[wpa_supplicant] Cumulative patch from commit 0c5ededed am: 1a1e642fd6
Change-Id: I41dbbacd6404337ad3482a69b945a1e650b211c1
diff --git a/hostapd/Android.mk b/hostapd/Android.mk
index dff5704..3bde8d5 100644
--- a/hostapd/Android.mk
+++ b/hostapd/Android.mk
@@ -263,6 +263,7 @@
OBJS += src/common/sae.c
NEED_ECC=y
NEED_DH_GROUPS=y
+NEED_HMAC_SHA256_KDF=y
NEED_DRAGONFLY=y
endif
@@ -328,6 +329,10 @@
L_CFLAGS += -DCONFIG_WEP
endif
+ifdef CONFIG_NO_TKIP
+L_CFLAGS += -DCONFIG_NO_TKIP
+endif
+
include $(LOCAL_PATH)/src/drivers/drivers.mk
diff --git a/hostapd/Makefile b/hostapd/Makefile
index 4adf996..9c7fc5c 100644
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
@@ -296,6 +296,7 @@
OBJS += ../src/common/sae.o
NEED_ECC=y
NEED_DH_GROUPS=y
+NEED_HMAC_SHA256_KDF=y
NEED_AP_MLME=y
NEED_DRAGONFLY=y
endif
@@ -1246,6 +1247,10 @@
CFLAGS += -DCONFIG_WEP
endif
+ifdef CONFIG_NO_TKIP
+CFLAGS += -DCONFIG_NO_TKIP
+endif
+
ALL=hostapd hostapd_cli
all: verify_config $(ALL)
diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index 1d8c039..cc1855d 100644
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -4215,6 +4215,8 @@
bss->no_beacon_rsnxe = atoi(pos);
} else if (os_strcmp(buf, "skip_prune_assoc") == 0) {
bss->skip_prune_assoc = atoi(pos);
+ } else if (os_strcmp(buf, "ft_rsnxe_used") == 0) {
+ bss->ft_rsnxe_used = atoi(pos);
#endif /* CONFIG_TESTING_OPTIONS */
#ifdef CONFIG_SAE
} else if (os_strcmp(buf, "sae_password") == 0) {
diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c
index d90b5dc..6e8352f 100644
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
@@ -1477,6 +1477,12 @@
if (hapd->started)
hostapd_setup_sae_pt(hapd->conf);
}
+
+#ifdef CONFIG_TESTING_OPTIONS
+ if (os_strcmp(cmd, "ft_rsnxe_used") == 0)
+ wpa_auth_set_ft_rsnxe_used(hapd->wpa_auth,
+ hapd->conf->ft_rsnxe_used);
+#endif /* CONFIG_TESTING_OPTIONS */
}
return ret;
@@ -2433,6 +2439,7 @@
#endif /* CONFIG_TESTING_OPTIONS */
+#ifdef NEED_AP_MLME
static int hostapd_ctrl_check_freq_params(struct hostapd_freq_params *params)
{
switch (params->bandwidth) {
@@ -2521,6 +2528,7 @@
return 0;
}
+#endif /* NEED_AP_MLME */
static int hostapd_ctrl_iface_chan_switch(struct hostapd_iface *iface,
@@ -3099,6 +3107,34 @@
}
+static int hostapd_ctrl_driver_flags2(struct hostapd_iface *iface, char *buf,
+ size_t buflen)
+{
+ int ret, i;
+ char *pos, *end;
+
+ ret = os_snprintf(buf, buflen, "%016llX:\n",
+ (long long unsigned) iface->drv_flags2);
+ if (os_snprintf_error(buflen, ret))
+ return -1;
+
+ pos = buf + ret;
+ end = buf + buflen;
+
+ for (i = 0; i < 64; i++) {
+ if (iface->drv_flags2 & (1LLU << i)) {
+ ret = os_snprintf(pos, end - pos, "%s\n",
+ driver_flag2_to_string(1LLU << i));
+ if (os_snprintf_error(end - pos, ret))
+ return -1;
+ pos += ret;
+ }
+ }
+
+ return pos - buf;
+}
+
+
static int hostapd_ctrl_iface_acl_del_mac(struct mac_acl_entry **acl, int *num,
const char *txtaddr)
{
@@ -3511,6 +3547,9 @@
} else if (os_strcmp(buf, "DRIVER_FLAGS") == 0) {
reply_len = hostapd_ctrl_driver_flags(hapd->iface, reply,
reply_size);
+ } else if (os_strcmp(buf, "DRIVER_FLAGS2") == 0) {
+ reply_len = hostapd_ctrl_driver_flags2(hapd->iface, reply,
+ reply_size);
} else if (os_strcmp(buf, "TERMINATE") == 0) {
eloop_terminate();
} else if (os_strncmp(buf, "ACCEPT_ACL ", 11) == 0) {
diff --git a/hostapd/defconfig b/hostapd/defconfig
index f630a22..2341765 100644
--- a/hostapd/defconfig
+++ b/hostapd/defconfig
@@ -393,3 +393,10 @@
# release under this optional build parameter. This functionality is subject to
# be completely removed in a future release.
#CONFIG_WEP=y
+
+# Remove all TKIP functionality
+# TKIP is an old cryptographic data confidentiality algorithm that is not
+# considered secure. It should not be used anymore. For now, the default hostapd
+# build includes this to allow mixed mode WPA+WPA2 networks to be enabled, but
+# that functionality is subject to be removed in the future.
+#CONFIG_NO_TKIP=y
diff --git a/hostapd/main.c b/hostapd/main.c
index 85c1fd1..3ce8126 100644
--- a/hostapd/main.c
+++ b/hostapd/main.c
@@ -220,6 +220,7 @@
struct wowlan_triggers *triggs;
iface->drv_flags = capa.flags;
+ iface->drv_flags2 = capa.flags2;
iface->probe_resp_offloads = capa.probe_resp_offloads;
/*
* Use default extended capa values from per-radio information
diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c
index 5bf4502..35a32a1 100644
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@@ -74,8 +74,13 @@
bss->wpa_disable_eapol_key_retries =
DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES;
bss->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
+#ifdef CONFIG_NO_TKIP
+ bss->wpa_pairwise = WPA_CIPHER_CCMP;
+ bss->wpa_group = WPA_CIPHER_CCMP;
+#else /* CONFIG_NO_TKIP */
bss->wpa_pairwise = WPA_CIPHER_TKIP;
bss->wpa_group = WPA_CIPHER_TKIP;
+#endif /* CONFIG_NO_TKIP */
bss->rsn_pairwise = 0;
bss->max_num_sta = MAX_STA_COUNT;
diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
index 2a0bf07..0503400 100644
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -686,6 +686,7 @@
struct wpabuf *igtk_rsc_override;
int no_beacon_rsnxe;
int skip_prune_assoc;
+ int ft_rsnxe_used;
#endif /* CONFIG_TESTING_OPTIONS */
#define MESH_ENABLED BIT(0)
diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
index 559bb87..524a151 100644
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -117,7 +117,7 @@
u8 buf[sizeof(struct ieee80211_mgmt) + 1024];
u8 *p = buf;
u16 reason = WLAN_REASON_UNSPECIFIED;
- u16 status = WLAN_STATUS_SUCCESS;
+ int status = WLAN_STATUS_SUCCESS;
const u8 *p2p_dev_addr = NULL;
if (addr == NULL) {
@@ -606,17 +606,19 @@
wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE &&
elems.owe_dh) {
u8 *npos;
+ u16 ret_status;
npos = owe_assoc_req_process(hapd, sta,
elems.owe_dh, elems.owe_dh_len,
p, sizeof(buf) - (p - buf),
- &status);
+ &ret_status);
+ status = ret_status;
if (npos)
p = npos;
if (!npos &&
status == WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED) {
- hostapd_sta_assoc(hapd, addr, reassoc, status, buf,
+ hostapd_sta_assoc(hapd, addr, reassoc, ret_status, buf,
p - buf);
return 0;
}
@@ -709,7 +711,8 @@
fail:
#ifdef CONFIG_IEEE80211R_AP
- hostapd_sta_assoc(hapd, addr, reassoc, status, buf, p - buf);
+ if (status >= 0)
+ hostapd_sta_assoc(hapd, addr, reassoc, status, buf, p - buf);
#endif /* CONFIG_IEEE80211R_AP */
hostapd_drv_sta_disassoc(hapd, sta->addr, reason);
ap_free_sta(hapd, sta);
diff --git a/src/ap/hostapd.h b/src/ap/hostapd.h
index 439e727..c8f691e 100644
--- a/src/ap/hostapd.h
+++ b/src/ap/hostapd.h
@@ -476,6 +476,7 @@
struct ap_info *ap_hash[STA_HASH_SIZE];
u64 drv_flags;
+ u64 drv_flags2;
/*
* A bitmap of supported protocols for probe response offload. See
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index e54217c..e6aa83d 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -2526,32 +2526,10 @@
(!(sta->flags & WLAN_STA_MFP) || !ap_sta_is_authorized(sta)) &&
!(hapd->conf->mesh & MESH_ENABLED) &&
!(sta->added_unassoc)) {
- /*
- * If a station that is already associated to the AP, is trying
- * to authenticate again, remove the STA entry, in order to make
- * sure the STA PS state gets cleared and configuration gets
- * updated. To handle this, station's added_unassoc flag is
- * cleared once the station has completed association.
- */
- ap_sta_set_authorized(hapd, sta, 0);
- hostapd_drv_sta_remove(hapd, sta->addr);
- sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_AUTH |
- WLAN_STA_AUTHORIZED);
-
- if (hostapd_sta_add(hapd, sta->addr, 0, 0,
- sta->supported_rates,
- sta->supported_rates_len,
- 0, NULL, NULL, NULL, 0,
- sta->flags, 0, 0, 0, 0)) {
- hostapd_logger(hapd, sta->addr,
- HOSTAPD_MODULE_IEEE80211,
- HOSTAPD_LEVEL_NOTICE,
- "Could not add STA to kernel driver");
+ if (ap_sta_re_add(hapd, sta) < 0) {
resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
goto fail;
}
-
- sta->added_unassoc = 1;
}
switch (auth_alg) {
@@ -3126,11 +3104,11 @@
#endif /* CONFIG_OWE */
-static u16 check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta,
+static int check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta,
const u8 *ies, size_t ies_len, int reassoc)
{
struct ieee802_11_elems elems;
- u16 resp;
+ int resp;
const u8 *wpa_ie;
size_t wpa_ie_len;
const u8 *p2p_dev_addr = NULL;
@@ -4097,7 +4075,8 @@
int reassoc, int rssi)
{
u16 capab_info, listen_interval, seq_ctrl, fc;
- u16 resp = WLAN_STATUS_SUCCESS, reply_res;
+ int resp = WLAN_STATUS_SUCCESS;
+ u16 reply_res;
const u8 *pos;
int left, i;
struct sta_info *sta;
@@ -4471,8 +4450,9 @@
}
#endif /* CONFIG_FILS */
- reply_res = send_assoc_resp(hapd, sta, mgmt->sa, resp, reassoc, pos,
- left, rssi, omit_rsnxe);
+ if (resp >= 0)
+ reply_res = send_assoc_resp(hapd, sta, mgmt->sa, resp, reassoc,
+ pos, left, rssi, omit_rsnxe);
os_free(tmp);
/*
diff --git a/src/ap/sta_info.c b/src/ap/sta_info.c
index 903be28..93f1f0c 100644
--- a/src/ap/sta_info.c
+++ b/src/ap/sta_info.c
@@ -1497,3 +1497,33 @@
return eloop_is_timeout_registered(ap_sta_delayed_1x_auth_fail_cb,
hapd, sta);
}
+
+
+int ap_sta_re_add(struct hostapd_data *hapd, struct sta_info *sta)
+{
+ /*
+ * If a station that is already associated to the AP, is trying to
+ * authenticate again, remove the STA entry, in order to make sure the
+ * STA PS state gets cleared and configuration gets updated. To handle
+ * this, station's added_unassoc flag is cleared once the station has
+ * completed association.
+ */
+ ap_sta_set_authorized(hapd, sta, 0);
+ hostapd_drv_sta_remove(hapd, sta->addr);
+ sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_AUTH | WLAN_STA_AUTHORIZED);
+
+ if (hostapd_sta_add(hapd, sta->addr, 0, 0,
+ sta->supported_rates,
+ sta->supported_rates_len,
+ 0, NULL, NULL, NULL, 0,
+ sta->flags, 0, 0, 0, 0)) {
+ hostapd_logger(hapd, sta->addr,
+ HOSTAPD_MODULE_IEEE80211,
+ HOSTAPD_LEVEL_NOTICE,
+ "Could not add STA to kernel driver");
+ return -1;
+ }
+
+ sta->added_unassoc = 1;
+ return 0;
+}
diff --git a/src/ap/sta_info.h b/src/ap/sta_info.h
index 8ff6ac6..308aa29 100644
--- a/src/ap/sta_info.h
+++ b/src/ap/sta_info.h
@@ -358,5 +358,6 @@
struct sta_info *sta);
int ap_sta_pending_delayed_1x_auth_fail_disconnect(struct hostapd_data *hapd,
struct sta_info *sta);
+int ap_sta_re_add(struct hostapd_data *hapd, struct sta_info *sta);
#endif /* STA_INFO_H */
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index e0ffb27..8ecb173 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -1836,7 +1836,7 @@
#ifdef CONFIG_IEEE80211R_AP
wpa_printf(MSG_DEBUG,
"FT: Retry PTK configuration after association");
- wpa_ft_install_ptk(sm);
+ wpa_ft_install_ptk(sm, 1);
/* Using FT protocol, not WPA auth state machine */
sm->ft_completed = 1;
@@ -5459,4 +5459,11 @@
return eloop_register_timeout(0, 0, wpa_rekey_gtk, wpa_auth, NULL);
}
+
+void wpa_auth_set_ft_rsnxe_used(struct wpa_authenticator *wpa_auth, int val)
+{
+ if (wpa_auth)
+ wpa_auth->conf.ft_rsnxe_used = val;
+}
+
#endif /* CONFIG_TESTING_OPTIONS */
diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index 868aaa1..1ea067b 100644
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -238,6 +238,7 @@
unsigned int rsnxe_override_ft_set:1;
unsigned int gtk_rsc_override_set:1;
unsigned int igtk_rsc_override_set:1;
+ int ft_rsnxe_used;
#endif /* CONFIG_TESTING_OPTIONS */
#ifdef CONFIG_P2P
u8 ip_addr_go[4];
@@ -301,6 +302,7 @@
int *bandwidth, int *seg1_idx);
#ifdef CONFIG_IEEE80211R_AP
struct wpa_state_machine * (*add_sta)(void *ctx, const u8 *sta_addr);
+ int (*add_sta_ft)(void *ctx, const u8 *sta_addr);
int (*set_vlan)(void *ctx, const u8 *sta_addr,
struct vlan_description *vlan);
int (*get_vlan)(void *ctx, const u8 *sta_addr,
@@ -440,7 +442,7 @@
u16 auth_transaction, u16 resp,
const u8 *ies, size_t ies_len),
void *ctx);
-u16 wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies,
+int wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies,
size_t ies_len);
int wpa_ft_action_rx(struct wpa_state_machine *sm, const u8 *data, size_t len);
int wpa_ft_rrb_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr,
@@ -521,5 +523,6 @@
void *ctx1, void *ctx2);
int wpa_auth_rekey_gtk(struct wpa_authenticator *wpa_auth);
void wpa_auth_set_ptk_rekey_timer(struct wpa_state_machine *sm);
+void wpa_auth_set_ft_rsnxe_used(struct wpa_authenticator *wpa_auth, int val);
#endif /* WPA_AUTH_H */
diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
index 476a2be..4b17da7 100644
--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
@@ -2647,6 +2647,13 @@
}
rsnxe_used = (auth_alg == WLAN_AUTH_FT) &&
(conf->sae_pwe == 1 || conf->sae_pwe == 2);
+#ifdef CONFIG_TESTING_OPTIONS
+ if (sm->wpa_auth->conf.ft_rsnxe_used) {
+ rsnxe_used = sm->wpa_auth->conf.ft_rsnxe_used == 1;
+ wpa_printf(MSG_DEBUG, "TESTING: FT: Force RSNXE Used %d",
+ rsnxe_used);
+ }
+#endif /* CONFIG_TESTING_OPTIONS */
res = wpa_write_ftie(conf, use_sha384, r0kh_id, r0kh_id_len,
anonce, snonce, pos, end - pos,
subelem, subelem_len, rsnxe_used);
@@ -2747,7 +2754,16 @@
}
-void wpa_ft_install_ptk(struct wpa_state_machine *sm)
+static inline int wpa_auth_add_sta_ft(struct wpa_authenticator *wpa_auth,
+ const u8 *addr)
+{
+ if (!wpa_auth->cb->add_sta_ft)
+ return -1;
+ return wpa_auth->cb->add_sta_ft(wpa_auth->cb_ctx, addr);
+}
+
+
+void wpa_ft_install_ptk(struct wpa_state_machine *sm, int retry)
{
enum wpa_alg alg;
int klen;
@@ -2769,6 +2785,9 @@
return;
}
+ if (!retry)
+ wpa_auth_add_sta_ft(sm->wpa_auth, sm->addr);
+
/* FIX: add STA entry to kernel/driver here? The set_key will fail
* most likely without this.. At the moment, STA entry is added only
* after association has been completed. This function will be called
@@ -3140,7 +3159,7 @@
sm->pairwise = pairwise;
sm->PTK_valid = TRUE;
sm->tk_already_set = FALSE;
- wpa_ft_install_ptk(sm);
+ wpa_ft_install_ptk(sm, 0);
if (wpa_ft_set_vlan(sm->wpa_auth, sm->addr, &vlan) < 0) {
wpa_printf(MSG_DEBUG, "FT: Failed to configure VLAN");
@@ -3235,7 +3254,7 @@
}
-u16 wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies,
+int wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies,
size_t ies_len)
{
struct wpa_ft_ies parse;
@@ -3433,7 +3452,7 @@
!parse.rsnxe) {
wpa_printf(MSG_INFO,
"FT: FTE indicated that STA uses RSNXE, but RSNXE was not included");
- return WLAN_STATUS_UNSPECIFIED_FAILURE;
+ return -1; /* discard request */
}
#ifdef CONFIG_OCV
@@ -4560,7 +4579,6 @@
return -1;
}
status_code = WPA_GET_LE16(pos);
- pos += 2;
wpa_printf(MSG_DEBUG, "FT: FT Packet Type - Response "
"(status_code=%d)", status_code);
@@ -4573,11 +4591,6 @@
return -1;
}
- if (end > pos) {
- wpa_hexdump(MSG_DEBUG, "FT: Ignore extra data in end",
- pos, end - pos);
- }
-
return 0;
}
diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index 7a1ed24..058b34c 100644
