_RESP_ATTR_PAD: ignore, for u64/s64 padding only
- *
- * @NUM_NL80211_PMSR_FTM_RESP_ATTR: internal
- * @NL80211_PMSR_FTM_RESP_ATTR_MAX: highest attribute number
- */
-enum nl80211_peer_measurement_ftm_resp {
- __NL80211_PMSR_FTM_RESP_ATTR_INVALID,
-
- NL80211_PMSR_FTM_RESP_ATTR_FAIL_REASON,
- NL80211_PMSR_FTM_RESP_ATTR_BURST_INDEX,
- NL80211_PMSR_FTM_RESP_ATTR_NUM_FTMR_ATTEMPTS,
- NL80211_PMSR_FTM_RESP_ATTR_NUM_FTMR_SUCCESSES,
- NL80211_PMSR_FTM_RESP_ATTR_BUSY_RETRY_TIME,
- NL80211_PMSR_FTM_RESP_ATTR_NUM_BURSTS_EXP,
- NL80211_PMSR_FTM_RESP_ATTR_BURST_DURATION,
- NL80211_PMSR_FTM_RESP_ATTR_FTMS_PER_BURST,
- NL80211_PMSR_FTM_RESP_ATTR_RSSI_AVG,
- NL80211_PMSR_FTM_RESP_ATTR_RSSI_SPREAD,
- NL80211_PMSR_FTM_RESP_ATTR_TX_RATE,
- NL80211_PMSR_FTM_RESP_ATTR_RX_RATE,
- NL80211_PMSR_FTM_RESP_ATTR_RTT_AVG,
- NL80211_PMSR_FTM_RESP_ATTR_RTT_VARIANCE,
- NL80211_PMSR_FTM_RESP_ATTR_RTT_SPREAD,
- NL80211_PMSR_FTM_RESP_ATTR_DIST_AVG,
- NL80211_PMSR_FTM_RESP_ATTR_DIST_VARIANCE,
- NL80211_PMSR_FTM_RESP_ATTR_DIST_SPREAD,
- NL80211_PMSR_FTM_RESP_ATTR_LCI,
- NL80211_PMSR_FTM_RESP_ATTR_CIVICLOC,
- NL80211_PMSR_FTM_RESP_ATTR_PAD,
-
- /* keep last */
- NUM_NL80211_PMSR_FTM_RESP_ATTR,
- NL80211_PMSR_FTM_RESP_ATTR_MAX = NUM_NL80211_PMSR_FTM_RESP_ATTR - 1
-};
-
#endif /* __LINUX_NL80211_H */
diff --git a/src/eap_peer/eap_fast.c b/src/eap_peer/eap_fast.c
index 94ce57d..74cec7d 100644
--- a/src/eap_peer/eap_fast.c
+++ b/src/eap_peer/eap_fast.c
@@ -250,8 +250,8 @@
os_memset(data->key_data, 0, EAP_FAST_KEY_LEN);
os_memset(data->emsk, 0, EAP_EMSK_LEN);
os_free(data->session_id);
- wpabuf_clear_free(data->pending_phase2_req);
- wpabuf_clear_free(data->pending_resp);
+ wpabuf_free(data->pending_phase2_req);
+ wpabuf_free(data->pending_resp);
os_free(data);
}
@@ -486,7 +486,7 @@
(config->pending_req_identity || config->pending_req_password ||
config->pending_req_otp || config->pending_req_new_password ||
config->pending_req_sim)) {
- wpabuf_clear_free(data->pending_phase2_req);
+ wpabuf_free(data->pending_phase2_req);
data->pending_phase2_req = wpabuf_alloc_copy(hdr, len);
} else if (*resp == NULL)
return -1;
@@ -801,7 +801,7 @@
ret->methodState = METHOD_DONE;
ret->decision = DECISION_FAIL;
data->phase2_success = 0;
- wpabuf_clear_free(resp);
+ wpabuf_free(resp);
return NULL;
}
@@ -815,7 +815,7 @@
} else {
wpa_printf(MSG_ERROR, "EAP-FAST: Failed to derive "
"Session-Id");
- wpabuf_clear_free(resp);
+ wpabuf_free(resp);
return NULL;
}
}
@@ -1150,7 +1150,7 @@
wpa_printf(MSG_INFO, "EAP-FAST: Failed to encrypt a Phase 2 "
"frame");
}
- wpabuf_clear_free(resp);
+ wpabuf_free(resp);
return 0;
}
@@ -1328,14 +1328,14 @@
wpa_printf(MSG_INFO, "EAP-FAST: Too short Phase 2 "
"TLV frame (len=%lu)",
(unsigned long) wpabuf_len(in_decrypted));
- wpabuf_clear_free(in_decrypted);
+ wpabuf_free(in_decrypted);
return -1;
}
res = eap_fast_process_decrypted(sm, data, ret, identifier,
in_decrypted, out_data);
- wpabuf_clear_free(in_decrypted);
+ wpabuf_free(in_decrypted);
return res;
}
@@ -1613,7 +1613,7 @@
if (sm->waiting_ext_cert_check) {
wpa_printf(MSG_DEBUG,
"EAP-FAST: Waiting external server certificate validation");
- wpabuf_clear_free(data->pending_resp);
+ wpabuf_free(data->pending_resp);
data->pending_resp = resp;
return NULL;
}
@@ -1641,7 +1641,7 @@
"EAP-FAST: Could not derive keys");
ret->methodState = METHOD_DONE;
ret->decision = DECISION_FAIL;
- wpabuf_clear_free(resp);
+ wpabuf_free(resp);
return NULL;
}
}
@@ -1650,7 +1650,7 @@
/*
* Application data included in the handshake message.
*/
- wpabuf_clear_free(data->pending_phase2_req);
+ wpabuf_free(data->pending_phase2_req);
data->pending_phase2_req = resp;
resp = NULL;
res = eap_fast_decrypt(sm, data, ret, id, &msg, &resp);
@@ -1658,7 +1658,7 @@
}
if (res == 1) {
- wpabuf_clear_free(resp);
+ wpabuf_free(resp);
return eap_peer_tls_build_ack(id, EAP_TYPE_FAST,
data->fast_version);
}
@@ -1684,9 +1684,9 @@
data->phase2_method->deinit_for_reauth(sm, data->phase2_priv);
os_free(data->key_block_p);
data->key_block_p = NULL;
- wpabuf_clear_free(data->pending_phase2_req);
+ wpabuf_free(data->pending_phase2_req);
data->pending_phase2_req = NULL;
- wpabuf_clear_free(data->pending_resp);
+ wpabuf_free(data->pending_resp);
data->pending_resp = NULL;
}
diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c
index 650bea6..34075b1 100644
--- a/src/eap_peer/eap_peap.c
+++ b/src/eap_peer/eap_peap.c
@@ -1,6 +1,6 @@
/*
* EAP peer method: EAP-PEAP (draft-josefsson-pppext-eap-tls-eap-10.txt)
- * Copyright (c) 2004-2019, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -169,7 +169,7 @@
static void eap_peap_free_key(struct eap_peap_data *data)
{
if (data->key_data) {
- bin_clear_free(data->key_data, EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
+ bin_clear_free(data->key_data, EAP_TLS_KEY_LEN);
data->key_data = NULL;
}
}
@@ -186,9 +186,9 @@
eap_peer_tls_ssl_deinit(sm, &data->ssl);
eap_peap_free_key(data);
os_free(data->session_id);
- wpabuf_clear_free(data->pending_phase2_req);
- wpabuf_clear_free(data->pending_resp);
- bin_clear_free(data, sizeof(*data));
+ wpabuf_free(data->pending_phase2_req);
+ wpabuf_free(data->pending_resp);
+ os_free(data);
}
@@ -253,7 +253,7 @@
{
u8 *tk;
u8 isk[32], imck[60];
- int resumed, res;
+ int resumed;
/*
* Tunnel key (TK) is the first 60 octets of the key generated by
@@ -292,11 +292,9 @@
* in the end of the label just before ISK; is that just a typo?)
*/
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: TempKey", tk, 40);
- res = peap_prfplus(data->peap_version, tk, 40,
- "Inner Methods Compound Keys",
- isk, sizeof(isk), imck, sizeof(imck));
- os_memset(isk, 0, sizeof(isk));
- if (res < 0)
+ if (peap_prfplus(data->peap_version, tk, 40,
+ "Inner Methods Compound Keys",
+ isk, sizeof(isk), imck, sizeof(imck)) < 0)
return -1;
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: IMCK (IPMKj)",
imck, sizeof(imck));
@@ -305,7 +303,6 @@
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: IPMK (S-IPMKj)", data->ipmk, 40);
os_memcpy(data->cmk, imck + 40, 20);
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: CMK (CMKj)", data->cmk, 20);
- os_memset(imck, 0, sizeof(imck));
return 0;
}
@@ -385,7 +382,7 @@
wpabuf_put_be16(msg, status); /* Status */
if (crypto_tlv_used && eap_tlv_add_cryptobinding(sm, data, msg)) {
- wpabuf_clear_free(msg);
+ wpabuf_free(msg);
return NULL;
}
@@ -654,11 +651,11 @@
if (*resp == NULL) {
ret->methodState = METHOD_DONE;
ret->decision = DECISION_FAIL;
- wpabuf_clear_free(buf);
+ wpabuf_free(buf);
return -1;
}
wpabuf_put_buf(*resp, buf);
- wpabuf_clear_free(buf);
+ wpabuf_free(buf);
break;
}
}
@@ -731,7 +728,7 @@
(config->pending_req_identity || config->pending_req_password ||
config->pending_req_otp || config->pending_req_new_password ||
config->pending_req_sim)) {
- wpabuf_clear_free(data->pending_phase2_req);
+ wpabuf_free(data->pending_phase2_req);
data->pending_phase2_req = wpabuf_alloc_copy(hdr, len);
}
@@ -810,7 +807,7 @@
struct wpabuf *nmsg = wpabuf_alloc(sizeof(struct eap_hdr) +
wpabuf_len(in_decrypted));
if (nmsg == NULL) {
- wpabuf_clear_free(in_decrypted);
+ wpabuf_free(in_decrypted);
return 0;
}
nhdr = wpabuf_put(nmsg, sizeof(*nhdr));
@@ -820,7 +817,7 @@
nhdr->length = host_to_be16(sizeof(struct eap_hdr) +
wpabuf_len(in_decrypted));
- wpabuf_clear_free(in_decrypted);
+ wpabuf_free(in_decrypted);
in_decrypted = nmsg;
}
@@ -829,7 +826,7 @@
wpa_printf(MSG_INFO, "EAP-PEAP: Too short Phase 2 "
"EAP frame (len=%lu)",
(unsigned long) wpabuf_len(in_decrypted));
- wpabuf_clear_free(in_decrypted);
+ wpabuf_free(in_decrypted);
return 0;
}
len = be_to_host16(hdr->length);
@@ -838,7 +835,7 @@
"Phase 2 EAP frame (len=%lu hdr->length=%lu)",
(unsigned long) wpabuf_len(in_decrypted),
(unsigned long) len);
- wpabuf_clear_free(in_decrypted);
+ wpabuf_free(in_decrypted);
return 0;
}
if (len < wpabuf_len(in_decrypted)) {
@@ -855,7 +852,7 @@
case EAP_CODE_REQUEST:
if (eap_peap_phase2_request(sm, data, ret, in_decrypted,
&resp)) {
- wpabuf_clear_free(in_decrypted);
+ wpabuf_free(in_decrypted);
wpa_printf(MSG_INFO, "EAP-PEAP: Phase2 Request "
"processing failed");
return 0;
@@ -875,7 +872,7 @@
"completed successfully");
ret->methodState = METHOD_DONE;
ret->decision = DECISION_FAIL;
- wpabuf_clear_free(in_decrypted);
+ wpabuf_free(in_decrypted);
return 0;
}
wpa_printf(MSG_DEBUG, "EAP-PEAP: Version 1 - "
@@ -885,7 +882,7 @@
ret->methodState = METHOD_DONE;
data->phase2_success = 1;
if (data->peap_outer_success == 2) {
- wpabuf_clear_free(in_decrypted);
+ wpabuf_free(in_decrypted);
wpa_printf(MSG_DEBUG, "EAP-PEAP: Use TLS ACK "
"to finish authentication");
return 1;
@@ -931,7 +928,7 @@
break;
}
- wpabuf_clear_free(in_decrypted);
+ wpabuf_free(in_decrypted);
if (resp) {
int skip_change2 = 0;
@@ -958,7 +955,7 @@
wpa_printf(MSG_INFO, "EAP-PEAP: Failed to encrypt "
"a Phase 2 frame");
}
- wpabuf_clear_free(resp);
+ wpabuf_free(resp);
}
return 0;
@@ -1059,7 +1056,7 @@
if (sm->waiting_ext_cert_check) {
wpa_printf(MSG_DEBUG,
"EAP-PEAP: Waiting external server certificate validation");
- wpabuf_clear_free(data->pending_resp);
+ wpabuf_free(data->pending_resp);
data->pending_resp = resp;
return NULL;
}
@@ -1084,18 +1081,12 @@
"key derivation", label);
data->key_data =
eap_peer_tls_derive_key(sm, &data->ssl, label,
- EAP_TLS_KEY_LEN +
- EAP_EMSK_LEN);
+ EAP_TLS_KEY_LEN);
if (data->key_data) {
wpa_hexdump_key(MSG_DEBUG,
"EAP-PEAP: Derived key",
data->key_data,
EAP_TLS_KEY_LEN);
- wpa_hexdump_key(MSG_DEBUG,
- "EAP-PEAP: Derived EMSK",
- data->key_data +
- EAP_TLS_KEY_LEN,
- EAP_EMSK_LEN);
} else {
wpa_printf(MSG_DEBUG, "EAP-PEAP: Failed to "
"derive key");
@@ -1140,7 +1131,7 @@
/*
* Application data included in the handshake message.
*/
- wpabuf_clear_free(data->pending_phase2_req);
+ wpabuf_free(data->pending_phase2_req);
data->pending_phase2_req = resp;
resp = NULL;
res = eap_peap_decrypt(sm, data, ret, req, &msg,
@@ -1153,7 +1144,7 @@
}
if (res == 1) {
- wpabuf_clear_free(resp);
+ wpabuf_free(resp);
return eap_peer_tls_build_ack(id, EAP_TYPE_PEAP,
data->peap_version);
}
@@ -1177,9 +1168,9 @@
if (data->phase2_priv && data->phase2_method &&
data->phase2_method->deinit_for_reauth)
data->phase2_method->deinit_for_reauth(sm, data->phase2_priv);
- wpabuf_clear_free(data->pending_phase2_req);
+ wpabuf_free(data->pending_phase2_req);
data->pending_phase2_req = NULL;
- wpabuf_clear_free(data->pending_resp);
+ wpabuf_free(data->pending_resp);
data->pending_resp = NULL;
data->crypto_binding_used = 0;
}
@@ -1266,7 +1257,6 @@
os_memcpy(key, csk, EAP_TLS_KEY_LEN);
wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Derived key",
key, EAP_TLS_KEY_LEN);
- os_memset(csk, 0, sizeof(csk));
} else
os_memcpy(key, data->key_data, EAP_TLS_KEY_LEN);
@@ -1274,29 +1264,6 @@
}
-static u8 * eap_peap_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
-{
- struct eap_peap_data *data = priv;
- u8 *key;
-
- if (!data->key_data || !data->phase2_success)
- return NULL;
-
- if (data->crypto_binding_used) {
- /* [MS-PEAP] does not define EMSK derivation */
- return NULL;
- }
-
- key = os_memdup(data->key_data + EAP_TLS_KEY_LEN, EAP_EMSK_LEN);
- if (!key)
- return NULL;
-
- *len = EAP_EMSK_LEN;
-
- return key;
-}
-
-
static u8 * eap_peap_get_session_id(struct eap_sm *sm, void *priv, size_t *len)
{
struct eap_peap_data *data = priv;
@@ -1329,7 +1296,6 @@
eap->process = eap_peap_process;
eap->isKeyAvailable = eap_peap_isKeyAvailable;
eap->getKey = eap_peap_getKey;
- eap->get_emsk = eap_peap_get_emsk;
eap->get_status = eap_peap_get_status;
eap->has_reauth_data = eap_peap_has_reauth_data;
eap->deinit_for_reauth = eap_peap_deinit_for_reauth;
diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c
index 7dbd364..0de1315 100644
--- a/src/eap_peer/eap_tls_common.c
+++ b/src/eap_peer/eap_tls_common.c
@@ -1,6 +1,6 @@
/*
* EAP peer: EAP-TLS/PEAP/TTLS/FAST common functions
- * Copyright (c) 2004-2019, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2004-2013, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -70,22 +70,16 @@
params->flags &= ~TLS_CONN_DISABLE_SESSION_TICKET;
if (os_strstr(txt, "tls_disable_tlsv1_0=1"))
params->flags |= TLS_CONN_DISABLE_TLSv1_0;
- if (os_strstr(txt, "tls_disable_tlsv1_0=0")) {
+ if (os_strstr(txt, "tls_disable_tlsv1_0=0"))
params->flags &= ~TLS_CONN_DISABLE_TLSv1_0;
- params->flags |= TLS_CONN_ENABLE_TLSv1_0;
- }
if (os_strstr(txt, "tls_disable_tlsv1_1=1"))
params->flags |= TLS_CONN_DISABLE_TLSv1_1;
- if (os_strstr(txt, "tls_disable_tlsv1_1=0")) {
+ if (os_strstr(txt, "tls_disable_tlsv1_1=0"))
params->flags &= ~TLS_CONN_DISABLE_TLSv1_1;
- params->flags |= TLS_CONN_ENABLE_TLSv1_1;
- }
if (os_strstr(txt, "tls_disable_tlsv1_2=1"))
params->flags |= TLS_CONN_DISABLE_TLSv1_2;
- if (os_strstr(txt, "tls_disable_tlsv1_2=0")) {
+ if (os_strstr(txt, "tls_disable_tlsv1_2=0"))
params->flags &= ~TLS_CONN_DISABLE_TLSv1_2;
- params->flags |= TLS_CONN_ENABLE_TLSv1_2;
- }
if (os_strstr(txt, "tls_disable_tlsv1_3=1"))
params->flags |= TLS_CONN_DISABLE_TLSv1_3;
if (os_strstr(txt, "tls_disable_tlsv1_3=0"))
@@ -176,9 +170,7 @@
* TLS v1.3 changes, so disable this by default for now. */
params->flags |= TLS_CONN_DISABLE_TLSv1_3;
}
- if (data->eap_type == EAP_TYPE_TLS ||
- data->eap_type == EAP_UNAUTH_TLS_TYPE ||
- data->eap_type == EAP_WFA_UNAUTH_TLS_TYPE) {
+ if (data->eap_type == EAP_TYPE_TLS) {
/* While the current EAP-TLS implementation is more or less
* complete for TLS v1.3, there has been no interoperability
* testing with other implementations, so disable for by default
@@ -396,26 +388,10 @@
u8 *out;
if (eap_type == EAP_TYPE_TLS && data->tls_v13) {
- u8 *id, *method_id;
-
- /* Session-Id = <EAP-Type> || Method-Id
- * Method-Id = TLS-Exporter("EXPORTER_EAP_TLS_Method-Id",
- * "", 64)
- */
- *len = 1 + 64;
- id = os_malloc(*len);
- if (!id)
- return NULL;
- method_id = eap_peer_tls_derive_key(
- sm, data, "EXPORTER_EAP_TLS_Method-Id", 64);
- if (!method_id) {
- os_free(id);
- return NULL;
- }
- id[0] = eap_type;
- os_memcpy(id + 1, method_id, 64);
- os_free(method_id);
- return id;
+ *len = 64;
+ return eap_peer_tls_derive_key(sm, data,
+ "EXPORTER_EAP_TLS_Session-Id",
+ 64);
}
if (tls_connection_get_random(sm->ssl_ctx, data->conn, &keys) ||
diff --git a/src/eap_peer/eap_ttls.c b/src/eap_peer/eap_ttls.c
index 5d26701..f18788c 100644
--- a/src/eap_peer/eap_ttls.c
+++ b/src/eap_peer/eap_ttls.c
@@ -196,8 +196,8 @@
eap_peer_tls_ssl_deinit(sm, &data->ssl);
eap_ttls_free_key(data);
os_free(data->session_id);
- wpabuf_clear_free(data->pending_phase2_req);
- wpabuf_clear_free(data->pending_resp);
+ wpabuf_free(data->pending_phase2_req);
+ wpabuf_free(data->pending_resp);
os_free(data);
}
@@ -248,7 +248,7 @@
msg = wpabuf_alloc(sizeof(struct ttls_avp) + wpabuf_len(*resp) + 4);
if (msg == NULL) {
- wpabuf_clear_free(*resp);
+ wpabuf_free(*resp);
*resp = NULL;
return -1;
}
@@ -258,7 +258,7 @@
os_memcpy(pos, wpabuf_head(*resp), wpabuf_len(*resp));
pos += wpabuf_len(*resp);
AVP_PAD(avp, pos);
- wpabuf_clear_free(*resp);
+ wpabuf_free(*resp);
wpabuf_put(msg, pos - avp);
*resp = msg;
return 0;
@@ -510,7 +510,7 @@
challenge = eap_ttls_implicit_challenge(
sm, data, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 1);
if (challenge == NULL) {
- wpabuf_clear_free(msg);
+ wpabuf_free(msg);
wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Failed to derive "
"implicit challenge");
return -1;
@@ -529,7 +529,7 @@
*pos++ = 0; /* Flags */
if (os_get_random(pos, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN) < 0) {
os_free(challenge);
- wpabuf_clear_free(msg);
+ wpabuf_free(msg);
wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Failed to get "
"random data for peer challenge");
return -1;
@@ -543,7 +543,7 @@
peer_challenge, pos, data->auth_response,
data->master_key)) {
os_free(challenge);
- wpabuf_clear_free(msg);
+ wpabuf_free(msg);
wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Failed to derive "
"response");
return -1;
@@ -604,7 +604,7 @@
challenge = eap_ttls_implicit_challenge(
sm, data, EAP_TTLS_MSCHAP_CHALLENGE_LEN + 1);
if (challenge == NULL) {
- wpabuf_clear_free(msg);
+ wpabuf_free(msg);
wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAP: Failed to derive "
"implicit challenge");
return -1;
@@ -628,7 +628,7 @@
if (challenge_response(challenge, password, pos)) {
wpa_printf(MSG_ERROR,
"EAP-TTLS/MSCHAP: Failed derive password hash");
- wpabuf_clear_free(msg);
+ wpabuf_free(msg);
os_free(challenge);
return -1;
}
@@ -641,7 +641,7 @@
pos)) {
wpa_printf(MSG_ERROR,
"EAP-TTLS/MSCHAP: Failed derive password");
- wpabuf_clear_free(msg);
+ wpabuf_free(msg);
os_free(challenge);
return -1;
}
@@ -760,7 +760,7 @@
challenge = eap_ttls_implicit_challenge(
sm, data, EAP_TTLS_CHAP_CHALLENGE_LEN + 1);
if (challenge == NULL) {
- wpabuf_clear_free(msg);
+ wpabuf_free(msg);
wpa_printf(MSG_ERROR, "EAP-TTLS/CHAP: Failed to derive "
"implicit challenge");
return -1;
@@ -1073,10 +1073,10 @@
resp, out_data)) {
wpa_printf(MSG_INFO, "EAP-TTLS: Failed to encrypt a Phase 2 "
"frame");
- wpabuf_clear_free(resp);
+ wpabuf_free(resp);
return -1;
}
- wpabuf_clear_free(resp);
+ wpabuf_free(resp);
return 0;
}
@@ -1297,7 +1297,7 @@
config->pending_req_otp ||
config->pending_req_new_password ||
config->pending_req_sim) {
- wpabuf_clear_free(data->pending_phase2_req);
+ wpabuf_free(data->pending_phase2_req);
data->pending_phase2_req = wpabuf_dup(in_decrypted);
}
@@ -1340,7 +1340,7 @@
* processing when EAP request is re-processed after
* user input.
