Accumulative patch from commit f5f37d3a4fc2df2a24676b4f95afca15ed793cba
Author: Jouni Malinen <j@w1.fi>
Date: Sun Nov 25 22:05:32 2012 +0200
Fix REAUTHENTICATE command after PMKSA caching
The current PMKSA cache entry needs to be clear to allow EAPOL
reauthentication to be started in case this association used PMKSA
caching.
- Remove old WPS_OOB NCF
- WPS: Add preliminary NFC connection handover support for Enrollee
- WPS: Reenable the networks disabled during wpa_wpas_reassoc
- P2P: Avoid multi-channel scans when they are not needed
- P2P: Allow discoverable interval for p2p_find to be configured
- P2P: Allow all channels with multi-channel concurrency
- Bonjour changes
- Remove disassociate
- HS 2.0 changes
- Add preliminary support for using SQLite for eap_user database
- Add SAE support
- Add disallow_aps parameter to disallow BSSIDs/SSIDs
Change-Id: I85358a05b39d46b8db49acdad667e771c580b05c
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c
index 31e1c19..3c699f7 100644
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@@ -408,6 +408,7 @@
user = user->next;
hostapd_config_free_eap_user(prev_user);
}
+ os_free(conf->eap_user_sqlite);
os_free(conf->dump_log_name);
os_free(conf->eap_req_id_text);
@@ -619,57 +620,3 @@
return NULL;
}
-
-
-const struct hostapd_eap_user *
-hostapd_get_eap_user(const struct hostapd_bss_config *conf, const u8 *identity,
- size_t identity_len, int phase2)
-{
- struct hostapd_eap_user *user = conf->eap_user;
-
-#ifdef CONFIG_WPS
- if (conf->wps_state && identity_len == WSC_ID_ENROLLEE_LEN &&
- os_memcmp(identity, WSC_ID_ENROLLEE, WSC_ID_ENROLLEE_LEN) == 0) {
- static struct hostapd_eap_user wsc_enrollee;
- os_memset(&wsc_enrollee, 0, sizeof(wsc_enrollee));
- wsc_enrollee.methods[0].method = eap_server_get_type(
- "WSC", &wsc_enrollee.methods[0].vendor);
- return &wsc_enrollee;
- }
-
- if (conf->wps_state && identity_len == WSC_ID_REGISTRAR_LEN &&
- os_memcmp(identity, WSC_ID_REGISTRAR, WSC_ID_REGISTRAR_LEN) == 0) {
- static struct hostapd_eap_user wsc_registrar;
- os_memset(&wsc_registrar, 0, sizeof(wsc_registrar));
- wsc_registrar.methods[0].method = eap_server_get_type(
- "WSC", &wsc_registrar.methods[0].vendor);
- wsc_registrar.password = (u8 *) conf->ap_pin;
- wsc_registrar.password_len = conf->ap_pin ?
- os_strlen(conf->ap_pin) : 0;
- return &wsc_registrar;
- }
-#endif /* CONFIG_WPS */
-
- while (user) {
- if (!phase2 && user->identity == NULL) {
- /* Wildcard match */
- break;
- }
-
- if (user->phase2 == !!phase2 && user->wildcard_prefix &&
- identity_len >= user->identity_len &&
- os_memcmp(user->identity, identity, user->identity_len) ==
- 0) {
- /* Wildcard prefix match */
- break;
- }
-
- if (user->phase2 == !!phase2 &&
- user->identity_len == identity_len &&
- os_memcmp(user->identity, identity, identity_len) == 0)
- break;
- user = user->next;
- }
-
- return user;
-}
diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
index f5e4a6a..71313c0 100644
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -96,6 +96,11 @@
};
#define PMK_LEN 32
+struct hostapd_sta_wpa_psk_short {
+ struct hostapd_sta_wpa_psk_short *next;
+ u8 psk[PMK_LEN];
+};
+
struct hostapd_wpa_psk {
struct hostapd_wpa_psk *next;
int group;
@@ -192,6 +197,7 @@
int eap_server; /* Use internal EAP server instead of external
* RADIUS server */
struct hostapd_eap_user *eap_user;
+ char *eap_user_sqlite;
char *eap_sim_db;
struct hostapd_ip_addr own_ip_addr;
char *nas_identifier;
@@ -505,6 +511,7 @@
int require_vht;
u8 vht_oper_chwidth;
u8 vht_oper_centr_freq_seg0_idx;
+ u8 vht_oper_centr_freq_seg1_idx;
};
@@ -523,9 +530,6 @@
int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf);
const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan,
int vlan_id);
-const struct hostapd_eap_user *
-hostapd_get_eap_user(const struct hostapd_bss_config *conf, const u8 *identity,
- size_t identity_len, int phase2);
struct hostapd_radius_attr *
hostapd_config_get_radius_attr(struct hostapd_radius_attr *attr, u8 type);
diff --git a/src/ap/authsrv.c b/src/ap/authsrv.c
index 5c03f45..d66d97e 100644
--- a/src/ap/authsrv.c
+++ b/src/ap/authsrv.c
@@ -92,7 +92,7 @@
os_memset(&srv, 0, sizeof(srv));
srv.client_file = conf->radius_server_clients;
srv.auth_port = conf->radius_server_auth_port;
- srv.conf_ctx = conf;
+ srv.conf_ctx = hapd;
srv.eap_sim_db_priv = hapd->eap_sim_db_priv;
srv.ssl_ctx = hapd->ssl_ctx;
srv.msg_ctx = hapd->msg_ctx;
diff --git a/src/ap/ctrl_iface_ap.c b/src/ap/ctrl_iface_ap.c
index ab9c83e..c55d3fe 100644
--- a/src/ap/ctrl_iface_ap.c
+++ b/src/ap/ctrl_iface_ap.c
@@ -21,6 +21,28 @@
#include "ap_drv_ops.h"
+static int hostapd_get_sta_conn_time(struct sta_info *sta,
+ char *buf, size_t buflen)
+{
+ struct os_time now, age;
+ int len = 0, ret;
+
+ if (!sta->connected_time.sec)
+ return 0;
+
+ os_get_time(&now);
+ os_time_sub(&now, &sta->connected_time, &age);
+
+ ret = os_snprintf(buf + len, buflen - len, "connected_time=%u\n",
+ (unsigned int) age.sec);
+ if (ret < 0 || (size_t) ret >= buflen - len)
+ return len;
+ len += ret;
+
+ return len;
+}
+
+
static int hostapd_ctrl_iface_sta_mib(struct hostapd_data *hapd,
struct sta_info *sta,
char *buf, size_t buflen)
@@ -58,6 +80,10 @@
if (res >= 0)
len += res;
+ res = hostapd_get_sta_conn_time(sta, buf + len, buflen - len);
+ if (res >= 0)
+ len += res;
+
return len;
}
diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
index 23fa241..8613975 100644
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -109,6 +109,15 @@
}
#endif /* CONFIG_P2P */
+#ifdef CONFIG_HS20
+ wpabuf_free(sta->hs20_ie);
+ if (elems.hs20 && elems.hs20_len > 4) {
+ sta->hs20_ie = wpabuf_alloc_copy(elems.hs20 + 4,
+ elems.hs20_len - 4);
+ } else
+ sta->hs20_ie = NULL;
+#endif /* CONFIG_HS20 */
+
if (hapd->conf->wpa) {
if (ie == NULL || ielen == 0) {
#ifdef CONFIG_WPS
@@ -672,12 +681,15 @@
const u8 *data, size_t data_len)
{
struct hostapd_iface *iface = hapd->iface;
+ struct sta_info *sta;
size_t j;
for (j = 0; j < iface->num_bss; j++) {
- if (ap_get_sta(iface->bss[j], src)) {
- hapd = iface->bss[j];
- break;
+ if ((sta = ap_get_sta(iface->bss[j], src))) {
+ if (sta->flags & WLAN_STA_ASSOC) {
+ hapd = iface->bss[j];
+ break;
+ }
}
}
diff --git a/src/ap/eap_user_db.c b/src/ap/eap_user_db.c
new file mode 100644
index 0000000..79d50e5
--- /dev/null
+++ b/src/ap/eap_user_db.c
@@ -0,0 +1,270 @@
+/*
+ * hostapd / EAP user database
+ * Copyright (c) 2012, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "includes.h"
+#ifdef CONFIG_SQLITE
+#include <sqlite3.h>
+#endif /* CONFIG_SQLITE */
+
+#include "common.h"
+#include "eap_common/eap_wsc_common.h"
+#include "eap_server/eap_methods.h"
+#include "eap_server/eap.h"
+#include "ap_config.h"
+#include "hostapd.h"
+
+#ifdef CONFIG_SQLITE
+
+static void set_user_methods(struct hostapd_eap_user *user, const char *methods)
+{
+ char *buf, *start;
+ int num_methods;
+
+ buf = os_strdup(methods);
+ if (buf == NULL)
+ return;
+
+ os_memset(&user->methods, 0, sizeof(user->methods));
+ num_methods = 0;
+ start = buf;
+ while (*start) {
+ char *pos3 = os_strchr(start, ',');
+ if (pos3)
+ *pos3++ = '\0';
+ user->methods[num_methods].method =
+ eap_server_get_type(start,
+ &user->methods[num_methods].vendor);
+ if (user->methods[num_methods].vendor == EAP_VENDOR_IETF &&
+ user->methods[num_methods].method == EAP_TYPE_NONE) {
+ if (os_strcmp(start, "TTLS-PAP") == 0) {
+ user->ttls_auth |= EAP_TTLS_AUTH_PAP;
+ goto skip_eap;
+ }
+ if (os_strcmp(start, "TTLS-CHAP") == 0) {
+ user->ttls_auth |= EAP_TTLS_AUTH_CHAP;
+ goto skip_eap;
+ }
+ if (os_strcmp(start, "TTLS-MSCHAP") == 0) {
+ user->ttls_auth |= EAP_TTLS_AUTH_MSCHAP;
+ goto skip_eap;
+ }
+ if (os_strcmp(start, "TTLS-MSCHAPV2") == 0) {
+ user->ttls_auth |= EAP_TTLS_AUTH_MSCHAPV2;
+ goto skip_eap;
+ }
+ wpa_printf(MSG_INFO, "DB: Unsupported EAP type '%s'",
+ start);
+ os_free(buf);
+ return;
+ }
+
+ num_methods++;
+ if (num_methods >= EAP_MAX_METHODS)
+ break;
+ skip_eap:
+ if (pos3 == NULL)
+ break;
+ start = pos3;
+ }
+
+ os_free(buf);
+}
+
+
+static int get_user_cb(void *ctx, int argc, char *argv[], char *col[])
+{
+ struct hostapd_eap_user *user = ctx;
+ int i;
+
+ for (i = 0; i < argc; i++) {
+ if (os_strcmp(col[i], "password") == 0 && argv[i]) {
+ os_free(user->password);
+ user->password_len = os_strlen(argv[i]);
+ user->password = (u8 *) os_strdup(argv[i]);
+ user->next = (void *) 1;
+ } else if (os_strcmp(col[i], "methods") == 0 && argv[i]) {
+ set_user_methods(user, argv[i]);
+ }
+ }
+
+ return 0;
+}
+
+
+static int get_wildcard_cb(void *ctx, int argc, char *argv[], char *col[])
+{
+ struct hostapd_eap_user *user = ctx;
+ int i, id = -1, methods = -1;
+ size_t len;
+
+ for (i = 0; i < argc; i++) {
+ if (os_strcmp(col[i], "identity") == 0 && argv[i])
+ id = i;
+ else if (os_strcmp(col[i], "methods") == 0 && argv[i])
+ methods = i;
+ }
+
+ if (id < 0 || methods < 0)
+ return 0;
+
+ len = os_strlen(argv[id]);
+ if (len <= user->identity_len &&
+ os_memcmp(argv[id], user->identity, len) == 0 &&
+ (user->password == NULL || len > user->password_len)) {
+ os_free(user->password);
+ user->password_len = os_strlen(argv[id]);
+ user->password = (u8 *) os_strdup(argv[id]);
+ user->next = (void *) 1;
+ set_user_methods(user, argv[methods]);
+ }
+
+ return 0;
+}
+
+
+static const struct hostapd_eap_user *
+eap_user_sqlite_get(struct hostapd_data *hapd, const u8 *identity,
+ size_t identity_len, int phase2)
+{
+ sqlite3 *db;
+ struct hostapd_eap_user *user = NULL;
+ char id_str[256], cmd[300];
+ size_t i;
+
+ if (identity_len >= sizeof(id_str))
+ return NULL;
+ os_memcpy(id_str, identity, identity_len);
+ id_str[identity_len] = '\0';
+ for (i = 0; i < identity_len; i++) {
+ if (id_str[i] >= 'a' && id_str[i] <= 'z')
+ continue;
+ if (id_str[i] >= 'A' && id_str[i] <= 'Z')
+ continue;
+ if (id_str[i] >= '0' && id_str[i] <= '9')
+ continue;
+ if (id_str[i] == '-' || id_str[i] == '_' || id_str[i] == '.' ||
+ id_str[i] == ',' || id_str[i] == '@' || id_str[i] == '\\' ||
+ id_str[i] == '!' || id_str[i] == '#' || id_str[i] == '%' ||
+ id_str[i] == '=' || id_str[i] == ' ')
+ continue;
+ wpa_printf(MSG_INFO, "DB: Unsupported character in identity");
+ return NULL;
+ }
+
+ os_free(hapd->tmp_eap_user.identity);
+ os_free(hapd->tmp_eap_user.password);
+ os_memset(&hapd->tmp_eap_user, 0, sizeof(hapd->tmp_eap_user));
+ hapd->tmp_eap_user.phase2 = phase2;
+ hapd->tmp_eap_user.identity = os_zalloc(identity_len + 1);
+ if (hapd->tmp_eap_user.identity == NULL)
+ return NULL;
+ os_memcpy(hapd->tmp_eap_user.identity, identity, identity_len);
+
+ if (sqlite3_open(hapd->conf->eap_user_sqlite, &db)) {
+ wpa_printf(MSG_INFO, "DB: Failed to open database %s: %s",
+ hapd->conf->eap_user_sqlite, sqlite3_errmsg(db));
+ sqlite3_close(db);
+ return NULL;
+ }
+
+ os_snprintf(cmd, sizeof(cmd),
+ "SELECT password,methods FROM users WHERE "
+ "identity='%s' AND phase2=%d;", id_str, phase2);
+ wpa_printf(MSG_DEBUG, "DB: %s", cmd);
+ if (sqlite3_exec(db, cmd, get_user_cb, &hapd->tmp_eap_user, NULL) !=
+ SQLITE_OK) {
+ wpa_printf(MSG_DEBUG, "DB: Failed to complete SQL operation");
+ } else if (hapd->tmp_eap_user.next)
+ user = &hapd->tmp_eap_user;
+
+ if (user == NULL && !phase2) {
+ os_snprintf(cmd, sizeof(cmd),
+ "SELECT identity,methods FROM wildcards;");
+ wpa_printf(MSG_DEBUG, "DB: %s", cmd);
+ if (sqlite3_exec(db, cmd, get_wildcard_cb, &hapd->tmp_eap_user,
+ NULL) != SQLITE_OK) {
+ wpa_printf(MSG_DEBUG, "DB: Failed to complete SQL "
+ "operation");
+ } else if (hapd->tmp_eap_user.next) {
+ user = &hapd->tmp_eap_user;
+ os_free(user->identity);
+ user->identity = user->password;
+ user->identity_len = user->password_len;
+ user->password = NULL;
+ user->password_len = 0;
+ }
+ }
+
+ sqlite3_close(db);
+
+ return user;
+}
+
+#endif /* CONFIG_SQLITE */
+
+
+const struct hostapd_eap_user *
+hostapd_get_eap_user(struct hostapd_data *hapd, const u8 *identity,
+ size_t identity_len, int phase2)
+{
+ const struct hostapd_bss_config *conf = hapd->conf;
+ struct hostapd_eap_user *user = conf->eap_user;
+
+#ifdef CONFIG_WPS
+ if (conf->wps_state && identity_len == WSC_ID_ENROLLEE_LEN &&
+ os_memcmp(identity, WSC_ID_ENROLLEE, WSC_ID_ENROLLEE_LEN) == 0) {
+ static struct hostapd_eap_user wsc_enrollee;
+ os_memset(&wsc_enrollee, 0, sizeof(wsc_enrollee));
+ wsc_enrollee.methods[0].method = eap_server_get_type(
+ "WSC", &wsc_enrollee.methods[0].vendor);
+ return &wsc_enrollee;
+ }
+
+ if (conf->wps_state && identity_len == WSC_ID_REGISTRAR_LEN &&
+ os_memcmp(identity, WSC_ID_REGISTRAR, WSC_ID_REGISTRAR_LEN) == 0) {
+ static struct hostapd_eap_user wsc_registrar;
+ os_memset(&wsc_registrar, 0, sizeof(wsc_registrar));
+ wsc_registrar.methods[0].method = eap_server_get_type(
+ "WSC", &wsc_registrar.methods[0].vendor);
+ wsc_registrar.password = (u8 *) conf->ap_pin;
+ wsc_registrar.password_len = conf->ap_pin ?
+ os_strlen(conf->ap_pin) : 0;
+ return &wsc_registrar;
+ }
+#endif /* CONFIG_WPS */
+
+ while (user) {
+ if (!phase2 && user->identity == NULL) {
+ /* Wildcard match */
+ break;
+ }
+
+ if (user->phase2 == !!phase2 && user->wildcard_prefix &&
+ identity_len >= user->identity_len &&
+ os_memcmp(user->identity, identity, user->identity_len) ==
+ 0) {
+ /* Wildcard prefix match */
+ break;
+ }
+
+ if (user->phase2 == !!phase2 &&
+ user->identity_len == identity_len &&
+ os_memcmp(user->identity, identity, identity_len) == 0)
+ break;
+ user = user->next;
+ }
+
+#ifdef CONFIG_SQLITE
+ if (user == NULL && conf->eap_user_sqlite) {
+ return eap_user_sqlite_get(hapd, identity, identity_len,
+ phase2);
+ }
+#endif /* CONFIG_SQLITE */
+
+ return user;
+}
diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c
index 3429258..cef9daf 100644
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -273,6 +273,11 @@
#ifdef CONFIG_INTERWORKING
gas_serv_deinit(hapd);
#endif /* CONFIG_INTERWORKING */
+
+#ifdef CONFIG_SQLITE
+ os_free(hapd->tmp_eap_user.identity);
+ os_free(hapd->tmp_eap_user.password);
+#endif /* CONFIG_SQLITE */
}
@@ -1113,12 +1118,13 @@
int hostapd_disable_iface(struct hostapd_iface *hapd_iface)
{
size_t j;
- struct hostapd_bss_config *bss = hapd_iface->bss[0]->conf;
+ struct hostapd_bss_config *bss;
const struct wpa_driver_ops *driver;
void *drv_priv;
if (hapd_iface == NULL)
return -1;
+ bss = hapd_iface->bss[0]->conf;
driver = hapd_iface->bss[0]->driver;
drv_priv = hapd_iface->bss[0]->drv_priv;
@@ -1373,8 +1379,10 @@
/* Start accounting here, if IEEE 802.1X and WPA are not used.
