Cumulative patch from commit f10ff62e4eda7917a8e28fe492fd98723a5e97c4
f10ff62 Describe preferred mechanism for submitting contributions
fcdb359 Use "STATUS-NO_EVENTS" instead of "STATUS" in get_wpa_status function
73ed03f wpa_supplicant: Add GTK RSC relaxation workaround
ea6030c Restore previous wpa_state in scan-only result handler
1e74ae4 WNM: Clear BSS TM data if already associated with preferred candidate
d129b02 EAP-pwd: Add support for Brainpool Elliptic Curves
a34eace dbus: Remove unused dict helper functions
cdcb2d0 wpa_cli: Add support for vendor_elem_* commands
17b7032 EAP peer: Clear ignore flag in INITIALIZE state
1f1e619 Add test programs for checking libwpa_client linking
736b7cb wpa_supplicant/Makefile: Fix libwpa_client build
2e38079 TLS: Fix memory leak with multiple TLS server instances
7b0f550 eap_sim_db: Implement eap_sim_db_expire_pending()
45c3e72 Add frequency to operating class determination for 5 GHz 100..140
e50c50d dbus: Expose interface globals via D-Bus properties
1aa0fb7 dbus: Pass property description to getters/setters
c93b7e1 RSN: Check result of EAPOL-Key frame send request
95be79f Allow -1 as value to disable frag_threshold
bc50bb0 Extend the range of values for the RTS threshold
053693d hostapd: Add feature to start all interfaces at the same time in sync
9578413 Reserve QCA vendor specific nl80211 commands 110..114
5d4c508 Assign QCA commands and attributes for Tx power scaling and OTA testing
5d1d69a P2P: Filter control chars in group client device name similarly to peer
f67d1a0 TDLS: Do not send error case of TPK M3 if TX fails
1248e58 wpa_supplicant: Reopen debug log file upon receipt of SIGHUP signal
d8fd633 Do not write ERROR level log entries if debug file is not used
67deaa5 l2_packet: Add build option to disable Linux packet socket workaround
fa46426 RSN: Do not try to connect if PMF disabled and AP requires it
8acbe7f WNM: Verify WNM Sleep Mode element length
dacd789 WNM: Mark set TFS buffer const
...
f24b979 OpenSSL: Merge error returns
84d6a17 TLS: Remove unused tls_capabilities()
7867227 ms_funcs: Merge similar return cases
3596361 hw_features: Merge similar return case in check_40mhz_2g4()
aac1efe Reject the initial 4-way handshake if initial GTK setup fails
2da5256 Add backtrace-based error path testing mechanism
55413ce P2P: Do not allow 40 MHz co-ex PRI/SEC switch to force MCC
Next patches were skipped due to explicit cherry-pick:
bddc51e RSN: Stop connection attempt on apparent PMK mismatch
3fdaaa8 Throttle control interface event message bursts
a530fe7 Add wpa_supplicant EVENT_TEST control interface command
ee1e3f5 hostapd: Global control interface notifications
2e95cfc Add debug prints for wpa_supplicant ctrl_iface socket send operations
ce7d0eb Update AP WPA/RSN IE on all associations if driver can select BSS
844dfeb QCA vendor command support to set band to driver
Change-Id: I909996c5afcd3b5d123ea1e23c0e1212021f7625
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
diff --git a/src/Makefile b/src/Makefile
index 10e0171..c9e84c1 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -1,4 +1,5 @@
SUBDIRS=ap common crypto drivers eapol_auth eapol_supp eap_common eap_peer eap_server l2_packet p2p pae radius rsn_supp tls utils wps
+SUBDIRS += fst
all:
for d in $(SUBDIRS); do [ -d $$d ] && $(MAKE) -C $$d; done
diff --git a/src/ap/accounting.c b/src/ap/accounting.c
index a096de4..c60b3a6 100644
--- a/src/ap/accounting.c
+++ b/src/ap/accounting.c
@@ -1,6 +1,6 @@
/*
* hostapd / RADIUS Accounting
- * Copyright (c) 2002-2009, 2012, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2002-2009, 2012-2015, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -147,6 +147,15 @@
wpa_printf(MSG_ERROR, "Could not add CUI from ACL");
goto fail;
}
+
+ if (sta->ipaddr &&
+ !radius_msg_add_attr_int32(msg,
+ RADIUS_ATTR_FRAMED_IP_ADDRESS,
+ be_to_host32(sta->ipaddr))) {
+ wpa_printf(MSG_ERROR,
+ "Could not add Framed-IP-Address");
+ goto fail;
+ }
}
return msg;
diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c
index 455013a..cf9b2ce 100644
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@@ -38,6 +38,8 @@
void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)
{
+ dl_list_init(&bss->anqp_elem);
+
bss->logger_syslog_level = HOSTAPD_LEVEL_INFO;
bss->logger_stdout_level = HOSTAPD_LEVEL_INFO;
bss->logger_syslog = (unsigned int) -1;
@@ -63,6 +65,7 @@
bss->dtim_period = 2;
bss->radius_server_auth_port = 1812;
+ bss->eap_sim_db_timeout = 1;
bss->ap_max_inactivity = AP_MAX_INACTIVITY;
bss->eapol_version = EAPOL_VERSION;
@@ -172,6 +175,7 @@
conf->ap_table_max_size = 255;
conf->ap_table_expiration_time = 60;
+ conf->track_sta_max_age = 180;
#ifdef CONFIG_TESTING_OPTIONS
conf->ignore_probe_probability = 0.0;
@@ -179,6 +183,7 @@
conf->ignore_assoc_probability = 0.0;
conf->ignore_reassoc_probability = 0.0;
conf->corrupt_gtk_rekey_mic_probability = 0.0;
+ conf->ecsa_ie_only = 0;
#endif /* CONFIG_TESTING_OPTIONS */
conf->acs = 0;
@@ -409,6 +414,19 @@
}
+static void hostapd_config_free_anqp_elem(struct hostapd_bss_config *conf)
+{
+ struct anqp_element *elem;
+
+ while ((elem = dl_list_first(&conf->anqp_elem, struct anqp_element,
+ list))) {
+ dl_list_del(&elem->list);
+ wpabuf_free(elem->payload);
+ os_free(elem);
+ }
+}
+
+
void hostapd_config_free_bss(struct hostapd_bss_config *conf)
{
struct hostapd_eap_user *user, *prev_user;
@@ -522,6 +540,7 @@
os_free(conf->network_auth_type);
os_free(conf->anqp_3gpp_cell_net);
os_free(conf->domain_name);
+ hostapd_config_free_anqp_elem(conf);
#ifdef CONFIG_RADIUS_TEST
os_free(conf->dump_msk_file);
@@ -561,6 +580,13 @@
os_free(conf->server_id);
+#ifdef CONFIG_TESTING_OPTIONS
+ wpabuf_free(conf->own_ie_override);
+#endif /* CONFIG_TESTING_OPTIONS */
+
+ os_free(conf->no_probe_resp_if_seen_on);
+ os_free(conf->no_auth_if_seen_on);
+
os_free(conf);
}
@@ -967,10 +993,11 @@
bss->rsn_pairwise = WPA_CIPHER_CCMP;
} else {
bss->ssid.security_policy = SECURITY_PLAINTEXT;
- bss->wpa_group = WPA_CIPHER_NONE;
- bss->wpa_pairwise = WPA_CIPHER_NONE;
- bss->rsn_pairwise = WPA_CIPHER_NONE;
- if (full_config)
+ if (full_config) {
+ bss->wpa_group = WPA_CIPHER_NONE;
+ bss->wpa_pairwise = WPA_CIPHER_NONE;
+ bss->rsn_pairwise = WPA_CIPHER_NONE;
bss->wpa_key_mgmt = WPA_KEY_MGMT_NONE;
+ }
}
}
diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
index c14eeda..ff9dcb0 100644
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -1,6 +1,6 @@
/*
* hostapd / Configuration definitions and helpers functions
- * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -10,11 +10,13 @@
#define HOSTAPD_CONFIG_H
#include "common/defs.h"
+#include "utils/list.h"
#include "ip_addr.h"
#include "common/wpa_common.h"
#include "common/ieee802_11_defs.h"
#include "common/ieee802_11_common.h"
#include "wps/wps.h"
+#include "fst/fst.h"
/**
* mesh_conf - local MBSS state and settings
@@ -32,8 +34,8 @@
u8 mesh_sp_id;
/* Authentication Protocol Identifier */
u8 mesh_auth_id;
- u8 *ies;
- int ie_len;
+ u8 *rsn_ie;
+ int rsn_ie_len;
#define MESH_CONF_SEC_NONE BIT(0)
#define MESH_CONF_SEC_AUTH BIT(1)
#define MESH_CONF_SEC_AMPE BIT(2)
@@ -204,6 +206,13 @@
} eap_method[MAX_NAI_EAP_METHODS];
};
+struct anqp_element {
+ struct dl_list list;
+ u16 infoid;
+ struct wpabuf *payload;
+};
+
+
/**
* struct hostapd_bss_config - Per-BSS configuration
*/
@@ -230,6 +239,7 @@
struct hostapd_eap_user *eap_user;
char *eap_user_sqlite;
char *eap_sim_db;
+ unsigned int eap_sim_db_timeout;
int eap_server_erp; /* Whether ERP is enabled on internal EAP server */
struct hostapd_ip_addr own_ip_addr;
char *nas_identifier;
@@ -329,6 +339,7 @@
char *private_key;
char *private_key_passwd;
int check_crl;
+ unsigned int tls_session_lifetime;
char *ocsp_stapling_response;
char *dh_file;
char *openssl_ciphers;
@@ -356,6 +367,7 @@
int ap_max_inactivity;
int ignore_broadcast_ssid;
+ int no_probe_resp_if_max_sta;
int wmm_enabled;
int wmm_uapsd;
@@ -479,6 +491,8 @@
unsigned int nai_realm_count;
struct hostapd_nai_realm_data *nai_realm_data;
+ struct dl_list anqp_elem; /* list of struct anqp_element */
+
u16 gas_comeback_delay;
int gas_frag_limit;
@@ -543,6 +557,7 @@
#ifdef CONFIG_TESTING_OPTIONS
u8 bss_load_test[5];
u8 bss_load_test_set;
+ struct wpabuf *own_ie_override;
#endif /* CONFIG_TESTING_OPTIONS */
#define MESH_ENABLED BIT(0)
@@ -551,6 +566,9 @@
int radio_measurements;
int vendor_vht;
+
+ char *no_probe_resp_if_seen_on;
+ char *no_auth_if_seen_on;
};
@@ -583,6 +601,9 @@
int ap_table_max_size;
int ap_table_expiration_time;
+ unsigned int track_sta_max_num;
+ unsigned int track_sta_max_age;
+
char country[3]; /* first two octets: country code as described in
* ISO/IEC 3166-1. Third octet:
* ' ' (ascii 32): all environments
@@ -619,6 +640,7 @@
u16 ht_capab;
int ieee80211n;
int secondary_channel;
+ int no_pri_sec_switch;
int require_ht;
int obss_interval;
u32 vht_capab;
@@ -628,6 +650,10 @@
u8 vht_oper_centr_freq_seg0_idx;
u8 vht_oper_centr_freq_seg1_idx;
+#ifdef CONFIG_FST
+ struct fst_iface_cfg fst_cfg;
+#endif /* CONFIG_FST */
+
#ifdef CONFIG_P2P
u8 p2p_go_ctwindow;
#endif /* CONFIG_P2P */
@@ -638,6 +664,7 @@
double ignore_assoc_probability;
double ignore_reassoc_probability;
double corrupt_gtk_rekey_mic_probability;
+ int ecsa_ie_only;
#endif /* CONFIG_TESTING_OPTIONS */
#ifdef CONFIG_ACS
diff --git a/src/ap/ap_drv_ops.c b/src/ap/ap_drv_ops.c
index f3f7edd..656f0a7 100644
--- a/src/ap/ap_drv_ops.c
+++ b/src/ap/ap_drv_ops.c
@@ -81,6 +81,22 @@
wpabuf_put_data(proberesp, buf, pos - buf);
}
+#ifdef CONFIG_FST
+ if (hapd->iface->fst_ies) {
+ size_t add = wpabuf_len(hapd->iface->fst_ies);
+
+ if (wpabuf_resize(&beacon, add) < 0)
+ goto fail;
+ wpabuf_put_buf(beacon, hapd->iface->fst_ies);
+ if (wpabuf_resize(&proberesp, add) < 0)
+ goto fail;
+ wpabuf_put_buf(proberesp, hapd->iface->fst_ies);
+ if (wpabuf_resize(&assocresp, add) < 0)
+ goto fail;
+ wpabuf_put_buf(assocresp, hapd->iface->fst_ies);
+ }
+#endif /* CONFIG_FST */
+
if (hapd->wps_beacon_ie) {
if (wpabuf_resize(&beacon, wpabuf_len(hapd->wps_beacon_ie)) <
0)
@@ -633,7 +649,19 @@
{
if (hapd->driver == NULL || hapd->driver->send_mlme == NULL)
return 0;
- return hapd->driver->send_mlme(hapd->drv_priv, msg, len, noack, 0);
+ return hapd->driver->send_mlme(hapd->drv_priv, msg, len, noack, 0,
+ NULL, 0);
+}
+
+
+int hostapd_drv_send_mlme_csa(struct hostapd_data *hapd,
+ const void *msg, size_t len, int noack,
+ const u16 *csa_offs, size_t csa_offs_len)
+{
+ if (hapd->driver == NULL || hapd->driver->send_mlme == NULL)
+ return 0;
+ return hapd->driver->send_mlme(hapd->drv_priv, msg, len, noack, 0,
+ csa_offs, csa_offs_len);
}
@@ -727,6 +755,25 @@
}
+static void hostapd_get_hw_mode_any_channels(struct hostapd_data *hapd,
+ struct hostapd_hw_modes *mode,
+ int acs_ch_list_all,
+ int **freq_list)
+{
+ int i;
+
+ for (i = 0; i < mode->num_channels; i++) {
+ struct hostapd_channel_data *chan = &mode->channels[i];
+
+ if ((acs_ch_list_all ||
+ freq_range_list_includes(&hapd->iface->conf->acs_ch_list,
+ chan->chan)) &&
+ !(chan->flag & HOSTAPD_CHAN_DISABLED))
+ int_array_add_unique(freq_list, chan->freq);
+ }
+}
+
+
int hostapd_drv_do_acs(struct hostapd_data *hapd)
{
struct drv_acs_params params;
@@ -734,6 +781,7 @@
u8 *channels = NULL;
unsigned int num_channels = 0;
struct hostapd_hw_modes *mode;
+ int *freq_list = NULL;
if (hapd->driver == NULL || hapd->driver->do_acs == NULL)
return 0;
@@ -749,24 +797,35 @@
acs_ch_list_all = 1;
mode = hapd->iface->current_mode;
- if (mode == NULL)
- return -1;
- channels = os_malloc(mode->num_channels);
- if (channels == NULL)
- return -1;
+ if (mode) {
+ channels = os_malloc(mode->num_channels);
+ if (channels == NULL)
+ return -1;
- for (i = 0; i < mode->num_channels; i++) {
- struct hostapd_channel_data *chan = &mode->channels[i];
- if (!acs_ch_list_all &&
- !freq_range_list_includes(&hapd->iface->conf->acs_ch_list,
- chan->chan))
- continue;
- if (!(chan->flag & HOSTAPD_CHAN_DISABLED))
- channels[num_channels++] = chan->chan;
+ for (i = 0; i < mode->num_channels; i++) {
+ struct hostapd_channel_data *chan = &mode->channels[i];
+ if (!acs_ch_list_all &&
+ !freq_range_list_includes(
+ &hapd->iface->conf->acs_ch_list,
+ chan->chan))
+ continue;
+ if (!(chan->flag & HOSTAPD_CHAN_DISABLED)) {
+ channels[num_channels++] = chan->chan;
+ int_array_add_unique(&freq_list, chan->freq);
+ }
+ }
+ } else {
+ for (i = 0; i < hapd->iface->num_hw_features; i++) {
+ mode = &hapd->iface->hw_features[i];
+ hostapd_get_hw_mode_any_channels(hapd, mode,
+ acs_ch_list_all,
+ &freq_list);
+ }
}
params.ch_list = channels;
params.ch_list_len = num_channels;
+ params.freq_list = freq_list;
params.ht_enabled = !!(hapd->iface->conf->ieee80211n);
params.ht40_enabled = !!(hapd->iface->conf->ht_capab &
diff --git a/src/ap/ap_drv_ops.h b/src/ap/ap_drv_ops.h
index 82eaf3f..5a1e28e 100644
--- a/src/ap/ap_drv_ops.h
+++ b/src/ap/ap_drv_ops.h
@@ -88,6 +88,9 @@
const u8 *key, size_t key_len);
int hostapd_drv_send_mlme(struct hostapd_data *hapd,
const void *msg, size_t len, int noack);
+int hostapd_drv_send_mlme_csa(struct hostapd_data *hapd,
+ const void *msg, size_t len, int noack,
+ const u16 *csa_offs, size_t csa_offs_len);
int hostapd_drv_sta_deauth(struct hostapd_data *hapd,
const u8 *addr, int reason);
int hostapd_drv_sta_disassoc(struct hostapd_data *hapd,
diff --git a/src/ap/ap_list.c b/src/ap/ap_list.c
index 78a1f7c..8bf6dde 100644
--- a/src/ap/ap_list.c
+++ b/src/ap/ap_list.c
@@ -248,15 +248,12 @@
}
-static void ap_list_timer(void *eloop_ctx, void *timeout_ctx)
+void ap_list_timer(struct hostapd_iface *iface)
{
- struct hostapd_iface *iface = eloop_ctx;
struct os_reltime now;
struct ap_info *ap;
int set_beacon = 0;
- eloop_register_timeout(10, 0, ap_list_timer, iface, NULL);
-
if (!iface->ap_list)
return;
@@ -305,13 +302,11 @@
int ap_list_init(struct hostapd_iface *iface)
{
- eloop_register_timeout(10, 0, ap_list_timer, iface, NULL);
return 0;
}
void ap_list_deinit(struct hostapd_iface *iface)
{
- eloop_cancel_timeout(ap_list_timer, iface, NULL);
hostapd_free_aps(iface);
}
diff --git a/src/ap/ap_list.h b/src/ap/ap_list.h
index 93dc0ed..9e0353c 100644
--- a/src/ap/ap_list.h
+++ b/src/ap/ap_list.h
@@ -39,6 +39,7 @@
#ifdef NEED_AP_MLME
int ap_list_init(struct hostapd_iface *iface);
void ap_list_deinit(struct hostapd_iface *iface);
+void ap_list_timer(struct hostapd_iface *iface);
#else /* NEED_AP_MLME */
static inline int ap_list_init(struct hostapd_iface *iface)
{
@@ -48,6 +49,10 @@
static inline void ap_list_deinit(struct hostapd_iface *iface)
{
}
+
+static inline void ap_list_timer(struct hostapd_iface *iface)
+{
+}
#endif /* NEED_AP_MLME */
#endif /* AP_LIST_H */
diff --git a/src/ap/authsrv.c b/src/ap/authsrv.c
index f10e1b7..c9111f6 100644
--- a/src/ap/authsrv.c
+++ b/src/ap/authsrv.c
@@ -132,6 +132,7 @@
#endif /* CONFIG_HS20 */
srv.erp = conf->eap_server_erp;
srv.erp_domain = conf->erp_domain;
+ srv.tls_session_lifetime = conf->tls_session_lifetime;
hapd->radius_srv = radius_server_init(&srv);