*/
- wpabuf_clear_free(data->pending_phase2_req);
+ wpabuf_free(data->pending_phase2_req);
data->pending_phase2_req = wpabuf_alloc(0);
}
@@ -1413,7 +1413,7 @@
in_decrypted = data->pending_phase2_req;
data->pending_phase2_req = NULL;
if (wpabuf_len(in_decrypted) == 0) {
- wpabuf_clear_free(in_decrypted);
+ wpabuf_free(in_decrypted);
return eap_ttls_implicit_identity_request(
sm, data, ret, identifier, out_data);
}
@@ -1449,7 +1449,7 @@
&parse, in_decrypted, out_data);
done:
- wpabuf_clear_free(in_decrypted);
+ wpabuf_free(in_decrypted);
os_free(parse.eapdata);
if (retval < 0) {
@@ -1509,7 +1509,7 @@
if (sm->waiting_ext_cert_check) {
wpa_printf(MSG_DEBUG,
"EAP-TTLS: Waiting external server certificate validation");
- wpabuf_clear_free(data->pending_resp);
+ wpabuf_free(data->pending_resp);
data->pending_resp = *out_data;
*out_data = NULL;
return 0;
@@ -1543,7 +1543,7 @@
/*
* Application data included in the handshake message.
*/
- wpabuf_clear_free(data->pending_phase2_req);
+ wpabuf_free(data->pending_phase2_req);
data->pending_phase2_req = *out_data;
*out_data = NULL;
res = eap_ttls_decrypt(sm, data, ret, identifier, in_data,
@@ -1646,7 +1646,7 @@
/* FIX: what about res == -1? Could just move all error processing into
* the other functions and get rid of this res==1 case here. */
if (res == 1) {
- wpabuf_clear_free(resp);
+ wpabuf_free(resp);
return eap_peer_tls_build_ack(id, EAP_TYPE_TTLS,
data->ttls_version);
}
@@ -1669,9 +1669,9 @@
if (data->phase2_priv && data->phase2_method &&
data->phase2_method->deinit_for_reauth)
data->phase2_method->deinit_for_reauth(sm, data->phase2_priv);
- wpabuf_clear_free(data->pending_phase2_req);
+ wpabuf_free(data->pending_phase2_req);
data->pending_phase2_req = NULL;
- wpabuf_clear_free(data->pending_resp);
+ wpabuf_free(data->pending_resp);
data->pending_resp = NULL;
data->decision_succ = DECISION_FAIL;
#ifdef EAP_TNC
diff --git a/src/eap_server/eap.h b/src/eap_server/eap.h
index 45e1212..4fbc661 100644
--- a/src/eap_server/eap.h
+++ b/src/eap_server/eap.h
@@ -153,8 +153,6 @@
int eap_sm_method_pending(struct eap_sm *sm);
const u8 * eap_get_identity(struct eap_sm *sm, size_t *len);
const char * eap_get_serial_num(struct eap_sm *sm);
-const char * eap_get_method(struct eap_sm *sm);
-const char * eap_get_imsi(struct eap_sm *sm);
struct eap_eapol_interface * eap_get_interface(struct eap_sm *sm);
void eap_server_clear_identity(struct eap_sm *sm);
void eap_server_mschap_rx_callback(struct eap_sm *sm, const char *source,
diff --git a/src/eap_server/eap_i.h b/src/eap_server/eap_i.h
index 1cade10..cf8a9f0 100644
--- a/src/eap_server/eap_i.h
+++ b/src/eap_server/eap_i.h
@@ -160,7 +160,6 @@
u8 *identity;
size_t identity_len;
char *serial_num;
- char imsi[20];
/* Whether Phase 2 method should validate identity match */
int require_identity_match;
int lastId; /* Identifier used in the last EAP-Packet */
diff --git a/src/eap_server/eap_server.c b/src/eap_server/eap_server.c
index b33f632..38a1b5c 100644
--- a/src/eap_server/eap_server.c
+++ b/src/eap_server/eap_server.c
@@ -2003,32 +2003,6 @@
}
-/**
- * eap_get_method - Get the used EAP method
- * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
- * Returns: Pointer to the method name or %NULL if not available
- */
-const char * eap_get_method(struct eap_sm *sm)
-{
- if (!sm || !sm->m)
- return NULL;
- return sm->m->name;
-}
-
-
-/**
- * eap_get_imsi - Get IMSI of the user
- * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
- * Returns: Pointer to IMSI or %NULL if not available
- */
-const char * eap_get_imsi(struct eap_sm *sm)
-{
- if (!sm || sm->imsi[0] == '\0')
- return NULL;
- return sm->imsi;
-}
-
-
void eap_erp_update_identity(struct eap_sm *sm, const u8 *eap, size_t len)
{
#ifdef CONFIG_ERP
diff --git a/src/eap_server/eap_server_aka.c b/src/eap_server/eap_server_aka.c
index 1bea706..1750211 100644
--- a/src/eap_server/eap_server_aka.c
+++ b/src/eap_server/eap_server_aka.c
@@ -796,10 +796,6 @@
return;
}
- if (data->permanent[0] == EAP_AKA_PERMANENT_PREFIX ||
- data->permanent[0] == EAP_AKA_PRIME_PERMANENT_PREFIX)
- os_strlcpy(sm->imsi, &data->permanent[1], sizeof(sm->imsi));
-
#ifdef EAP_SERVER_AKA_PRIME
if (data->eap_method == EAP_TYPE_AKA_PRIME) {
/* Note: AUTN = (SQN ^ AK) || AMF || MAC which gives us the
diff --git a/src/eap_server/eap_server_peap.c b/src/eap_server/eap_server_peap.c
index 3d334a0..18d31b5 100644
--- a/src/eap_server/eap_server_peap.c
+++ b/src/eap_server/eap_server_peap.c
@@ -1,6 +1,6 @@
/*
* hostapd / EAP-PEAP (draft-josefsson-pppext-eap-tls-eap-10.txt)
- * Copyright (c) 2004-2019, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -324,7 +324,6 @@
{
u8 *tk;
u8 isk[32], imck[60];
- int res;
/*
* Tunnel key (TK) is the first 60 octets of the key generated by
@@ -359,11 +358,9 @@
* in the end of the label just before ISK; is that just a typo?)
*/
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: TempKey", tk, 40);
- res = peap_prfplus(data->peap_version, tk, 40,
- "Inner Methods Compound Keys",
- isk, sizeof(isk), imck, sizeof(imck));
- os_memset(isk, 0, sizeof(isk));
- if (res < 0) {
+ if (peap_prfplus(data->peap_version, tk, 40,
+ "Inner Methods Compound Keys",
+ isk, sizeof(isk), imck, sizeof(imck)) < 0) {
os_free(tk);
return -1;
}
@@ -376,7 +373,6 @@
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: IPMK (S-IPMKj)", data->ipmk, 40);
os_memcpy(data->cmk, imck + 40, 20);
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: CMK (CMKj)", data->cmk, 20);
- os_memset(imck, 0, sizeof(imck));
return 0;
}
@@ -760,7 +756,7 @@
} else {
eap_peap_state(data, FAILURE);
}
-
+
} else if (status == EAP_TLV_RESULT_FAILURE) {
wpa_printf(MSG_INFO, "EAP-PEAP: TLV Result - Failure "
"- requested %s", requested);
@@ -1326,17 +1322,14 @@
"key");
}
- os_memset(csk, 0, sizeof(csk));
-
return eapKeyData;
}
/* TODO: PEAPv1 - different label in some cases */
eapKeyData = eap_server_tls_derive_key(sm, &data->ssl,
"client EAP encryption",
- EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
+ EAP_TLS_KEY_LEN);
if (eapKeyData) {
- os_memset(eapKeyData + EAP_TLS_KEY_LEN, 0, EAP_EMSK_LEN);
*len = EAP_TLS_KEY_LEN;
wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Derived key",
eapKeyData, EAP_TLS_KEY_LEN);
@@ -1348,40 +1341,6 @@
}
-static u8 * eap_peap_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
-{
- struct eap_peap_data *data = priv;
- u8 *eapKeyData, *emsk;
-
- if (data->state != SUCCESS)
- return NULL;
-
- if (data->crypto_binding_used) {
- /* [MS-PEAP] does not define EMSK derivation */
- return NULL;
- }
-
- /* TODO: PEAPv1 - different label in some cases */
- eapKeyData = eap_server_tls_derive_key(sm, &data->ssl,
- "client EAP encryption",
- EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
- if (eapKeyData) {
- emsk = os_memdup(eapKeyData + EAP_TLS_KEY_LEN, EAP_EMSK_LEN);
- bin_clear_free(eapKeyData, EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
- if (!emsk)
- return NULL;
- *len = EAP_EMSK_LEN;
- wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Derived EMSK",
- emsk, EAP_EMSK_LEN);
- } else {
- wpa_printf(MSG_DEBUG, "EAP-PEAP: Failed to derive EMSK");
- emsk = NULL;
- }
-
- return emsk;
-}
-
-
static Boolean eap_peap_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_peap_data *data = priv;
@@ -1417,7 +1376,6 @@
eap->process = eap_peap_process;
eap->isDone = eap_peap_isDone;
eap->getKey = eap_peap_getKey;
- eap->get_emsk = eap_peap_get_emsk;
eap->isSuccess = eap_peap_isSuccess;
eap->getSessionId = eap_peap_get_session_id;
diff --git a/src/eap_server/eap_server_sim.c b/src/eap_server/eap_server_sim.c
index 1287827..10637d4 100644
--- a/src/eap_server/eap_server_sim.c
+++ b/src/eap_server/eap_server_sim.c
@@ -535,9 +535,6 @@
goto failed;
}
- if (data->permanent[0] == EAP_SIM_PERMANENT_PREFIX)
- os_strlcpy(sm->imsi, &data->permanent[1], sizeof(sm->imsi));
-
identity_len = sm->identity_len;
while (identity_len > 0 && sm->identity[identity_len - 1] == '\0') {
wpa_printf(MSG_DEBUG, "EAP-SIM: Workaround - drop last null "
diff --git a/src/eap_server/eap_server_tls.c b/src/eap_server/eap_server_tls.c
index 13d2349..8b9e53c 100644
--- a/src/eap_server/eap_server_tls.c
+++ b/src/eap_server/eap_server_tls.c
@@ -22,7 +22,6 @@
enum { START, CONTINUE, SUCCESS, FAILURE } state;
int established;
u8 eap_type;
- int phase2;
};
@@ -86,8 +85,6 @@
data->eap_type = EAP_TYPE_TLS;
- data->phase2 = sm->init_phase2;
-
return data;
}
@@ -205,20 +202,6 @@
wpa_printf(MSG_DEBUG, "EAP-TLS: Done");
eap_tls_state(data, SUCCESS);
eap_tls_valid_session(sm, data);
- if (sm->serial_num) {
- char user[128];
- int user_len;
-
- user_len = os_snprintf(user, sizeof(user), "cert-%s",
- sm->serial_num);
- if (eap_user_get(sm, (const u8 *) user, user_len,
- data->phase2) < 0)
- wpa_printf(MSG_DEBUG,
- "EAP-TLS: No user entry found based on the serial number of the client certificate ");
- else
- wpa_printf(MSG_DEBUG,
- "EAP-TLS: Updated user entry based on the serial number of the client certificate ");
- }
}
return res;
@@ -305,8 +288,6 @@
"EAP-TLS: Resuming previous session");
eap_tls_state(data, SUCCESS);
tls_connection_set_success_data_resumed(data->ssl.conn);
- /* TODO: Cache serial number with session and update EAP user
- * information based on the cached serial number */
}
diff --git a/src/eap_server/eap_server_tls_common.c b/src/eap_server/eap_server_tls_common.c
index 4ba7c24..0ae7867 100644
--- a/src/eap_server/eap_server_tls_common.c
+++ b/src/eap_server/eap_server_tls_common.c
@@ -146,26 +146,10 @@
u8 *out;
if (eap_type == EAP_TYPE_TLS && data->tls_v13) {
- u8 *id, *method_id;
-
- /* Session-Id = <EAP-Type> || Method-Id
- * Method-Id = TLS-Exporter("EXPORTER_EAP_TLS_Method-Id",
- * "", 64)
- */
- *len = 1 + 64;
- id = os_malloc(*len);
- if (!id)
- return NULL;
- method_id = eap_server_tls_derive_key(
- sm, data, "EXPORTER_EAP_TLS_Method-Id", 64);
- if (!method_id) {
- os_free(id);
- return NULL;
- }
- id[0] = eap_type;
- os_memcpy(id + 1, method_id, 64);
- os_free(method_id);
- return id;
+ *len = 64;
+ return eap_server_tls_derive_key(sm, data,
+ "EXPORTER_EAP_TLS_Session-Id",
+ 64);
}
if (tls_connection_get_random(sm->ssl_ctx, data->conn, &keys))
diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c
index 47d95ae..585b4a0 100644
--- a/src/p2p/p2p.c
+++ b/src/p2p/p2p.c
@@ -1470,8 +1470,7 @@
p2p->op_channel = p2p->cfg->op_channel;
} else if (p2p_channel_random_social(&p2p->cfg->channels,
&p2p->op_reg_class,
- &p2p->op_channel,
- NULL, NULL) == 0) {
+ &p2p->op_channel) == 0) {
p2p_dbg(p2p, "Select random available social channel (op_class %u channel %u) as operating channel preference",
p2p->op_reg_class, p2p->op_channel);
} else {
@@ -4770,12 +4769,9 @@
int p2p_config_get_random_social(struct p2p_config *p2p, u8 *op_class,
- u8 *op_channel,
- struct wpa_freq_range_list *avoid_list,
- struct wpa_freq_range_list *disallow_list)
+ u8 *op_channel)
{
- return p2p_channel_random_social(&p2p->channels, op_class, op_channel,
- avoid_list, disallow_list);
+ return p2p_channel_random_social(&p2p->channels, op_class, op_channel);
}
diff --git a/src/p2p/p2p.h b/src/p2p/p2p.h
index f2969ee..fac5ce0 100644
--- a/src/p2p/p2p.h
+++ b/src/p2p/p2p.h
@@ -104,11 +104,6 @@
unsigned int vht_center_freq2;
/**
- * he - Indicates if IEEE 802.11ax HE is enabled
- */
- int he;
-
- /**
* ssid - SSID of the group
*/
u8 ssid[SSID_MAX_LEN];
@@ -2010,8 +2005,6 @@
* @p2p: P2P config
* @op_class: Selected operating class
* @op_channel: Selected social channel
- * @avoid_list: Channel ranges to try to avoid or %NULL
- * @disallow_list: Channel ranges to discard or %NULL
* Returns: 0 on success, -1 on failure
*
* This function is used before p2p_init is called. A random social channel
@@ -2019,9 +2012,7 @@
* returned on success.
*/
int p2p_config_get_random_social(struct p2p_config *p2p, u8 *op_class,
- u8 *op_channel,
- struct wpa_freq_range_list *avoid_list,
- struct wpa_freq_range_list *disallow_list);
+ u8 *op_channel);
int p2p_set_listen_channel(struct p2p_data *p2p, u8 reg_class, u8 channel,
u8 forced);
diff --git a/src/p2p/p2p_i.h b/src/p2p/p2p_i.h
index 64a9977..a73d99e 100644
--- a/src/p2p/p2p_i.h
+++ b/src/p2p/p2p_i.h
@@ -718,9 +718,7 @@
int p2p_channel_select(struct p2p_channels *chans, const int *classes,
u8 *op_class, u8 *op_channel);
int p2p_channel_random_social(struct p2p_channels *chans, u8 *op_class,
- u8 *op_channel,
- struct wpa_freq_range_list *avoid_list,
- struct wpa_freq_range_list *disallow_list);
+ u8 *op_channel);
/* p2p_parse.c */
void p2p_copy_filter_devname(char *dst, size_t dst_len,
diff --git a/src/p2p/p2p_invitation.c b/src/p2p/p2p_invitation.c
index 77d662a..bbba001 100644
--- a/src/p2p/p2p_invitation.c
+++ b/src/p2p/p2p_invitation.c
@@ -488,7 +488,7 @@
if (*msg.status == P2P_SC_FAIL_NO_COMMON_CHANNELS &&
p2p->retry_invite_req &&
p2p_channel_random_social(&p2p->cfg->channels, &p2p->op_reg_class,
- &p2p->op_channel, NULL, NULL) == 0) {
+ &p2p->op_channel) == 0) {
p2p->retry_invite_req = 0;
p2p->cfg->send_action_done(p2p->cfg->cb_ctx);
p2p->cfg->stop_listen(p2p->cfg->cb_ctx);
diff --git a/src/p2p/p2p_utils.c b/src/p2p/p2p_utils.c
index 1a62a44..2e2aa8a 100644
--- a/src/p2p/p2p_utils.c
+++ b/src/p2p/p2p_utils.c
@@ -413,30 +413,17 @@
int p2p_channel_random_social(struct p2p_channels *chans, u8 *op_class,
- u8 *op_channel,
- struct wpa_freq_range_list *avoid_list,
- struct wpa_freq_range_list *disallow_list)
+ u8 *op_channel)
{
u8 chan[4];
unsigned int num_channels = 0;
- /* Try to find available social channels from 2.4 GHz.
- * If the avoid_list includes any of the 2.4 GHz social channels, that
- * channel is not allowed by p2p_channels_includes() rules. However, it
- * is assumed to allow minimal traffic for P2P negotiation, so allow it
- * here for social channel selection unless explicitly disallowed in the
- * disallow_list. */
- if (p2p_channels_includes(chans, 81, 1) ||
- (freq_range_list_includes(avoid_list, 2412) &&
- !freq_range_list_includes(disallow_list, 2412)))
+ /* Try to find available social channels from 2.4 GHz */
+ if (p2p_channels_includes(chans, 81, 1))
chan[num_channels++] = 1;
- if (p2p_channels_includes(chans, 81, 6) ||
- (freq_range_list_includes(avoid_list, 2437) &&
- !freq_range_list_includes(disallow_list, 2437)))
+ if (p2p_channels_includes(chans, 81, 6))
chan[num_channels++] = 6;
- if (p2p_channels_includes(chans, 81, 11) ||
- (freq_range_list_includes(avoid_list, 2462) &&
- !freq_range_list_includes(disallow_list, 2462)))
+ if (p2p_channels_includes(chans, 81, 11))
chan[num_channels++] = 11;
/* Try to find available social channels from 60 GHz */
diff --git a/src/pae/ieee802_1x_cp.c b/src/pae/ieee802_1x_cp.c
index 8cdce30..360fcd3 100644
--- a/src/pae/ieee802_1x_cp.c
+++ b/src/pae/ieee802_1x_cp.c
@@ -38,10 +38,12 @@
/* Logon -> CP */
enum connect_type connect;
+ u8 *authorization_data;
/* KaY -> CP */
Boolean chgd_server; /* clear by CP */
Boolean elected_self;
+ u8 *authorization_data1;
enum confidentiality_offset cipher_offset;
u64 cipher_suite;
Boolean new_sak; /* clear by CP */
@@ -318,11 +320,8 @@
SM_ENTRY(CP, RETIRE);
/* RETIRE state machine not keep with Figure 12-2 in
* IEEE Std 802.1X-2010 */
- if (sm->oki) {
- ieee802_1x_kay_delete_sas(sm->kay, sm->oki);
- os_free(sm->oki);
- sm->oki = NULL;
- }
+ os_free(sm->oki);
+ sm->oki = NULL;
sm->orx = FALSE;
sm->otx = FALSE;
ieee802_1x_kay_set_old_sa_attr(sm->kay, sm->oki, sm->oan,
@@ -384,8 +383,7 @@
if (!sm->elected_self)
SM_ENTER(CP, READY);
if (sm->elected_self &&
- (sm->all_receiving || !sm->controlled_port_enabled ||
- !sm->transmit_when))
+ (sm->all_receiving || !sm->transmit_when))
SM_ENTER(CP, TRANSMIT);
break;
@@ -408,8 +406,8 @@
case CP_READY:
if (sm->new_sak || changed_connect(sm))
- SM_ENTER(CP, ABANDON);
- if (sm->server_transmitting || !sm->controlled_port_enabled)
+ SM_ENTER(CP, RECEIVE);
+ if (sm->server_transmitting)
SM_ENTER(CP, TRANSMIT);
break;
case CP_ABANDON:
@@ -466,6 +464,7 @@
sm->retire_delay = MKA_SAK_RETIRE_TIME;
sm->CP_state = CP_BEGIN;
sm->changed = FALSE;
+ sm->authorization_data = NULL;
wpa_printf(MSG_DEBUG, "CP: state machine created");
@@ -477,6 +476,7 @@
secy_cp_control_confidentiality_offset(sm->kay,
sm->confidentiality_offset);
+ SM_ENTER(CP, INIT);
SM_STEP_RUN(CP);
return sm;
@@ -518,6 +518,7 @@
eloop_cancel_timeout(ieee802_1x_cp_step_cb, sm, NULL);
os_free(sm->lki);
os_free(sm->oki);
+ os_free(sm->authorization_data);
os_free(sm);
}
@@ -588,6 +589,19 @@
/**
+ * ieee802_1x_cp_set_authorizationdata -
+ */
+void ieee802_1x_cp_set_authorizationdata(void *cp_ctx, u8 *pdata, int len)
+{
+ struct ieee802_1x_cp_sm *sm = cp_ctx;
+ os_free(sm->authorization_data);
+ sm->authorization_data = os_zalloc(len);
+ if (sm->authorization_data)
+ os_memcpy(sm->authorization_data, pdata, len);
+}
+
+
+/**
* ieee802_1x_cp_set_ciphersuite -
*/
void ieee802_1x_cp_set_ciphersuite(void *cp_ctx, u64 cs)
diff --git a/src/pae/ieee802_1x_cp.h b/src/pae/ieee802_1x_cp.h
index a357b27..695629e 100644
--- a/src/pae/ieee802_1x_cp.h
+++ b/src/pae/ieee802_1x_cp.h
@@ -25,6 +25,7 @@
void ieee802_1x_cp_connect_secure(void *cp_ctx);
void ieee802_1x_cp_signal_chgdserver(void *cp_ctx);
void ieee802_1x_cp_set_electedself(void *cp_ctx, Boolean status);
+void ieee802_1x_cp_set_authorizationdata(void *cp_ctx, u8 *pdata, int len);
void ieee802_1x_cp_set_ciphersuite(void *cp_ctx, u64 cs);
void ieee802_1x_cp_set_offset(void *cp_ctx, enum confidentiality_offset offset);
void ieee802_1x_cp_signal_newsak(void *cp_ctx);
diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index b4455c8..cda23fc 100644
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -1,5 +1,5 @@
/*
- * IEEE 802.1X-2010 Key Agreement Protocol of PAE state machine
+ * IEEE 802.1X-2010 Key Agree Protocol of PAE state machine
* Copyright (c) 2013, Qualcomm Atheros, Inc.