* IEEE 802.1X/WPA code will start accounting after the station has
* been authorized. */
- if (!hapd->conf->ieee802_1x && !hapd->conf->wpa)
+ if (!hapd->conf->ieee802_1x && !hapd->conf->wpa) {
+ os_get_time(&sta->connected_time);
accounting_sta_start(hapd, sta);
+ }
/* Start IEEE 802.1X authentication process for new stations */
ieee802_1x_new_station(hapd, sta);
diff --git a/src/ap/hostapd.h b/src/ap/hostapd.h
index 71f476c..f1e7d9f 100644
--- a/src/ap/hostapd.h
+++ b/src/ap/hostapd.h
@@ -10,6 +10,7 @@
#define HOSTAPD_H
#include "common/defs.h"
+#include "ap_config.h"
struct wpa_driver_ops;
struct wpa_ctrl_dst;
@@ -187,6 +188,10 @@
#ifdef CONFIG_INTERWORKING
size_t gas_frag_limit;
#endif /* CONFIG_INTERWORKING */
+
+#ifdef CONFIG_SQLITE
+ struct hostapd_eap_user tmp_eap_user;
+#endif /* CONFIG_SQLITE */
};
@@ -297,4 +302,8 @@
void hostapd_event_ch_switch(struct hostapd_data *hapd, int freq, int ht,
int offset);
+const struct hostapd_eap_user *
+hostapd_get_eap_user(struct hostapd_data *hapd, const u8 *identity,
+ size_t identity_len, int phase2);
+
#endif /* HOSTAPD_H */
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index ce20e5f..a13a135 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -49,6 +49,8 @@
num = hapd->iface->num_rates;
if (hapd->iconf->ieee80211n && hapd->iconf->require_ht)
num++;
+ if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht)
+ num++;
if (num > 8) {
/* rest of the rates are encoded in Extended supported
* rates element */
@@ -66,9 +68,15 @@
pos++;
}
- if (hapd->iconf->ieee80211n && hapd->iconf->require_ht &&
- hapd->iface->num_rates < 8)
+ if (hapd->iconf->ieee80211n && hapd->iconf->require_ht && count < 8) {
+ count++;
*pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY;
+ }
+
+ if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht && count < 8) {
+ count++;
+ *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY;
+ }
return pos;
}
@@ -85,6 +93,8 @@
num = hapd->iface->num_rates;
if (hapd->iconf->ieee80211n && hapd->iconf->require_ht)
num++;
+ if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht)
+ num++;
if (num <= 8)
return eid;
num -= 8;
@@ -103,9 +113,17 @@
pos++;
}
- if (hapd->iconf->ieee80211n && hapd->iconf->require_ht &&
- hapd->iface->num_rates >= 8)
- *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY;
+ if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) {
+ count++;
+ if (count > 8)
+ *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY;
+ }
+
+ if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) {
+ count++;
+ if (count > 8)
+ *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY;
+ }
return pos;
}
@@ -296,6 +314,142 @@
#endif /* CONFIG_IEEE80211R */
+#ifdef CONFIG_SAE
+
+static struct wpabuf * auth_build_sae_commit(struct hostapd_data *hapd,
+ struct sta_info *sta)
+{
+ struct wpabuf *buf;
+
+ buf = wpabuf_alloc(2);
+ if (buf == NULL)
+ return NULL;
+
+ wpabuf_put_le16(buf, 19); /* Finite Cyclic Group */
+ /* TODO: Anti-Clogging Token (if requested) */
+ /* TODO: Scalar */
+ /* TODO: Element */
+
+ return buf;
+}
+
+
+static struct wpabuf * auth_build_sae_confirm(struct hostapd_data *hapd,
+ struct sta_info *sta)
+{
+ struct wpabuf *buf;
+
+ buf = wpabuf_alloc(2);
+ if (buf == NULL)
+ return NULL;
+
+ wpabuf_put_le16(buf, sta->sae_send_confirm);
+ sta->sae_send_confirm++;
+ /* TODO: Confirm */
+
+ return buf;
+}
+
+
+static u16 handle_sae_commit(struct hostapd_data *hapd, struct sta_info *sta,
+ const u8 *data, size_t len)
+{
+ wpa_hexdump(MSG_DEBUG, "SAE commit fields", data, len);
+
+ /* Check Finite Cyclic Group */
+ if (len < 2)
+ return WLAN_STATUS_UNSPECIFIED_FAILURE;
+ if (WPA_GET_LE16(data) != 19) {
+ wpa_printf(MSG_DEBUG, "SAE: Unsupported Finite Cyclic Group %u",
+ WPA_GET_LE16(data));
+ return WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED;
+ }
+
+ return WLAN_STATUS_SUCCESS;
+}
+
+
+static u16 handle_sae_confirm(struct hostapd_data *hapd, struct sta_info *sta,
+ const u8 *data, size_t len)
+{
+ u16 rc;
+
+ wpa_hexdump(MSG_DEBUG, "SAE confirm fields", data, len);
+
+ if (len < 2)
+ return WLAN_STATUS_UNSPECIFIED_FAILURE;
+ rc = WPA_GET_LE16(data);
+ wpa_printf(MSG_DEBUG, "SAE: peer-send-confirm %u", rc);
+
+ return WLAN_STATUS_SUCCESS;
+}
+
+
+static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
+ const struct ieee80211_mgmt *mgmt, size_t len,
+ u8 auth_transaction)
+{
+ u16 resp = WLAN_STATUS_SUCCESS;
+ struct wpabuf *data;
+
+ if (auth_transaction == 1) {
+ hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
+ HOSTAPD_LEVEL_DEBUG,
+ "start SAE authentication (RX commit)");
+ resp = handle_sae_commit(hapd, sta, mgmt->u.auth.variable,
+ ((u8 *) mgmt) + len -
+ mgmt->u.auth.variable);
+ if (resp == WLAN_STATUS_SUCCESS)
+ sta->sae_state = SAE_COMMIT;
+ } else if (auth_transaction == 2) {
+ if (sta->sae_state != SAE_COMMIT) {
+ hostapd_logger(hapd, sta->addr,
+ HOSTAPD_MODULE_IEEE80211,
+ HOSTAPD_LEVEL_DEBUG,
+ "SAE confirm before commit");
+ resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION;
+ }
+ hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
+ HOSTAPD_LEVEL_DEBUG,
+ "SAE authentication (RX confirm)");
+ resp = handle_sae_confirm(hapd, sta, mgmt->u.auth.variable,
+ ((u8 *) mgmt) + len -
+ mgmt->u.auth.variable);
+ if (resp == WLAN_STATUS_SUCCESS) {
+ sta->flags |= WLAN_STA_AUTH;
+ wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
+ sta->auth_alg = WLAN_AUTH_SAE;
+ mlme_authenticate_indication(hapd, sta);
+ }
+ } else {
+ hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
+ HOSTAPD_LEVEL_DEBUG,
+ "unexpected SAE authentication transaction %u",
+ auth_transaction);
+ resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION;
+ }
+
+ sta->auth_alg = WLAN_AUTH_SAE;
+
+ if (resp == WLAN_STATUS_SUCCESS) {
+ if (auth_transaction == 1)
+ data = auth_build_sae_commit(hapd, sta);
+ else
+ data = auth_build_sae_confirm(hapd, sta);
+ if (data == NULL)
+ resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
+ } else
+ data = NULL;
+
+ send_auth_reply(hapd, mgmt->sa, mgmt->bssid, WLAN_AUTH_SAE,
+ auth_transaction, resp,
+ data ? wpabuf_head(data) : (u8 *) "",
+ data ? wpabuf_len(data) : 0);
+ wpabuf_free(data);
+}
+#endif /* CONFIG_SAE */
+
+
static void handle_auth(struct hostapd_data *hapd,
const struct ieee80211_mgmt *mgmt, size_t len)
{
@@ -307,8 +461,7 @@
const u8 *challenge = NULL;
u32 session_timeout, acct_interim_interval;
int vlan_id = 0;
- u8 psk[PMK_LEN];
- int has_psk = 0;
+ struct hostapd_sta_wpa_psk_short *psk = NULL;
u8 resp_ies[2 + WLAN_AUTH_CHALLENGE_LEN];
size_t resp_ies_len = 0;
char *identity = NULL;
@@ -348,6 +501,10 @@
(hapd->conf->wpa && wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt) &&
auth_alg == WLAN_AUTH_FT) ||
#endif /* CONFIG_IEEE80211R */
+#ifdef CONFIG_SAE
+ (hapd->conf->wpa && wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt) &&
+ auth_alg == WLAN_AUTH_SAE) ||
+#endif /* CONFIG_SAE */
((hapd->conf->auth_algs & WPA_AUTH_ALG_SHARED) &&
auth_alg == WLAN_AUTH_SHARED_KEY))) {
printf("Unsupported authentication algorithm (%d)\n",
@@ -356,7 +513,7 @@
goto fail;
}
- if (!(auth_transaction == 1 ||
+ if (!(auth_transaction == 1 || auth_alg == WLAN_AUTH_SAE ||
(auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 3))) {
printf("Unknown authentication transaction number (%d)\n",
auth_transaction);
@@ -374,7 +531,7 @@
res = hostapd_allowed_address(hapd, mgmt->sa, (u8 *) mgmt, len,
&session_timeout,
&acct_interim_interval, &vlan_id,
- psk, &has_psk, &identity, &radius_cui);
+ &psk, &identity, &radius_cui);
if (res == HOSTAPD_ACL_REJECT) {
printf("Station " MACSTR " not allowed to authenticate.\n",
@@ -413,13 +570,11 @@
HOSTAPD_LEVEL_INFO, "VLAN ID %d", sta->vlan_id);
}
- if (has_psk && hapd->conf->wpa_psk_radius != PSK_RADIUS_IGNORED) {
- os_free(sta->psk);
- sta->psk = os_malloc(PMK_LEN);
- if (sta->psk)
- os_memcpy(sta->psk, psk, PMK_LEN);
+ hostapd_free_psk_list(sta->psk);
+ if (hapd->conf->wpa_psk_radius != PSK_RADIUS_IGNORED) {
+ sta->psk = psk;
+ psk = NULL;
} else {
- os_free(sta->psk);
sta->psk = NULL;
}
@@ -486,11 +641,17 @@
/* handle_auth_ft_finish() callback will complete auth. */
return;
#endif /* CONFIG_IEEE80211R */
+#ifdef CONFIG_SAE
+ case WLAN_AUTH_SAE:
+ handle_auth_sae(hapd, sta, mgmt, len, auth_transaction);
+ return;
+#endif /* CONFIG_SAE */
}
fail:
os_free(identity);
os_free(radius_cui);
+ hostapd_free_psk_list(psk);
send_auth_reply(hapd, mgmt->sa, mgmt->bssid, auth_alg,
auth_transaction + 1, resp, resp_ies, resp_ies_len);
@@ -779,6 +940,16 @@
}
#endif /* CONFIG_IEEE80211R */
+#ifdef CONFIG_SAE
+ if (wpa_auth_uses_sae(sta->wpa_sm) &&
+ sta->auth_alg != WLAN_AUTH_SAE) {
+ wpa_printf(MSG_DEBUG, "SAE: " MACSTR " tried to use "
+ "SAE AKM after non-SAE auth_alg %u",
+ MAC2STR(sta->addr), sta->auth_alg);
+ return WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG;
+ }
+#endif /* CONFIG_SAE */
+
#ifdef CONFIG_IEEE80211N
if ((sta->flags & (WLAN_STA_HT | WLAN_STA_VHT)) &&
wpa_auth_get_pairwise(sta->wpa_sm) == WPA_CIPHER_TKIP) {
@@ -807,6 +978,15 @@
p2p_group_notif_assoc(hapd->p2p_group, sta->addr, ies, ies_len);
#endif /* CONFIG_P2P */
+#ifdef CONFIG_HS20
+ wpabuf_free(sta->hs20_ie);
+ if (elems.hs20 && elems.hs20_len > 4) {
+ sta->hs20_ie = wpabuf_alloc_copy(elems.hs20 + 4,
+ elems.hs20_len - 4);
+ } else
+ sta->hs20_ie = NULL;
+#endif /* CONFIG_HS20 */
+
return WLAN_STATUS_SUCCESS;
}
diff --git a/src/ap/ieee802_11_auth.c b/src/ap/ieee802_11_auth.c
index 63ae345..c311e55 100644
--- a/src/ap/ieee802_11_auth.c
+++ b/src/ap/ieee802_11_auth.c
@@ -36,8 +36,7 @@
u32 session_timeout;
u32 acct_interim_interval;
int vlan_id;
- int has_psk;
- u8 psk[PMK_LEN];
+ struct hostapd_sta_wpa_psk_short *psk;
char *identity;
char *radius_cui;
};
@@ -58,6 +57,7 @@
{
os_free(e->identity);
os_free(e->radius_cui);
+ hostapd_free_psk_list(e->psk);
os_free(e);
}
@@ -74,11 +74,34 @@
}
+static void copy_psk_list(struct hostapd_sta_wpa_psk_short **psk,
+ struct hostapd_sta_wpa_psk_short *src)
+{
+ struct hostapd_sta_wpa_psk_short **copy_to;
+ struct hostapd_sta_wpa_psk_short *copy_from;
+
+ /* Copy PSK linked list */
+ copy_to = psk;
+ copy_from = src;
+ while (copy_from && copy_to) {
+ *copy_to = os_zalloc(sizeof(struct hostapd_sta_wpa_psk_short));
+ if (*copy_to == NULL)
+ break;
+ os_memcpy(*copy_to, copy_from,
+ sizeof(struct hostapd_sta_wpa_psk_short));
+ copy_from = copy_from->next;
+ copy_to = &((*copy_to)->next);
+ }
+ if (copy_to)
+ *copy_to = NULL;
+}
+
+
static int hostapd_acl_cache_get(struct hostapd_data *hapd, const u8 *addr,
u32 *session_timeout,
u32 *acct_interim_interval, int *vlan_id,
- u8 *psk, int *has_psk, char **identity,
- char **radius_cui)
+ struct hostapd_sta_wpa_psk_short **psk,
+ char **identity, char **radius_cui)
{
struct hostapd_cached_radius_acl *entry;
struct os_time now;
@@ -99,10 +122,7 @@
entry->acct_interim_interval;
if (vlan_id)
*vlan_id = entry->vlan_id;
- if (psk)
- os_memcpy(psk, entry->psk, PMK_LEN);
- if (has_psk)
- *has_psk = entry->has_psk;
+ copy_psk_list(psk, entry->psk);
if (identity) {
if (entry->identity)
*identity = os_strdup(entry->identity);
@@ -200,8 +220,7 @@
* @session_timeout: Buffer for returning session timeout (from RADIUS)
* @acct_interim_interval: Buffer for returning account interval (from RADIUS)
* @vlan_id: Buffer for returning VLAN ID
- * @psk: Buffer for returning WPA PSK
- * @has_psk: Buffer for indicating whether psk was filled
+ * @psk: Linked list buffer for returning WPA PSK
* @identity: Buffer for returning identity (from RADIUS)
* @radius_cui: Buffer for returning CUI (from RADIUS)
* Returns: HOSTAPD_ACL_ACCEPT, HOSTAPD_ACL_REJECT, or HOSTAPD_ACL_PENDING
@@ -212,8 +231,8 @@
int hostapd_allowed_address(struct hostapd_data *hapd, const u8 *addr,
const u8 *msg, size_t len, u32 *session_timeout,
u32 *acct_interim_interval, int *vlan_id,
- u8 *psk, int *has_psk, char **identity,
- char **radius_cui)
+ struct hostapd_sta_wpa_psk_short **psk,
+ char **identity, char **radius_cui)
{
if (session_timeout)
*session_timeout = 0;
@@ -221,10 +240,8 @@
*acct_interim_interval = 0;
if (vlan_id)
*vlan_id = 0;
- if (has_psk)
- *has_psk = 0;
if (psk)
- os_memset(psk, 0, PMK_LEN);
+ *psk = NULL;
if (identity)
*identity = NULL;
if (radius_cui)
@@ -253,7 +270,7 @@
/* Check whether ACL cache has an entry for this station */
int res = hostapd_acl_cache_get(hapd, addr, session_timeout,
acct_interim_interval,
- vlan_id, psk, has_psk,
+ vlan_id, psk,
identity, radius_cui);
if (res == HOSTAPD_ACL_ACCEPT ||
res == HOSTAPD_ACL_ACCEPT_TIMEOUT)
@@ -396,6 +413,54 @@
}
+static void decode_tunnel_passwords(struct hostapd_data *hapd,
+ const u8 *shared_secret,
+ size_t shared_secret_len,
+ struct radius_msg *msg,
+ struct radius_msg *req,
+ struct hostapd_cached_radius_acl *cache)
+{
+ int passphraselen;
+ char *passphrase, *strpassphrase;
+ size_t i;
+ struct hostapd_sta_wpa_psk_short *psk;
+
+ /*
+ * Decode all tunnel passwords as PSK and save them into a linked list.
+ */
+ for (i = 0; ; i++) {
+ passphrase = radius_msg_get_tunnel_password(
+ msg, &passphraselen, shared_secret, shared_secret_len,
+ req, i);
+ /*
+ * Passphrase is NULL iff there is no i-th Tunnel-Password
+ * attribute in msg.
+ */
+ if (passphrase == NULL)
+ break;
+ /*
+ * passphrase does not contain the NULL termination.
+ * Add it here as pbkdf2_sha1() requires it.
+ */
+ strpassphrase = os_zalloc(passphraselen + 1);
+ psk = os_zalloc(sizeof(struct hostapd_sta_wpa_psk_short));
+ if (strpassphrase && psk) {
+ os_memcpy(strpassphrase, passphrase, passphraselen);
+ pbkdf2_sha1(strpassphrase,
+ hapd->conf->ssid.ssid,
+ hapd->conf->ssid.ssid_len, 4096,
+ psk->psk, PMK_LEN);
+ psk->next = cache->psk;
+ cache->psk = psk;
+ psk = NULL;
+ }
+ os_free(strpassphrase);
+ os_free(psk);
+ os_free(passphrase);
+ }
+}
+
+
/**
* hostapd_acl_recv_radius - Process incoming RADIUS Authentication messages
* @msg: RADIUS response message
@@ -454,8 +519,6 @@
cache->timestamp = t.sec;
os_memcpy(cache->addr, query->addr, sizeof(cache->addr));
if (hdr->code == RADIUS_CODE_ACCESS_ACCEPT) {
- int passphraselen;
- char *passphrase;
u8 *buf;
size_t len;
@@ -478,27 +541,9 @@
cache->vlan_id = radius_msg_get_vlanid(msg);
- passphrase = radius_msg_get_tunnel_password(
- msg, &passphraselen,
- hapd->conf->radius->auth_server->shared_secret,
- hapd->conf->radius->auth_server->shared_secret_len,
- req);
- cache->has_psk = passphrase != NULL;
- if (passphrase != NULL) {
- /* passphrase does not contain the NULL termination.
- * Add it here as pbkdf2_sha1 requires it. */
- char *strpassphrase = os_zalloc(passphraselen + 1);
- if (strpassphrase) {
- os_memcpy(strpassphrase, passphrase,
- passphraselen);
- pbkdf2_sha1(strpassphrase,
- hapd->conf->ssid.ssid,
- hapd->conf->ssid.ssid_len, 4096,
- cache->psk, PMK_LEN);
- os_free(strpassphrase);
- }
- os_free(passphrase);
- }
+ decode_tunnel_passwords(hapd, shared_secret, shared_secret_len,
+ msg, req, cache);
+
if (radius_msg_get_attr_ptr(msg, RADIUS_ATTR_USER_NAME,
&buf, &len, NULL) == 0) {
cache->identity = os_zalloc(len + 1);
@@ -514,7 +559,7 @@
}
if (hapd->conf->wpa_psk_radius == PSK_RADIUS_REQUIRED &&
- !cache->has_psk)
+ !cache->psk)
cache->accepted = HOSTAPD_ACL_REJECT;
} else
cache->accepted = HOSTAPD_ACL_REJECT;
@@ -586,3 +631,13 @@
hostapd_acl_query_free(prev);
}
}
+
+
+void hostapd_free_psk_list(struct hostapd_sta_wpa_psk_short *psk)
+{
+ while (psk) {
+ struct hostapd_sta_wpa_psk_short *prev = psk;
+ psk = psk->next;
+ os_free(prev);
+ }
+}
diff --git a/src/ap/ieee802_11_auth.h b/src/ap/ieee802_11_auth.h
index 0e8d1cb..2bc1065 100644
--- a/src/ap/ieee802_11_auth.h
+++ b/src/ap/ieee802_11_auth.h
@@ -19,9 +19,10 @@
int hostapd_allowed_address(struct hostapd_data *hapd, const u8 *addr,
const u8 *msg, size_t len, u32 *session_timeout,
u32 *acct_interim_interval, int *vlan_id,
- u8 *psk, int *has_psk, char **identity,
- char **radius_cui);
+ struct hostapd_sta_wpa_psk_short **psk,
+ char **identity, char **radius_cui);
int hostapd_acl_init(struct hostapd_data *hapd);
void hostapd_acl_deinit(struct hostapd_data *hapd);
+void hostapd_free_psk_list(struct hostapd_sta_wpa_psk_short *psk);
#endif /* IEEE802_11_AUTH_H */
diff --git a/src/ap/ieee802_11_vht.c b/src/ap/ieee802_11_vht.c
index 7599ef8..b21c2b7 100644
--- a/src/ap/ieee802_11_vht.c
+++ b/src/ap/ieee802_11_vht.c
@@ -68,6 +68,8 @@
*/
oper->vht_op_info_chan_center_freq_seg0_idx =
hapd->iconf->vht_oper_centr_freq_seg0_idx;
+ oper->vht_op_info_chan_center_freq_seg1_idx =
+ hapd->iconf->vht_oper_centr_freq_seg1_idx;
oper->vht_op_info_chwidth = hapd->iconf->vht_oper_chwidth;
diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
index c4d3da8..e1b11ba 100644
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
@@ -99,8 +99,10 @@
"driver (errno=%d).\n", MAC2STR(sta->addr), errno);
}
- if (authorized)
+ if (authorized) {
+ os_get_time(&sta->connected_time);
accounting_sta_start(hapd, sta);
+ }
}
@@ -1684,8 +1686,7 @@
const struct hostapd_eap_user *eap_user;
int i;
- eap_user = hostapd_get_eap_user(hapd->conf, identity,
- identity_len, phase2);
+ eap_user = hostapd_get_eap_user(hapd, identity, identity_len, phase2);
if (eap_user == NULL)
return -1;
diff --git a/src/ap/pmksa_cache_auth.c b/src/ap/pmksa_cache_auth.c
index ba2c033..3a9cc7b 100644
--- a/src/ap/pmksa_cache_auth.c
+++ b/src/ap/pmksa_cache_auth.c
@@ -95,11 +95,9 @@
os_get_time(&now);
while (pmksa->pmksa && pmksa->pmksa->expiration <= now.sec) {
- struct rsn_pmksa_cache_entry *entry = pmksa->pmksa;
- pmksa->pmksa = entry->next;
wpa_printf(MSG_DEBUG, "RSN: expired PMKSA cache entry for "
- MACSTR, MAC2STR(entry->spa));
- pmksa_cache_free_entry(pmksa, entry);
+ MACSTR, MAC2STR(pmksa->pmksa->spa));
+ pmksa_cache_free_entry(pmksa, pmksa->pmksa);
}
pmksa_cache_set_expiration(pmksa);
diff --git a/src/ap/sta_info.c b/src/ap/sta_info.c
index d61177f..6bc43d2 100644
--- a/src/ap/sta_info.c
+++ b/src/ap/sta_info.c
@@ -20,6 +20,7 @@
#include "accounting.h"
#include "ieee802_1x.h"
#include "ieee802_11.h"
+#include "ieee802_11_auth.h"
#include "wpa_auth.h"
#include "preauth_auth.h"
#include "ap_config.h"
@@ -232,9 +233,10 @@
wpabuf_free(sta->wps_ie);
wpabuf_free(sta->p2p_ie);
+ wpabuf_free(sta->hs20_ie);
os_free(sta->ht_capabilities);
- os_free(sta->psk);
+ hostapd_free_psk_list(sta->psk);
os_free(sta->identity);
os_free(sta->radius_cui);
diff --git a/src/ap/sta_info.h b/src/ap/sta_info.h
index b3c57b4..d5e92fa 100644
--- a/src/ap/sta_info.h
+++ b/src/ap/sta_info.h
@@ -95,7 +95,8 @@
struct hostapd_ssid *ssid_probe; /* SSID selection based on ProbeReq */
int vlan_id;
- u8 *psk; /* PSK from RADIUS authentication server */
+ /* PSKs from RADIUS authentication server */
+ struct hostapd_sta_wpa_psk_short *psk;
char *identity; /* User-Name from RADIUS */
char *radius_cui; /* Chargeable-User-Identity from RADIUS */
@@ -121,6 +122,14 @@
struct wpabuf *wps_ie; /* WPS IE from (Re)Association Request */
struct wpabuf *p2p_ie; /* P2P IE from (Re)Association Request */
+ struct wpabuf *hs20_ie; /* HS 2.0 IE from (Re)Association Request */
+
+ struct os_time connected_time;
+
+#ifdef CONFIG_SAE
+ enum { SAE_INIT, SAE_COMMIT, SAE_CONFIRM } sae_state;
+ u16 sae_send_confirm;
+#endif /* CONFIG_SAE */
};
diff --git a/src/ap/tkip_countermeasures.c b/src/ap/tkip_countermeasures.c
index dd5aa68..4a2ea06 100644
--- a/src/ap/tkip_countermeasures.c
+++ b/src/ap/tkip_countermeasures.c
@@ -66,9 +66,10 @@
}
-void michael_mic_failure(struct hostapd_data *hapd, const u8 *addr, int local)
+int michael_mic_failure(struct hostapd_data *hapd, const u8 *addr, int local)
{
struct os_time now;
+ int ret = 0;
if (addr && local) {
struct sta_info *sta = ap_get_sta(hapd, addr);
@@ -84,7 +85,7 @@
"MLME-MICHAELMICFAILURE.indication "
"for not associated STA (" MACSTR
") ignored", MAC2STR(addr));
- return;
+ return ret;
}
}
@@ -93,8 +94,12 @@
hapd->michael_mic_failures = 1;
} else {
hapd->michael_mic_failures++;
- if (hapd->michael_mic_failures > 1)
+ if (hapd->michael_mic_failures > 1) {
ieee80211_tkip_countermeasures_start(hapd);
+ ret = 1;
+ }
}
hapd->michael_mic_failure = now.sec;
+
+ return ret;
}
diff --git a/src/ap/tkip_countermeasures.h b/src/ap/tkip_countermeasures.h
index f7a6624..d3eaed3 100644
--- a/src/ap/tkip_countermeasures.h
+++ b/src/ap/tkip_countermeasures.h
@@ -1,6 +1,6 @@
/*
* hostapd / TKIP countermeasures
- * Copyright (c) 2002-2011, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -9,7 +9,7 @@
#ifndef TKIP_COUNTERMEASURES_H
#define TKIP_COUNTERMEASURES_H
-void michael_mic_failure(struct hostapd_data *hapd, const u8 *addr, int local);
+int michael_mic_failure(struct hostapd_data *hapd, const u8 *addr, int local);
void ieee80211_tkip_countermeasures_deinit(struct hostapd_data *hapd);
#endif /* TKIP_COUNTERMEASURES_H */
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 49d8175..0816b25 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -54,11 +54,12 @@
static const int dot11RSNAConfigSATimeout = 60;
-static inline void wpa_auth_mic_failure_report(
+static inline int wpa_auth_mic_failure_report(
struct wpa_authenticator *wpa_auth, const u8 *addr)
{
if (wpa_auth->cb.mic_failure_report)
- wpa_auth->cb.mic_failure_report(wpa_auth->cb.ctx, addr);
+ return wpa_auth->cb.mic_failure_report(wpa_auth->cb.ctx, addr);
+ return 0;
}
@@ -700,8 +701,8 @@
#endif /* CONFIG_IEEE80211R */
-static void wpa_receive_error_report(struct wpa_authenticator *wpa_auth,
- struct wpa_state_machine *sm, int group)
+static int wpa_receive_error_report(struct wpa_authenticator *wpa_auth,
+ struct wpa_state_machine *sm, int group)
{
/* Supplicant reported a Michael MIC error */
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
@@ -718,7 +719,8 @@
"ignore Michael MIC failure report since "
"pairwise cipher is not TKIP");
} else {
- wpa_auth_mic_failure_report(wpa_auth, sm->addr);
+ if (wpa_auth_mic_failure_report(wpa_auth, sm->addr) > 0)
+ return 1; /* STA entry was removed */
sm->dot11RSNAStatsTKIPRemoteMICFailures++;
wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
}
@@ -728,6 +730,7 @@
* Authenticator may do it, let's change the keys now anyway.