if (hapd->radius_srv == NULL) {
@@ -151,9 +152,12 @@
if (hapd->conf->eap_server &&
(hapd->conf->ca_cert || hapd->conf->server_cert ||
hapd->conf->private_key || hapd->conf->dh_file)) {
+ struct tls_config conf;
struct tls_connection_params params;
- hapd->ssl_ctx = tls_init(NULL);
+ os_memset(&conf, 0, sizeof(conf));
+ conf.tls_session_lifetime = hapd->conf->tls_session_lifetime;
+ hapd->ssl_ctx = tls_init(&conf);
if (hapd->ssl_ctx == NULL) {
wpa_printf(MSG_ERROR, "Failed to initialize TLS");
authsrv_deinit(hapd);
@@ -189,6 +193,7 @@
if (hapd->conf->eap_sim_db) {
hapd->eap_sim_db_priv =
eap_sim_db_init(hapd->conf->eap_sim_db,
+ hapd->conf->eap_sim_db_timeout,
hostapd_sim_db_cb, hapd);
if (hapd->eap_sim_db_priv == NULL) {
wpa_printf(MSG_ERROR, "Failed to initialize EAP-SIM "
diff --git a/src/ap/beacon.c b/src/ap/beacon.c
index 51d0c15..5f65b7d 100644
--- a/src/ap/beacon.c
+++ b/src/ap/beacon.c
@@ -297,65 +297,65 @@
static u8 * hostapd_eid_csa(struct hostapd_data *hapd, u8 *eid)
{
- u8 chan;
-
- if (!hapd->cs_freq_params.freq)
+#ifdef CONFIG_TESTING_OPTIONS
+ if (hapd->iface->cs_oper_class && hapd->iconf->ecsa_ie_only)
return eid;
+#endif /* CONFIG_TESTING_OPTIONS */
- if (ieee80211_freq_to_chan(hapd->cs_freq_params.freq, &chan) ==
- NUM_HOSTAPD_MODES)
+ if (!hapd->cs_freq_params.channel)
return eid;
*eid++ = WLAN_EID_CHANNEL_SWITCH;
*eid++ = 3;
*eid++ = hapd->cs_block_tx;
- *eid++ = chan;
+ *eid++ = hapd->cs_freq_params.channel;
*eid++ = hapd->cs_count;
return eid;
}
-static u8 * hostapd_eid_secondary_channel(struct hostapd_data *hapd, u8 *eid)
+static u8 * hostapd_eid_ecsa(struct hostapd_data *hapd, u8 *eid)
{
- u8 sec_ch;
-
- if (!hapd->cs_freq_params.sec_channel_offset)
+ if (!hapd->cs_freq_params.channel || !hapd->iface->cs_oper_class)
return eid;
- if (hapd->cs_freq_params.sec_channel_offset == -1)
- sec_ch = HT_INFO_HT_PARAM_SECONDARY_CHNL_BELOW;
- else if (hapd->cs_freq_params.sec_channel_offset == 1)
- sec_ch = HT_INFO_HT_PARAM_SECONDARY_CHNL_ABOVE;
- else
- return eid;
-
- *eid++ = WLAN_EID_SECONDARY_CHANNEL_OFFSET;
- *eid++ = 1;
- *eid++ = sec_ch;
+ *eid++ = WLAN_EID_EXT_CHANSWITCH_ANN;
+ *eid++ = 4;
+ *eid++ = hapd->cs_block_tx;
+ *eid++ = hapd->iface->cs_oper_class;
+ *eid++ = hapd->cs_freq_params.channel;
+ *eid++ = hapd->cs_count;
return eid;
}
-static u8 * hostapd_add_csa_elems(struct hostapd_data *hapd, u8 *pos,
- u8 *start, unsigned int *csa_counter_off)
+static u8 * hostapd_eid_supported_op_classes(struct hostapd_data *hapd, u8 *eid)
{
- u8 *old_pos = pos;
+ u8 op_class, channel;
- if (!csa_counter_off)
- return pos;
+ if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_AP_CSA) ||
+ !hapd->iface->freq)
+ return eid;
- *csa_counter_off = 0;
- pos = hostapd_eid_csa(hapd, pos);
+ if (ieee80211_freq_to_channel_ext(hapd->iface->freq,
+ hapd->iconf->secondary_channel,
+ hapd->iconf->vht_oper_chwidth,
+ &op_class, &channel) ==
+ NUM_HOSTAPD_MODES)
+ return eid;
- if (pos != old_pos) {
- /* save an offset to the counter - should be last byte */
- *csa_counter_off = pos - start - 1;
- pos = hostapd_eid_secondary_channel(hapd, pos);
- }
+ *eid++ = WLAN_EID_SUPPORTED_OPERATING_CLASSES;
+ *eid++ = 2;
- return pos;
+ /* Current Operating Class */
+ *eid++ = op_class;
+
+ /* TODO: Advertise all the supported operating classes */
+ *eid++ = 0;
+
+ return eid;
}
@@ -364,7 +364,7 @@
int is_p2p, size_t *resp_len)
{
struct ieee80211_mgmt *resp;
- u8 *pos, *epos;
+ u8 *pos, *epos, *csa_pos;
size_t buflen;
#define MAX_PROBERESP_LEN 768
@@ -377,6 +377,10 @@
if (hapd->p2p_probe_resp_ie)
buflen += wpabuf_len(hapd->p2p_probe_resp_ie);
#endif /* CONFIG_P2P */
+#ifdef CONFIG_FST
+ if (hapd->iface->fst_ies)
+ buflen += wpabuf_len(hapd->iface->fst_ies);
+#endif /* CONFIG_FST */
if (hapd->conf->vendor_elements)
buflen += wpabuf_len(hapd->conf->vendor_elements);
if (hapd->conf->vendor_vht) {
@@ -420,6 +424,12 @@
/* Power Constraint element */
pos = hostapd_eid_pwr_constraint(hapd, pos);
+ /* CSA IE */
+ csa_pos = hostapd_eid_csa(hapd, pos);
+ if (csa_pos != pos)
+ hapd->cs_c_off_proberesp = csa_pos - (u8 *) resp - 1;
+ pos = csa_pos;
+
/* ERP Information element */
pos = hostapd_eid_erp_info(hapd, pos);
@@ -433,7 +443,19 @@
pos = hostapd_eid_rm_enabled_capab(hapd, pos, epos - pos);
+ /* eCSA IE */
+ csa_pos = hostapd_eid_ecsa(hapd, pos);
+ if (csa_pos != pos)
+ hapd->cs_c_off_ecsa_proberesp = csa_pos - (u8 *) resp - 1;
+ pos = csa_pos;
+
+ pos = hostapd_eid_supported_op_classes(hapd, pos);
+
#ifdef CONFIG_IEEE80211N
+ /* Secondary Channel Offset element */
+ /* TODO: The standard doesn't specify a position for this element. */
+ pos = hostapd_eid_secondary_channel(hapd, pos);
+
pos = hostapd_eid_ht_capabilities(hapd, pos);
pos = hostapd_eid_ht_operation(hapd, pos);
#endif /* CONFIG_IEEE80211N */
@@ -447,12 +469,19 @@
pos = hostapd_eid_adv_proto(hapd, pos);
pos = hostapd_eid_roaming_consortium(hapd, pos);
- pos = hostapd_add_csa_elems(hapd, pos, (u8 *)resp,
- &hapd->cs_c_off_proberesp);
+#ifdef CONFIG_FST
+ if (hapd->iface->fst_ies) {
+ os_memcpy(pos, wpabuf_head(hapd->iface->fst_ies),
+ wpabuf_len(hapd->iface->fst_ies));
+ pos += wpabuf_len(hapd->iface->fst_ies);
+ }
+#endif /* CONFIG_FST */
+
#ifdef CONFIG_IEEE80211AC
if (hapd->iconf->ieee80211ac && !hapd->conf->disable_11ac) {
pos = hostapd_eid_vht_capabilities(hapd, pos);
pos = hostapd_eid_vht_operation(hapd, pos);
+ pos = hostapd_eid_wb_chsw_wrapper(hapd, pos);
}
if (hapd->conf->vendor_vht)
pos = hostapd_eid_vendor_vht(hapd, pos);
@@ -524,8 +553,8 @@
pos = ssid_list;
end = ssid_list + ssid_list_len;
- while (pos + 1 <= end) {
- if (pos + 2 + pos[1] > end)
+ while (end - pos >= 1) {
+ if (2 + pos[1] > end - pos)
break;
if (pos[1] == 0)
wildcard = 1;
@@ -539,6 +568,102 @@
}
+void sta_track_expire(struct hostapd_iface *iface, int force)
+{
+ struct os_reltime now;
+ struct hostapd_sta_info *info;
+
+ if (!iface->num_sta_seen)
+ return;
+
+ os_get_reltime(&now);
+ while ((info = dl_list_first(&iface->sta_seen, struct hostapd_sta_info,
+ list))) {
+ if (!force &&
+ !os_reltime_expired(&now, &info->last_seen,
+ iface->conf->track_sta_max_age))
+ break;
+ force = 0;
+
+ wpa_printf(MSG_MSGDUMP, "%s: Expire STA tracking entry for "
+ MACSTR, iface->bss[0]->conf->iface,
+ MAC2STR(info->addr));
+ dl_list_del(&info->list);
+ iface->num_sta_seen--;
+ os_free(info);
+ }
+}
+
+
+static struct hostapd_sta_info * sta_track_get(struct hostapd_iface *iface,
+ const u8 *addr)
+{
+ struct hostapd_sta_info *info;
+
+ dl_list_for_each(info, &iface->sta_seen, struct hostapd_sta_info, list)
+ if (os_memcmp(addr, info->addr, ETH_ALEN) == 0)
+ return info;
+
+ return NULL;
+}
+
+
+void sta_track_add(struct hostapd_iface *iface, const u8 *addr)
+{
+ struct hostapd_sta_info *info;
+
+ info = sta_track_get(iface, addr);
+ if (info) {
+ /* Move the most recent entry to the end of the list */
+ dl_list_del(&info->list);
+ dl_list_add_tail(&iface->sta_seen, &info->list);
+ os_get_reltime(&info->last_seen);
+ return;
+ }
+
+ /* Add a new entry */
+ info = os_zalloc(sizeof(*info));
+ os_memcpy(info->addr, addr, ETH_ALEN);
+ os_get_reltime(&info->last_seen);
+
+ if (iface->num_sta_seen >= iface->conf->track_sta_max_num) {
+ /* Expire oldest entry to make room for a new one */
+ sta_track_expire(iface, 1);
+ }
+
+ wpa_printf(MSG_MSGDUMP, "%s: Add STA tracking entry for "
+ MACSTR, iface->bss[0]->conf->iface, MAC2STR(addr));
+ dl_list_add_tail(&iface->sta_seen, &info->list);
+ iface->num_sta_seen++;
+}
+
+
+struct hostapd_data *
+sta_track_seen_on(struct hostapd_iface *iface, const u8 *addr,
+ const char *ifname)
+{
+ struct hapd_interfaces *interfaces = iface->interfaces;
+ size_t i, j;
+
+ for (i = 0; i < interfaces->count; i++) {
+ struct hostapd_data *hapd = NULL;
+
+ iface = interfaces->iface[i];
+ for (j = 0; j < iface->num_bss; j++) {
+ hapd = iface->bss[j];
+ if (os_strcmp(ifname, hapd->conf->iface) == 0)
+ break;
+ hapd = NULL;
+ }
+
+ if (hapd && sta_track_get(iface, addr))
+ return hapd;
+ }
+
+ return NULL;
+}
+
+
void handle_probe_req(struct hostapd_data *hapd,
const struct ieee80211_mgmt *mgmt, size_t len,
int ssi_signal)
@@ -550,10 +675,15 @@
size_t i, resp_len;
int noack;
enum ssid_match_result res;
+ int ret;
+ u16 csa_offs[2];
+ size_t csa_offs_len;
ie = mgmt->u.probe_req.variable;
if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.probe_req))
return;
+ if (hapd->iconf->track_sta_max_num)
+ sta_track_add(hapd->iface, mgmt->sa);
ie_len = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.probe_req));
for (i = 0; hapd->probereq_cb && i < hapd->num_probereq_cb; i++)
@@ -702,6 +832,29 @@
/* TODO: verify that supp_rates contains at least one matching rate
* with AP configuration */
+ if (hapd->conf->no_probe_resp_if_seen_on &&
+ is_multicast_ether_addr(mgmt->da) &&
+ is_multicast_ether_addr(mgmt->bssid) &&
+ sta_track_seen_on(hapd->iface, mgmt->sa,
+ hapd->conf->no_probe_resp_if_seen_on)) {
+ wpa_printf(MSG_MSGDUMP, "%s: Ignore Probe Request from " MACSTR
+ " since STA has been seen on %s",
+ hapd->conf->iface, MAC2STR(mgmt->sa),
+ hapd->conf->no_probe_resp_if_seen_on);
+ return;
+ }
+
+ if (hapd->conf->no_probe_resp_if_max_sta &&
+ is_multicast_ether_addr(mgmt->da) &&
+ is_multicast_ether_addr(mgmt->bssid) &&
+ hapd->num_sta >= hapd->conf->max_num_sta &&
+ !ap_get_sta(hapd, mgmt->sa)) {
+ wpa_printf(MSG_MSGDUMP, "%s: Ignore Probe Request from " MACSTR
+ " since no room for additional STA",
+ hapd->conf->iface, MAC2STR(mgmt->sa));
+ return;
+ }
+
#ifdef CONFIG_TESTING_OPTIONS
if (hapd->iconf->ignore_probe_probability > 0.0 &&
drand48() < hapd->iconf->ignore_probe_probability) {
@@ -724,7 +877,22 @@
noack = !!(res == WILDCARD_SSID_MATCH &&
is_broadcast_ether_addr(mgmt->da));
- if (hostapd_drv_send_mlme(hapd, resp, resp_len, noack) < 0)
+ csa_offs_len = 0;
+ if (hapd->csa_in_progress) {
+ if (hapd->cs_c_off_proberesp)
+ csa_offs[csa_offs_len++] =
+ hapd->cs_c_off_proberesp;
+
+ if (hapd->cs_c_off_ecsa_proberesp)
+ csa_offs[csa_offs_len++] =
+ hapd->cs_c_off_ecsa_proberesp;
+ }
+
+ ret = hostapd_drv_send_mlme_csa(hapd, resp, resp_len, noack,
+ csa_offs_len ? csa_offs : NULL,
+ csa_offs_len);
+
+ if (ret < 0)
wpa_printf(MSG_INFO, "handle_probe_req: send failed");
os_free(resp);
@@ -783,7 +951,7 @@
size_t resp_len = 0;
#ifdef NEED_AP_MLME
u16 capab_info;
- u8 *pos, *tailpos;
+ u8 *pos, *tailpos, *csa_pos;
#define BEACON_HEAD_BUF_SIZE 256
#define BEACON_TAIL_BUF_SIZE 512
@@ -797,6 +965,10 @@
if (hapd->p2p_beacon_ie)
tail_len += wpabuf_len(hapd->p2p_beacon_ie);
#endif /* CONFIG_P2P */
+#ifdef CONFIG_FST
+ if (hapd->iface->fst_ies)
+ tail_len += wpabuf_len(hapd->iface->fst_ies);
+#endif /* CONFIG_FST */
if (hapd->conf->vendor_elements)
tail_len += wpabuf_len(hapd->conf->vendor_elements);
@@ -860,6 +1032,12 @@
/* Power Constraint element */
tailpos = hostapd_eid_pwr_constraint(hapd, tailpos);
+ /* CSA IE */
+ csa_pos = hostapd_eid_csa(hapd, tailpos);
+ if (csa_pos != tailpos)
+ hapd->cs_c_off_beacon = csa_pos - tail - 1;
+ tailpos = csa_pos;
+
/* ERP Information element */
tailpos = hostapd_eid_erp_info(hapd, tailpos);
@@ -877,7 +1055,19 @@
tailpos = hostapd_eid_bss_load(hapd, tailpos,
tail + BEACON_TAIL_BUF_SIZE - tailpos);
+ /* eCSA IE */
+ csa_pos = hostapd_eid_ecsa(hapd, tailpos);
+ if (csa_pos != tailpos)
+ hapd->cs_c_off_ecsa_beacon = csa_pos - tail - 1;
+ tailpos = csa_pos;
+
+ tailpos = hostapd_eid_supported_op_classes(hapd, tailpos);
+
#ifdef CONFIG_IEEE80211N
+ /* Secondary Channel Offset element */
+ /* TODO: The standard doesn't specify a position for this element. */
+ tailpos = hostapd_eid_secondary_channel(hapd, tailpos);
+
tailpos = hostapd_eid_ht_capabilities(hapd, tailpos);
tailpos = hostapd_eid_ht_operation(hapd, tailpos);
#endif /* CONFIG_IEEE80211N */
@@ -893,12 +1083,20 @@
tailpos = hostapd_eid_interworking(hapd, tailpos);
tailpos = hostapd_eid_adv_proto(hapd, tailpos);
tailpos = hostapd_eid_roaming_consortium(hapd, tailpos);
- tailpos = hostapd_add_csa_elems(hapd, tailpos, tail,
- &hapd->cs_c_off_beacon);
+
+#ifdef CONFIG_FST
+ if (hapd->iface->fst_ies) {
+ os_memcpy(tailpos, wpabuf_head(hapd->iface->fst_ies),
+ wpabuf_len(hapd->iface->fst_ies));
+ tailpos += wpabuf_len(hapd->iface->fst_ies);
+ }
+#endif /* CONFIG_FST */
+
#ifdef CONFIG_IEEE80211AC
if (hapd->iconf->ieee80211ac && !hapd->conf->disable_11ac) {
tailpos = hostapd_eid_vht_capabilities(hapd, tailpos);
tailpos = hostapd_eid_vht_operation(hapd, tailpos);
+ tailpos = hostapd_eid_wb_chsw_wrapper(hapd, tailpos);
}
if (hapd->conf->vendor_vht)
tailpos = hostapd_eid_vendor_vht(hapd, tailpos);
diff --git a/src/ap/beacon.h b/src/ap/beacon.h
index 722159a..d98f42e 100644
--- a/src/ap/beacon.h
+++ b/src/ap/beacon.h
@@ -21,5 +21,10 @@
int ieee802_11_build_ap_params(struct hostapd_data *hapd,
struct wpa_driver_ap_params *params);
void ieee802_11_free_ap_params(struct wpa_driver_ap_params *params);
+void sta_track_add(struct hostapd_iface *iface, const u8 *addr);
+void sta_track_expire(struct hostapd_iface *iface, int force);
+struct hostapd_data *
+sta_track_seen_on(struct hostapd_iface *iface, const u8 *addr,
+ const char *ifname);
#endif /* BEACON_H */
diff --git a/src/ap/ctrl_iface_ap.c b/src/ap/ctrl_iface_ap.c
index 60afcb0..c98978f 100644
--- a/src/ap/ctrl_iface_ap.c
+++ b/src/ap/ctrl_iface_ap.c
@@ -12,6 +12,7 @@
#include "common/ieee802_11_defs.h"
#include "common/sae.h"
#include "eapol_auth/eapol_auth_sm.h"
+#include "fst/fst_ctrl_iface.h"
#include "hostapd.h"
#include "ieee802_1x.h"
#include "wpa_auth.h"
@@ -206,7 +207,10 @@
return -1;
}
- return hostapd_ctrl_iface_sta_mib(hapd, sta, buf, buflen);
+ ret = hostapd_ctrl_iface_sta_mib(hapd, sta, buf, buflen);
+ ret += fst_ctrl_iface_mb_info(addr, buf + ret, buflen - ret);
+
+ return ret;
}
diff --git a/src/ap/dfs.c b/src/ap/dfs.c
index 715f19b..7273caa 100644
--- a/src/ap/dfs.c
+++ b/src/ap/dfs.c
@@ -817,16 +817,6 @@
}
-static int hostapd_csa_in_progress(struct hostapd_iface *iface)
-{
- unsigned int i;
- for (i = 0; i < iface->num_bss; i++)
- if (iface->bss[i]->csa_in_progress)
- return 1;
- return 0;
-}
-
-
static int hostapd_dfs_start_channel_switch(struct hostapd_iface *iface)
{
struct hostapd_channel_data *channel;
diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
index 6ecd094..37537b3 100644
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -18,6 +18,7 @@
#include "crypto/random.h"
#include "p2p/p2p.h"
#include "wps/wps.h"
+#include "fst/fst.h"
#include "wnm_ap.h"
#include "hostapd.h"
#include "ieee802_11.h"
@@ -42,10 +43,10 @@
struct ieee802_11_elems elems;
const u8 *ie;
size_t ielen;
-#ifdef CONFIG_IEEE80211R
+#if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W)
u8 buf[sizeof(struct ieee80211_mgmt) + 1024];
u8 *p = buf;
-#endif /* CONFIG_IEEE80211R */
+#endif /* CONFIG_IEEE80211R || CONFIG_IEEE80211W */
u16 reason = WLAN_REASON_UNSPECIFIED;
u16 status = WLAN_STATUS_SUCCESS;
const u8 *p2p_dev_addr = NULL;
@@ -58,8 +59,8 @@
* running, so better make sure we stop processing such an
* event here.