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -174,6 +174,7 @@
wpabuf_len(conf->igtk_rsc_override));
wconf->igtk_rsc_override_set = 1;
}
+ wconf->ft_rsnxe_used = conf->ft_rsnxe_used;
#endif /* CONFIG_TESTING_OPTIONS */
#ifdef CONFIG_P2P
os_memcpy(wconf->ip_addr_go, conf->ip_addr_go, 4);
@@ -1038,6 +1039,34 @@
}
+static int hostapd_wpa_auth_add_sta_ft(void *ctx, const u8 *sta_addr)
+{
+ struct hostapd_data *hapd = ctx;
+ struct sta_info *sta;
+
+ sta = ap_get_sta(hapd, sta_addr);
+ if (!sta)
+ return -1;
+
+ if (FULL_AP_CLIENT_STATE_SUPP(hapd->iface->drv_flags) &&
+ (sta->flags & WLAN_STA_MFP) && ap_sta_is_authorized(sta) &&
+ !(hapd->conf->mesh & MESH_ENABLED) && !(sta->added_unassoc)) {
+ /* We could not do this in handle_auth() since there was a
+ * PMF-enabled association for the STA and the new
+ * authentication attempt was not yet fully processed. Now that
+ * we are ready to configure the TK to the driver,
+ * authentication has succeeded and we can clean up the driver
+ * STA entry to avoid issues with any maintained state from the
+ * previous association. */
+ wpa_printf(MSG_DEBUG,
+ "FT: Remove and re-add driver STA entry after successful FT authentication");
+ return ap_sta_re_add(hapd, sta);
+ }
+
+ return 0;
+}
+
+
static int hostapd_wpa_auth_set_vlan(void *ctx, const u8 *sta_addr,
struct vlan_description *vlan)
{
@@ -1399,6 +1428,7 @@
#ifdef CONFIG_IEEE80211R_AP
.send_ft_action = hostapd_wpa_auth_send_ft_action,
.add_sta = hostapd_wpa_auth_add_sta,
+ .add_sta_ft = hostapd_wpa_auth_add_sta_ft,
.add_tspec = hostapd_wpa_auth_add_tspec,
.set_vlan = hostapd_wpa_auth_set_vlan,
.get_vlan = hostapd_wpa_auth_get_vlan,
diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
index bc59d6a..813612e 100644
--- a/src/ap/wpa_auth_i.h
+++ b/src/ap/wpa_auth_i.h
@@ -300,7 +300,7 @@
int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, struct wpa_ptk *ptk);
struct wpa_ft_pmk_cache * wpa_ft_pmk_cache_init(void);
void wpa_ft_pmk_cache_deinit(struct wpa_ft_pmk_cache *cache);
-void wpa_ft_install_ptk(struct wpa_state_machine *sm);
+void wpa_ft_install_ptk(struct wpa_state_machine *sm, int retry);
int wpa_ft_store_pmk_fils(struct wpa_state_machine *sm, const u8 *pmk_r0,
const u8 *pmk_r0_name);
#endif /* CONFIG_IEEE80211R_AP */
diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c
index 2ac1df4..9bcb997 100644
--- a/src/ap/wpa_auth_ie.c
+++ b/src/ap/wpa_auth_ie.c
@@ -851,17 +851,6 @@
"OWE: No Diffie-Hellman Parameter element");
return WPA_INVALID_AKMP;
}
-#ifdef CONFIG_DPP
- if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP && owe_dh) {
- /* Diffie-Hellman Parameter element can be used with DPP as
- * well, so allow this to proceed. */
- } else
-#endif /* CONFIG_DPP */
- if (sm->wpa_key_mgmt != WPA_KEY_MGMT_OWE && owe_dh) {
- wpa_printf(MSG_DEBUG,
- "OWE: Unexpected Diffie-Hellman Parameter element with non-OWE AKM");
- return WPA_INVALID_AKMP;
- }
#endif /* CONFIG_OWE */
#ifdef CONFIG_DPP2
diff --git a/src/ap/wps_hostapd.c b/src/ap/wps_hostapd.c
index 1d77b94..dc8aa8f 100644
--- a/src/ap/wps_hostapd.c
+++ b/src/ap/wps_hostapd.c
@@ -364,6 +364,13 @@
bss->ssid.ssid_set = 1;
}
+#ifdef CONFIG_NO_TKIP
+ if (cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA2PSK |
+ WPS_AUTH_WPA | WPS_AUTH_WPAPSK))
+ bss->wpa = 2;
+ else
+ bss->wpa = 0;
+#else /* CONFIG_NO_TKIP */
if ((cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA2PSK)) &&
(cred->auth_type & (WPS_AUTH_WPA | WPS_AUTH_WPAPSK)))
bss->wpa = 3;
@@ -373,6 +380,7 @@
bss->wpa = 1;
else
bss->wpa = 0;
+#endif /* CONFIG_NO_TKIP */
if (bss->wpa) {
if (cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA))
@@ -387,8 +395,10 @@
else
bss->wpa_pairwise |= WPA_CIPHER_CCMP;
}
+#ifndef CONFIG_NO_TKIP
if (cred->encr_type & WPS_ENCR_TKIP)
bss->wpa_pairwise |= WPA_CIPHER_TKIP;
+#endif /* CONFIG_NO_TKIP */
bss->rsn_pairwise = bss->wpa_pairwise;
bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa,
bss->wpa_pairwise,
@@ -559,6 +569,13 @@
fprintf(nconf, "\n");
}
+#ifdef CONFIG_NO_TKIP
+ if (cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA2PSK |
+ WPS_AUTH_WPA | WPS_AUTH_WPAPSK))
+ wpa = 2;
+ else
+ wpa = 0;
+#else /* CONFIG_NO_TKIP */
if ((cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA2PSK)) &&
(cred->auth_type & (WPS_AUTH_WPA | WPS_AUTH_WPAPSK)))
wpa = 3;
@@ -568,6 +585,7 @@
wpa = 1;
else
wpa = 0;
+#endif /* CONFIG_NO_TKIP */
if (wpa) {
char *prefix;
@@ -611,9 +629,11 @@
prefix = " ";
}
+#ifndef CONFIG_NO_TKIP
if (cred->encr_type & WPS_ENCR_TKIP) {
fprintf(nconf, "%sTKIP", prefix);
}
+#endif /* CONFIG_NO_TKIP */
fprintf(nconf, "\n");
if (cred->key_len >= 8 && cred->key_len < 64) {
@@ -1160,12 +1180,24 @@
wps->encr_types_rsn |= WPS_ENCR_AES;
}
if (conf->rsn_pairwise & WPA_CIPHER_TKIP) {
+#ifdef CONFIG_NO_TKIP
+ wpa_printf(MSG_INFO, "WPS: TKIP not supported");
+ goto fail;
+#else /* CONFIG_NO_TKIP */
wps->encr_types |= WPS_ENCR_TKIP;
wps->encr_types_rsn |= WPS_ENCR_TKIP;
+#endif /* CONFIG_NO_TKIP */
}
}
if (conf->wpa & WPA_PROTO_WPA) {
+#ifdef CONFIG_NO_TKIP
+ if (!(conf->wpa & WPA_PROTO_RSN)) {
+ wpa_printf(MSG_INFO, "WPS: WPA(v1) not supported");
+ goto fail;
+ }
+ conf->wpa &= ~WPA_PROTO_WPA;
+#else /* CONFIG_NO_TKIP */
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK)
wps->auth_types |= WPS_AUTH_WPAPSK;
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X)
@@ -1179,6 +1211,7 @@
wps->encr_types |= WPS_ENCR_TKIP;
wps->encr_types_wpa |= WPS_ENCR_TKIP;
}
+#endif /* CONFIG_NO_TKIP */
}
if (conf->ssid.security_policy == SECURITY_PLAINTEXT) {
@@ -1218,10 +1251,17 @@
wps->ap_encr_type = wps->encr_types;
if (conf->wps_state == WPS_STATE_NOT_CONFIGURED) {
/* Override parameters to enable security by default */
+#ifdef CONFIG_NO_TKIP
+ wps->auth_types = WPS_AUTH_WPA2PSK;
+ wps->encr_types = WPS_ENCR_AES;
+ wps->encr_types_rsn = WPS_ENCR_AES;
+ wps->encr_types_wpa = WPS_ENCR_AES;
+#else /* CONFIG_NO_TKIP */
wps->auth_types = WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK;
wps->encr_types = WPS_ENCR_AES | WPS_ENCR_TKIP;
wps->encr_types_rsn = WPS_ENCR_AES | WPS_ENCR_TKIP;
wps->encr_types_wpa = WPS_ENCR_AES | WPS_ENCR_TKIP;
+#endif /* CONFIG_NO_TKIP */
}
if ((hapd->conf->multi_ap & FRONTHAUL_BSS) &&
@@ -1801,8 +1841,10 @@
if (os_strncmp(auth, "OPEN", 4) == 0)
cred.auth_type = WPS_AUTH_OPEN;
+#ifndef CONFIG_NO_TKIP
else if (os_strncmp(auth, "WPAPSK", 6) == 0)
cred.auth_type = WPS_AUTH_WPAPSK;
+#endif /* CONFIG_NO_TKIP */
else if (os_strncmp(auth, "WPA2PSK", 7) == 0)
cred.auth_type = WPS_AUTH_WPA2PSK;
else
@@ -1811,8 +1853,10 @@
if (encr) {
if (os_strncmp(encr, "NONE", 4) == 0)
cred.encr_type = WPS_ENCR_NONE;
+#ifndef CONFIG_NO_TKIP
else if (os_strncmp(encr, "TKIP", 4) == 0)
cred.encr_type = WPS_ENCR_TKIP;
+#endif /* CONFIG_NO_TKIP */
else if (os_strncmp(encr, "CCMP", 4) == 0)
cred.encr_type = WPS_ENCR_AES;
else
diff --git a/src/common/dpp.c b/src/common/dpp.c
index d8690ad..b33ab15 100644
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -74,12 +74,14 @@
}
+#ifdef CONFIG_DPP2
static EC_KEY * EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
{
if (pkey->type != EVP_PKEY_EC)
return NULL;
return pkey->pkey.ec;
}
+#endif /* CONFIG_DPP2 */
#endif
@@ -3952,6 +3954,14 @@
dpp_auth_fail(auth,
"Missing Initiator Bootstrapping Key Hash attribute");
return NULL;
+ } else if (auth->own_bi &&
+ auth->own_bi->type == DPP_BOOTSTRAP_NFC_URI &&
+ auth->own_bi->nfc_negotiated) {
+ /* NFC negotiated connection handover bootstrapping mandates
+ * use of mutual authentication */
+ dpp_auth_fail(auth,
+ "Missing Initiator Bootstrapping Key Hash attribute");
+ return NULL;
}
auth->peer_version = 1; /* default to the first version */
@@ -6730,7 +6740,7 @@
conf->connector = os_strdup(signed_connector);
dpp_copy_csign(conf, csign_pub);
- if (dpp_akm_dpp(conf->akm))
+ if (dpp_akm_dpp(conf->akm) || auth->peer_version >= 2)
dpp_copy_netaccesskey(auth, conf);
ret = 0;
diff --git a/src/common/dpp.h b/src/common/dpp.h
index ab3f927..585d398 100644
--- a/src/common/dpp.h
+++ b/src/common/dpp.h
@@ -138,6 +138,8 @@
const struct dpp_curve_params *curve;
unsigned int pkex_t; /* number of failures before dpp_pkex
* instantiation */
+ int nfc_negotiated; /* whether this has been used in NFC negotiated
+ * connection handover */
char *configurator_params;
};
diff --git a/src/common/qca-vendor.h b/src/common/qca-vendor.h
index 8ef666d..3fa38c9 100644
--- a/src/common/qca-vendor.h
+++ b/src/common/qca-vendor.h
@@ -5469,8 +5469,12 @@
* QCA_WLAN_VENDOR_SPECTRAL_SCAN_MODE_AGILE
* Center frequency (in MHz) of the span of interest or
* for convenience, center frequency (in MHz) of any channel
- * in the span of interest. If agile spectral scan is initiated
- * without setting a valid frequency it returns the error code
+ * in the span of interest. For 80+80 MHz agile spectral scan
+ * request it represents center frequency (in MHz) of the primary
+ * 80 MHz span or for convenience, center frequency (in MHz) of any
+ * channel in the primary 80 MHz span. If agile spectral scan is
+ * initiated without setting a valid frequency it returns the
+ * error code
* (QCA_WLAN_VENDOR_SPECTRAL_SCAN_ERR_PARAM_NOT_INITIALIZED).
* u32 attribute.
*/
@@ -5497,6 +5501,20 @@
* 1-enable, 0-disable
*/
QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_DMA_BUFFER_DEBUG = 28,
+ /* This specifies the frequency span over which spectral scan would be
+ * carried out. Its value depends on the value of
+ * QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_MODE and the relation is as
+ * follows.
+ * QCA_WLAN_VENDOR_SPECTRAL_SCAN_MODE_NORMAL
+ * Not applicable. Spectral scan would happen in the operating span.
+ * QCA_WLAN_VENDOR_SPECTRAL_SCAN_MODE_AGILE
+ * This attribute is applicable only for agile spectral scan
+ * requests in 80+80 MHz mode. It represents center frequency (in
+ * MHz) of the secondary 80 MHz span or for convenience, center
+ * frequency (in MHz) of any channel in the secondary 80 MHz span.
+ * u32 attribute.
+ */
+ QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_FREQUENCY_2 = 29,
QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_AFTER_LAST,
QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_MAX =
@@ -5587,6 +5605,26 @@
* for 80+80 MHz mode.
*/
QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_AGILE_SPECTRAL_80_80 = 13,
+ /* Number of spectral detectors used for scan in 20 MHz.
+ * u32 attribute.
+ */
+ QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_NUM_DETECTORS_20_MHZ = 14,
+ /* Number of spectral detectors used for scan in 40 MHz.
+ * u32 attribute.
+ */
+ QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_NUM_DETECTORS_40_MHZ = 15,
+ /* Number of spectral detectors used for scan in 80 MHz.
+ * u32 attribute.
+ */
+ QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_NUM_DETECTORS_80_MHZ = 16,
+ /* Number of spectral detectors used for scan in 160 MHz.
+ * u32 attribute.
+ */
+ QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_NUM_DETECTORS_160_MHZ = 17,
+ /* Number of spectral detectors used for scan in 80+80 MHz.
+ * u32 attribute.
+ */
+ QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_NUM_DETECTORS_80P80_MHZ = 18,
QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_AFTER_LAST,
QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_MAX =
diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c
index 1284743..46b647b 100644
--- a/src/common/wpa_common.c
+++ b/src/common/wpa_common.c
@@ -2319,11 +2319,18 @@
int wpa_cipher_valid_pairwise(int cipher)
{
+#ifdef CONFIG_NO_TKIP
+ return cipher == WPA_CIPHER_CCMP_256 ||
+ cipher == WPA_CIPHER_GCMP_256 ||
+ cipher == WPA_CIPHER_CCMP ||
+ cipher == WPA_CIPHER_GCMP;
+#else /* CONFIG_NO_TKIP */
return cipher == WPA_CIPHER_CCMP_256 ||
cipher == WPA_CIPHER_GCMP_256 ||
cipher == WPA_CIPHER_CCMP ||
cipher == WPA_CIPHER_GCMP ||
cipher == WPA_CIPHER_TKIP;
+#endif /* CONFIG_NO_TKIP */
}
@@ -2476,8 +2483,10 @@
val |= WPA_CIPHER_CCMP;
else if (os_strcmp(start, "GCMP") == 0)
val |= WPA_CIPHER_GCMP;
+#ifndef CONFIG_NO_TKIP
else if (os_strcmp(start, "TKIP") == 0)
val |= WPA_CIPHER_TKIP;
+#endif /* CONFIG_NO_TKIP */
#ifdef CONFIG_WEP
else if (os_strcmp(start, "WEP104") == 0)
val |= WPA_CIPHER_WEP104;
diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
index da58159..c0ef689 100644
--- a/src/common/wpa_common.h
+++ b/src/common/wpa_common.h
@@ -22,6 +22,15 @@
#define OWE_DH_GROUP 19
+#ifdef CONFIG_NO_TKIP
+#define WPA_ALLOWED_PAIRWISE_CIPHERS \
+(WPA_CIPHER_CCMP | WPA_CIPHER_GCMP | WPA_CIPHER_NONE | \
+WPA_CIPHER_GCMP_256 | WPA_CIPHER_CCMP_256)
+#define WPA_ALLOWED_GROUP_CIPHERS \
+(WPA_CIPHER_CCMP | WPA_CIPHER_GCMP | \
+WPA_CIPHER_GCMP_256 | WPA_CIPHER_CCMP_256 | \
+WPA_CIPHER_GTK_NOT_USED)
+#else /* CONFIG_NO_TKIP */
#define WPA_ALLOWED_PAIRWISE_CIPHERS \
(WPA_CIPHER_CCMP | WPA_CIPHER_GCMP | WPA_CIPHER_TKIP | WPA_CIPHER_NONE | \
WPA_CIPHER_GCMP_256 | WPA_CIPHER_CCMP_256)
@@ -29,6 +38,7 @@
(WPA_CIPHER_CCMP | WPA_CIPHER_GCMP | WPA_CIPHER_TKIP | \
WPA_CIPHER_GCMP_256 | WPA_CIPHER_CCMP_256 | \
WPA_CIPHER_GTK_NOT_USED)
+#endif /* CONFIG_NO_TKIP */
#define WPA_ALLOWED_GROUP_MGMT_CIPHERS \
(WPA_CIPHER_AES_128_CMAC | WPA_CIPHER_BIP_GMAC_128 | WPA_CIPHER_BIP_GMAC_256 | \
WPA_CIPHER_BIP_CMAC_256)
diff --git a/src/drivers/driver.h b/src/drivers/driver.h
index 032bbd8..c624c29 100644
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -1838,7 +1838,7 @@
#define WPA_DRIVER_FLAGS_FTM_RESPONDER 0x0100000000000000ULL
/** Driver support 4-way handshake offload for WPA-Personal */
#define WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK 0x0200000000000000ULL
-/** Driver supports a separate control port for EAPOL frames */
+/** Driver supports a separate control port TX for EAPOL frames */
#define WPA_DRIVER_FLAGS_CONTROL_PORT 0x0400000000000000ULL
/** Driver supports VLAN offload */
#define WPA_DRIVER_FLAGS_VLAN_OFFLOAD 0x0800000000000000ULL
@@ -1852,6 +1852,10 @@
#define WPA_DRIVER_FLAGS_EXTENDED_KEY_ID 0x8000000000000000ULL
u64 flags;
+/** Driver supports a separate control port RX for EAPOL frames */
+#define WPA_DRIVER_FLAGS2_CONTROL_PORT_RX 0x0000000000000001ULL
+ u64 flags2;
+
#define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \
(drv_flags & WPA_DRIVER_FLAGS_FULL_AP_CLIENT_STATE)
@@ -4420,6 +4424,17 @@
*/
int (*update_dh_ie)(void *priv, const u8 *peer_mac, u16 reason_code,
const u8 *ie, size_t ie_len);
+
+ /**
+ * dpp_listen - Notify driver about start/stop of DPP listen
+ * @priv: Private driver interface data
+ * @enable: Whether listen state is enabled (or disabled)
+ * Returns: 0 on success, -1 on failure
+ *
+ * This optional callback can be used to update RX frame filtering to
+ * explicitly allow reception of broadcast Public Action frames.