*/
wpa_request_new_ptk(sm);
+ return 0;
}
@@ -1081,9 +1084,10 @@
#endif /* CONFIG_PEERKEY */
return;
} else if (key_info & WPA_KEY_INFO_ERROR) {
- wpa_receive_error_report(
- wpa_auth, sm,
- !(key_info & WPA_KEY_INFO_KEY_TYPE));
+ if (wpa_receive_error_report(
+ wpa_auth, sm,
+ !(key_info & WPA_KEY_INFO_KEY_TYPE)) > 0)
+ return; /* STA entry was removed */
} else if (key_info & WPA_KEY_INFO_KEY_TYPE) {
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
"received EAPOL-Key Request for new "
@@ -3056,3 +3060,11 @@
wpa_send_eapol_timeout, wpa_auth, sm);
}
}
+
+
+int wpa_auth_uses_sae(struct wpa_state_machine *sm)
+{
+ if (sm == NULL)
+ return 0;
+ return wpa_key_mgmt_sae(sm->wpa_key_mgmt);
+}
diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index 91ba499..6ab170d 100644
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -177,7 +177,7 @@
void (*logger)(void *ctx, const u8 *addr, logger_level level,
const char *txt);
void (*disconnect)(void *ctx, const u8 *addr, u16 reason);
- void (*mic_failure_report)(void *ctx, const u8 *addr);
+ int (*mic_failure_report)(void *ctx, const u8 *addr);
void (*set_eapol)(void *ctx, const u8 *addr, wpa_eapol_variable var,
int value);
int (*get_eapol)(void *ctx, const u8 *addr, wpa_eapol_variable var);
@@ -291,4 +291,6 @@
#endif /* CONFIG_IEEE80211W */
#endif /* CONFIG_IEEE80211V */
+int wpa_auth_uses_sae(struct wpa_state_machine *sm);
+
#endif /* WPA_AUTH_H */
diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index bdc89e4..76c61ea 100644
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -112,10 +112,10 @@
}
-static void hostapd_wpa_auth_mic_failure_report(void *ctx, const u8 *addr)
+static int hostapd_wpa_auth_mic_failure_report(void *ctx, const u8 *addr)
{
struct hostapd_data *hapd = ctx;
- michael_mic_failure(hapd, addr, 0);
+ return michael_mic_failure(hapd, addr, 0);
}
@@ -188,10 +188,18 @@
/*
* This is about to iterate over all psks, prev_psk gives the last
* returned psk which should not be returned again.
- * logic list (all hostapd_get_psk; sta->psk)
+ * logic list (all hostapd_get_psk; all sta->psk)
*/
- if (sta && sta->psk && !psk && sta->psk != prev_psk)
- psk = sta->psk;
+ if (sta && sta->psk && !psk) {
+ struct hostapd_sta_wpa_psk_short *pos;
+ psk = sta->psk->psk;
+ for (pos = sta->psk; pos; pos = pos->next) {
+ if (pos->psk == prev_psk) {
+ psk = pos->next ? pos->next->psk : NULL;
+ break;
+ }
+ }
+ }
return psk;
}
diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c
index 1786230..4fd0135 100644
--- a/src/ap/wpa_auth_ie.c
+++ b/src/ap/wpa_auth_ie.c
@@ -188,6 +188,18 @@
num_suites++;
}
#endif /* CONFIG_IEEE80211W */
+#ifdef CONFIG_SAE
+ if (conf->wpa_key_mgmt & WPA_KEY_MGMT_SAE) {
+ RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_SAE);
+ pos += RSN_SELECTOR_LEN;
+ num_suites++;
+ }
+ if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_SAE) {
+ RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_SAE);
+ pos += RSN_SELECTOR_LEN;
+ num_suites++;
+ }
+#endif /* CONFIG_SAE */
#ifdef CONFIG_RSN_TESTING
if (rsn_testing) {
@@ -407,6 +419,12 @@
else if (data.key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
selector = RSN_AUTH_KEY_MGMT_PSK_SHA256;
#endif /* CONFIG_IEEE80211W */
+#ifdef CONFIG_SAE
+ else if (data.key_mgmt & WPA_KEY_MGMT_SAE)
+ selector = RSN_AUTH_KEY_MGMT_SAE;
+ else if (data.key_mgmt & WPA_KEY_MGMT_FT_SAE)
+ selector = RSN_AUTH_KEY_MGMT_FT_SAE;
+#endif /* CONFIG_SAE */
else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
else if (data.key_mgmt & WPA_KEY_MGMT_PSK)
@@ -479,6 +497,12 @@
else if (key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
#endif /* CONFIG_IEEE80211W */
+#ifdef CONFIG_SAE
+ else if (key_mgmt & WPA_KEY_MGMT_SAE)
+ sm->wpa_key_mgmt = WPA_KEY_MGMT_SAE;
+ else if (key_mgmt & WPA_KEY_MGMT_FT_SAE)
+ sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_SAE;
+#endif /* CONFIG_SAE */
else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X)
sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X;
else
diff --git a/src/ap/wps_hostapd.c b/src/ap/wps_hostapd.c
index 5e44c72..85633ec 100644
--- a/src/ap/wps_hostapd.c
+++ b/src/ap/wps_hostapd.c
@@ -11,8 +11,6 @@
#include "utils/common.h"
#include "utils/eloop.h"
#include "utils/uuid.h"
-#include "crypto/dh_groups.h"
-#include "crypto/dh_group5.h"
#include "common/wpa_ctrl.h"
#include "common/ieee802_11_defs.h"
#include "common/ieee802_11_common.h"
@@ -1036,8 +1034,6 @@
wps_device_data_free(&hapd->wps->dev);
wpabuf_free(hapd->wps->dh_pubkey);
wpabuf_free(hapd->wps->dh_privkey);
- wpabuf_free(hapd->wps->oob_conf.pubkey_hash);
- wpabuf_free(hapd->wps->oob_conf.dev_password);
wps_free_pending_msgs(hapd->wps->upnp_msgs);
hostapd_wps_nfc_clear(hapd->wps);
os_free(hapd->wps);
@@ -1155,60 +1151,6 @@
}
-#ifdef CONFIG_WPS_OOB
-int hostapd_wps_start_oob(struct hostapd_data *hapd, char *device_type,
- char *path, char *method, char *name)
-{
- struct wps_context *wps = hapd->wps;
- struct oob_device_data *oob_dev;
-
- oob_dev = wps_get_oob_device(device_type);
- if (oob_dev == NULL)
- return -1;
- oob_dev->device_path = path;
- oob_dev->device_name = name;
- wps->oob_conf.oob_method = wps_get_oob_method(method);
-
- if (wps->oob_conf.oob_method == OOB_METHOD_DEV_PWD_R) {
- /*
- * Use pre-configured DH keys in order to be able to write the
- * key hash into the OOB file.
- */
- wpabuf_free(wps->dh_pubkey);
- wpabuf_free(wps->dh_privkey);
- wps->dh_privkey = NULL;
- wps->dh_pubkey = dh_init(dh_groups_get(WPS_DH_GROUP),
- &wps->dh_privkey);
- wps->dh_pubkey = wpabuf_zeropad(wps->dh_pubkey, 192);
- if (wps->dh_pubkey == NULL) {
- wpa_printf(MSG_ERROR, "WPS: Failed to initialize "
- "Diffie-Hellman handshake");
- return -1;
- }
- }
-
- if (wps_process_oob(wps, oob_dev, 1) < 0)
- goto error;
-
- if ((wps->oob_conf.oob_method == OOB_METHOD_DEV_PWD_E ||
- wps->oob_conf.oob_method == OOB_METHOD_DEV_PWD_R) &&
- hostapd_wps_add_pin(hapd, NULL, "any",
- wpabuf_head(wps->oob_conf.dev_password), 0) <
- 0)
- goto error;
-
- return 0;
-
-error:
- wpabuf_free(wps->dh_pubkey);
- wps->dh_pubkey = NULL;
- wpabuf_free(wps->dh_privkey);
- wps->dh_privkey = NULL;
- return -1;
-}
-#endif /* CONFIG_WPS_OOB */
-
-
static int hostapd_wps_probe_req_rx(void *ctx, const u8 *addr, const u8 *da,
const u8 *bssid,
const u8 *ie, size_t ie_len,
diff --git a/src/ap/wps_hostapd.h b/src/ap/wps_hostapd.h
index f968e15..4e5026b 100644
--- a/src/ap/wps_hostapd.h
+++ b/src/ap/wps_hostapd.h
@@ -21,8 +21,6 @@
int hostapd_wps_button_pushed(struct hostapd_data *hapd,
const u8 *p2p_dev_addr);
int hostapd_wps_cancel(struct hostapd_data *hapd);
-int hostapd_wps_start_oob(struct hostapd_data *hapd, char *device_type,
- char *path, char *method, char *name);
int hostapd_wps_get_mib_sta(struct hostapd_data *hapd, const u8 *addr,
char *buf, size_t buflen);
void hostapd_wps_ap_pin_disable(struct hostapd_data *hapd);
diff --git a/src/common/defs.h b/src/common/defs.h
index db29b5d..85e9932 100644
--- a/src/common/defs.h
+++ b/src/common/defs.h
@@ -27,6 +27,7 @@
#define WPA_CIPHER_AES_128_CMAC BIT(5)
#endif /* CONFIG_IEEE80211W */
#define WPA_CIPHER_GCMP BIT(6)
+#define WPA_CIPHER_SMS4 BIT(7)
#define WPA_KEY_MGMT_IEEE8021X BIT(0)
#define WPA_KEY_MGMT_PSK BIT(1)
@@ -38,11 +39,17 @@
#define WPA_KEY_MGMT_IEEE8021X_SHA256 BIT(7)
#define WPA_KEY_MGMT_PSK_SHA256 BIT(8)
#define WPA_KEY_MGMT_WPS BIT(9)
+#define WPA_KEY_MGMT_SAE BIT(10)
+#define WPA_KEY_MGMT_FT_SAE BIT(11)
+#define WPA_KEY_MGMT_WAPI_PSK BIT(12)
+#define WPA_KEY_MGMT_WAPI_CERT BIT(13)
+#define WPA_KEY_MGMT_CCKM BIT(14)
static inline int wpa_key_mgmt_wpa_ieee8021x(int akm)
{
return !!(akm & (WPA_KEY_MGMT_IEEE8021X |
WPA_KEY_MGMT_FT_IEEE8021X |
+ WPA_KEY_MGMT_CCKM |
WPA_KEY_MGMT_IEEE8021X_SHA256));
}
@@ -50,13 +57,21 @@
{
return !!(akm & (WPA_KEY_MGMT_PSK |
WPA_KEY_MGMT_FT_PSK |
- WPA_KEY_MGMT_PSK_SHA256));
+ WPA_KEY_MGMT_PSK_SHA256 |
+ WPA_KEY_MGMT_SAE));
}
static inline int wpa_key_mgmt_ft(int akm)
{
return !!(akm & (WPA_KEY_MGMT_FT_PSK |
- WPA_KEY_MGMT_FT_IEEE8021X));
+ WPA_KEY_MGMT_FT_IEEE8021X |
+ WPA_KEY_MGMT_FT_SAE));
+}
+
+static inline int wpa_key_mgmt_sae(int akm)
+{
+ return !!(akm & (WPA_KEY_MGMT_SAE |
+ WPA_KEY_MGMT_FT_SAE));
}
static inline int wpa_key_mgmt_sha256(int akm)
@@ -76,14 +91,21 @@
return wpa_key_mgmt_wpa(akm) || (akm & WPA_KEY_MGMT_WPA_NONE);
}
+static inline int wpa_key_mgmt_cckm(int akm)
+{
+ return akm == WPA_KEY_MGMT_CCKM;
+}
+
#define WPA_PROTO_WPA BIT(0)
#define WPA_PROTO_RSN BIT(1)
+#define WPA_PROTO_WAPI BIT(2)
#define WPA_AUTH_ALG_OPEN BIT(0)
#define WPA_AUTH_ALG_SHARED BIT(1)
#define WPA_AUTH_ALG_LEAP BIT(2)
#define WPA_AUTH_ALG_FT BIT(3)
+#define WPA_AUTH_ALG_SAE BIT(4)
enum wpa_alg {
@@ -93,7 +115,9 @@
WPA_ALG_CCMP,
WPA_ALG_IGTK,
WPA_ALG_PMK,
- WPA_ALG_GCMP
+ WPA_ALG_GCMP,
+ WPA_ALG_SMS4,
+ WPA_ALG_KRK
};
/**
@@ -105,7 +129,8 @@
CIPHER_TKIP,
CIPHER_CCMP,
CIPHER_WEP104,
- CIPHER_GCMP
+ CIPHER_GCMP,
+ CIPHER_SMS4
};
/**
@@ -121,7 +146,12 @@
KEY_MGMT_FT_PSK,
KEY_MGMT_802_1X_SHA256,
KEY_MGMT_PSK_SHA256,
- KEY_MGMT_WPS
+ KEY_MGMT_WPS,
+ KEY_MGMT_SAE,
+ KEY_MGMT_FT_SAE,
+ KEY_MGMT_WAPI_PSK,
+ KEY_MGMT_WAPI_CERT,
+ KEY_MGMT_CCKM
};
/**
@@ -256,8 +286,9 @@
enum mfp_options {
NO_MGMT_FRAME_PROTECTION = 0,
MGMT_FRAME_PROTECTION_OPTIONAL = 1,
- MGMT_FRAME_PROTECTION_REQUIRED = 2
+ MGMT_FRAME_PROTECTION_REQUIRED = 2,
};
+#define MGMT_FRAME_PROTECTION_DEFAULT 3
/**
* enum hostapd_hw_mode - Hardware mode
diff --git a/src/common/ieee802_11_defs.h b/src/common/ieee802_11_defs.h
index 2ab7fbf..07c8580 100644
--- a/src/common/ieee802_11_defs.h
+++ b/src/common/ieee802_11_defs.h
@@ -76,6 +76,7 @@
#define WLAN_AUTH_OPEN 0
#define WLAN_AUTH_SHARED_KEY 1
#define WLAN_AUTH_FT 2
+#define WLAN_AUTH_SAE 3
#define WLAN_AUTH_LEAP 128
#define WLAN_AUTH_CHALLENGE_LEN 128
@@ -157,6 +158,8 @@
#define WLAN_STATUS_REQ_REFUSED_SSPN 67
#define WLAN_STATUS_REQ_REFUSED_UNAUTH_ACCESS 68
#define WLAN_STATUS_INVALID_RSNIE 72
+#define WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ 76
+#define WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED 77
#define WLAN_STATUS_TRANSMISSION_FAILURE 79
/* Reason codes (IEEE 802.11-2007, 7.3.1.7, Table 7-22) */
@@ -223,6 +226,7 @@
#define WLAN_EID_RIC_DATA 57
#define WLAN_EID_HT_OPERATION 61
#define WLAN_EID_SECONDARY_CHANNEL_OFFSET 62
+#define WLAN_EID_WAPI 68
#define WLAN_EID_TIME_ADVERTISEMENT 69
#define WLAN_EID_20_40_BSS_COEXISTENCE 72
#define WLAN_EID_20_40_BSS_INTOLERANT 73
@@ -238,6 +242,7 @@
#define WLAN_EID_ADV_PROTO 108
#define WLAN_EID_ROAMING_CONSORTIUM 111
#define WLAN_EID_EXT_CAPAB 127
+#define WLAN_EID_CCKM 156
#define WLAN_EID_VHT_CAP 191
#define WLAN_EID_VHT_OPERATION 192
#define WLAN_EID_VHT_EXTENDED_BSS_LOAD 193
@@ -666,6 +671,7 @@
#define HT_INFO_STBC_PARAM_PCO_ACTIVE ((u16) BIT(10))
#define HT_INFO_STBC_PARAM_PCO_PHASE ((u16) BIT(11))
+#define BSS_MEMBERSHIP_SELECTOR_VHT_PHY 126
#define BSS_MEMBERSHIP_SELECTOR_HT_PHY 127
/* VHT Defines */
@@ -966,9 +972,17 @@
#define WLAN_CIPHER_SUITE_NO_GROUP_ADDR 0x000FAC07
#define WLAN_CIPHER_SUITE_GCMP 0x000FAC08
+#define WLAN_CIPHER_SUITE_SMS4 0x00147201
+
+#define WLAN_CIPHER_SUITE_CKIP 0x00409600
+#define WLAN_CIPHER_SUITE_CKIP_CMIC 0x00409601
+#define WLAN_CIPHER_SUITE_CMIC 0x00409602
+#define WLAN_CIPHER_SUITE_KRK 0x004096FF /* for nl80211 use only */
+
/* AKM suite selectors */
#define WLAN_AKM_SUITE_8021X 0x000FAC01
#define WLAN_AKM_SUITE_PSK 0x000FAC02
+#define WLAN_AKM_SUITE_CCKM 0x00409600
/* IEEE 802.11v - WNM Action field values */
diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c
index 36c308a..8d7a11c 100644
--- a/src/common/wpa_common.c
+++ b/src/common/wpa_common.c
@@ -376,6 +376,12 @@
if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_PSK_SHA256)
return WPA_KEY_MGMT_PSK_SHA256;
#endif /* CONFIG_IEEE80211W */
+#ifdef CONFIG_SAE
+ if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_SAE)
+ return WPA_KEY_MGMT_SAE;
+ if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_FT_SAE)
+ return WPA_KEY_MGMT_FT_SAE;
+#endif /* CONFIG_SAE */
return 0;
}
#endif /* CONFIG_NO_WPA2 */
diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
index 603166b..20c79d8 100644
--- a/src/common/wpa_common.h
+++ b/src/common/wpa_common.h
@@ -32,6 +32,7 @@
#define WPA_AUTH_KEY_MGMT_NONE RSN_SELECTOR(0x00, 0x50, 0xf2, 0)
#define WPA_AUTH_KEY_MGMT_UNSPEC_802_1X RSN_SELECTOR(0x00, 0x50, 0xf2, 1)
#define WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X RSN_SELECTOR(0x00, 0x50, 0xf2, 2)
+#define WPA_AUTH_KEY_MGMT_CCKM RSN_SELECTOR(0x00, 0x40, 0x96, 0)
#define WPA_CIPHER_SUITE_NONE RSN_SELECTOR(0x00, 0x50, 0xf2, 0)
#define WPA_CIPHER_SUITE_WEP40 RSN_SELECTOR(0x00, 0x50, 0xf2, 1)
#define WPA_CIPHER_SUITE_TKIP RSN_SELECTOR(0x00, 0x50, 0xf2, 2)
@@ -51,6 +52,9 @@
#define RSN_AUTH_KEY_MGMT_802_1X_SHA256 RSN_SELECTOR(0x00, 0x0f, 0xac, 5)
#define RSN_AUTH_KEY_MGMT_PSK_SHA256 RSN_SELECTOR(0x00, 0x0f, 0xac, 6)
#define RSN_AUTH_KEY_MGMT_TPK_HANDSHAKE RSN_SELECTOR(0x00, 0x0f, 0xac, 7)
+#define RSN_AUTH_KEY_MGMT_SAE RSN_SELECTOR(0x00, 0x0f, 0xac, 8)
+#define RSN_AUTH_KEY_MGMT_FT_SAE RSN_SELECTOR(0x00, 0x0f, 0xac, 9)
+#define RSN_AUTH_KEY_MGMT_CCKM RSN_SELECTOR(0x00, 0x40, 0x96, 0x00)
#define RSN_CIPHER_SUITE_NONE RSN_SELECTOR(0x00, 0x0f, 0xac, 0)
#define RSN_CIPHER_SUITE_WEP40 RSN_SELECTOR(0x00, 0x0f, 0xac, 1)
diff --git a/src/crypto/md5-internal.c b/src/crypto/md5-internal.c
index 790a6f3..f0a2a5d 100644
--- a/src/crypto/md5-internal.c
+++ b/src/crypto/md5-internal.c
@@ -176,8 +176,8 @@
byteReverse(ctx->in, 14);
/* Append length in bits and transform */
- ((u32 *) ctx->in)[14] = ctx->bits[0];
- ((u32 *) ctx->in)[15] = ctx->bits[1];
+ ((u32 *) aliasing_hide_typecast(ctx->in, u32))[14] = ctx->bits[0];
+ ((u32 *) aliasing_hide_typecast(ctx->in, u32))[15] = ctx->bits[1];
MD5Transform(ctx->buf, (u32 *) ctx->in);
byteReverse((unsigned char *) ctx->buf, 4);
diff --git a/src/drivers/driver.h b/src/drivers/driver.h
index e9f926f..f7bdc2c 100644
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -41,7 +41,7 @@
/**
* freq - Frequency in MHz
*/
- short freq;
+ int freq;
/**
* flag - Channel flags (HOSTAPD_CHAN_*)
@@ -314,6 +314,9 @@
*/
int p2p;
+ const u8 *sae_data;
+ size_t sae_data_len;
+
};
enum wps_mode {
@@ -758,6 +761,7 @@
#define WPA_DRIVER_CAPA_KEY_MGMT_WPA_NONE 0x00000010
#define WPA_DRIVER_CAPA_KEY_MGMT_FT 0x00000020
#define WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK 0x00000040
+#define WPA_DRIVER_CAPA_KEY_MGMT_WAPI_PSK 0x00000080
unsigned int key_mgmt;
#define WPA_DRIVER_CAPA_ENC_WEP40 0x00000001
@@ -834,6 +838,10 @@
#define WPA_DRIVER_FLAGS_INACTIVITY_TIMER 0x00800000
/* Driver expects user space implementation of MLME in AP mode */
#define WPA_DRIVER_FLAGS_AP_MLME 0x01000000
+/* Driver supports SAE with user space SME */
+#define WPA_DRIVER_FLAGS_SAE 0x02000000