*/
- wpa_printf(MSG_DEBUG, "hostapd_notif_assoc: Skip event with "
- "no address");
+ wpa_printf(MSG_DEBUG,
+ "hostapd_notif_assoc: Skip event with no address");
return -1;
}
random_add_randomness(addr, ETH_ALEN);
@@ -89,8 +90,8 @@
} else {
ie = NULL;
ielen = 0;
- wpa_printf(MSG_DEBUG, "STA did not include WPS/RSN/WPA IE in "
- "(Re)AssocReq");
+ wpa_printf(MSG_DEBUG,
+ "STA did not include WPS/RSN/WPA IE in (Re)AssocReq");
}
sta = ap_get_sta(hapd, addr);
@@ -155,13 +156,20 @@
sta->hs20_ie = NULL;
#endif /* CONFIG_HS20 */
+#ifdef CONFIG_FST
+ wpabuf_free(sta->mb_ies);
+ if (hapd->iface->fst)
+ sta->mb_ies = mb_ies_by_info(&elems.mb_ies);
+ else
+ sta->mb_ies = NULL;
+#endif /* CONFIG_FST */
+
if (hapd->conf->wpa) {
if (ie == NULL || ielen == 0) {
#ifdef CONFIG_WPS
if (hapd->conf->wps_state) {
- wpa_printf(MSG_DEBUG, "STA did not include "
- "WPA/RSN IE in (Re)Association "
- "Request - possible WPS use");
+ wpa_printf(MSG_DEBUG,
+ "STA did not include WPA/RSN IE in (Re)Association Request - possible WPS use");
sta->flags |= WLAN_STA_MAYBE_WPS;
goto skip_wpa_check;
}
@@ -174,13 +182,14 @@
if (hapd->conf->wps_state && ie[0] == 0xdd && ie[1] >= 4 &&
os_memcmp(ie + 2, "\x00\x50\xf2\x04", 4) == 0) {
struct wpabuf *wps;
+
sta->flags |= WLAN_STA_WPS;
wps = ieee802_11_vendor_ie_concat(ie, ielen,
WPS_IE_VENDOR_TYPE);
if (wps) {
if (wps_is_20(wps)) {
- wpa_printf(MSG_DEBUG, "WPS: STA "
- "supports WPS 2.0");
+ wpa_printf(MSG_DEBUG,
+ "WPS: STA supports WPS 2.0");
sta->flags |= WLAN_STA_WPS2;
}
wpabuf_free(wps);
@@ -194,16 +203,17 @@
sta->addr,
p2p_dev_addr);
if (sta->wpa_sm == NULL) {
- wpa_printf(MSG_ERROR, "Failed to initialize WPA state "
- "machine");
+ wpa_printf(MSG_ERROR,
+ "Failed to initialize WPA state machine");
return -1;
}
res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm,
ie, ielen,
elems.mdie, elems.mdie_len);
if (res != WPA_IE_OK) {
- wpa_printf(MSG_DEBUG, "WPA/RSN information element "
- "rejected? (res %u)", res);
+ wpa_printf(MSG_DEBUG,
+ "WPA/RSN information element rejected? (res %u)",
+ res);
wpa_hexdump(MSG_DEBUG, "IE", ie, ielen);
if (res == WPA_INVALID_GROUP) {
reason = WLAN_REASON_GROUP_CIPHER_NOT_VALID;
@@ -246,14 +256,12 @@
if (sta->sa_query_count == 0)
ap_sta_start_sa_query(hapd, sta);
-#ifdef CONFIG_IEEE80211R
status = WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY;
p = hostapd_eid_assoc_comeback_time(hapd, sta, p);
hostapd_sta_assoc(hapd, addr, reassoc, status, buf,
p - buf);
-#endif /* CONFIG_IEEE80211R */
return 0;
}
@@ -281,6 +289,7 @@
} else if (hapd->conf->wps_state) {
#ifdef CONFIG_WPS
struct wpabuf *wps;
+
if (req_ies)
wps = ieee802_11_vendor_ie_concat(req_ies, req_ies_len,
WPS_IE_VENDOR_TYPE);
@@ -297,8 +306,8 @@
if (wps) {
sta->flags |= WLAN_STA_WPS;
if (wps_is_20(wps)) {
- wpa_printf(MSG_DEBUG, "WPS: STA supports "
- "WPS 2.0");
+ wpa_printf(MSG_DEBUG,
+ "WPS: STA supports WPS 2.0");
sta->flags |= WLAN_STA_WPS2;
}
} else
@@ -320,8 +329,8 @@
sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
sta->addr, NULL);
if (sta->wpa_sm == NULL) {
- wpa_printf(MSG_WARNING, "Failed to initialize WPA "
- "state machine");
+ wpa_printf(MSG_WARNING,
+ "Failed to initialize WPA state machine");
return WLAN_STATUS_UNSPECIFIED_FAILURE;
}
if (wpa_validate_osen(hapd->wpa_auth, sta->wpa_sm,
@@ -393,8 +402,8 @@
* was running, so better make sure we stop processing such an
* event here.
*/
- wpa_printf(MSG_DEBUG, "hostapd_notif_disassoc: Skip event "
- "with no address");
+ wpa_printf(MSG_DEBUG,
+ "hostapd_notif_disassoc: Skip event with no address");
return;
}
@@ -403,8 +412,9 @@
sta = ap_get_sta(hapd, addr);
if (sta == NULL) {
- wpa_printf(MSG_DEBUG, "Disassociation notification for "
- "unknown STA " MACSTR, MAC2STR(addr));
+ wpa_printf(MSG_DEBUG,
+ "Disassociation notification for unknown STA "
+ MACSTR, MAC2STR(addr));
return;
}
@@ -425,8 +435,8 @@
return;
hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
- HOSTAPD_LEVEL_INFO, "disconnected due to excessive "
- "missing ACKs");
+ HOSTAPD_LEVEL_INFO,
+ "disconnected due to excessive missing ACKs");
hostapd_drv_sta_disassoc(hapd, addr, WLAN_REASON_DISASSOC_LOW_ACK);
if (sta)
ap_sta_disassociate(hapd, sta, WLAN_REASON_DISASSOC_LOW_ACK);
@@ -437,7 +447,8 @@
int offset, int width, int cf1, int cf2)
{
#ifdef NEED_AP_MLME
- int channel, chwidth, seg0_idx = 0, seg1_idx = 0, is_dfs;
+ int channel, chwidth, is_dfs;
+ u8 seg0_idx = 0, seg1_idx = 0;
hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE80211,
HOSTAPD_LEVEL_INFO,
@@ -450,8 +461,8 @@
channel = hostapd_hw_get_channel(hapd, freq);
if (!channel) {
hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE80211,
- HOSTAPD_LEVEL_WARNING, "driver switched to "
- "bad channel!");
+ HOSTAPD_LEVEL_WARNING,
+ "driver switched to bad channel!");
return;
}
@@ -481,8 +492,8 @@
seg1_idx = (cf2 - 5000) / 5;
break;
default:
- seg0_idx = hostapd_hw_get_channel(hapd, cf1);
- seg1_idx = hostapd_hw_get_channel(hapd, cf2);
+ ieee80211_freq_to_chan(cf1, &seg0_idx);
+ ieee80211_freq_to_chan(cf2, &seg1_idx);
break;
}
@@ -688,8 +699,8 @@
sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
sta->addr, NULL);
if (sta->wpa_sm == NULL) {
- wpa_printf(MSG_DEBUG, "FT: Failed to initialize WPA "
- "state machine");
+ wpa_printf(MSG_DEBUG,
+ "FT: Failed to initialize WPA state machine");
status = WLAN_STATUS_UNSPECIFIED_FAILURE;
goto fail;
}
@@ -724,7 +735,7 @@
if (WLAN_FC_GET_STYPE(fc) != WLAN_FC_STYPE_ACTION)
return; /* handled by the driver */
- wpa_printf(MSG_DEBUG, "RX_ACTION cat %d action plen %d",
+ wpa_printf(MSG_DEBUG, "RX_ACTION cat %d action plen %d",
mgmt->u.action.category, (int) plen);
sta = ap_get_sta(hapd, mgmt->sa);
@@ -735,6 +746,7 @@
#ifdef CONFIG_IEEE80211R
if (mgmt->u.action.category == WLAN_ACTION_FT) {
const u8 *payload = drv_mgmt->frame + 24 + 1;
+
wpa_ft_action_rx(sta->wpa_sm, payload, plen);
}
#endif /* CONFIG_IEEE80211R */
@@ -751,6 +763,13 @@
ieee802_11_rx_wnm_action_ap(hapd, mgmt, drv_mgmt->frame_len);
}
#endif /* CONFIG_WNM */
+#ifdef CONFIG_FST
+ if (mgmt->u.action.category == WLAN_ACTION_FST && hapd->iface->fst) {
+ fst_rx_action(hapd->iface->fst, mgmt, drv_mgmt->frame_len);
+ return;
+ }
+#endif /* CONFIG_FST */
+
}
@@ -802,6 +821,7 @@
if (hapd->ext_mgmt_frame_handling) {
size_t hex_len = 2 * rx_mgmt->frame_len + 1;
char *hex = os_malloc(hex_len);
+
if (hex) {
wpa_snprintf_hex(hex, hex_len, rx_mgmt->frame,
rx_mgmt->frame_len);
@@ -819,8 +839,7 @@
hapd = get_hapd_bssid(iface, bssid);
if (hapd == NULL) {
- u16 fc;
- fc = le_to_host16(hdr->frame_control);
+ u16 fc = le_to_host16(hdr->frame_control);
/*
* Drop frames to unknown BSSIDs except for Beacon frames which
@@ -839,6 +858,7 @@
if (hapd == HAPD_BROADCAST) {
size_t i;
+
ret = 0;
for (i = 0; i < iface->num_bss; i++) {
/* if bss is set, driver will call this function for
@@ -865,6 +885,7 @@
size_t len, u16 stype, int ok)
{
struct ieee80211_hdr *hdr;
+
hdr = (struct ieee80211_hdr *) buf;
hapd = get_hapd_bssid(hapd->iface, get_hdr_bssid(hdr, len));
if (hapd == NULL || hapd == HAPD_BROADCAST)
@@ -878,6 +899,7 @@
static int hostapd_event_new_sta(struct hostapd_data *hapd, const u8 *addr)
{
struct sta_info *sta = ap_get_sta(hapd, addr);
+
if (sta)
return 0;
@@ -904,11 +926,10 @@
size_t j;
for (j = 0; j < iface->num_bss; j++) {
- if ((sta = ap_get_sta(iface->bss[j], src))) {
- if (sta->flags & WLAN_STA_ASSOC) {
- hapd = iface->bss[j];
- break;
- }
+ sta = ap_get_sta(iface->bss[j], src);
+ if (sta && sta->flags & WLAN_STA_ASSOC) {
+ hapd = iface->bss[j];
+ break;
}
}
@@ -968,7 +989,8 @@
if (!chan || chan->flag & HOSTAPD_CHAN_DISABLED)
return;
- wpa_printf(MSG_DEBUG, "Single Channel Survey: (freq=%d channel_time=%ld channel_time_busy=%ld)",
+ wpa_printf(MSG_DEBUG,
+ "Single Channel Survey: (freq=%d channel_time=%ld channel_time_busy=%ld)",
survey->freq,
(unsigned long int) survey->channel_time,
(unsigned long int) survey->channel_time_busy);
@@ -1102,6 +1124,7 @@
data->rx_mgmt.frame_len >= 24) {
const struct ieee80211_hdr *hdr;
u16 fc;
+
hdr = (const struct ieee80211_hdr *) data->rx_mgmt.frame;
fc = le_to_host16(hdr->frame_control);
if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
diff --git a/src/ap/gas_serv.c b/src/ap/gas_serv.c
index 9d19f98..4bcdf6f 100644
--- a/src/ap/gas_serv.c
+++ b/src/ap/gas_serv.c
@@ -167,27 +167,107 @@
#endif /* CONFIG_HS20 */
+static struct anqp_element * get_anqp_elem(struct hostapd_data *hapd,
+ u16 infoid)
+{
+ struct anqp_element *elem;
+
+ dl_list_for_each(elem, &hapd->conf->anqp_elem, struct anqp_element,
+ list) {
+ if (elem->infoid == infoid)
+ return elem;
+ }
+
+ return NULL;
+}
+
+
+static void anqp_add_elem(struct hostapd_data *hapd, struct wpabuf *buf,
+ u16 infoid)
+{
+ struct anqp_element *elem;
+
+ elem = get_anqp_elem(hapd, infoid);
+ if (!elem)
+ return;
+ if (wpabuf_tailroom(buf) < 2 + 2 + wpabuf_len(elem->payload)) {
+ wpa_printf(MSG_DEBUG, "ANQP: No room for InfoID %u payload",
+ infoid);
+ return;
+ }
+
+ wpabuf_put_le16(buf, infoid);
+ wpabuf_put_le16(buf, wpabuf_len(elem->payload));
+ wpabuf_put_buf(buf, elem->payload);
+}
+
+
+static int anqp_add_override(struct hostapd_data *hapd, struct wpabuf *buf,
+ u16 infoid)
+{
+ if (get_anqp_elem(hapd, infoid)) {
+ anqp_add_elem(hapd, buf, infoid);
+ return 1;
+ }
+
+ return 0;
+}
+
+
static void anqp_add_capab_list(struct hostapd_data *hapd,
struct wpabuf *buf)
{
u8 *len;
+ u16 id;
+
+ if (anqp_add_override(hapd, buf, ANQP_CAPABILITY_LIST))
+ return;
len = gas_anqp_add_element(buf, ANQP_CAPABILITY_LIST);
wpabuf_put_le16(buf, ANQP_CAPABILITY_LIST);
- if (hapd->conf->venue_name)
+ if (hapd->conf->venue_name || get_anqp_elem(hapd, ANQP_VENUE_NAME))
wpabuf_put_le16(buf, ANQP_VENUE_NAME);
- if (hapd->conf->network_auth_type)
+ if (get_anqp_elem(hapd, ANQP_EMERGENCY_CALL_NUMBER))
+ wpabuf_put_le16(buf, ANQP_EMERGENCY_CALL_NUMBER);
+ if (hapd->conf->network_auth_type ||
+ get_anqp_elem(hapd, ANQP_NETWORK_AUTH_TYPE))
wpabuf_put_le16(buf, ANQP_NETWORK_AUTH_TYPE);
- if (hapd->conf->roaming_consortium)
+ if (hapd->conf->roaming_consortium ||
+ get_anqp_elem(hapd, ANQP_ROAMING_CONSORTIUM))
wpabuf_put_le16(buf, ANQP_ROAMING_CONSORTIUM);
- if (hapd->conf->ipaddr_type_configured)
+ if (hapd->conf->ipaddr_type_configured ||
+ get_anqp_elem(hapd, ANQP_IP_ADDR_TYPE_AVAILABILITY))
wpabuf_put_le16(buf, ANQP_IP_ADDR_TYPE_AVAILABILITY);
- if (hapd->conf->nai_realm_data)
+ if (hapd->conf->nai_realm_data ||
+ get_anqp_elem(hapd, ANQP_NAI_REALM))
wpabuf_put_le16(buf, ANQP_NAI_REALM);
- if (hapd->conf->anqp_3gpp_cell_net)
+ if (hapd->conf->anqp_3gpp_cell_net ||
+ get_anqp_elem(hapd, ANQP_3GPP_CELLULAR_NETWORK))
wpabuf_put_le16(buf, ANQP_3GPP_CELLULAR_NETWORK);
- if (hapd->conf->domain_name)
+ if (get_anqp_elem(hapd, ANQP_AP_GEOSPATIAL_LOCATION))
+ wpabuf_put_le16(buf, ANQP_AP_GEOSPATIAL_LOCATION);
+ if (get_anqp_elem(hapd, ANQP_AP_CIVIC_LOCATION))
+ wpabuf_put_le16(buf, ANQP_AP_CIVIC_LOCATION);
+ if (get_anqp_elem(hapd, ANQP_AP_LOCATION_PUBLIC_URI))
+ wpabuf_put_le16(buf, ANQP_AP_LOCATION_PUBLIC_URI);
+ if (hapd->conf->domain_name || get_anqp_elem(hapd, ANQP_DOMAIN_NAME))
wpabuf_put_le16(buf, ANQP_DOMAIN_NAME);
+ if (get_anqp_elem(hapd, ANQP_EMERGENCY_ALERT_URI))
+ wpabuf_put_le16(buf, ANQP_EMERGENCY_ALERT_URI);
+ if (get_anqp_elem(hapd, ANQP_EMERGENCY_NAI))
+ wpabuf_put_le16(buf, ANQP_EMERGENCY_NAI);
+ if (get_anqp_elem(hapd, ANQP_NEIGHBOR_REPORT))
+ wpabuf_put_le16(buf, ANQP_NEIGHBOR_REPORT);
+ for (id = 273; id < 277; id++) {
+ if (get_anqp_elem(hapd, id))
+ wpabuf_put_le16(buf, id);
+ }
+ if (get_anqp_elem(hapd, ANQP_VENUE_URL))
+ wpabuf_put_le16(buf, ANQP_VENUE_URL);
+ if (get_anqp_elem(hapd, ANQP_ADVICE_OF_CHARGE))
+ wpabuf_put_le16(buf, ANQP_ADVICE_OF_CHARGE);
+ if (get_anqp_elem(hapd, ANQP_LOCAL_CONTENT))
+ wpabuf_put_le16(buf, ANQP_LOCAL_CONTENT);
#ifdef CONFIG_HS20
anqp_add_hs_capab_list(hapd, buf);
#endif /* CONFIG_HS20 */
@@ -197,6 +277,9 @@