+ */
+ int (*dpp_listen)(void *priv, bool enable);
};
/**
@@ -5921,6 +5936,7 @@
const struct wpa_driver_capa *capa);
/* Convert driver flag to string */
const char * driver_flag_to_string(u64 flag);
+const char * driver_flag2_to_string(u64 flag2);
/* NULL terminated array of linked in driver wrappers */
extern const struct wpa_driver_ops *const wpa_drivers[];
diff --git a/src/drivers/driver_common.c b/src/drivers/driver_common.c
index 63846db..23a6a42 100644
--- a/src/drivers/driver_common.c
+++ b/src/drivers/driver_common.c
@@ -321,3 +321,14 @@
return "UNKNOWN";
#undef DF2S
}
+
+
+const char * driver_flag2_to_string(u64 flag2)
+{
+#define DF2S(x) case WPA_DRIVER_FLAGS2_ ## x: return #x
+ switch (flag2) {
+ DF2S(CONTROL_PORT_RX);
+ }
+ return "UNKNOWN";
+#undef DF2S
+}
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index 3b7c31c..75792f3 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -30,7 +30,6 @@
#include "common/ieee802_11_defs.h"
#include "common/ieee802_11_common.h"
#include "common/wpa_common.h"
-#include "l2_packet/l2_packet.h"
#include "netlink.h"
#include "linux_defines.h"
#include "linux_ioctl.h"
@@ -438,6 +437,52 @@
}
+/* Use this method to mark that it is necessary to own the connection/interface
+ * for this operation.
+ * handle may be set to NULL, to get the same behavior as send_and_recv_msgs().
+ * set_owner can be used to mark this socket for receiving control port frames.
+ */
+static int send_and_recv_msgs_owner(struct wpa_driver_nl80211_data *drv,
+ struct nl_msg *msg,
+ struct nl_sock *handle, int set_owner,
+ int (*valid_handler)(struct nl_msg *,
+ void *),
+ void *valid_data)
+{
+ /* Control port over nl80211 needs the flags and attributes below.
+ *
+ * The Linux kernel has initial checks for them (in nl80211.c) like:
+ * validate_pae_over_nl80211(...)
+ * or final checks like:
+ * dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid
+ *
+ * Final operations (e.g., disassociate) don't need to set these
+ * attributes, but they have to be performed on the socket, which has
+ * the connection owner property set in the kernel.
+ */
+ if ((drv->capa.flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX) &&
+ handle && set_owner &&
+ (nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_OVER_NL80211) ||
+ nla_put_flag(msg, NL80211_ATTR_SOCKET_OWNER) ||
+ nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, ETH_P_PAE) ||
+ nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_NO_PREAUTH)))
+ return -1;
+
+ return send_and_recv(drv->global, handle ? handle : drv->global->nl,
+ msg, valid_handler, valid_data);
+}
+
+
+struct nl_sock * get_connect_handle(struct i802_bss *bss)
+{
+ if ((bss->drv->capa.flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX) ||
+ bss->use_nl_connect)
+ return bss->nl_connect;
+
+ return NULL;
+}
+
+
struct family_data {
const char *group;
int id;
@@ -1918,6 +1963,25 @@
}
+static int nl80211_init_connect_handle(struct i802_bss *bss)
+{
+ if (bss->nl_connect) {
+ wpa_printf(MSG_DEBUG,
+ "nl80211: Connect handle already created (nl_connect=%p)",
+ bss->nl_connect);
+ return -1;
+ }
+
+ bss->nl_connect = nl_create_handle(bss->nl_cb, "connect");
+ if (!bss->nl_connect)
+ return -1;
+ nl80211_register_eloop_read(&bss->nl_connect,
+ wpa_driver_nl80211_event_receive,
+ bss->nl_cb, 1);
+ return 0;
+}
+
+
static int nl80211_init_bss(struct i802_bss *bss)
{
bss->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
@@ -1929,6 +1993,8 @@
nl_cb_set(bss->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
process_bss_event, bss);
+ nl80211_init_connect_handle(bss);
+
return 0;
}
@@ -1937,6 +2003,9 @@
{
nl_cb_put(bss->nl_cb);
bss->nl_cb = NULL;
+
+ if (bss->nl_connect)
+ nl80211_destroy_eloop_handle(&bss->nl_connect, 1);
}
@@ -2160,25 +2229,6 @@
}
-static int nl80211_init_connect_handle(struct i802_bss *bss)
-{
- if (bss->nl_connect) {
- wpa_printf(MSG_DEBUG,
- "nl80211: Connect handle already created (nl_connect=%p)",
- bss->nl_connect);
- return -1;
- }
-
- bss->nl_connect = nl_create_handle(bss->nl_cb, "connect");
- if (!bss->nl_connect)
- return -1;
- nl80211_register_eloop_read(&bss->nl_connect,
- wpa_driver_nl80211_event_receive,
- bss->nl_cb, 1);
- return 0;
-}
-
-
static int nl80211_mgmt_subscribe_non_ap(struct i802_bss *bss)
{
struct wpa_driver_nl80211_data *drv = bss->drv;
@@ -2716,8 +2766,6 @@
if (drv->vendor_cmd_test_avail)
qca_vendor_test(drv);
- nl80211_init_connect_handle(bss);
-
return 0;
}
@@ -2830,9 +2878,6 @@
nl80211_del_p2pdev(bss);
}
- if (bss->nl_connect)
- nl80211_destroy_eloop_handle(&bss->nl_connect, 1);
-
nl80211_destroy_bss(drv->first_bss);
os_free(drv->filter_ssids);
@@ -3437,18 +3482,14 @@
return nl80211_leave_ibss(drv, 1);
}
if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) {
- struct nl_sock *nl_connect = NULL;
-
- if (bss->use_nl_connect)
- nl_connect = bss->nl_connect;
return wpa_driver_nl80211_disconnect(drv, reason_code,
- nl_connect);
+ get_connect_handle(bss));
}
wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)",
__func__, MAC2STR(addr), reason_code);
nl80211_mark_disconnected(drv);
ret = wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE,
- reason_code, 0, NULL);
+ reason_code, 0, get_connect_handle(bss));
/*
* For locally generated deauthenticate, supplicant already generates a
* DEAUTH event, so ignore the event from NL80211.
@@ -4432,7 +4473,8 @@
}
#endif /* CONFIG_IEEE80211AX */
- ret = send_and_recv_msgs(drv, msg, NULL, NULL);
+ ret = send_and_recv_msgs_owner(drv, msg, get_connect_handle(bss), 1,
+ NULL, NULL);
if (ret) {
wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)",
ret, strerror(-ret));
@@ -5285,7 +5327,10 @@
int res;
int qos = flags & WPA_STA_WMM;
- if (drv->capa.flags & WPA_DRIVER_FLAGS_CONTROL_PORT)
+ /* For now, disable EAPOL TX over control port in AP mode by default
+ * since it does not provide TX status notifications. */
+ if (drv->control_port_ap &&
+ (drv->capa.flags & WPA_DRIVER_FLAGS_CONTROL_PORT))
return nl80211_tx_control_port(bss, addr, ETH_P_EAPOL,
data, data_len, !encrypt);
@@ -5452,7 +5497,9 @@
int ret;
msg = nl80211_drv_msg(drv, 0, NL80211_CMD_LEAVE_IBSS);
- ret = send_and_recv_msgs(drv, msg, NULL, NULL);
+ ret = send_and_recv_msgs_owner(drv, msg,
+ get_connect_handle(drv->first_bss), 1,
+ NULL, NULL);
if (ret) {
wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS failed: ret=%d "
"(%s)", ret, strerror(-ret));
@@ -5584,7 +5631,9 @@
if (ret < 0)
goto fail;
- ret = send_and_recv_msgs(drv, msg, NULL, NULL);
+ ret = send_and_recv_msgs_owner(drv, msg,
+ get_connect_handle(drv->first_bss), 1,
+ NULL, NULL);
msg = NULL;
if (ret) {
wpa_printf(MSG_DEBUG, "nl80211: Join IBSS failed: ret=%d (%s)",
@@ -5985,12 +6034,8 @@
if (ret)
goto fail;
- if (nl_connect)
- ret = send_and_recv(drv->global, nl_connect, msg,
- NULL, (void *) -1);
- else
- ret = send_and_recv_msgs(drv, msg, NULL, (void *) -1);
-
+ ret = send_and_recv_msgs_owner(drv, msg, nl_connect, 1, NULL,
+ (void *) -1);
msg = NULL;
if (ret) {
wpa_printf(MSG_DEBUG, "nl80211: MLME connect failed: ret=%d "
@@ -6059,19 +6104,17 @@
if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) {
enum nl80211_iftype nlmode = params->p2p ?
NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION;
- struct nl_sock *nl_connect = NULL;
if (wpa_driver_nl80211_set_mode(priv, nlmode) < 0)
return -1;
if (params->key_mgmt_suite == WPA_KEY_MGMT_SAE ||
- params->key_mgmt_suite == WPA_KEY_MGMT_FT_SAE) {
- nl_connect = bss->nl_connect;
+ params->key_mgmt_suite == WPA_KEY_MGMT_FT_SAE)
bss->use_nl_connect = 1;
- } else {
+ else
bss->use_nl_connect = 0;
- }
- return wpa_driver_nl80211_connect(drv, params, nl_connect);
+ return wpa_driver_nl80211_connect(drv, params,
+ get_connect_handle(bss));
}
nl80211_mark_disconnected(drv);
@@ -6106,7 +6149,9 @@
goto fail;
}
- ret = send_and_recv_msgs(drv, msg, NULL, NULL);
+ ret = send_and_recv_msgs_owner(drv, msg,
+ get_connect_handle(drv->first_bss), 1,
+ NULL, NULL);
msg = NULL;
if (ret) {
wpa_dbg(drv->ctx, MSG_DEBUG,
@@ -7242,6 +7287,12 @@
}
#endif /* CONFIG_LIBNL3_ROUTE */
+ if (drv->capa.flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX) {
+ wpa_printf(MSG_DEBUG,
+ "nl80211: Do not open EAPOL RX socket - using control port for RX");
+ goto skip_eapol_sock;
+ }
+
drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE));
if (drv->eapol_sock < 0) {
wpa_printf(MSG_ERROR, "nl80211: socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE) failed: %s",
@@ -7254,6 +7305,7 @@
wpa_printf(MSG_INFO, "nl80211: Could not register read socket for eapol");
goto failed;
}
+skip_eapol_sock:
if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
params->own_addr))
@@ -8125,8 +8177,13 @@
drv->test_use_roc_tx = 1;
}
- if (os_strstr(param, "control_port=0"))
+ if (os_strstr(param, "control_port=0")) {
drv->capa.flags &= ~WPA_DRIVER_FLAGS_CONTROL_PORT;
+ drv->capa.flags2 &= ~WPA_DRIVER_FLAGS2_CONTROL_PORT_RX;
+ }
+
+ if (os_strstr(param, "control_port_ap=1"))
+ drv->control_port_ap = 1;
if (os_strstr(param, "full_ap_client_state=0"))
drv->capa.flags &= ~WPA_DRIVER_FLAGS_FULL_AP_CLIENT_STATE;
@@ -9500,7 +9557,12 @@
if (nlmsg_append(msg, (void *) data, data_len, NLMSG_ALIGNTO) <
0)
goto fail;
- ret = send_and_recv_msgs(drv, msg, cmd_reply_handler, buf);
+ /* This test vendor_cmd can be used with nl80211 commands that
+ * need the connect nl_sock, so use the owner-setting variant
+ * of send_and_recv_msgs(). */
+ ret = send_and_recv_msgs_owner(drv, msg,
+ get_connect_handle(bss), 0,
+ cmd_reply_handler, buf);
if (ret)
wpa_printf(MSG_DEBUG, "nl80211: command failed err=%d",
ret);
@@ -9955,7 +10017,8 @@
if (nl80211_put_mesh_config(msg, ¶ms->conf) < 0)
goto fail;
- ret = send_and_recv_msgs(drv, msg, NULL, NULL);
+ ret = send_and_recv_msgs_owner(drv, msg, get_connect_handle(bss), 1,
+ NULL, NULL);
msg = NULL;
if (ret) {
wpa_printf(MSG_DEBUG, "nl80211: mesh join failed: ret=%d (%s)",
@@ -10012,7 +10075,8 @@
wpa_printf(MSG_DEBUG, "nl80211: mesh leave (ifindex=%d)", drv->ifindex);
msg = nl80211_drv_msg(drv, 0, NL80211_CMD_LEAVE_MESH);
- ret = send_and_recv_msgs(drv, msg, NULL, NULL);
+ ret = send_and_recv_msgs_owner(drv, msg, get_connect_handle(bss), 0,
+ NULL, NULL);
if (ret) {
wpa_printf(MSG_DEBUG, "nl80211: mesh leave failed: ret=%d (%s)",
ret, strerror(-ret));
diff --git a/src/drivers/driver_nl80211.h b/src/drivers/driver_nl80211.h
index 6e6c872..19ac44a 100644
--- a/src/drivers/driver_nl80211.h
+++ b/src/drivers/driver_nl80211.h
@@ -171,6 +171,7 @@
unsigned int roam_vendor_cmd_avail:1;
unsigned int get_supported_akm_suites_avail:1;
unsigned int add_sta_node_vendor_cmd_avail:1;
+ unsigned int control_port_ap:1;
u64 vendor_scan_cookie;
u64 remain_on_chan_cookie;
@@ -229,6 +230,7 @@
int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv, struct nl_msg *msg,
int (*valid_handler)(struct nl_msg *, void *),
void *valid_data);
+struct nl_sock * get_connect_handle(struct i802_bss *bss);
int nl80211_create_iface(struct wpa_driver_nl80211_data *drv,
const char *ifname, enum nl80211_iftype iftype,
const u8 *addr, int wds,
diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c
index b4fed9e..f033591 100644
--- a/src/drivers/driver_nl80211_capa.c
+++ b/src/drivers/driver_nl80211_capa.c
@@ -441,6 +441,9 @@
if (ext_feature_isset(ext_features, len,
NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
capa->flags |= WPA_DRIVER_FLAGS_CONTROL_PORT;
+ if (ext_feature_isset(ext_features, len,
+ NL80211_EXT_FEATURE_CONTROL_PORT_NO_PREAUTH))
+ capa->flags2 |= WPA_DRIVER_FLAGS2_CONTROL_PORT_RX;
if (ext_feature_isset(ext_features, len,
NL80211_EXT_FEATURE_VLAN_OFFLOAD))
diff --git a/src/drivers/driver_nl80211_event.c b/src/drivers/driver_nl80211_event.c
index d4ca2eb..17a06d8 100644
--- a/src/drivers/driver_nl80211_event.c
+++ b/src/drivers/driver_nl80211_event.c
@@ -2505,12 +2505,34 @@
static void nl80211_control_port_frame(struct wpa_driver_nl80211_data *drv,
struct nlattr **tb)
{
- if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_FRAME])
+ u8 *src_addr;
+ u16 ethertype;
+
+ if (!tb[NL80211_ATTR_MAC] ||
+ !tb[NL80211_ATTR_FRAME] ||
+ !tb[NL80211_ATTR_CONTROL_PORT_ETHERTYPE])
return;
- drv_event_eapol_rx(drv->ctx, nla_data(tb[NL80211_ATTR_MAC]),
- nla_data(tb[NL80211_ATTR_FRAME]),
- nla_len(tb[NL80211_ATTR_FRAME]));
+ src_addr = nla_data(tb[NL80211_ATTR_MAC]);
+ ethertype = nla_get_u16(tb[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
+
+ switch (ethertype) {
+ case ETH_P_RSN_PREAUTH:
+ wpa_printf(MSG_INFO, "nl80211: Got pre-auth frame from "
+ MACSTR " over control port unexpectedly",
+ MAC2STR(src_addr));
+ break;
+ case ETH_P_PAE:
+ drv_event_eapol_rx(drv->ctx, src_addr,
+ nla_data(tb[NL80211_ATTR_FRAME]),
+ nla_len(tb[NL80211_ATTR_FRAME]));
+ break;
+ default:
+ wpa_printf(MSG_INFO, "nl80211: Unxpected ethertype 0x%04x from "
+ MACSTR " over control port",
+ ethertype, MAC2STR(src_addr));
+ break;
+ }
}
@@ -2729,9 +2751,6 @@
case NL80211_CMD_UPDATE_OWE_INFO:
mlme_event_dh_event(drv, bss, tb);
break;
- case NL80211_CMD_CONTROL_PORT_FRAME:
- nl80211_control_port_frame(drv, tb);
- break;
default:
wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Ignored unknown event "
"(cmd=%d)", cmd);
@@ -2821,6 +2840,9 @@
case NL80211_CMD_EXTERNAL_AUTH:
nl80211_external_auth(bss->drv, tb);
break;
+ case NL80211_CMD_CONTROL_PORT_FRAME:
+ nl80211_control_port_frame(bss->drv, tb);
+ break;
default:
wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event "
"(cmd=%d)", gnlh->cmd);
diff --git a/src/drivers/driver_nl80211_scan.c b/src/drivers/driver_nl80211_scan.c
index 04f6bb8..17e8b2c 100644
--- a/src/drivers/driver_nl80211_scan.c
+++ b/src/drivers/driver_nl80211_scan.c
@@ -872,7 +872,7 @@
wpa_driver_nl80211_mlme(drv, addr,
NL80211_CMD_DEAUTHENTICATE,
WLAN_REASON_PREV_AUTH_NOT_VALID, 1,
- NULL);
+ get_connect_handle(drv->first_bss));
}
}
diff --git a/src/eap_server/eap.h b/src/eap_server/eap.h
index 540b4e7..61032cc 100644
--- a/src/eap_server/eap.h
+++ b/src/eap_server/eap.h
@@ -45,43 +45,43 @@
struct eap_eapol_interface {
/* Lower layer to full authenticator variables */
- Boolean eapResp; /* shared with EAPOL Backend Authentication */
+ bool eapResp; /* shared with EAPOL Backend Authentication */
struct wpabuf *eapRespData;
- Boolean portEnabled;
+ bool portEnabled;
int retransWhile;
- Boolean eapRestart; /* shared with EAPOL Authenticator PAE */
+ bool eapRestart; /* shared with EAPOL Authenticator PAE */
int eapSRTT;
int eapRTTVAR;
/* Full authenticator to lower layer variables */
- Boolean eapReq; /* shared with EAPOL Backend Authentication */
- Boolean eapNoReq; /* shared with EAPOL Backend Authentication */
- Boolean eapSuccess;
- Boolean eapFail;
- Boolean eapTimeout;
+ bool eapReq; /* shared with EAPOL Backend Authentication */
+ bool eapNoReq; /* shared with EAPOL Backend Authentication */
+ bool eapSuccess;
+ bool eapFail;
+ bool eapTimeout;
struct wpabuf *eapReqData;
u8 *eapKeyData;
size_t eapKeyDataLen;
u8 *eapSessionId;
size_t eapSessionIdLen;
- Boolean eapKeyAvailable; /* called keyAvailable in IEEE 802.1X-2004 */
+ bool eapKeyAvailable; /* called keyAvailable in IEEE 802.1X-2004 */
/* AAA interface to full authenticator variables */
- Boolean aaaEapReq;
- Boolean aaaEapNoReq;
- Boolean aaaSuccess;
- Boolean aaaFail;
+ bool aaaEapReq;
+ bool aaaEapNoReq;
+ bool aaaSuccess;
+ bool aaaFail;
struct wpabuf *aaaEapReqData;
u8 *aaaEapKeyData;
size_t aaaEapKeyDataLen;
- Boolean aaaEapKeyAvailable;
+ bool aaaEapKeyAvailable;
int aaaMethodTimeout;
/* Full authenticator to AAA interface variables */
- Boolean aaaEapResp;
+ bool aaaEapResp;
struct wpabuf *aaaEapRespData;
/* aaaIdentity -> eap_get_identity() */
- Boolean aaaTimeout;
+ bool aaaTimeout;
};
struct eap_server_erp_key {
@@ -124,7 +124,7 @@
* callback context.