+/* Driver makes use of OBSS scan mechanism in wpa_supplicant */
+#define WPA_DRIVER_FLAGS_OBSS_SCAN 0x04000000
unsigned int flags;
int max_scan_ssids;
@@ -1195,17 +1203,6 @@
int (*deauthenticate)(void *priv, const u8 *addr, int reason_code);
/**
- * disassociate - Request driver to disassociate
- * @priv: private driver interface data
- * @addr: peer address (BSSID of the AP)
- * @reason_code: 16-bit reason code to be sent in the disassociation
- * frame
- *
- * Returns: 0 on success, -1 on failure
- */
- int (*disassociate)(void *priv, const u8 *addr, int reason_code);
-
- /**
* associate - Request driver to associate
* @priv: private driver interface data
* @params: association parameters
diff --git a/src/drivers/driver_atheros.c b/src/drivers/driver_atheros.c
index 5f2e675..a0a5210 100644
--- a/src/drivers/driver_atheros.c
+++ b/src/drivers/driver_atheros.c
@@ -976,8 +976,6 @@
if (drv->sock_raw == NULL)
return -1;
#endif /* CONFIG_WPS || CONFIG_IEEE80211R */
- if (l2_packet_get_own_addr(drv->sock_xmit, drv->own_addr))
- return -1;
return ret;
}
@@ -1656,6 +1654,7 @@
goto bad;
if (l2_packet_get_own_addr(drv->sock_xmit, params->own_addr))
goto bad;
+ os_memcpy(drv->own_addr, params->own_addr, ETH_ALEN);
if (params->bridge[0]) {
wpa_printf(MSG_DEBUG, "Configure bridge %s for EAPOL traffic.",
params->bridge[0]);
diff --git a/src/drivers/driver_bsd.c b/src/drivers/driver_bsd.c
index a2b34c1..9d869b1 100644
--- a/src/drivers/driver_bsd.c
+++ b/src/drivers/driver_bsd.c
@@ -973,13 +973,6 @@
}
static int
-wpa_driver_bsd_disassociate(void *priv, const u8 *addr, int reason_code)
-{
- return bsd_send_mlme_param(priv, IEEE80211_MLME_DISASSOC, reason_code,
- addr);
-}
-
-static int
wpa_driver_bsd_set_auth_alg(void *priv, int auth_alg)
{
int authmode;
@@ -1564,7 +1557,6 @@
.scan2 = wpa_driver_bsd_scan,
.get_scan_results2 = wpa_driver_bsd_get_scan_results2,
.deauthenticate = wpa_driver_bsd_deauthenticate,
- .disassociate = wpa_driver_bsd_disassociate,
.associate = wpa_driver_bsd_associate,
.get_capa = wpa_driver_bsd_get_capa,
#endif /* HOSTAPD */
diff --git a/src/drivers/driver_ndis.c b/src/drivers/driver_ndis.c
index b9e096c..7af3317 100644
--- a/src/drivers/driver_ndis.c
+++ b/src/drivers/driver_ndis.c
@@ -725,14 +725,6 @@
}
-static int wpa_driver_ndis_disassociate(void *priv, const u8 *addr,
- int reason_code)
-{
- struct wpa_driver_ndis_data *drv = priv;
- return wpa_driver_ndis_disconnect(drv);
-}
-
-
static void wpa_driver_ndis_scan_timeout(void *eloop_ctx, void *timeout_ctx)
{
wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
@@ -3223,7 +3215,6 @@
wpa_driver_ndis_ops.init = wpa_driver_ndis_init;
wpa_driver_ndis_ops.deinit = wpa_driver_ndis_deinit;
wpa_driver_ndis_ops.deauthenticate = wpa_driver_ndis_deauthenticate;
- wpa_driver_ndis_ops.disassociate = wpa_driver_ndis_disassociate;
wpa_driver_ndis_ops.associate = wpa_driver_ndis_associate;
wpa_driver_ndis_ops.add_pmkid = wpa_driver_ndis_add_pmkid;
wpa_driver_ndis_ops.remove_pmkid = wpa_driver_ndis_remove_pmkid;
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index 4574938..a0644b4 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -244,6 +244,7 @@
unsigned int scan_for_auth:1;
unsigned int retry_auth:1;
unsigned int use_monitor:1;
+ unsigned int ignore_next_local_disconnect:1;
u64 remain_on_chan_cookie;
u64 send_action_cookie;
@@ -1038,6 +1039,7 @@
const struct ieee80211_mgmt *mgmt;
union wpa_event_data event;
+ wpa_printf(MSG_DEBUG, "nl80211: Authenticate event");
mgmt = (const struct ieee80211_mgmt *) frame;
if (len < 24 + sizeof(mgmt->u.auth)) {
wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
@@ -1049,6 +1051,8 @@
os_memset(&event, 0, sizeof(event));
os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN);
event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg);
+ event.auth.auth_transaction =
+ le_to_host16(mgmt->u.auth.auth_transaction);
event.auth.status_code = le_to_host16(mgmt->u.auth.status_code);
if (len > 24 + sizeof(mgmt->u.auth)) {
event.auth.ies = mgmt->u.auth.variable;
@@ -1097,6 +1101,7 @@
union wpa_event_data event;
u16 status;
+ wpa_printf(MSG_DEBUG, "nl80211: Associate event");
mgmt = (const struct ieee80211_mgmt *) frame;
if (len < 24 + sizeof(mgmt->u.assoc_resp)) {
wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
@@ -1153,6 +1158,11 @@
return;
}
+ if (cmd == NL80211_CMD_CONNECT)
+ wpa_printf(MSG_DEBUG, "nl80211: Connect event");
+ else if (cmd == NL80211_CMD_ROAM)
+ wpa_printf(MSG_DEBUG, "nl80211: Roam event");
+
os_memset(&event, 0, sizeof(event));
if (cmd == NL80211_CMD_CONNECT &&
nla_get_u16(status) != WLAN_STATUS_SUCCESS) {
@@ -1191,6 +1201,7 @@
struct nlattr *by_ap)
{
union wpa_event_data data;
+ unsigned int locally_generated = by_ap == NULL;
if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
/*
@@ -1202,6 +1213,19 @@
return;
}
+ if (drv->ignore_next_local_disconnect) {
+ drv->ignore_next_local_disconnect = 0;
+ if (locally_generated) {
+ wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect "
+ "event triggered during reassociation");
+ return;
+ }
+ wpa_printf(MSG_WARNING, "nl80211: Was expecting local "
+ "disconnect but got another disconnect "
+ "event first");
+ }
+
+ wpa_printf(MSG_DEBUG, "nl80211: Disconnect event");
drv->associated = 0;
os_memset(&data, 0, sizeof(data));
if (reason)
@@ -1279,6 +1303,7 @@
u16 fc, stype;
int ssi_signal = 0;
+ wpa_printf(MSG_DEBUG, "nl80211: Frame event");
mgmt = (const struct ieee80211_mgmt *) frame;
if (len < 24) {
wpa_printf(MSG_DEBUG, "nl80211: Too short action frame");
@@ -1321,6 +1346,7 @@
const struct ieee80211_hdr *hdr;
u16 fc;
+ wpa_printf(MSG_DEBUG, "nl80211: Frame TX status event");
if (!is_ap_interface(drv->nlmode)) {
u64 cookie_val;
@@ -1360,6 +1386,11 @@
const u8 *bssid = NULL;
u16 reason_code = 0;
+ if (type == EVENT_DEAUTH)
+ wpa_printf(MSG_DEBUG, "nl80211: Deauthenticate event");
+ else
+ wpa_printf(MSG_DEBUG, "nl80211: Disassociate event");
+
mgmt = (const struct ieee80211_mgmt *) frame;
if (len >= 24) {
bssid = mgmt->bssid;
@@ -1420,6 +1451,11 @@
union wpa_event_data event;
u16 reason_code = 0;
+ if (type == EVENT_UNPROT_DEAUTH)
+ wpa_printf(MSG_DEBUG, "nl80211: Unprot Deauthenticate event");
+ else
+ wpa_printf(MSG_DEBUG, "nl80211: Unprot Disassociate event");
+
if (len < 24)
return;
@@ -2046,6 +2082,8 @@
};
union wpa_event_data data;
+ wpa_printf(MSG_DEBUG, "nl80211: PMKSA candidate event");
+
if (!tb[NL80211_ATTR_PMKSA_CANDIDATE])
return;
if (nla_parse_nested(cand, MAX_NL80211_PMKSA_CANDIDATE,
@@ -2071,6 +2109,8 @@
{
union wpa_event_data data;
+ wpa_printf(MSG_DEBUG, "nl80211: Probe client event");
+
if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_ACK])
return;
@@ -2082,6 +2122,43 @@
}
+static void nl80211_tdls_oper_event(struct wpa_driver_nl80211_data *drv,
+ struct nlattr **tb)
+{
+ union wpa_event_data data;
+
+ wpa_printf(MSG_DEBUG, "nl80211: TDLS operation event");
+
+ if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_TDLS_OPERATION])
+ return;
+
+ os_memset(&data, 0, sizeof(data));
+ os_memcpy(data.tdls.peer, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN);
+ switch (nla_get_u8(tb[NL80211_ATTR_TDLS_OPERATION])) {
+ case NL80211_TDLS_SETUP:
+ wpa_printf(MSG_DEBUG, "nl80211: TDLS setup request for peer "
+ MACSTR, MAC2STR(data.tdls.peer));
+ data.tdls.oper = TDLS_REQUEST_SETUP;
+ break;
+ case NL80211_TDLS_TEARDOWN:
+ wpa_printf(MSG_DEBUG, "nl80211: TDLS teardown request for peer "
+ MACSTR, MAC2STR(data.tdls.peer));
+ data.tdls.oper = TDLS_REQUEST_TEARDOWN;
+ break;
+ default:
+ wpa_printf(MSG_DEBUG, "nl80211: Unsupported TDLS operatione "
+ "event");
+ return;
+ }
+ if (tb[NL80211_ATTR_REASON_CODE]) {
+ data.tdls.reason_code =
+ nla_get_u16(tb[NL80211_ATTR_REASON_CODE]);
+ }
+
+ wpa_supplicant_event(drv->ctx, EVENT_TDLS, &data);
+}
+
+
static void nl80211_spurious_frame(struct i802_bss *bss, struct nlattr **tb,
int wds)
{
@@ -2214,6 +2291,9 @@
case NL80211_CMD_PROBE_CLIENT:
nl80211_client_probe_event(drv, tb);
break;
+ case NL80211_CMD_TDLS_OPER:
+ nl80211_tdls_oper_event(drv, tb);
+ break;
default:
wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event "
"(cmd=%d)", cmd);
@@ -2587,6 +2667,12 @@
if (flags & NL80211_FEATURE_INACTIVITY_TIMER)
capa->flags |= WPA_DRIVER_FLAGS_INACTIVITY_TIMER;
+
+ if (flags & NL80211_FEATURE_SAE)
+ capa->flags |= WPA_DRIVER_FLAGS_SAE;
+
+ if (flags & NL80211_FEATURE_NEED_OBSS_SCAN)
+ capa->flags |= WPA_DRIVER_FLAGS_OBSS_SCAN;
}
if (tb[NL80211_ATTR_PROBE_RESP_OFFLOAD]) {
@@ -4227,6 +4313,14 @@
NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
WLAN_CIPHER_SUITE_AES_CMAC);
break;
+ case WPA_ALG_SMS4:
+ NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
+ WLAN_CIPHER_SUITE_SMS4);
+ break;
+ case WPA_ALG_KRK:
+ NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
+ WLAN_CIPHER_SUITE_KRK);
+ break;
default:
wpa_printf(MSG_ERROR, "%s: Unsupported encryption "
"algorithm %d", __func__, alg);
@@ -4464,7 +4558,8 @@
NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason_code);
- NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
+ if (addr)
+ NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
if (local_state_change)
NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE);
@@ -4485,12 +4580,13 @@
static int wpa_driver_nl80211_disconnect(struct wpa_driver_nl80211_data *drv,
- const u8 *addr, int reason_code)
+ int reason_code)
{
- wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)",
- __func__, MAC2STR(addr), reason_code);
+ wpa_printf(MSG_DEBUG, "%s(reason_code=%d)", __func__, reason_code);
drv->associated = 0;
- return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISCONNECT,
+ drv->ignore_next_local_disconnect = 0;
+ /* Disconnect command doesn't need BSSID - it uses cached value */
+ return wpa_driver_nl80211_mlme(drv, NULL, NL80211_CMD_DISCONNECT,
reason_code, 0);
}
@@ -4501,7 +4597,7 @@
struct i802_bss *bss = priv;
struct wpa_driver_nl80211_data *drv = bss->drv;
if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME))
- return wpa_driver_nl80211_disconnect(drv, addr, reason_code);
+ return wpa_driver_nl80211_disconnect(drv, reason_code);
wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)",
__func__, MAC2STR(addr), reason_code);
drv->associated = 0;
@@ -4512,20 +4608,6 @@
}
-static int wpa_driver_nl80211_disassociate(void *priv, const u8 *addr,
- int reason_code)
-{
- struct i802_bss *bss = priv;
- struct wpa_driver_nl80211_data *drv = bss->drv;
- if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME))
- return wpa_driver_nl80211_disconnect(drv, addr, reason_code);
- wpa_printf(MSG_DEBUG, "%s", __func__);
- drv->associated = 0;
- return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISASSOCIATE,
- reason_code, 0);
-}
-
-
static void nl80211_copy_auth_params(struct wpa_driver_nl80211_data *drv,
struct wpa_driver_auth_params *params)
{
@@ -4642,6 +4724,12 @@
wpa_hexdump(MSG_DEBUG, " * IEs", params->ie, params->ie_len);
if (params->ie)
NLA_PUT(msg, NL80211_ATTR_IE, params->ie_len, params->ie);
+ if (params->sae_data) {
+ wpa_hexdump(MSG_DEBUG, " * SAE data", params->sae_data,
+ params->sae_data_len);
+ NLA_PUT(msg, NL80211_ATTR_SAE_DATA, params->sae_data_len,
+ params->sae_data);
+ }
if (params->auth_alg & WPA_AUTH_ALG_OPEN)
type = NL80211_AUTHTYPE_OPEN_SYSTEM;
else if (params->auth_alg & WPA_AUTH_ALG_SHARED)
@@ -4650,6 +4738,8 @@
type = NL80211_AUTHTYPE_NETWORK_EAP;
else if (params->auth_alg & WPA_AUTH_ALG_FT)
type = NL80211_AUTHTYPE_FT;
+ else if (params->auth_alg & WPA_AUTH_ALG_SAE)
+ type = NL80211_AUTHTYPE_SAE;
else
goto nla_put_failure;
wpa_printf(MSG_DEBUG, " * Auth Type %d", type);
@@ -5267,7 +5357,7 @@
if (noack)
txflags |= IEEE80211_RADIOTAP_F_TX_NOACK;
- *(le16 *) &rtap_hdr[12] = host_to_le16(txflags);
+ WPA_PUT_LE16(&rtap_hdr[12], txflags);
res = sendmsg(drv->monitor_sock, &msg, 0);
if (res < 0) {
@@ -6648,56 +6738,7 @@
}
-static unsigned int nl80211_get_assoc_bssid(struct wpa_driver_nl80211_data *drv,
- u8 *bssid)
-{
- struct nl_msg *msg;
- int ret;
- struct nl80211_bss_info_arg arg;
-
- os_memset(&arg, 0, sizeof(arg));
- msg = nlmsg_alloc();
- if (!msg)
- goto nla_put_failure;
-
- nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN);
- NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
-
- arg.drv = drv;
- ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg);
- msg = NULL;
- if (ret == 0) {
- if (is_zero_ether_addr(arg.assoc_bssid))
- return -ENOTCONN;
- os_memcpy(bssid, arg.assoc_bssid, ETH_ALEN);
- return 0;
- }
- wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d "
- "(%s)", ret, strerror(-ret));
-nla_put_failure:
- nlmsg_free(msg);
- return drv->assoc_freq;
-}
-
-
-static int nl80211_disconnect(struct wpa_driver_nl80211_data *drv,
- const u8 *bssid)
-{
- u8 addr[ETH_ALEN];
-
- if (bssid == NULL) {
- int res = nl80211_get_assoc_bssid(drv, addr);
- if (res)
- return res;
- bssid = addr;
- }
-
- return wpa_driver_nl80211_disconnect(drv, bssid,
- WLAN_REASON_PREV_AUTH_NOT_VALID);
-}
-
-
-static int wpa_driver_nl80211_connect(
+static int wpa_driver_nl80211_try_connect(
struct wpa_driver_nl80211_data *drv,
struct wpa_driver_associate_params *params)
{
@@ -6788,6 +6829,9 @@
int cipher;
switch (params->pairwise_suite) {
+ case CIPHER_SMS4:
+ cipher = WLAN_CIPHER_SUITE_SMS4;
+ break;
case CIPHER_WEP40:
cipher = WLAN_CIPHER_SUITE_WEP40;
break;
@@ -6812,6 +6856,9 @@
int cipher;
switch (params->group_suite) {
+ case CIPHER_SMS4:
+ cipher = WLAN_CIPHER_SUITE_SMS4;
+ break;
case CIPHER_WEP40:
cipher = WLAN_CIPHER_SUITE_WEP40;
break;
@@ -6833,10 +6880,14 @@
}
if (params->key_mgmt_suite == KEY_MGMT_802_1X ||
- params->key_mgmt_suite == KEY_MGMT_PSK) {
+ params->key_mgmt_suite == KEY_MGMT_PSK ||
+ params->key_mgmt_suite == KEY_MGMT_CCKM) {
int mgmt = WLAN_AKM_SUITE_PSK;
switch (params->key_mgmt_suite) {
+ case KEY_MGMT_CCKM:
+ mgmt = WLAN_AKM_SUITE_CCKM;
+ break;
case KEY_MGMT_802_1X:
mgmt = WLAN_AKM_SUITE_8021X;
break;
@@ -6867,14 +6918,6 @@
if (ret) {
wpa_printf(MSG_DEBUG, "nl80211: MLME connect failed: ret=%d "
"(%s)", ret, strerror(-ret));
- /*
- * cfg80211 does not currently accept new connection if we are
- * already connected. As a workaround, force disconnection and
- * try again once the driver indicates it completed
- * disconnection.
- */
- if (ret == -EALREADY)
- nl80211_disconnect(drv, params->bssid);
goto nla_put_failure;
}
ret = 0;
@@ -6887,6 +6930,31 @@
}
+static int wpa_driver_nl80211_connect(
+ struct wpa_driver_nl80211_data *drv,
+ struct wpa_driver_associate_params *params)
+{
+ int ret = wpa_driver_nl80211_try_connect(drv, params);
+ if (ret == -EALREADY) {
+ /*
+ * cfg80211 does not currently accept new connections if
+ * we are already connected. As a workaround, force
+ * disconnection and try again.