static void anqp_add_venue_name(struct hostapd_data *hapd, struct wpabuf *buf)
{
+ if (anqp_add_override(hapd, buf, ANQP_VENUE_NAME))
+ return;
+
if (hapd->conf->venue_name) {
u8 *len;
unsigned int i;
@@ -218,6 +301,9 @@
static void anqp_add_network_auth_type(struct hostapd_data *hapd,
struct wpabuf *buf)
{
+ if (anqp_add_override(hapd, buf, ANQP_NETWORK_AUTH_TYPE))
+ return;
+
if (hapd->conf->network_auth_type) {
wpabuf_put_le16(buf, ANQP_NETWORK_AUTH_TYPE);
wpabuf_put_le16(buf, hapd->conf->network_auth_type_len);
@@ -233,6 +319,9 @@
unsigned int i;
u8 *len;
+ if (anqp_add_override(hapd, buf, ANQP_ROAMING_CONSORTIUM))
+ return;
+
len = gas_anqp_add_element(buf, ANQP_ROAMING_CONSORTIUM);
for (i = 0; i < hapd->conf->roaming_consortium_count; i++) {
struct hostapd_roaming_consortium *rc;
@@ -247,6 +336,9 @@
static void anqp_add_ip_addr_type_availability(struct hostapd_data *hapd,
struct wpabuf *buf)
{
+ if (anqp_add_override(hapd, buf, ANQP_IP_ADDR_TYPE_AVAILABILITY))
+ return;
+
if (hapd->conf->ipaddr_type_configured) {
wpabuf_put_le16(buf, ANQP_IP_ADDR_TYPE_AVAILABILITY);
wpabuf_put_le16(buf, 1);
@@ -309,7 +401,7 @@
pos = home_realm;
end = pos + home_realm_len;
- if (pos + 1 > end) {
+ if (end - pos < 1) {
wpa_hexdump(MSG_DEBUG, "Too short NAI Home Realm Query",
home_realm, home_realm_len);
return -1;
@@ -317,7 +409,7 @@
num_realms = *pos++;
for (i = 0; i < num_realms && num_matching < 10; i++) {
- if (pos + 2 > end) {
+ if (end - pos < 2) {
wpa_hexdump(MSG_DEBUG,
"Truncated NAI Home Realm Query",
home_realm, home_realm_len);
@@ -325,7 +417,7 @@
}
encoding = *pos++;
realm_len = *pos++;
- if (pos + realm_len > end) {
+ if (realm_len > end - pos) {
wpa_hexdump(MSG_DEBUG,
"Truncated NAI Home Realm Query",
home_realm, home_realm_len);
@@ -391,6 +483,10 @@
const u8 *home_realm, size_t home_realm_len,
int nai_realm, int nai_home_realm)
{
+ if (nai_realm && !nai_home_realm &&
+ anqp_add_override(hapd, buf, ANQP_NAI_REALM))
+ return;
+
if (nai_realm && hapd->conf->nai_realm_data) {
u8 *len;
unsigned int i, j;
@@ -424,6 +520,9 @@
static void anqp_add_3gpp_cellular_network(struct hostapd_data *hapd,
struct wpabuf *buf)
{
+ if (anqp_add_override(hapd, buf, ANQP_3GPP_CELLULAR_NETWORK))
+ return;
+
if (hapd->conf->anqp_3gpp_cell_net) {
wpabuf_put_le16(buf, ANQP_3GPP_CELLULAR_NETWORK);
wpabuf_put_le16(buf,
@@ -436,6 +535,9 @@
static void anqp_add_domain_name(struct hostapd_data *hapd, struct wpabuf *buf)
{
+ if (anqp_add_override(hapd, buf, ANQP_DOMAIN_NAME))
+ return;
+
if (hapd->conf->domain_name) {
wpabuf_put_le16(buf, ANQP_DOMAIN_NAME);
wpabuf_put_le16(buf, hapd->conf->domain_name_len);
@@ -687,16 +789,20 @@
gas_serv_build_gas_resp_payload(struct hostapd_data *hapd,
unsigned int request,
const u8 *home_realm, size_t home_realm_len,
- const u8 *icon_name, size_t icon_name_len)
+ const u8 *icon_name, size_t icon_name_len,
+ const u16 *extra_req,
+ unsigned int num_extra_req)
{
struct wpabuf *buf;
size_t len;
+ unsigned int i;
len = 1400;
if (request & (ANQP_REQ_NAI_REALM | ANQP_REQ_NAI_HOME_REALM))
len += 1000;
if (request & ANQP_REQ_ICON_REQUEST)
len += 65536;
+ len += num_extra_req * 1000;
buf = wpabuf_alloc(len);
if (buf == NULL)
@@ -706,6 +812,8 @@
anqp_add_capab_list(hapd, buf);
if (request & ANQP_REQ_VENUE_NAME)
anqp_add_venue_name(hapd, buf);
+ if (request & ANQP_REQ_EMERGENCY_CALL_NUMBER)
+ anqp_add_elem(hapd, buf, ANQP_EMERGENCY_CALL_NUMBER);
if (request & ANQP_REQ_NETWORK_AUTH_TYPE)
anqp_add_network_auth_type(hapd, buf);
if (request & ANQP_REQ_ROAMING_CONSORTIUM)
@@ -718,8 +826,23 @@
request & ANQP_REQ_NAI_HOME_REALM);
if (request & ANQP_REQ_3GPP_CELLULAR_NETWORK)
anqp_add_3gpp_cellular_network(hapd, buf);
+ if (request & ANQP_REQ_AP_GEOSPATIAL_LOCATION)
+ anqp_add_elem(hapd, buf, ANQP_AP_GEOSPATIAL_LOCATION);
+ if (request & ANQP_REQ_AP_CIVIC_LOCATION)
+ anqp_add_elem(hapd, buf, ANQP_AP_CIVIC_LOCATION);
+ if (request & ANQP_REQ_AP_LOCATION_PUBLIC_URI)
+ anqp_add_elem(hapd, buf, ANQP_AP_LOCATION_PUBLIC_URI);
if (request & ANQP_REQ_DOMAIN_NAME)
anqp_add_domain_name(hapd, buf);
+ if (request & ANQP_REQ_EMERGENCY_ALERT_URI)
+ anqp_add_elem(hapd, buf, ANQP_EMERGENCY_ALERT_URI);
+ if (request & ANQP_REQ_TDLS_CAPABILITY)
+ anqp_add_elem(hapd, buf, ANQP_TDLS_CAPABILITY);
+ if (request & ANQP_REQ_EMERGENCY_NAI)
+ anqp_add_elem(hapd, buf, ANQP_EMERGENCY_NAI);
+
+ for (i = 0; i < num_extra_req; i++)
+ anqp_add_elem(hapd, buf, extra_req[i]);
#ifdef CONFIG_HS20
if (request & ANQP_REQ_HS_CAPABILITY_LIST)
@@ -742,6 +865,8 @@
}
+#define ANQP_MAX_EXTRA_REQ 20
+
struct anqp_query_info {
unsigned int request;
const u8 *home_realm_query;
@@ -749,6 +874,8 @@
const u8 *icon_name;
size_t icon_name_len;
int p2p_sd;
+ u16 extra_req[ANQP_MAX_EXTRA_REQ];
+ unsigned int num_extra_req;
};
@@ -776,6 +903,11 @@
set_anqp_req(ANQP_REQ_VENUE_NAME, "Venue Name",
hapd->conf->venue_name != NULL, qi);
break;
+ case ANQP_EMERGENCY_CALL_NUMBER:
+ set_anqp_req(ANQP_REQ_EMERGENCY_CALL_NUMBER,
+ "Emergency Call Number",
+ get_anqp_elem(hapd, info_id) != NULL, qi);
+ break;
case ANQP_NETWORK_AUTH_TYPE:
set_anqp_req(ANQP_REQ_NETWORK_AUTH_TYPE, "Network Auth Type",
hapd->conf->network_auth_type != NULL, qi);
@@ -798,13 +930,55 @@
"3GPP Cellular Network",
hapd->conf->anqp_3gpp_cell_net != NULL, qi);
break;
+ case ANQP_AP_GEOSPATIAL_LOCATION:
+ set_anqp_req(ANQP_REQ_AP_GEOSPATIAL_LOCATION,
+ "AP Geospatial Location",
+ get_anqp_elem(hapd, info_id) != NULL, qi);
+ break;
+ case ANQP_AP_CIVIC_LOCATION:
+ set_anqp_req(ANQP_REQ_AP_CIVIC_LOCATION,
+ "AP Civic Location",
+ get_anqp_elem(hapd, info_id) != NULL, qi);
+ break;
+ case ANQP_AP_LOCATION_PUBLIC_URI:
+ set_anqp_req(ANQP_REQ_AP_LOCATION_PUBLIC_URI,
+ "AP Location Public URI",
+ get_anqp_elem(hapd, info_id) != NULL, qi);
+ break;
case ANQP_DOMAIN_NAME:
set_anqp_req(ANQP_REQ_DOMAIN_NAME, "Domain Name",
hapd->conf->domain_name != NULL, qi);
break;
+ case ANQP_EMERGENCY_ALERT_URI:
+ set_anqp_req(ANQP_REQ_EMERGENCY_ALERT_URI,
+ "Emergency Alert URI",
+ get_anqp_elem(hapd, info_id) != NULL, qi);
+ break;
+ case ANQP_TDLS_CAPABILITY:
+ set_anqp_req(ANQP_REQ_TDLS_CAPABILITY,
+ "TDLS Capability",
+ get_anqp_elem(hapd, info_id) != NULL, qi);
+ break;
+ case ANQP_EMERGENCY_NAI:
+ set_anqp_req(ANQP_REQ_EMERGENCY_NAI,
+ "Emergency NAI",
+ get_anqp_elem(hapd, info_id) != NULL, qi);
+ break;
default:
- wpa_printf(MSG_DEBUG, "ANQP: Unsupported Info Id %u",
- info_id);
+ if (!get_anqp_elem(hapd, info_id)) {
+ wpa_printf(MSG_DEBUG, "ANQP: Unsupported Info Id %u",
+ info_id);
+ break;
+ }
+ if (qi->num_extra_req == ANQP_MAX_EXTRA_REQ) {
+ wpa_printf(MSG_DEBUG,
+ "ANQP: No more room for extra requests - ignore Info Id %u",
+ info_id);
+ break;
+ }
+ wpa_printf(MSG_DEBUG, "ANQP: Info Id %u (local)", info_id);
+ qi->extra_req[qi->num_extra_req] = info_id;
+ qi->num_extra_req++;
break;
}
}
@@ -817,7 +991,7 @@
wpa_printf(MSG_DEBUG, "ANQP: %u Info IDs requested in Query list",
(unsigned int) (end - pos) / 2);
- while (pos + 2 <= end) {
+ while (end - pos >= 2) {
rx_anqp_query_list_id(hapd, WPA_GET_LE16(pos), qi);
pos += 2;
}
@@ -906,7 +1080,7 @@
u32 oui;
u8 subtype;
- if (pos + 4 > end) {
+ if (end - pos < 4) {
wpa_printf(MSG_DEBUG, "ANQP: Too short vendor specific ANQP "
"Query element");
return;
@@ -942,7 +1116,7 @@
}
pos++;
- if (pos + 1 >= end)
+ if (end - pos <= 1)
return;
subtype = *pos++;
@@ -980,7 +1154,8 @@
buf = gas_serv_build_gas_resp_payload(hapd, qi->request,
qi->home_realm_query,
qi->home_realm_query_len,
- qi->icon_name, qi->icon_name_len);
+ qi->icon_name, qi->icon_name_len,
+ qi->extra_req, qi->num_extra_req);
wpa_hexdump_buf(MSG_MSGDUMP, "ANQP: Locally generated ANQP responses",
buf);
if (!buf)
@@ -1069,12 +1244,12 @@
adv_proto = pos++;
slen = *pos++;
- next = pos + slen;
- if (next > end || slen < 2) {
+ if (slen > end - pos || slen < 2) {
wpa_msg(hapd->msg_ctx, MSG_DEBUG,
"GAS: Invalid IE in GAS Initial Request");
return;
}
+ next = pos + slen;
pos++; /* skip QueryRespLenLimit and PAME-BI */
if (*pos != ACCESS_NETWORK_QUERY_PROTOCOL) {
@@ -1101,11 +1276,11 @@
pos = next;
/* Query Request */
- if (pos + 2 > end)
+ if (end - pos < 2)
return;
slen = WPA_GET_LE16(pos);
pos += 2;
- if (pos + slen > end)
+ if (slen > end - pos)
return;
end = pos + slen;
@@ -1113,7 +1288,7 @@
while (pos < end) {
u16 info_id, elen;
- if (pos + 4 > end)
+ if (end - pos < 4)
return;
info_id = WPA_GET_LE16(pos);
@@ -1121,7 +1296,7 @@
elen = WPA_GET_LE16(pos);
pos += 2;
- if (pos + elen > end) {
+ if (elen > end - pos) {
wpa_printf(MSG_DEBUG, "ANQP: Invalid Query Request");
return;
}
diff --git a/src/ap/gas_serv.h b/src/ap/gas_serv.h
index 4ec3201..9051e4f 100644
--- a/src/ap/gas_serv.h
+++ b/src/ap/gas_serv.h
@@ -9,10 +9,13 @@
#ifndef GAS_SERV_H
#define GAS_SERV_H
+/* First 16 ANQP InfoIDs can be included in the optimized bitmap */
#define ANQP_REQ_CAPABILITY_LIST \
(1 << (ANQP_CAPABILITY_LIST - ANQP_QUERY_LIST))
#define ANQP_REQ_VENUE_NAME \
(1 << (ANQP_VENUE_NAME - ANQP_QUERY_LIST))
+#define ANQP_REQ_EMERGENCY_CALL_NUMBER \
+ (1 << (ANQP_EMERGENCY_CALL_NUMBER - ANQP_QUERY_LIST))
#define ANQP_REQ_NETWORK_AUTH_TYPE \
(1 << (ANQP_NETWORK_AUTH_TYPE - ANQP_QUERY_LIST))
#define ANQP_REQ_ROAMING_CONSORTIUM \
@@ -23,8 +26,24 @@
(1 << (ANQP_NAI_REALM - ANQP_QUERY_LIST))
#define ANQP_REQ_3GPP_CELLULAR_NETWORK \
(1 << (ANQP_3GPP_CELLULAR_NETWORK - ANQP_QUERY_LIST))
+#define ANQP_REQ_AP_GEOSPATIAL_LOCATION \
+ (1 << (ANQP_AP_GEOSPATIAL_LOCATION - ANQP_QUERY_LIST))
+#define ANQP_REQ_AP_CIVIC_LOCATION \
+ (1 << (ANQP_AP_CIVIC_LOCATION - ANQP_QUERY_LIST))
+#define ANQP_REQ_AP_LOCATION_PUBLIC_URI \
+ (1 << (ANQP_AP_LOCATION_PUBLIC_URI - ANQP_QUERY_LIST))
#define ANQP_REQ_DOMAIN_NAME \
(1 << (ANQP_DOMAIN_NAME - ANQP_QUERY_LIST))
+#define ANQP_REQ_EMERGENCY_ALERT_URI \
+ (1 << (ANQP_EMERGENCY_ALERT_URI - ANQP_QUERY_LIST))
+#define ANQP_REQ_TDLS_CAPABILITY \
+ (1 << (ANQP_TDLS_CAPABILITY - ANQP_QUERY_LIST))
+#define ANQP_REQ_EMERGENCY_NAI \
+ (1 << (ANQP_EMERGENCY_NAI - ANQP_QUERY_LIST))
+/*
+ * First 16 Hotspot 2.0 vendor specific ANQP-elements can be included in the
+ * optimized bitmap.
+ */
#define ANQP_REQ_HS_CAPABILITY_LIST \
(0x10000 << HS20_STYPE_CAPABILITY_LIST)
#define ANQP_REQ_OPERATOR_FRIENDLY_NAME \
diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c
index 5abe5ed..b10b454 100644
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -12,11 +12,13 @@
#include "utils/eloop.h"
#include "common/ieee802_11_defs.h"
#include "common/wpa_ctrl.h"
+#include "common/hw_features_common.h"
#include "radius/radius_client.h"
#include "radius/radius_das.h"
#include "eap_server/tncs.h"
#include "eapol_auth/eapol_auth_sm.h"
#include "eapol_auth/eapol_auth_sm_i.h"
+#include "fst/fst.h"
#include "hostapd.h"
#include "authsrv.h"
#include "sta_info.h"
@@ -260,6 +262,7 @@
{
os_free(hapd->probereq_cb);
hapd->probereq_cb = NULL;
+ hapd->num_probereq_cb = 0;
#ifdef CONFIG_P2P
wpabuf_free(hapd->p2p_beacon_ie);
@@ -354,6 +357,22 @@
}
+static void sta_track_deinit(struct hostapd_iface *iface)
+{
+ struct hostapd_sta_info *info;
+
+ if (!iface->num_sta_seen)
+ return;
+
+ while ((info = dl_list_first(&iface->sta_seen, struct hostapd_sta_info,
+ list))) {
+ dl_list_del(&info->list);
+ iface->num_sta_seen--;
+ os_free(info);
+ }
+}
+
+
static void hostapd_cleanup_iface_partial(struct hostapd_iface *iface)
{
wpa_printf(MSG_DEBUG, "%s(%p)", __func__, iface);
@@ -369,6 +388,7 @@
os_free(iface->basic_rates);
iface->basic_rates = NULL;
ap_list_deinit(iface);
+ sta_track_deinit(iface);
}
@@ -1364,15 +1384,134 @@
}
-/**
- * hostapd_setup_interface_complete - Complete interface setup
- *
- * This function is called when previous steps in the interface setup has been
- * completed. This can also start operations, e.g., DFS, that will require
- * additional processing before interface is ready to be enabled. Such
- * operations will call this function from eloop callbacks when finished.