*
* This software may be distributed under the terms of the BSD license.
@@ -27,9 +27,6 @@
#define DEFAULT_ICV_LEN 16
#define MAX_ICV_LEN 32 /* 32 bytes, 256 bits */
-#define MAX_MISSING_SAK_USE 10 /* Accept up to 10 inbound MKPDUs without
- * SAK-USE before dropping */
-
#define PENDING_PN_EXHAUSTION 0xC0000000
#define MKA_ALIGN_LENGTH(len) (((len) + 0x3) & ~0x3)
@@ -46,6 +43,7 @@
.name = CS_NAME_GCM_AES_128,
.capable = MACSEC_CAP_INTEG_AND_CONF_0_30_50,
.sak_len = DEFAULT_SA_KEY_LEN,
+ .index = 0,
},
/* GCM-AES-256 */
{
@@ -53,6 +51,7 @@
.name = CS_NAME_GCM_AES_256,
.capable = MACSEC_CAP_INTEG_AND_CONF_0_30_50,
.sak_len = 32,
+ .index = 1 /* index */
},
};
#define CS_TABLE_SIZE (ARRAY_SIZE(cipher_suite_tbl))
@@ -62,13 +61,19 @@
{
.parameter = MKA_ALGO_AGILITY_2009,
+ /* 128-bit CAK, KEK, ICK, ICV */
+ .cak_len = DEFAULT_ICV_LEN,
+ .kek_len = DEFAULT_ICV_LEN,
+ .ick_len = DEFAULT_ICV_LEN,
.icv_len = DEFAULT_ICV_LEN,
- .cak_trfm = ieee802_1x_cak_aes_cmac,
- .ckn_trfm = ieee802_1x_ckn_aes_cmac,
- .kek_trfm = ieee802_1x_kek_aes_cmac,
- .ick_trfm = ieee802_1x_ick_aes_cmac,
- .icv_hash = ieee802_1x_icv_aes_cmac,
+ .cak_trfm = ieee802_1x_cak_128bits_aes_cmac,
+ .ckn_trfm = ieee802_1x_ckn_128bits_aes_cmac,
+ .kek_trfm = ieee802_1x_kek_128bits_aes_cmac,
+ .ick_trfm = ieee802_1x_ick_128bits_aes_cmac,
+ .icv_hash = ieee802_1x_icv_128bits_aes_cmac,
+
+ .index = 1,
},
};
#define MKA_ALG_TABLE_SIZE (ARRAY_SIZE(mka_alg_tbl))
@@ -104,34 +109,6 @@
}
-static const char * mi_txt(const u8 *mi)
-{
- static char txt[MI_LEN * 2 + 1];
-
- wpa_snprintf_hex(txt, sizeof(txt), mi, MI_LEN);
- return txt;
-}
-
-
-static const char * sci_txt(const struct ieee802_1x_mka_sci *sci)
-{
- static char txt[ETH_ALEN * 3 + 1 + 5 + 1];
-
- os_snprintf(txt, sizeof(txt), MACSTR "@%u",
- MAC2STR(sci->addr), be_to_host16(sci->port));
- return txt;
-}
-
-
-static const char * algo_agility_txt(const u8 *algo_agility)
-{
- static char txt[4 * 2 + 1];
-
- wpa_snprintf_hex(txt, sizeof(txt), algo_agility, 4);
- return txt;
-}
-
-
/**
* ieee802_1x_mka_dump_basic_body -
*/
@@ -143,25 +120,26 @@
if (!body)
return;
- /* IEEE Std 802.1X-2010, Figure 11-8 */
body_len = get_mka_param_body_len(body);
- wpa_printf(MSG_DEBUG, "MKA Basic Parameter Set");
- wpa_printf(MSG_DEBUG, "\tMKA Version Identifier: %d", body->version);
- wpa_printf(MSG_DEBUG, "\tKey Server Priority: %d", body->priority);
- wpa_printf(MSG_DEBUG, "\tKey Server: %d", body->key_server);
- wpa_printf(MSG_DEBUG, "\tMACsec Desired: %d", body->macsec_desired);
- wpa_printf(MSG_DEBUG, "\tMACsec Capability: %d",
- body->macsec_capability);
- wpa_printf(MSG_DEBUG, "\tParameter set body length: %zu", body_len);
- wpa_printf(MSG_DEBUG, "\tSCI: %s", sci_txt(&body->actor_sci));
- wpa_printf(MSG_DEBUG, "\tActor's Member Identifier: %s",
- mi_txt(body->actor_mi));
- wpa_printf(MSG_DEBUG, "\tActor's Message Number: %d",
+ wpa_printf(MSG_DEBUG, "*** MKA Basic Parameter set ***");
+ wpa_printf(MSG_DEBUG, "\tVersion.......: %d", body->version);
+ wpa_printf(MSG_DEBUG, "\tPriority......: %d", body->priority);
+ wpa_printf(MSG_DEBUG, "\tKeySvr........: %d", body->key_server);
+ wpa_printf(MSG_DEBUG, "\tMACSecDesired.: %d", body->macsec_desired);
+ wpa_printf(MSG_DEBUG, "\tMACSecCapable.: %d", body->macsec_capability);
+ wpa_printf(MSG_DEBUG, "\tBody Length...: %zu", body_len);
+ wpa_printf(MSG_DEBUG, "\tSCI MAC.......: " MACSTR,
+ MAC2STR(body->actor_sci.addr));
+ wpa_printf(MSG_DEBUG, "\tSCI Port .....: %d",
+ be_to_host16(body->actor_sci.port));
+ wpa_hexdump(MSG_DEBUG, "\tMember Id.....:",
+ body->actor_mi, sizeof(body->actor_mi));
+ wpa_printf(MSG_DEBUG, "\tMessage Number: %d",
be_to_host32(body->actor_mn));
- wpa_printf(MSG_DEBUG, "\tAlgorithm Agility: %s",
- algo_agility_txt(body->algo_agility));
- wpa_hexdump(MSG_DEBUG, "\tCAK Name", body->ckn,
- body_len + MKA_HDR_LEN - sizeof(*body));
+ wpa_hexdump(MSG_DEBUG, "\tAlgo Agility..:",
+ body->algo_agility, sizeof(body->algo_agility));
+ wpa_hexdump_ascii(MSG_DEBUG, "\tCAK Name......:", body->ckn,
+ body_len + MKA_HDR_LEN - sizeof(*body));
}
@@ -179,21 +157,20 @@
if (body == NULL)
return;
- /* IEEE Std 802.1X-2010, Figure 11-9 */
body_len = get_mka_param_body_len(body);
if (body->type == MKA_LIVE_PEER_LIST) {
- wpa_printf(MSG_DEBUG, "Live Peer List parameter set");
- wpa_printf(MSG_DEBUG, "\tBody Length: %zu", body_len);
+ wpa_printf(MSG_DEBUG, "*** Live Peer List ***");
+ wpa_printf(MSG_DEBUG, "\tBody Length...: %zu", body_len);
} else if (body->type == MKA_POTENTIAL_PEER_LIST) {
- wpa_printf(MSG_DEBUG, "Potential Peer List parameter set");
- wpa_printf(MSG_DEBUG, "\tBody Length: %zu", body_len);
+ wpa_printf(MSG_DEBUG, "*** Potential Live Peer List ***");
+ wpa_printf(MSG_DEBUG, "\tBody Length...: %zu", body_len);
}
for (i = 0; i < body_len; i += MI_LEN + sizeof(mn)) {
mi = body->peer + i;
os_memcpy(&mn, mi + MI_LEN, sizeof(mn));
- wpa_printf(MSG_DEBUG, "\tMember Id: %s Message Number: %d",
- mi_txt(mi), be_to_host32(mn));
+ wpa_hexdump_ascii(MSG_DEBUG, "\tMember Id.....:", mi, MI_LEN);
+ wpa_printf(MSG_DEBUG, "\tMessage Number: %d", be_to_host32(mn));
}
}
@@ -209,20 +186,18 @@
if (body == NULL)
return;
- /* IEEE Std 802.1X-2010, Figure 11-11 and 11-12 */
body_len = get_mka_param_body_len(body);
- wpa_printf(MSG_DEBUG, "Distributed SAK parameter set");
- wpa_printf(MSG_DEBUG, "\tDistributed AN........: %d", body->dan);
- wpa_printf(MSG_DEBUG, "\tConfidentiality Offset: %d",
+ wpa_printf(MSG_INFO, "*** Distributed SAK ***");
+ wpa_printf(MSG_INFO, "\tDistributed AN........: %d", body->dan);
+ wpa_printf(MSG_INFO, "\tConfidentiality Offset: %d",
body->confid_offset);
- wpa_printf(MSG_DEBUG, "\tBody Length...........: %zu", body_len);
+ wpa_printf(MSG_INFO, "\tBody Length...........: %zu", body_len);
if (!body_len)
return;
- wpa_printf(MSG_DEBUG, "\tKey Number............: %d",
+ wpa_printf(MSG_INFO, "\tKey Number............: %d",
be_to_host32(body->kn));
- /* TODO: Other than GCM-AES-128 case: MACsec Cipher Suite */
- wpa_hexdump(MSG_DEBUG, "\tAES Key Wrap of SAK...:", body->sak, 24);
+ wpa_hexdump(MSG_INFO, "\tAES Key Wrap of SAK...:", body->sak, 24);
}
@@ -243,32 +218,33 @@
if (body == NULL)
return;
- /* IEEE Std 802.1X-2010, Figure 11-10 */
body_len = get_mka_param_body_len(body);
- wpa_printf(MSG_DEBUG, "MACsec SAK Use parameter set");
+ wpa_printf(MSG_DEBUG, "*** MACsec SAK Use ***");
wpa_printf(MSG_DEBUG, "\tLatest Key AN....: %d", body->lan);
wpa_printf(MSG_DEBUG, "\tLatest Key Tx....: %s", yes_no(body->ltx));
wpa_printf(MSG_DEBUG, "\tLatest Key Rx....: %s", yes_no(body->lrx));
- wpa_printf(MSG_DEBUG, "\tOld Key AN.......: %d", body->oan);
- wpa_printf(MSG_DEBUG, "\tOld Key Tx.......: %s", yes_no(body->otx));
- wpa_printf(MSG_DEBUG, "\tOld Key Rx.......: %s", yes_no(body->orx));
- wpa_printf(MSG_DEBUG, "\tPlain Tx.........: %s", yes_no(body->ptx));
- wpa_printf(MSG_DEBUG, "\tPlain Rx.........: %s", yes_no(body->prx));
+ wpa_printf(MSG_DEBUG, "\tOld Key AN....: %d", body->oan);
+ wpa_printf(MSG_DEBUG, "\tOld Key Tx....: %s", yes_no(body->otx));
+ wpa_printf(MSG_DEBUG, "\tOld Key Rx....: %s", yes_no(body->orx));
+ wpa_printf(MSG_DEBUG, "\tPlain Key Tx....: %s", yes_no(body->ptx));
+ wpa_printf(MSG_DEBUG, "\tPlain Key Rx....: %s", yes_no(body->prx));
wpa_printf(MSG_DEBUG, "\tDelay Protect....: %s",
yes_no(body->delay_protect));
wpa_printf(MSG_DEBUG, "\tBody Length......: %d", body_len);
if (!body_len)
return;
- wpa_printf(MSG_DEBUG, "\tKey Server MI....: %s", mi_txt(body->lsrv_mi));
+ wpa_hexdump(MSG_DEBUG, "\tKey Server MI....:",
+ body->lsrv_mi, sizeof(body->lsrv_mi));
wpa_printf(MSG_DEBUG, "\tKey Number.......: %u",
be_to_host32(body->lkn));
wpa_printf(MSG_DEBUG, "\tLowest PN........: %u",
be_to_host32(body->llpn));
- wpa_printf(MSG_DEBUG, "\tOld Key Server MI: %s", mi_txt(body->osrv_mi));
- wpa_printf(MSG_DEBUG, "\tOld Key Number...: %u",
+ wpa_hexdump_ascii(MSG_DEBUG, "\tOld Key Server MI....:",
+ body->osrv_mi, sizeof(body->osrv_mi));
+ wpa_printf(MSG_DEBUG, "\tOld Key Number.......: %u",
be_to_host32(body->okn));
- wpa_printf(MSG_DEBUG, "\tOld Lowest PN....: %u",
+ wpa_printf(MSG_DEBUG, "\tOld Lowest PN........: %u",
be_to_host32(body->olpn));
}
@@ -395,7 +371,7 @@
*/
static struct macsec_ciphersuite *
ieee802_1x_kay_get_cipher_suite(struct ieee802_1x_mka_participant *participant,
- const u8 *cs_id, unsigned int *idx)
+ const u8 *cs_id)
{
unsigned int i;
u64 cs;
@@ -405,10 +381,8 @@
cs = be_to_host64(_cs);
for (i = 0; i < CS_TABLE_SIZE; i++) {
- if (cipher_suite_tbl[i].id == cs) {
- *idx = i;
+ if (cipher_suite_tbl[i].id == cs)
return &cipher_suite_tbl[i];
- }
}
return NULL;
@@ -490,7 +464,7 @@
dl_list_add(&psc->sa_list, &psa->list);
wpa_printf(MSG_DEBUG,
- "KaY: Create receive SA(an: %hhu lowest_pn: %u) of SC",
+ "KaY: Create receive SA(AN: %hhu lowest_pn: %u of SC",
an, lowest_pn);
return psa;
@@ -537,8 +511,8 @@
psc->receiving = FALSE;
dl_list_init(&psc->sa_list);
- wpa_printf(MSG_DEBUG, "KaY: Create receive SC: SCI %s",
- sci_txt(&psc->sci));
+ wpa_printf(MSG_DEBUG, "KaY: Create receive SC");
+ wpa_hexdump(MSG_DEBUG, "SCI: ", (u8 *)psci, sizeof(*psci));
return psc;
}
@@ -575,8 +549,10 @@
static void ieee802_1x_kay_dump_peer(struct ieee802_1x_kay_peer *peer)
{
- wpa_printf(MSG_DEBUG, "\tMI: %s MN: %d SCI: %s",
- mi_txt(peer->mi), peer->mn, sci_txt(&peer->sci));
+ wpa_hexdump(MSG_DEBUG, "\tMI: ", peer->mi, sizeof(peer->mi));
+ wpa_printf(MSG_DEBUG, "\tMN: %d", peer->mn);
+ wpa_hexdump(MSG_DEBUG, "\tSCI Addr: ", peer->sci.addr, ETH_ALEN);
+ wpa_printf(MSG_DEBUG, "\tPort: %d", peer->sci.port);
}
@@ -595,7 +571,6 @@
peer->mn = mn;
peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
peer->sak_used = FALSE;
- peer->missing_sak_use_count = 0;
return peer;
}
@@ -624,13 +599,9 @@
return NULL;
}
- if (secy_create_receive_sc(participant->kay, rxsc)) {
- os_free(rxsc);
- os_free(peer);
- return NULL;
- }
dl_list_add(&participant->live_peers, &peer->list);
dl_list_add(&participant->rxsc_list, &rxsc->list);
+ secy_create_receive_sc(participant->kay, rxsc);
wpa_printf(MSG_DEBUG, "KaY: Live peer created");
ieee802_1x_kay_dump_peer(peer);
@@ -654,7 +625,7 @@
dl_list_add(&participant->potential_peers, &peer->list);
- wpa_printf(MSG_DEBUG, "KaY: Potential peer created");
+ wpa_printf(MSG_DEBUG, "KaY: potential peer created");
ieee802_1x_kay_dump_peer(peer);
return peer;
@@ -684,19 +655,14 @@
peer->mn = mn;
peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
- wpa_printf(MSG_DEBUG, "KaY: Move potential peer to live peer");
+ wpa_printf(MSG_DEBUG, "KaY: move potential peer to live peer");
ieee802_1x_kay_dump_peer(peer);
dl_list_del(&peer->list);
- if (secy_create_receive_sc(participant->kay, rxsc)) {
- wpa_printf(MSG_ERROR, "KaY: Can't create SC, discard peer");
- os_free(rxsc);
- os_free(peer);
- return NULL;
- }
dl_list_add_tail(&participant->live_peers, &peer->list);
dl_list_add(&participant->rxsc_list, &rxsc->list);
+ secy_create_receive_sc(participant->kay, rxsc);
return peer;
}
@@ -738,15 +704,12 @@
{
struct ieee802_1x_mka_basic_body *body;
struct ieee802_1x_kay *kay = participant->kay;
- unsigned int length = sizeof(struct ieee802_1x_mka_basic_body);
+ unsigned int length = ieee802_1x_mka_basic_body_length(participant);
- length += participant->ckn.len;
- body = wpabuf_put(buf, MKA_ALIGN_LENGTH(length));
+ body = wpabuf_put(buf, length);
body->version = kay->mka_version;
body->priority = kay->actor_priority;
- /* The Key Server flag is set if and only if the participant has not
- * decided that another participant is or will be the Key Server. */
if (participant->is_elected)
body->key_server = participant->is_key_server;
else
@@ -802,11 +765,11 @@
if (body->version > MKA_VERSION_ID) {
wpa_printf(MSG_DEBUG,
- "KaY: Peer's version(%d) greater than MKA current version(%d)",
+ "KaY: peer's version(%d) greater than mka current version(%d)",
body->version, MKA_VERSION_ID);
}
if (kay->is_obliged_key_server && body->key_server) {
- wpa_printf(MSG_DEBUG, "KaY: I must be key server - ignore MKPDU claiming to be from a key server");
+ wpa_printf(MSG_DEBUG, "I must be as key server");
return NULL;
}
@@ -820,8 +783,7 @@
(sizeof(struct ieee802_1x_mka_basic_body) - MKA_HDR_LEN);
participant = ieee802_1x_kay_get_participant(kay, body->ckn, ckn_len);
if (!participant) {
- wpa_printf(MSG_DEBUG,
- "KaY: Peer is not included in my CA - ignore MKPDU");
+ wpa_printf(MSG_DEBUG, "Peer is not included in my CA");
return NULL;
}
@@ -829,9 +791,6 @@
if (os_memcmp(body->actor_mi, participant->mi, MI_LEN) == 0) {
if (!reset_participant_mi(participant))
return NULL;
- wpa_printf(MSG_DEBUG,
- "KaY: Peer using my MI - selected a new random MI: %s",
- mi_txt(participant->mi));
}
os_memcpy(participant->current_peer_id.mi, body->actor_mi, MI_LEN);
@@ -843,48 +802,24 @@
/* handler peer */
peer = ieee802_1x_kay_get_peer(participant, body->actor_mi);
if (!peer) {
- /* Check duplicated SCI
- *
- * A duplicated SCI indicates either an active attacker or
- * a valid peer whose MI is being changed. The latter scenario
- * is more likely because to have gotten this far the received
- * MKPDU must have had a valid ICV, indicating the peer holds
- * the same CAK as our participant.
- *
- * Before creating a new peer object for the new MI we must
- * clean up the resources (SCs and SAs) associated with the
- * old peer. An easy way to do this is to ignore MKPDUs with
- * the new MI's for now and just wait for the old peer to
- * time out and clean itself up (within MKA_LIFE_TIME).
- *
- * This method is preferable to deleting the old peer here
- * and now and continuing on with processing because if this
- * MKPDU is from an attacker it's better to ignore the MKPDU
- * than to process it (and delete a valid peer as well).
+ /* Check duplicated SCI */
+ /* TODO: What policy should be applied to detect duplicated SCI
+ * is active attacker or a valid peer whose MI is be changed?
*/
peer = ieee802_1x_kay_get_peer_sci(participant,
&body->actor_sci);
if (peer) {
- time_t new_expire;
-
wpa_printf(MSG_WARNING,
- "KaY: duplicated SCI detected - maybe active attacker or peer selected new MI - ignore MKPDU");
- /* Reduce timeout to speed up this process but left the
- * chance for old one to prove aliveness. */
- new_expire = time(NULL) + MKA_HELLO_TIME * 1.5 / 1000;
- if (peer->expire > new_expire)
- peer->expire = new_expire;
- return NULL;
+ "KaY: duplicated SCI detected, Maybe active attacker");
+ dl_list_del(&peer->list);
+ os_free(peer);
}
peer = ieee802_1x_kay_create_potential_peer(
participant, body->actor_mi,
be_to_host32(body->actor_mn));
- if (!peer) {
- wpa_printf(MSG_DEBUG,
- "KaY: No potential peer entry found - ignore MKPDU");
+ if (!peer)
return NULL;
- }
peer->macsec_desired = body->macsec_desired;
peer->macsec_capability = body->macsec_capability;
@@ -892,13 +827,13 @@
peer->key_server_priority = body->priority;
} else if (peer->mn < be_to_host32(body->actor_mn)) {
peer->mn = be_to_host32(body->actor_mn);
+ peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
peer->macsec_desired = body->macsec_desired;
peer->macsec_capability = body->macsec_capability;
peer->is_key_server = (Boolean) body->key_server;
peer->key_server_priority = body->priority;
} else {
- wpa_printf(MSG_WARNING,
- "KaY: The peer MN did not increase - ignore MKPDU");
+ wpa_printf(MSG_WARNING, "KaY: The peer MN have received");
return NULL;
}
@@ -1043,8 +978,8 @@
for (pos = mka_msg, left_len = msg_len;
left_len > MKA_HDR_LEN + DEFAULT_ICV_LEN;
- left_len -= MKA_ALIGN_LENGTH(body_len) + MKA_HDR_LEN,
- pos += MKA_ALIGN_LENGTH(body_len) + MKA_HDR_LEN) {
+ left_len -= body_len + MKA_HDR_LEN,
+ pos += body_len + MKA_HDR_LEN) {
hdr = (struct ieee802_1x_mka_hdr *) pos;
body_len = get_mka_param_body_len(hdr);
body_type = get_mka_param_body_type(hdr);
@@ -1079,15 +1014,9 @@
peer_mi = (const struct ieee802_1x_mka_peer_id *)
(pos + MKA_HDR_LEN + i);
if (os_memcmp(peer_mi->mi, participant->mi,
- MI_LEN) == 0) {
- u32 mn = be_to_host32(peer_mi->mn);
-
- wpa_printf(MSG_DEBUG,
- "KaY: My MI - received MN %u, most recently transmitted MN %u",
- mn, participant->mn);
- if (mn == participant->mn)
- return TRUE;
- }
+ MI_LEN) == 0 &&
+ be_to_host32(peer_mi->mn) == participant->mn)
+ return TRUE;
}
}
@@ -1143,6 +1072,7 @@
peer = ieee802_1x_kay_get_peer(participant, peer_mi->mi);
if (peer) {
peer->mn = peer_mn;
+ peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
} else if (!ieee802_1x_kay_create_potential_peer(
participant, peer_mi->mi, peer_mn)) {
return -1;
@@ -1224,38 +1154,27 @@
/**
- * ieee802_1x_mka_get_lpn
+ *
*/
static u32
ieee802_1x_mka_get_lpn(struct ieee802_1x_mka_participant *principal,
struct ieee802_1x_mka_ki *ki)
{
- struct transmit_sa *txsa;
+ struct receive_sa *rxsa;
+ struct receive_sc *rxsc;
u32 lpn = 0;
- dl_list_for_each(txsa, &principal->txsc->sa_list,
- struct transmit_sa, list) {
- if (is_ki_equal(&txsa->pkey->key_identifier, ki)) {
- /* Per IEEE Std 802.1X-2010, Clause 9, "Each SecY uses
- * MKA to communicate the lowest PN used for
- * transmission with the SAK within the last two
- * seconds". Achieve this 2 second delay by setting the
- * lpn using the transmit next PN (i.e., txsa->next_pn)
- * that was read last time here (i.e., mka_hello_time
- * 2 seconds ago).