+ */
+ wpa_printf(MSG_DEBUG, "nl80211: Explicitly "
+ "disconnecting before reassociation "
+ "attempt");
+ if (wpa_driver_nl80211_disconnect(
+ drv, WLAN_REASON_PREV_AUTH_NOT_VALID))
+ return -1;
+ /* Ignore the next local disconnect message. */
+ drv->ignore_next_local_disconnect = 1;
+ ret = wpa_driver_nl80211_try_connect(drv, params);
+ }
+ return ret;
+}
+
+
static int wpa_driver_nl80211_associate(
void *priv, struct wpa_driver_associate_params *params)
{
@@ -9186,7 +9254,6 @@
.stop_sched_scan = wpa_driver_nl80211_stop_sched_scan,
.get_scan_results2 = wpa_driver_nl80211_get_scan_results,
.deauthenticate = wpa_driver_nl80211_deauthenticate,
- .disassociate = wpa_driver_nl80211_disassociate,
.authenticate = wpa_driver_nl80211_authenticate,
.associate = wpa_driver_nl80211_associate,
.global_init = nl80211_global_init,
diff --git a/src/drivers/driver_privsep.c b/src/drivers/driver_privsep.c
index 9481cbf..ed88e71 100644
--- a/src/drivers/driver_privsep.c
+++ b/src/drivers/driver_privsep.c
@@ -304,17 +304,6 @@
}
-static int wpa_driver_privsep_disassociate(void *priv, const u8 *addr,
- int reason_code)
-{
- //struct wpa_driver_privsep_data *drv = priv;
- wpa_printf(MSG_DEBUG, "%s addr=" MACSTR " reason_code=%d",
- __func__, MAC2STR(addr), reason_code);
- wpa_printf(MSG_DEBUG, "%s - TODO", __func__);
- return 0;
-}
-
-
static void wpa_driver_privsep_event_assoc(void *ctx,
enum wpa_event_type event,
u8 *buf, size_t len)
@@ -736,7 +725,6 @@
.set_param = wpa_driver_privsep_set_param,
.scan2 = wpa_driver_privsep_scan,
.deauthenticate = wpa_driver_privsep_deauthenticate,
- .disassociate = wpa_driver_privsep_disassociate,
.associate = wpa_driver_privsep_associate,
.get_capa = wpa_driver_privsep_get_capa,
.get_mac_addr = wpa_driver_privsep_get_mac_addr,
diff --git a/src/drivers/driver_test.c b/src/drivers/driver_test.c
index e7bf195..89aee7d 100644
--- a/src/drivers/driver_test.c
+++ b/src/drivers/driver_test.c
@@ -1714,20 +1714,6 @@
}
-static int wpa_driver_test_disassociate(void *priv, const u8 *addr,
- int reason_code)
-{
- struct test_driver_bss *dbss = priv;
- struct wpa_driver_test_data *drv = dbss->drv;
- wpa_printf(MSG_DEBUG, "%s addr=" MACSTR " reason_code=%d",
- __func__, MAC2STR(addr), reason_code);
- os_memset(dbss->bssid, 0, ETH_ALEN);
- drv->associated = 0;
- wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, NULL);
- return wpa_driver_test_send_disassoc(drv);
-}
-
-
static const u8 * wpa_scan_get_ie(const struct wpa_scan_res *res, u8 ie)
{
const u8 *end, *pos;
@@ -2870,7 +2856,7 @@
return -1;
return p2p_connect(drv->p2p, peer_addr, wps_method, go_intent,
own_interface_addr, force_freq, persistent_group,
- NULL, 0, 0);
+ NULL, 0, 0, 0);
}
@@ -3299,7 +3285,6 @@
.deinit = wpa_driver_test_deinit,
.set_param = wpa_driver_test_set_param,
.deauthenticate = wpa_driver_test_deauthenticate,
- .disassociate = wpa_driver_test_disassociate,
.associate = wpa_driver_test_associate,
.get_capa = wpa_driver_test_get_capa,
.get_mac_addr = wpa_driver_test_get_mac_addr,
diff --git a/src/drivers/driver_wext.c b/src/drivers/driver_wext.c
index bd37ca1..9733e01 100644
--- a/src/drivers/driver_wext.c
+++ b/src/drivers/driver_wext.c
@@ -1938,18 +1938,6 @@
}
-static int wpa_driver_wext_disassociate(void *priv, const u8 *addr,
- int reason_code)
-{
- struct wpa_driver_wext_data *drv = priv;
- int ret;
- wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
- ret = wpa_driver_wext_mlme(drv, addr, IW_MLME_DISASSOC, reason_code);
- wpa_driver_wext_disconnect(drv);
- return ret;
-}
-
-
static int wpa_driver_wext_set_gen_ie(void *priv, const u8 *ie,
size_t ie_len)
{
@@ -2485,7 +2473,6 @@
.scan2 = wpa_driver_wext_scan,
.get_scan_results2 = wpa_driver_wext_get_scan_results,
.deauthenticate = wpa_driver_wext_deauthenticate,
- .disassociate = wpa_driver_wext_disassociate,
.associate = wpa_driver_wext_associate,
.init = wpa_driver_wext_init,
.deinit = wpa_driver_wext_deinit,
diff --git a/src/drivers/netlink.c b/src/drivers/netlink.c
index dd662f3..6c60550 100644
--- a/src/drivers/netlink.c
+++ b/src/drivers/netlink.c
@@ -97,8 +97,6 @@
if (netlink == NULL)
return NULL;
- netlink->cfg = cfg;
-
netlink->sock = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
if (netlink->sock < 0) {
wpa_printf(MSG_ERROR, "netlink: Failed to open netlink "
@@ -121,6 +119,8 @@
eloop_register_read_sock(netlink->sock, netlink_receive, netlink,
NULL);
+ netlink->cfg = cfg;
+
return netlink;
}
diff --git a/src/drivers/nl80211_copy.h b/src/drivers/nl80211_copy.h
index 2f38788..1a9a819 100644
--- a/src/drivers/nl80211_copy.h
+++ b/src/drivers/nl80211_copy.h
@@ -526,6 +526,12 @@
* of PMKSA caching dandidates.
*
* @NL80211_CMD_TDLS_OPER: Perform a high-level TDLS command (e.g. link setup).
+ * In addition, this can be used as an event to request userspace to take
+ * actions on TDLS links (set up a new link or tear down an existing one).
+ * In such events, %NL80211_ATTR_TDLS_OPERATION indicates the requested
+ * operation, %NL80211_ATTR_MAC contains the peer MAC address, and
+ * %NL80211_ATTR_REASON_CODE the reason code to be used (only with
+ * %NL80211_TDLS_TEARDOWN).
* @NL80211_CMD_TDLS_MGMT: Send a TDLS management frame.
*
* @NL80211_CMD_UNEXPECTED_FRAME: Used by an application controlling an AP
@@ -565,6 +571,22 @@
* %NL80211_ATTR_IFINDEX is now on %NL80211_ATTR_WIPHY_FREQ with
* %NL80211_ATTR_WIPHY_CHANNEL_TYPE.
*
+ * @NL80211_CMD_START_P2P_DEVICE: Start the given P2P Device, identified by
+ * its %NL80211_ATTR_WDEV identifier. It must have been created with
+ * %NL80211_CMD_NEW_INTERFACE previously. After it has been started, the
+ * P2P Device can be used for P2P operations, e.g. remain-on-channel and
+ * public action frame TX.
+ * @NL80211_CMD_STOP_P2P_DEVICE: Stop the given P2P Device, identified by
+ * its %NL80211_ATTR_WDEV identifier.
+ *
+ * @NL80211_CMD_CONN_FAILED: connection request to an AP failed; used to
+ * notify userspace that AP has rejected the connection request from a
+ * station, due to particular reason. %NL80211_ATTR_CONN_FAILED_REASON
+ * is used for this.
+ *
+ * @NL80211_CMD_SET_MCAST_RATE: Change the rate used to send multicast frames
+ * for IBSS or MESH vif.
+ *
* @NL80211_CMD_MAX: highest used command number
* @__NL80211_CMD_AFTER_LAST: internal use
*/
@@ -708,6 +730,13 @@
NL80211_CMD_CH_SWITCH_NOTIFY,
+ NL80211_CMD_START_P2P_DEVICE,
+ NL80211_CMD_STOP_P2P_DEVICE,
+
+ NL80211_CMD_CONN_FAILED,
+
+ NL80211_CMD_SET_MCAST_RATE,
+
/* add new commands above here */
/* used to define NL80211_CMD_MAX below */
@@ -1251,6 +1280,18 @@
* was used to provide the hint. For the different types of
* allowed user regulatory hints see nl80211_user_reg_hint_type.
*
+ * @NL80211_ATTR_CONN_FAILED_REASON: The reason for which AP has rejected
+ * the connection request from a station. nl80211_connect_failed_reason
+ * enum has different reasons of connection failure.
+ *
+ * @NL80211_ATTR_SAE_DATA: SAE elements in Authentication frames. This starts
+ * with the Authentication transaction sequence number field.
+ *
+ * @NL80211_ATTR_VHT_CAPABILITY: VHT Capability information element (from
+ * association request when used with NL80211_CMD_NEW_STATION)
+ *
+ * @NL80211_ATTR_SCAN_FLAGS: scan request control flags (u32)
+ *
* @NL80211_ATTR_MAX: highest attribute number currently defined
* @__NL80211_ATTR_AFTER_LAST: internal use
*/
@@ -1506,6 +1547,14 @@
NL80211_ATTR_USER_REG_HINT_TYPE,
+ NL80211_ATTR_CONN_FAILED_REASON,
+
+ NL80211_ATTR_SAE_DATA,
+
+ NL80211_ATTR_VHT_CAPABILITY,
+
+ NL80211_ATTR_SCAN_FLAGS,
+
/* add attributes here, update the policy in nl80211.c */
__NL80211_ATTR_AFTER_LAST,
@@ -1549,6 +1598,7 @@
#define NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY 16
#define NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY 24
#define NL80211_HT_CAPABILITY_LEN 26
+#define NL80211_VHT_CAPABILITY_LEN 12
#define NL80211_MAX_NR_CIPHER_SUITES 5
#define NL80211_MAX_NR_AKM_SUITES 2
@@ -1575,6 +1625,10 @@
* @NL80211_IFTYPE_MESH_POINT: mesh point
* @NL80211_IFTYPE_P2P_CLIENT: P2P client
* @NL80211_IFTYPE_P2P_GO: P2P group owner
+ * @NL80211_IFTYPE_P2P_DEVICE: P2P device interface type, this is not a netdev
+ * and therefore can't be created in the normal ways, use the
+ * %NL80211_CMD_START_P2P_DEVICE and %NL80211_CMD_STOP_P2P_DEVICE
+ * commands to create and destroy one
* @NL80211_IFTYPE_MAX: highest interface type number currently defined
* @NUM_NL80211_IFTYPES: number of defined interface types
*
@@ -1593,6 +1647,7 @@
NL80211_IFTYPE_MESH_POINT,
NL80211_IFTYPE_P2P_CLIENT,
NL80211_IFTYPE_P2P_GO,
+ NL80211_IFTYPE_P2P_DEVICE,
/* keep last */
NUM_NL80211_IFTYPES,
@@ -2460,6 +2515,7 @@
* @NL80211_AUTHTYPE_SHARED_KEY: Shared Key authentication (WEP only)
* @NL80211_AUTHTYPE_FT: Fast BSS Transition (IEEE 802.11r)
* @NL80211_AUTHTYPE_NETWORK_EAP: Network EAP (some Cisco APs and mainly LEAP)
+ * @NL80211_AUTHTYPE_SAE: Simultaneous authentication of equals
* @__NL80211_AUTHTYPE_NUM: internal
* @NL80211_AUTHTYPE_MAX: maximum valid auth algorithm
* @NL80211_AUTHTYPE_AUTOMATIC: determine automatically (if necessary by
@@ -2471,6 +2527,7 @@
NL80211_AUTHTYPE_SHARED_KEY,
NL80211_AUTHTYPE_FT,
NL80211_AUTHTYPE_NETWORK_EAP,
+ NL80211_AUTHTYPE_SAE,
/* keep last */
__NL80211_AUTHTYPE_NUM,
@@ -2994,12 +3051,34 @@
* @NL80211_FEATURE_CELL_BASE_REG_HINTS: This driver has been tested
* to work properly to suppport receiving regulatory hints from
* cellular base stations.
+ * @NL80211_FEATURE_P2P_DEVICE_NEEDS_CHANNEL: If this is set, an active
+ * P2P Device (%NL80211_IFTYPE_P2P_DEVICE) requires its own channel
+ * in the interface combinations, even when it's only used for scan
+ * and remain-on-channel. This could be due to, for example, the
+ * remain-on-channel implementation requiring a channel context.
+ * @NL80211_FEATURE_SAE: This driver supports simultaneous authentication of
+ * equals (SAE) with user space SME (NL80211_CMD_AUTHENTICATE) in station
+ * mode
+ * @NL80211_FEATURE_LOW_PRIORITY_SCAN: This driver supports low priority scan
+ * @NL80211_FEATURE_SCAN_FLUSH: Scan flush is supported
+ * @NL80211_FEATURE_AP_SCAN: Support scanning using an AP vif
+ * @NL80211_FEATURE_VIF_TXPOWER: The driver supports per-vif TX power setting
+ * @NL80211_FEATURE_NEED_OBSS_SCAN: The driver expects userspace to perform
+ * OBSS scans and generate 20/40 BSS coex reports. This flag is used only
+ * for drivers implementing the CONNECT API, for AUTH/ASSOC it is implied.
*/
enum nl80211_feature_flags {
- NL80211_FEATURE_SK_TX_STATUS = 1 << 0,
- NL80211_FEATURE_HT_IBSS = 1 << 1,
- NL80211_FEATURE_INACTIVITY_TIMER = 1 << 2,
- NL80211_FEATURE_CELL_BASE_REG_HINTS = 1 << 3,
+ NL80211_FEATURE_SK_TX_STATUS = 1 << 0,
+ NL80211_FEATURE_HT_IBSS = 1 << 1,
+ NL80211_FEATURE_INACTIVITY_TIMER = 1 << 2,
+ NL80211_FEATURE_CELL_BASE_REG_HINTS = 1 << 3,
+ NL80211_FEATURE_P2P_DEVICE_NEEDS_CHANNEL = 1 << 4,
+ NL80211_FEATURE_SAE = 1 << 5,
+ NL80211_FEATURE_LOW_PRIORITY_SCAN = 1 << 6,
+ NL80211_FEATURE_SCAN_FLUSH = 1 << 7,
+ NL80211_FEATURE_AP_SCAN = 1 << 8,
+ NL80211_FEATURE_VIF_TXPOWER = 1 << 9,
+ NL80211_FEATURE_NEED_OBSS_SCAN = 1 << 10,
};
/**
@@ -3023,4 +3102,36 @@
NL80211_PROBE_RESP_OFFLOAD_SUPPORT_80211U = 1<<3,
};
+/**
+ * enum nl80211_connect_failed_reason - connection request failed reasons
+ * @NL80211_CONN_FAIL_MAX_CLIENTS: Maximum number of clients that can be
+ * handled by the AP is reached.
+ * @NL80211_CONN_FAIL_BLOCKED_CLIENT: Client's MAC is in the AP's blocklist.
+ */
+enum nl80211_connect_failed_reason {
+ NL80211_CONN_FAIL_MAX_CLIENTS,
+ NL80211_CONN_FAIL_BLOCKED_CLIENT,
+};
+
+/**
+ * enum nl80211_scan_flags - scan request control flags
+ *
+ * Scan request control flags are used to control the handling
+ * of NL80211_CMD_TRIGGER_SCAN and NL80211_CMD_START_SCHED_SCAN
+ * requests.
+ *
+ * @NL80211_SCAN_FLAG_LOW_PRIORITY: scan request has low priority
+ * @NL80211_SCAN_FLAG_FLUSH: flush cache before scanning
+ * @NL80211_SCAN_FLAG_AP: force a scan even if the interface is configured
+ * as AP and the beaconing has already been configured. This attribute is
+ * dangerous because will destroy stations performance as a lot of frames
+ * will be lost while scanning off-channel, therefore it must be used only
+ * when really needed
+ */
+enum nl80211_scan_flags {
+ NL80211_SCAN_FLAG_LOW_PRIORITY = 1<<0,
+ NL80211_SCAN_FLAG_FLUSH = 1<<1,
+ NL80211_SCAN_FLAG_AP = 1<<2,
+};
+
#endif /* __LINUX_NL80211_H */
diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c
index 2ed74b8..a4c9b25 100644
--- a/src/eap_peer/eap.c
+++ b/src/eap_peer/eap.c
@@ -348,6 +348,7 @@
{
struct wpabuf *eapReqData;
struct eap_method_ret ret;
+ int min_len = 1;
SM_ENTRY(EAP, METHOD);
if (sm->m == NULL) {
@@ -356,7 +357,9 @@
}
eapReqData = eapol_get_eapReqData(sm);
- if (!eap_hdr_len_valid(eapReqData, 1))
+ if (sm->m->vendor == EAP_VENDOR_IETF && sm->m->method == EAP_TYPE_LEAP)
+ min_len = 0; /* LEAP uses EAP-Success without payload */
+ if (!eap_hdr_len_valid(eapReqData, min_len))
return;
/*
diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c
index 7eefe8c..aedd85a 100644
--- a/src/eap_peer/eap_tls_common.c
+++ b/src/eap_peer/eap_tls_common.c
@@ -829,6 +829,14 @@
}
pos += 4;
left -= 4;
+
+ if (left > tls_msg_len) {
+ wpa_printf(MSG_INFO, "SSL: TLS Message Length (%d "
+ "bytes) smaller than this fragment (%d "
+ "bytes)", (int) tls_msg_len, (int) left);
+ ret->ignore = TRUE;
+ return NULL;
+ }
}
ret->ignore = FALSE;
diff --git a/src/eap_server/eap_server_aka.c b/src/eap_server/eap_server_aka.c
index a965cac..177b58d 100644
--- a/src/eap_server/eap_server_aka.c
+++ b/src/eap_server/eap_server_aka.c
@@ -365,6 +365,7 @@
eap_sim_msg_add(msg, EAP_SIM_AT_ANY_ID_REQ, 0, NULL, 0);
} else if (data->identity_round > 3) {
/* Cannot use more than three rounds of Identity messages */
+ eap_sim_msg_free(msg);
return NULL;
} else if (sm->identity && sm->identity_len > 0 &&
(sm->identity[0] == EAP_AKA_REAUTH_ID_PREFIX ||
diff --git a/src/eap_server/eap_server_sim.c b/src/eap_server/eap_server_sim.c
index f83c3cb..b531241 100644
--- a/src/eap_server/eap_server_sim.c
+++ b/src/eap_server/eap_server_sim.c
@@ -117,6 +117,7 @@
eap_sim_msg_add(msg, EAP_SIM_AT_ANY_ID_REQ, 0, NULL, 0);
} else if (data->start_round > 3) {
/* Cannot use more than three rounds of Start messages */
+ eap_sim_msg_free(msg);
return NULL;
} else if (data->start_round == 0) {
/*
diff --git a/src/eap_server/eap_server_tls_common.c b/src/eap_server/eap_server_tls_common.c
index 31be2ec..9efb5b2 100644
--- a/src/eap_server/eap_server_tls_common.c
+++ b/src/eap_server/eap_server_tls_common.c
@@ -228,6 +228,14 @@
return -1;
}
+ if (len > message_length) {
+ wpa_printf(MSG_INFO, "SSL: Too much data (%d bytes) in "
+ "first fragment of frame (TLS Message "
+ "Length %d bytes)",
+ (int) len, (int) message_length);
+ return -1;
+ }
+
data->tls_in = wpabuf_alloc(message_length);
if (data->tls_in == NULL) {
wpa_printf(MSG_DEBUG, "SSL: No memory for message");
@@ -289,6 +297,13 @@
tls_msg_len);
*pos += 4;
*left -= 4;
+
+ if (*left > tls_msg_len) {
+ wpa_printf(MSG_INFO, "SSL: TLS Message Length (%d "
+ "bytes) smaller than this fragment (%d "
+ "bytes)", (int) tls_msg_len, (int) *left);
+ return -1;
+ }
}
wpa_printf(MSG_DEBUG, "SSL: Received packet: Flags 0x%x "
diff --git a/src/eapol_supp/eapol_supp_sm.c b/src/eapol_supp/eapol_supp_sm.c
index 851cf49..f90fb62 100644
--- a/src/eapol_supp/eapol_supp_sm.c
+++ b/src/eapol_supp/eapol_supp_sm.c
@@ -1469,10 +1469,7 @@
if (sm == NULL)
return;
wpa_printf(MSG_DEBUG, "EAPOL: PMKSA caching was used - skip EAPOL");
- sm->SUPP_PAE_state = SUPP_PAE_AUTHENTICATED;
- sm->suppPortStatus = Authorized;
- eapol_sm_set_port_authorized(sm);
- sm->portValid = TRUE;
+ sm->eapSuccess = TRUE;
eap_notify_success(sm->eap);
eapol_sm_step(sm);
}
diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c
index a3eaa8c..b122f7c 100644
--- a/src/p2p/p2p.c
+++ b/src/p2p/p2p.c
@@ -256,7 +256,7 @@
}
-static void p2p_listen_in_find(struct p2p_data *p2p)
+static void p2p_listen_in_find(struct p2p_data *p2p, int dev_disc)
{
unsigned int r, tu;
int freq;
@@ -277,6 +277,19 @@
os_get_random((u8 *) &r, sizeof(r));
tu = (r % ((p2p->max_disc_int - p2p->min_disc_int) + 1) +
p2p->min_disc_int) * 100;
+ if (p2p->max_disc_tu >= 0 && tu > (unsigned int) p2p->max_disc_tu)
+ tu = p2p->max_disc_tu;
+ if (!dev_disc && tu < 100)
+ tu = 100; /* Need to wait in non-device discovery use cases */
+ if (p2p->cfg->max_listen && 1024 * tu / 1000 > p2p->cfg->max_listen)
+ tu = p2p->cfg->max_listen * 1000 / 1024;
+
+ if (tu == 0) {
+ wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Skip listen state "
+ "since duration was 0 TU");
+ p2p_set_timeout(p2p, 0, 0);
+ return;
+ }
p2p->pending_listen_freq = freq;
p2p->pending_listen_sec = 0;
@@ -1153,15 +1166,17 @@
}
-static int p2p_prepare_channel(struct p2p_data *p2p, unsigned int force_freq)
+static int p2p_prepare_channel(struct p2p_data *p2p, unsigned int force_freq,
+ unsigned int pref_freq)
{
- if (force_freq) {
+ if (force_freq || pref_freq) {
u8 op_reg_class, op_channel;
- if (p2p_freq_to_channel(p2p->cfg->country, force_freq,
+ unsigned int freq = force_freq ? force_freq : pref_freq;
+ if (p2p_freq_to_channel(p2p->cfg->country, freq,
&op_reg_class, &op_channel) < 0) {
wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
"P2P: Unsupported frequency %u MHz",
- force_freq);
+ freq);
return -1;
}
if (!p2p_channels_includes(&p2p->cfg->channels, op_reg_class,
@@ -1169,37 +1184,21 @@
wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
"P2P: Frequency %u MHz (oper_class %u "
"channel %u) not allowed for P2P",
- force_freq, op_reg_class, op_channel);
+ freq, op_reg_class, op_channel);
return -1;
}
p2p->op_reg_class = op_reg_class;
p2p->op_channel = op_channel;
-#ifndef ANDROID_P2P
- p2p->channels.reg_classes = 1;
- p2p->channels.reg_class[0].channels = 1;
- p2p->channels.reg_class[0].reg_class = p2p->op_reg_class;
- p2p->channels.reg_class[0].channel[0] = p2p->op_channel;
-#else
- if(p2p->cfg->p2p_concurrency == P2P_MULTI_CHANNEL_CONCURRENT) {
- /* We we are requesting for a preferred channel. But since
- * are multichannel concurrent, we have to poplulate the
- * p2p_channels with list of channels that we support.