- */
-int hostapd_setup_interface_complete(struct hostapd_iface *iface, int err)
+#ifdef CONFIG_FST
+
+static const u8 * fst_hostapd_get_bssid_cb(void *ctx)
+{
+ struct hostapd_data *hapd = ctx;
+
+ return hapd->own_addr;
+}
+
+
+static void fst_hostapd_get_channel_info_cb(void *ctx,
+ enum hostapd_hw_mode *hw_mode,
+ u8 *channel)
+{
+ struct hostapd_data *hapd = ctx;
+
+ *hw_mode = ieee80211_freq_to_chan(hapd->iface->freq, channel);
+}
+
+
+static void fst_hostapd_set_ies_cb(void *ctx, const struct wpabuf *fst_ies)
+{
+ struct hostapd_data *hapd = ctx;
+
+ if (hapd->iface->fst_ies != fst_ies) {
+ hapd->iface->fst_ies = fst_ies;
+ if (ieee802_11_set_beacon(hapd))
+ wpa_printf(MSG_WARNING, "FST: Cannot set beacon");
+ }
+}
+
+
+static int fst_hostapd_send_action_cb(void *ctx, const u8 *da,
+ struct wpabuf *buf)
+{
+ struct hostapd_data *hapd = ctx;
+
+ return hostapd_drv_send_action(hapd, hapd->iface->freq, 0, da,
+ wpabuf_head(buf), wpabuf_len(buf));
+}
+
+
+static const struct wpabuf * fst_hostapd_get_mb_ie_cb(void *ctx, const u8 *addr)
+{
+ struct hostapd_data *hapd = ctx;
+ struct sta_info *sta = ap_get_sta(hapd, addr);
+
+ return sta ? sta->mb_ies : NULL;
+}
+
+
+static void fst_hostapd_update_mb_ie_cb(void *ctx, const u8 *addr,
+ const u8 *buf, size_t size)
+{
+ struct hostapd_data *hapd = ctx;
+ struct sta_info *sta = ap_get_sta(hapd, addr);
+
+ if (sta) {
+ struct mb_ies_info info;
+
+ if (!mb_ies_info_by_ies(&info, buf, size)) {
+ wpabuf_free(sta->mb_ies);
+ sta->mb_ies = mb_ies_by_info(&info);
+ }
+ }
+}
+
+
+static const u8 * fst_hostapd_get_sta(struct fst_get_peer_ctx **get_ctx,
+ Boolean mb_only)
+{
+ struct sta_info *s = (struct sta_info *) *get_ctx;
+
+ if (mb_only) {
+ for (; s && !s->mb_ies; s = s->next)
+ ;
+ }
+
+ if (s) {
+ *get_ctx = (struct fst_get_peer_ctx *) s->next;
+
+ return s->addr;
+ }
+
+ *get_ctx = NULL;
+ return NULL;
+}
+
+
+static const u8 * fst_hostapd_get_peer_first(void *ctx,
+ struct fst_get_peer_ctx **get_ctx,
+ Boolean mb_only)
+{
+ struct hostapd_data *hapd = ctx;
+
+ *get_ctx = (struct fst_get_peer_ctx *) hapd->sta_list;
+
+ return fst_hostapd_get_sta(get_ctx, mb_only);
+}
+
+
+static const u8 * fst_hostapd_get_peer_next(void *ctx,
+ struct fst_get_peer_ctx **get_ctx,
+ Boolean mb_only)
+{
+ return fst_hostapd_get_sta(get_ctx, mb_only);
+}
+
+
+void fst_hostapd_fill_iface_obj(struct hostapd_data *hapd,
+ struct fst_wpa_obj *iface_obj)
+{
+ iface_obj->ctx = hapd;
+ iface_obj->get_bssid = fst_hostapd_get_bssid_cb;
+ iface_obj->get_channel_info = fst_hostapd_get_channel_info_cb;
+ iface_obj->set_ies = fst_hostapd_set_ies_cb;
+ iface_obj->send_action = fst_hostapd_send_action_cb;
+ iface_obj->get_mb_ie = fst_hostapd_get_mb_ie_cb;
+ iface_obj->update_mb_ie = fst_hostapd_update_mb_ie_cb;
+ iface_obj->get_peer_first = fst_hostapd_get_peer_first;
+ iface_obj->get_peer_next = fst_hostapd_get_peer_next;
+}
+
+#endif /* CONFIG_FST */
+
+
+static int hostapd_setup_interface_complete_sync(struct hostapd_iface *iface,
+ int err)
{
struct hostapd_data *hapd = iface->bss[0];
size_t j;
@@ -1496,6 +1635,7 @@
hostapd_tx_queue_params(iface);
ap_list_init(iface);
+ dl_list_init(&iface->sta_seen);
hostapd_set_acl(hapd);
@@ -1529,6 +1669,22 @@
#ifdef NEED_AP_MLME
dfs_offload:
#endif /* NEED_AP_MLME */
+
+#ifdef CONFIG_FST
+ if (hapd->iconf->fst_cfg.group_id[0]) {
+ struct fst_wpa_obj iface_obj;
+
+ fst_hostapd_fill_iface_obj(hapd, &iface_obj);
+ iface->fst = fst_attach(hapd->conf->iface, hapd->own_addr,
+ &iface_obj, &hapd->iconf->fst_cfg);
+ if (!iface->fst) {
+ wpa_printf(MSG_ERROR, "Could not attach to FST %s",
+ hapd->iconf->fst_cfg.group_id);
+ goto fail;
+ }
+ }
+#endif /* CONFIG_FST */
+
hostapd_set_state(iface, HAPD_IFACE_ENABLED);
wpa_msg(iface->bss[0]->msg_ctx, MSG_INFO, AP_EVENT_ENABLED);
if (hapd->setup_complete_cb)
@@ -1545,6 +1701,12 @@
wpa_printf(MSG_ERROR, "Interface initialization failed");
hostapd_set_state(iface, HAPD_IFACE_DISABLED);
wpa_msg(hapd->msg_ctx, MSG_INFO, AP_EVENT_DISABLED);
+#ifdef CONFIG_FST
+ if (iface->fst) {
+ fst_detach(iface->fst);
+ iface->fst = NULL;
+ }
+#endif /* CONFIG_FST */
if (iface->interfaces && iface->interfaces->terminate_on_error)
eloop_terminate();
return -1;
@@ -1552,6 +1714,89 @@
/**
+ * hostapd_setup_interface_complete - Complete interface setup
+ *
+ * This function is called when previous steps in the interface setup has been
+ * completed. This can also start operations, e.g., DFS, that will require
+ * additional processing before interface is ready to be enabled. Such
+ * operations will call this function from eloop callbacks when finished.
+ */
+int hostapd_setup_interface_complete(struct hostapd_iface *iface, int err)
+{
+ struct hapd_interfaces *interfaces = iface->interfaces;
+ struct hostapd_data *hapd = iface->bss[0];
+ unsigned int i;
+ int not_ready_in_sync_ifaces = 0;
+
+ if (!iface->need_to_start_in_sync)
+ return hostapd_setup_interface_complete_sync(iface, err);
+
+ if (err) {
+ wpa_printf(MSG_ERROR, "Interface initialization failed");
+ hostapd_set_state(iface, HAPD_IFACE_DISABLED);
+ iface->need_to_start_in_sync = 0;
+ wpa_msg(hapd->msg_ctx, MSG_INFO, AP_EVENT_DISABLED);
+ if (interfaces && interfaces->terminate_on_error)
+ eloop_terminate();
+ return -1;
+ }
+
+ if (iface->ready_to_start_in_sync) {
+ /* Already in ready and waiting. should never happpen */
+ return 0;
+ }
+
+ for (i = 0; i < interfaces->count; i++) {
+ if (interfaces->iface[i]->need_to_start_in_sync &&
+ !interfaces->iface[i]->ready_to_start_in_sync)
+ not_ready_in_sync_ifaces++;
+ }
+
+ /*
+ * Check if this is the last interface, if yes then start all the other
+ * waiting interfaces. If not, add this interface to the waiting list.
+ */
+ if (not_ready_in_sync_ifaces > 1 && iface->state == HAPD_IFACE_DFS) {
+ /*
+ * If this interface went through CAC, do not synchronize, just
+ * start immediately.
+ */
+ iface->need_to_start_in_sync = 0;
+ wpa_printf(MSG_INFO,
+ "%s: Finished CAC - bypass sync and start interface",
+ iface->bss[0]->conf->iface);
+ return hostapd_setup_interface_complete_sync(iface, err);
+ }
+
+ if (not_ready_in_sync_ifaces > 1) {
+ /* need to wait as there are other interfaces still coming up */
+ iface->ready_to_start_in_sync = 1;
+ wpa_printf(MSG_INFO,
+ "%s: Interface waiting to sync with other interfaces",
+ iface->bss[0]->conf->iface);
+ return 0;
+ }
+
+ wpa_printf(MSG_INFO,
+ "%s: Last interface to sync - starting all interfaces",
+ iface->bss[0]->conf->iface);
+ iface->need_to_start_in_sync = 0;
+ hostapd_setup_interface_complete_sync(iface, err);
+ for (i = 0; i < interfaces->count; i++) {
+ if (interfaces->iface[i]->need_to_start_in_sync &&
+ interfaces->iface[i]->ready_to_start_in_sync) {
+ hostapd_setup_interface_complete_sync(
+ interfaces->iface[i], 0);
+ /* Only once the interfaces are sync started */
+ interfaces->iface[i]->need_to_start_in_sync = 0;
+ }
+ }
+
+ return 0;
+}
+
+
+/**
* hostapd_setup_interface - Setup of an interface
* @iface: Pointer to interface data.
* Returns: 0 on success, -1 on failure
@@ -1644,6 +1889,13 @@
eloop_cancel_timeout(channel_list_update_timeout, iface, NULL);
iface->wait_channel_update = 0;
+#ifdef CONFIG_FST
+ if (iface->fst) {
+ fst_detach(iface->fst);
+ iface->fst = NULL;
+ }
+#endif /* CONFIG_FST */
+
for (j = iface->num_bss - 1; j >= 0; j--)
hostapd_bss_deinit(iface->bss[j]);
}
@@ -2030,7 +2282,7 @@
static struct hostapd_config *
hostapd_config_alloc(struct hapd_interfaces *interfaces, const char *ifname,
- const char *ctrl_iface)
+ const char *ctrl_iface, const char *driver)
{
struct hostapd_bss_config *bss;
struct hostapd_config *conf;
@@ -2043,6 +2295,21 @@
return NULL;
}
+ if (driver) {
+ int j;
+
+ for (j = 0; wpa_drivers[j]; j++) {
+ if (os_strcmp(driver, wpa_drivers[j]->name) == 0) {
+ conf->driver = wpa_drivers[j];
+ goto skip;
+ }
+ }
+
+ wpa_printf(MSG_ERROR,
+ "Invalid/unknown driver '%s' - registering the default driver",
+ driver);
+ }
+
conf->driver = wpa_drivers[0];
if (conf->driver == NULL) {
wpa_printf(MSG_ERROR, "No driver wrappers registered!");
@@ -2050,6 +2317,7 @@
return NULL;
}
+skip:
bss = conf->last_bss = conf->bss[0];
os_strlcpy(bss->iface, ifname, sizeof(bss->iface));
@@ -2210,8 +2478,14 @@
if (conf && conf->bss)
os_strlcpy(conf->bss[0]->iface, buf,
sizeof(conf->bss[0]->iface));
- } else
- conf = hostapd_config_alloc(interfaces, buf, ptr);
+ } else {
+ char *driver = os_strchr(ptr, ' ');
+
+ if (driver)
+ *driver++ = '\0';
+ conf = hostapd_config_alloc(interfaces, buf, ptr, driver);
+ }
+
if (conf == NULL || conf->bss == NULL) {
wpa_printf(MSG_ERROR, "%s: Failed to allocate memory "
"for configuration", __func__);
@@ -2436,6 +2710,17 @@
}
+int hostapd_csa_in_progress(struct hostapd_iface *iface)
+{
+ unsigned int i;
+
+ for (i = 0; i < iface->num_bss; i++)
+ if (iface->bss[i]->csa_in_progress)
+ return 1;
+ return 0;
+}
+
+
#ifdef NEED_AP_MLME
static void free_beacon_data(struct beacon_data *beacon)
@@ -2547,9 +2832,9 @@
/*
- * TODO: This flow currently supports only changing frequency within the
- * same hw_mode. Any other changes to MAC parameters or provided settings (even
- * width) are not supported.
+ * TODO: This flow currently supports only changing channel and width within
+ * the same hw_mode. Any other changes to MAC parameters or provided settings
+ * are not supported.
*/
static int hostapd_change_config_freq(struct hostapd_data *hapd,
struct hostapd_config *conf,
@@ -2568,15 +2853,44 @@
return -1;
/* if a pointer to old_params is provided we save previous state */
- if (old_params) {
- old_params->channel = conf->channel;
- old_params->ht_enabled = conf->ieee80211n;
- old_params->sec_channel_offset = conf->secondary_channel;
+ if (old_params &&
+ hostapd_set_freq_params(old_params, conf->hw_mode,
+ hostapd_hw_get_freq(hapd, conf->channel),
+ conf->channel, conf->ieee80211n,
+ conf->ieee80211ac,
+ conf->secondary_channel,
+ conf->vht_oper_chwidth,
+ conf->vht_oper_centr_freq_seg0_idx,
+ conf->vht_oper_centr_freq_seg1_idx,
+ conf->vht_capab))
+ return -1;
+
+ switch (params->bandwidth) {
+ case 0:
+ case 20:
+ case 40:
+ conf->vht_oper_chwidth = VHT_CHANWIDTH_USE_HT;
+ break;
+ case 80:
+ if (params->center_freq2)
+ conf->vht_oper_chwidth = VHT_CHANWIDTH_80P80MHZ;
+ else
+ conf->vht_oper_chwidth = VHT_CHANWIDTH_80MHZ;
+ break;
+ case 160:
+ conf->vht_oper_chwidth = VHT_CHANWIDTH_160MHZ;
+ break;
+ default:
+ return -1;
}
conf->channel = channel;
conf->ieee80211n = params->ht_enabled;
conf->secondary_channel = params->sec_channel_offset;
+ ieee80211_freq_to_chan(params->center_freq1,
+ &conf->vht_oper_centr_freq_seg0_idx);
+ ieee80211_freq_to_chan(params->center_freq2,
+ &conf->vht_oper_centr_freq_seg1_idx);
/* TODO: maybe call here hostapd_config_check here? */
@@ -2590,11 +2904,43 @@
struct hostapd_iface *iface = hapd->iface;
struct hostapd_freq_params old_freq;
int ret;
+ u8 chan, vht_bandwidth;
os_memset(&old_freq, 0, sizeof(old_freq));
if (!iface || !iface->freq || hapd->csa_in_progress)
return -1;
+ switch (settings->freq_params.bandwidth) {
+ case 80:
+ if (settings->freq_params.center_freq2)
+ vht_bandwidth = VHT_CHANWIDTH_80P80MHZ;
+ else
+ vht_bandwidth = VHT_CHANWIDTH_80MHZ;
+ break;
+ case 160:
+ vht_bandwidth = VHT_CHANWIDTH_160MHZ;
+ break;
+ default:
+ vht_bandwidth = VHT_CHANWIDTH_USE_HT;
+ break;
+ }
+
+ if (ieee80211_freq_to_channel_ext(
+ settings->freq_params.freq,
+ settings->freq_params.sec_channel_offset,
+ vht_bandwidth,
+ &hapd->iface->cs_oper_class,
+ &chan) == NUM_HOSTAPD_MODES) {
+ wpa_printf(MSG_DEBUG,
+ "invalid frequency for channel switch (freq=%d, sec_channel_offset=%d, vht_enabled=%d)",
+ settings->freq_params.freq,
+ settings->freq_params.sec_channel_offset,
+ settings->freq_params.vht_enabled);
+ return -1;
+ }
+
+ settings->freq_params.channel = chan;
+
ret = hostapd_change_config_freq(iface->bss[0], iface->conf,
&settings->freq_params,
&old_freq);
@@ -2621,8 +2967,10 @@
return ret;
}
- settings->counter_offset_beacon = hapd->cs_c_off_beacon;
- settings->counter_offset_presp = hapd->cs_c_off_proberesp;
+ settings->counter_offset_beacon[0] = hapd->cs_c_off_beacon;
+ settings->counter_offset_presp[0] = hapd->cs_c_off_proberesp;
+ settings->counter_offset_beacon[1] = hapd->cs_c_off_ecsa_beacon;
+ settings->counter_offset_presp[1] = hapd->cs_c_off_ecsa_proberesp;
return 0;
}
@@ -2636,6 +2984,8 @@
hapd->cs_c_off_beacon = 0;
hapd->cs_c_off_proberesp = 0;
hapd->csa_in_progress = 0;
+ hapd->cs_c_off_ecsa_beacon = 0;
+ hapd->cs_c_off_ecsa_proberesp = 0;
}
@@ -2723,4 +3073,43 @@
hostapd_enable_iface(iface);
}
+
+struct hostapd_data * hostapd_get_iface(struct hapd_interfaces *interfaces,
+ const char *ifname)
+{
+ size_t i, j;
+
+ for (i = 0; i < interfaces->count; i++) {
+ struct hostapd_iface *iface = interfaces->iface[i];
+
+ for (j = 0; j < iface->num_bss; j++) {
+ struct hostapd_data *hapd = iface->bss[j];
+
+ if (os_strcmp(ifname, hapd->conf->iface) == 0)
+ return hapd;
+ }
+ }
+
+ return NULL;
+}
+
#endif /* NEED_AP_MLME */
+
+
+void hostapd_periodic_iface(struct hostapd_iface *iface)
+{
+ size_t i;
+
+ ap_list_timer(iface);
+
+ for (i = 0; i < iface->num_bss; i++) {
+ struct hostapd_data *hapd = iface->bss[i];
+
+ if (!hapd->started)
+ continue;
+
+#ifndef CONFIG_NO_RADIUS
+ hostapd_acl_expire(hapd);
+#endif /* CONFIG_NO_RADIUS */
+ }
+}
diff --git a/src/ap/hostapd.h b/src/ap/hostapd.h
index dc71694..8161a59 100644
--- a/src/ap/hostapd.h
+++ b/src/ap/hostapd.h
@@ -228,6 +228,8 @@
unsigned int cs_c_off_beacon;
unsigned int cs_c_off_proberesp;
int csa_in_progress;
+ unsigned int cs_c_off_ecsa_beacon;
+ unsigned int cs_c_off_ecsa_proberesp;
/* BSS Load */
unsigned int bss_load_update_timeout;
@@ -269,6 +271,7 @@
/** Key used for generating SAE anti-clogging tokens */
u8 sae_token_key[8];
struct os_reltime last_sae_token_key_update;
+ int dot11RSNASAERetransPeriod; /* msec */
#endif /* CONFIG_SAE */
#ifdef CONFIG_TESTING_OPTIONS
@@ -280,6 +283,12 @@
};
+struct hostapd_sta_info {
+ struct dl_list list;
+ u8 addr[ETH_ALEN];
+ struct os_reltime last_seen;
+};
+
/**
* struct hostapd_iface - hostapd per-interface data structure
*/
@@ -309,6 +318,10 @@
unsigned int wait_channel_update:1;
unsigned int cac_started:1;
+#ifdef CONFIG_FST
+ struct fst_iface *fst;
+ const struct wpabuf *fst_ies;
+#endif /* CONFIG_FST */
/*
* When set, indicates that the driver will handle the AP
@@ -316,6 +329,15 @@
*/
unsigned int driver_ap_teardown:1;
+ /*
+ * When set, indicates that this interface is part of list of
+ * interfaces that need to be started together (synchronously).