- *
- * The lowest acceptable PN is the same as the last
- * transmitted PN, which is one less than the next
- * transmit PN.
- *
- * NOTE: This method only works if mka_hello_time is 2s.
- */
- lpn = (txsa->next_pn > 0) ? (txsa->next_pn - 1) : 0;
+ dl_list_for_each(rxsc, &principal->rxsc_list, struct receive_sc, list) {
+ dl_list_for_each(rxsa, &rxsc->sa_list, struct receive_sa, list)
+ {
+ if (is_ki_equal(&rxsa->pkey->key_identifier, ki)) {
+ secy_get_receive_lowest_pn(principal->kay,
+ rxsa);
- /* Now read the current transmit next PN for use next
- * time through. */
- secy_get_transmit_next_pn(principal->kay, txsa);
- break;
+ lpn = lpn > rxsa->lowest_pn ?
+ lpn : rxsa->lowest_pn;
+ break;
+ }
}
}
@@ -1295,9 +1214,8 @@
return 0;
}
- /* data delay protect */
- body->delay_protect = kay->mka_hello_time <= MKA_BOUNDED_HELLO_TIME;
- /* lowest accept packet number */
+ /* data protect, lowest accept packet number */
+ body->delay_protect = kay->macsec_replay_protect;
pn = ieee802_1x_mka_get_lpn(participant, &participant->lki);
if (pn > kay->pn_exhaustion) {
wpa_printf(MSG_WARNING, "KaY: My LPN exhaustion");
@@ -1358,8 +1276,7 @@
struct ieee802_1x_mka_hdr *hdr;
struct ieee802_1x_mka_sak_use_body *body;
struct ieee802_1x_kay_peer *peer;
- struct receive_sc *rxsc;
- struct receive_sa *rxsa;
+ struct transmit_sa *txsa;
struct data_key *sa_key = NULL;
size_t body_len;
struct ieee802_1x_mka_ki ki;
@@ -1375,9 +1292,7 @@
peer = ieee802_1x_kay_get_live_peer(participant,
participant->current_peer_id.mi);
if (!peer) {
- wpa_printf(MSG_WARNING,
- "KaY: The peer (%s) is not my live peer - ignore MACsec SAK Use parameter set",
- mi_txt(participant->current_peer_id.mi));
+ wpa_printf(MSG_WARNING, "KaY: the peer is not my live peer");
return -1;
}
@@ -1421,7 +1336,7 @@
}
}
if (!found) {
- wpa_printf(MSG_INFO, "KaY: Latest key is invalid");
+ wpa_printf(MSG_WARNING, "KaY: Latest key is invalid");
return -1;
}
if (os_memcmp(participant->lki.mi, body->lsrv_mi,
@@ -1451,7 +1366,7 @@
if (body->delay_protect &&
(!be_to_host32(body->llpn) || !be_to_host32(body->olpn))) {
wpa_printf(MSG_WARNING,
- "KaY: Lowest packet number should be greater than 0 when delay_protect is TRUE");
+ "KaY: Lowest packet number should greater than 0 when delay_protect is TRUE");
return -1;
}
@@ -1470,7 +1385,7 @@
ieee802_1x_cp_sm_step(kay->cp);
}
- /* if I'm key server, and detects peer member pn exhaustion, rekey. */
+ /* if i'm key server, and detects peer member pn exhaustion, rekey.*/
lpn = be_to_host32(body->llpn);
if (lpn > kay->pn_exhaustion) {
if (participant->is_key_server) {
@@ -1479,41 +1394,26 @@
}
}
- if (sa_key)
- sa_key->next_pn = lpn;
found = FALSE;
- dl_list_for_each(rxsc, &participant->rxsc_list, struct receive_sc,
- list) {
- dl_list_for_each(rxsa, &rxsc->sa_list, struct receive_sa,
- list) {
- if (sa_key && rxsa->pkey == sa_key) {
- found = TRUE;
- break;
- }
- }
- if (found)
+ dl_list_for_each(txsa, &participant->txsc->sa_list,
+ struct transmit_sa, list) {
+ if (sa_key != NULL && txsa->pkey == sa_key) {
+ found = TRUE;
break;
+ }
}
if (!found) {
- wpa_printf(MSG_WARNING, "KaY: Can't find rxsa");
+ wpa_printf(MSG_WARNING, "KaY: Can't find txsa");
return -1;
}
- if (body->delay_protect) {
- secy_get_receive_lowest_pn(participant->kay, rxsa);
- if (lpn > rxsa->lowest_pn) {
- /* Delay protect window (communicated via MKA) is
- * tighter than SecY's current replay protect window,
- * so tell SecY the new (and higher) lpn. */
- rxsa->lowest_pn = lpn;
- secy_set_receive_lowest_pn(participant->kay, rxsa);
- wpa_printf(MSG_DEBUG, "KaY: update lpn =0x%x", lpn);
- }
- /* FIX: Delay protection for olpn not implemented.
- * Note that Old Key is only active for MKA_SAK_RETIRE_TIME
- * (3 seconds) and delay protection does allow PN's within
- * a 2 seconds window, so olpn would be a lot of work for
- * just 1 second's worth of protection. */
+ /* FIXME: Secy creates txsa with default npn. If MKA detected Latest Key
+ * npn is larger than txsa's npn, set it to txsa.
+ */
+ secy_get_transmit_next_pn(kay, txsa);
+ if (lpn > txsa->next_pn) {
+ secy_set_transmit_next_pn(kay, txsa);
+ wpa_printf(MSG_INFO, "KaY: update lpn =0x%x", lpn);
}
return 0;
@@ -1527,8 +1427,7 @@
ieee802_1x_mka_dist_sak_body_present(
struct ieee802_1x_mka_participant *participant)
{
- return participant->is_key_server && participant->to_dist_sak &&
- participant->new_key;
+ return participant->to_dist_sak && participant->new_key;
}
@@ -1579,11 +1478,6 @@
}
sak = participant->new_key;
- if (!sak) {
- wpa_printf(MSG_DEBUG,
- "KaY: No SAK available to build Distributed SAK parameter set");
- return -1;
- }
body->confid_offset = sak->confidentiality_offset;
body->dan = sak->an;
body->kn = host_to_be32(sak->key_identifier.kn);
@@ -1598,7 +1492,7 @@
os_memcpy(body->sak, &cs, CS_ID_LEN);
sak_pos = CS_ID_LEN;
}
- if (aes_wrap(participant->kek.key, participant->kek.len,
+ if (aes_wrap(participant->kek.key, 16,
cipher_suite_tbl[cs_index].sak_len / 8,
sak->key, body->sak + sak_pos)) {
wpa_printf(MSG_ERROR, "KaY: AES wrap failed");
@@ -1620,7 +1514,6 @@
pkey->receives = TRUE;
os_get_time(&pkey->created_time);
- pkey->next_pn = 1;
pkey->user = 1;
}
@@ -1660,7 +1553,7 @@
}
if (participant->is_key_server) {
wpa_printf(MSG_ERROR,
- "KaY: Reject distributed SAK since I'm a key server");
+ "KaY: I can't accept the distributed SAK as myself is key server ");
return -1;
}
if (!kay->macsec_desired ||
@@ -1689,7 +1582,7 @@
participant->advised_desired = FALSE;
ieee802_1x_cp_connect_authenticated(kay->cp);
ieee802_1x_cp_sm_step(kay->cp);
- wpa_printf(MSG_WARNING, "KaY: The Key server advise no MACsec");
+ wpa_printf(MSG_WARNING, "KaY:The Key server advise no MACsec");
participant->to_use_sak = FALSE;
return 0;
}
@@ -1708,8 +1601,7 @@
if (os_memcmp(sa_key->key_identifier.mi,
participant->current_peer_id.mi, MI_LEN) == 0 &&
sa_key->key_identifier.kn == be_to_host32(body->kn)) {
- wpa_printf(MSG_DEBUG,
- "KaY: SAK has already been installed - do not set it again");
+ wpa_printf(MSG_WARNING, "KaY:The Key has installed");
return 0;
}
}
@@ -1720,10 +1612,7 @@
kay->macsec_csindex = DEFAULT_CS_INDEX;
cs = &cipher_suite_tbl[kay->macsec_csindex];
} else {
- unsigned int idx;
-
- cs = ieee802_1x_kay_get_cipher_suite(participant, body->sak,
- &idx);
+ cs = ieee802_1x_kay_get_cipher_suite(participant, body->sak);
if (!cs) {
wpa_printf(MSG_ERROR,
"KaY: I can't support the Cipher Suite advised by key server");
@@ -1731,7 +1620,7 @@
}
sak_len = cs->sak_len;
wrap_sak = body->sak + CS_ID_LEN;
- kay->macsec_csindex = idx;
+ kay->macsec_csindex = cs->index;
}
unwrap_sak = os_zalloc(sak_len);
@@ -1739,13 +1628,13 @@
wpa_printf(MSG_ERROR, "KaY-%s: Out of memory", __func__);
return -1;
}
- if (aes_unwrap(participant->kek.key, participant->kek.len,
- sak_len >> 3, wrap_sak, unwrap_sak)) {
+ if (aes_unwrap(participant->kek.key, 16, sak_len >> 3, wrap_sak,
+ unwrap_sak)) {
wpa_printf(MSG_ERROR, "KaY: AES unwrap failed");
os_free(unwrap_sak);
return -1;
}
- wpa_hexdump_key(MSG_DEBUG, "\tAES Key Unwrap of SAK.:",
+ wpa_hexdump_key(MSG_DEBUG, "\tAES Key Unwrap of SAK:",
unwrap_sak, sak_len);
sa_key = os_zalloc(sizeof(*sa_key));
@@ -1802,12 +1691,7 @@
{
int length;
- /* Determine if we need space for the ICV Indicator */
- if (mka_alg_tbl[participant->kay->mka_algindex].icv_len !=
- DEFAULT_ICV_LEN)
- length = sizeof(struct ieee802_1x_mka_icv_body);
- else
- length = 0;
+ length = sizeof(struct ieee802_1x_mka_icv_body);
length += mka_alg_tbl[participant->kay->mka_algindex].icv_len;
return MKA_ALIGN_LENGTH(length);
@@ -1826,23 +1710,20 @@
u8 cmac[MAX_ICV_LEN];
length = ieee802_1x_mka_get_icv_length(participant);
- if (mka_alg_tbl[participant->kay->mka_algindex].icv_len !=
- DEFAULT_ICV_LEN) {
- wpa_printf(MSG_DEBUG, "KaY: ICV Indicator");
+ if (length != DEFAULT_ICV_LEN) {
body = wpabuf_put(buf, MKA_HDR_LEN);
body->type = MKA_ICV_INDICATOR;
- length -= MKA_HDR_LEN;
- set_mka_param_body_len(body, length);
+ set_mka_param_body_len(body, length - MKA_HDR_LEN);
}
if (mka_alg_tbl[participant->kay->mka_algindex].icv_hash(
- participant->ick.key, participant->ick.len,
- wpabuf_head(buf), wpabuf_len(buf), cmac)) {
- wpa_printf(MSG_ERROR, "KaY: failed to calculate ICV");
+ participant->ick.key, wpabuf_head(buf), buf->used, cmac)) {
+ wpa_printf(MSG_ERROR, "KaY, omac1_aes_128 failed");
return -1;
}
- wpa_hexdump(MSG_DEBUG, "KaY: ICV", cmac, length);
+ if (length != DEFAULT_ICV_LEN)
+ length -= MKA_HDR_LEN;
os_memcpy(wpabuf_put(buf, length), cmac, length);
return 0;
@@ -1851,12 +1732,12 @@
/**
* ieee802_1x_mka_decode_icv_body -
*/
-static const u8 *
+static u8 *
ieee802_1x_mka_decode_icv_body(struct ieee802_1x_mka_participant *participant,
const u8 *mka_msg, size_t msg_len)
{
- const struct ieee802_1x_mka_hdr *hdr;
- const struct ieee802_1x_mka_icv_body *body;
+ struct ieee802_1x_mka_hdr *hdr;
+ struct ieee802_1x_mka_icv_body *body;
size_t body_len;
size_t left_len;
u8 body_type;
@@ -1864,12 +1745,12 @@
pos = mka_msg;
left_len = msg_len;
- while (left_len > MKA_HDR_LEN + DEFAULT_ICV_LEN) {
- hdr = (const struct ieee802_1x_mka_hdr *) pos;
- body_len = MKA_ALIGN_LENGTH(get_mka_param_body_len(hdr));
+ while (left_len > (MKA_HDR_LEN + DEFAULT_ICV_LEN)) {
+ hdr = (struct ieee802_1x_mka_hdr *) pos;
+ body_len = get_mka_param_body_len(hdr);
body_type = get_mka_param_body_type(hdr);
- if (left_len < body_len + MKA_HDR_LEN)
+ if (left_len < (body_len + MKA_HDR_LEN))
break;
if (body_type != MKA_ICV_INDICATOR) {
@@ -1878,15 +1759,16 @@
continue;
}
- body = (const struct ieee802_1x_mka_icv_body *) pos;
+ body = (struct ieee802_1x_mka_icv_body *)pos;
if (body_len
- < mka_alg_tbl[participant->kay->mka_algindex].icv_len)
+ < mka_alg_tbl[participant->kay->mka_algindex].icv_len) {
return NULL;
+ }
return body->icv;
}
- return mka_msg + msg_len - DEFAULT_ICV_LEN;
+ return (u8 *) (mka_msg + msg_len - DEFAULT_ICV_LEN);
}
@@ -1905,7 +1787,7 @@
body_len = get_mka_param_body_len(hdr);
if (body_len < 28) {
wpa_printf(MSG_ERROR,
- "KaY: MKA Use CAK Packet Body Length (%zu bytes) should be 28 or more octets",
+ "KaY: MKA Use SAK Packet Body Length (%zu bytes) should be 28 or more octets",
body_len);
return -1;
}
@@ -1929,7 +1811,7 @@
body_len = get_mka_param_body_len(hdr);
if (body_len < 5) {
wpa_printf(MSG_ERROR,
- "KaY: MKA Use KMD Packet Body Length (%zu bytes) should be 5 or more octets",
+ "KaY: MKA Use SAK Packet Body Length (%zu bytes) should be 5 or more octets",
body_len);
return -1;
}
@@ -1960,7 +1842,7 @@
static struct mka_param_body_handler mka_body_handler[] = {
- /* Basic parameter set */
+ /* basic parameter set */
{
.body_tx = ieee802_1x_mka_encode_basic_body,
.body_rx = NULL,
@@ -1968,7 +1850,7 @@
.body_present = ieee802_1x_mka_basic_body_present
},
- /* Live Peer List parameter set */
+ /* live peer list parameter set */
{
.body_tx = ieee802_1x_mka_encode_live_peer_body,
.body_rx = ieee802_1x_mka_decode_live_peer_body,
@@ -1976,7 +1858,7 @@
.body_present = ieee802_1x_mka_live_peer_body_present
},
- /* Potential Peer List parameter set */
+ /* potential peer list parameter set */
{
.body_tx = ieee802_1x_mka_encode_potential_peer_body,
.body_rx = ieee802_1x_mka_decode_potential_peer_body,
@@ -1984,7 +1866,7 @@
.body_present = ieee802_1x_mka_potential_peer_body_present
},
- /* MACsec SAK Use parameter set */
+ /* sak use parameter set */
{
.body_tx = ieee802_1x_mka_encode_sak_use_body,
.body_rx = ieee802_1x_mka_decode_sak_use_body,
@@ -1992,7 +1874,7 @@
.body_present = ieee802_1x_mka_sak_use_body_present
},
- /* Distributed SAK parameter set */
+ /* distribute sak parameter set */
{
.body_tx = ieee802_1x_mka_encode_dist_sak_body,
.body_rx = ieee802_1x_mka_decode_dist_sak_body,
@@ -2000,7 +1882,7 @@
.body_present = ieee802_1x_mka_dist_sak_body_present
},
- /* Distribute CAK parameter set */
+ /* distribute cak parameter set */
{
.body_tx = NULL,
.body_rx = ieee802_1x_mka_decode_dist_cak_body,
@@ -2008,7 +1890,7 @@
.body_present = NULL
},
- /* KMD parameter set */
+ /* kmd parameter set */
{
.body_tx = NULL,
.body_rx = ieee802_1x_mka_decode_kmd_body,
@@ -2016,7 +1898,7 @@
.body_present = NULL
},
- /* Announcement parameter set */
+ /* announce parameter set */
{
.body_tx = NULL,
.body_rx = ieee802_1x_mka_decode_announce_body,
@@ -2024,7 +1906,7 @@
.body_present = NULL
},
- /* ICV Indicator parameter set */
+ /* icv parameter set */
{
.body_tx = ieee802_1x_mka_encode_icv_body,
.body_rx = NULL,
@@ -2083,7 +1965,7 @@
*/
if (dl_list_empty(&participant->live_peers)) {
wpa_printf(MSG_ERROR,
- "KaY: Live peers list must not be empty when generating fresh SAK");
+ "KaY: Live peers list must not empty when generating fresh SAK");
return -1;
}
@@ -2097,7 +1979,7 @@
*/
if ((time(NULL) - kay->dist_time) < MKA_LIFE_TIME / 1000) {
wpa_printf(MSG_ERROR,
- "KaY: Life time has not elapsed since prior SAK distributed");
+ "KaY: Life time have not elapsed since prior SAK distributed");
return -1;
}
@@ -2134,17 +2016,14 @@
ctx_offset += sizeof(participant->mi);
os_memcpy(context + ctx_offset, &kay->dist_kn, sizeof(kay->dist_kn));
- if (key_len == 16 || key_len == 32) {
- if (ieee802_1x_sak_aes_cmac(participant->cak.key,
- participant->cak.len,
- context, ctx_len,
- key, key_len)) {
- wpa_printf(MSG_ERROR, "KaY: Failed to generate SAK");
- goto fail;
- }
+ if (key_len == 16) {
+ ieee802_1x_sak_128bits_aes_cmac(participant->cak.key,
+ context, ctx_len, key);
+ } else if (key_len == 32) {
+ ieee802_1x_sak_128bits_aes_cmac(participant->cak.key,
+ context, ctx_len, key);
} else {
- wpa_printf(MSG_ERROR, "KaY: SAK Length(%u) not supported",
- key_len);
+ wpa_printf(MSG_ERROR, "KaY: SAK Length not support");
goto fail;
}
wpa_hexdump_key(MSG_DEBUG, "KaY: generated new SAK", key, key_len);
@@ -2276,7 +2155,7 @@
participant->is_key_server = TRUE;
participant->principal = TRUE;
participant->new_sak = TRUE;
- wpa_printf(MSG_DEBUG, "KaY: I am elected as key server");
+ wpa_printf(MSG_DEBUG, "KaY: I is elected as key server");
participant->to_dist_sak = FALSE;
participant->is_elected = TRUE;
@@ -2284,9 +2163,6 @@
sizeof(kay->key_server_sci));
kay->key_server_priority = kay->actor_priority;
} else if (key_server) {
- wpa_printf(MSG_DEBUG,
- "KaY: Peer %s was elected as the key server",
- mi_txt(key_server->mi));
ieee802_1x_cp_set_electedself(kay->cp, FALSE);
if (!sci_equal(&kay->key_server_sci, &key_server->sci)) {
ieee802_1x_cp_signal_chgdserver(kay->cp);
@@ -2405,19 +2281,11 @@
os_memcpy(ether_hdr->src, participant->kay->actor_sci.addr,
sizeof(ether_hdr->dest));
ether_hdr->ethertype = host_to_be16(ETH_P_EAPOL);
- wpa_printf(MSG_DEBUG, "KaY: Ethernet header: DA=" MACSTR " SA=" MACSTR
- " Ethertype=0x%x",
- MAC2STR(ether_hdr->dest), MAC2STR(ether_hdr->src),
- be_to_host16(ether_hdr->ethertype));
eapol_hdr = wpabuf_put(pbuf, sizeof(*eapol_hdr));
eapol_hdr->version = EAPOL_VERSION;
eapol_hdr->type = IEEE802_1X_TYPE_EAPOL_MKA;
- eapol_hdr->length = host_to_be16(wpabuf_tailroom(pbuf));
- wpa_printf(MSG_DEBUG,
- "KaY: Common EAPOL PDU structure: Protocol Version=%u Packet Type=%u Packet Body Length=%u",
- eapol_hdr->version, eapol_hdr->type,
- be_to_host16(eapol_hdr->length));
+ eapol_hdr->length = host_to_be16(pbuf->size - pbuf->used);
for (i = 0; i < ARRAY_SIZE(mka_body_handler); i++) {
if (mka_body_handler[i].body_present &&
@@ -2430,7 +2298,6 @@
return 0;
}
-
/**
* ieee802_1x_participant_send_mkpdu -
*/
@@ -2443,8 +2310,7 @@
size_t length = 0;
unsigned int i;
- wpa_printf(MSG_DEBUG, "KaY: Encode and send an MKPDU (ifname=%s)",
- kay->if_name);
+ wpa_printf(MSG_DEBUG, "KaY: to enpacket and send the MKPDU");
length += sizeof(struct ieee802_1x_hdr) + sizeof(struct ieee8023_hdr);
for (i = 0; i < ARRAY_SIZE(mka_body_handler); i++) {
if (mka_body_handler[i].body_present &&
@@ -2459,11 +2325,10 @@
}
if (ieee802_1x_kay_encode_mkpdu(participant, buf)) {
- wpa_printf(MSG_ERROR, "KaY: encode mkpdu fail");
+ wpa_printf(MSG_ERROR, "KaY: encode mkpdu fail!");
return -1;
}
- wpa_hexdump_buf(MSG_MSGDUMP, "KaY: Outgoing MKPDU", buf);
l2_packet_send(kay->l2_mka, NULL, 0, wpabuf_head(buf), wpabuf_len(buf));
wpabuf_free(buf);
@@ -2500,8 +2365,6 @@
participant = (struct ieee802_1x_mka_participant *)eloop_ctx;
kay = participant->kay;
- wpa_printf(MSG_DEBUG, "KaY: Participant timer (ifname=%s)",
- kay->if_name);
if (participant->cak_life) {
if (now > participant->cak_life)
goto delete_mka;
@@ -2589,7 +2452,7 @@
}
}
- if (participant->new_sak && participant->is_key_server) {
+ if (participant->new_sak) {
if (!ieee802_1x_kay_generate_new_sak(participant))
participant->to_dist_sak = TRUE;
@@ -2602,7 +2465,7 @@
participant->retry_count++;
}
- eloop_register_timeout(kay->mka_hello_time / 1000, 0,
+ eloop_register_timeout(MKA_HELLO_TIME / 1000, 0,
ieee802_1x_participant_timer,
participant, NULL);
@@ -2651,7 +2514,7 @@
dl_list_add(&psc->sa_list, &psa->list);
wpa_printf(MSG_DEBUG,
- "KaY: Create transmit SA(an: %hhu, next_pn: %u) of SC",
+ "KaY: Create transmit SA(an: %hhu, next_PN: %u) of SC",
an, next_PN);
return psa;
@@ -2694,8 +2557,8 @@
psc->enciphering_sa = FALSE;
dl_list_init(&psc->sa_list);
- wpa_printf(MSG_DEBUG, "KaY: Create transmit SC - SCI: %s",
- sci_txt(&psc->sci));
+ wpa_printf(MSG_DEBUG, "KaY: Create transmit SC");
+ wpa_hexdump(MSG_DEBUG, "SCI: ", (u8 *)sci , sizeof(*sci));
return psc;
}
@@ -2846,7 +2709,7 @@
}
}
if (!latest_sak) {
- wpa_printf(MSG_ERROR, "KaY: lki related sak not found");
+ wpa_printf(MSG_ERROR, "lki related sak not found");
return -1;
}
@@ -2867,9 +2730,7 @@
ieee802_1x_delete_transmit_sa(kay, txsa);
txsa = ieee802_1x_kay_init_transmit_sa(principal->txsc, latest_sak->an,
- latest_sak->next_pn ?