- */
-#ifdef ANDROID_P2P
- wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "Full channel list");
-#endif
- os_memcpy(&p2p->channels, &p2p->cfg->channels,
- sizeof(struct p2p_channels));
- } else {
-#ifdef ANDROID_P2P
- wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "Single channel list %d", p2p->op_channel);
-#endif
+ if (force_freq) {
p2p->channels.reg_classes = 1;
p2p->channels.reg_class[0].channels = 1;
- p2p->channels.reg_class[0].reg_class = p2p->op_reg_class;
+ p2p->channels.reg_class[0].reg_class =
+ p2p->op_reg_class;
p2p->channels.reg_class[0].channel[0] = p2p->op_channel;
+ } else {
+ os_memcpy(&p2p->channels, &p2p->cfg->channels,
+ sizeof(struct p2p_channels));
}
-#endif
} else {
u8 op_reg_class, op_channel;
@@ -1279,18 +1278,18 @@
int go_intent, const u8 *own_interface_addr,
unsigned int force_freq, int persistent_group,
const u8 *force_ssid, size_t force_ssid_len,
- int pd_before_go_neg)
+ int pd_before_go_neg, unsigned int pref_freq)
{
struct p2p_device *dev;
wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
"P2P: Request to start group negotiation - peer=" MACSTR
" GO Intent=%d Intended Interface Address=" MACSTR
- " wps_method=%d persistent_group=%d pd_before_go_neg=%d force_freq %d",
+ " wps_method=%d persistent_group=%d pd_before_go_neg=%d",
MAC2STR(peer_addr), go_intent, MAC2STR(own_interface_addr),
- wps_method, persistent_group, pd_before_go_neg, force_freq);
+ wps_method, persistent_group, pd_before_go_neg);
- if (p2p_prepare_channel(p2p, force_freq) < 0)
+ if (p2p_prepare_channel(p2p, force_freq, pref_freq) < 0)
return -1;
dev = p2p_get_device(p2p, peer_addr);
@@ -1390,7 +1389,8 @@
enum p2p_wps_method wps_method,
int go_intent, const u8 *own_interface_addr,
unsigned int force_freq, int persistent_group,
- const u8 *force_ssid, size_t force_ssid_len)
+ const u8 *force_ssid, size_t force_ssid_len,
+ unsigned int pref_freq)
{
struct p2p_device *dev;
@@ -1401,7 +1401,7 @@
MAC2STR(peer_addr), go_intent, MAC2STR(own_interface_addr),
wps_method, persistent_group);
- if (p2p_prepare_channel(p2p, force_freq) < 0)
+ if (p2p_prepare_channel(p2p, force_freq, pref_freq) < 0)
return -1;
dev = p2p_get_device(p2p, peer_addr);
@@ -2416,6 +2416,7 @@
p2p->min_disc_int = 1;
#endif
p2p->max_disc_int = 3;
+ p2p->max_disc_tu = -1;
os_get_random(&p2p->next_tie_breaker, 1);
p2p->next_tie_breaker &= 0x01;
@@ -2712,7 +2713,7 @@
}
}
- p2p_listen_in_find(p2p);
+ p2p_listen_in_find(p2p, 1);
}
@@ -2758,8 +2759,7 @@
/*
* Retry the prov disc req attempt only for the peer that the user had
- * requested for and provided a join has not been initiated on it
- * in the meantime.
+ * requested.
*/
dl_list_for_each(dev, &p2p->devices, struct p2p_device, list) {
@@ -2768,15 +2768,14 @@
continue;
if (!dev->req_config_methods)
continue;
- if (dev->flags & P2P_DEV_PD_FOR_JOIN)
- continue;
wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Send "
"pending Provision Discovery Request to "
MACSTR " (config methods 0x%x)",
MAC2STR(dev->info.p2p_device_addr),
dev->req_config_methods);
- p2p_send_prov_disc_req(p2p, dev, 0, 0);
+ p2p_send_prov_disc_req(p2p, dev,
+ dev->flags & P2P_DEV_PD_FOR_JOIN, 0);
return;
}
}
@@ -3198,7 +3197,7 @@
return;
}
p2p_set_state(p2p, P2P_CONNECT_LISTEN);
- p2p_listen_in_find(p2p);
+ p2p_listen_in_find(p2p, 0);
}
@@ -3262,7 +3261,7 @@
"P2P: Go to Listen state while waiting for the peer to become "
"ready for GO Negotiation");
p2p_set_state(p2p, P2P_WAIT_PEER_CONNECT);
- p2p_listen_in_find(p2p);
+ p2p_listen_in_find(p2p, 0);
}
@@ -3307,9 +3306,23 @@
p2p->pd_retries--;
p2p_retry_pd(p2p);
} else {
+ struct p2p_device *dev;
+ int for_join = 0;
+
+ dl_list_for_each(dev, &p2p->devices, struct p2p_device, list) {
+ if (os_memcmp(p2p->pending_pd_devaddr,
+ dev->info.p2p_device_addr, ETH_ALEN) != 0)
+ continue;
+ if (dev->req_config_methods &&
+ (dev->flags & P2P_DEV_PD_FOR_JOIN))
+ for_join = 1;
+ }
+
if (p2p->cfg->prov_disc_fail)
p2p->cfg->prov_disc_fail(p2p->cfg->cb_ctx,
p2p->pending_pd_devaddr,
+ for_join ?
+ P2P_PROV_DISC_TIMEOUT_JOIN :
P2P_PROV_DISC_TIMEOUT);
p2p_reset_pending_pd(p2p);
}
@@ -3330,7 +3343,7 @@
p2p_set_timeout(p2p, 0, 100000);
return;
}
- p2p_listen_in_find(p2p);
+ p2p_listen_in_find(p2p, 0);
}
@@ -4384,3 +4397,20 @@
}
#endif /* CONFIG_WIFI_DISPLAY */
+
+
+int p2p_set_disc_int(struct p2p_data *p2p, int min_disc_int, int max_disc_int,
+ int max_disc_tu)
+{
+ if (min_disc_int > max_disc_int || min_disc_int < 0 || max_disc_int < 0)
+ return -1;
+
+ p2p->min_disc_int = min_disc_int;
+ p2p->max_disc_int = max_disc_int;
+ p2p->max_disc_tu = max_disc_tu;
+ wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Set discoverable interval: "
+ "min=%d max=%d max_tu=%d", min_disc_int, max_disc_int,
+ max_disc_tu);
+
+ return 0;
+}
diff --git a/src/p2p/p2p.h b/src/p2p/p2p.h
index b80f898..045e6f7 100644
--- a/src/p2p/p2p.h
+++ b/src/p2p/p2p.h
@@ -92,6 +92,16 @@
size_t ssid_len;
/**
+ * psk - WPA pre-shared key (256 bits) (GO only)
+ */
+ u8 psk[32];
+
+ /**
+ * psk_set - Whether PSK field is configured (GO only)
+ */
+ int psk_set;
+
+ /**
* passphrase - WPA2-Personal passphrase for the group (GO only)
*/
char passphrase[64];
@@ -227,6 +237,7 @@
P2P_PROV_DISC_SUCCESS,
P2P_PROV_DISC_TIMEOUT,
P2P_PROV_DISC_REJECTED,
+ P2P_PROV_DISC_TIMEOUT_JOIN,
};
struct p2p_channel {
@@ -359,6 +370,11 @@
*/
size_t ssid_postfix_len;
+ /**
+ * max_listen - Maximum listen duration in ms
+ */
+ unsigned int max_listen;
+
#ifdef ANDROID_P2P
enum p2p_concurrency_type {
P2P_NON_CONCURRENT,
@@ -902,6 +918,8 @@
* @pd_before_go_neg: Whether to send Provision Discovery prior to GO
* Negotiation as an interoperability workaround when initiating group
* formation
+ * @pref_freq: Preferred operating frequency in MHz or 0 (this is only used if
+ * force_freq == 0)
* Returns: 0 on success, -1 on failure
*/
int p2p_connect(struct p2p_data *p2p, const u8 *peer_addr,
@@ -909,7 +927,7 @@
int go_intent, const u8 *own_interface_addr,
unsigned int force_freq, int persistent_group,
const u8 *force_ssid, size_t force_ssid_len,
- int pd_before_go_neg);
+ int pd_before_go_neg, unsigned int pref_freq);
/**
* p2p_authorize - Authorize P2P group formation (GO negotiation)
@@ -925,6 +943,8 @@
* @force_ssid: Forced SSID for the group if we become GO or %NULL to generate
* a new SSID
* @force_ssid_len: Length of $force_ssid buffer
+ * @pref_freq: Preferred operating frequency in MHz or 0 (this is only used if
+ * force_freq == 0)
* Returns: 0 on success, -1 on failure
*
* This is like p2p_connect(), but the actual group negotiation is not
@@ -934,7 +954,8 @@
enum p2p_wps_method wps_method,
int go_intent, const u8 *own_interface_addr,
unsigned int force_freq, int persistent_group,
- const u8 *force_ssid, size_t force_ssid_len);
+ const u8 *force_ssid, size_t force_ssid_len,
+ unsigned int pref_freq);
/**
* p2p_reject - Reject peer device (explicitly block connection attempts)
@@ -951,6 +972,7 @@
* @config_methods: WPS Config Methods value (only one bit set)
* @join: Whether this is used by a client joining an active group
* @force_freq: Forced TX frequency for the frame (mainly for the join case)
+ * @user_initiated_pd: Flag to indicate if initiated by user or not
* Returns: 0 on success, -1 on failure
*
* This function can be used to request a discovered P2P peer to display a PIN
@@ -962,7 +984,8 @@
* indicated with the p2p_config::prov_disc_resp() callback.
*/
int p2p_prov_disc_req(struct p2p_data *p2p, const u8 *peer_addr,
- u16 config_methods, int join, int force_freq);
+ u16 config_methods, int join, int force_freq,
+ int user_initiated_pd);
/**
* p2p_sd_request - Schedule a service discovery query
@@ -1767,4 +1790,25 @@
const struct wpabuf *elem);
struct wpabuf * wifi_display_encaps(struct wpabuf *subelems);
+/**
+ * p2p_set_disc_int - Set min/max discoverable interval for p2p_find
+ * @p2p: P2P module context from p2p_init()
+ * @min_disc_int: minDiscoverableInterval (in units of 100 TU); default 1
+ * @max_disc_int: maxDiscoverableInterval (in units of 100 TU); default 3
+ * @max_disc_tu: Maximum number of TUs (1.024 ms) for discoverable interval; or
+ * -1 not to limit
+ * Returns: 0 on success, or -1 on failure
+ *
+ * This function can be used to configure minDiscoverableInterval and
+ * maxDiscoverableInterval parameters for the Listen state during device
+ * discovery (p2p_find). A random number of 100 TU units is picked for each
+ * Listen state iteration from [min_disc_int,max_disc_int] range.
+ *
+ * max_disc_tu can be used to futher limit the discoverable duration. However,
+ * it should be noted that use of this parameter is not recommended since it
+ * would not be compliant with the P2P specification.
+ */
+int p2p_set_disc_int(struct p2p_data *p2p, int min_disc_int, int max_disc_int,
+ int max_disc_tu);
+
#endif /* P2P_H */
diff --git a/src/p2p/p2p_build.c b/src/p2p/p2p_build.c
index be069a5..5838d35 100644
--- a/src/p2p/p2p_build.c
+++ b/src/p2p/p2p_build.c
@@ -136,6 +136,7 @@
len + 2, (u8 *) wpabuf_put(buf, 0) - len - 2);
}
+
void p2p_buf_add_status(struct wpabuf *buf, u8 status)
{
/* Status */
diff --git a/src/p2p/p2p_go_neg.c b/src/p2p/p2p_go_neg.c
index b21d97c..fe4b560 100644
--- a/src/p2p/p2p_go_neg.c
+++ b/src/p2p/p2p_go_neg.c
@@ -211,7 +211,7 @@
else
return -1;
return p2p_prov_disc_req(p2p, dev->info.p2p_device_addr,
- config_method, 0, 0);
+ config_method, 0, 0, 1);
}
freq = dev->listen_freq > 0 ? dev->listen_freq : dev->oper_freq;
@@ -302,7 +302,6 @@
p2p->op_channel);
}
p2p_buf_add_intended_addr(buf, p2p->intended_addr);
-
if (status || peer == NULL) {
p2p_buf_add_channel_list(buf, p2p->cfg->country,
&p2p->channels);
@@ -315,7 +314,6 @@
&res);
p2p_buf_add_channel_list(buf, p2p->cfg->country, &res);
}
-
p2p_buf_add_device_info(buf, p2p, peer);
if (peer && peer->go_state == LOCAL_GO) {
p2p_buf_add_group_id(buf, p2p->cfg->dev_addr, p2p->ssid,
diff --git a/src/p2p/p2p_i.h b/src/p2p/p2p_i.h
index 673c4c1..d2868fb 100644
--- a/src/p2p/p2p_i.h
+++ b/src/p2p/p2p_i.h
@@ -226,6 +226,11 @@
int max_disc_int;
/**
+ * max_disc_tu - Maximum number of TUs for discoverable interval
+ */
+ int max_disc_tu;
+
+ /**
* devices - List of known P2P Device peers
*/
struct dl_list devices;
diff --git a/src/p2p/p2p_pd.c b/src/p2p/p2p_pd.c
index 42447e5..e40f2b7 100644
--- a/src/p2p/p2p_pd.c
+++ b/src/p2p/p2p_pd.c
@@ -19,7 +19,7 @@
* Number of retries to attempt for provision discovery requests
* in case the peer is not listening.
*/
-#define MAX_PROV_DISC_REQ_RETRIES 10
+#define MAX_PROV_DISC_REQ_RETRIES 120
static void p2p_build_wps_ie_config_methods(struct wpabuf *buf,
@@ -408,7 +408,8 @@
int p2p_prov_disc_req(struct p2p_data *p2p, const u8 *peer_addr,
- u16 config_methods, int join, int force_freq)
+ u16 config_methods, int join, int force_freq,
+ int user_initiated_pd)
{
struct p2p_device *dev;
@@ -446,11 +447,7 @@
return 0;
}
- /*
- * We use the join param as a cue to differentiate between user
- * initiated PD request and one issued during finds (internal).
- */
- p2p->user_initiated_pd = !join;
+ p2p->user_initiated_pd = user_initiated_pd;
if (p2p->user_initiated_pd)
p2p->pd_retries = MAX_PROV_DISC_REQ_RETRIES;
diff --git a/src/radius/radius.c b/src/radius/radius.c
index d5edfd8..d1feec9 100644
--- a/src/radius/radius.c
+++ b/src/radius/radius.c
@@ -1406,11 +1406,12 @@
* @secret: RADIUS shared secret
* @secret_len: Length of secret
* @sent_msg: Sent RADIUS message
- * Returns: pointer to password (free with os_free) or %NULL
+ * @n: Number of password attribute to return (starting with 0)
+ * Returns: Pointer to n-th password (free with os_free) or %NULL
*/
char * radius_msg_get_tunnel_password(struct radius_msg *msg, int *keylen,
const u8 *secret, size_t secret_len,
- struct radius_msg *sent_msg)
+ struct radius_msg *sent_msg, size_t n)
{
u8 *buf = NULL;
size_t buflen;
@@ -1420,7 +1421,7 @@
size_t len[3];
u8 hash[16];
u8 *pos;
- size_t i;
+ size_t i, j = 0;
struct radius_attr_hdr *attr;
const u8 *data;
size_t dlen;
@@ -1428,7 +1429,7 @@
size_t fdlen = -1;
char *ret = NULL;
- /* find attribute with lowest tag and check it */
+ /* find n-th valid Tunnel-Password attribute */
for (i = 0; i < msg->attr_used; i++) {
attr = radius_get_attr_hdr(msg, i);
if (attr == NULL ||
@@ -1441,11 +1442,13 @@
dlen = attr->length - sizeof(*attr);
if (dlen <= 3 || dlen % 16 != 3)
continue;
- if (fdata != NULL && fdata[0] <= data[0])
+ j++;
+ if (j <= n)
continue;
fdata = data;
fdlen = dlen;
+ break;
}
if (fdata == NULL)
goto out;
diff --git a/src/radius/radius.h b/src/radius/radius.h
index 727640b..2031054 100644
--- a/src/radius/radius.h
+++ b/src/radius/radius.h
@@ -242,7 +242,7 @@
int radius_msg_get_vlanid(struct radius_msg *msg);
char * radius_msg_get_tunnel_password(struct radius_msg *msg, int *keylen,
const u8 *secret, size_t secret_len,
- struct radius_msg *sent_msg);
+ struct radius_msg *sent_msg, size_t n);
static inline int radius_msg_add_attr_int32(struct radius_msg *msg, u8 type,
u32 value)
diff --git a/src/rsn_supp/pmksa_cache.c b/src/rsn_supp/pmksa_cache.c
index 9783e7c..df67583 100644
--- a/src/rsn_supp/pmksa_cache.c
+++ b/src/rsn_supp/pmksa_cache.c
@@ -25,7 +25,7 @@
struct wpa_sm *sm; /* TODO: get rid of this reference(?) */
void (*free_cb)(struct rsn_pmksa_cache_entry *entry, void *ctx,
- int replace);
+ enum pmksa_free_reason reason);
void *ctx;
};
@@ -41,11 +41,11 @@
static void pmksa_cache_free_entry(struct rsn_pmksa_cache *pmksa,
struct rsn_pmksa_cache_entry *entry,
- int replace)
+ enum pmksa_free_reason reason)
{
wpa_sm_remove_pmkid(pmksa->sm, entry->aa, entry->pmkid);
pmksa->pmksa_count--;
- pmksa->free_cb(entry, pmksa->ctx, replace);
+ pmksa->free_cb(entry, pmksa->ctx, reason);
_pmksa_cache_free_entry(entry);
}
@@ -61,7 +61,7 @@
pmksa->pmksa = entry->next;
wpa_printf(MSG_DEBUG, "RSN: expired PMKSA cache entry for "
MACSTR, MAC2STR(entry->aa));
- pmksa_cache_free_entry(pmksa, entry, 0);
+ pmksa_cache_free_entry(pmksa, entry, PMKSA_EXPIRE);
}
pmksa_cache_set_expiration(pmksa);
@@ -164,22 +164,9 @@
pmksa->pmksa = pos->next;
else
prev->next = pos->next;
- if (pos == pmksa->sm->cur_pmksa) {
- /* We are about to replace the current PMKSA
- * cache entry. This happens when the PMKSA
- * caching attempt fails, so we don't want to
- * force pmksa_cache_free_entry() to disconnect
- * at this point. Let's just make sure the old
- * PMKSA cache entry will not be used in the
- * future.
- */
- wpa_printf(MSG_DEBUG, "RSN: replacing current "
- "PMKSA entry");
- pmksa->sm->cur_pmksa = NULL;
- }
wpa_printf(MSG_DEBUG, "RSN: Replace PMKSA entry for "
"the current AP");
- pmksa_cache_free_entry(pmksa, pos, 1);
+ pmksa_cache_free_entry(pmksa, pos, PMKSA_REPLACE);
/*
* If OKC is used, there may be other PMKSA cache
@@ -214,7 +201,7 @@
"PMKSA cache entry (for " MACSTR ") to "
"make room for new one",
MAC2STR(pos->aa));
- pmksa_cache_free_entry(pmksa, pos, 0);
+ pmksa_cache_free_entry(pmksa, pos, PMKSA_FREE);
}
}
@@ -265,7 +252,7 @@
pmksa->pmksa = entry->next;
tmp = entry;
entry = entry->next;
- pmksa_cache_free_entry(pmksa, tmp, 0);
+ pmksa_cache_free_entry(pmksa, tmp, PMKSA_FREE);
removed++;
} else {
prev = entry;
@@ -507,7 +494,7 @@
*/
struct rsn_pmksa_cache *
pmksa_cache_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry,
- void *ctx, int replace),
+ void *ctx, enum pmksa_free_reason reason),
void *ctx, struct wpa_sm *sm)
{
struct rsn_pmksa_cache *pmksa;
diff --git a/src/rsn_supp/pmksa_cache.h b/src/rsn_supp/pmksa_cache.h
index 9245aab..f318c52 100644
--- a/src/rsn_supp/pmksa_cache.h
+++ b/src/rsn_supp/pmksa_cache.h
@@ -38,11 +38,17 @@
struct rsn_pmksa_cache;
+enum pmksa_free_reason {
+ PMKSA_FREE,
+ PMKSA_REPLACE,
+ PMKSA_EXPIRE,
+};
+
#if defined(IEEE8021X_EAPOL) && !defined(CONFIG_NO_WPA2)
struct rsn_pmksa_cache *
pmksa_cache_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry,
- void *ctx, int replace),
+ void *ctx, enum pmksa_free_reason reason),
void *ctx, struct wpa_sm *sm);
void pmksa_cache_deinit(struct rsn_pmksa_cache *pmksa);
struct rsn_pmksa_cache_entry * pmksa_cache_get(struct rsn_pmksa_cache *pmksa,
@@ -66,7 +72,7 @@
static inline struct rsn_pmksa_cache *
pmksa_cache_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry,
- void *ctx, int replace),
+ void *ctx, int reason),
void *ctx, struct wpa_sm *sm)
{
return (void *) -1;
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 5cf32df..3c45f3a 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -783,7 +783,7 @@
rsn_ie, rsn_ie_len);
}
- wpa_sm_disassociate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS);
+ wpa_sm_deauthenticate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS);
}
@@ -1836,6 +1836,10 @@
case WPA_KEY_MGMT_PSK_SHA256:
return RSN_AUTH_KEY_MGMT_PSK_SHA256;
#endif /* CONFIG_IEEE80211W */
+ case WPA_KEY_MGMT_CCKM:
+ return (sm->proto == WPA_PROTO_RSN ?
+ RSN_AUTH_KEY_MGMT_CCKM:
+ WPA_AUTH_KEY_MGMT_CCKM);
case WPA_KEY_MGMT_WPA_NONE:
return WPA_AUTH_KEY_MGMT_NONE;
default:
@@ -1931,25 +1935,40 @@
static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
- void *ctx, int replace)
+ void *ctx, enum pmksa_free_reason reason)
{
struct wpa_sm *sm = ctx;
+ int deauth = 0;
- if (sm->cur_pmksa == entry ||
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: PMKSA cache entry free_cb: "
+ MACSTR " reason=%d", MAC2STR(entry->aa), reason);
+
+ if (sm->cur_pmksa == entry) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "RSN: %s current PMKSA entry",
+ reason == PMKSA_REPLACE ? "replaced" : "removed");
+ pmksa_cache_clear_current(sm);
+
+ /*
+ * If an entry is simply being replaced, there's no need to
+ * deauthenticate because it will be immediately re-added.
+ * This happens when EAP authentication is completed again
+ * (reauth or failed PMKSA caching attempt).