*/
void *eap_sim_db_priv;
- Boolean backend_auth;
+ bool backend_auth;
int eap_server;
/**
diff --git a/src/eap_server/eap_i.h b/src/eap_server/eap_i.h
index 44896a6..28bb564 100644
--- a/src/eap_server/eap_i.h
+++ b/src/eap_server/eap_i.h
@@ -32,15 +32,14 @@
struct wpabuf * (*buildReq)(struct eap_sm *sm, void *priv, u8 id);
int (*getTimeout)(struct eap_sm *sm, void *priv);
- Boolean (*check)(struct eap_sm *sm, void *priv,
- struct wpabuf *respData);
+ bool (*check)(struct eap_sm *sm, void *priv, struct wpabuf *respData);
void (*process)(struct eap_sm *sm, void *priv,
struct wpabuf *respData);
- Boolean (*isDone)(struct eap_sm *sm, void *priv);
+ bool (*isDone)(struct eap_sm *sm, void *priv);
u8 * (*getKey)(struct eap_sm *sm, void *priv, size_t *len);
/* isSuccess is not specified in draft-ietf-eap-statemachine-05.txt,
* but it is useful in implementing Policy.getDecision() */
- Boolean (*isSuccess)(struct eap_sm *sm, void *priv);
+ bool (*isSuccess)(struct eap_sm *sm, void *priv);
/**
* free - Free EAP method data
@@ -138,13 +137,13 @@
int methodTimeout;
/* Short-term (not maintained between packets) */
- Boolean rxResp;
- Boolean rxInitiate;
+ bool rxResp;
+ bool rxInitiate;
int respId;
enum eap_type respMethod;
int respVendor;
u32 respVendorMethod;
- Boolean ignore;
+ bool ignore;
enum {
DECISION_SUCCESS, DECISION_FAILURE, DECISION_CONTINUE,
DECISION_PASSTHROUGH, DECISION_INITIATE_REAUTH_START
@@ -153,7 +152,7 @@
/* Miscellaneous variables */
const struct eap_method *m; /* selected EAP method */
/* not defined in RFC 4137 */
- Boolean changed;
+ bool changed;
void *eapol_ctx;
const struct eapol_callbacks *eapol_cb;
void *eap_method_priv;
@@ -169,7 +168,7 @@
int init_phase2;
const struct eap_config *cfg;
struct eap_config cfg_buf;
- Boolean update_user;
+ bool update_user;
unsigned int num_rounds;
unsigned int num_rounds_short;
@@ -183,12 +182,12 @@
struct wpabuf *assoc_wps_ie;
struct wpabuf *assoc_p2p_ie;
- Boolean start_reauth;
+ bool start_reauth;
u8 peer_addr[ETH_ALEN];
- Boolean initiate_reauth_start_sent;
- Boolean try_initiate_reauth;
+ bool initiate_reauth_start_sent;
+ bool try_initiate_reauth;
#ifdef CONFIG_TESTING_OPTIONS
u32 tls_test_flags;
diff --git a/src/eap_server/eap_server.c b/src/eap_server/eap_server.c
index 34ce239..0b7a5b9 100644
--- a/src/eap_server/eap_server.c
+++ b/src/eap_server/eap_server.c
@@ -9,7 +9,7 @@
* in RFC 4137. However, to support backend authentication in RADIUS
* authentication server functionality, parts of backend authenticator (also
* from RFC 4137) are mixed in. This functionality is enabled by setting
- * backend_auth configuration variable to TRUE.
+ * backend_auth configuration variable to true.
*/
#include "includes.h"
@@ -38,7 +38,7 @@
static enum eap_type eap_sm_Policy_getNextMethod(struct eap_sm *sm,
int *vendor);
static int eap_sm_Policy_getDecision(struct eap_sm *sm);
-static Boolean eap_sm_Policy_doPickUp(struct eap_sm *sm, enum eap_type method);
+static bool eap_sm_Policy_doPickUp(struct eap_sm *sm, enum eap_type method);
static int eap_get_erp_send_reauth_start(struct eap_sm *sm)
@@ -230,19 +230,19 @@
eap_server_clear_identity(sm);
}
- sm->try_initiate_reauth = FALSE;
+ sm->try_initiate_reauth = false;
sm->currentId = -1;
- sm->eap_if.eapSuccess = FALSE;
- sm->eap_if.eapFail = FALSE;
- sm->eap_if.eapTimeout = FALSE;
+ sm->eap_if.eapSuccess = false;
+ sm->eap_if.eapFail = false;
+ sm->eap_if.eapTimeout = false;
bin_clear_free(sm->eap_if.eapKeyData, sm->eap_if.eapKeyDataLen);
sm->eap_if.eapKeyData = NULL;
sm->eap_if.eapKeyDataLen = 0;
os_free(sm->eap_if.eapSessionId);
sm->eap_if.eapSessionId = NULL;
sm->eap_if.eapSessionIdLen = 0;
- sm->eap_if.eapKeyAvailable = FALSE;
- sm->eap_if.eapRestart = FALSE;
+ sm->eap_if.eapKeyAvailable = false;
+ sm->eap_if.eapRestart = false;
/*
* This is not defined in RFC 4137, but method state needs to be
@@ -322,7 +322,7 @@
sm->retransCount++;
if (sm->retransCount <= sm->MaxRetrans && sm->lastReqData) {
if (eap_copy_buf(&sm->eap_if.eapReqData, sm->lastReqData) == 0)
- sm->eap_if.eapReq = TRUE;
+ sm->eap_if.eapReq = true;
}
wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_RETRANSMIT MACSTR,
@@ -347,8 +347,8 @@
SM_STATE(EAP, DISCARD)
{
SM_ENTRY(EAP, DISCARD);
- sm->eap_if.eapResp = FALSE;
- sm->eap_if.eapNoReq = TRUE;
+ sm->eap_if.eapResp = false;
+ sm->eap_if.eapNoReq = true;
}
@@ -362,17 +362,17 @@
sm->num_rounds_short = 0;
if (eap_copy_buf(&sm->lastReqData, sm->eap_if.eapReqData) == 0)
{
- sm->eap_if.eapResp = FALSE;
- sm->eap_if.eapReq = TRUE;
+ sm->eap_if.eapResp = false;
+ sm->eap_if.eapReq = true;
} else {
- sm->eap_if.eapResp = FALSE;
- sm->eap_if.eapReq = FALSE;
+ sm->eap_if.eapResp = false;
+ sm->eap_if.eapReq = false;
}
} else {
wpa_printf(MSG_INFO, "EAP: SEND_REQUEST - no eapReqData");
- sm->eap_if.eapResp = FALSE;
- sm->eap_if.eapReq = FALSE;
- sm->eap_if.eapNoReq = TRUE;
+ sm->eap_if.eapResp = false;
+ sm->eap_if.eapReq = false;
+ sm->eap_if.eapNoReq = true;
}
}
@@ -382,7 +382,7 @@
SM_ENTRY(EAP, INTEGRITY_CHECK);
if (!eap_hdr_len_valid(sm->eap_if.eapRespData, 1)) {
- sm->ignore = TRUE;
+ sm->ignore = true;
return;
}
@@ -552,7 +552,7 @@
SM_ENTRY(EAP, PROPOSE_METHOD);
- sm->try_initiate_reauth = FALSE;
+ sm->try_initiate_reauth = false;
try_another_method:
type = eap_sm_Policy_getNextMethod(sm, &vendor);
if (vendor == EAP_VENDOR_IETF)
@@ -640,7 +640,7 @@
{
SM_ENTRY(EAP, TIMEOUT_FAILURE);
- sm->eap_if.eapTimeout = TRUE;
+ sm->eap_if.eapTimeout = true;
wpa_msg(sm->cfg->msg_ctx, MSG_INFO,
WPA_EVENT_EAP_TIMEOUT_FAILURE MACSTR, MAC2STR(sm->peer_addr));
@@ -655,7 +655,7 @@
sm->eap_if.eapReqData = eap_sm_buildFailure(sm, sm->currentId);
wpabuf_free(sm->lastReqData);
sm->lastReqData = NULL;
- sm->eap_if.eapFail = TRUE;
+ sm->eap_if.eapFail = true;
wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE
MACSTR, MAC2STR(sm->peer_addr));
@@ -671,8 +671,8 @@
wpabuf_free(sm->lastReqData);
sm->lastReqData = NULL;
if (sm->eap_if.eapKeyData)
- sm->eap_if.eapKeyAvailable = TRUE;
- sm->eap_if.eapSuccess = TRUE;
+ sm->eap_if.eapKeyAvailable = true;
+ sm->eap_if.eapSuccess = true;
wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_SUCCESS
MACSTR, MAC2STR(sm->peer_addr));
@@ -683,8 +683,8 @@
{
SM_ENTRY(EAP, INITIATE_REAUTH_START);
- sm->initiate_reauth_start_sent = TRUE;
- sm->try_initiate_reauth = TRUE;
+ sm->initiate_reauth_start_sent = true;
+ sm->try_initiate_reauth = true;
sm->currentId = eap_sm_nextId(sm, sm->currentId);
wpa_printf(MSG_DEBUG,
"EAP: building EAP-Initiate-Re-auth-Start: Identifier %d",
@@ -760,7 +760,7 @@
sm->lastReqData = NULL;
if ((flags & 0x80) || !erp) {
- sm->eap_if.eapFail = TRUE;
+ sm->eap_if.eapFail = true;
wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE
MACSTR, MAC2STR(sm->peer_addr));
return;
@@ -784,10 +784,10 @@
return;
}
sm->eap_if.eapKeyDataLen = erp->rRK_len;
- sm->eap_if.eapKeyAvailable = TRUE;
+ sm->eap_if.eapKeyAvailable = true;
wpa_hexdump_key(MSG_DEBUG, "EAP: ERP rMSK",
sm->eap_if.eapKeyData, sm->eap_if.eapKeyDataLen);
- sm->eap_if.eapSuccess = TRUE;
+ sm->eap_if.eapSuccess = true;
wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_SUCCESS
MACSTR, MAC2STR(sm->peer_addr));
@@ -811,7 +811,7 @@
SM_ENTRY(EAP, INITIATE_RECEIVED);
- sm->rxInitiate = FALSE;
+ sm->rxInitiate = false;
pos = eap_hdr_validate(EAP_VENDOR_IETF,
(enum eap_type) EAP_ERP_TYPE_REAUTH,
@@ -988,7 +988,7 @@
return;
fail:
- sm->ignore = TRUE;
+ sm->ignore = true;
}
#endif /* CONFIG_ERP */
@@ -1000,7 +1000,7 @@
wpabuf_free(sm->eap_if.aaaEapRespData);
sm->eap_if.aaaEapRespData = NULL;
- sm->try_initiate_reauth = FALSE;
+ sm->try_initiate_reauth = false;
}
@@ -1021,7 +1021,7 @@
sm->retransCount++;
if (sm->retransCount <= sm->MaxRetrans && sm->lastReqData) {
if (eap_copy_buf(&sm->eap_if.eapReqData, sm->lastReqData) == 0)
- sm->eap_if.eapReq = TRUE;
+ sm->eap_if.eapReq = true;
}
wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_RETRANSMIT2 MACSTR,
@@ -1041,8 +1041,8 @@
SM_STATE(EAP, DISCARD2)
{
SM_ENTRY(EAP, DISCARD2);
- sm->eap_if.eapResp = FALSE;
- sm->eap_if.eapNoReq = TRUE;
+ sm->eap_if.eapResp = false;
+ sm->eap_if.eapNoReq = true;
}
@@ -1054,17 +1054,17 @@
if (sm->eap_if.eapReqData) {
if (eap_copy_buf(&sm->lastReqData, sm->eap_if.eapReqData) == 0)
{
- sm->eap_if.eapResp = FALSE;
- sm->eap_if.eapReq = TRUE;
+ sm->eap_if.eapResp = false;
+ sm->eap_if.eapReq = true;
} else {
- sm->eap_if.eapResp = FALSE;
- sm->eap_if.eapReq = FALSE;
+ sm->eap_if.eapResp = false;
+ sm->eap_if.eapReq = false;
}
} else {
wpa_printf(MSG_INFO, "EAP: SEND_REQUEST2 - no eapReqData");
- sm->eap_if.eapResp = FALSE;
- sm->eap_if.eapReq = FALSE;
- sm->eap_if.eapNoReq = TRUE;
+ sm->eap_if.eapResp = false;
+ sm->eap_if.eapReq = false;
+ sm->eap_if.eapNoReq = true;
}
}
@@ -1103,11 +1103,11 @@
{
SM_ENTRY(EAP, AAA_IDLE);
- sm->eap_if.aaaFail = FALSE;
- sm->eap_if.aaaSuccess = FALSE;
- sm->eap_if.aaaEapReq = FALSE;
- sm->eap_if.aaaEapNoReq = FALSE;
- sm->eap_if.aaaEapResp = TRUE;
+ sm->eap_if.aaaFail = false;
+ sm->eap_if.aaaSuccess = false;
+ sm->eap_if.aaaEapReq = false;
+ sm->eap_if.aaaEapNoReq = false;
+ sm->eap_if.aaaEapResp = true;
}
@@ -1115,7 +1115,7 @@
{
SM_ENTRY(EAP, TIMEOUT_FAILURE2);
- sm->eap_if.eapTimeout = TRUE;
+ sm->eap_if.eapTimeout = true;
wpa_msg(sm->cfg->msg_ctx, MSG_INFO,
WPA_EVENT_EAP_TIMEOUT_FAILURE2 MACSTR, MAC2STR(sm->peer_addr));
@@ -1127,7 +1127,7 @@
SM_ENTRY(EAP, FAILURE2);
eap_copy_buf(&sm->eap_if.eapReqData, sm->eap_if.aaaEapReqData);
- sm->eap_if.eapFail = TRUE;
+ sm->eap_if.eapFail = true;
wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE2 MACSTR,
MAC2STR(sm->peer_addr));
@@ -1149,14 +1149,14 @@
sm->eap_if.eapKeyDataLen = 0;
}
- sm->eap_if.eapSuccess = TRUE;
+ sm->eap_if.eapSuccess = true;
/*
* Start reauthentication with identity request even though we know the
* previously used identity. This is needed to get reauthentication
* started properly.