- latest_sak->next_pn : 1,
- latest_sak);
+ 1, latest_sak);
if (!txsa)
return -1;
@@ -2918,12 +2779,12 @@
dl_list_for_each_safe(sa_key, pre_key, &principal->sak_list,
struct data_key, list) {
if (is_ki_equal(&sa_key->key_identifier, ki)) {
- if (principal->new_key == sa_key)
- principal->new_key = NULL;
dl_list_del(&sa_key->list);
ieee802_1x_kay_deinit_data_key(sa_key);
break;
}
+ if (principal->new_key == sa_key)
+ principal->new_key = NULL;
}
return 0;
@@ -3011,8 +2872,7 @@
/**
* ieee802_1x_kay_mkpdu_sanity_check -
- * Sanity checks specified in IEEE Std 802.1X-2010, 11.11.2 (Validation of
- * MKPDUs)
+ * sanity check specified in clause 11.11.2 of IEEE802.1X-2010
*/
static int ieee802_1x_kay_mkpdu_sanity_check(struct ieee802_1x_kay *kay,
const u8 *buf, size_t len)
@@ -3026,49 +2886,34 @@
size_t body_len;
size_t ckn_len;
u8 icv[MAX_ICV_LEN];
- const u8 *msg_icv;
+ u8 *msg_icv;
- /* len > eth+eapol header already verified in kay_l2_receive();
- * likewise, eapol_hdr->length validated there */
eth_hdr = (struct ieee8023_hdr *) buf;
eapol_hdr = (struct ieee802_1x_hdr *) (eth_hdr + 1);
mka_hdr = (struct ieee802_1x_mka_hdr *) (eapol_hdr + 1);
- wpa_printf(MSG_DEBUG, "KaY: Ethernet header: DA=" MACSTR " SA=" MACSTR
- " Ethertype=0x%x",
- MAC2STR(eth_hdr->dest), MAC2STR(eth_hdr->src),
- be_to_host16(eth_hdr->ethertype));
-
- /* the destination address shall not be an individual address */
+ /* destination address should be not individual address */
if (os_memcmp(eth_hdr->dest, pae_group_addr, ETH_ALEN) != 0) {
- wpa_printf(MSG_DEBUG,
+ wpa_printf(MSG_MSGDUMP,
"KaY: ethernet destination address is not PAE group address");
return -1;
}
- wpa_printf(MSG_DEBUG,
- "KaY: Common EAPOL PDU structure: Protocol Version=%u Packet Type=%u Packet Body Length=%u",
- eapol_hdr->version, eapol_hdr->type,
- be_to_host16(eapol_hdr->length));
-
- /* MKPDU shall not be less than 32 octets */
+ /* MKPDU should not be less than 32 octets */
mka_msg_len = be_to_host16(eapol_hdr->length);
if (mka_msg_len < 32) {
- wpa_printf(MSG_DEBUG, "KaY: MKPDU is less than 32 octets");
+ wpa_printf(MSG_MSGDUMP, "KaY: MKPDU is less than 32 octets");
return -1;
}
- /* MKPDU shall be a multiple of 4 octets */
+ /* MKPDU should be a multiple of 4 octets */
if ((mka_msg_len % 4) != 0) {
- wpa_printf(MSG_DEBUG,
+ wpa_printf(MSG_MSGDUMP,
"KaY: MKPDU is not multiple of 4 octets");
return -1;
}
- wpa_hexdump(MSG_MSGDUMP, "KaY: EAPOL-MKA Packet Body (MKPDU)",
- mka_hdr, mka_msg_len);
-
- /* Room for body_len already verified in kay_l2_receive() */
body = (struct ieee802_1x_mka_basic_body *) mka_hdr;
+ ieee802_1x_mka_dump_basic_body(body);
body_len = get_mka_param_body_len(body);
/* EAPOL-MKA body should comprise basic parameter set and ICV */
if (mka_msg_len < MKA_HDR_LEN + body_len + DEFAULT_ICV_LEN) {
@@ -3087,27 +2932,24 @@
ckn_len = body_len -
(sizeof(struct ieee802_1x_mka_basic_body) - MKA_HDR_LEN);
if (ckn_len < 1 || ckn_len > MAX_CKN_LEN) {
- wpa_printf(MSG_WARNING,
+ wpa_printf(MSG_ERROR,
"KaY: Received EAPOL-MKA CKN Length (%zu bytes) is out of range (<= %u bytes)",
ckn_len, MAX_CKN_LEN);
return -1;
}
- ieee802_1x_mka_dump_basic_body(body);
-
/* CKN should be owned by I */
participant = ieee802_1x_kay_get_participant(kay, body->ckn, ckn_len);
if (!participant) {
- wpa_printf(MSG_DEBUG, "KaY: CKN is not included in my CA");
+ wpa_printf(MSG_DEBUG, "CKN is not included in my CA");
return -1;
}
/* algorithm agility check */
if (os_memcmp(body->algo_agility, mka_algo_agility,
sizeof(body->algo_agility)) != 0) {
- wpa_printf(MSG_INFO,
- "KaY: Peer's algorithm agility (%s) not supported",
- algo_agility_txt(body->algo_agility));
+ wpa_printf(MSG_ERROR,
+ "KaY: peer's algorithm agility not supported for me");
return -1;
}
@@ -3117,29 +2959,23 @@
* its size, not the fixed length 16 octets, indicated by the EAPOL
* packet body length.
*/
- if (len < mka_alg_tbl[kay->mka_algindex].icv_len ||
- mka_alg_tbl[kay->mka_algindex].icv_hash(
- participant->ick.key, participant->ick.len,
+ if (mka_alg_tbl[kay->mka_algindex].icv_hash(
+ participant->ick.key,
buf, len - mka_alg_tbl[kay->mka_algindex].icv_len, icv)) {
- wpa_printf(MSG_ERROR, "KaY: Failed to calculate ICV");
+ wpa_printf(MSG_ERROR, "KaY: omac1_aes_128 failed");
return -1;
}
- msg_icv = ieee802_1x_mka_decode_icv_body(participant,
- (const u8 *) mka_hdr,
+ msg_icv = ieee802_1x_mka_decode_icv_body(participant, (u8 *) mka_hdr,
mka_msg_len);
if (!msg_icv) {
- wpa_printf(MSG_WARNING, "KaY: No ICV in MKPDU - ignore it");
+ wpa_printf(MSG_ERROR, "KaY: No ICV");
return -1;
}
- wpa_hexdump(MSG_DEBUG, "KaY: Received ICV",
- msg_icv, mka_alg_tbl[kay->mka_algindex].icv_len);
if (os_memcmp_const(msg_icv, icv,
mka_alg_tbl[kay->mka_algindex].icv_len) != 0) {
- wpa_printf(MSG_WARNING,
+ wpa_printf(MSG_ERROR,
"KaY: Computed ICV is not equal to Received ICV");
- wpa_hexdump(MSG_DEBUG, "KaY: Calculated ICV",
- icv, mka_alg_tbl[kay->mka_algindex].icv_len);
return -1;
}
@@ -3155,19 +2991,13 @@
{
struct ieee802_1x_mka_participant *participant;
struct ieee802_1x_mka_hdr *hdr;
- struct ieee802_1x_kay_peer *peer;
size_t body_len;
size_t left_len;
u8 body_type;
int i;
const u8 *pos;
Boolean handled[256];
- Boolean bad_sak_use = FALSE; /* Error detected while processing SAK Use
- * parameter set */
- Boolean i_in_peerlist, is_in_live_peer, is_in_potential_peer;
- wpa_printf(MSG_DEBUG, "KaY: Decode received MKPDU (ifname=%s)",
- kay->if_name);
if (ieee802_1x_kay_mkpdu_sanity_check(kay, buf, len))
return -1;
@@ -3181,24 +3011,17 @@
/* to skip basic parameter set */
hdr = (struct ieee802_1x_mka_hdr *) pos;
- body_len = MKA_ALIGN_LENGTH(get_mka_param_body_len(hdr));
- if (left_len < body_len + MKA_HDR_LEN)
- return -1;
+ body_len = get_mka_param_body_len(hdr);
pos += body_len + MKA_HDR_LEN;
left_len -= body_len + MKA_HDR_LEN;
/* check i am in the peer's peer list */
- i_in_peerlist = ieee802_1x_mka_i_in_peerlist(participant, pos,
- left_len);
- is_in_live_peer = ieee802_1x_kay_is_in_live_peer(
- participant, participant->current_peer_id.mi);
- wpa_printf(MSG_DEBUG, "KaY: i_in_peerlist=%s is_in_live_peer=%s",
- yes_no(i_in_peerlist), yes_no(is_in_live_peer));
- if (i_in_peerlist && !is_in_live_peer) {
+ if (ieee802_1x_mka_i_in_peerlist(participant, pos, left_len) &&
+ !ieee802_1x_kay_is_in_live_peer(participant,
+ participant->current_peer_id.mi)) {
/* accept the peer as live peer */
- is_in_potential_peer = ieee802_1x_kay_is_in_potential_peer(
- participant, participant->current_peer_id.mi);
- if (is_in_potential_peer) {
+ if (ieee802_1x_kay_is_in_potential_peer(
+ participant, participant->current_peer_id.mi)) {
if (!ieee802_1x_kay_move_live_peer(
participant,
participant->current_peer_id.mi,
@@ -3228,7 +3051,7 @@
pos += body_len + MKA_HDR_LEN,
left_len -= body_len + MKA_HDR_LEN) {
hdr = (struct ieee802_1x_mka_hdr *) pos;
- body_len = MKA_ALIGN_LENGTH(get_mka_param_body_len(hdr));
+ body_len = get_mka_param_body_len(hdr);
body_type = get_mka_param_body_type(hdr);
if (body_type == MKA_ICV_INDICATOR)
@@ -3242,103 +3065,21 @@
return -1;
}
- if (handled[body_type]) {
- wpa_printf(MSG_DEBUG,
- "KaY: Ignore duplicated body type %u",
- body_type);
+ if (handled[body_type])
continue;
- }
handled[body_type] = TRUE;
if (body_type < ARRAY_SIZE(mka_body_handler) &&
mka_body_handler[body_type].body_rx) {
- if (mka_body_handler[body_type].body_rx
- (participant, pos, left_len) != 0) {
- /* Handle parameter set failure */
- if (body_type != MKA_SAK_USE) {
- wpa_printf(MSG_INFO,
- "KaY: Discarding Rx MKPDU: decode of parameter set type (%d) failed",
- body_type);
- return -1;
- }
-
- /* Ideally DIST-SAK should be processed before
- * SAK-USE. Unfortunately IEEE Std 802.1X-2010,
- * 11.11.3 (Encoding MKPDUs) states SAK-USE(3)
- * must always be encoded before DIST-SAK(4).
- * Rather than redesigning mka_body_handler so
- * that it somehow processes DIST-SAK before
- * SAK-USE, just ignore SAK-USE failures if
- * DIST-SAK is also present in this MKPDU. */
- bad_sak_use = TRUE;
- }
+ mka_body_handler[body_type].body_rx
+ (participant, pos, left_len);
} else {
wpa_printf(MSG_ERROR,
- "KaY: The body type %d is not supported in this MKA version %d",
+ "The type %d is not supported in this MKA version %d",
body_type, MKA_VERSION_ID);
}
}
- if (bad_sak_use && !handled[MKA_DISTRIBUTED_SAK]) {
- wpa_printf(MSG_INFO,
- "KaY: Discarding Rx MKPDU: decode of parameter set type (%d) failed",
- MKA_SAK_USE);
- if (!reset_participant_mi(participant))
- wpa_printf(MSG_DEBUG, "KaY: Could not update mi");
- else
- wpa_printf(MSG_DEBUG,
- "KaY: Selected a new random MI: %s",
- mi_txt(participant->mi));
- return -1;
- }
-
- /* Detect missing parameter sets */
- peer = ieee802_1x_kay_get_live_peer(participant,
- participant->current_peer_id.mi);
- if (peer) {
- /* MKPDU is from live peer */
- if (!handled[MKA_SAK_USE]) {
- /* Once a live peer starts sending SAK-USE, it should be
- * sent every time. */
- if (peer->sak_used) {
- wpa_printf(MSG_INFO,
- "KaY: Discarding Rx MKPDU: Live Peer stopped sending SAK-USE");
- return -1;
- }
-
- /* Live peer is probably hung if it hasn't sent SAK-USE
- * after a reasonable number of MKPDUs. Drop the MKPDU,
- * which will eventually force an timeout. */
- if (++peer->missing_sak_use_count >
- MAX_MISSING_SAK_USE) {
- wpa_printf(MSG_INFO,
- "KaY: Discarding Rx MKPDU: Live Peer not sending SAK-USE");
- return -1;
- }
- } else {
- peer->missing_sak_use_count = 0;
-
- /* Only update live peer watchdog after successful
- * decode of all parameter sets */
- peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
- }
- } else {
- /* MKPDU is from new or potential peer */
- peer = ieee802_1x_kay_get_peer(participant,
- participant->current_peer_id.mi);
- if (!peer) {
- wpa_printf(MSG_DEBUG, "KaY: No peer entry found");
- return -1;
- }
-
- /* Do not update potential peer watchdog. Per IEEE Std
- * 802.1X-2010, 9.4.3, potential peers need to show liveness by
- * including our MI/MN in their transmitted MKPDU (within
- * potential or live parameter sets). Whena potential peer does
- * include our MI/MN in an MKPDU, we respond by moving the peer
- * from 'potential_peers' to 'live_peers'. */
- }
-
kay->active = TRUE;
participant->retry_count = 0;
participant->active = TRUE;
@@ -3354,9 +3095,6 @@
struct ieee802_1x_kay *kay = ctx;
struct ieee8023_hdr *eth_hdr;
struct ieee802_1x_hdr *eapol_hdr;
- size_t calc_len;
-
- /* IEEE Std 802.1X-2010, 11.4 (Validation of received EAPOL PDUs) */
/* must contain at least ieee8023_hdr + ieee802_1x_hdr */
if (len < sizeof(*eth_hdr) + sizeof(*eapol_hdr)) {
@@ -3367,21 +3105,13 @@
eth_hdr = (struct ieee8023_hdr *) buf;
eapol_hdr = (struct ieee802_1x_hdr *) (eth_hdr + 1);
- calc_len = sizeof(*eth_hdr) + sizeof(*eapol_hdr) +
- be_to_host16(eapol_hdr->length);
- if (len < calc_len) {
- wpa_printf(MSG_MSGDUMP, "KaY: EAPOL MPDU is invalid: (received len %lu, calculated len %lu, EAPOL length %u)",
+ if (len != sizeof(*eth_hdr) + sizeof(*eapol_hdr) +
+ be_to_host16(eapol_hdr->length)) {
+ wpa_printf(MSG_MSGDUMP, "KAY: EAPOL MPDU is invalid: (%lu-%lu)",
(unsigned long) len,
- (unsigned long) calc_len,
- be_to_host16(eapol_hdr->length));
+ (unsigned long) be_to_host16(eapol_hdr->length));
return;
}
- if (len > calc_len) {
- wpa_hexdump(MSG_DEBUG,
- "KaY: Ignore extra octets following the Packey Body field",
- &buf[calc_len], len - calc_len);
- len = calc_len;
- }
if (eapol_hdr->version < EAPOL_VERSION) {
wpa_printf(MSG_MSGDUMP, "KaY: version %d does not support MKA",
@@ -3390,12 +3120,11 @@
}
if (be_to_host16(eth_hdr->ethertype) != ETH_P_PAE ||
eapol_hdr->type != IEEE802_1X_TYPE_EAPOL_MKA)
- return; /* ignore other EAPOL types silently here */
+ return;
- wpa_hexdump(MSG_DEBUG, "KaY: RX EAPOL-MKA", buf, len);
+ wpa_hexdump(MSG_DEBUG, "RX EAPOL-MKA: ", buf, len);
if (dl_list_empty(&kay->participant_list)) {
- wpa_printf(MSG_ERROR,
- "KaY: No MKA participant instance - ignore EAPOL-MKA");
+ wpa_printf(MSG_ERROR, "KaY: no MKA participant instance");
return;
}
@@ -3408,14 +3137,10 @@
*/
struct ieee802_1x_kay *
ieee802_1x_kay_init(struct ieee802_1x_kay_ctx *ctx, enum macsec_policy policy,
- Boolean macsec_replay_protect, u32 macsec_replay_window,
u16 port, u8 priority, const char *ifname, const u8 *addr)
{
struct ieee802_1x_kay *kay;
- wpa_printf(MSG_DEBUG, "KaY: Initialize - ifname=%s addr=" MACSTR
- " port=%u priority=%u",
- ifname, MAC2STR(addr), port, priority);
kay = os_zalloc(sizeof(*kay));
if (!kay) {
wpa_printf(MSG_ERROR, "KaY-%s: out of memory", __func__);
@@ -3436,8 +3161,6 @@
os_strlcpy(kay->if_name, ifname, IFNAMSIZ);
os_memcpy(kay->actor_sci.addr, addr, ETH_ALEN);
kay->actor_sci.port = host_to_be16(port ? port : 0x0001);
- wpa_printf(MSG_DEBUG, "KaY: Generated SCI: %s",
- sci_txt(&kay->actor_sci));
kay->actor_priority = priority;
/* While actor acts as a key server, shall distribute sakey */
@@ -3464,27 +3187,21 @@
kay->macsec_capable = MACSEC_CAP_NOT_IMPLEMENTED;
kay->macsec_desired = FALSE;
kay->macsec_protect = FALSE;
- kay->macsec_encrypt = FALSE;
kay->macsec_validate = Disabled;
kay->macsec_replay_protect = FALSE;
kay->macsec_replay_window = 0;
kay->macsec_confidentiality = CONFIDENTIALITY_NONE;
- kay->mka_hello_time = MKA_HELLO_TIME;
} else {
kay->macsec_desired = TRUE;
kay->macsec_protect = TRUE;
- if (kay->macsec_capable >= MACSEC_CAP_INTEG_AND_CONF &&
- policy == SHOULD_ENCRYPT) {
- kay->macsec_encrypt = TRUE;
- kay->macsec_confidentiality = CONFIDENTIALITY_OFFSET_0;
- } else { /* SHOULD_SECURE */
- kay->macsec_encrypt = FALSE;
- kay->macsec_confidentiality = CONFIDENTIALITY_NONE;
- }
+ kay->macsec_encrypt = policy == SHOULD_ENCRYPT;
kay->macsec_validate = Strict;
- kay->macsec_replay_protect = macsec_replay_protect;
- kay->macsec_replay_window = macsec_replay_window;
- kay->mka_hello_time = MKA_HELLO_TIME;
+ kay->macsec_replay_protect = FALSE;
+ kay->macsec_replay_window = 0;
+ if (kay->macsec_capable >= MACSEC_CAP_INTEG_AND_CONF)
+ kay->macsec_confidentiality = CONFIDENTIALITY_OFFSET_0;
+ else
+ kay->macsec_confidentiality = CONFIDENTIALITY_NONE;
}
wpa_printf(MSG_DEBUG, "KaY: state machine created");
@@ -3556,19 +3273,6 @@
}
-static const char * mode_txt(enum mka_created_mode mode)
-{
- switch (mode) {
- case PSK:
- return "PSK";
- case EAP_EXCHANGE:
- return "EAP";
- }
-
- return "?";
-}
-
-
/**
* ieee802_1x_kay_create_mka -
*/
@@ -3581,22 +3285,17 @@
struct ieee802_1x_mka_participant *participant;
unsigned int usecs;
- wpa_printf(MSG_DEBUG,
- "KaY: Create MKA (ifname=%s mode=%s authenticator=%s)",
- kay->if_name, mode_txt(mode), yes_no(is_authenticator));
-
if (!kay || !ckn || !cak) {
wpa_printf(MSG_ERROR, "KaY: ckn or cak is null");
return NULL;
}
- if (cak->len != 16 && cak->len != 32) {
- wpa_printf(MSG_ERROR, "KaY: Unexpected CAK length %u",
- (unsigned int) cak->len);
+ if (cak->len != mka_alg_tbl[kay->mka_algindex].cak_len) {
+ wpa_printf(MSG_ERROR, "KaY: CAK length not follow key schema");
return NULL;
}
if (ckn->len > MAX_CKN_LEN) {
- wpa_printf(MSG_ERROR, "KaY: CKN is out of range (>32 bytes)");
+ wpa_printf(MSG_ERROR, "KaY: CKN is out of range(<=32 bytes)");
return NULL;
}
if (!kay->enable) {
@@ -3612,12 +3311,8 @@
participant->ckn.len = ckn->len;
os_memcpy(participant->ckn.name, ckn->name, ckn->len);
- wpa_hexdump(MSG_DEBUG, "KaY: CKN", participant->ckn.name,
- participant->ckn.len);
participant->cak.len = cak->len;
os_memcpy(participant->cak.key, cak->key, cak->len);
- wpa_hexdump_key(MSG_DEBUG, "KaY: CAK", participant->cak.key,
- participant->cak.len);
if (life)
participant->cak_life = life + time(NULL);
@@ -3667,8 +3362,6 @@
if (!reset_participant_mi(participant))
goto fail;
- wpa_printf(MSG_DEBUG, "KaY: Selected random MI: %s",
- mi_txt(participant->mi));
participant->lrx = FALSE;
participant->ltx = FALSE;
@@ -3684,40 +3377,37 @@
secy_cp_control_protect_frames(kay, kay->macsec_protect);
secy_cp_control_replay(kay, kay->macsec_replay_protect,
kay->macsec_replay_window);
- if (secy_create_transmit_sc(kay, participant->txsc))
- goto fail;
+ secy_create_transmit_sc(kay, participant->txsc);
/* to derive KEK from CAK and CKN */
- participant->kek.len = participant->cak.len;
+ participant->kek.len = mka_alg_tbl[kay->mka_algindex].kek_len;
if (mka_alg_tbl[kay->mka_algindex].kek_trfm(participant->cak.key,
- participant->cak.len,
participant->ckn.name,
participant->ckn.len,
- participant->kek.key,
- participant->kek.len)) {
- wpa_printf(MSG_ERROR, "KaY: KEK derivation failed");
+ participant->kek.key)) {
+ wpa_printf(MSG_ERROR, "KaY: Derived KEK failed");
goto fail;
}
wpa_hexdump_key(MSG_DEBUG, "KaY: Derived KEK",
participant->kek.key, participant->kek.len);
/* to derive ICK from CAK and CKN */
- participant->ick.len = participant->cak.len;
+ participant->ick.len = mka_alg_tbl[kay->mka_algindex].ick_len;
if (mka_alg_tbl[kay->mka_algindex].ick_trfm(participant->cak.key,
- participant->cak.len,
participant->ckn.name,
participant->ckn.len,
- participant->ick.key,
- participant->ick.len)) {
- wpa_printf(MSG_ERROR, "KaY: ICK derivation failed");
+ participant->ick.key)) {
+ wpa_printf(MSG_ERROR, "KaY: Derived ICK failed");
goto fail;
}
wpa_hexdump_key(MSG_DEBUG, "KaY: Derived ICK",
participant->ick.key, participant->ick.len);
dl_list_add(&kay->participant_list, &participant->list);
+ wpa_hexdump(MSG_DEBUG, "KaY: Participant created:",
+ ckn->name, ckn->len);
- usecs = os_random() % (kay->mka_hello_time * 1000);
+ usecs = os_random() % (MKA_HELLO_TIME * 1000);
eloop_register_timeout(0, usecs, ieee802_1x_participant_timer,
participant, NULL);
@@ -3735,7 +3425,6 @@
return participant;
fail:
- os_free(participant->txsc);
os_free(participant);
return NULL;
}
@@ -3891,7 +3580,6 @@
#ifdef CONFIG_CTRL_IFACE
-
/**
* ieee802_1x_kay_get_status - Get IEEE 802.1X KaY status details
* @sm: Pointer to KaY allocated with ieee802_1x_kay_init()
@@ -3900,24 +3588,19 @@
* @verbose: Whether to include verbose status information
* Returns: Number of bytes written to buf.