+ */
+ if (reason != PMKSA_REPLACE)
+ deauth = 1;
+ }
+
+ if (reason == PMKSA_EXPIRE &&
(sm->pmk_len == entry->pmk_len &&
os_memcmp(sm->pmk, entry->pmk, sm->pmk_len) == 0)) {
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- "RSN: removed current PMKSA entry");
- sm->cur_pmksa = NULL;
+ "RSN: deauthenticating due to expired PMK");
+ pmksa_cache_clear_current(sm);
+ deauth = 1;
+ }
- if (replace) {
- /* A new entry is being added, so no need to
- * deauthenticate in this case. This happens when EAP
- * authentication is completed again (reauth or failed
- * PMKSA caching attempt). */
- return;
- }
-
+ if (deauth) {
os_memset(sm->pmk, 0, sizeof(sm->pmk));
wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
}
@@ -2080,6 +2099,7 @@
void wpa_sm_notify_disassoc(struct wpa_sm *sm)
{
rsn_preauth_deinit(sm);
+ pmksa_cache_clear_current(sm);
if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE)
sm->dot11RSNA4WayHandshakeFailures++;
#ifdef CONFIG_TDLS
@@ -2372,6 +2392,22 @@
if (ret < 0 || ret >= end - pos)
return pos - buf;
pos += ret;
+
+ if (sm->mfp != NO_MGMT_FRAME_PROTECTION && sm->ap_rsn_ie) {
+ struct wpa_ie_data rsn;
+ if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn)
+ >= 0 &&
+ rsn.capabilities & (WPA_CAPABILITY_MFPR |
+ WPA_CAPABILITY_MFPC)) {
+ ret = os_snprintf(pos, end - pos, "pmf=%d\n",
+ (rsn.capabilities &
+ WPA_CAPABILITY_MFPR) ? 2 : 1);
+ if (ret < 0 || ret >= end - pos)
+ return pos - buf;
+ pos += ret;
+ }
+ }
+
return pos - buf;
}
diff --git a/src/rsn_supp/wpa.h b/src/rsn_supp/wpa.h
index 1077b5a..8afdf39 100644
--- a/src/rsn_supp/wpa.h
+++ b/src/rsn_supp/wpa.h
@@ -24,7 +24,6 @@
void (*set_state)(void *ctx, enum wpa_states state);
enum wpa_states (*get_state)(void *ctx);
void (*deauthenticate)(void * ctx, int reason_code);
- void (*disassociate)(void *ctx, int reason_code);
int (*set_key)(void *ctx, enum wpa_alg alg,
const u8 *addr, int key_idx, int set_tx,
const u8 *seq, size_t seq_len,
diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
index c30d09e..9f9e641 100644
--- a/src/rsn_supp/wpa_i.h
+++ b/src/rsn_supp/wpa_i.h
@@ -143,12 +143,6 @@
sm->ctx->deauthenticate(sm->ctx->ctx, reason_code);
}
-static inline void wpa_sm_disassociate(struct wpa_sm *sm, int reason_code)
-{
- WPA_ASSERT(sm->ctx->disassociate);
- sm->ctx->disassociate(sm->ctx->ctx, reason_code);
-}
-
static inline int wpa_sm_set_key(struct wpa_sm *sm, enum wpa_alg alg,
const u8 *addr, int key_idx, int set_tx,
const u8 *seq, size_t seq_len,
diff --git a/src/rsn_supp/wpa_ie.c b/src/rsn_supp/wpa_ie.c
index 6a8f9f1..3d75365 100644
--- a/src/rsn_supp/wpa_ie.c
+++ b/src/rsn_supp/wpa_ie.c
@@ -83,6 +83,8 @@
RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X);
} else if (key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_NONE);
+ } else if (key_mgmt == WPA_KEY_MGMT_CCKM) {
+ RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_CCKM);
} else {
wpa_printf(MSG_WARNING, "Invalid key management type (%d).",
key_mgmt);
@@ -152,6 +154,8 @@
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X);
} else if (key_mgmt == WPA_KEY_MGMT_PSK) {
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X);
+ } else if (key_mgmt == WPA_KEY_MGMT_CCKM) {
+ RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_CCKM);
#ifdef CONFIG_IEEE80211R
} else if (key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X) {
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X);
@@ -164,6 +168,12 @@
} else if (key_mgmt == WPA_KEY_MGMT_PSK_SHA256) {
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_SHA256);
#endif /* CONFIG_IEEE80211W */
+#ifdef CONFIG_SAE
+ } else if (key_mgmt == WPA_KEY_MGMT_SAE) {
+ RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_SAE);
+ } else if (key_mgmt == WPA_KEY_MGMT_FT_SAE) {
+ RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_SAE);
+#endif /* CONFIG_SAE */
} else {
wpa_printf(MSG_WARNING, "Invalid key management type (%d).",
key_mgmt);
diff --git a/src/wps/ndef.c b/src/wps/ndef.c
index 7630ecb..a48a2d7 100644
--- a/src/wps/ndef.c
+++ b/src/wps/ndef.c
@@ -10,13 +10,13 @@
#include "includes.h"
#include "common.h"
#include "wps/wps.h"
-#include "wps/wps_i.h"
#define FLAG_MESSAGE_BEGIN (1 << 7)
#define FLAG_MESSAGE_END (1 << 6)
#define FLAG_CHUNK (1 << 5)
#define FLAG_SHORT_RECORD (1 << 4)
#define FLAG_ID_LENGTH_PRESENT (1 << 3)
+#define FLAG_TNF_NFC_FORUM (0x01)
#define FLAG_TNF_RFC2046 (0x02)
struct ndef_record {
@@ -168,3 +168,78 @@
FLAG_TNF_RFC2046, wifi_handover_type,
os_strlen(wifi_handover_type), NULL, 0, buf);
}
+
+
+struct wpabuf * ndef_build_wifi_hr(void)
+{
+ struct wpabuf *rn, *cr, *ac_payload, *ac, *hr_payload, *hr;
+ struct wpabuf *carrier, *hc;
+
+ rn = wpabuf_alloc(2);
+ if (rn == NULL)
+ return NULL;
+ wpabuf_put_be16(rn, os_random() & 0xffff);
+
+ cr = ndef_build_record(FLAG_MESSAGE_BEGIN | FLAG_TNF_NFC_FORUM, "cr", 2,
+ NULL, 0, rn);
+ wpabuf_free(rn);
+
+ if (cr == NULL)
+ return NULL;
+
+ ac_payload = wpabuf_alloc(4);
+ if (ac_payload == NULL) {
+ wpabuf_free(cr);
+ return NULL;
+ }
+ wpabuf_put_u8(ac_payload, 0x01); /* Carrier Flags: CRS=1 "active" */
+ wpabuf_put_u8(ac_payload, 0x01); /* Carrier Data Reference Length */
+ wpabuf_put_u8(ac_payload, '0'); /* Carrier Data Reference: "0" */
+ wpabuf_put_u8(ac_payload, 0); /* Aux Data Reference Count */
+
+ ac = ndef_build_record(FLAG_MESSAGE_END | FLAG_TNF_NFC_FORUM, "ac", 2,
+ NULL, 0, ac_payload);
+ wpabuf_free(ac_payload);
+ if (ac == NULL) {
+ wpabuf_free(cr);
+ return NULL;
+ }
+
+ hr_payload = wpabuf_alloc(1 + wpabuf_len(cr) + wpabuf_len(ac));
+ if (hr_payload == NULL) {
+ wpabuf_free(cr);
+ wpabuf_free(ac);
+ return NULL;
+ }
+
+ wpabuf_put_u8(hr_payload, 0x12); /* Connection Handover Version 1.2 */
+ wpabuf_put_buf(hr_payload, cr);
+ wpabuf_put_buf(hr_payload, ac);
+ wpabuf_free(cr);
+ wpabuf_free(ac);
+
+ hr = ndef_build_record(FLAG_MESSAGE_BEGIN | FLAG_TNF_NFC_FORUM, "Hr", 2,
+ NULL, 0, hr_payload);
+ wpabuf_free(hr_payload);
+ if (hr == NULL)
+ return NULL;
+
+ carrier = wpabuf_alloc(2 + os_strlen(wifi_handover_type));
+ if (carrier == NULL) {
+ wpabuf_free(hr);
+ return NULL;
+ }
+ wpabuf_put_u8(carrier, 0x02); /* Carrier Type Format */
+ wpabuf_put_u8(carrier, os_strlen(wifi_handover_type));
+ wpabuf_put_str(carrier, wifi_handover_type);
+
+ hc = ndef_build_record(FLAG_MESSAGE_END | FLAG_TNF_NFC_FORUM, "Hc", 2,
+ "0", 1, carrier);
+ wpabuf_free(carrier);
+ if (hc == NULL) {
+ wpabuf_free(hr);
+ return NULL;
+ }
+
+ return wpabuf_concat(hr, hc);
+}
diff --git a/src/wps/wps.c b/src/wps/wps.c
index 4c2322d..2575705 100644
--- a/src/wps/wps.c
+++ b/src/wps/wps.c
@@ -45,8 +45,7 @@
os_memcpy(data->uuid_e, cfg->wps->uuid, WPS_UUID_LEN);
}
if (cfg->pin) {
- data->dev_pw_id = data->wps->oob_dev_pw_id == 0 ?
- cfg->dev_pw_id : data->wps->oob_dev_pw_id;
+ data->dev_pw_id = cfg->dev_pw_id;
data->dev_password = os_malloc(cfg->pin_len);
if (data->dev_password == NULL) {
os_free(data);
@@ -110,6 +109,7 @@
data->new_ap_settings =
os_malloc(sizeof(*data->new_ap_settings));
if (data->new_ap_settings == NULL) {
+ os_free(data->dev_password);
os_free(data);
return NULL;
}
diff --git a/src/wps/wps.h b/src/wps/wps.h
index c45b68c..c6b7099 100644
--- a/src/wps/wps.h
+++ b/src/wps/wps.h
@@ -42,6 +42,7 @@
* @cred_attr: Unparsed Credential attribute data (used only in cred_cb());
* this may be %NULL, if not used
* @cred_attr_len: Length of cred_attr in octets
+ * @ap_channel: AP channel
*/
struct wps_credential {
u8 ssid[32];
@@ -54,6 +55,7 @@
u8 mac_addr[ETH_ALEN];
const u8 *cred_attr;
size_t cred_attr_len;
+ u16 ap_channel;
};
#define WPS_DEV_TYPE_LEN 8
@@ -101,17 +103,6 @@
int p2p;
};
-struct oob_conf_data {
- enum {
- OOB_METHOD_UNKNOWN = 0,
- OOB_METHOD_DEV_PWD_E,
- OOB_METHOD_DEV_PWD_R,
- OOB_METHOD_CRED,
- } oob_method;
- struct wpabuf *dev_password;
- struct wpabuf *pubkey_hash;
-};
-
/**
* struct wps_config - WPS configuration for a single registration protocol run
*/
@@ -617,16 +608,6 @@
struct wps_device_data dev;
/**
- * oob_conf - OOB Config data
- */
- struct oob_conf_data oob_conf;
-
- /**
- * oob_dev_pw_id - OOB Device password id
- */
- u16 oob_dev_pw_id;
-
- /**
* dh_ctx - Context data for Diffie-Hellman operation
*/
void *dh_ctx;
@@ -764,23 +745,6 @@
struct wpabuf *ap_nfc_dev_pw;
};
-struct oob_device_data {
- char *device_name;
- char *device_path;
- void * (*init_func)(struct wps_context *, struct oob_device_data *,
- int);
- struct wpabuf * (*read_func)(void *);
- int (*write_func)(void *, struct wpabuf *);
- void (*deinit_func)(void *);
-};
-
-struct oob_nfc_device_data {
- int (*init_func)(char *);
- void * (*read_func)(size_t *);
- int (*write_func)(void *, size_t);
- void (*deinit_func)(void);
-};
-
struct wps_registrar *
wps_registrar_init(struct wps_context *wps,
const struct wps_registrar_config *cfg);
@@ -819,11 +783,6 @@
int wps_pin_str_valid(const char *pin);
void wps_free_pending_msgs(struct upnp_pending_message *msgs);
-struct oob_device_data * wps_get_oob_device(char *device_type);
-struct oob_nfc_device_data * wps_get_oob_nfc_device(char *device_name);
-int wps_get_oob_method(char *method);
-int wps_process_oob(struct wps_context *wps, struct oob_device_data *oob_dev,
- int registrar);
struct wpabuf * wps_get_oob_cred(struct wps_context *wps);
int wps_oob_use_cred(struct wps_context *wps, struct wps_parse_attr *attr);
int wps_attr_text(struct wpabuf *data, char *buf, char *end);
@@ -858,6 +817,7 @@
/* ndef.c */
struct wpabuf * ndef_parse_wifi(const struct wpabuf *buf);
struct wpabuf * ndef_build_wifi(const struct wpabuf *buf);
+struct wpabuf * ndef_build_wifi_hr(void);
#ifdef CONFIG_WPS_STRICT
int wps_validate_beacon(const struct wpabuf *wps_ie);
diff --git a/src/wps/wps_attr_build.c b/src/wps/wps_attr_build.c
index 9be30b9..29aee8e 100644
--- a/src/wps/wps_attr_build.c
+++ b/src/wps/wps_attr_build.c
@@ -368,38 +368,6 @@
return 0;
}
-
-
-int wps_build_oob_dev_password(struct wpabuf *msg, struct wps_context *wps)
-{
- u8 dev_password_bin[WPS_OOB_DEVICE_PASSWORD_LEN];
-
- wpa_printf(MSG_DEBUG, "WPS: * OOB Device Password");
-
- if (os_get_random((u8 *) &wps->oob_dev_pw_id, sizeof(u16)) < 0) {
- wpa_printf(MSG_ERROR, "WPS: device password id "
- "generation error");
- return -1;
- }
- wps->oob_dev_pw_id |= 0x0010;
-
- if (random_get_bytes(dev_password_bin, WPS_OOB_DEVICE_PASSWORD_LEN) <
- 0) {
- wpa_printf(MSG_ERROR, "WPS: OOB device password "
- "generation error");
- return -1;
- }
-
- wpa_snprintf_hex_uppercase(
- wpabuf_put(wps->oob_conf.dev_password,
- wpabuf_size(wps->oob_conf.dev_password)),
- wpabuf_size(wps->oob_conf.dev_password),
- dev_password_bin, WPS_OOB_DEVICE_PASSWORD_LEN);
-
- return wps_build_oob_dev_pw(msg, wps->oob_dev_pw_id, wps->dh_pubkey,
- dev_password_bin,
- WPS_OOB_DEVICE_PASSWORD_LEN);
-}
#endif /* CONFIG_WPS_OOB */
diff --git a/src/wps/wps_attr_parse.c b/src/wps/wps_attr_parse.c
index 5aa9b00..3999b1b 100644
--- a/src/wps/wps_attr_parse.c
+++ b/src/wps/wps_attr_parse.c
@@ -542,6 +542,14 @@
if (wps_parse_vendor_ext(attr, pos, len) < 0)
return -1;
break;
+ case ATTR_AP_CHANNEL:
+ if (len != 2) {
+ wpa_printf(MSG_DEBUG, "WPS: Invalid AP Channel "
+ "length %u", len);
+ return -1;
+ }
+ attr->ap_channel = pos;
+ break;
default:
wpa_printf(MSG_DEBUG, "WPS: Unsupported attribute type 0x%x "
"len=%u", type, len);
diff --git a/src/wps/wps_attr_parse.h b/src/wps/wps_attr_parse.h
index 332e966..88e51a4 100644
--- a/src/wps/wps_attr_parse.h
+++ b/src/wps/wps_attr_parse.h
@@ -56,6 +56,7 @@
const u8 *settings_delay_time; /* 1 octet */
const u8 *network_key_shareable; /* 1 octet (Bool) */
const u8 *request_to_enroll; /* 1 octet (Bool) */
+ const u8 *ap_channel; /* 2 octets */
/* variable length fields */
const u8 *manufacturer;
diff --git a/src/wps/wps_attr_process.c b/src/wps/wps_attr_process.c
index d4c6e88..b81f106 100644
--- a/src/wps/wps_attr_process.c
+++ b/src/wps/wps_attr_process.c
@@ -258,6 +258,19 @@
}
+static int wps_process_cred_ap_channel(struct wps_credential *cred,
+ const u8 *ap_channel)
+{
+ if (ap_channel == NULL)
+ return 0; /* optional attribute */
+
+ cred->ap_channel = WPA_GET_BE16(ap_channel);
+ wpa_printf(MSG_DEBUG, "WPS: AP Channel: %u", cred->ap_channel);
+
+ return 0;
+}
+
+
static int wps_workaround_cred_key(struct wps_credential *cred)
{
if (cred->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK) &&
@@ -303,7 +316,8 @@
wps_process_cred_eap_identity(cred, attr->eap_identity,
attr->eap_identity_len) ||
wps_process_cred_key_prov_auto(cred, attr->key_prov_auto) ||
- wps_process_cred_802_1x_enabled(cred, attr->dot1x_enabled))
+ wps_process_cred_802_1x_enabled(cred, attr->dot1x_enabled) ||
+ wps_process_cred_ap_channel(cred, attr->ap_channel))
return -1;
return wps_workaround_cred_key(cred);
diff --git a/src/wps/wps_common.c b/src/wps/wps_common.c
index 5a8817f..68d9f0a 100644
--- a/src/wps/wps_common.c
+++ b/src/wps/wps_common.c
@@ -375,84 +375,6 @@
}
-static struct wpabuf * wps_get_oob_dev_pwd(struct wps_context *wps)
-{
- struct wpabuf *data;
-
- data = wpabuf_alloc(200);
- if (data == NULL) {
- wpa_printf(MSG_ERROR, "WPS: Failed to allocate memory for OOB "
- "device password attribute");
- return NULL;
- }
-
- wpabuf_free(wps->oob_conf.dev_password);
- wps->oob_conf.dev_password =
- wpabuf_alloc(WPS_OOB_DEVICE_PASSWORD_LEN * 2 + 1);
- if (wps->oob_conf.dev_password == NULL) {
- wpa_printf(MSG_ERROR, "WPS: Failed to allocate memory for OOB "
- "device password");
- wpabuf_free(data);
- return NULL;
- }
-
- if (wps_build_version(data) ||
- wps_build_oob_dev_password(data, wps) ||
- wps_build_wfa_ext(data, 0, NULL, 0)) {
- wpa_printf(MSG_ERROR, "WPS: Build OOB device password "
- "attribute error");
- wpabuf_free(data);
- return NULL;
- }
-
- return data;
-}
-
-
-static int wps_parse_oob_dev_pwd(struct wps_context *wps,
- struct wpabuf *data)
-{
- struct oob_conf_data *oob_conf = &wps->oob_conf;
- struct wps_parse_attr attr;
- const u8 *pos;
- size_t pw_len;
-
- if (wps_parse_msg(data, &attr) < 0 ||
- attr.oob_dev_password == NULL) {
- wpa_printf(MSG_ERROR, "WPS: OOB device password not found");
- return -1;
- }
-
- pos = attr.oob_dev_password;
-
- wpabuf_free(oob_conf->pubkey_hash);
- oob_conf->pubkey_hash =
- wpabuf_alloc_copy(pos, WPS_OOB_PUBKEY_HASH_LEN);
- if (oob_conf->pubkey_hash == NULL) {
- wpa_printf(MSG_ERROR, "WPS: Failed to allocate memory for OOB "
- "public key hash");
- return -1;
- }
- pos += WPS_OOB_PUBKEY_HASH_LEN;
-
- wps->oob_dev_pw_id = WPA_GET_BE16(pos);
- pos += sizeof(wps->oob_dev_pw_id);
-
- pw_len = attr.oob_dev_password_len - WPS_OOB_PUBKEY_HASH_LEN - 2;
- oob_conf->dev_password = wpabuf_alloc(pw_len * 2 + 1);
- if (oob_conf->dev_password == NULL) {
- wpa_printf(MSG_ERROR, "WPS: Failed to allocate memory for OOB "
- "device password");
- return -1;
- }
- wpa_snprintf_hex_uppercase(wpabuf_put(oob_conf->dev_password,
- pw_len * 2 + 1),
- pw_len * 2 + 1, pos, pw_len);
-
- return 0;
-}
-
-
int wps_oob_use_cred(struct wps_context *wps, struct wps_parse_attr *attr)
{
struct wpabuf msg;
@@ -477,107 +399,6 @@
}
-static int wps_parse_oob_cred(struct wps_context *wps, struct wpabuf *data)
-{
- struct wps_parse_attr attr;
-
- if (wps_parse_msg(data, &attr) < 0 || attr.num_cred <= 0) {
- wpa_printf(MSG_ERROR, "WPS: OOB credential not found");
- return -1;
- }
-
- return wps_oob_use_cred(wps, &attr);
-}
-
-
-int wps_process_oob(struct wps_context *wps, struct oob_device_data *oob_dev,
- int registrar)
-{
- struct wpabuf *data;
- int ret, write_f, oob_method = wps->oob_conf.oob_method;
- void *oob_priv;
-
- write_f = oob_method == OOB_METHOD_DEV_PWD_E ? !registrar : registrar;
-
- oob_priv = oob_dev->init_func(wps, oob_dev, registrar);
- if (oob_priv == NULL) {
- wpa_printf(MSG_ERROR, "WPS: Failed to initialize OOB device");
- return -1;
- }
-
- if (write_f) {
- if (oob_method == OOB_METHOD_CRED)
- data = wps_get_oob_cred(wps);
- else
- data = wps_get_oob_dev_pwd(wps);
-
- ret = 0;
- if (data == NULL || oob_dev->write_func(oob_priv, data) < 0)
- ret = -1;
- } else {
- data = oob_dev->read_func(oob_priv);
- if (data == NULL)
- ret = -1;
- else {
- if (oob_method == OOB_METHOD_CRED)
- ret = wps_parse_oob_cred(wps, data);
- else
- ret = wps_parse_oob_dev_pwd(wps, data);
- }
- }
- wpabuf_free(data);
- oob_dev->deinit_func(oob_priv);
-
- if (ret < 0) {
- wpa_printf(MSG_ERROR, "WPS: Failed to process OOB data");
- return -1;
- }
-
- return 0;
-}
-
-
-struct oob_device_data * wps_get_oob_device(char *device_type)
-{
-#ifdef CONFIG_WPS_UFD
- if (os_strstr(device_type, "ufd") != NULL)
- return &oob_ufd_device_data;
-#endif /* CONFIG_WPS_UFD */
-#ifdef CONFIG_WPS_NFC
- if (os_strstr(device_type, "nfc") != NULL)
- return &oob_nfc_device_data;
-#endif /* CONFIG_WPS_NFC */
-
- return NULL;
-}
-
-
-#ifdef CONFIG_WPS_NFC
-struct oob_nfc_device_data * wps_get_oob_nfc_device(char *device_name)
-{
- if (device_name == NULL)
- return NULL;
-#ifdef CONFIG_WPS_NFC_PN531