*/
- sm->start_reauth = TRUE;
+ sm->start_reauth = true;
wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_SUCCESS2 MACSTR,
MAC2STR(sm->peer_addr));
@@ -1217,7 +1217,7 @@
case EAP_IDLE:
if (sm->eap_if.retransWhile == 0) {
if (sm->try_initiate_reauth) {
- sm->try_initiate_reauth = FALSE;
+ sm->try_initiate_reauth = false;
SM_ENTER(EAP, SELECT_ACTION);
} else {
SM_ENTER(EAP, RETRANSMIT);
@@ -1491,8 +1491,8 @@
size_t plen;
/* parse rxResp, respId, respMethod */
- sm->rxResp = FALSE;
- sm->rxInitiate = FALSE;
+ sm->rxResp = false;
+ sm->rxInitiate = false;
sm->respId = -1;
sm->respMethod = EAP_TYPE_NONE;
sm->respVendor = EAP_VENDOR_IETF;
@@ -1518,9 +1518,9 @@
sm->respId = hdr->identifier;
if (hdr->code == EAP_CODE_RESPONSE)
- sm->rxResp = TRUE;
+ sm->rxResp = true;
else if (hdr->code == EAP_CODE_INITIATE)
- sm->rxInitiate = TRUE;
+ sm->rxInitiate = true;
if (plen > sizeof(*hdr)) {
u8 *pos = (u8 *) (hdr + 1);
@@ -1702,7 +1702,7 @@
if (sm->identity == NULL || sm->currentId == -1) {
*vendor = EAP_VENDOR_IETF;
next = EAP_TYPE_IDENTITY;
- sm->update_user = TRUE;
+ sm->update_user = true;
} else if (sm->user && idx < EAP_MAX_METHODS &&
(sm->user->methods[idx].vendor != EAP_VENDOR_IETF ||
sm->user->methods[idx].method != EAP_TYPE_NONE)) {
@@ -1730,7 +1730,7 @@
sm->m->isSuccess(sm, sm->eap_method_priv)) {
wpa_printf(MSG_DEBUG, "EAP: getDecision: method succeeded -> "
"SUCCESS");
- sm->update_user = TRUE;
+ sm->update_user = true;
return DECISION_SUCCESS;
}
@@ -1738,7 +1738,7 @@
!sm->m->isSuccess(sm, sm->eap_method_priv)) {
wpa_printf(MSG_DEBUG, "EAP: getDecision: method failed -> "
"FAILURE");
- sm->update_user = TRUE;
+ sm->update_user = true;
return DECISION_FAILURE;
}
@@ -1765,12 +1765,12 @@
sm->user->methods[0].method == EAP_TYPE_IDENTITY) {
wpa_printf(MSG_DEBUG, "EAP: getDecision: stop "
"identity request loop -> FAILURE");
- sm->update_user = TRUE;
+ sm->update_user = true;
return DECISION_FAILURE;
}
- sm->update_user = FALSE;
+ sm->update_user = false;
}
- sm->start_reauth = FALSE;
+ sm->start_reauth = false;
if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS &&
(sm->user->methods[sm->user_eap_method_index].vendor !=
@@ -1801,9 +1801,9 @@
}
-static Boolean eap_sm_Policy_doPickUp(struct eap_sm *sm, enum eap_type method)
+static bool eap_sm_Policy_doPickUp(struct eap_sm *sm, enum eap_type method)
{
- return method == EAP_TYPE_IDENTITY ? TRUE : FALSE;
+ return method == EAP_TYPE_IDENTITY;
}
@@ -1820,7 +1820,7 @@
{
int res = 0;
do {
- sm->changed = FALSE;
+ sm->changed = false;
SM_STEP_RUN(EAP);
if (sm->changed)
res = 1;
diff --git a/src/eap_server/eap_server_aka.c b/src/eap_server/eap_server_aka.c
index 22dd965..e9bf030 100644
--- a/src/eap_server/eap_server_aka.c
+++ b/src/eap_server/eap_server_aka.c
@@ -664,8 +664,8 @@
}
-static Boolean eap_aka_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_aka_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
struct eap_aka_data *data = priv;
const u8 *pos;
@@ -675,25 +675,25 @@
&len);
if (pos == NULL || len < 3) {
wpa_printf(MSG_INFO, "EAP-AKA: Invalid frame");
- return TRUE;
+ return true;
}
- return FALSE;
+ return false;
}
-static Boolean eap_aka_subtype_ok(struct eap_aka_data *data, u8 subtype)
+static bool eap_aka_subtype_ok(struct eap_aka_data *data, u8 subtype)
{
if (subtype == EAP_AKA_SUBTYPE_CLIENT_ERROR ||
subtype == EAP_AKA_SUBTYPE_AUTHENTICATION_REJECT)
- return FALSE;
+ return false;
switch (data->state) {
case IDENTITY:
if (subtype != EAP_AKA_SUBTYPE_IDENTITY) {
wpa_printf(MSG_INFO, "EAP-AKA: Unexpected response "
"subtype %d", subtype);
- return TRUE;
+ return true;
}
break;
case CHALLENGE:
@@ -701,30 +701,30 @@
subtype != EAP_AKA_SUBTYPE_SYNCHRONIZATION_FAILURE) {
wpa_printf(MSG_INFO, "EAP-AKA: Unexpected response "
"subtype %d", subtype);
- return TRUE;
+ return true;
}
break;
case REAUTH:
if (subtype != EAP_AKA_SUBTYPE_REAUTHENTICATION) {
wpa_printf(MSG_INFO, "EAP-AKA: Unexpected response "
"subtype %d", subtype);
- return TRUE;
+ return true;
}
break;
case NOTIFICATION:
if (subtype != EAP_AKA_SUBTYPE_NOTIFICATION) {
wpa_printf(MSG_INFO, "EAP-AKA: Unexpected response "
"subtype %d", subtype);
- return TRUE;
+ return true;
}
break;
default:
wpa_printf(MSG_INFO, "EAP-AKA: Unexpected state (%d) for "
"processing a response", data->state);
- return TRUE;
+ return true;
}
- return FALSE;
+ return false;
}
@@ -1269,7 +1269,7 @@
}
-static Boolean eap_aka_isDone(struct eap_sm *sm, void *priv)
+static bool eap_aka_isDone(struct eap_sm *sm, void *priv)
{
struct eap_aka_data *data = priv;
return data->state == SUCCESS || data->state == FAILURE;
@@ -1308,7 +1308,7 @@
}
-static Boolean eap_aka_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_aka_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_aka_data *data = priv;
return data->state == SUCCESS;
diff --git a/src/eap_server/eap_server_eke.c b/src/eap_server/eap_server_eke.c
index 71fab96..eac3245 100644
--- a/src/eap_server/eap_server_eke.c
+++ b/src/eap_server/eap_server_eke.c
@@ -380,8 +380,8 @@
}
-static Boolean eap_eke_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_eke_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
struct eap_eke_data *data = priv;
size_t len;
@@ -391,28 +391,28 @@
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_EKE, respData, &len);
if (pos == NULL || len < 1) {
wpa_printf(MSG_INFO, "EAP-EKE: Invalid frame");
- return TRUE;
+ return true;
}
eke_exch = *pos;
wpa_printf(MSG_DEBUG, "EAP-EKE: Received frame: EKE-Exch=%d", eke_exch);
if (data->state == IDENTITY && eke_exch == EAP_EKE_ID)
- return FALSE;
+ return false;
if (data->state == COMMIT && eke_exch == EAP_EKE_COMMIT)
- return FALSE;
+ return false;
if (data->state == CONFIRM && eke_exch == EAP_EKE_CONFIRM)
- return FALSE;
+ return false;
if (eke_exch == EAP_EKE_FAILURE)
- return FALSE;
+ return false;
wpa_printf(MSG_INFO, "EAP-EKE: Unexpected EKE-Exch=%d in state=%d",
eke_exch, data->state);
- return TRUE;
+ return true;
}
@@ -716,7 +716,7 @@
}
-static Boolean eap_eke_isDone(struct eap_sm *sm, void *priv)
+static bool eap_eke_isDone(struct eap_sm *sm, void *priv)
{
struct eap_eke_data *data = priv;
return data->state == SUCCESS || data->state == FAILURE;
@@ -757,7 +757,7 @@
}
-static Boolean eap_eke_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_eke_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_eke_data *data = priv;
return data->state == SUCCESS;
diff --git a/src/eap_server/eap_server_fast.c b/src/eap_server/eap_server_fast.c
index 0270821..55d48d9 100644
--- a/src/eap_server/eap_server_fast.c
+++ b/src/eap_server/eap_server_fast.c
@@ -929,8 +929,8 @@
}
-static Boolean eap_fast_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_fast_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
const u8 *pos;
size_t len;
@@ -938,10 +938,10 @@
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_FAST, respData, &len);
if (pos == NULL || len < 1) {
wpa_printf(MSG_INFO, "EAP-FAST: Invalid frame");
- return TRUE;
+ return true;
}
- return FALSE;
+ return false;
}
@@ -1563,7 +1563,7 @@
}
-static Boolean eap_fast_isDone(struct eap_sm *sm, void *priv)
+static bool eap_fast_isDone(struct eap_sm *sm, void *priv)
{
struct eap_fast_data *data = priv;
return data->state == SUCCESS || data->state == FAILURE;
@@ -1614,7 +1614,7 @@
}
-static Boolean eap_fast_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_fast_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_fast_data *data = priv;
return data->state == SUCCESS;
diff --git a/src/eap_server/eap_server_gpsk.c b/src/eap_server/eap_server_gpsk.c
index a774275..4081b9f 100644
--- a/src/eap_server/eap_server_gpsk.c
+++ b/src/eap_server/eap_server_gpsk.c
@@ -208,8 +208,8 @@
}
-static Boolean eap_gpsk_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_gpsk_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
struct eap_gpsk_data *data = priv;
const u8 *pos;
@@ -218,21 +218,21 @@
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_GPSK, respData, &len);
if (pos == NULL || len < 1) {
wpa_printf(MSG_INFO, "EAP-GPSK: Invalid frame");
- return TRUE;
+ return true;
}
wpa_printf(MSG_DEBUG, "EAP-GPSK: Received frame: opcode=%d", *pos);
if (data->state == GPSK_1 && *pos == EAP_GPSK_OPCODE_GPSK_2)
- return FALSE;
+ return false;
if (data->state == GPSK_3 && *pos == EAP_GPSK_OPCODE_GPSK_4)
- return FALSE;
+ return false;
wpa_printf(MSG_INFO, "EAP-GPSK: Unexpected opcode=%d in state=%d",
*pos, data->state);
- return TRUE;
+ return true;
}
@@ -560,7 +560,7 @@
}
-static Boolean eap_gpsk_isDone(struct eap_sm *sm, void *priv)
+static bool eap_gpsk_isDone(struct eap_sm *sm, void *priv)
{
struct eap_gpsk_data *data = priv;
return data->state == SUCCESS || data->state == FAILURE;
@@ -601,7 +601,7 @@
}
-static Boolean eap_gpsk_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_gpsk_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_gpsk_data *data = priv;
return data->state == SUCCESS;
diff --git a/src/eap_server/eap_server_gtc.c b/src/eap_server/eap_server_gtc.c
index fcccbcb..6310793 100644
--- a/src/eap_server/eap_server_gtc.c
+++ b/src/eap_server/eap_server_gtc.c
@@ -74,8 +74,8 @@
}
-static Boolean eap_gtc_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_gtc_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
const u8 *pos;
size_t len;
@@ -83,10 +83,10 @@
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_GTC, respData, &len);
if (pos == NULL || len < 1) {
wpa_printf(MSG_INFO, "EAP-GTC: Invalid frame");
- return TRUE;
+ return true;
}
- return FALSE;
+ return false;
}
@@ -184,14 +184,14 @@
}
-static Boolean eap_gtc_isDone(struct eap_sm *sm, void *priv)
+static bool eap_gtc_isDone(struct eap_sm *sm, void *priv)
{
struct eap_gtc_data *data = priv;
return data->state != CONTINUE;
}
-static Boolean eap_gtc_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_gtc_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_gtc_data *data = priv;
return data->state == SUCCESS;
diff --git a/src/eap_server/eap_server_identity.c b/src/eap_server/eap_server_identity.c
index 1b1db53..813e1d6 100644
--- a/src/eap_server/eap_server_identity.c
+++ b/src/eap_server/eap_server_identity.c
@@ -79,8 +79,8 @@
}
-static Boolean eap_identity_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_identity_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
const u8 *pos;
size_t len;
@@ -89,10 +89,10 @@
respData, &len);
if (pos == NULL) {
wpa_printf(MSG_INFO, "EAP-Identity: Invalid frame");
- return TRUE;
+ return true;
}
- return FALSE;
+ return false;
}
@@ -127,7 +127,7 @@
os_free(buf);
}
if (sm->identity)
- sm->update_user = TRUE;
+ sm->update_user = true;
os_free(sm->identity);
sm->identity = os_malloc(len ? len : 1);
if (sm->identity == NULL) {
@@ -140,14 +140,14 @@
}
-static Boolean eap_identity_isDone(struct eap_sm *sm, void *priv)
+static bool eap_identity_isDone(struct eap_sm *sm, void *priv)
{
struct eap_identity_data *data = priv;
return data->state != CONTINUE;
}
-static Boolean eap_identity_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_identity_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_identity_data *data = priv;
return data->state == SUCCESS;
diff --git a/src/eap_server/eap_server_ikev2.c b/src/eap_server/eap_server_ikev2.c
index 897637e..ef3cc8c 100644
--- a/src/eap_server/eap_server_ikev2.c
+++ b/src/eap_server/eap_server_ikev2.c
@@ -236,8 +236,8 @@
}
-static Boolean eap_ikev2_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_ikev2_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
const u8 *pos;
size_t len;
@@ -246,10 +246,10 @@
&len);
if (pos == NULL) {
wpa_printf(MSG_INFO, "EAP-IKEV2: Invalid frame");
- return TRUE;
+ return true;
}
- return FALSE;
+ return false;
}
@@ -465,14 +465,14 @@
}
-static Boolean eap_ikev2_isDone(struct eap_sm *sm, void *priv)
+static bool eap_ikev2_isDone(struct eap_sm *sm, void *priv)
{
struct eap_ikev2_data *data = priv;
return data->state == DONE || data->state == FAIL;
}
-static Boolean eap_ikev2_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_ikev2_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_ikev2_data *data = priv;
return data->state == DONE && data->ikev2.state == IKEV2_DONE &&
diff --git a/src/eap_server/eap_server_md5.c b/src/eap_server/eap_server_md5.c
index cf5ceb1..c9b500c 100644
--- a/src/eap_server/eap_server_md5.c
+++ b/src/eap_server/eap_server_md5.c
@@ -73,8 +73,8 @@
}
-static Boolean eap_md5_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_md5_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
const u8 *pos;
size_t len;
@@ -82,16 +82,16 @@
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_MD5, respData, &len);
if (pos == NULL || len < 1) {
wpa_printf(MSG_INFO, "EAP-MD5: Invalid frame");
- return TRUE;
+ return true;
}
if (*pos != CHAP_MD5_LEN || 1 + CHAP_MD5_LEN > len) {
wpa_printf(MSG_INFO, "EAP-MD5: Invalid response "
"(response_len=%d payload_len=%lu",
*pos, (unsigned long) len);
- return TRUE;
+ return true;
}
- return FALSE;
+ return false;
}
@@ -136,14 +136,14 @@
}
-static Boolean eap_md5_isDone(struct eap_sm *sm, void *priv)
+static bool eap_md5_isDone(struct eap_sm *sm, void *priv)
{
struct eap_md5_data *data = priv;
return data->state != CONTINUE;
}
-static Boolean eap_md5_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_md5_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_md5_data *data = priv;
return data->state == SUCCESS;
diff --git a/src/eap_server/eap_server_mschapv2.c b/src/eap_server/eap_server_mschapv2.c
index 8a1621a..9b3eb26 100644
--- a/src/eap_server/eap_server_mschapv2.c
+++ b/src/eap_server/eap_server_mschapv2.c
@@ -235,8 +235,8 @@
}
-static Boolean eap_mschapv2_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_mschapv2_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
struct eap_mschapv2_data *data = priv;
struct eap_mschapv2_hdr *resp;
@@ -247,7 +247,7 @@
&len);
if (pos == NULL || len < 1) {
wpa_printf(MSG_INFO, "EAP-MSCHAPV2: Invalid frame");
- return TRUE;
+ return true;
}
resp = (struct eap_mschapv2_hdr *) pos;
@@ -255,7 +255,7 @@
resp->op_code != MSCHAPV2_OP_RESPONSE) {
wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Expected Response - "
"ignore op %d", resp->op_code);
- return TRUE;
+ return true;
}
if (data->state == SUCCESS_REQ &&
@@ -263,17 +263,17 @@
resp->op_code != MSCHAPV2_OP_FAILURE) {
wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Expected Success or "
"Failure - ignore op %d", resp->op_code);
- return TRUE;
+ return true;
}
if (data->state == FAILURE_REQ &&
resp->op_code != MSCHAPV2_OP_FAILURE) {
wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Expected Failure "
"- ignore op %d", resp->op_code);
- return TRUE;
+ return true;
}
- return FALSE;
+ return false;
}
@@ -531,7 +531,7 @@
}
-static Boolean eap_mschapv2_isDone(struct eap_sm *sm, void *priv)
+static bool eap_mschapv2_isDone(struct eap_sm *sm, void *priv)
{
struct eap_mschapv2_data *data = priv;
return data->state == SUCCESS || data->state == FAILURE;
@@ -564,7 +564,7 @@
}
-static Boolean eap_mschapv2_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_mschapv2_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_mschapv2_data *data = priv;
return data->state == SUCCESS;
diff --git a/src/eap_server/eap_server_pax.c b/src/eap_server/eap_server_pax.c
index 5ed29ef..fb089d5 100644
--- a/src/eap_server/eap_server_pax.c
+++ b/src/eap_server/eap_server_pax.c
@@ -195,8 +195,8 @@
}
-static Boolean eap_pax_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_pax_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
struct eap_pax_data *data = priv;
struct eap_pax_hdr *resp;
@@ -207,7 +207,7 @@
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_PAX, respData, &len);
if (pos == NULL || len < sizeof(*resp) + EAP_PAX_ICV_LEN) {
wpa_printf(MSG_INFO, "EAP-PAX: Invalid frame");
- return TRUE;
+ return true;
}
mlen = sizeof(struct eap_hdr) + 1 + len;
@@ -225,14 +225,14 @@
resp->op_code != EAP_PAX_OP_STD_2) {
wpa_printf(MSG_DEBUG, "EAP-PAX: Expected PAX_STD-2 - "
"ignore op %d", resp->op_code);
- return TRUE;
+ return true;
}
if (data->state == PAX_STD_3 &&
resp->op_code != EAP_PAX_OP_ACK) {
wpa_printf(MSG_DEBUG, "EAP-PAX: Expected PAX-ACK - "
"ignore op %d", resp->op_code);
- return TRUE;
+ return true;
}
if (resp->op_code != EAP_PAX_OP_STD_2 &&
@@ -244,38 +244,38 @@
if (data->mac_id != resp->mac_id) {
wpa_printf(MSG_DEBUG, "EAP-PAX: Expected MAC ID 0x%x, "
"received 0x%x", data->mac_id, resp->mac_id);
- return TRUE;
+ return true;
}
if (resp->dh_group_id != EAP_PAX_DH_GROUP_NONE) {
wpa_printf(MSG_INFO, "EAP-PAX: Expected DH Group ID 0x%x, "
"received 0x%x", EAP_PAX_DH_GROUP_NONE,
resp->dh_group_id);
- return TRUE;
+ return true;
}
if (resp->public_key_id != EAP_PAX_PUBLIC_KEY_NONE) {
wpa_printf(MSG_INFO, "EAP-PAX: Expected Public Key ID 0x%x, "
"received 0x%x", EAP_PAX_PUBLIC_KEY_NONE,
resp->public_key_id);
- return TRUE;
+ return true;
}
if (resp->flags & EAP_PAX_FLAGS_MF) {
/* TODO: add support for reassembling fragments */
wpa_printf(MSG_INFO, "EAP-PAX: fragmentation not supported");
- return TRUE;
+ return true;
}
if (resp->flags & EAP_PAX_FLAGS_CE) {