+ */
+ unsigned int need_to_start_in_sync:1;
+
+ /* Ready to start but waiting for other interfaces to become ready. */
+ unsigned int ready_to_start_in_sync:1;
+
int num_ap; /* number of entries in ap_list */
struct ap_info *ap_list; /* AP info list head */
struct ap_info *ap_hash[STA_HASH_SIZE];
@@ -391,6 +413,9 @@
u64 last_channel_time_busy;
u8 channel_utilization;
+ /* eCSA IE will be added only if operating class is specified */
+ u8 cs_oper_class;
+
unsigned int dfs_cac_ms;
struct os_reltime dfs_cac_start;
@@ -404,6 +429,9 @@
void (*scan_cb)(struct hostapd_iface *iface);
int num_ht40_scan_tries;
+
+ struct dl_list sta_seen; /* struct hostapd_sta_info */
+ unsigned int num_sta_seen;
};
/* hostapd.c */
@@ -435,12 +463,14 @@
void hostapd_channel_list_updated(struct hostapd_iface *iface, int initiator);
void hostapd_set_state(struct hostapd_iface *iface, enum hostapd_iface_state s);
const char * hostapd_state_text(enum hostapd_iface_state s);
+int hostapd_csa_in_progress(struct hostapd_iface *iface);
int hostapd_switch_channel(struct hostapd_data *hapd,
struct csa_settings *settings);
void
hostapd_switch_channel_fallback(struct hostapd_iface *iface,
const struct hostapd_freq_params *freq_params);
void hostapd_cleanup_cs_params(struct hostapd_data *hapd);
+void hostapd_periodic_iface(struct hostapd_iface *iface);
/* utils.c */
int hostapd_register_probereq_cb(struct hostapd_data *hapd,
@@ -468,4 +498,12 @@
hostapd_get_eap_user(struct hostapd_data *hapd, const u8 *identity,
size_t identity_len, int phase2);
+struct hostapd_data * hostapd_get_iface(struct hapd_interfaces *interfaces,
+ const char *ifname);
+
+#ifdef CONFIG_FST
+void fst_hostapd_fill_iface_obj(struct hostapd_data *hapd,
+ struct fst_wpa_obj *iface_obj);
+#endif /* CONFIG_FST */
+
#endif /* HOSTAPD_H */
diff --git a/src/ap/hw_features.c b/src/ap/hw_features.c
index 28324a8..fc8786d 100644
--- a/src/ap/hw_features.c
+++ b/src/ap/hw_features.c
@@ -260,8 +260,14 @@
res = check_40mhz_5g(iface->current_mode, scan_res, pri_chan, sec_chan);
- if (res == 2)
- ieee80211n_switch_pri_sec(iface);
+ if (res == 2) {
+ if (iface->conf->no_pri_sec_switch) {
+ wpa_printf(MSG_DEBUG,
+ "Cannot switch PRI/SEC channels due to local constraint");
+ } else {
+ ieee80211n_switch_pri_sec(iface);
+ }
+ }
return !!res;
}
@@ -726,6 +732,15 @@
int ret;
if (!iface->conf->ieee80211n)
return 0;
+
+ if (iface->current_mode->mode != HOSTAPD_MODE_IEEE80211B &&
+ iface->current_mode->mode != HOSTAPD_MODE_IEEE80211G &&
+ (iface->conf->ht_capab & HT_CAP_INFO_DSSS_CCK40MHZ)) {
+ wpa_printf(MSG_DEBUG,
+ "Disable HT capability [DSSS_CCK-40] on 5 GHz band");
+ iface->conf->ht_capab &= ~HT_CAP_INFO_DSSS_CCK40MHZ;
+ }
+
if (!ieee80211n_supported_ht_capab(iface))
return -1;
#ifdef CONFIG_IEEE80211AC
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index db20c86..01b514e 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -23,6 +23,7 @@
#include "radius/radius_client.h"
#include "p2p/p2p.h"
#include "wps/wps.h"
+#include "fst/fst.h"
#include "hostapd.h"
#include "beacon.h"
#include "ieee802_11_auth.h"
@@ -38,6 +39,7 @@
#include "p2p_hostapd.h"
#include "ap_drv_ops.h"
#include "wnm_ap.h"
+#include "hw_features.h"
#include "ieee802_11.h"
#include "dfs.h"
@@ -191,6 +193,7 @@
}
+#ifndef CONFIG_NO_RC4
static u16 auth_shared_key(struct hostapd_data *hapd, struct sta_info *sta,
u16 auth_transaction, const u8 *challenge,
int iswep)
@@ -244,6 +247,7 @@
return 0;
}
+#endif /* CONFIG_NO_RC4 */
static void send_auth_reply(struct hostapd_data *hapd,
@@ -313,7 +317,6 @@
#ifdef CONFIG_SAE
-#define dot11RSNASAERetransPeriod 40 /* msec */
#define dot11RSNASAESync 5 /* attempts */
@@ -496,12 +499,14 @@
switch (sta->sae->state) {
case SAE_COMMITTED:
ret = auth_sae_send_commit(hapd, sta, hapd->own_addr, 0);
- eloop_register_timeout(0, dot11RSNASAERetransPeriod * 1000,
+ eloop_register_timeout(0,
+ hapd->dot11RSNASAERetransPeriod * 1000,
auth_sae_retransmit_timer, hapd, sta);
break;
case SAE_CONFIRMED:
ret = auth_sae_send_confirm(hapd, sta, hapd->own_addr);
- eloop_register_timeout(0, dot11RSNASAERetransPeriod * 1000,
+ eloop_register_timeout(0,
+ hapd->dot11RSNASAERetransPeriod * 1000,
auth_sae_retransmit_timer, hapd, sta);
break;
default:
@@ -527,7 +532,7 @@
return;
eloop_cancel_timeout(auth_sae_retransmit_timer, hapd, sta);
- eloop_register_timeout(0, dot11RSNASAERetransPeriod * 1000,
+ eloop_register_timeout(0, hapd->dot11RSNASAERetransPeriod * 1000,
auth_sae_retransmit_timer, hapd, sta);
}
@@ -925,6 +930,16 @@
challenge ? " challenge" : "",
seq_ctrl, (fc & WLAN_FC_RETRY) ? " retry" : "");
+#ifdef CONFIG_NO_RC4
+ if (auth_alg == WLAN_AUTH_SHARED_KEY) {
+ wpa_printf(MSG_INFO,
+ "Unsupported authentication algorithm (%d)",
+ auth_alg);
+ resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG;
+ goto fail;
+ }
+#endif /* CONFIG_NO_RC4 */
+
if (hapd->tkip_countermeasures) {
resp = WLAN_REASON_MICHAEL_MIC_FAILURE;
goto fail;
@@ -963,6 +978,61 @@
goto fail;
}
+ if (hapd->conf->no_auth_if_seen_on) {
+ struct hostapd_data *other;
+
+ other = sta_track_seen_on(hapd->iface, mgmt->sa,
+ hapd->conf->no_auth_if_seen_on);
+ if (other) {
+ u8 *pos;
+ u32 info;
+ u8 op_class, channel, phytype;
+
+ wpa_printf(MSG_DEBUG, "%s: Reject authentication from "
+ MACSTR " since STA has been seen on %s",
+ hapd->conf->iface, MAC2STR(mgmt->sa),
+ hapd->conf->no_auth_if_seen_on);
+
+ resp = WLAN_STATUS_REJECTED_WITH_SUGGESTED_BSS_TRANSITION;
+ pos = &resp_ies[0];
+ *pos++ = WLAN_EID_NEIGHBOR_REPORT;
+ *pos++ = 13;
+ os_memcpy(pos, other->own_addr, ETH_ALEN);
+ pos += ETH_ALEN;
+ info = 0; /* TODO: BSSID Information */
+ WPA_PUT_LE32(pos, info);
+ pos += 4;
+ if (other->iconf->hw_mode == HOSTAPD_MODE_IEEE80211AD)
+ phytype = 8; /* dmg */
+ else if (other->iconf->ieee80211ac)
+ phytype = 9; /* vht */
+ else if (other->iconf->ieee80211n)
+ phytype = 7; /* ht */
+ else if (other->iconf->hw_mode ==
+ HOSTAPD_MODE_IEEE80211A)
+ phytype = 4; /* ofdm */
+ else if (other->iconf->hw_mode ==
+ HOSTAPD_MODE_IEEE80211G)
+ phytype = 6; /* erp */
+ else
+ phytype = 5; /* hrdsss */
+ if (ieee80211_freq_to_channel_ext(
+ hostapd_hw_get_freq(other,
+ other->iconf->channel),
+ other->iconf->secondary_channel,
+ other->iconf->ieee80211ac,
+ &op_class, &channel) == NUM_HOSTAPD_MODES) {
+ op_class = 0;
+ channel = other->iconf->channel;
+ }
+ *pos++ = op_class;
+ *pos++ = channel;
+ *pos++ = phytype;
+ resp_ies_len = pos - &resp_ies[0];
+ goto fail;
+ }
+ }
+
res = hostapd_allowed_address(hapd, mgmt->sa, (u8 *) mgmt, len,
&session_timeout,
&acct_interim_interval, &vlan_id,
@@ -1072,6 +1142,7 @@
sta->auth_alg = WLAN_AUTH_OPEN;
mlme_authenticate_indication(hapd, sta);
break;
+#ifndef CONFIG_NO_RC4
case WLAN_AUTH_SHARED_KEY:
resp = auth_shared_key(hapd, sta, auth_transaction, challenge,
fc & WLAN_FC_ISWEP);
@@ -1085,6 +1156,7 @@
resp_ies_len = 2 + WLAN_AUTH_CHALLENGE_LEN;
}
break;
+#endif /* CONFIG_NO_RC4 */
#ifdef CONFIG_IEEE80211R
case WLAN_AUTH_FT:
sta->auth_alg = WLAN_AUTH_FT;
@@ -1138,7 +1210,7 @@
}
-static int hostapd_get_aid(struct hostapd_data *hapd, struct sta_info *sta)
+int hostapd_get_aid(struct hostapd_data *hapd, struct sta_info *sta)
{
int i, j = 32, aid;
@@ -1255,6 +1327,9 @@
}
#endif /* CONFIG_INTERWORKING */
+ if (ext_capab_ie_len > 0)
+ sta->ecsa_supported = !!(ext_capab_ie[0] & BIT(2));
+
return WLAN_STATUS_SUCCESS;
}
@@ -1301,13 +1376,15 @@
#endif /* CONFIG_IEEE80211N */
#ifdef CONFIG_IEEE80211AC
- resp = copy_sta_vht_capab(hapd, sta, elems.vht_capabilities);
- if (resp != WLAN_STATUS_SUCCESS)
- return resp;
+ if (hapd->iconf->ieee80211ac) {
+ resp = copy_sta_vht_capab(hapd, sta, elems.vht_capabilities);
+ if (resp != WLAN_STATUS_SUCCESS)
+ return resp;
- resp = set_sta_vht_opmode(hapd, sta, elems.vht_opmode_notif);
- if (resp != WLAN_STATUS_SUCCESS)
- return resp;
+ resp = set_sta_vht_opmode(hapd, sta, elems.vht_opmode_notif);
+ if (resp != WLAN_STATUS_SUCCESS)
+ return resp;
+ }
if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht &&
!(sta->flags & WLAN_STA_VHT)) {
@@ -1535,6 +1612,14 @@
sta->hs20_ie = NULL;
#endif /* CONFIG_HS20 */
+#ifdef CONFIG_FST
+ wpabuf_free(sta->mb_ies);
+ if (hapd->iface->fst)
+ sta->mb_ies = mb_ies_by_info(&elems.mb_ies);
+ else
+ sta->mb_ies = NULL;
+#endif /* CONFIG_FST */
+
return WLAN_STATUS_SUCCESS;
}
@@ -1623,6 +1708,14 @@
if (sta->qos_map_enabled)
p = hostapd_eid_qos_map_set(hapd, p);
+#ifdef CONFIG_FST
+ if (hapd->iface->fst_ies) {
+ os_memcpy(p, wpabuf_head(hapd->iface->fst_ies),
+ wpabuf_len(hapd->iface->fst_ies));
+ p += wpabuf_len(hapd->iface->fst_ies);
+ }
+#endif /* CONFIG_FST */
+
#ifdef CONFIG_IEEE80211AC
if (hapd->conf->vendor_vht && (sta->flags & WLAN_STA_VENDOR_VHT))
p = hostapd_eid_vendor_vht(hapd, p);
@@ -2101,6 +2194,15 @@
ieee802_11_rx_wnm_action_ap(hapd, mgmt, len);
return 1;
#endif /* CONFIG_WNM */
+#ifdef CONFIG_FST
+ case WLAN_ACTION_FST:
+ if (hapd->iface->fst)
+ fst_rx_action(hapd->iface->fst, mgmt, len);
+ else
+ wpa_printf(MSG_DEBUG,
+ "FST: Ignore FST Action frame - no FST attached");
+ return 1;
+#endif /* CONFIG_FST */
case WLAN_ACTION_PUBLIC:
case WLAN_ACTION_PROTECTED_DUAL:
#ifdef CONFIG_IEEE80211N
@@ -2238,6 +2340,9 @@
return 0;
}
+ if (hapd->iconf->track_sta_max_num)
+ sta_track_add(hapd->iface, mgmt->sa);
+
switch (stype) {
case WLAN_FC_STYPE_AUTH:
wpa_printf(MSG_DEBUG, "mgmt::auth");
diff --git a/src/ap/ieee802_11.h b/src/ap/ieee802_11.h
index 44c1bff..a2dd132 100644
--- a/src/ap/ieee802_11.h
+++ b/src/ap/ieee802_11.h
@@ -49,9 +49,12 @@
u8 * hostapd_eid_ext_supp_rates(struct hostapd_data *hapd, u8 *eid);
u8 * hostapd_eid_ht_capabilities(struct hostapd_data *hapd, u8 *eid);
u8 * hostapd_eid_ht_operation(struct hostapd_data *hapd, u8 *eid);
+u8 * hostapd_eid_secondary_channel(struct hostapd_data *hapd, u8 *eid);
u8 * hostapd_eid_vht_capabilities(struct hostapd_data *hapd, u8 *eid);
u8 * hostapd_eid_vht_operation(struct hostapd_data *hapd, u8 *eid);
u8 * hostapd_eid_vendor_vht(struct hostapd_data *hapd, u8 *eid);
+u8 * hostapd_eid_wb_chsw_wrapper(struct hostapd_data *hapd, u8 *eid);
+
int hostapd_ht_operation_update(struct hostapd_iface *iface);
void ieee802_11_send_sa_query_req(struct hostapd_data *hapd,
const u8 *addr, const u8 *trans_id);
@@ -61,6 +64,7 @@
void hostapd_get_vht_capab(struct hostapd_data *hapd,
struct ieee80211_vht_capabilities *vht_cap,
struct ieee80211_vht_capabilities *neg_vht_cap);
+int hostapd_get_aid(struct hostapd_data *hapd, struct sta_info *sta);
u16 copy_sta_ht_capab(struct hostapd_data *hapd, struct sta_info *sta,
const u8 *ht_capab);
u16 copy_sta_vendor_vht(struct hostapd_data *hapd, struct sta_info *sta,
diff --git a/src/ap/ieee802_11_auth.c b/src/ap/ieee802_11_auth.c
index 0238257..531a67d 100644
--- a/src/ap/ieee802_11_auth.c
+++ b/src/ap/ieee802_11_auth.c
@@ -399,19 +399,15 @@
/**
* hostapd_acl_expire - ACL cache expiration callback
- * @eloop_ctx: struct hostapd_data *
- * @timeout_ctx: Not used
+ * @hapd: struct hostapd_data *
*/
-static void hostapd_acl_expire(void *eloop_ctx, void *timeout_ctx)
+void hostapd_acl_expire(struct hostapd_data *hapd)
{
- struct hostapd_data *hapd = eloop_ctx;
struct os_reltime now;
os_get_reltime(&now);
hostapd_acl_expire_cache(hapd, &now);
hostapd_acl_expire_queries(hapd, &now);
-
- eloop_register_timeout(10, 0, hostapd_acl_expire, hapd, NULL);
}
@@ -615,8 +611,6 @@
if (radius_client_register(hapd->radius, RADIUS_AUTH,
hostapd_acl_recv_radius, hapd))
return -1;
-
- eloop_register_timeout(10, 0, hostapd_acl_expire, hapd, NULL);
#endif /* CONFIG_NO_RADIUS */
return 0;
@@ -632,8 +626,6 @@
struct hostapd_acl_query_data *query, *prev;
#ifndef CONFIG_NO_RADIUS
- eloop_cancel_timeout(hostapd_acl_expire, hapd, NULL);
-
hostapd_acl_cache_free(hapd->acl_cache);
#endif /* CONFIG_NO_RADIUS */
diff --git a/src/ap/ieee802_11_auth.h b/src/ap/ieee802_11_auth.h
index 2bc1065..b66f244 100644
--- a/src/ap/ieee802_11_auth.h
+++ b/src/ap/ieee802_11_auth.h
@@ -24,5 +24,6 @@
int hostapd_acl_init(struct hostapd_data *hapd);
void hostapd_acl_deinit(struct hostapd_data *hapd);
void hostapd_free_psk_list(struct hostapd_sta_wpa_psk_short *psk);
+void hostapd_acl_expire(struct hostapd_data *hapd);
#endif /* IEEE802_11_AUTH_H */
diff --git a/src/ap/ieee802_11_ht.c b/src/ap/ieee802_11_ht.c
index 11fde2a..5eb1060 100644
--- a/src/ap/ieee802_11_ht.c
+++ b/src/ap/ieee802_11_ht.c
@@ -108,6 +108,29 @@
}
+u8 * hostapd_eid_secondary_channel(struct hostapd_data *hapd, u8 *eid)
+{
+ u8 sec_ch;
+
+ if (!hapd->cs_freq_params.channel ||
+ !hapd->cs_freq_params.sec_channel_offset)
+ return eid;
+
+ if (hapd->cs_freq_params.sec_channel_offset == -1)
+ sec_ch = HT_INFO_HT_PARAM_SECONDARY_CHNL_BELOW;
+ else if (hapd->cs_freq_params.sec_channel_offset == 1)
+ sec_ch = HT_INFO_HT_PARAM_SECONDARY_CHNL_ABOVE;
+ else
+ return eid;
+
+ *eid++ = WLAN_EID_SECONDARY_CHANNEL_OFFSET;
+ *eid++ = 1;
+ *eid++ = sec_ch;
+
+ return eid;
+}
+
+
/*
op_mode
Set to 0 (HT pure) under the followign conditions
diff --git a/src/ap/ieee802_11_shared.c b/src/ap/ieee802_11_shared.c
index d462ac8..9e3363e 100644
--- a/src/ap/ieee802_11_shared.c
+++ b/src/ap/ieee802_11_shared.c
@@ -172,6 +172,8 @@
case 0: /* Bits 0-7 */
if (hapd->iconf->obss_interval)
*pos |= 0x01; /* Bit 0 - Coexistence management */
+ if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_AP_CSA)
+ *pos |= 0x04; /* Bit 2 - Extended Channel Switching */
break;
case 1: /* Bits 8-15 */
if (hapd->conf->proxy_arp)
diff --git a/src/ap/ieee802_11_vht.c b/src/ap/ieee802_11_vht.c
index 5bf1b5d..8d2c428 100644
--- a/src/ap/ieee802_11_vht.c
+++ b/src/ap/ieee802_11_vht.c
@@ -131,6 +131,59 @@
}
+u8 * hostapd_eid_wb_chsw_wrapper(struct hostapd_data *hapd, u8 *eid)
+{
+ u8 bw, chan1, chan2 = 0;
+ int freq1;
+
+ if (!hapd->cs_freq_params.channel ||
+ !hapd->cs_freq_params.vht_enabled)
+ return eid;
+
+ /* bandwidth: 0: 40, 1: 80, 2: 160, 3: 80+80 */
+ switch (hapd->cs_freq_params.bandwidth) {
+ case 40:
+ bw = 0;
+ break;
+ case 80:
+ /* check if it's 80+80 */
+ if (!hapd->cs_freq_params.center_freq2)
+ bw = 1;
+ else
+ bw = 3;
+ break;
+ case 160:
+ bw = 2;
+ break;
+ default:
+ /* not valid VHT bandwidth or not in CSA */
+ return eid;
+ }
+
+ freq1 = hapd->cs_freq_params.center_freq1 ?