*
- * Query KaY status information. This function fills in a text area with current
+ * Query KAY status information. This function fills in a text area with current
* status information. If the buffer (buf) is not large enough, status
* information will be truncated to fit the buffer.
*/
int ieee802_1x_kay_get_status(struct ieee802_1x_kay *kay, char *buf,
size_t buflen)
{
- char *pos, *end;
- int res, count;
- struct ieee802_1x_mka_participant *p;
+ int len;
if (!kay)
return 0;
- pos = buf;
- end = buf + buflen;
-
- res = os_snprintf(pos, end - pos,
+ len = os_snprintf(buf, buflen,
"PAE KaY status=%s\n"
"Authenticated=%s\n"
"Secured=%s\n"
@@ -3926,8 +3609,7 @@
"Key Server Priority=%u\n"
"Is Key Server=%s\n"
"Number of Keys Distributed=%u\n"
- "Number of Keys Received=%u\n"
- "MKA Hello Time=%u\n",
+ "Number of Keys Received=%u\n",
kay->active ? "Active" : "Not-Active",
kay->authenticated ? "Yes" : "No",
kay->secured ? "Yes" : "No",
@@ -3936,162 +3618,10 @@
kay->key_server_priority,
kay->is_key_server ? "Yes" : "No",
kay->dist_kn - 1,
- kay->rcvd_keys,
- kay->mka_hello_time);
- if (os_snprintf_error(buflen, res))
- return 0;
- pos += res;
-
- res = os_snprintf(pos, end - pos,
- "actor_sci=%s\n", sci_txt(&kay->actor_sci));
- if (os_snprintf_error(buflen, res))
- return end - pos;
- pos += res;
-
- res = os_snprintf(pos, end - pos,
- "key_server_sci=%s\n", sci_txt(&kay->key_server_sci));
- if (os_snprintf_error(buflen, res))
- return end - pos;
- pos += res;
-
- count = 0;
- dl_list_for_each(p, &kay->participant_list,
- struct ieee802_1x_mka_participant, list) {
- char *pos2 = pos;
-
- res = os_snprintf(pos2, end - pos2, "participant_idx=%d\nckn=",
- count);
- if (os_snprintf_error(buflen, res))
- return end - pos;
- pos2 += res;
- count++;
-
- pos2 += wpa_snprintf_hex(pos2, end - pos2, p->ckn.name,
- p->ckn.len);
-
- res = os_snprintf(pos2, end - pos2,
- "\nmi=%s\n"
- "mn=%u\n"
- "active=%s\n"
- "participant=%s\n"
- "retain=%s\n"
- "live_peers=%u\n"
- "potential_peers=%u\n"
- "is_key_server=%s\n"
- "is_elected=%s\n",
- mi_txt(p->mi), p->mn,
- yes_no(p->active),
- yes_no(p->participant),
- yes_no(p->retain),
- dl_list_len(&p->live_peers),
- dl_list_len(&p->potential_peers),
- yes_no(p->is_key_server),
- yes_no(p->is_elected));
- if (os_snprintf_error(buflen, res))
- return end - pos;
- pos2 += res;
- pos = pos2;
- }
-
- return pos - buf;
-}
-
-
-static const char * true_false(Boolean val)
-{
- return val ? "true" : "false";
-}
-
-
-static const char * activate_control_txt(enum activate_ctrl activate)
-{
- switch (activate) {
- case DEFAULT:
- return "default";
- case DISABLED:
- return "disabled";
- case ON_OPER_UP:
- return "onOperUp";
- case ALWAYS:
- return "always";
- }
-
- return "?";
-}
-
-
-static char * mka_mib_peer(struct dl_list *peers, Boolean live, char *buf,
- char *end)
-{
- char *pos = buf;
- struct ieee802_1x_kay_peer *p;
- int res;
-
- dl_list_for_each(p, peers, struct ieee802_1x_kay_peer, list) {
- res = os_snprintf(pos, end - pos,
- "ieee8021XKayMkaPeerListMI=%s\n"
- "ieee8021XKayMkaPeerListMN=%u\n"
- "ieee8021XKayMkaPeerListType=%u\n"
- "ieee8021XKayMkaPeerListSCI=%s\n",
- mi_txt(p->mi),
- p->mn,
- live ? 1 : 2,
- sci_txt(&p->sci));
- if (os_snprintf_error(end - pos, res))
- return pos;
- pos += res;
- }
-
- return pos;
-}
-
-
-int ieee802_1x_kay_get_mib(struct ieee802_1x_kay *kay, char *buf,
- size_t buflen)
-{
- char *pos, *end;
- int res;
- struct ieee802_1x_mka_participant *p;
-
- if (!kay)
+ kay->rcvd_keys);
+ if (os_snprintf_error(buflen, len))
return 0;
- pos = buf;
- end = buf + buflen;
-
- dl_list_for_each(p, &kay->participant_list,
- struct ieee802_1x_mka_participant, list) {
- char *pos2 = pos;
-
- res = os_snprintf(pos2, end - pos2, "ieee8021XKayMkaPartCKN=");
- if (os_snprintf_error(buflen, res))
- return end - pos;
- pos2 += res;
-
- pos2 += wpa_snprintf_hex(pos2, end - pos2, p->ckn.name,
- p->ckn.len);
-
- res = os_snprintf(pos2, end - pos2,
- "\nieee8021XKayMkaPartCached=%s\n"
- "ieee8021XKayMkaPartActive=%s\n"
- "ieee8021XKayMkaPartRetain=%s\n"
- "ieee8021XKayMkaPartActivateControl=%s\n"
- "ieee8021XKayMkaPartPrincipal=%s\n",
- true_false(p->cached),
- true_false(p->active),
- true_false(p->retain),
- activate_control_txt(p->activate),
- true_false(p->principal));
- if (os_snprintf_error(buflen, res))
- return end - pos;
- pos2 += res;
- pos = pos2;
-
- pos = mka_mib_peer(&p->live_peers, TRUE, pos, end);
- pos = mka_mib_peer(&p->potential_peers, FALSE, pos, end);
- }
-
- return pos - buf;
+ return len;
}
-
#endif /* CONFIG_CTRL_IFACE */
diff --git a/src/pae/ieee802_1x_kay.h b/src/pae/ieee802_1x_kay.h
index 3367d3a..b265059 100644
--- a/src/pae/ieee802_1x_kay.h
+++ b/src/pae/ieee802_1x_kay.h
@@ -21,7 +21,6 @@
/* MKA timer, unit: millisecond */
#define MKA_HELLO_TIME 2000
-#define MKA_BOUNDED_HELLO_TIME 500
#define MKA_LIFE_TIME 6000
#define MKA_SAK_RETIRE_TIME 3000
@@ -39,7 +38,7 @@
struct ieee802_1x_mka_sci {
u8 addr[ETH_ALEN];
be16 port;
-} STRUCT_PACKED;
+};
struct mka_key {
u8 key[MAX_KEY_LEN];
@@ -150,7 +149,6 @@
int (*get_receive_lowest_pn)(void *ctx, struct receive_sa *sa);
int (*get_transmit_next_pn)(void *ctx, struct transmit_sa *sa);
int (*set_transmit_next_pn)(void *ctx, struct transmit_sa *sa);
- int (*set_receive_lowest_pn)(void *ctx, struct receive_sa *sa);
int (*create_receive_sc)(void *ctx, struct receive_sc *sc,
enum validate_frames vf,
enum confidentiality_offset co);
@@ -189,7 +187,6 @@
u32 macsec_replay_window;
enum validate_frames macsec_validate;
enum confidentiality_offset macsec_confidentiality;
- u32 mka_hello_time;
u32 ltx_kn;
u8 ltx_an;
@@ -239,7 +236,6 @@
struct ieee802_1x_kay *
ieee802_1x_kay_init(struct ieee802_1x_kay_ctx *ctx, enum macsec_policy policy,
- Boolean macsec_replay_protect, u32 macsec_replay_window,
u16 port, u8 priority, const char *ifname, const u8 *addr);
void ieee802_1x_kay_deinit(struct ieee802_1x_kay *kay);
@@ -275,7 +271,5 @@
int ieee802_1x_kay_enable_new_info(struct ieee802_1x_kay *kay);
int ieee802_1x_kay_get_status(struct ieee802_1x_kay *kay, char *buf,
size_t buflen);
-int ieee802_1x_kay_get_mib(struct ieee802_1x_kay *kay, char *buf,
- size_t buflen);
#endif /* IEEE802_1X_KAY_H */
diff --git a/src/pae/ieee802_1x_kay_i.h b/src/pae/ieee802_1x_kay_i.h
index 1d1589c..bc522d8 100644
--- a/src/pae/ieee802_1x_kay_i.h
+++ b/src/pae/ieee802_1x_kay_i.h
@@ -15,7 +15,7 @@
#define MKA_VERSION_ID 1
-/* IEEE Std 802.1X-2010, 11.11.1, Table 11-7 (MKPDU parameter sets) */
+/* IEEE Std 802.1X-2010, 11.11.1, Table 11-7 */
enum mka_packet_type {
MKA_BASIC_PARAMETER_SET = MKA_VERSION_ID,
MKA_LIVE_PEER_LIST = 1,
@@ -51,7 +51,6 @@
Boolean macsec_desired;
enum macsec_cap macsec_capability;
Boolean sak_used;
- int missing_sak_use_count;
struct dl_list list;
};
@@ -60,24 +59,25 @@
char name[32];
enum macsec_cap capable;
int sak_len; /* unit: byte */
+
+ u32 index;
};
struct mka_alg {
u8 parameter[4];
+ size_t cak_len;
+ size_t kek_len;
+ size_t ick_len;
size_t icv_len;
- int (*cak_trfm)(const u8 *msk, size_t msk_bytes, const u8 *mac1,
- const u8 *mac2, u8 *cak, size_t cak_bytes);
- int (*ckn_trfm)(const u8 *msk, size_t msk_bytes, const u8 *mac1,
- const u8 *mac2, const u8 *sid, size_t sid_len, u8 *ckn);
- int (*kek_trfm)(const u8 *cak, size_t cak_bytes,
- const u8 *ckn, size_t ckn_len,
- u8 *kek, size_t kek_bytes);
- int (*ick_trfm)(const u8 *cak, size_t cak_bytes,
- const u8 *ckn, size_t ckn_len,
- u8 *ick, size_t ick_bytes);
- int (*icv_hash)(const u8 *ick, size_t ick_bytes,
- const u8 *msg, size_t msg_len, u8 *icv);
+ int (*cak_trfm)(const u8 *msk, const u8 *mac1, const u8 *mac2, u8 *cak);
+ int (*ckn_trfm)(const u8 *msk, const u8 *mac1, const u8 *mac2,
+ const u8 *sid, size_t sid_len, u8 *ckn);
+ int (*kek_trfm)(const u8 *cak, const u8 *ckn, size_t ckn_len, u8 *kek);
+ int (*ick_trfm)(const u8 *cak, const u8 *ckn, size_t ckn_len, u8 *ick);
+ int (*icv_hash)(const u8 *ick, const u8 *msg, size_t msg_len, u8 *icv);
+
+ int index; /* index for configuring */
};
#define DEFAULT_MKA_ALG_INDEX 0
@@ -95,7 +95,7 @@
Boolean retain;
enum mka_created_mode mode;
- enum activate_ctrl { DEFAULT, DISABLED, ON_OPER_UP, ALWAYS } activate;
+ enum { DEFAULT, DISABLED, ON_OPER_UP, ALWAYS } activate;
/* used for active participant */
Boolean principal;
@@ -131,10 +131,8 @@
u8 mi[MI_LEN];
u32 mn;
- /* Current peer MI and SCI during MKPDU processing */
struct ieee802_1x_mka_peer_id current_peer_id;
struct ieee802_1x_mka_sci current_peer_sci;
-
time_t cak_life;
time_t mka_life;
Boolean to_dist_sak;
@@ -167,7 +165,7 @@
#endif
/* octet 4 */
u8 length1;
-} STRUCT_PACKED;
+};
#define MKA_HDR_LEN sizeof(struct ieee802_1x_mka_hdr)
@@ -212,9 +210,9 @@
be32 actor_mn;
u8 algo_agility[4];
- /* followed by CAK Name */
+ /* followed by CAK Name*/
u8 ckn[0];
-} STRUCT_PACKED;
+};
/**
* struct ieee802_1x_mka_peer_body - Live Peer List and Potential Peer List
@@ -240,9 +238,9 @@
/* octet 4 */
u8 length1;
- /* followed by Peers */
u8 peer[0];
-} STRUCT_PACKED;
+ /* followed by Peers */
+};
/**
* struct ieee802_1x_mka_sak_use_body - MACsec SAK Use parameter set (Figure
@@ -317,7 +315,7 @@
be32 okn;
/* octet 41 - 44 */
be32 olpn;
-} STRUCT_PACKED;
+};
/**
* struct ieee802_1x_mka_dist_sak_body - Distributed SAK parameter set
@@ -364,7 +362,7 @@
* for other cipher suite: octet 9-16: cipher suite id, octet 17-: SAK
*/
u8 sak[0];
-} STRUCT_PACKED;
+};
/**
* struct ieee802_1x_mka_dist_cak_body - Distributed CAK parameter set (Figure
@@ -400,7 +398,7 @@
/* followed by CAK Name, 29- */
u8 ckn[0];
-} STRUCT_PACKED;
+};
struct ieee802_1x_mka_icv_body {
/* octet 1 */
@@ -420,6 +418,6 @@
/* octet 5 - */
u8 icv[0];
-} STRUCT_PACKED;
+};
#endif /* IEEE802_1X_KAY_I_H */
diff --git a/src/pae/ieee802_1x_key.c b/src/pae/ieee802_1x_key.c
index d63ca7f..9a8d923 100644
--- a/src/pae/ieee802_1x_key.c
+++ b/src/pae/ieee802_1x_key.c
@@ -31,9 +31,8 @@
/* IEEE Std 802.1X-2010, 6.2.1 KDF */
-static int aes_kdf(const u8 *kdk, size_t kdk_bits,
- const char *label, const u8 *context,
- int ctx_bits, int ret_bits, u8 *ret)
+static int aes_kdf_128(const u8 *kdk, const char *label, const u8 *context,
+ int ctx_bits, int ret_bits, u8 *ret)
{
const int h = 128;
const int r = 8;
@@ -41,9 +40,6 @@
int lab_len, ctx_len, ret_len, buf_len;
u8 *buf;
- if (kdk_bits != 128 && kdk_bits != 256)
- return -1;
-
lab_len = os_strlen(label);
ctx_len = (ctx_bits + 7) / 8;
ret_len = ((ret_bits & 0xffff) + 7) / 8;
@@ -64,14 +60,8 @@
WPA_PUT_BE16(&buf[buf_len - 2], ret_bits);
for (i = 0; i < n; i++) {
- int res;
-
buf[0] = (u8) (i + 1);
- if (kdk_bits == 128)
- res = omac1_aes_128(kdk, buf, buf_len, ret);
- else
- res = omac1_aes_256(kdk, buf, buf_len, ret);
- if (res) {
+ if (omac1_aes_128(kdk, buf, buf_len, ret)) {
os_free(buf);
return -1;
}
@@ -82,32 +72,33 @@
}
+/********** AES-CMAC-128 **********/
/**
- * ieee802_1x_cak_aes_cmac
+ * ieee802_1x_cak_128bits_aes_cmac
*
* IEEE Std 802.1X-2010, 6.2.2
* CAK = KDF(Key, Label, mac1 | mac2, CAKlength)
*/
-int ieee802_1x_cak_aes_cmac(const u8 *msk, size_t msk_bytes, const u8 *mac1,
- const u8 *mac2, u8 *cak, size_t cak_bytes)
+int ieee802_1x_cak_128bits_aes_cmac(const u8 *msk, const u8 *mac1,
+ const u8 *mac2, u8 *cak)
{
u8 context[2 * ETH_ALEN];
joint_two_mac(mac1, mac2, context);
- return aes_kdf(msk, 8 * msk_bytes, "IEEE8021 EAP CAK",
- context, sizeof(context) * 8, 8 * cak_bytes, cak);
+ return aes_kdf_128(msk, "IEEE8021 EAP CAK",
+ context, sizeof(context) * 8, 128, cak);
}
/**
- * ieee802_1x_ckn_aes_cmac
+ * ieee802_1x_ckn_128bits_aes_cmac
*
* IEEE Std 802.1X-2010, 6.2.2
* CKN = KDF(Key, Label, ID | mac1 | mac2, CKNlength)
*/
-int ieee802_1x_ckn_aes_cmac(const u8 *msk, size_t msk_bytes, const u8 *mac1,
- const u8 *mac2, const u8 *sid,
- size_t sid_bytes, u8 *ckn)
+int ieee802_1x_ckn_128bits_aes_cmac(const u8 *msk, const u8 *mac1,
+ const u8 *mac2, const u8 *sid,
+ size_t sid_bytes, u8 *ckn)
{
int res;
u8 *context;
@@ -121,21 +112,21 @@
os_memcpy(context, sid, sid_bytes);
joint_two_mac(mac1, mac2, context + sid_bytes);
- res = aes_kdf(msk, 8 * msk_bytes, "IEEE8021 EAP CKN",
- context, ctx_len * 8, 128, ckn);
+ res = aes_kdf_128(msk, "IEEE8021 EAP CKN", context, ctx_len * 8,
+ 128, ckn);
os_free(context);
return res;
}
/**
- * ieee802_1x_kek_aes_cmac
+ * ieee802_1x_kek_128bits_aes_cmac
*
* IEEE Std 802.1X-2010, 9.3.3
* KEK = KDF(Key, Label, Keyid, KEKLength)
*/
-int ieee802_1x_kek_aes_cmac(const u8 *cak, size_t cak_bytes, const u8 *ckn,
- size_t ckn_bytes, u8 *kek, size_t kek_bytes)
+int ieee802_1x_kek_128bits_aes_cmac(const u8 *cak, const u8 *ckn,
+ size_t ckn_bytes, u8 *kek)
{
u8 context[16];
@@ -143,20 +134,19 @@
os_memset(context, 0, sizeof(context));
os_memcpy(context, ckn, (ckn_bytes < 16) ? ckn_bytes : 16);
- return aes_kdf(cak, 8 * cak_bytes, "IEEE8021 KEK",
- context, sizeof(context) * 8,
- 8 * kek_bytes, kek);
+ return aes_kdf_128(cak, "IEEE8021 KEK", context, sizeof(context) * 8,
+ 128, kek);
}
/**
- * ieee802_1x_ick_aes_cmac
+ * ieee802_1x_ick_128bits_aes_cmac
*
* IEEE Std 802.1X-2010, 9.3.3
* ICK = KDF(Key, Label, Keyid, ICKLength)
*/
-int ieee802_1x_ick_aes_cmac(const u8 *cak, size_t cak_bytes, const u8 *ckn,
- size_t ckn_bytes, u8 *ick, size_t ick_bytes)
+int ieee802_1x_ick_128bits_aes_cmac(const u8 *cak, const u8 *ckn,
+ size_t ckn_bytes, u8 *ick)
{
u8 context[16];
@@ -164,32 +154,22 @@
os_memset(context, 0, sizeof(context));
os_memcpy(context, ckn, (ckn_bytes < 16) ? ckn_bytes : 16);
- return aes_kdf(cak, 8 *cak_bytes, "IEEE8021 ICK",
- context, sizeof(context) * 8,
- 8 * ick_bytes, ick);
+ return aes_kdf_128(cak, "IEEE8021 ICK", context, sizeof(context) * 8,
+ 128, ick);
}
/**
- * ieee802_1x_icv_aes_cmac
+ * ieee802_1x_icv_128bits_aes_cmac
*
* IEEE Std 802.1X-2010, 9.4.1
* ICV = AES-CMAC(ICK, M, 128)
*/
-int ieee802_1x_icv_aes_cmac(const u8 *ick, size_t ick_bytes, const u8 *msg,
- size_t msg_bytes, u8 *icv)
+int ieee802_1x_icv_128bits_aes_cmac(const u8 *ick, const u8 *msg,
+ size_t msg_bytes, u8 *icv)
{
- int res;
-
- if (ick_bytes == 16)
- res = omac1_aes_128(ick, msg, msg_bytes, icv);
- else if (ick_bytes == 32)
- res = omac1_aes_256(ick, msg, msg_bytes, icv);
- else
- return -1;
- if (res) {
- wpa_printf(MSG_ERROR,
- "MKA: AES-CMAC failed for ICV calculation");
+ if (omac1_aes_128(ick, msg, msg_bytes, icv)) {
+ wpa_printf(MSG_ERROR, "MKA: omac1_aes_128 failed");
return -1;
}
return 0;
@@ -197,14 +177,13 @@
/**
- * ieee802_1x_sak_aes_cmac
+ * ieee802_1x_sak_128bits_aes_cmac
*
* IEEE Std 802.1X-2010, 9.8.1
* SAK = KDF(Key, Label, KS-nonce | MI-value list | KN, SAKLength)
*/
-int ieee802_1x_sak_aes_cmac(const u8 *cak, size_t cak_bytes, const u8 *ctx,
- size_t ctx_bytes, u8 *sak, size_t sak_bytes)
+int ieee802_1x_sak_128bits_aes_cmac(const u8 *cak, const u8 *ctx,
+ size_t ctx_bytes, u8 *sak)
{
- return aes_kdf(cak, cak_bytes * 8, "IEEE8021 SAK", ctx, ctx_bytes * 8,
- sak_bytes * 8, sak);
+ return aes_kdf_128(cak, "IEEE8021 SAK", ctx, ctx_bytes * 8, 128, sak);
}
diff --git a/src/pae/ieee802_1x_key.h b/src/pae/ieee802_1x_key.h
index 1f9058d..ea318ea 100644
--- a/src/pae/ieee802_1x_key.h
+++ b/src/pae/ieee802_1x_key.h
@@ -9,18 +9,18 @@
#ifndef IEEE802_1X_KEY_H
#define IEEE802_1X_KEY_H
-int ieee802_1x_cak_aes_cmac(const u8 *msk, size_t msk_bytes, const u8 *mac1,
- const u8 *mac2, u8 *cak, size_t cak_bytes);
-int ieee802_1x_ckn_aes_cmac(const u8 *msk, size_t msk_bytes, const u8 *mac1,
- const u8 *mac2, const u8 *sid,
- size_t sid_bytes, u8 *ckn);
-int ieee802_1x_kek_aes_cmac(const u8 *cak, size_t cak_bytes, const u8 *ckn,
- size_t ckn_bytes, u8 *kek, size_t kek_bytes);
-int ieee802_1x_ick_aes_cmac(const u8 *cak, size_t cak_bytes, const u8 *ckn,
- size_t ckn_bytes, u8 *ick, size_t ick_bytes);
-int ieee802_1x_icv_aes_cmac(const u8 *ick, size_t ick_bytes, const u8 *msg,
- size_t msg_bytes, u8 *icv);
-int ieee802_1x_sak_aes_cmac(const u8 *cak, size_t cak_bytes, const u8 *ctx,
- size_t ctx_bytes, u8 *sak, size_t sak_bytes);
+int ieee802_1x_cak_128bits_aes_cmac(const u8 *msk, const u8 *mac1,
+ const u8 *mac2, u8 *cak);
+int ieee802_1x_ckn_128bits_aes_cmac(const u8 *msk, const u8 *mac1,
+ const u8 *mac2, const u8 *sid,
+ size_t sid_bytes, u8 *ckn);
+int ieee802_1x_kek_128bits_aes_cmac(const u8 *cak, const u8 *ckn,
+ size_t ckn_bytes, u8 *kek);
+int ieee802_1x_ick_128bits_aes_cmac(const u8 *cak, const u8 *ckn,
+ size_t ckn_bytes, u8 *ick);
+int ieee802_1x_icv_128bits_aes_cmac(const u8 *ick, const u8 *msg,
+ size_t msg_bytes, u8 *icv);
+int ieee802_1x_sak_128bits_aes_cmac(const u8 *cak, const u8 *ctx,
+ size_t ctx_bytes, u8 *sak);
#endif /* IEEE802_1X_KEY_H */
diff --git a/src/pae/ieee802_1x_secy_ops.c b/src/pae/ieee802_1x_secy_ops.c
index 84ee42b..ab5339b 100644
--- a/src/pae/ieee802_1x_secy_ops.c
+++ b/src/pae/ieee802_1x_secy_ops.c
@@ -187,7 +187,7 @@
ops = kay->ctx;
if (!ops || !ops->get_transmit_next_pn) {
wpa_printf(MSG_ERROR,
- "KaY: secy get_transmit_next_pn operation not supported");
+ "KaY: secy get_receive_lowest_pn operation not supported");
return -1;
}
@@ -208,7 +208,7 @@
ops = kay->ctx;
if (!ops || !ops->set_transmit_next_pn) {
wpa_printf(MSG_ERROR,
- "KaY: secy set_transmit_next_pn operation not supported");
+ "KaY: secy get_receive_lowest_pn operation not supported");
return -1;
}
@@ -216,27 +216,6 @@
}
-int secy_set_receive_lowest_pn(struct ieee802_1x_kay *kay,
- struct receive_sa *rxsa)
-{
- struct ieee802_1x_kay_ctx *ops;
-
- if (!kay || !rxsa) {
- wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
- return -1;
- }
-
- ops = kay->ctx;
- if (!ops || !ops->set_receive_lowest_pn) {
- wpa_printf(MSG_ERROR,
- "KaY: secy set_receive_lowest_pn operation not supported");
- return -1;
- }
-
- return ops->set_receive_lowest_pn(ops->ctx, rxsa);
-}
-
-
int secy_create_receive_sc(struct ieee802_1x_kay *kay, struct receive_sc *rxsc)
{
struct ieee802_1x_kay_ctx *ops;
diff --git a/src/pae/ieee802_1x_secy_ops.h b/src/pae/ieee802_1x_secy_ops.h
index 2d112ba..9fb29c3 100644
--- a/src/pae/ieee802_1x_secy_ops.h
+++ b/src/pae/ieee802_1x_secy_ops.h
@@ -36,8 +36,6 @@
struct transmit_sa *txsa);
int secy_set_transmit_next_pn(struct ieee802_1x_kay *kay,
struct transmit_sa *txsa);
-int secy_set_receive_lowest_pn(struct ieee802_1x_kay *kay,
- struct receive_sa *txsa);
int secy_create_receive_sc(struct ieee802_1x_kay *kay, struct receive_sc *rxsc);
int secy_delete_receive_sc(struct ieee802_1x_kay *kay, struct receive_sc *rxsc);
int secy_create_receive_sa(struct ieee802_1x_kay *kay, struct receive_sa *rxsa);
diff --git a/src/radius/radius_client.c b/src/radius/radius_client.c
index a3db404..a87ee74 100644
--- a/src/radius/radius_client.c
+++ b/src/radius/radius_client.c
@@ -26,12 +26,12 @@
#define RADIUS_CLIENT_MAX_WAIT 120
/**
- * RADIUS_CLIENT_MAX_FAILOVER - RADIUS client maximum retries
+ * RADIUS_CLIENT_MAX_RETRIES - RADIUS client maximum retries
*
- * Maximum number of server failovers before the entry is removed from
+ * Maximum number of retransmit attempts before the entry is removed from
* retransmit list.