- if (os_strstr(device_name, "pn531") != NULL)
- return &oob_nfc_pn531_device_data;
-#endif /* CONFIG_WPS_NFC_PN531 */
-
- return NULL;
-}
-#endif /* CONFIG_WPS_NFC */
-
-
-int wps_get_oob_method(char *method)
-{
- if (os_strstr(method, "pin-e") != NULL)
- return OOB_METHOD_DEV_PWD_E;
- if (os_strstr(method, "pin-r") != NULL)
- return OOB_METHOD_DEV_PWD_R;
- if (os_strstr(method, "cred") != NULL)
- return OOB_METHOD_CRED;
- return OOB_METHOD_UNKNOWN;
-}
-
#endif /* CONFIG_WPS_OOB */
@@ -657,15 +478,10 @@
#ifdef CONFIG_WPS2
methods |= WPS_CONFIG_VIRT_DISPLAY;
#endif /* CONFIG_WPS2 */
-#ifdef CONFIG_WPS_UFD
- methods |= WPS_CONFIG_USBA;
-#endif /* CONFIG_WPS_UFD */
#ifdef CONFIG_WPS_NFC
methods |= WPS_CONFIG_NFC_INTERFACE;
#endif /* CONFIG_WPS_NFC */
} else {
- if (os_strstr(str, "usba"))
- methods |= WPS_CONFIG_USBA;
if (os_strstr(str, "ethernet"))
methods |= WPS_CONFIG_ETHERNET;
if (os_strstr(str, "label"))
diff --git a/src/wps/wps_enrollee.c b/src/wps/wps_enrollee.c
index 389aa84..837b941 100644
--- a/src/wps/wps_enrollee.c
+++ b/src/wps/wps_enrollee.c
@@ -523,23 +523,6 @@
return -1;
}
-#ifdef CONFIG_WPS_OOB
- if (wps->dev_pw_id != DEV_PW_DEFAULT &&
- wps->wps->oob_conf.pubkey_hash) {
- const u8 *addr[1];
- u8 hash[WPS_HASH_LEN];
-
- addr[0] = pk;
- sha256_vector(1, addr, &pk_len, hash);
- if (os_memcmp(hash,
- wpabuf_head(wps->wps->oob_conf.pubkey_hash),
- WPS_OOB_PUBKEY_HASH_LEN) != 0) {
- wpa_printf(MSG_ERROR, "WPS: Public Key hash error");
- return -1;
- }
- }
-#endif /* CONFIG_WPS_OOB */
-
wpabuf_free(wps->dh_pubkey_r);
wps->dh_pubkey_r = wpabuf_alloc_copy(pk, pk_len);
if (wps->dh_pubkey_r == NULL)
@@ -665,6 +648,7 @@
{
struct wps_parse_attr attr;
struct wpabuf msg;
+ int ret = 0;
wpa_printf(MSG_DEBUG, "WPS: Received Credential");
os_memset(&wps->cred, 0, sizeof(wps->cred));
@@ -714,12 +698,12 @@
if (wps->wps->cred_cb) {
wps->cred.cred_attr = cred - 4;
wps->cred.cred_attr_len = cred_len + 4;
- wps->wps->cred_cb(wps->wps->cb_ctx, &wps->cred);
+ ret = wps->wps->cred_cb(wps->wps->cb_ctx, &wps->cred);
wps->cred.cred_attr = NULL;
wps->cred.cred_attr_len = 0;
}
- return 0;
+ return ret;
}
diff --git a/src/wps/wps_i.h b/src/wps/wps_i.h
index 86ad248..8110894 100644
--- a/src/wps/wps_i.h
+++ b/src/wps/wps_i.h
@@ -137,10 +137,6 @@
void wps_pbc_overlap_event(struct wps_context *wps);
void wps_pbc_timeout_event(struct wps_context *wps);
-extern struct oob_device_data oob_ufd_device_data;
-extern struct oob_device_data oob_nfc_device_data;
-extern struct oob_nfc_device_data oob_nfc_pn531_device_data;
-
struct wpabuf * wps_build_wsc_ack(struct wps_data *wps);
struct wpabuf * wps_build_wsc_nack(struct wps_data *wps);
@@ -169,7 +165,6 @@
int wps_build_oob_dev_pw(struct wpabuf *msg, u16 dev_pw_id,
const struct wpabuf *pubkey, const u8 *dev_pw,
size_t dev_pw_len);
-int wps_build_oob_dev_password(struct wpabuf *msg, struct wps_context *wps);
struct wpabuf * wps_ie_encapsulate(struct wpabuf *data);
/* wps_attr_process.c */
diff --git a/src/wps/wps_nfc.c b/src/wps/wps_nfc.c
deleted file mode 100644
index 6804350..0000000
--- a/src/wps/wps_nfc.c
+++ /dev/null
@@ -1,111 +0,0 @@
-/*
- * NFC routines for Wi-Fi Protected Setup
- * Copyright (c) 2009-2012, Masashi Honma <masashi.honma@gmail.com>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-#include "common.h"
-
-#include "wps/wps.h"
-#include "wps_i.h"
-
-
-struct wps_nfc_data {
- struct oob_nfc_device_data *oob_nfc_dev;
-};
-
-
-static void * init_nfc(struct wps_context *wps,
- struct oob_device_data *oob_dev, int registrar)
-{
- struct oob_nfc_device_data *oob_nfc_dev;
- struct wps_nfc_data *data;
-
- oob_nfc_dev = wps_get_oob_nfc_device(oob_dev->device_name);
- if (oob_nfc_dev == NULL) {
- wpa_printf(MSG_ERROR, "WPS (NFC): Unknown NFC device (%s)",
- oob_dev->device_name);
- return NULL;
- }
-
- if (oob_nfc_dev->init_func(oob_dev->device_path) < 0)
- return NULL;
-
- data = os_zalloc(sizeof(*data));
- if (data == NULL) {
- wpa_printf(MSG_ERROR, "WPS (NFC): Failed to allocate "
- "nfc data area");
- return NULL;
- }
- data->oob_nfc_dev = oob_nfc_dev;
- return data;
-}
-
-
-static struct wpabuf * read_nfc(void *priv)
-{
- struct wps_nfc_data *data = priv;
- struct wpabuf *wifi, *buf;
- char *raw_data;
- size_t len;
-
- raw_data = data->oob_nfc_dev->read_func(&len);
- if (raw_data == NULL)
- return NULL;
-
- wifi = wpabuf_alloc_copy(raw_data, len);
- os_free(raw_data);
- if (wifi == NULL) {
- wpa_printf(MSG_ERROR, "WPS (NFC): Failed to allocate "
- "nfc read area");
- return NULL;
- }
-
- buf = ndef_parse_wifi(wifi);
- wpabuf_free(wifi);
- if (buf == NULL)
- wpa_printf(MSG_ERROR, "WPS (NFC): Failed to unwrap");
- return buf;
-}
-
-
-static int write_nfc(void *priv, struct wpabuf *buf)
-{
- struct wps_nfc_data *data = priv;
- struct wpabuf *wifi;
- int ret;
-
- wifi = ndef_build_wifi(buf);
- if (wifi == NULL) {
- wpa_printf(MSG_ERROR, "WPS (NFC): Failed to wrap");
- return -1;
- }
-
- ret = data->oob_nfc_dev->write_func(wpabuf_mhead(wifi),
- wpabuf_len(wifi));
- wpabuf_free(wifi);
- return ret;
-}
-
-
-static void deinit_nfc(void *priv)
-{
- struct wps_nfc_data *data = priv;
-
- data->oob_nfc_dev->deinit_func();
-
- os_free(data);
-}
-
-
-struct oob_device_data oob_nfc_device_data = {
- .device_name = NULL,
- .device_path = NULL,
- .init_func = init_nfc,
- .read_func = read_nfc,
- .write_func = write_nfc,
- .deinit_func = deinit_nfc,
-};
diff --git a/src/wps/wps_nfc_pn531.c b/src/wps/wps_nfc_pn531.c
deleted file mode 100644
index c2bf457..0000000
--- a/src/wps/wps_nfc_pn531.c
+++ /dev/null
@@ -1,107 +0,0 @@
-/*
- * NFC PN531 routines for Wi-Fi Protected Setup
- * Copyright (c) 2009-2012, Masashi Honma <masashi.honma@gmail.com>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-#include "common.h"
-
-#include "wps/wps.h"
-#include "wps_i.h"
-
-#include "WpsNfcType.h"
-#include "WpsNfc.h"
-
-
-static int init_nfc_pn531(char *path)
-{
- u32 ret;
-
- ret = WpsNfcInit();
- if (ret != WPS_NFCLIB_ERR_SUCCESS) {
- wpa_printf(MSG_ERROR, "WPS (PN531): Failed to initialize "
- "NFC Library: 0x%08x", ret);
- return -1;
- }
-
- ret = WpsNfcOpenDevice((int8 *) path);
- if (ret != WPS_NFCLIB_ERR_SUCCESS) {
- wpa_printf(MSG_ERROR, "WPS (PN531): Failed to open "
- "NFC Device(%s): 0x%08x", path, ret);
- goto fail;
- }
-
- ret = WpsNfcTokenDiscovery();
- if (ret != WPS_NFCLIB_ERR_SUCCESS) {
- wpa_printf(MSG_ERROR, "WPS (PN531): Failed to discover "
- "token: 0x%08x", ret);
- WpsNfcCloseDevice();
- goto fail;
- }
-
- return 0;
-
-fail:
- WpsNfcDeinit();
- return -1;
-}
-
-
-static void * read_nfc_pn531(size_t *size)
-{
- uint32 len;
- u32 ret;
- int8 *data;
-
- ret = WpsNfcRawReadToken(&data, &len);
- if (ret != WPS_NFCLIB_ERR_SUCCESS) {
- wpa_printf(MSG_ERROR, "WPS (PN531): Failed to read: 0x%08x",
- ret);
- return NULL;
- }
-
- *size = len;
- return data;
-}
-
-
-static int write_nfc_pn531(void *data, size_t len)
-{
- u32 ret;
-
- ret = WpsNfcRawWriteToken(data, len);
- if (ret != WPS_NFCLIB_ERR_SUCCESS) {
- wpa_printf(MSG_ERROR, "WPS (PN531): Failed to write: 0x%08x",
- ret);
- return -1;
- }
-
- return 0;
-}
-
-
-static void deinit_nfc_pn531(void)
-{
- u32 ret;
-
- ret = WpsNfcCloseDevice();
- if (ret != WPS_NFCLIB_ERR_SUCCESS)
- wpa_printf(MSG_ERROR, "WPS (PN531): Failed to close "
- "NFC Device: 0x%08x", ret);
-
- ret = WpsNfcDeinit();
- if (ret != WPS_NFCLIB_ERR_SUCCESS)
- wpa_printf(MSG_ERROR, "WPS (PN531): Failed to deinitialize "
- "NFC Library: 0x%08x", ret);
-}
-
-
-struct oob_nfc_device_data oob_nfc_pn531_device_data = {
- .init_func = init_nfc_pn531,
- .read_func = read_nfc_pn531,
- .write_func = write_nfc_pn531,
- .deinit_func = deinit_nfc_pn531,
-};
diff --git a/src/wps/wps_registrar.c b/src/wps/wps_registrar.c
index 53684d6..b24836e 100644
--- a/src/wps/wps_registrar.c
+++ b/src/wps/wps_registrar.c
@@ -180,6 +180,9 @@
u8 authorized_macs_union[WPS_MAX_AUTHORIZED_MACS][ETH_ALEN];
u8 p2p_dev_addr[ETH_ALEN];
+
+ u8 pbc_ignore_uuid[WPS_UUID_LEN];
+ struct os_time pbc_ignore_start;
};
@@ -187,6 +190,8 @@
static void wps_registrar_pbc_timeout(void *eloop_ctx, void *timeout_ctx);
static void wps_registrar_set_selected_timeout(void *eloop_ctx,
void *timeout_ctx);
+static void wps_registrar_remove_pin(struct wps_registrar *reg,
+ struct wps_uuid_pin *pin);
static void wps_registrar_add_authorized_mac(struct wps_registrar *reg,
@@ -696,6 +701,21 @@
}
+static void wps_registrar_invalidate_unused(struct wps_registrar *reg)
+{
+ struct wps_uuid_pin *pin;
+
+ dl_list_for_each(pin, ®->pins, struct wps_uuid_pin, list) {
+ if (pin->wildcard_uuid == 1 && !(pin->flags & PIN_LOCKED)) {
+ wpa_printf(MSG_DEBUG, "WPS: Invalidate previously "
+ "configured wildcard PIN");
+ wps_registrar_remove_pin(reg, pin);
+ break;
+ }
+ }
+}
+
+
/**
* wps_registrar_add_pin - Configure a new PIN for Registrar
* @reg: Registrar data from wps_registrar_init()
@@ -735,6 +755,9 @@
p->expiration.sec += timeout;
}
+ if (p->wildcard_uuid)
+ wps_registrar_invalidate_unused(reg);
+
dl_list_add(®->pins, &p->list);
wpa_printf(MSG_DEBUG, "WPS: A new PIN configured (timeout=%d)",
@@ -1015,6 +1038,8 @@
wps_registrar_remove_pbc_session(registrar,
uuid_e, NULL);
wps_registrar_pbc_completed(registrar);
+ os_get_time(®istrar->pbc_ignore_start);
+ os_memcpy(registrar->pbc_ignore_uuid, uuid_e, WPS_UUID_LEN);
} else {
wps_registrar_pin_completed(registrar);
}
@@ -1061,6 +1086,7 @@
int p2p_wildcard)
{
struct wps_parse_attr attr;
+ int skip_add = 0;
wpa_hexdump_buf(MSG_MSGDUMP,
"WPS: Probe Request with WPS data received",
@@ -1112,7 +1138,24 @@
wpa_hexdump(MSG_DEBUG, "WPS: UUID-E from Probe Request", attr.uuid_e,
WPS_UUID_LEN);
- wps_registrar_add_pbc_session(reg, addr, attr.uuid_e);
+#ifdef WPS_WORKAROUNDS
+ if (reg->pbc_ignore_start.sec &&
+ os_memcmp(attr.uuid_e, reg->pbc_ignore_uuid, WPS_UUID_LEN) == 0) {
+ struct os_time now, dur;
+ os_get_time(&now);
+ os_time_sub(&now, ®->pbc_ignore_start, &dur);
+ if (dur.sec >= 0 && dur.sec < 5) {
+ wpa_printf(MSG_DEBUG, "WPS: Ignore PBC activation "
+ "based on Probe Request from the Enrollee "
+ "that just completed PBC provisioning");
+ skip_add = 1;
+ } else
+ reg->pbc_ignore_start.sec = 0;
+ }
+#endif /* WPS_WORKAROUNDS */
+
+ if (!skip_add)
+ wps_registrar_add_pbc_session(reg, addr, attr.uuid_e);
if (wps_registrar_pbc_overlap(reg, addr, attr.uuid_e)) {
wpa_printf(MSG_DEBUG, "WPS: PBC session overlap detected");
reg->force_pbc_overlap = 1;
@@ -2218,22 +2261,6 @@
return -1;
}
-#ifdef CONFIG_WPS_OOB
- if (wps->wps->oob_conf.pubkey_hash != NULL) {
- const u8 *addr[1];
- u8 hash[WPS_HASH_LEN];
-
- addr[0] = pk;
- sha256_vector(1, addr, &pk_len, hash);
- if (os_memcmp(hash,
- wpabuf_head(wps->wps->oob_conf.pubkey_hash),
- WPS_OOB_PUBKEY_HASH_LEN) != 0) {
- wpa_printf(MSG_ERROR, "WPS: Public Key hash error");
- return -1;
- }
- }
-#endif /* CONFIG_WPS_OOB */
-
wpabuf_free(wps->dh_pubkey_e);
wps->dh_pubkey_e = wpabuf_alloc_copy(pk, pk_len);
if (wps->dh_pubkey_e == NULL)
@@ -2529,16 +2556,6 @@
}
#endif /* CONFIG_WPS_NFC */
-#ifdef CONFIG_WPS_OOB
- if (wps->dev_pw_id >= 0x10 && wps->nfc_pw_token == NULL &&
- wps->dev_pw_id != wps->wps->oob_dev_pw_id) {
- wpa_printf(MSG_DEBUG, "WPS: OOB Device Password ID "
- "%d mismatch", wps->dev_pw_id);
- wps->state = SEND_M2D;
- return WPS_CONTINUE;
- }
-#endif /* CONFIG_WPS_OOB */
-
if (wps->dev_pw_id == DEV_PW_PUSHBUTTON) {
if ((wps->wps->registrar->force_pbc_overlap ||
wps_registrar_pbc_overlap(wps->wps->registrar,
@@ -3168,6 +3185,9 @@
wps->uuid_e,
wps->p2p_dev_addr);
wps_registrar_pbc_completed(wps->wps->registrar);
+ os_get_time(&wps->wps->registrar->pbc_ignore_start);
+ os_memcpy(wps->wps->registrar->pbc_ignore_uuid, wps->uuid_e,
+ WPS_UUID_LEN);
} else {
wps_registrar_pin_completed(wps->wps->registrar);
}
diff --git a/src/wps/wps_ufd.c b/src/wps/wps_ufd.c
deleted file mode 100644
index f83bdf4..0000000
--- a/src/wps/wps_ufd.c
+++ /dev/null
@@ -1,230 +0,0 @@
-/*
- * UFD routines for Wi-Fi Protected Setup
- * Copyright (c) 2009-2012, Masashi Honma <masashi.honma@gmail.com>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-#include "common.h"
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <dirent.h>
-
-#include "wps/wps.h"
-#include "wps/wps_i.h"
-
-#ifdef CONFIG_NATIVE_WINDOWS
-#define UFD_DIR1 "%s\\SMRTNTKY"
-#define UFD_DIR2 UFD_DIR1 "\\WFAWSC"
-#define UFD_FILE UFD_DIR2 "\\%s"
-#else /* CONFIG_NATIVE_WINDOWS */
-#define UFD_DIR1 "%s/SMRTNTKY"
-#define UFD_DIR2 UFD_DIR1 "/WFAWSC"
-#define UFD_FILE UFD_DIR2 "/%s"
-#endif /* CONFIG_NATIVE_WINDOWS */
-
-
-struct wps_ufd_data {
- int ufd_fd;
-};
-
-
-static int dev_pwd_e_file_filter(const struct dirent *entry)
-{
- unsigned int prefix;
- char ext[5];
-
- if (sscanf(entry->d_name, "%8x.%4s", &prefix, ext) != 2)
- return 0;
- if (prefix == 0)
- return 0;
- if (os_strcasecmp(ext, "WFA") != 0)
- return 0;
-
- return 1;
-}
-
-
-static int wps_get_dev_pwd_e_file_name(char *path, char *file_name)
-{
- struct dirent **namelist;
- int i, file_num;
-
- file_num = scandir(path, &namelist, &dev_pwd_e_file_filter,
- alphasort);
- if (file_num < 0) {
- wpa_printf(MSG_ERROR, "WPS: OOB file not found: %d (%s)",
- errno, strerror(errno));
- return -1;
- }
- if (file_num == 0) {
- wpa_printf(MSG_ERROR, "WPS: OOB file not found");
- os_free(namelist);
- return -1;
- }
- os_strlcpy(file_name, namelist[0]->d_name, 13);
- for (i = 0; i < file_num; i++)
- os_free(namelist[i]);
- os_free(namelist);
- return 0;
-}
-
-
-static int get_file_name(struct wps_context *wps, int registrar,
- const char *path, char *file_name)
-{
- switch (wps->oob_conf.oob_method) {
- case OOB_METHOD_CRED:
- os_snprintf(file_name, 13, "00000000.WSC");
- break;
- case OOB_METHOD_DEV_PWD_E:
- if (registrar) {
- char temp[128];
- os_snprintf(temp, sizeof(temp), UFD_DIR2, path);
- if (wps_get_dev_pwd_e_file_name(temp, file_name) < 0)
- return -1;
- } else {
- u8 *mac_addr = wps->dev.mac_addr;
-
- os_snprintf(file_name, 13, "%02X%02X%02X%02X.WFA",
- mac_addr[2], mac_addr[3], mac_addr[4],
- mac_addr[5]);
- }
- break;
- case OOB_METHOD_DEV_PWD_R:
- os_snprintf(file_name, 13, "00000000.WFA");
- break;
- default:
- wpa_printf(MSG_ERROR, "WPS: Invalid USBA OOB method");
- return -1;
- }
- return 0;
-}
-
-
-static int ufd_mkdir(const char *path)
-{
- if (mkdir(path, S_IRWXU) < 0 && errno != EEXIST) {
- wpa_printf(MSG_ERROR, "WPS (UFD): Failed to create directory "
- "'%s': %d (%s)", path, errno, strerror(errno));
- return -1;
- }
- return 0;
-}
-
-
-static void * init_ufd(struct wps_context *wps,
- struct oob_device_data *oob_dev, int registrar)
-{
- int write_f;
- char temp[128];
- char *path = oob_dev->device_path;
- char filename[13];
- struct wps_ufd_data *data;
- int ufd_fd;
-
- if (path == NULL)
- return NULL;
-
- write_f = wps->oob_conf.oob_method == OOB_METHOD_DEV_PWD_E ?
- !registrar : registrar;
-
- if (get_file_name(wps, registrar, path, filename) < 0) {
- wpa_printf(MSG_ERROR, "WPS (UFD): Failed to get file name");
- return NULL;
- }
-
- if (write_f) {
- os_snprintf(temp, sizeof(temp), UFD_DIR1, path);
- if (ufd_mkdir(temp))
- return NULL;
- os_snprintf(temp, sizeof(temp), UFD_DIR2, path);
- if (ufd_mkdir(temp))
- return NULL;
- }
-
- os_snprintf(temp, sizeof(temp), UFD_FILE, path, filename);
- if (write_f)
- ufd_fd = open(temp, O_WRONLY | O_CREAT | O_TRUNC,
- S_IRUSR | S_IWUSR);
- else
- ufd_fd = open(temp, O_RDONLY);
- if (ufd_fd < 0) {
- wpa_printf(MSG_ERROR, "WPS (UFD): Failed to open %s: %s",
- temp, strerror(errno));
- return NULL;
- }
-
- data = os_zalloc(sizeof(*data));
- if (data == NULL) {
- close(ufd_fd);
- return NULL;
- }
- data->ufd_fd = ufd_fd;
- return data;
-}
-
-
-static struct wpabuf * read_ufd(void *priv)
-{
- struct wps_ufd_data *data = priv;
- struct wpabuf *buf;
- struct stat s;
- size_t file_size;
-
- if (fstat(data->ufd_fd, &s) < 0) {
- wpa_printf(MSG_ERROR, "WPS (UFD): Failed to get file size");
- return NULL;
- }
-
- file_size = s.st_size;
- buf = wpabuf_alloc(file_size);
- if (buf == NULL) {
- wpa_printf(MSG_ERROR, "WPS (UFD): Failed to alloc read "
- "buffer");
- return NULL;
- }
-
- if (read(data->ufd_fd, wpabuf_mhead(buf), file_size) !=
- (int) file_size) {
- wpabuf_free(buf);
- wpa_printf(MSG_ERROR, "WPS (UFD): Failed to read");
- return NULL;
- }
- wpabuf_put(buf, file_size);
- return buf;
-}
-
-
-static int write_ufd(void *priv, struct wpabuf *buf)
-{
- struct wps_ufd_data *data = priv;
-
- if (write(data->ufd_fd, wpabuf_mhead(buf), wpabuf_len(buf)) !=
- (int) wpabuf_len(buf)) {
- wpa_printf(MSG_ERROR, "WPS (UFD): Failed to write");
- return -1;
- }
- return 0;
-}
-
-
-static void deinit_ufd(void *priv)
-{
- struct wps_ufd_data *data = priv;
- close(data->ufd_fd);
- os_free(data);
-}
-
-
-struct oob_device_data oob_ufd_device_data = {
- .device_name = NULL,
- .device_path = NULL,
- .init_func = init_ufd,
- .read_func = read_ufd,
- .write_func = write_ufd,
- .deinit_func = deinit_ufd,
-};