+ hapd->cs_freq_params.center_freq1 :
+ hapd->cs_freq_params.freq;
+ if (ieee80211_freq_to_chan(freq1, &chan1) !=
+ HOSTAPD_MODE_IEEE80211A)
+ return eid;
+
+ if (hapd->cs_freq_params.center_freq2 &&
+ ieee80211_freq_to_chan(hapd->cs_freq_params.center_freq2,
+ &chan2) != HOSTAPD_MODE_IEEE80211A)
+ return eid;
+
+ *eid++ = WLAN_EID_VHT_CHANNEL_SWITCH_WRAPPER;
+ *eid++ = 5; /* Length of Channel Switch Wrapper */
+ *eid++ = WLAN_EID_VHT_WIDE_BW_CHSWITCH;
+ *eid++ = 3; /* Length of Wide Bandwidth Channel Switch element */
+ *eid++ = bw; /* New Channel Width */
+ *eid++ = chan1; /* New Channel Center Frequency Segment 0 */
+ *eid++ = chan2; /* New Channel Center Frequency Segment 1 */
+
+ return eid;
+}
+
+
u16 copy_sta_vht_capab(struct hostapd_data *hapd, struct sta_info *sta,
const u8 *vht_capab)
{
diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
index d45b98f..68fdb72 100644
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
@@ -125,6 +125,9 @@
}
+#ifndef CONFIG_FIPS
+#ifndef CONFIG_NO_RC4
+
static void ieee802_1x_tx_key_one(struct hostapd_data *hapd,
struct sta_info *sta,
int idx, int broadcast,
@@ -204,7 +207,7 @@
}
-void ieee802_1x_tx_key(struct hostapd_data *hapd, struct sta_info *sta)
+static void ieee802_1x_tx_key(struct hostapd_data *hapd, struct sta_info *sta)
{
struct eapol_authenticator *eapol = hapd->eapol_auth;
struct eapol_state_machine *sm = sta->eapol_sm;
@@ -259,6 +262,9 @@
}
}
+#endif /* CONFIG_NO_RC4 */
+#endif /* CONFIG_FIPS */
+
const char *radius_mode_txt(struct hostapd_data *hapd)
{
@@ -1709,15 +1715,6 @@
ieee802_1x_check_hs20(hapd, sta, msg,
session_timeout_set ?
(int) session_timeout : -1);
- if (sm->eap_if->eapKeyAvailable && !sta->remediation &&
- !sta->hs20_deauth_requested &&
- wpa_auth_pmksa_add(sta->wpa_sm, sm->eapol_key_crypt,
- session_timeout_set ?
- (int) session_timeout : -1, sm) == 0) {
- hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_WPA,
- HOSTAPD_LEVEL_DEBUG,
- "Added PMKSA cache entry");
- }
break;
case RADIUS_CODE_ACCESS_REJECT:
sm->eap_if->aaaFail = TRUE;
@@ -2023,9 +2020,13 @@
static void _ieee802_1x_tx_key(void *ctx, void *sta_ctx)
{
+#ifndef CONFIG_FIPS
+#ifndef CONFIG_NO_RC4
struct hostapd_data *hapd = ctx;
struct sta_info *sta = sta_ctx;
ieee802_1x_tx_key(hapd, sta);
+#endif /* CONFIG_NO_RC4 */
+#endif /* CONFIG_FIPS */
}
@@ -2096,6 +2097,7 @@
conf.erp_send_reauth_start = hapd->conf->erp_send_reauth_start;
conf.erp_domain = hapd->conf->erp_domain;
conf.erp = hapd->conf->eap_server_erp;
+ conf.tls_session_lifetime = hapd->conf->tls_session_lifetime;
conf.pac_opaque_encr_key = hapd->conf->pac_opaque_encr_key;
conf.eap_fast_a_id = hapd->conf->eap_fast_a_id;
conf.eap_fast_a_id_len = hapd->conf->eap_fast_a_id_len;
@@ -2179,7 +2181,7 @@
{
eloop_cancel_timeout(ieee802_1x_rekey, hapd, NULL);
- if (hapd->driver != NULL &&
+ if (hapd->driver && hapd->drv_priv &&
(hapd->conf->ieee802_1x || hapd->conf->wpa))
hostapd_set_drv_ieee8021x(hapd, hapd->conf->iface, 0);
@@ -2573,7 +2575,7 @@
session_timeout = dot11RSNAConfigPMKLifetime;
if (success && key && len >= PMK_LEN && !sta->remediation &&
!sta->hs20_deauth_requested &&
- wpa_auth_pmksa_add(sta->wpa_sm, key, session_timeout,
+ wpa_auth_pmksa_add(sta->wpa_sm, key, len, session_timeout,
sta->eapol_sm) == 0) {
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_WPA,
HOSTAPD_LEVEL_DEBUG,
diff --git a/src/ap/ieee802_1x.h b/src/ap/ieee802_1x.h
index de6e0e7..14d6955 100644
--- a/src/ap/ieee802_1x.h
+++ b/src/ap/ieee802_1x.h
@@ -23,7 +23,6 @@
void ieee802_1x_new_station(struct hostapd_data *hapd, struct sta_info *sta);
void ieee802_1x_free_station(struct sta_info *sta);
-void ieee802_1x_tx_key(struct hostapd_data *hapd, struct sta_info *sta);
void ieee802_1x_abort_auth(struct hostapd_data *hapd, struct sta_info *sta);
void ieee802_1x_set_sta_authorized(struct hostapd_data *hapd,
struct sta_info *sta, int authorized);
diff --git a/src/ap/ndisc_snoop.c b/src/ap/ndisc_snoop.c
index 0adcc97..4a87721 100644
--- a/src/ap/ndisc_snoop.c
+++ b/src/ap/ndisc_snoop.c
@@ -98,7 +98,7 @@
{
struct hostapd_data *hapd = ctx;
struct icmpv6_ndmsg *msg;
- struct in6_addr *saddr;
+ struct in6_addr saddr;
struct sta_info *sta;
int res;
char addrtxt[INET6_ADDRSTRLEN + 1];
@@ -113,25 +113,30 @@
if (msg->opt_type != SOURCE_LL_ADDR)
return;
- saddr = &msg->ipv6h.ip6_src;
- if (!(saddr->s6_addr32[0] == 0 && saddr->s6_addr32[1] == 0 &&
- saddr->s6_addr32[2] == 0 && saddr->s6_addr32[3] == 0)) {
+ /*
+ * IPv6 header may not be 32-bit aligned in the buffer, so use
+ * a local copy to avoid unaligned reads.
+ */
+ os_memcpy(&saddr, &msg->ipv6h.ip6_src, sizeof(saddr));
+ if (!(saddr.s6_addr32[0] == 0 && saddr.s6_addr32[1] == 0 &&
+ saddr.s6_addr32[2] == 0 && saddr.s6_addr32[3] == 0)) {
if (len < ETH_HLEN + sizeof(*msg) + ETH_ALEN)
return;
sta = ap_get_sta(hapd, msg->opt_lladdr);
if (!sta)
return;
- if (sta_has_ip6addr(sta, saddr))
+ if (sta_has_ip6addr(sta, &saddr))
return;
- if (inet_ntop(AF_INET6, saddr, addrtxt, sizeof(addrtxt))
- == NULL)
+ if (inet_ntop(AF_INET6, &saddr, addrtxt,
+ sizeof(addrtxt)) == NULL)
addrtxt[0] = '\0';
wpa_printf(MSG_DEBUG, "ndisc_snoop: Learned new IPv6 address %s for "
MACSTR, addrtxt, MAC2STR(sta->addr));
- hostapd_drv_br_delete_ip_neigh(hapd, 6, (u8 *) saddr);
- res = hostapd_drv_br_add_ip_neigh(hapd, 6, (u8 *) saddr,
+ hostapd_drv_br_delete_ip_neigh(hapd, 6, (u8 *) &saddr);
+ res = hostapd_drv_br_add_ip_neigh(hapd, 6,
+ (u8 *) &saddr,
128, sta->addr);
if (res) {
wpa_printf(MSG_ERROR,
@@ -140,7 +145,7 @@
return;
}
- if (sta_ip6addr_add(sta, saddr))
+ if (sta_ip6addr_add(sta, &saddr))
return;
}
break;
diff --git a/src/ap/pmksa_cache_auth.c b/src/ap/pmksa_cache_auth.c
index 877affe..83e4bda 100644
--- a/src/ap/pmksa_cache_auth.c
+++ b/src/ap/pmksa_cache_auth.c
@@ -258,7 +258,7 @@
struct rsn_pmksa_cache_entry *entry, *pos;
struct os_reltime now;
- if (pmk_len > PMK_LEN)
+ if (pmk_len > PMK_LEN_MAX)
return NULL;
if (wpa_key_mgmt_suite_b(akmp) && !kck)
diff --git a/src/ap/pmksa_cache_auth.h b/src/ap/pmksa_cache_auth.h
index 8b7be12..b2da379 100644
--- a/src/ap/pmksa_cache_auth.h
+++ b/src/ap/pmksa_cache_auth.h
@@ -17,7 +17,7 @@
struct rsn_pmksa_cache_entry {
struct rsn_pmksa_cache_entry *next, *hnext;
u8 pmkid[PMKID_LEN];
- u8 pmk[PMK_LEN];
+ u8 pmk[PMK_LEN_MAX];
size_t pmk_len;
os_time_t expiration;
int akmp; /* WPA_KEY_MGMT_* */
diff --git a/src/ap/sta_info.c b/src/ap/sta_info.c
index 20847d5..500beff 100644
--- a/src/ap/sta_info.c
+++ b/src/ap/sta_info.c
@@ -16,6 +16,7 @@
#include "radius/radius.h"
#include "radius/radius_client.h"
#include "p2p/p2p.h"
+#include "fst/fst.h"
#include "hostapd.h"
#include "accounting.h"
#include "ieee802_1x.h"
@@ -171,19 +172,6 @@
!(sta->flags & WLAN_STA_PREAUTH))
hostapd_drv_sta_remove(hapd, sta->addr);
-#ifndef CONFIG_NO_VLAN
- if (sta->vlan_id_bound) {
- /*
- * Need to remove the STA entry before potentially removing the
- * VLAN.
- */
- if (hapd->iface->driver_ap_teardown &&
- !(sta->flags & WLAN_STA_PREAUTH))
- hostapd_drv_sta_remove(hapd, sta->addr);
- vlan_remove_dynamic(hapd, sta->vlan_id_bound);
- }
-#endif /* CONFIG_NO_VLAN */
-
ap_sta_hash_del(hapd, sta);
ap_sta_list_del(hapd, sta);
@@ -273,6 +261,24 @@
radius_client_flush_auth(hapd->radius, sta->addr);
#endif /* CONFIG_NO_RADIUS */
+#ifndef CONFIG_NO_VLAN
+ /*
+ * sta->wpa_sm->group needs to be released before so that
+ * vlan_remove_dynamic() can check that no stations are left on the
+ * AP_VLAN netdev.
+ */
+ if (sta->vlan_id_bound) {
+ /*
+ * Need to remove the STA entry before potentially removing the
+ * VLAN.
+ */
+ if (hapd->iface->driver_ap_teardown &&
+ !(sta->flags & WLAN_STA_PREAUTH))
+ hostapd_drv_sta_remove(hapd, sta->addr);
+ vlan_remove_dynamic(hapd, sta->vlan_id_bound);
+ }
+#endif /* CONFIG_NO_VLAN */
+
os_free(sta->challenge);
#ifdef CONFIG_IEEE80211W
@@ -296,6 +302,9 @@
wpabuf_free(sta->wps_ie);
wpabuf_free(sta->p2p_ie);
wpabuf_free(sta->hs20_ie);
+#ifdef CONFIG_FST
+ wpabuf_free(sta->mb_ies);
+#endif /* CONFIG_FST */
os_free(sta->ht_capabilities);
os_free(sta->vht_capabilities);
@@ -838,41 +847,17 @@
}
iface = vlan->ifname;
- if (vlan_setup_encryption_dyn(hapd, iface) != 0) {
- hostapd_logger(hapd, sta->addr,
- HOSTAPD_MODULE_IEEE80211,
- HOSTAPD_LEVEL_DEBUG, "could not "
- "configure encryption for dynamic VLAN "
- "interface for vlan_id=%d",
- sta->vlan_id);
- }
-
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
HOSTAPD_LEVEL_DEBUG, "added new dynamic VLAN "
"interface '%s'", iface);
- } else if (vlan && vlan->vlan_id == sta->vlan_id) {
- if (vlan->dynamic_vlan > 0) {
- vlan->dynamic_vlan++;
- hostapd_logger(hapd, sta->addr,
- HOSTAPD_MODULE_IEEE80211,
- HOSTAPD_LEVEL_DEBUG, "updated existing "
- "dynamic VLAN interface '%s'", iface);
- }
-
- /*
- * Update encryption configuration for statically generated
- * VLAN interface. This is only used for static WEP
- * configuration for the case where hostapd did not yet know
- * which keys are to be used when the interface was added.
- */
- if (vlan_setup_encryption_dyn(hapd, iface) != 0) {
- hostapd_logger(hapd, sta->addr,
- HOSTAPD_MODULE_IEEE80211,
- HOSTAPD_LEVEL_DEBUG, "could not "
- "configure encryption for VLAN "
- "interface for vlan_id=%d",
- sta->vlan_id);
- }
+ } else if (vlan && vlan->vlan_id == sta->vlan_id &&
+ vlan->dynamic_vlan > 0) {
+ vlan->dynamic_vlan++;
+ hostapd_logger(hapd, sta->addr,
+ HOSTAPD_MODULE_IEEE80211,
+ HOSTAPD_LEVEL_DEBUG,
+ "updated existing dynamic VLAN interface '%s'",
+ iface);
}
/* ref counters have been increased, so mark the station */
@@ -1060,6 +1045,16 @@
wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO,
AP_STA_DISCONNECTED "%s", buf);
}
+
+#ifdef CONFIG_FST
+ if (hapd->iface->fst) {
+ if (authorized)
+ fst_notify_peer_connected(hapd->iface->fst, sta->addr);
+ else
+ fst_notify_peer_disconnected(hapd->iface->fst,
+ sta->addr);
+ }
+#endif /* CONFIG_FST */
}
diff --git a/src/ap/sta_info.h b/src/ap/sta_info.h
index 52a9997..09deac6 100644
--- a/src/ap/sta_info.h
+++ b/src/ap/sta_info.h
@@ -86,6 +86,7 @@
unsigned int hs20_deauth_requested:1;
unsigned int session_timeout_set:1;
unsigned int radius_das_match:1;
+ unsigned int ecsa_supported:1;
u16 auth_alg;
@@ -153,6 +154,9 @@
struct wpabuf *hs20_deauth_req;
char *hs20_session_info_url;
int hs20_disassoc_timer;
+#ifdef CONFIG_FST
+ struct wpabuf *mb_ies; /* MB IEs from (Re)Association Request */
+#endif /* CONFIG_FST */
struct os_reltime connected_time;
@@ -177,7 +181,7 @@
* AP_DISASSOC_DELAY seconds. Similarly, the station will be deauthenticated
* after AP_DEAUTH_DELAY seconds has passed after disassociation. */
#define AP_MAX_INACTIVITY (5 * 60)
-#define AP_DISASSOC_DELAY (1)
+#define AP_DISASSOC_DELAY (3)
#define AP_DEAUTH_DELAY (1)
/* Number of seconds to keep STA entry with Authenticated flag after it has
* been disassociated. */
diff --git a/src/ap/utils.c b/src/ap/utils.c
index d60555a..fcb371b 100644
--- a/src/ap/utils.c
+++ b/src/ap/utils.c
@@ -10,6 +10,7 @@
#include "common.h"
#include "common/ieee802_11_defs.h"
+#include "fst/fst.h"
#include "sta_info.h"
#include "hostapd.h"
@@ -55,6 +56,14 @@
ohapd = iface->bss[j];
if (ohapd == data->hapd)
continue;
+#ifdef CONFIG_FST
+ /* Don't prune STAs belong to same FST */
+ if (ohapd->iface->fst &&
+ data->hapd->iface->fst &&
+ fst_are_ifaces_aggregated(ohapd->iface->fst,
+ data->hapd->iface->fst))
+ continue;
+#endif /* CONFIG_FST */
osta = ap_get_sta(ohapd, data->addr);
if (!osta)
continue;
diff --git a/src/ap/vlan_init.c b/src/ap/vlan_init.c
index fd1c8dd..e3df164 100644
--- a/src/ap/vlan_init.c
+++ b/src/ap/vlan_init.c
@@ -9,9 +9,9 @@
*/
#include "utils/includes.h"
-#ifdef CONFIG_FULL_DYNAMIC_VLAN
#include <net/if.h>
#include <sys/ioctl.h>
+#ifdef CONFIG_FULL_DYNAMIC_VLAN
#include <linux/sockios.h>
#include <linux/if_vlan.h>
#include <linux/if_bridge.h>
@@ -21,6 +21,7 @@
#include "hostapd.h"
#include "ap_config.h"
#include "ap_drv_ops.h"
+#include "wpa_auth.h"
#include "vlan_init.h"
#include "vlan_util.h"
@@ -119,6 +120,8 @@
return clean;
}
+#endif /* CONFIG_FULL_DYNAMIC_VLAN */
+
static int ifconfig_helper(const char *if_name, int up)
{
@@ -167,6 +170,67 @@
}
+static int vlan_if_add(struct hostapd_data *hapd, struct hostapd_vlan *vlan,
+ int existsok)
+{
+ int ret, i;
+
+ for (i = 0; i < NUM_WEP_KEYS; i++) {
+ if (!hapd->conf->ssid.wep.key[i])
+ continue;
+ wpa_printf(MSG_ERROR,
+ "VLAN: Refusing to set up VLAN iface %s with WEP",
+ vlan->ifname);
+ return -1;
+ }
+
+ if (!if_nametoindex(vlan->ifname))
+ ret = hostapd_vlan_if_add(hapd, vlan->ifname);
+ else if (!existsok)
+ return -1;
+ else
+ ret = 0;
+
+ if (ret)
+ return ret;
+
+ ifconfig_up(vlan->ifname); /* else wpa group will fail fatal */
+
+ if (hapd->wpa_auth)
+ ret = wpa_auth_ensure_group(hapd->wpa_auth, vlan->vlan_id);
+
+ if (ret == 0)
+ return ret;
+
+ wpa_printf(MSG_ERROR, "WPA initialization for VLAN %d failed (%d)",
+ vlan->vlan_id, ret);
+ if (wpa_auth_release_group(hapd->wpa_auth, vlan->vlan_id))
+ wpa_printf(MSG_ERROR, "WPA deinit of %s failed", vlan->ifname);
+
+ /* group state machine setup failed */
+ if (hostapd_vlan_if_remove(hapd, vlan->ifname))
+ wpa_printf(MSG_ERROR, "Removal of %s failed", vlan->ifname);
+
+ return ret;
+}
+
+
+static int vlan_if_remove(struct hostapd_data *hapd, struct hostapd_vlan *vlan)
+{
+ int ret;
+
+ ret = wpa_auth_release_group(hapd->wpa_auth, vlan->vlan_id);
+ if (ret)
+ wpa_printf(MSG_ERROR,
+ "WPA deinitialization for VLAN %d failed (%d)",
+ vlan->vlan_id, ret);
+
+ return hostapd_vlan_if_remove(hapd, vlan->ifname);
+}
+
+
+#ifdef CONFIG_FULL_DYNAMIC_VLAN
+
static int ifconfig_down(const char *if_name)
{
wpa_printf(MSG_DEBUG, "VLAN: Set interface %s down", if_name);
@@ -882,48 +946,19 @@
#endif /* CONFIG_FULL_DYNAMIC_VLAN */
-int vlan_setup_encryption_dyn(struct hostapd_data *hapd, const char *dyn_vlan)
-{
- int i;
-
- if (dyn_vlan == NULL)
- return 0;
-
- /* Static WEP keys are set here; IEEE 802.1X and WPA uses their own
- * functions for setting up dynamic broadcast keys. */
- for (i = 0; i < 4; i++) {
- if (hapd->conf->ssid.wep.key[i] &&
- hostapd_drv_set_key(dyn_vlan, hapd, WPA_ALG_WEP, NULL, i,
- i == hapd->conf->ssid.wep.idx, NULL, 0,
- hapd->conf->ssid.wep.key[i],