wpa_printf(MSG_INFO, "EAP-PAX: Unexpected CE flag");
- return TRUE;
+ return true;
}
if (data->keys_set) {
if (len - sizeof(*resp) < EAP_PAX_ICV_LEN) {
wpa_printf(MSG_INFO, "EAP-PAX: No ICV in the packet");
- return TRUE;
+ return true;
}
icv = wpabuf_mhead_u8(respData) + mlen - EAP_PAX_ICV_LEN;
wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: ICV", icv, EAP_PAX_ICV_LEN);
@@ -285,18 +285,18 @@
NULL, 0, NULL, 0, icvbuf) < 0) {
wpa_printf(MSG_INFO,
"EAP-PAX: Failed to calculate ICV");
- return TRUE;
+ return true;
}
if (os_memcmp_const(icvbuf, icv, EAP_PAX_ICV_LEN) != 0) {
wpa_printf(MSG_INFO, "EAP-PAX: Invalid ICV");
wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: Expected ICV",
icvbuf, EAP_PAX_ICV_LEN);
- return TRUE;
+ return true;
}
}
- return FALSE;
+ return false;
}
@@ -513,7 +513,7 @@
}
-static Boolean eap_pax_isDone(struct eap_sm *sm, void *priv)
+static bool eap_pax_isDone(struct eap_sm *sm, void *priv)
{
struct eap_pax_data *data = priv;
return data->state == SUCCESS || data->state == FAILURE;
@@ -563,7 +563,7 @@
}
-static Boolean eap_pax_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_pax_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_pax_data *data = priv;
return data->state == SUCCESS;
diff --git a/src/eap_server/eap_server_peap.c b/src/eap_server/eap_server_peap.c
index 02d8b8e..f234f6f 100644
--- a/src/eap_server/eap_server_peap.c
+++ b/src/eap_server/eap_server_peap.c
@@ -569,8 +569,8 @@
}
-static Boolean eap_peap_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_peap_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
const u8 *pos;
size_t len;
@@ -578,10 +578,10 @@
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_PEAP, respData, &len);
if (pos == NULL || len < 1) {
wpa_printf(MSG_INFO, "EAP-PEAP: Invalid frame");
- return TRUE;
+ return true;
}
- return FALSE;
+ return false;
}
@@ -1289,7 +1289,7 @@
}
-static Boolean eap_peap_isDone(struct eap_sm *sm, void *priv)
+static bool eap_peap_isDone(struct eap_sm *sm, void *priv)
{
struct eap_peap_data *data = priv;
return data->state == SUCCESS || data->state == FAILURE;
@@ -1383,7 +1383,7 @@
}
-static Boolean eap_peap_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_peap_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_peap_data *data = priv;
return data->state == SUCCESS;
diff --git a/src/eap_server/eap_server_psk.c b/src/eap_server/eap_server_psk.c
index 511973c..f55f70d 100644
--- a/src/eap_server/eap_server_psk.c
+++ b/src/eap_server/eap_server_psk.c
@@ -171,8 +171,8 @@
}
-static Boolean eap_psk_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_psk_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
struct eap_psk_data *data = priv;
size_t len;
@@ -182,7 +182,7 @@
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_PSK, respData, &len);
if (pos == NULL || len < 1) {
wpa_printf(MSG_INFO, "EAP-PSK: Invalid frame");
- return TRUE;
+ return true;
}
t = EAP_PSK_FLAGS_GET_T(*pos);
@@ -191,22 +191,22 @@
if (data->state == PSK_1 && t != 1) {
wpa_printf(MSG_DEBUG, "EAP-PSK: Expected PSK-2 - "
"ignore T=%d", t);
- return TRUE;
+ return true;
}
if (data->state == PSK_3 && t != 3) {
wpa_printf(MSG_DEBUG, "EAP-PSK: Expected PSK-4 - "
"ignore T=%d", t);
- return TRUE;
+ return true;
}
if ((t == 1 && len < sizeof(struct eap_psk_hdr_2)) ||
(t == 3 && len < sizeof(struct eap_psk_hdr_4))) {
wpa_printf(MSG_DEBUG, "EAP-PSK: Too short frame");
- return TRUE;
+ return true;
}
- return FALSE;
+ return false;
}
@@ -433,7 +433,7 @@
}
-static Boolean eap_psk_isDone(struct eap_sm *sm, void *priv)
+static bool eap_psk_isDone(struct eap_sm *sm, void *priv)
{
struct eap_psk_data *data = priv;
return data->state == SUCCESS || data->state == FAILURE;
@@ -474,7 +474,7 @@
}
-static Boolean eap_psk_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_psk_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_psk_data *data = priv;
return data->state == SUCCESS;
diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c
index 6bf3a23..81cddca 100644
--- a/src/eap_server/eap_server_pwd.c
+++ b/src/eap_server/eap_server_pwd.c
@@ -530,8 +530,8 @@
}
-static Boolean eap_pwd_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_pwd_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
struct eap_pwd_data *data = priv;
const u8 *pos;
@@ -540,7 +540,7 @@
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_PWD, respData, &len);
if (pos == NULL || len < 1) {
wpa_printf(MSG_INFO, "EAP-pwd: Invalid frame");
- return TRUE;
+ return true;
}
wpa_printf(MSG_DEBUG, "EAP-pwd: Received frame: exch = %d, len = %d",
@@ -548,20 +548,20 @@
if (data->state == PWD_ID_Req &&
((EAP_PWD_GET_EXCHANGE(*pos)) == EAP_PWD_OPCODE_ID_EXCH))
- return FALSE;
+ return false;
if (data->state == PWD_Commit_Req &&
((EAP_PWD_GET_EXCHANGE(*pos)) == EAP_PWD_OPCODE_COMMIT_EXCH))
- return FALSE;
+ return false;
if (data->state == PWD_Confirm_Req &&
((EAP_PWD_GET_EXCHANGE(*pos)) == EAP_PWD_OPCODE_CONFIRM_EXCH))
- return FALSE;
+ return false;
wpa_printf(MSG_INFO, "EAP-pwd: Unexpected opcode=%d in state=%d",
*pos, data->state);
- return TRUE;
+ return true;
}
@@ -1003,14 +1003,14 @@
}
-static Boolean eap_pwd_is_success(struct eap_sm *sm, void *priv)
+static bool eap_pwd_is_success(struct eap_sm *sm, void *priv)
{
struct eap_pwd_data *data = priv;
return data->state == SUCCESS;
}
-static Boolean eap_pwd_is_done(struct eap_sm *sm, void *priv)
+static bool eap_pwd_is_done(struct eap_sm *sm, void *priv)
{
struct eap_pwd_data *data = priv;
return (data->state == SUCCESS) || (data->state == FAILURE);
diff --git a/src/eap_server/eap_server_sake.c b/src/eap_server/eap_server_sake.c
index 56cfbfb..8c39e63 100644
--- a/src/eap_server/eap_server_sake.c
+++ b/src/eap_server/eap_server_sake.c
@@ -232,8 +232,8 @@
}
-static Boolean eap_sake_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_sake_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
struct eap_sake_data *data = priv;
struct eap_sake_hdr *resp;
@@ -244,7 +244,7 @@
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_SAKE, respData, &len);
if (pos == NULL || len < sizeof(struct eap_sake_hdr)) {
wpa_printf(MSG_INFO, "EAP-SAKE: Invalid frame");
- return TRUE;
+ return true;
}
resp = (struct eap_sake_hdr *) pos;
@@ -254,33 +254,33 @@
if (version != EAP_SAKE_VERSION) {
wpa_printf(MSG_INFO, "EAP-SAKE: Unknown version %d", version);
- return TRUE;
+ return true;
}
if (session_id != data->session_id) {
wpa_printf(MSG_INFO, "EAP-SAKE: Session ID mismatch (%d,%d)",
session_id, data->session_id);
- return TRUE;
+ return true;
}
wpa_printf(MSG_DEBUG, "EAP-SAKE: Received frame: subtype=%d", subtype);
if (data->state == IDENTITY && subtype == EAP_SAKE_SUBTYPE_IDENTITY)
- return FALSE;
+ return false;
if (data->state == CHALLENGE && subtype == EAP_SAKE_SUBTYPE_CHALLENGE)
- return FALSE;
+ return false;
if (data->state == CONFIRM && subtype == EAP_SAKE_SUBTYPE_CONFIRM)
- return FALSE;
+ return false;
if (subtype == EAP_SAKE_SUBTYPE_AUTH_REJECT)
- return FALSE;
+ return false;
wpa_printf(MSG_INFO, "EAP-SAKE: Unexpected subtype=%d in state=%d",
subtype, data->state);
- return TRUE;
+ return true;
}
@@ -456,7 +456,7 @@
}
-static Boolean eap_sake_isDone(struct eap_sm *sm, void *priv)
+static bool eap_sake_isDone(struct eap_sm *sm, void *priv)
{
struct eap_sake_data *data = priv;
return data->state == SUCCESS || data->state == FAILURE;
@@ -497,7 +497,7 @@
}
-static Boolean eap_sake_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_sake_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_sake_data *data = priv;
return data->state == SUCCESS;
diff --git a/src/eap_server/eap_server_sim.c b/src/eap_server/eap_server_sim.c
index d7ac87c..8a68289 100644
--- a/src/eap_server/eap_server_sim.c
+++ b/src/eap_server/eap_server_sim.c
@@ -360,8 +360,8 @@
}
-static Boolean eap_sim_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_sim_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
const u8 *pos;
size_t len;
@@ -369,55 +369,55 @@
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_SIM, respData, &len);
if (pos == NULL || len < 3) {
wpa_printf(MSG_INFO, "EAP-SIM: Invalid frame");
- return TRUE;
+ return true;
}
- return FALSE;
+ return false;
}
-static Boolean eap_sim_unexpected_subtype(struct eap_sim_data *data,
- u8 subtype)
+static bool eap_sim_unexpected_subtype(struct eap_sim_data *data,
+ u8 subtype)
{
if (subtype == EAP_SIM_SUBTYPE_CLIENT_ERROR)
- return FALSE;
+ return false;
switch (data->state) {
case START:
if (subtype != EAP_SIM_SUBTYPE_START) {
wpa_printf(MSG_INFO, "EAP-SIM: Unexpected response "
"subtype %d", subtype);
- return TRUE;
+ return true;
}
break;
case CHALLENGE:
if (subtype != EAP_SIM_SUBTYPE_CHALLENGE) {
wpa_printf(MSG_INFO, "EAP-SIM: Unexpected response "
"subtype %d", subtype);
- return TRUE;
+ return true;
}
break;
case REAUTH:
if (subtype != EAP_SIM_SUBTYPE_REAUTHENTICATION) {
wpa_printf(MSG_INFO, "EAP-SIM: Unexpected response "
"subtype %d", subtype);
- return TRUE;
+ return true;
}
break;
case NOTIFICATION:
if (subtype != EAP_SIM_SUBTYPE_NOTIFICATION) {
wpa_printf(MSG_INFO, "EAP-SIM: Unexpected response "
"subtype %d", subtype);
- return TRUE;
+ return true;
}
break;
default:
wpa_printf(MSG_INFO, "EAP-SIM: Unexpected state (%d) for "
"processing a response", data->state);
- return TRUE;
+ return true;
}
- return FALSE;
+ return false;
}
@@ -794,7 +794,7 @@
}
-static Boolean eap_sim_isDone(struct eap_sm *sm, void *priv)
+static bool eap_sim_isDone(struct eap_sm *sm, void *priv)
{
struct eap_sim_data *data = priv;
return data->state == SUCCESS || data->state == FAILURE;
@@ -833,7 +833,7 @@
}
-static Boolean eap_sim_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_sim_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_sim_data *data = priv;
return data->state == SUCCESS;
diff --git a/src/eap_server/eap_server_teap.c b/src/eap_server/eap_server_teap.c
index a2cbf7a..d7b1b09 100644
--- a/src/eap_server/eap_server_teap.c
+++ b/src/eap_server/eap_server_teap.c
@@ -965,8 +965,8 @@
}
-static Boolean eap_teap_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_teap_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
const u8 *pos;
size_t len;
@@ -974,10 +974,10 @@
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_TEAP, respData, &len);
if (!pos || len < 1) {
wpa_printf(MSG_INFO, "EAP-TEAP: Invalid frame");
- return TRUE;
+ return true;
}
- return FALSE;
+ return false;
}
@@ -1974,7 +1974,7 @@
}
-static Boolean eap_teap_isDone(struct eap_sm *sm, void *priv)
+static bool eap_teap_isDone(struct eap_sm *sm, void *priv)
{
struct eap_teap_data *data = priv;
@@ -2032,7 +2032,7 @@
}
-static Boolean eap_teap_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_teap_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_teap_data *data = priv;
diff --git a/src/eap_server/eap_server_tls.c b/src/eap_server/eap_server_tls.c
index c64cebb..769fd1f 100644
--- a/src/eap_server/eap_server_tls.c
+++ b/src/eap_server/eap_server_tls.c
@@ -226,8 +226,8 @@
}
-static Boolean eap_tls_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_tls_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
struct eap_tls_data *data = priv;
const u8 *pos;
@@ -246,10 +246,10 @@
respData, &len);
if (pos == NULL || len < 1) {
wpa_printf(MSG_INFO, "EAP-TLS: Invalid frame");
- return TRUE;
+ return true;
}
- return FALSE;
+ return false;
}
@@ -346,7 +346,7 @@
}
-static Boolean eap_tls_isDone(struct eap_sm *sm, void *priv)
+static bool eap_tls_isDone(struct eap_sm *sm, void *priv)
{
struct eap_tls_data *data = priv;
return data->state == SUCCESS || data->state == FAILURE;
@@ -431,7 +431,7 @@
}
-static Boolean eap_tls_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_tls_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_tls_data *data = priv;
return data->state == SUCCESS;
diff --git a/src/eap_server/eap_server_tnc.c b/src/eap_server/eap_server_tnc.c
index f6cdcb1..36fb5c3 100644
--- a/src/eap_server/eap_server_tnc.c
+++ b/src/eap_server/eap_server_tnc.c
@@ -320,8 +320,8 @@
}
-static Boolean eap_tnc_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_tnc_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
struct eap_tnc_data *data = priv;
const u8 *pos;
@@ -331,29 +331,29 @@
&len);
if (pos == NULL) {
wpa_printf(MSG_INFO, "EAP-TNC: Invalid frame");
- return TRUE;
+ return true;
}
if (len == 0 && data->state != WAIT_FRAG_ACK) {
wpa_printf(MSG_INFO, "EAP-TNC: Invalid frame (empty)");
- return TRUE;
+ return true;
}
if (len == 0)
- return FALSE; /* Fragment ACK does not include flags */
+ return false; /* Fragment ACK does not include flags */
if ((*pos & EAP_TNC_VERSION_MASK) != EAP_TNC_VERSION) {
wpa_printf(MSG_DEBUG, "EAP-TNC: Unsupported version %d",
*pos & EAP_TNC_VERSION_MASK);
- return TRUE;
+ return true;
}
if (*pos & EAP_TNC_FLAGS_START) {
wpa_printf(MSG_DEBUG, "EAP-TNC: Peer used Start flag");
- return TRUE;
+ return true;
}
- return FALSE;
+ return false;
}
@@ -537,14 +537,14 @@
}
-static Boolean eap_tnc_isDone(struct eap_sm *sm, void *priv)
+static bool eap_tnc_isDone(struct eap_sm *sm, void *priv)
{
struct eap_tnc_data *data = priv;
return data->state == DONE || data->state == FAIL;
}
-static Boolean eap_tnc_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_tnc_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_tnc_data *data = priv;
return data->state == DONE;
diff --git a/src/eap_server/eap_server_ttls.c b/src/eap_server/eap_server_ttls.c
index 721835d..2f0c041 100644
--- a/src/eap_server/eap_server_ttls.c
+++ b/src/eap_server/eap_server_ttls.c
@@ -509,8 +509,8 @@
}
-static Boolean eap_ttls_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_ttls_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
const u8 *pos;
size_t len;
@@ -518,10 +518,10 @@
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_TTLS, respData, &len);
if (pos == NULL || len < 1) {
wpa_printf(MSG_INFO, "EAP-TTLS: Invalid frame");
- return TRUE;
+ return true;
}
- return FALSE;
+ return false;
}
@@ -1260,7 +1260,7 @@
}
-static Boolean eap_ttls_isDone(struct eap_sm *sm, void *priv)
+static bool eap_ttls_isDone(struct eap_sm *sm, void *priv)
{
struct eap_ttls_data *data = priv;
return data->state == SUCCESS || data->state == FAILURE;
@@ -1290,7 +1290,7 @@
}
-static Boolean eap_ttls_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_ttls_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_ttls_data *data = priv;
return data->state == SUCCESS;
diff --git a/src/eap_server/eap_server_vendor_test.c b/src/eap_server/eap_server_vendor_test.c
index 9639977..7786041 100644
--- a/src/eap_server/eap_server_vendor_test.c
+++ b/src/eap_server/eap_server_vendor_test.c
@@ -88,8 +88,8 @@
}
-static Boolean eap_vendor_test_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_vendor_test_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
const u8 *pos;
size_t len;
@@ -97,10 +97,10 @@
pos = eap_hdr_validate(EAP_VENDOR_ID, EAP_VENDOR_TYPE, respData, &len);
if (pos == NULL || len < 1) {
wpa_printf(MSG_INFO, "EAP-VENDOR-TEST: Invalid frame");
- return TRUE;
+ return true;
}
- return FALSE;
+ return false;
}
@@ -130,7 +130,7 @@
}
-static Boolean eap_vendor_test_isDone(struct eap_sm *sm, void *priv)
+static bool eap_vendor_test_isDone(struct eap_sm *sm, void *priv)
{
struct eap_vendor_test_data *data = priv;
return data->state == SUCCESS;
@@ -158,7 +158,7 @@
}
-static Boolean eap_vendor_test_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_vendor_test_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_vendor_test_data *data = priv;
return data->state == SUCCESS;
diff --git a/src/eap_server/eap_server_wsc.c b/src/eap_server/eap_server_wsc.c
index 364c089..fc70cf1 100644
--- a/src/eap_server/eap_server_wsc.c
+++ b/src/eap_server/eap_server_wsc.c
@@ -270,8 +270,8 @@
}
-static Boolean eap_wsc_check(struct eap_sm *sm, void *priv,
- struct wpabuf *respData)
+static bool eap_wsc_check(struct eap_sm *sm, void *priv,
+ struct wpabuf *respData)
{
const u8 *pos;
size_t len;
@@ -280,10 +280,10 @@
respData, &len);
if (pos == NULL || len < 2) {
wpa_printf(MSG_INFO, "EAP-WSC: Invalid frame");
- return TRUE;
+ return true;
}
- return FALSE;
+ return false;
}
@@ -462,17 +462,17 @@
}
-static Boolean eap_wsc_isDone(struct eap_sm *sm, void *priv)
+static bool eap_wsc_isDone(struct eap_sm *sm, void *priv)
{
struct eap_wsc_data *data = priv;
return data->state == FAIL;
}
-static Boolean eap_wsc_isSuccess(struct eap_sm *sm, void *priv)
+static bool eap_wsc_isSuccess(struct eap_sm *sm, void *priv)
{
/* EAP-WSC will always result in EAP-Failure */
- return FALSE;
+ return false;
}
diff --git a/src/l2_packet/l2_packet.h b/src/l2_packet/l2_packet.h
index 5387177..6a86280 100644
--- a/src/l2_packet/l2_packet.h
+++ b/src/l2_packet/l2_packet.h
@@ -61,6 +61,10 @@
* points to len bytes of the payload after the layer 2 header and similarly,
* TX buffers start with payload. This behavior can be changed by setting
* l2_hdr=1 to include the layer 2 header in the data buffer.
+ *
+ * IF rx_callback is NULL, receive operation is not opened at all, i.e., only
+ * the TX path and additional helper functions for fetching MAC and IP
+ * addresses can be used.