*/
-#define RADIUS_CLIENT_MAX_FAILOVER 3
+#define RADIUS_CLIENT_MAX_RETRIES 10
/**
* RADIUS_CLIENT_MAX_ENTRIES - RADIUS client maximum pending messages
@@ -110,16 +110,11 @@
os_time_t next_try;
/**
- * attempts - Number of transmission attempts for one server
+ * attempts - Number of transmission attempts
*/
int attempts;
/**
- * accu_attempts - Number of accumulated attempts
- */
- int accu_attempts;
-
- /**
* next_wait - Next retransmission wait time in seconds
*/
int next_wait;
@@ -372,11 +367,9 @@
size_t prev_num_msgs;
u8 *acct_delay_time;
size_t acct_delay_time_len;
- int num_servers;
if (entry->msg_type == RADIUS_ACCT ||
entry->msg_type == RADIUS_ACCT_INTERIM) {
- num_servers = conf->num_acct_servers;
if (radius->acct_sock < 0)
radius_client_init_acct(radius);
if (radius->acct_sock < 0 && conf->num_acct_servers > 1) {
@@ -393,7 +386,6 @@
conf->acct_server->retransmissions++;
}
} else {
- num_servers = conf->num_auth_servers;
if (radius->auth_sock < 0)
radius_client_init_auth(radius);
if (radius->auth_sock < 0 && conf->num_auth_servers > 1) {
@@ -457,15 +449,7 @@
}
/* retransmit; remove entry if too many attempts */
- if (entry->accu_attempts > RADIUS_CLIENT_MAX_FAILOVER *
- RADIUS_CLIENT_NUM_FAILOVER * num_servers) {
- wpa_printf(MSG_INFO,
- "RADIUS: Removing un-ACKed message due to too many failed retransmit attempts");
- return 1;
- }
-
entry->attempts++;
- entry->accu_attempts++;
hostapd_logger(radius->ctx, entry->addr, HOSTAPD_MODULE_RADIUS,
HOSTAPD_LEVEL_DEBUG, "Resending RADIUS message (id=%d)",
radius_msg_get_hdr(entry->msg)->identifier);
@@ -482,6 +466,10 @@
entry->next_wait *= 2;
if (entry->next_wait > RADIUS_CLIENT_MAX_WAIT)
entry->next_wait = RADIUS_CLIENT_MAX_WAIT;
+ if (entry->attempts >= RADIUS_CLIENT_MAX_RETRIES) {
+ wpa_printf(MSG_INFO, "RADIUS: Removing un-ACKed message due to too many failed retransmit attempts");
+ return 1;
+ }
return 0;
}
@@ -502,30 +490,6 @@
return;
os_get_reltime(&now);
-
- while (entry) {
- if (now.sec >= entry->next_try) {
- s = entry->msg_type == RADIUS_AUTH ? radius->auth_sock :
- radius->acct_sock;
- if (entry->attempts > RADIUS_CLIENT_NUM_FAILOVER ||
- (s < 0 && entry->attempts > 0)) {
- if (entry->msg_type == RADIUS_ACCT ||
- entry->msg_type == RADIUS_ACCT_INTERIM)
- acct_failover++;
- else
- auth_failover++;
- }
- }
- entry = entry->next;
- }
-
- if (auth_failover)
- radius_client_auth_failover(radius);
-
- if (acct_failover)
- radius_client_acct_failover(radius);
-
- entry = radius->msgs;
first = 0;
prev = NULL;
@@ -553,6 +517,17 @@
continue;
}
+ s = entry->msg_type == RADIUS_AUTH ? radius->auth_sock :
+ radius->acct_sock;
+ if (entry->attempts > RADIUS_CLIENT_NUM_FAILOVER ||
+ (s < 0 && entry->attempts > 0)) {
+ if (entry->msg_type == RADIUS_ACCT ||
+ entry->msg_type == RADIUS_ACCT_INTERIM)
+ acct_failover++;
+ else
+ auth_failover++;
+ }
+
if (first == 0 || entry->next_try < first)
first = entry->next_try;
@@ -563,7 +538,6 @@
if (radius->msgs) {
if (first < now.sec)
first = now.sec;
- eloop_cancel_timeout(radius_client_timer, radius, NULL);
eloop_register_timeout(first - now.sec, 0,
radius_client_timer, radius, NULL);
hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
@@ -571,6 +545,12 @@
"retransmit in %ld seconds",
(long int) (first - now.sec));
}
+
+ if (auth_failover)
+ radius_client_auth_failover(radius);
+
+ if (acct_failover)
+ radius_client_acct_failover(radius);
}
@@ -694,10 +674,7 @@
entry->first_try = entry->last_attempt.sec;
entry->next_try = entry->first_try + RADIUS_CLIENT_FIRST_WAIT;
entry->attempts = 1;
- entry->accu_attempts = 1;
entry->next_wait = RADIUS_CLIENT_FIRST_WAIT * 2;
- if (entry->next_wait > RADIUS_CLIENT_MAX_WAIT)
- entry->next_wait = RADIUS_CLIENT_MAX_WAIT;
entry->next = radius->msgs;
radius->msgs = entry;
radius_client_update_timeout(radius);
@@ -736,9 +713,9 @@
*
* The message is added on the retransmission queue and will be retransmitted
* automatically until a response is received or maximum number of retries
- * (RADIUS_CLIENT_MAX_FAILOVER * RADIUS_CLIENT_NUM_FAILOVER) is reached. No
- * such retries are used with RADIUS_ACCT_INTERIM, i.e., such a pending message
- * is removed from the queue automatically on transmission failure.
+ * (RADIUS_CLIENT_MAX_RETRIES) is reached. No such retries are used with
+ * RADIUS_ACCT_INTERIM, i.e., such a pending message is removed from the queue
+ * automatically on transmission failure.
*
* The related device MAC address can be used to identify pending messages that
* can be removed with radius_client_flush_auth().
@@ -1110,13 +1087,14 @@
}
}
- /* Reset retry counters */
- for (entry = radius->msgs; oserv && entry; entry = entry->next) {
+ /* Reset retry counters for the new server */
+ for (entry = radius->msgs; oserv && oserv != nserv && entry;
+ entry = entry->next) {
if ((auth && entry->msg_type != RADIUS_AUTH) ||
(!auth && entry->msg_type != RADIUS_ACCT))
continue;
entry->next_try = entry->first_try + RADIUS_CLIENT_FIRST_WAIT;
- entry->attempts = 1;
+ entry->attempts = 0;
entry->next_wait = RADIUS_CLIENT_FIRST_WAIT * 2;
}
diff --git a/src/radius/radius_server.c b/src/radius/radius_server.c
index aa78cba..e3afc0d 100644
--- a/src/radius/radius_server.c
+++ b/src/radius/radius_server.c
@@ -357,7 +357,6 @@
char *subscr_remediation_url;
u8 subscr_remediation_method;
- char *hs20_sim_provisioning_url;
char *t_c_server_url;
@@ -381,44 +380,6 @@
static void radius_server_session_remove_timeout(void *eloop_ctx,
void *timeout_ctx);
-#ifdef CONFIG_SQLITE
-#ifdef CONFIG_HS20
-
-static int db_table_exists(sqlite3 *db, const char *name)
-{
- char cmd[128];
-
- os_snprintf(cmd, sizeof(cmd), "SELECT 1 FROM %s;", name);
- return sqlite3_exec(db, cmd, NULL, NULL, NULL) == SQLITE_OK;
-}
-
-
-static int db_table_create_sim_provisioning(sqlite3 *db)
-{
- char *err = NULL;
- const char *sql =
- "CREATE TABLE sim_provisioning("
- " mobile_identifier_hash TEXT PRIMARY KEY,"
- " imsi TEXT,"
- " mac_addr TEXT,"
- " eap_method TEXT,"
- " timestamp TEXT"
- ");";
-
- RADIUS_DEBUG("Adding database table for SIM provisioning information");
- if (sqlite3_exec(db, sql, NULL, NULL, &err) != SQLITE_OK) {
- RADIUS_ERROR("SQLite error: %s", err);
- sqlite3_free(err);
- return -1;
- }
-
- return 0;
-}
-
-#endif /* CONFIG_HS20 */
-#endif /* CONFIG_SQLITE */
-
-
void srv_log(struct radius_session *sess, const char *fmt, ...)
PRINTF_FORMAT(2, 3);
@@ -905,117 +866,6 @@
}
-#ifdef CONFIG_HS20
-
-static int radius_server_is_sim_method(struct radius_session *sess)
-{
- const char *name;
-
- name = eap_get_method(sess->eap);
- return name &&
- (os_strcmp(name, "SIM") == 0 ||
- os_strcmp(name, "AKA") == 0 ||
- os_strcmp(name, "AKA'") == 0);
-}
-
-
-static int radius_server_hs20_missing_sim_pps(struct radius_msg *request)
-{
- u8 *buf, *pos, *end, type, sublen;
- size_t len;
-
- buf = NULL;
- for (;;) {
- if (radius_msg_get_attr_ptr(request,
- RADIUS_ATTR_VENDOR_SPECIFIC,
- &buf, &len, buf) < 0)
- return 0;
- if (len < 6)
- continue;
- pos = buf;
- end = buf + len;
- if (WPA_GET_BE32(pos) != RADIUS_VENDOR_ID_WFA)
- continue;
- pos += 4;
-
- type = *pos++;
- sublen = *pos++;
- if (sublen < 2)
- continue; /* invalid length */
- sublen -= 2; /* skip header */
- if (pos + sublen > end)
- continue; /* invalid WFA VSA */
-
- if (type != RADIUS_VENDOR_ATTR_WFA_HS20_STA_VERSION)
- continue;
-
- RADIUS_DUMP("HS2.0 mobile device version", pos, sublen);
- if (sublen < 1 + 2)
- continue;
- if (pos[0] == 0)
- continue; /* Release 1 STA does not support provisioning
-
- */
- /* UpdateIdentifier 0 indicates no PPS MO */
- return WPA_GET_BE16(pos + 1) == 0;
- }
-}
-
-
-#define HS20_MOBILE_ID_HASH_LEN 16
-
-static int radius_server_sim_provisioning_session(struct radius_session *sess,
- const u8 *hash)
-{
-#ifdef CONFIG_SQLITE
- char *sql;
- char addr_txt[ETH_ALEN * 3];
- char hash_txt[2 * HS20_MOBILE_ID_HASH_LEN + 1];
- struct os_time now;
- int res;
- const char *imsi, *eap_method;
-
- if (!sess->server->db ||
- (!db_table_exists(sess->server->db, "sim_provisioning") &&
- db_table_create_sim_provisioning(sess->server->db) < 0))
- return -1;
-
- imsi = eap_get_imsi(sess->eap);
- if (!imsi)
- return -1;
-
- eap_method = eap_get_method(sess->eap);
- if (!eap_method)
- return -1;
-
- os_snprintf(addr_txt, sizeof(addr_txt), MACSTR,
- MAC2STR(sess->mac_addr));
- wpa_snprintf_hex(hash_txt, sizeof(hash_txt), hash,
- HS20_MOBILE_ID_HASH_LEN);
-
- os_get_time(&now);
- sql = sqlite3_mprintf("INSERT INTO sim_provisioning(mobile_identifier_hash,imsi,mac_addr,eap_method,timestamp) VALUES (%Q,%Q,%Q,%Q,%u)",
- hash_txt, imsi, addr_txt, eap_method, now.sec);
- if (!sql)
- return -1;
-
- if (sqlite3_exec(sess->server->db, sql, NULL, NULL, NULL) !=
- SQLITE_OK) {
- RADIUS_ERROR("Failed to add SIM provisioning entry into sqlite database: %s",
- sqlite3_errmsg(sess->server->db));
- res = -1;
- } else {
- res = 0;
- }
- sqlite3_free(sql);
- return res;
-#endif /* CONFIG_SQLITE */
- return -1;
-}
-
-#endif /* CONFIG_HS20 */
-
-
static struct radius_msg *
radius_server_encapsulate_eap(struct radius_server_data *data,
struct radius_client *client,
@@ -1129,48 +979,6 @@
buf, 0)) {
RADIUS_DEBUG("Failed to add WFA-HS20-SubscrRem");
}
- } else if (code == RADIUS_CODE_ACCESS_ACCEPT &&
- data->hs20_sim_provisioning_url &&
- radius_server_is_sim_method(sess) &&
- radius_server_hs20_missing_sim_pps(request)) {
- u8 *buf, *pos, hash[HS20_MOBILE_ID_HASH_LEN];
- size_t prefix_len, url_len;
-
- RADIUS_DEBUG("Device needs HS 2.0 SIM provisioning");
-
- if (os_get_random(hash, HS20_MOBILE_ID_HASH_LEN) < 0) {
- radius_msg_free(msg);
- return NULL;
- }
- RADIUS_DUMP("hotspot2dot0-mobile-identifier-hash",
- hash, HS20_MOBILE_ID_HASH_LEN);
-
- if (radius_server_sim_provisioning_session(sess, hash) < 0) {
- radius_msg_free(msg);
- return NULL;
- }
-
- prefix_len = os_strlen(data->hs20_sim_provisioning_url);
- url_len = prefix_len + 2 * HS20_MOBILE_ID_HASH_LEN;
- buf = os_malloc(1 + url_len + 1);
- if (!buf) {
- radius_msg_free(msg);
- return NULL;
- }
- pos = buf;
- *pos++ = data->subscr_remediation_method;
- os_memcpy(pos, data->hs20_sim_provisioning_url, prefix_len);
- pos += prefix_len;
- wpa_snprintf_hex((char *) pos, 2 * HS20_MOBILE_ID_HASH_LEN + 1,
- hash, HS20_MOBILE_ID_HASH_LEN);
- RADIUS_DEBUG("HS 2.0 subscription remediation URL: %s",
- (char *) &buf[1]);
- if (!radius_msg_add_wfa(
- msg, RADIUS_VENDOR_ATTR_WFA_HS20_SUBSCR_REMEDIATION,
- buf, 1 + url_len)) {
- RADIUS_DEBUG("Failed to add WFA-HS20-SubscrRem");
- }
- os_free(buf);
}
if (code == RADIUS_CODE_ACCESS_ACCEPT && sess->t_c_filtering) {
@@ -2365,9 +2173,6 @@
os_strdup(conf->subscr_remediation_url);
}
data->subscr_remediation_method = conf->subscr_remediation_method;
- if (conf->hs20_sim_provisioning_url)
- data->hs20_sim_provisioning_url =
- os_strdup(conf->hs20_sim_provisioning_url);
if (conf->t_c_server_url)
data->t_c_server_url = os_strdup(conf->t_c_server_url);
@@ -2488,7 +2293,6 @@
os_free(data->dump_msk_file);
#endif /* CONFIG_RADIUS_TEST */
os_free(data->subscr_remediation_url);
- os_free(data->hs20_sim_provisioning_url);
os_free(data->t_c_server_url);
#ifdef CONFIG_SQLITE
diff --git a/src/radius/radius_server.h b/src/radius/radius_server.h
index 53728f9..167bbf5 100644
--- a/src/radius/radius_server.h
+++ b/src/radius/radius_server.h
@@ -233,7 +233,6 @@
char *subscr_remediation_url;
u8 subscr_remediation_method;
- char *hs20_sim_provisioning_url;
char *t_c_server_url;
};
diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
index 345b0c8..14b346a 100644
--- a/src/rsn_supp/tdls.c
+++ b/src/rsn_supp/tdls.c
@@ -2159,11 +2159,11 @@
eloop_register_timeout(lifetime, 0, wpa_tdls_tpk_timeout,
sm, peer);
#ifdef CONFIG_TDLS_TESTING
- if (tdls_testing & TDLS_TESTING_NO_TPK_EXPIRATION) {
- wpa_printf(MSG_DEBUG,
- "TDLS: Testing - disable TPK expiration");
- eloop_cancel_timeout(wpa_tdls_tpk_timeout, sm, peer);
- }
+ if (tdls_testing & TDLS_TESTING_NO_TPK_EXPIRATION) {
+ wpa_printf(MSG_DEBUG, "TDLS: Testing - disable TPK "
+ "expiration");
+ eloop_cancel_timeout(wpa_tdls_tpk_timeout, sm, peer);
+ }
#endif /* CONFIG_TDLS_TESTING */
}
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 9b1f098..72a2d66 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -20,10 +20,8 @@
#include "crypto/sha512.h"
#include "common/ieee802_11_defs.h"
#include "common/ieee802_11_common.h"
-#include "common/ocv.h"
#include "eap_common/eap_defs.h"
#include "eapol_supp/eapol_supp_sm.h"
-#include "drivers/driver.h"
#include "wpa.h"
#include "eloop.h"
#include "preauth.h"
@@ -620,33 +618,6 @@
kde = sm->assoc_wpa_ie;
kde_len = sm->assoc_wpa_ie_len;
-#ifdef CONFIG_OCV
- if (wpa_sm_ocv_enabled(sm)) {
- struct wpa_channel_info ci;
- u8 *pos;
-
- if (wpa_sm_channel_info(sm, &ci) != 0) {
- wpa_printf(MSG_WARNING,
- "Failed to get channel info for OCI element in EAPOL-Key 2/4");
- goto failed;
- }
-
- kde_buf = os_malloc(kde_len + 2 + RSN_SELECTOR_LEN + 3);
- if (!kde_buf) {
- wpa_printf(MSG_WARNING,
- "Failed to allocate memory for KDE with OCI in EAPOL-Key 2/4");
- goto failed;
- }
-
- os_memcpy(kde_buf, kde, kde_len);
- kde = kde_buf;
- pos = kde + kde_len;
- if (ocv_insert_oci_kde(&ci, &pos) < 0)
- goto failed;
- kde_len = pos - kde;
- }
-#endif /* CONFIG_OCV */
-
#ifdef CONFIG_P2P
if (sm->p2p) {
kde_buf = os_malloc(kde_len + 2 + RSN_SELECTOR_LEN + 1);
@@ -1447,26 +1418,6 @@
}
#endif /* CONFIG_P2P */
-#ifdef CONFIG_OCV
- if (wpa_sm_ocv_enabled(sm)) {
- struct wpa_channel_info ci;
-
- if (wpa_sm_channel_info(sm, &ci) != 0) {
- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
- "Failed to get channel info to validate received OCI in EAPOL-Key 3/4");
- return;
- }
-
- if (ocv_verify_tx_params(ie.oci, ie.oci_len, &ci,
- channel_width_to_int(ci.chanwidth),
- ci.seg1_idx) != 0) {
- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "%s",
- ocv_errorstr);
- return;
- }
- }
-#endif /* CONFIG_OCV */
-
if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info,
&sm->ptk) < 0) {
goto failed;
@@ -1560,26 +1511,6 @@
}
maxkeylen = gd->gtk_len = ie.gtk_len - 2;
-#ifdef CONFIG_OCV
- if (wpa_sm_ocv_enabled(sm)) {
- struct wpa_channel_info ci;
-
- if (wpa_sm_channel_info(sm, &ci) != 0) {
- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
- "Failed to get channel info to validate received OCI in EAPOL-Key group msg 1/2");
- return -1;
- }
-
- if (ocv_verify_tx_params(ie.oci, ie.oci_len, &ci,
- channel_width_to_int(ci.chanwidth),
- ci.seg1_idx) != 0) {
- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "%s",
- ocv_errorstr);
- return -1;
- }
- }
-#endif /* CONFIG_OCV */
-
if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
gd->gtk_len, maxkeylen,
&gd->key_rsc_len, &gd->alg))
@@ -1700,17 +1631,11 @@
size_t mic_len, hdrlen, rlen;
struct wpa_eapol_key *reply;
u8 *rbuf, *key_mic;
- size_t kde_len = 0;
-
-#ifdef CONFIG_OCV
- if (wpa_sm_ocv_enabled(sm))
- kde_len = OCV_OCI_KDE_LEN;
-#endif /* CONFIG_OCV */
mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
hdrlen = sizeof(*reply) + mic_len + 2;
rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
- hdrlen + kde_len, &rlen, (void *) &reply);
+ hdrlen, &rlen, (void *) &reply);
if (rbuf == NULL)
return -1;
@@ -1732,27 +1657,7 @@
WPA_REPLAY_COUNTER_LEN);
key_mic = (u8 *) (reply + 1);
- WPA_PUT_BE16(key_mic + mic_len, kde_len); /* Key Data Length */
-
-#ifdef CONFIG_OCV
- if (wpa_sm_ocv_enabled(sm)) {
- struct wpa_channel_info ci;
- u8 *pos;
-
- if (wpa_sm_channel_info(sm, &ci) != 0) {
- wpa_printf(MSG_WARNING,
- "Failed to get channel info for OCI element in EAPOL-Key 2/2");
- os_free(rbuf);
- return -1;
- }
-
- pos = key_mic + mic_len + 2; /* Key Data */
- if (ocv_insert_oci_kde(&ci, &pos) < 0) {
- os_free(rbuf);
- return -1;
- }
- }
-#endif /* CONFIG_OCV */
+ WPA_PUT_BE16(key_mic + mic_len, 0);
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2");
return wpa_eapol_key_send(sm, &sm->ptk, ver, sm->bssid, ETH_P_EAPOL,
@@ -2959,9 +2864,6 @@
case WPA_PARAM_MFP:
sm->mfp = value;
break;
- case WPA_PARAM_OCV:
- sm->ocv = value;
- break;
default:
break;
}
@@ -3036,19 +2938,6 @@
}
-int wpa_sm_ocv_enabled(struct wpa_sm *sm)
-{
- struct wpa_ie_data rsn;
-
- if (!sm->ocv || !sm->ap_rsn_ie)
- return 0;
-
- return wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len,
- &rsn) >= 0 &&
- (rsn.capabilities & WPA_CAPABILITY_OCVC);
-}
-
-
/**
* wpa_sm_set_assoc_wpa_ie_default - Generate own WPA/RSN IE from configuration
* @sm: Pointer to WPA state machine data from wpa_sm_init()
@@ -3928,8 +3817,6 @@
if (sm->mgmt_group_cipher == WPA_CIPHER_AES_128_CMAC)
capab |= WPA_CAPABILITY_MFPC;
#endif /* CONFIG_IEEE80211W */
- if (sm->ocv)
- capab |= WPA_CAPABILITY_OCVC;
wpabuf_put_le16(buf, capab);
/* PMKID Count */
@@ -4064,26 +3951,6 @@
/* TODO: FILS IP Address Assignment */
-#ifdef CONFIG_OCV
- if (wpa_sm_ocv_enabled(sm)) {
- struct wpa_channel_info ci;
- u8 *pos;
-
- if (wpa_sm_channel_info(sm, &ci) != 0) {
- wpa_printf(MSG_WARNING,
- "FILS: Failed to get channel info for OCI element");
- wpabuf_free(buf);
- return NULL;
- }
-
- pos = wpabuf_put(buf, OCV_OCI_EXTENDED_LEN);
- if (ocv_insert_extended_oci(&ci, pos) < 0) {
- wpabuf_free(buf);
- return NULL;
- }
- }
-#endif /* CONFIG_OCV */
-
wpa_hexdump_buf(MSG_DEBUG, "FILS: Association Request plaintext", buf);
*kek = sm->ptk.kek;
@@ -4247,25 +4114,6 @@
goto fail;
}
-#ifdef CONFIG_OCV
- if (wpa_sm_ocv_enabled(sm)) {
- struct wpa_channel_info ci;
-
- if (wpa_sm_channel_info(sm, &ci) != 0) {
- wpa_printf(MSG_WARNING,
- "Failed to get channel info to validate received OCI in FILS (Re)Association Response frame");
- goto fail;
- }
-
- if (ocv_verify_tx_params(elems.oci, elems.oci_len, &ci,
- channel_width_to_int(ci.chanwidth),
- ci.seg1_idx) != 0) {
- wpa_printf(MSG_WARNING, "FILS: %s", ocv_errorstr);
- goto fail;
- }
- }
-#endif /* CONFIG_OCV */
-
/* Key Delivery */
if (!elems.key_delivery) {
wpa_printf(MSG_DEBUG, "FILS: No Key Delivery element");
diff --git a/src/rsn_supp/wpa.h b/src/rsn_supp/wpa.h
index 9eee383..21f4b17 100644
--- a/src/rsn_supp/wpa.h
+++ b/src/rsn_supp/wpa.h
@@ -18,7 +18,6 @@
struct eapol_sm;
struct wpa_config_blob;
struct hostapd_freq_params;
-struct wpa_channel_info;
struct wpa_sm_ctx {
void *ctx; /* pointer to arbitrary upper level context */
@@ -83,7 +82,6 @@
int (*key_mgmt_set_pmk)(void *ctx, const u8 *pmk, size_t pmk_len);
void (*fils_hlp_rx)(void *ctx, const u8 *dst, const u8 *src,
const u8 *pkt, size_t pkt_len);
- int (*channel_info)(void *ctx, struct wpa_channel_info *ci);
};
@@ -97,8 +95,7 @@
WPA_PARAM_KEY_MGMT,
WPA_PARAM_MGMT_GROUP,
WPA_PARAM_RSN_ENABLED,
- WPA_PARAM_MFP,
- WPA_PARAM_OCV
+ WPA_PARAM_MFP
};
struct rsn_supp_config {
@@ -144,7 +141,6 @@
int wpa_sm_get_status(struct wpa_sm *sm, char *buf, size_t buflen,
int verbose);
int wpa_sm_pmf_enabled(struct wpa_sm *sm);
-int wpa_sm_ocv_enabled(struct wpa_sm *sm);
void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise);
@@ -283,11 +279,6 @@
return 0;
}
-static inline int wpa_sm_ocv_enabled(struct wpa_sm *sm)
-{
- return 0;
-}
-
static inline void wpa_sm_key_request(struct wpa_sm *sm, int error,
int pairwise)
{
diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
index 7dcb104..b8d60e3 100644
--- a/src/rsn_supp/wpa_ft.c
+++ b/src/rsn_supp/wpa_ft.c
@@ -14,8 +14,6 @@
#include "crypto/random.h"
#include "common/ieee802_11_defs.h"
#include "common/ieee802_11_common.h"
-#include "common/ocv.h"
-#include "drivers/driver.h"
#include "wpa.h"
#include "wpa_i.h"
@@ -244,8 +242,6 @@
sm->mgmt_group_cipher == WPA_CIPHER_BIP_CMAC_256)
capab |= WPA_CAPABILITY_MFPC;
#endif /* CONFIG_IEEE80211W */
- if (sm->ocv)
- capab |= WPA_CAPABILITY_OCVC;
WPA_PUT_LE16(pos, capab);
pos += 2;
@@ -327,26 +323,6 @@
*pos++ = sm->r0kh_id_len;
os_memcpy(pos, sm->r0kh_id, sm->r0kh_id_len);
pos += sm->r0kh_id_len;
-#ifdef CONFIG_OCV
- if (kck && wpa_sm_ocv_enabled(sm)) {
- /* OCI sub-element in the third FT message */
- struct wpa_channel_info ci;
-
- if (wpa_sm_channel_info(sm, &ci) != 0) {
- wpa_printf(MSG_WARNING,
- "Failed to get channel info for OCI element in FTE");
- os_free(buf);
- return NULL;
- }
-
- *pos++ = FTIE_SUBELEM_OCI;
- *pos++ = OCV_OCI_LEN;
- if (ocv_insert_oci(&ci, &pos) < 0) {
- os_free(buf);
- return NULL;
- }
- }
-#endif /* CONFIG_OCV */
*ftie_len = pos - ftie_len - 1;
if (ric_ies) {
@@ -985,25 +961,6 @@
return -1;
}
-#ifdef CONFIG_OCV
- if (wpa_sm_ocv_enabled(sm)) {
- struct wpa_channel_info ci;
-
- if (wpa_sm_channel_info(sm, &ci) != 0) {
- wpa_printf(MSG_WARNING,
- "Failed to get channel info to validate received OCI in (Re)Assoc Response");
- return -1;
- }
-
- if (ocv_verify_tx_params(parse.oci, parse.oci_len, &ci,
- channel_width_to_int(ci.chanwidth),
- ci.seg1_idx) != 0) {
- wpa_printf(MSG_WARNING, "%s", ocv_errorstr);
- return -1;
- }
- }
-#endif /* CONFIG_OCV */
-
sm->ft_reassoc_completed = 1;
if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
index e1a213b..b94b17a 100644
--- a/src/rsn_supp/wpa_i.h
+++ b/src/rsn_supp/wpa_i.h
@@ -86,7 +86,6 @@
int rsn_enabled; /* Whether RSN is enabled in configuration */
int mfp; /* 0 = disabled, 1 = optional, 2 = mandatory */
- int ocv; /* Operating Channel Validation */
u8 *assoc_wpa_ie; /* Own WPA/RSN IE from (Re)AssocReq */
size_t assoc_wpa_ie_len;
@@ -396,14 +395,6 @@
sm->ctx->fils_hlp_rx(sm->ctx->ctx, dst, src, pkt, pkt_len);
}
-static inline int wpa_sm_channel_info(struct wpa_sm *sm,
- struct wpa_channel_info *ci)
-{
- if (!sm->ctx->channel_info)
- return -1;
- return sm->ctx->channel_info(sm->ctx->ctx, ci);
-}
-
int wpa_eapol_key_send(struct wpa_sm *sm, struct wpa_ptk *ptk,
int ver, const u8 *dest, u16 proto,
diff --git a/src/rsn_supp/wpa_ie.c b/src/rsn_supp/wpa_ie.c
index ae9f4ca..a3410d1 100644
--- a/src/rsn_supp/wpa_ie.c
+++ b/src/rsn_supp/wpa_ie.c
@@ -223,8 +223,6 @@
if (sm->mfp == 2)
capab |= WPA_CAPABILITY_MFPR;
#endif /* CONFIG_IEEE80211W */
- if (sm->ocv)
- capab |= WPA_CAPABILITY_OCVC;
WPA_PUT_LE16(pos, capab);
pos += 2;
@@ -465,17 +463,6 @@
}
#endif /* CONFIG_P2P */
-#ifdef CONFIG_OCV
- if (pos[1] >= RSN_SELECTOR_LEN + 1 &&
- RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_OCI) {
- ie->oci = pos + 2 + RSN_SELECTOR_LEN;
- ie->oci_len = pos[1] - RSN_SELECTOR_LEN;
- wpa_hexdump(MSG_DEBUG, "WPA: OCI KDE in EAPOL-Key",
- pos, pos[1] + 2);
- return 0;
- }
-#endif /* CONFIG_OCV */
-
return 0;
}
diff --git a/src/rsn_supp/wpa_ie.h b/src/rsn_supp/wpa_ie.h
index 9d53973..0e72af5 100644
--- a/src/rsn_supp/wpa_ie.h
+++ b/src/rsn_supp/wpa_ie.h
@@ -53,10 +53,6 @@
const u8 *ip_addr_req;
const u8 *ip_addr_alloc;
#endif /* CONFIG_P2P */
-#ifdef CONFIG_OCV
- const u8 *oci;
- size_t oci_len;
-#endif /* CONFIG_OCV */
};
int wpa_supplicant_parse_ies(const u8 *buf, size_t len,
diff --git a/src/utils/browser.c b/src/utils/browser.c
index ad0b382..9cf6152 100644
--- a/src/utils/browser.c
+++ b/src/utils/browser.c
@@ -166,7 +166,8 @@
g_object_set(G_OBJECT(s), "ssl-strict", FALSE, NULL);
ctx.win = gtk_window_new(GTK_WINDOW_TOPLEVEL);
- gtk_window_set_role(GTK_WINDOW(ctx.win), "Hotspot 2.0 client");
+ gtk_window_set_wmclass(GTK_WINDOW(ctx.win), "Hotspot 2.0 client",
+ "Hotspot 2.0 client");
gtk_window_set_default_size(GTK_WINDOW(ctx.win), 800, 600);
scroll = gtk_scrolled_window_new(NULL, NULL);
diff --git a/src/utils/eloop.c b/src/utils/eloop.c
index bb375be..436bc8c 100644
--- a/src/utils/eloop.c
+++ b/src/utils/eloop.c
@@ -224,25 +224,22 @@
#ifdef CONFIG_ELOOP_KQUEUE
-
-static short event_type_kevent_filter(eloop_event_type type)
-{
- switch (type) {
- case EVENT_TYPE_READ:
- return EVFILT_READ;
- case EVENT_TYPE_WRITE:
- return EVFILT_WRITE;
- default:
- return 0;
- }
-}
-
-
static int eloop_sock_queue(int sock, eloop_event_type type)
{
+ int filter;
struct kevent ke;
- EV_SET(&ke, sock, event_type_kevent_filter(type), EV_ADD, 0, 0, 0);
+ switch (type) {
+ case EVENT_TYPE_READ:
+ filter = EVFILT_READ;
+ break;
+ case EVENT_TYPE_WRITE:
+ filter = EVFILT_WRITE;
+ break;
+ default:
+ filter = 0;
+ }
+ EV_SET(&ke, sock, filter, EV_ADD, 0, 0, 0);
if (kevent(eloop.kqueuefd, &ke, 1, NULL, 0, NULL) == -1) {
wpa_printf(MSG_ERROR, "%s: kevent(ADD) for fd=%d failed: %s",
__func__, sock, strerror(errno));
@@ -250,7 +247,6 @@
}
return 0;
}
-
#endif /* CONFIG_ELOOP_KQUEUE */
@@ -305,7 +301,7 @@
#endif /* CONFIG_ELOOP_POLL */
#if defined(CONFIG_ELOOP_EPOLL) || defined(CONFIG_ELOOP_KQUEUE)
if (new_max_sock >= eloop.max_fd) {
- next = new_max_sock + 16;
+ next = eloop.max_fd == 0 ? 16 : eloop.max_fd * 2;
temp_table = os_realloc_array(eloop.fd_table, next,
sizeof(struct eloop_sock));
if (temp_table == NULL)
@@ -415,8 +411,7 @@
os_memset(&eloop.fd_table[sock], 0, sizeof(struct eloop_sock));
#endif /* CONFIG_ELOOP_EPOLL */
#ifdef CONFIG_ELOOP_KQUEUE
- EV_SET(&ke, sock, event_type_kevent_filter(table->type), EV_DELETE, 0,
- 0, 0);
+ EV_SET(&ke, sock, 0, EV_DELETE, 0, 0, 0);
if (kevent(eloop.kqueuefd, &ke, 1, NULL, 0, NULL) < 0) {
wpa_printf(MSG_ERROR, "%s: kevent(DEL) for fd=%d failed: %s",
__func__, sock, strerror(errno));
diff --git a/src/utils/http_curl.c b/src/utils/http_curl.c
index e62fbf9..58519ea 100644
--- a/src/utils/http_curl.c
+++ b/src/utils/http_curl.c
@@ -31,14 +31,6 @@
#endif /* EAP_TLS_OPENSSL */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-static const unsigned char * ASN1_STRING_get0_data(const ASN1_STRING *x)
-{
- return ASN1_STRING_data((ASN1_STRING *) x);
-}
-#endif /* OpenSSL < 1.1.0 */
-
-
struct http_ctx {
void *ctx;
struct xml_node_ctx *xml;
@@ -454,7 +446,6 @@
#define sk_ASN1_IA5STRING_value(st, i) (ASN1_IA5STRING *) \
sk_value(CHECKED_CAST(_STACK *, const STACK_OF(ASN1_IA5STRING) *, (st)), (i))
#else /* OPENSSL_IS_BORINGSSL */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
#define sk_LogotypeInfo_num(st) SKM_sk_num(LogotypeInfo, (st))
#define sk_LogotypeInfo_value(st, i) SKM_sk_value(LogotypeInfo, (st), (i))
#define sk_LogotypeImage_num(st) SKM_sk_num(LogotypeImage, (st))
@@ -465,13 +456,6 @@
#define sk_HashAlgAndValue_value(st, i) SKM_sk_value(HashAlgAndValue, (st), (i))
#define sk_ASN1_IA5STRING_num(st) SKM_sk_num(ASN1_IA5STRING, (st))
#define sk_ASN1_IA5STRING_value(st, i) SKM_sk_value(ASN1_IA5STRING, (st), (i))
-#else
-DEFINE_STACK_OF(LogotypeInfo)
-DEFINE_STACK_OF(LogotypeImage)
-DEFINE_STACK_OF(LogotypeAudio)
-DEFINE_STACK_OF(HashAlgAndValue)
-DEFINE_STACK_OF(ASN1_IA5STRING)
-#endif
#endif /* OPENSSL_IS_BORINGSSL */
@@ -502,8 +486,7 @@
return;
n->hash_len = ASN1_STRING_length(hash->hashValue);
- n->hash = os_memdup(ASN1_STRING_get0_data(hash->hashValue),
- n->hash_len);
+ n->hash = os_memdup(ASN1_STRING_data(hash->hashValue), n->hash_len);
if (n->hash == NULL) {
os_free(n->alg_oid);
return;
@@ -516,7 +499,7 @@
os_free(n->hash);
return;
}
- os_memcpy(n->uri, ASN1_STRING_get0_data(uri), len);
+ os_memcpy(n->uri, ASN1_STRING_data(uri), len);
n->uri[len] = '\0';
hcert->num_logo++;
@@ -831,9 +814,9 @@
}
wpa_hexdump(MSG_DEBUG, "logotypeExtn",
- ASN1_STRING_get0_data(os), ASN1_STRING_length(os));
+ ASN1_STRING_data(os), ASN1_STRING_length(os));
- data = ASN1_STRING_get0_data(os);
+ data = ASN1_STRING_data(os);
logo = d2i_LogotypeExtn(NULL, &data, ASN1_STRING_length(os));
if (logo == NULL) {
wpa_printf(MSG_INFO, "Failed to parse logotypeExtn");
@@ -1153,7 +1136,7 @@
return 0;
}
- store = SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s));
+ store = SSL_CTX_get_cert_store(s->ctx);
if (ctx->peer_issuer) {
wpa_printf(MSG_DEBUG, "OpenSSL: Add issuer");
debug_dump_cert("OpenSSL: Issuer certificate",
@@ -1289,13 +1272,12 @@
}
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
static SSL_METHOD patch_ssl_method;
static const SSL_METHOD *real_ssl_method;
static int curl_patch_ssl_new(SSL *s)
{
- SSL_CTX *ssl = SSL_get_SSL_CTX(s);
+ SSL_CTX *ssl = s->ctx;
int ret;
ssl->method = real_ssl_method;
@@ -1306,7 +1288,6 @@
return ret;
}
-#endif /* OpenSSL < 1.1.0 */
#endif /* HAVE_OCSP */
@@ -1325,7 +1306,6 @@
SSL_CTX_set_tlsext_status_cb(ssl, ocsp_resp_cb);
SSL_CTX_set_tlsext_status_arg(ssl, ctx);
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
/*
* Use a temporary SSL_METHOD to get a callback on SSL_new()
* from libcurl since there is no proper callback registration
@@ -1335,7 +1315,6 @@
patch_ssl_method.ssl_new = curl_patch_ssl_new;
real_ssl_method = ssl->method;
ssl->method = &patch_ssl_method;
-#endif /* OpenSSL < 1.1.0 */
}
#endif /* HAVE_OCSP */
@@ -1372,7 +1351,7 @@
#ifdef EAP_TLS_OPENSSL
curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, curl_cb_ssl);
curl_easy_setopt(curl, CURLOPT_SSL_CTX_DATA, ctx);
-#if defined(OPENSSL_IS_BORINGSSL) || (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+#ifdef OPENSSL_IS_BORINGSSL
/* For now, using the CURLOPT_SSL_VERIFYSTATUS option only
* with BoringSSL since the OpenSSL specific callback hack to
* enable OCSP is not available with BoringSSL. The OCSP
diff --git a/src/utils/wpa_debug.c b/src/utils/wpa_debug.c
index c437000..a56462b 100644
--- a/src/utils/wpa_debug.c
+++ b/src/utils/wpa_debug.c
@@ -422,12 +422,6 @@
#ifdef CONFIG_ANDROID_LOG
_wpa_hexdump(level, title, buf, len, show);
#else /* CONFIG_ANDROID_LOG */
-#ifdef CONFIG_DEBUG_SYSLOG
- if (wpa_debug_syslog) {
- _wpa_hexdump(level, title, buf, len, show);
- return;
- }
-#endif /* CONFIG_DEBUG_SYSLOG */
wpa_debug_print_timestamp();
#ifdef CONFIG_DEBUG_FILE
if (out_file) {
diff --git a/src/wps/wps_attr_build.c b/src/wps/wps_attr_build.c
index 7dfa95b..770f5e9 100644
--- a/src/wps/wps_attr_build.c
+++ b/src/wps/wps_attr_build.c
@@ -60,8 +60,7 @@
}
wps->dh_privkey = wpabuf_dup(wps->wps->ap_nfc_dh_privkey);
pubkey = wpabuf_dup(wps->wps->ap_nfc_dh_pubkey);
- if (wps->dh_privkey && pubkey)
- wps->dh_ctx = dh5_init_fixed(wps->dh_privkey, pubkey);
+ wps->dh_ctx = dh5_init_fixed(wps->dh_privkey, pubkey);
#endif /* CONFIG_WPS_NFC */
} else {
wpa_printf(MSG_DEBUG, "WPS: Generate new DH keys");
diff --git a/src/wps/wps_validate.c b/src/wps/wps_validate.c
index 5c12bce..267b565 100644
--- a/src/wps/wps_validate.c
+++ b/src/wps/wps_validate.c
@@ -1057,7 +1057,7 @@
}
-static int wps_validate_credential(const u8 *cred[], u16 len[], size_t num,
+static int wps_validate_credential(const u8 *cred[], size_t len[], size_t num,
int mandatory)
{
size_t i;