*/
struct l2_packet_data * l2_packet_init(
const char *ifname, const u8 *own_addr, unsigned short protocol,
diff --git a/src/l2_packet/l2_packet_freebsd.c b/src/l2_packet/l2_packet_freebsd.c
index aa83648..60de9fe 100644
--- a/src/l2_packet/l2_packet_freebsd.c
+++ b/src/l2_packet/l2_packet_freebsd.c
@@ -84,7 +84,7 @@
packet = pcap_next(pcap, &hdr);
- if (packet == NULL || hdr.caplen < sizeof(*ethhdr))
+ if (!l2->rx_callback || !packet || hdr.caplen < sizeof(*ethhdr))
return;
ethhdr = (struct l2_ethhdr *) packet;
diff --git a/src/l2_packet/l2_packet_linux.c b/src/l2_packet/l2_packet_linux.c
index 138dcaf..7897bc0 100644
--- a/src/l2_packet/l2_packet_linux.c
+++ b/src/l2_packet/l2_packet_linux.c
@@ -312,7 +312,8 @@
ll.sll_family = PF_PACKET;
ll.sll_ifindex = ifr.ifr_ifindex;
ll.sll_protocol = htons(protocol);
- if (bind(l2->fd, (struct sockaddr *) &ll, sizeof(ll)) < 0) {
+ if (rx_callback &&
+ bind(l2->fd, (struct sockaddr *) &ll, sizeof(ll)) < 0) {
wpa_printf(MSG_ERROR, "%s: bind[PF_PACKET]: %s",
__func__, strerror(errno));
close(l2->fd);
@@ -329,7 +330,8 @@
}
os_memcpy(l2->own_addr, ifr.ifr_hwaddr.sa_data, ETH_ALEN);
- eloop_register_read_sock(l2->fd, l2_packet_receive, l2, NULL);
+ if (rx_callback)
+ eloop_register_read_sock(l2->fd, l2_packet_receive, l2, NULL);
return l2;
}
diff --git a/src/l2_packet/l2_packet_ndis.c b/src/l2_packet/l2_packet_ndis.c
index 7167781..4a4b639 100644
--- a/src/l2_packet/l2_packet_ndis.c
+++ b/src/l2_packet/l2_packet_ndis.c
@@ -294,7 +294,8 @@
}
rx_src = ethhdr->h_source;
- l2->rx_callback(l2->rx_callback_ctx, rx_src, rx_buf, rx_len);
+ if (l2->rx_callback)
+ l2->rx_callback(l2->rx_callback_ctx, rx_src, rx_buf, rx_len);
#ifndef _WIN32_WCE
l2_ndisuio_start_read(l2, 1);
#endif /* _WIN32_WCE */
diff --git a/src/l2_packet/l2_packet_none.c b/src/l2_packet/l2_packet_none.c
index 307fc6d..bc7a4e8 100644
--- a/src/l2_packet/l2_packet_none.c
+++ b/src/l2_packet/l2_packet_none.c
@@ -84,7 +84,7 @@
* TODO: open connection for receiving frames
*/
l2->fd = -1;
- if (l2->fd >= 0)
+ if (rx_callback && l2->fd >= 0)
eloop_register_read_sock(l2->fd, l2_packet_receive, l2, NULL);
return l2;
@@ -112,7 +112,7 @@
eloop_unregister_read_sock(l2->fd);
/* TODO: close connection */
}
-
+
os_free(l2);
}
diff --git a/src/l2_packet/l2_packet_pcap.c b/src/l2_packet/l2_packet_pcap.c
index 423c099..c2b17fc 100644
--- a/src/l2_packet/l2_packet_pcap.c
+++ b/src/l2_packet/l2_packet_pcap.c
@@ -127,7 +127,7 @@
packet = pcap_next(pcap, &hdr);
- if (packet == NULL || hdr.caplen < sizeof(*ethhdr))
+ if (!l2->rx_callback || !packet || hdr.caplen < sizeof(*ethhdr))
return;
ethhdr = (struct l2_ethhdr *) packet;
@@ -152,7 +152,7 @@
unsigned char *buf;
size_t len;
- if (pkt_data == NULL || hdr->caplen < sizeof(*ethhdr))
+ if (!l2->rx_callback || !pkt_data || hdr->caplen < sizeof(*ethhdr))
return;
ethhdr = (struct l2_ethhdr *) pkt_data;
diff --git a/src/l2_packet/l2_packet_privsep.c b/src/l2_packet/l2_packet_privsep.c
index ce86802..014a45f 100644
--- a/src/l2_packet/l2_packet_privsep.c
+++ b/src/l2_packet/l2_packet_privsep.c
@@ -216,7 +216,8 @@
}
os_memcpy(l2->own_addr, reply, ETH_ALEN);
- eloop_register_read_sock(l2->fd, l2_packet_receive, l2, NULL);
+ if (rx_callback)
+ eloop_register_read_sock(l2->fd, l2_packet_receive, l2, NULL);
return l2;
diff --git a/src/l2_packet/l2_packet_winpcap.c b/src/l2_packet/l2_packet_winpcap.c
index 74085a3..3452051 100644
--- a/src/l2_packet/l2_packet_winpcap.c
+++ b/src/l2_packet/l2_packet_winpcap.c
@@ -224,6 +224,9 @@
return NULL;
}
+ if (!rx_callback)
+ return l2;
+
l2->rx_avail = CreateEvent(NULL, TRUE, FALSE, NULL);
l2->rx_done = CreateEvent(NULL, TRUE, FALSE, NULL);
l2->rx_notify = CreateEvent(NULL, TRUE, FALSE, NULL);
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 166d6ee..3ce5327 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -3252,6 +3252,11 @@
case WPA_PARAM_USE_EXT_KEY_ID:
sm->use_ext_key_id = value;
break;
+#ifdef CONFIG_TESTING_OPTIONS
+ case WPA_PARAM_FT_RSNXE_USED:
+ sm->ft_rsnxe_used = value;
+ break;
+#endif /* CONFIG_TESTING_OPTIONS */
default:
break;
}
diff --git a/src/rsn_supp/wpa.h b/src/rsn_supp/wpa.h
index 796f392..0986c6c 100644
--- a/src/rsn_supp/wpa.h
+++ b/src/rsn_supp/wpa.h
@@ -106,6 +106,7 @@
WPA_PARAM_DENY_PTK0_REKEY,
WPA_PARAM_EXT_KEY_ID,
WPA_PARAM_USE_EXT_KEY_ID,
+ WPA_PARAM_FT_RSNXE_USED,
};
struct rsn_supp_config {
diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
index 203a61c..3e51cf2 100644
--- a/src/rsn_supp/wpa_ft.c
+++ b/src/rsn_supp/wpa_ft.c
@@ -305,6 +305,13 @@
ftie_len = pos++;
rsnxe_used = wpa_key_mgmt_sae(sm->key_mgmt) && anonce &&
(sm->sae_pwe == 1 || sm->sae_pwe == 2);
+#ifdef CONFIG_TESTING_OPTIONS
+ if (anonce && sm->ft_rsnxe_used) {
+ rsnxe_used = sm->ft_rsnxe_used == 1;
+ wpa_printf(MSG_DEBUG, "TESTING: FT: Force RSNXE Used %d",
+ rsnxe_used);
+ }
+#endif /* CONFIG_TESTING_OPTIONS */
if (wpa_key_mgmt_sha384(sm->key_mgmt)) {
struct rsn_ftie_sha384 *ftie;
diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
index 1ad75dc..497d128 100644
--- a/src/rsn_supp/wpa_i.h
+++ b/src/rsn_supp/wpa_i.h
@@ -153,6 +153,7 @@
#ifdef CONFIG_TESTING_OPTIONS
struct wpabuf *test_assoc_ie;
+ int ft_rsnxe_used;
#endif /* CONFIG_TESTING_OPTIONS */
#ifdef CONFIG_FILS
diff --git a/src/tls/pkcs1.c b/src/tls/pkcs1.c
index 141ac50..654c01b 100644
--- a/src/tls/pkcs1.c
+++ b/src/tls/pkcs1.c
@@ -157,6 +157,7 @@
plain[0] != 0x00 || plain[1] != 0x01) {
wpa_printf(MSG_INFO, "LibTomCrypt: Invalid signature EB "
"structure");
+ wpa_hexdump_key(MSG_DEBUG, "Signature EB", plain, len);
return -1;
}
@@ -165,6 +166,7 @@
if (plain[2] != 0xff) {
wpa_printf(MSG_INFO, "LibTomCrypt: Invalid signature "
"PS (BT=01)");
+ wpa_hexdump_key(MSG_DEBUG, "Signature EB", plain, len);
return -1;
}
while (pos < plain + len && *pos == 0xff)
@@ -174,12 +176,14 @@
/* PKCS #1 v1.5, 8.1: At least eight octets long PS */
wpa_printf(MSG_INFO, "LibTomCrypt: Too short signature "
"padding");
+ wpa_hexdump_key(MSG_DEBUG, "Signature EB", plain, len);
return -1;
}
if (pos + 16 /* min hash len */ >= plain + len || *pos != 0x00) {
wpa_printf(MSG_INFO, "LibTomCrypt: Invalid signature EB "
"structure (2)");
+ wpa_hexdump_key(MSG_DEBUG, "Signature EB", plain, len);
return -1;
}
pos++;
diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c
index 5c8ac56..d2e685c 100644
--- a/src/tls/x509v3.c
+++ b/src/tls/x509v3.c
@@ -264,7 +264,8 @@
return -1;
pos = hdr.payload;
if (*pos) {
- wpa_printf(MSG_DEBUG, "X509: BITSTRING - %d unused bits",
+ wpa_printf(MSG_DEBUG,
+ "X509: BITSTRING (subjectPublicKey) - %d unused bits",
*pos);
/*
* TODO: should this be rejected? X.509 certificates are
@@ -1851,7 +1852,8 @@
}
pos = hdr.payload;
if (*pos) {
- wpa_printf(MSG_DEBUG, "X509: BITSTRING - %d unused bits",
+ wpa_printf(MSG_DEBUG,
+ "X509: BITSTRING (signatureValue) - %d unused bits",
*pos);
/* PKCS #1 v1.5 10.2.1:
* It is an error if the length in bits of the signature S is
diff --git a/src/utils/includes.h b/src/utils/includes.h
index 75513fc..741fc9c 100644
--- a/src/utils/includes.h
+++ b/src/utils/includes.h
@@ -18,6 +18,7 @@
#include <stdlib.h>
#include <stddef.h>
+#include <stdbool.h>
#include <stdio.h>
#include <stdarg.h>
#include <string.h>
diff --git a/src/wps/wps_attr_build.c b/src/wps/wps_attr_build.c
index 5ec7133..f372256 100644
--- a/src/wps/wps_attr_build.c
+++ b/src/wps/wps_attr_build.c
@@ -310,6 +310,9 @@
auth_types &= ~WPS_AUTH_WPA;
auth_types &= ~WPS_AUTH_WPA2;
auth_types &= ~WPS_AUTH_SHARED;
+#ifdef CONFIG_NO_TKIP
+ auth_types &= ~WPS_AUTH_WPAPSK;
+#endif /* CONFIG_NO_TKIP */
#ifdef CONFIG_WPS_TESTING
if (wps_force_auth_types_in_use) {
wpa_printf(MSG_DEBUG,
@@ -331,6 +334,9 @@
{
u16 encr_types = WPS_ENCR_TYPES;
encr_types &= ~WPS_ENCR_WEP;
+#ifdef CONFIG_NO_TKIP
+ encr_types &= ~WPS_ENCR_TKIP;
+#endif /* CONFIG_NO_TKIP */
#ifdef CONFIG_WPS_TESTING
if (wps_force_encr_types_in_use) {
wpa_printf(MSG_DEBUG,
diff --git a/src/wps/wps_enrollee.c b/src/wps/wps_enrollee.c
index 80ed603..819cd43 100644
--- a/src/wps/wps_enrollee.c
+++ b/src/wps/wps_enrollee.c
@@ -880,6 +880,17 @@
cred.auth_type |= WPS_AUTH_WPA2PSK;
}
+#ifdef CONFIG_NO_TKIP
+ if (cred.encr_type & WPS_ENCR_TKIP) {
+ wpa_printf(MSG_DEBUG, "WPS: Disable encr_type TKIP");
+ cred.encr_type &= ~WPS_ENCR_TKIP;
+ }
+ if (cred.auth_type & WPS_AUTH_WPAPSK) {
+ wpa_printf(MSG_DEBUG, "WPS: Disable auth_type WPAPSK");
+ cred.auth_type &= ~WPS_AUTH_WPAPSK;
+ }
+#endif /* CONFIG_NO_TKIP */
+
if (wps->wps->cred_cb) {
cred.cred_attr = wpabuf_head(attrs);
cred.cred_attr_len = wpabuf_len(attrs);
diff --git a/src/wps/wps_registrar.c b/src/wps/wps_registrar.c
index 9ee89ae..9e1ee36 100644
--- a/src/wps/wps_registrar.c
+++ b/src/wps/wps_registrar.c
@@ -1677,8 +1677,10 @@
wps->wps->auth_types, wps->auth_type);
if (wps->auth_type & WPS_AUTH_WPA2PSK)
wps->auth_type = WPS_AUTH_WPA2PSK;
+#ifndef CONFIG_NO_TKIP
else if (wps->auth_type & WPS_AUTH_WPAPSK)
wps->auth_type = WPS_AUTH_WPAPSK;
+#endif /* CONFIG_NO_TKIP */
else if (wps->auth_type & WPS_AUTH_OPEN)
wps->auth_type = WPS_AUTH_OPEN;
else {
@@ -1700,8 +1702,10 @@
wps->auth_type == WPS_AUTH_WPAPSK) {
if (wps->encr_type & WPS_ENCR_AES)
wps->encr_type = WPS_ENCR_AES;
+#ifndef CONFIG_NO_TKIP
else if (wps->encr_type & WPS_ENCR_TKIP)
wps->encr_type = WPS_ENCR_TKIP;
+#endif /* CONFIG_NO_TKIP */
else {
wpa_printf(MSG_DEBUG, "WPS: No suitable encryption "
"type for WPA/WPA2");
diff --git a/wpa_supplicant/Android.mk b/wpa_supplicant/Android.mk
index 65c639b..37432d9 100644
--- a/wpa_supplicant/Android.mk
+++ b/wpa_supplicant/Android.mk
@@ -267,6 +267,7 @@
OBJS += src/common/sae.c
NEED_ECC=y
NEED_DH_GROUPS=y
+NEED_HMAC_SHA256_KDF=y
NEED_DRAGONFLY=y
ifdef CONFIG_TESTING_OPTIONS
NEED_DH_GROUPS_ALL=y
@@ -420,6 +421,10 @@
L_CFLAGS += -DCONFIG_WEP
endif
+ifdef CONFIG_NO_TKIP
+L_CFLAGS += -DCONFIG_NO_TKIP
+endif
+
include $(LOCAL_PATH)/src/drivers/drivers.mk
diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
index 45f673e..738b0bd 100644
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@@ -269,6 +269,7 @@
OBJS += ../src/common/sae.o
NEED_ECC=y
NEED_DH_GROUPS=y
+NEED_HMAC_SHA256_KDF=y
NEED_DRAGONFLY=y
ifdef CONFIG_TESTING_OPTIONS
NEED_DH_GROUPS_ALL=y
@@ -1855,6 +1856,10 @@
CFLAGS += -DCONFIG_WEP
endif
+ifdef CONFIG_NO_TKIP
+CFLAGS += -DCONFIG_NO_TKIP
+endif
+
ifndef LDO
LDO=$(CC)
endif
diff --git a/wpa_supplicant/config_ssid.h b/wpa_supplicant/config_ssid.h
index a186ab9..6737223 100644
--- a/wpa_supplicant/config_ssid.h
+++ b/wpa_supplicant/config_ssid.h
@@ -18,8 +18,13 @@
EAPOL_FLAG_REQUIRE_KEY_BROADCAST)
#define DEFAULT_PROTO (WPA_PROTO_WPA | WPA_PROTO_RSN)
#define DEFAULT_KEY_MGMT (WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_IEEE8021X)
+#ifdef CONFIG_NO_TKIP
+#define DEFAULT_PAIRWISE (WPA_CIPHER_CCMP)
+#define DEFAULT_GROUP (WPA_CIPHER_CCMP)
+#else /* CONFIG_NO_TKIP */
#define DEFAULT_PAIRWISE (WPA_CIPHER_CCMP | WPA_CIPHER_TKIP)
#define DEFAULT_GROUP (WPA_CIPHER_CCMP | WPA_CIPHER_TKIP)
+#endif /* CONFIG_NO_TKIP */
#define DEFAULT_FRAGMENT_SIZE 1398
#define DEFAULT_BG_SCAN_PERIOD -1
diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index 7301d50..541de75 100644
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -747,6 +747,8 @@
break;
pos++;
}
+ } else if (os_strcasecmp(cmd, "ft_rsnxe_used") == 0) {
+ wpa_s->ft_rsnxe_used = atoi(value);
} else if (os_strcasecmp(cmd, "rsne_override_eapol") == 0) {
wpabuf_free(wpa_s->rsne_override_eapol);
if (os_strcmp(value, "NULL") == 0)
@@ -3957,7 +3959,9 @@
{ WPA_DRIVER_CAPA_ENC_GCMP_256, "GCMP-256", 0 },
{ WPA_DRIVER_CAPA_ENC_CCMP, "CCMP", 0 },
{ WPA_DRIVER_CAPA_ENC_GCMP, "GCMP", 0 },
+#ifndef CONFIG_NO_TKIP
{ WPA_DRIVER_CAPA_ENC_TKIP, "TKIP", 0 },
+#endif /* CONFIG_NO_TKIP */
{ WPA_DRIVER_CAPA_KEY_MGMT_WPA_NONE, "NONE", 0 },
#ifdef CONFIG_WEP
{ WPA_DRIVER_CAPA_ENC_WEP104, "WEP104", 1 },
@@ -3988,7 +3992,11 @@
if (res < 0) {
if (strict)
return 0;
+#ifdef CONFIG_NO_TKIP
+ len = os_strlcpy(buf, "CCMP NONE", buflen);
+#else /* CONFIG_NO_TKIP */
len = os_strlcpy(buf, "CCMP TKIP NONE", buflen);
+#endif /* CONFIG_NO_TKIP */
if (len >= buflen)
return -1;
return len;
@@ -4025,9 +4033,17 @@
if (strict)
return 0;
#ifdef CONFIG_WEP
+#ifdef CONFIG_NO_TKIP
+ len = os_strlcpy(buf, "CCMP WEP104 WEP40", buflen);
+#else /* CONFIG_NO_TKIP */
len = os_strlcpy(buf, "CCMP TKIP WEP104 WEP40", buflen);
+#endif /* CONFIG_NO_TKIP */
#else /* CONFIG_WEP */
+#ifdef CONFIG_NO_TKIP
+ len = os_strlcpy(buf, "CCMP", buflen);
+#else /* CONFIG_NO_TKIP */
len = os_strlcpy(buf, "CCMP TKIP", buflen);
+#endif /* CONFIG_NO_TKIP */
#endif /* CONFIG_WEP */
if (len >= buflen)
return -1;
@@ -7944,6 +7960,34 @@
}
+static int wpas_ctrl_iface_driver_flags2(struct wpa_supplicant *wpa_s,
+ char *buf, size_t buflen)
+{
+ int ret, i;
+ char *pos, *end;
+
+ ret = os_snprintf(buf, buflen, "%016llX:\n",
+ (long long unsigned) wpa_s->drv_flags2);
+ if (os_snprintf_error(buflen, ret))
+ return -1;
+
+ pos = buf + ret;
+ end = buf + buflen;
+
+ for (i = 0; i < 64; i++) {
+ if (wpa_s->drv_flags2 & (1LLU << i)) {
+ ret = os_snprintf(pos, end - pos, "%s\n",
+ driver_flag2_to_string(1LLU << i));
+ if (os_snprintf_error(end - pos, ret))
+ return -1;
+ pos += ret;
+ }
+ }
+
+ return pos - buf;
+}
+
+
static int wpa_supplicant_pktcnt_poll(struct wpa_supplicant *wpa_s, char *buf,
size_t buflen)
{
@@ -8184,6 +8228,7 @@
wpa_s->disable_sa_query = 0;
wpa_s->testing_resend_assoc = 0;
wpa_s->ignore_sae_h2e_only = 0;
+ wpa_s->ft_rsnxe_used = 0;
wpa_s->reject_btm_req_reason = 0;
wpa_sm_set_test_assoc_ie(wpa_s->wpa, NULL);
os_free(wpa_s->get_pref_freq_list_override);
@@ -10713,6 +10758,9 @@
} else if (os_strcmp(buf, "DRIVER_FLAGS") == 0) {
reply_len = wpas_ctrl_iface_driver_flags(wpa_s, reply,
reply_size);
+ } else if (os_strcmp(buf, "DRIVER_FLAGS2") == 0) {
+ reply_len = wpas_ctrl_iface_driver_flags2(wpa_s, reply,
+ reply_size);
#ifdef ANDROID
} else if (os_strncmp(buf, "DRIVER ", 7) == 0) {
reply_len = wpa_supplicant_driver_cmd(wpa_s, buf + 7, reply,
diff --git a/wpa_supplicant/dbus/dbus_new.c b/wpa_supplicant/dbus/dbus_new.c
index e9e77bd..793a881 100644
--- a/wpa_supplicant/dbus/dbus_new.c
+++ b/wpa_supplicant/dbus/dbus_new.c
@@ -750,10 +750,12 @@
if (cred->auth_type & WPS_AUTH_OPEN)
auth_type[at_num++] = "open";
+#ifndef CONFIG_NO_TKIP
if (cred->auth_type & WPS_AUTH_WPAPSK)
auth_type[at_num++] = "wpa-psk";
if (cred->auth_type & WPS_AUTH_WPA)
auth_type[at_num++] = "wpa-eap";
+#endif /* CONFIG_NO_TKIP */
if (cred->auth_type & WPS_AUTH_WPA2)
auth_type[at_num++] = "wpa2-eap";
if (cred->auth_type & WPS_AUTH_WPA2PSK)
@@ -761,8 +763,10 @@
if (cred->encr_type & WPS_ENCR_NONE)
encr_type[et_num++] = "none";
+#ifndef CONFIG_NO_TKIP
if (cred->encr_type & WPS_ENCR_TKIP)
encr_type[et_num++] = "tkip";
+#endif /* CONFIG_NO_TKIP */
if (cred->encr_type & WPS_ENCR_AES)
encr_type[et_num++] = "aes";
diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c
index 4e17e31..d1f9607 100644
--- a/wpa_supplicant/dbus/dbus_new_handlers.c
+++ b/wpa_supplicant/dbus/dbus_new_handlers.c
@@ -2632,7 +2632,11 @@
/***** pairwise cipher */
if (res < 0) {
+#ifdef CONFIG_NO_TKIP
+ const char *args[] = {"ccmp", "none"};
+#else /* CONFIG_NO_TKIP */
const char *args[] = {"ccmp", "tkip", "none"};
+#endif /* CONFIG_NO_TKIP */
if (!wpa_dbus_dict_append_string_array(
&iter_dict, "Pairwise", args,
@@ -2655,9 +2659,11 @@
((capa.enc & WPA_DRIVER_CAPA_ENC_GCMP) &&
!wpa_dbus_dict_string_array_add_element(
&iter_array, "gcmp")) ||
+#ifndef CONFIG_NO_TKIP
((capa.enc & WPA_DRIVER_CAPA_ENC_TKIP) &&
!wpa_dbus_dict_string_array_add_element(
&iter_array, "tkip")) ||
+#endif /* CONFIG_NO_TKIP */
((capa.key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_WPA_NONE) &&
!wpa_dbus_dict_string_array_add_element(
&iter_array, "none")) ||
@@ -2671,7 +2677,10 @@
/***** group cipher */
if (res < 0) {
const char *args[] = {
- "ccmp", "tkip",
+ "ccmp",
+#ifndef CONFIG_NO_TKIP
+ "tkip",
+#endif /* CONFIG_NO_TKIP */
#ifdef CONFIG_WEP
"wep104", "wep40"
#endif /* CONFIG_WEP */
@@ -2698,9 +2707,11 @@
((capa.enc & WPA_DRIVER_CAPA_ENC_GCMP) &&
!wpa_dbus_dict_string_array_add_element(
&iter_array, "gcmp")) ||
+#ifndef CONFIG_NO_TKIP
((capa.enc & WPA_DRIVER_CAPA_ENC_TKIP) &&
!wpa_dbus_dict_string_array_add_element(
&iter_array, "tkip")) ||
+#endif /* CONFIG_NO_TKIP */
#ifdef CONFIG_WEP
((capa.enc & WPA_DRIVER_CAPA_ENC_WEP104) &&
!wpa_dbus_dict_string_array_add_element(
@@ -4759,9 +4770,11 @@
group = "wep104";
break;
#endif /* CONFIG_WEP */
+#ifndef CONFIG_NO_TKIP
case WPA_CIPHER_TKIP:
group = "tkip";
break;
+#endif /* CONFIG_NO_TKIP */
case WPA_CIPHER_CCMP:
group = "ccmp";
break;
@@ -4784,8 +4797,10 @@
/* Pairwise */
n = 0;
+#ifndef CONFIG_NO_TKIP
if (ie_data->pairwise_cipher & WPA_CIPHER_TKIP)
pairwise[n++] = "tkip";
+#endif /* CONFIG_NO_TKIP */
if (ie_data->pairwise_cipher & WPA_CIPHER_CCMP)
pairwise[n++] = "ccmp";
if (ie_data->pairwise_cipher & WPA_CIPHER_GCMP)
diff --git a/wpa_supplicant/defconfig b/wpa_supplicant/defconfig
index ef2339f..c570775 100644
--- a/wpa_supplicant/defconfig
+++ b/wpa_supplicant/defconfig
@@ -617,3 +617,12 @@
# be completely removed in a future release.
#CONFIG_WEP=y
+# Remove all TKIP functionality
+# TKIP is an old cryptographic data confidentiality algorithm that is not
+# considered secure. It should not be used anymore for anything else than a
+# backwards compatibility option as a group cipher when connecting to APs that
+# use WPA+WPA2 mixed mode. For now, the default wpa_supplicant build includes
+# support for this by default, but that functionality is subject to be removed
+# in the future.
+#CONFIG_NO_TKIP=y
+
diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c
index c75ab47..6dfa2e5 100644
--- a/wpa_supplicant/dpp_supplicant.c
+++ b/wpa_supplicant/dpp_supplicant.c
@@ -119,6 +119,7 @@
own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
if (!own_bi)
return -1;
+ own_bi->nfc_negotiated = 1;
pos = os_strstr(cmd, " uri=");
if (!pos)
@@ -150,6 +151,7 @@
own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
if (!own_bi)
return -1;
+ own_bi->nfc_negotiated = 1;
pos = os_strstr(cmd, " uri=");
if (!pos)
@@ -858,6 +860,7 @@
}
wpa_s->off_channel_freq = 0;
wpa_s->roc_waiting_drv_freq = lwork->freq;
+ wpa_drv_dpp_listen(wpa_s, true);
}
@@ -932,6 +935,7 @@
wpa_printf(MSG_DEBUG, "DPP: Stop listen on %u MHz",
wpa_s->dpp_listen_freq);
wpa_drv_cancel_remain_on_channel(wpa_s);
+ wpa_drv_dpp_listen(wpa_s, false);
wpa_s->dpp_listen_freq = 0;
wpas_dpp_listen_work_done(wpa_s);
}
@@ -1432,7 +1436,7 @@
MAC2STR(auth->peer_mac_addr), auth->curr_freq);
res = gas_query_req(wpa_s->gas, auth->peer_mac_addr, auth->curr_freq,
- 1, buf, wpas_dpp_gas_resp_cb, wpa_s);
+ 1, 1, buf, wpas_dpp_gas_resp_cb, wpa_s);
if (res < 0) {
wpa_msg(wpa_s, MSG_DEBUG, "GAS: Failed to send Query Request");
wpabuf_free(buf);
diff --git a/wpa_supplicant/driver_i.h b/wpa_supplicant/driver_i.h
index 6a03d8e..d0bcc6c 100644
--- a/wpa_supplicant/driver_i.h
+++ b/wpa_supplicant/driver_i.h
@@ -1108,4 +1108,11 @@
wpa_s->bridge_ifname, val);
}
+static inline int wpa_drv_dpp_listen(struct wpa_supplicant *wpa_s, bool enable)
+{
+ if (!wpa_s->driver->dpp_listen)
+ return 0;
+ return wpa_s->driver->dpp_listen(wpa_s->drv_priv, enable);
+}
+
#endif /* DRIVER_I_H */
diff --git a/wpa_supplicant/gas_query.c b/wpa_supplicant/gas_query.c
index 8e977a3..759b9b9 100644
--- a/wpa_supplicant/gas_query.c
+++ b/wpa_supplicant/gas_query.c
@@ -43,6 +43,7 @@
unsigned int offchannel_tx_started:1;
unsigned int retry:1;
unsigned int wildcard_bssid:1;
+ unsigned int maintain_addr:1;
int freq;
u16 status_code;
struct wpabuf *req;
@@ -693,7 +694,8 @@
return;
}
- if (wpas_update_random_addr_disassoc(wpa_s) < 0) {
+ if (!query->maintain_addr &&
+ wpas_update_random_addr_disassoc(wpa_s) < 0) {
wpa_msg(wpa_s, MSG_INFO,
"Failed to assign random MAC address for GAS");
gas_query_free(query, 1);
@@ -749,12 +751,23 @@
struct wpa_supplicant *wpa_s = gas->wpa_s;
struct os_reltime now;
- if (!wpa_s->conf->gas_rand_mac_addr ||
+ if (query->maintain_addr ||
+ !wpa_s->conf->gas_rand_mac_addr ||
!(wpa_s->current_bss ?
(wpa_s->drv_flags &
WPA_DRIVER_FLAGS_MGMT_TX_RANDOM_TA_CONNECTED) :
(wpa_s->drv_flags & WPA_DRIVER_FLAGS_MGMT_TX_RANDOM_TA))) {
/* Use own MAC address as the transmitter address */
+ wpa_printf(MSG_DEBUG,
+ "GAS: Use own MAC address as the transmitter address%s%s%s",
+ query->maintain_addr ? " (maintain_addr)" : "",
+ !wpa_s->conf->gas_rand_mac_addr ? " (no gas_rand_mac_adr set)" : "",
+ !(wpa_s->current_bss ?
+ (wpa_s->drv_flags &
+ WPA_DRIVER_FLAGS_MGMT_TX_RANDOM_TA_CONNECTED) :
+ (wpa_s->drv_flags &
+ WPA_DRIVER_FLAGS_MGMT_TX_RANDOM_TA)) ?
+ " (no driver rand capa" : "");
os_memcpy(query->sa, wpa_s->own_addr, ETH_ALEN);
return 0;
}
@@ -800,6 +813,9 @@
* @gas: GAS query data from gas_query_init()
* @dst: Destination MAC address for the query
* @freq: Frequency (in MHz) for the channel on which to send the query
+ * @wildcard_bssid: Force use of wildcard BSSID value
+ * @maintain_addr: Maintain own MAC address for exchange (i.e., ignore MAC
+ * address randomization rules)
* @req: GAS query payload (to be freed by gas_query module in case of success
* return)
* @cb: Callback function for reporting GAS query result and response
@@ -807,7 +823,7 @@
* Returns: dialog token (>= 0) on success or -1 on failure
*/
int gas_query_req(struct gas_query *gas, const u8 *dst, int freq,
- int wildcard_bssid, struct wpabuf *req,
+ int wildcard_bssid, int maintain_addr, struct wpabuf *req,
void (*cb)(void *ctx, const u8 *dst, u8 dialog_token,
enum gas_query_result result,
const struct wpabuf *adv_proto,
@@ -829,6 +845,7 @@
return -1;
query->gas = gas;
+ query->maintain_addr = !!maintain_addr;
if (gas_query_set_sa(gas, query)) {
os_free(query);
return -1;
diff --git a/wpa_supplicant/gas_query.h b/wpa_supplicant/gas_query.h
index d2b4554..f9ce7b6 100644
--- a/wpa_supplicant/gas_query.h
+++ b/wpa_supplicant/gas_query.h
@@ -35,7 +35,7 @@
};
int gas_query_req(struct gas_query *gas, const u8 *dst, int freq,
- int wildcard_bssid, struct wpabuf *req,
+ int wildcard_bssid, int maintain_addr, struct wpabuf *req,
void (*cb)(void *ctx, const u8 *dst, u8 dialog_token,
enum gas_query_result result,
const struct wpabuf *adv_proto,
diff --git a/wpa_supplicant/hidl/1.3/hidl_manager.cpp b/wpa_supplicant/hidl/1.3/hidl_manager.cpp
index e467da3..e15e9fd 100644
--- a/wpa_supplicant/hidl/1.3/hidl_manager.cpp
+++ b/wpa_supplicant/hidl/1.3/hidl_manager.cpp
@@ -482,6 +482,12 @@
"Failed to enable scan mac randomization");
}
}
+
+ // Enable randomized source MAC address for GAS/ANQP
+ // Set the lifetime to 0, guarantees a unique address for each GAS
+ // session
+ wpa_s->conf->gas_rand_mac_addr = 1;
+ wpa_s->conf->gas_rand_addr_lifetime = 0;
}
// Invoke the |onInterfaceCreated| method on all registered callbacks.
diff --git a/wpa_supplicant/hs20_supplicant.c b/wpa_supplicant/hs20_supplicant.c
index 741f925..ce5608e 100644
--- a/wpa_supplicant/hs20_supplicant.c
+++ b/wpa_supplicant/hs20_supplicant.c
@@ -289,7 +289,8 @@
if (buf == NULL)
return -1;
- res = gas_query_req(wpa_s->gas, dst, freq, 0, buf, anqp_resp_cb, wpa_s);
+ res = gas_query_req(wpa_s->gas, dst, freq, 0, 0, buf, anqp_resp_cb,
+ wpa_s);
if (res < 0) {
wpa_printf(MSG_DEBUG, "ANQP: Failed to send Query Request");
wpabuf_free(buf);
diff --git a/wpa_supplicant/interworking.c b/wpa_supplicant/interworking.c
index dc51418..c16c2a9 100644
--- a/wpa_supplicant/interworking.c
+++ b/wpa_supplicant/interworking.c
@@ -316,7 +316,7 @@
if (buf == NULL)
return -1;
- res = gas_query_req(wpa_s->gas, bss->bssid, bss->freq, 0, buf,
+ res = gas_query_req(wpa_s->gas, bss->bssid, bss->freq, 0, 0, buf,
interworking_anqp_resp_cb, wpa_s);
if (res < 0) {
wpa_msg(wpa_s, MSG_DEBUG, "ANQP: Failed to send Query Request");
@@ -2804,7 +2804,8 @@
if (buf == NULL)
return -1;
- res = gas_query_req(wpa_s->gas, dst, freq, 0, buf, anqp_resp_cb, wpa_s);
+ res = gas_query_req(wpa_s->gas, dst, freq, 0, 0, buf, anqp_resp_cb,
+ wpa_s);
if (res < 0) {
wpa_msg(wpa_s, MSG_DEBUG, "ANQP: Failed to send Query Request");
wpabuf_free(buf);
@@ -3244,7 +3245,8 @@
} else
wpabuf_put_le16(buf, 0);
- res = gas_query_req(wpa_s->gas, dst, freq, 0, buf, gas_resp_cb, wpa_s);
+ res = gas_query_req(wpa_s->gas, dst, freq, 0, 0, buf, gas_resp_cb,
+ wpa_s);
if (res < 0) {
wpa_msg(wpa_s, MSG_DEBUG, "GAS: Failed to send Query Request");
wpabuf_free(buf);
diff --git a/wpa_supplicant/mesh.c b/wpa_supplicant/mesh.c
index b504124..c085466 100644
--- a/wpa_supplicant/mesh.c
+++ b/wpa_supplicant/mesh.c
@@ -268,6 +268,7 @@
return -ENOMEM;
ifmsh->drv_flags = wpa_s->drv_flags;
+ ifmsh->drv_flags2 = wpa_s->drv_flags2;
ifmsh->num_bss = 1;
ifmsh->bss = os_calloc(wpa_s->ifmsh->num_bss,
sizeof(struct hostapd_data *));
diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c
index 2c8754b..b0bea61 100644
--- a/wpa_supplicant/p2p_supplicant.c
+++ b/wpa_supplicant/p2p_supplicant.c
@@ -3192,8 +3192,12 @@
MAC2STR(sa), s->id);
}
wpas_p2p_group_add_persistent(
- wpa_s, s, go, 0, op_freq, 0, 0, 0, 0, 0,
- 0, NULL,
+ wpa_s, s, go, 0, op_freq, 0,
+ wpa_s->conf->p2p_go_ht40,
+ wpa_s->conf->p2p_go_vht,
+ 0,
+ wpa_s->conf->p2p_go_he,
+ wpa_s->conf->p2p_go_edmg, NULL,
go ? P2P_MAX_INITIAL_CONN_WAIT_GO_REINVOKE : 0,
1);
} else if (bssid) {
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index d429496..089830f 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -1640,6 +1640,10 @@
if (ssid->sae_password_id && sae_pwe != 3)
sae_pwe = 1;
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_SAE_PWE, sae_pwe);
+#ifdef CONFIG_TESTING_OPTIONS
+ wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_FT_RSNXE_USED,
+ wpa_s->ft_rsnxe_used);
+#endif /* CONFIG_TESTING_OPTIONS */
/* Extended Key ID is only supported in infrastructure BSS so far */
if (ssid->mode == WPAS_MODE_INFRA && wpa_s->conf->extended_key_id &&
@@ -4758,6 +4762,13 @@
}
+static int wpas_eapol_needs_l2_packet(struct wpa_supplicant *wpa_s)
+{
+ return !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_CONTROL_PORT) ||
+ !(wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX);
+}
+
+
int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s)
{
if ((!wpa_s->p2p_mgmt ||
@@ -4767,7 +4778,9 @@
wpa_s->l2 = l2_packet_init(wpa_s->ifname,
wpa_drv_get_mac_addr(wpa_s),
ETH_P_EAPOL,
- wpa_supplicant_rx_eapol, wpa_s, 0);
+ wpas_eapol_needs_l2_packet(wpa_s) ?
+ wpa_supplicant_rx_eapol : NULL,
+ wpa_s, 0);
if (wpa_s->l2 == NULL)
return -1;
@@ -4775,17 +4788,18 @@
L2_PACKET_FILTER_PKTTYPE))
wpa_dbg(wpa_s, MSG_DEBUG,
"Failed to attach pkt_type filter");
+
+ if (l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
+ wpa_msg(wpa_s, MSG_ERROR,
+ "Failed to get own L2 address");
+ return -1;
+ }
} else {
const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
if (addr)
os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
}
- if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
- wpa_msg(wpa_s, MSG_ERROR, "Failed to get own L2 address");
- return -1;
- }
-
wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
wpas_wps_update_mac_addr(wpa_s);
@@ -4844,7 +4858,7 @@
os_memcpy(wpa_s->perm_addr, wpa_s->own_addr, ETH_ALEN);
wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
- if (wpa_s->bridge_ifname[0]) {
+ if (wpa_s->bridge_ifname[0] && wpas_eapol_needs_l2_packet(wpa_s)) {
wpa_dbg(wpa_s, MSG_DEBUG, "Receiving packets from bridge "
"interface '%s'", wpa_s->bridge_ifname);
wpa_s->l2_br = l2_packet_init_bridge(
@@ -6240,6 +6254,7 @@
if (capa_res == 0) {
wpa_s->drv_capa_known = 1;
wpa_s->drv_flags = capa.flags;
+ wpa_s->drv_flags2 = capa.flags2;
wpa_s->drv_enc = capa.enc;
wpa_s->drv_rrm_flags = capa.rrm_flags;
wpa_s->probe_resp_offloads = capa.probe_resp_offloads;
diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
index f242c3a..3b90567 100644
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -481,6 +481,11 @@
# 0 = use permanent MAC address
# 1 = use random MAC address
# 2 = like 1, but maintain OUI (with local admin bit set)
+# Note that this setting is ignored when a specific MAC address is needed for
+# a full protocol exchange that includes GAS, e.g., when going through a DPP
+# exchange that exposes the configured interface address as part of the DP
+# Public Action frame exchanges before using GAS. That same address is then used
+# during the GAS exchange as well to avoid breaking the protocol expectations.
#gas_rand_mac_addr=0
# Lifetime of GAS random MAC address in seconds (default: 60)
diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h
index 8b1d0d0..2f95eeb 100644
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -725,6 +725,7 @@
unsigned int no_suitable_network;
u64 drv_flags;
+ u64 drv_flags2;
unsigned int drv_enc;
unsigned int drv_rrm_flags;
@@ -1144,6 +1145,7 @@
unsigned int disable_sa_query:1;
unsigned int testing_resend_assoc:1;
unsigned int ignore_sae_h2e_only:1;
+ int ft_rsnxe_used;
struct wpabuf *sae_commit_override;
enum wpa_alg last_tk_alg;
u8 last_tk_addr[ETH_ALEN];
diff --git a/wpa_supplicant/wps_supplicant.c b/wpa_supplicant/wps_supplicant.c
index e617158..130c278 100644
--- a/wpa_supplicant/wps_supplicant.c
+++ b/wpa_supplicant/wps_supplicant.c
@@ -484,7 +484,7 @@
case WPS_ENCR_NONE:
break;
case WPS_ENCR_TKIP:
- ssid->pairwise_cipher = WPA_CIPHER_TKIP;
+ ssid->pairwise_cipher = WPA_CIPHER_TKIP | WPA_CIPHER_CCMP;
break;
case WPS_ENCR_AES:
ssid->pairwise_cipher = WPA_CIPHER_CCMP;
@@ -525,7 +525,7 @@
case WPS_AUTH_WPAPSK:
ssid->auth_alg = WPA_AUTH_ALG_OPEN;
ssid->key_mgmt = WPA_KEY_MGMT_PSK;
- ssid->proto = WPA_PROTO_WPA;
+ ssid->proto = WPA_PROTO_WPA | WPA_PROTO_RSN;
break;
case WPS_AUTH_WPA2PSK:
ssid->auth_alg = WPA_AUTH_ALG_OPEN;
@@ -1618,8 +1618,13 @@
os_memcpy(wps->dev.mac_addr, wpa_s->own_addr, ETH_ALEN);
wpas_wps_set_uuid(wpa_s, wps);
+#ifdef CONFIG_NO_TKIP
+ wps->auth_types = WPS_AUTH_WPA2PSK;
+ wps->encr_types = WPS_ENCR_AES;
+#else /* CONFIG_NO_TKIP */
wps->auth_types = WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK;
wps->encr_types = WPS_ENCR_AES | WPS_ENCR_TKIP;
+#endif /* CONFIG_NO_TKIP */
os_memset(&rcfg, 0, sizeof(rcfg));
rcfg.new_psk_cb = wpas_wps_new_psk_cb;