- hapd->conf->ssid.wep.len[i]))
- {
- wpa_printf(MSG_ERROR, "VLAN: Could not set WEP "
- "encryption for dynamic VLAN");
- return -1;
- }
- }
-
- return 0;
-}
-
-
static int vlan_dynamic_add(struct hostapd_data *hapd,
struct hostapd_vlan *vlan)
{
while (vlan) {
if (vlan->vlan_id != VLAN_ID_WILDCARD) {
- if (hostapd_vlan_if_add(hapd, vlan->ifname)) {
- if (errno != EEXIST) {
- wpa_printf(MSG_ERROR, "VLAN: Could "
- "not add VLAN %s: %s",
- vlan->ifname,
- strerror(errno));
- return -1;
- }
+ if (vlan_if_add(hapd, vlan, 1)) {
+ wpa_printf(MSG_ERROR,
+ "VLAN: Could not add VLAN %s: %s",
+ vlan->ifname, strerror(errno));
+ return -1;
}
#ifdef CONFIG_FULL_DYNAMIC_VLAN
- ifconfig_up(vlan->ifname);
+ vlan_newlink(vlan->ifname, hapd);
#endif /* CONFIG_FULL_DYNAMIC_VLAN */
}
@@ -943,7 +978,7 @@
next = vlan->next;
if (vlan->vlan_id != VLAN_ID_WILDCARD &&
- hostapd_vlan_if_remove(hapd, vlan->ifname)) {
+ vlan_if_remove(hapd, vlan)) {
wpa_printf(MSG_ERROR, "VLAN: Could not remove VLAN "
"iface: %s: %s",
vlan->ifname, strerror(errno));
@@ -1031,19 +1066,17 @@
os_snprintf(n->ifname, sizeof(n->ifname), "%s%d%s", ifname, vlan_id,
pos);
- if (hostapd_vlan_if_add(hapd, n->ifname)) {
+ n->next = hapd->conf->vlan;
+ hapd->conf->vlan = n;
+
+ /* hapd->conf->vlan needs this new VLAN here for WPA setup */
+ if (vlan_if_add(hapd, n, 0)) {
+ hapd->conf->vlan = n->next;
os_free(n);
n = NULL;
goto free_ifname;
}
- n->next = hapd->conf->vlan;
- hapd->conf->vlan = n;
-
-#ifdef CONFIG_FULL_DYNAMIC_VLAN
- ifconfig_up(n->ifname);
-#endif /* CONFIG_FULL_DYNAMIC_VLAN */
-
free_ifname:
os_free(ifname);
return n;
@@ -1073,7 +1106,7 @@
return 1;
if (vlan->dynamic_vlan == 0) {
- hostapd_vlan_if_remove(hapd, vlan->ifname);
+ vlan_if_remove(hapd, vlan);
#ifdef CONFIG_FULL_DYNAMIC_VLAN
vlan_dellink(vlan->ifname, hapd);
#endif /* CONFIG_FULL_DYNAMIC_VLAN */
diff --git a/src/ap/vlan_init.h b/src/ap/vlan_init.h
index fc39443..aeb2dc6 100644
--- a/src/ap/vlan_init.h
+++ b/src/ap/vlan_init.h
@@ -17,8 +17,6 @@
struct hostapd_vlan *vlan,
int vlan_id);
int vlan_remove_dynamic(struct hostapd_data *hapd, int vlan_id);
-int vlan_setup_encryption_dyn(struct hostapd_data *hapd,
- const char *dyn_vlan);
#else /* CONFIG_NO_VLAN */
static inline int vlan_init(struct hostapd_data *hapd)
{
@@ -40,12 +38,6 @@
{
return -1;
}
-
-static inline int vlan_setup_encryption_dyn(struct hostapd_data *hapd,
- const char *dyn_vlan)
-{
- return -1;
-}
#endif /* CONFIG_NO_VLAN */
#endif /* VLAN_INIT_H */
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index f23a57a..c2c5693 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -44,7 +44,8 @@
static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
struct wpa_group *group);
static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce,
- const u8 *pmk, struct wpa_ptk *ptk);
+ const u8 *pmk, unsigned int pmk_len,
+ struct wpa_ptk *ptk);
static void wpa_group_free(struct wpa_authenticator *wpa_auth,
struct wpa_group *group);
static void wpa_group_get(struct wpa_authenticator *wpa_auth,
@@ -827,6 +828,7 @@
struct wpa_ptk PTK;
int ok = 0;
const u8 *pmk = NULL;
+ unsigned int pmk_len;
for (;;) {
if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
@@ -834,10 +836,13 @@
sm->p2p_dev_addr, pmk);
if (pmk == NULL)
break;
- } else
+ pmk_len = PMK_LEN;
+ } else {
pmk = sm->PMK;
+ pmk_len = sm->pmk_len;
+ }
- wpa_derive_ptk(sm, sm->alt_SNonce, pmk, &PTK);
+ wpa_derive_ptk(sm, sm->alt_SNonce, pmk, pmk_len, &PTK);
if (wpa_verify_key_mic(sm->wpa_key_mgmt, &PTK, data, data_len)
== 0) {
@@ -1540,6 +1545,7 @@
else
WPA_PUT_BE16(key->key_data_length,
key_data_len);
+#ifndef CONFIG_NO_RC4
} else if (sm->PTK.kek_len == 16) {
u8 ek[32];
os_memcpy(key->key_iv,
@@ -1555,6 +1561,7 @@
else
WPA_PUT_BE16(key->key_data_length,
key_data_len);
+#endif /* CONFIG_NO_RC4 */
} else {
os_free(hdr);
os_free(buf);
@@ -1669,7 +1676,7 @@
}
-int wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event)
+int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
{
int remove_ptk = 1;
@@ -1757,6 +1764,14 @@
wpa_remove_ptk(sm);
}
+ if (sm->in_step_loop) {
+ /*
+ * wpa_sm_step() is already running - avoid recursive call to
+ * it by making the existing loop process the new update.
+ */
+ sm->changed = TRUE;
+ return 0;
+ }
return wpa_sm_step(sm);
}
@@ -1841,9 +1856,13 @@
group->reject_4way_hs_for_entropy = FALSE;
}
- wpa_group_init_gmk_and_counter(wpa_auth, group);
- wpa_gtk_update(wpa_auth, group);
- wpa_group_config_group_keys(wpa_auth, group);
+ if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0 ||
+ wpa_gtk_update(wpa_auth, group) < 0 ||
+ wpa_group_config_group_keys(wpa_auth, group) < 0) {
+ wpa_printf(MSG_INFO, "WPA: GMK/GTK setup failed");
+ group->first_sta_seen = FALSE;
+ group->reject_4way_hs_for_entropy = TRUE;
+ }
}
@@ -1890,11 +1909,27 @@
#endif /* CONFIG_IEEE80211R */
if (sm->pmksa) {
wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache");
- os_memcpy(sm->PMK, sm->pmksa->pmk, PMK_LEN);
+ os_memcpy(sm->PMK, sm->pmksa->pmk, sm->pmksa->pmk_len);
+ sm->pmk_len = sm->pmksa->pmk_len;
} else if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) {
+ unsigned int pmk_len;
+
+ if (sm->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
+ pmk_len = PMK_LEN_SUITE_B_192;
+ else
+ pmk_len = PMK_LEN;
wpa_printf(MSG_DEBUG, "WPA: PMK from EAPOL state machine "
- "(len=%lu)", (unsigned long) len);
- os_memcpy(sm->PMK, msk, PMK_LEN);
+ "(MSK len=%lu PMK len=%u)", (unsigned long) len,
+ pmk_len);
+ if (len < pmk_len) {
+ wpa_printf(MSG_DEBUG,
+ "WPA: MSK not long enough (%u) to create PMK (%u)",
+ (unsigned int) len, (unsigned int) pmk_len);
+ sm->Disconnect = TRUE;
+ return;
+ }
+ os_memcpy(sm->PMK, msk, pmk_len);
+ sm->pmk_len = pmk_len;
#ifdef CONFIG_IEEE80211R
if (len >= 2 * PMK_LEN) {
os_memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN);
@@ -1929,6 +1964,7 @@
psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, sm->p2p_dev_addr, NULL);
if (psk) {
os_memcpy(sm->PMK, psk, PMK_LEN);
+ sm->pmk_len = PMK_LEN;
#ifdef CONFIG_IEEE80211R
os_memcpy(sm->xxkey, psk, PMK_LEN);
sm->xxkey_len = PMK_LEN;
@@ -1980,7 +2016,7 @@
* Calculate PMKID since no PMKSA cache entry was
* available with pre-calculated PMKID.
*/
- rsn_pmkid(sm->PMK, PMK_LEN, sm->wpa_auth->addr,
+ rsn_pmkid(sm->PMK, sm->pmk_len, sm->wpa_auth->addr,
sm->addr, &pmkid[2 + RSN_SELECTOR_LEN],
wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
}
@@ -1992,14 +2028,15 @@
static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce,
- const u8 *pmk, struct wpa_ptk *ptk)
+ const u8 *pmk, unsigned int pmk_len,
+ struct wpa_ptk *ptk)
{
#ifdef CONFIG_IEEE80211R
if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
return wpa_auth_derive_ptk_ft(sm, pmk, ptk);
#endif /* CONFIG_IEEE80211R */
- return wpa_pmk_to_ptk(pmk, PMK_LEN, "Pairwise key expansion",
+ return wpa_pmk_to_ptk(pmk, pmk_len, "Pairwise key expansion",
sm->wpa_auth->addr, sm->addr, sm->ANonce, snonce,
ptk, sm->wpa_key_mgmt, sm->pairwise);
}
@@ -2010,6 +2047,7 @@
struct wpa_ptk PTK;
int ok = 0, psk_found = 0;
const u8 *pmk = NULL;
+ unsigned int pmk_len;
SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk);
sm->EAPOLKeyReceived = FALSE;
@@ -2025,10 +2063,13 @@
if (pmk == NULL)
break;
psk_found = 1;
- } else
+ pmk_len = PMK_LEN;
+ } else {
pmk = sm->PMK;
+ pmk_len = sm->pmk_len;
+ }
- wpa_derive_ptk(sm, sm->SNonce, pmk, &PTK);
+ wpa_derive_ptk(sm, sm->SNonce, pmk, pmk_len, &PTK);
if (wpa_verify_key_mic(sm->wpa_key_mgmt, &PTK,
sm->last_rx_eapol_key,
@@ -2078,6 +2119,7 @@
* state machine data based on whatever PSK was selected here.
*/
os_memcpy(sm->PMK, pmk, PMK_LEN);
+ sm->pmk_len = PMK_LEN;
}
sm->MICVerified = TRUE;
@@ -3229,13 +3271,21 @@
int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
+ unsigned int pmk_len,
int session_timeout, struct eapol_state_machine *eapol)
{
if (sm == NULL || sm->wpa != WPA_VERSION_WPA2 ||
sm->wpa_auth->conf.disable_pmksa_caching)
return -1;
- if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, PMK_LEN,
+ if (sm->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
+ if (pmk_len > PMK_LEN_SUITE_B_192)
+ pmk_len = PMK_LEN_SUITE_B_192;
+ } else if (pmk_len > PMK_LEN) {
+ pmk_len = PMK_LEN;
+ }
+
+ if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, pmk_len,
sm->PTK.kck, sm->PTK.kck_len,
sm->wpa_auth->addr, sm->addr, session_timeout,
eapol, sm->wpa_key_mgmt))
@@ -3374,6 +3424,98 @@
}
+/*
+ * Enforce that the group state machine for the VLAN is running, increase
+ * reference counter as interface is up. References might have been increased
+ * even if a negative value is returned.
+ * Returns: -1 on error (group missing, group already failed); otherwise, 0
+ */
+int wpa_auth_ensure_group(struct wpa_authenticator *wpa_auth, int vlan_id)
+{
+ struct wpa_group *group;
+
+ if (wpa_auth == NULL)
+ return 0;
+
+ group = wpa_auth->group;
+ while (group) {
+ if (group->vlan_id == vlan_id)
+ break;
+ group = group->next;
+ }
+
+ if (group == NULL) {
+ group = wpa_auth_add_group(wpa_auth, vlan_id);
+ if (group == NULL)
+ return -1;
+ }
+
+ wpa_printf(MSG_DEBUG,
+ "WPA: Ensure group state machine running for VLAN ID %d",
+ vlan_id);
+
+ wpa_group_get(wpa_auth, group);
+ group->num_setup_iface++;
+
+ if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
+ return -1;
+
+ return 0;
+}
+
+
+/*
+ * Decrease reference counter, expected to be zero afterwards.
+ * returns: -1 on error (group not found, group in fail state)
+ * -2 if wpa_group is still referenced
+ * 0 else
+ */
+int wpa_auth_release_group(struct wpa_authenticator *wpa_auth, int vlan_id)
+{
+ struct wpa_group *group;
+ int ret = 0;
+
+ if (wpa_auth == NULL)
+ return 0;
+
+ group = wpa_auth->group;
+ while (group) {
+ if (group->vlan_id == vlan_id)
+ break;
+ group = group->next;
+ }
+
+ if (group == NULL)
+ return -1;
+
+ wpa_printf(MSG_DEBUG,
+ "WPA: Try stopping group state machine for VLAN ID %d",
+ vlan_id);
+
+ if (group->num_setup_iface <= 0) {
+ wpa_printf(MSG_ERROR,
+ "WPA: wpa_auth_release_group called more often than wpa_auth_ensure_group for VLAN ID %d, skipping.",
+ vlan_id);
+ return -1;
+ }
+ group->num_setup_iface--;
+
+ if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
+ ret = -1;
+
+ if (group->references > 1) {
+ wpa_printf(MSG_DEBUG,
+ "WPA: Cannot stop group state machine for VLAN ID %d as references are still hold",
+ vlan_id);
+ ret = -2;
+ }
+
+ wpa_group_put(wpa_auth, group);
+
+ return ret;
+}
+
+
int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id)
{
struct wpa_group *group;
diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index e747806..75b73f0 100644
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -1,6 +1,6 @@
/*
* hostapd - IEEE 802.11i-2004 / WPA Authenticator
- * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -14,6 +14,8 @@
#include "common/wpa_common.h"
#include "common/ieee802_11_defs.h"
+#define MAX_OWN_IE_OVERRIDE 256
+
#ifdef _MSC_VER
#pragma pack(push, 1)
#endif /* _MSC_VER */
@@ -164,6 +166,8 @@
int ap_mlme;
#ifdef CONFIG_TESTING_OPTIONS
double corrupt_gtk_rekey_mic_probability;
+ u8 own_ie_override[MAX_OWN_IE_OVERRIDE];
+ size_t own_ie_override_len;
#endif /* CONFIG_TESTING_OPTIONS */
#ifdef CONFIG_P2P
u8 ip_addr_go[4];
@@ -252,12 +256,12 @@
void wpa_receive(struct wpa_authenticator *wpa_auth,
struct wpa_state_machine *sm,
u8 *data, size_t data_len);
-typedef enum {
+enum wpa_event {
WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
WPA_REAUTH_EAPOL, WPA_ASSOC_FT
-} wpa_event;
+};
void wpa_remove_ptk(struct wpa_state_machine *sm);
-int wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event);
+int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event);
void wpa_auth_sm_notify(struct wpa_state_machine *sm);
void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth);
int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen);
@@ -275,6 +279,7 @@
const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth,
size_t *len);
int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
+ unsigned int pmk_len,
int session_timeout, struct eapol_state_machine *eapol);
int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
const u8 *pmk, size_t len, const u8 *sta_addr,
@@ -321,4 +326,7 @@
struct radius_das_attrs *attr);
void wpa_auth_reconfig_group_keys(struct wpa_authenticator *wpa_auth);
+int wpa_auth_ensure_group(struct wpa_authenticator *wpa_auth, int vlan_id);
+int wpa_auth_release_group(struct wpa_authenticator *wpa_auth, int vlan_id);
+
#endif /* WPA_AUTH_H */
diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index 7cd0b6c..ffd0790 100644
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -92,6 +92,13 @@
#ifdef CONFIG_TESTING_OPTIONS
wconf->corrupt_gtk_rekey_mic_probability =
iconf->corrupt_gtk_rekey_mic_probability;
+ if (conf->own_ie_override &&
+ wpabuf_len(conf->own_ie_override) <= MAX_OWN_IE_OVERRIDE) {
+ wconf->own_ie_override_len = wpabuf_len(conf->own_ie_override);
+ os_memcpy(wconf->own_ie_override,
+ wpabuf_head(conf->own_ie_override),
+ wconf->own_ie_override_len);
+ }
#endif /* CONFIG_TESTING_OPTIONS */
#ifdef CONFIG_P2P
os_memcpy(wconf->ip_addr_go, conf->ip_addr_go, 4);
@@ -630,7 +637,8 @@
}
#ifdef CONFIG_IEEE80211R
- if (!hostapd_drv_none(hapd)) {
+ if (!hostapd_drv_none(hapd) && hapd->conf->ft_over_ds &&
+ wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt)) {
hapd->l2 = l2_packet_init(hapd->conf->bridge[0] ?
hapd->conf->bridge :
hapd->conf->iface, NULL, ETH_P_RRB,
@@ -666,13 +674,14 @@
wpa_deinit(hapd->wpa_auth);
hapd->wpa_auth = NULL;
- if (hostapd_set_privacy(hapd, 0)) {
+ if (hapd->drv_priv && hostapd_set_privacy(hapd, 0)) {
wpa_printf(MSG_DEBUG, "Could not disable "
"PrivacyInvoked for interface %s",
hapd->conf->iface);
}
- if (hostapd_set_generic_elem(hapd, (u8 *) "", 0)) {
+ if (hapd->drv_priv &&
+ hostapd_set_generic_elem(hapd, (u8 *) "", 0)) {
wpa_printf(MSG_DEBUG, "Could not remove generic "
"information element from interface %s",
hapd->conf->iface);
diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
index 57b098f..72b7eb3 100644
--- a/src/ap/wpa_auth_i.h
+++ b/src/ap/wpa_auth_i.h
@@ -60,7 +60,8 @@
u8 SNonce[WPA_NONCE_LEN];
u8 alt_SNonce[WPA_NONCE_LEN];
u8 alt_replay_counter[WPA_REPLAY_COUNTER_LEN];
- u8 PMK[PMK_LEN];
+ u8 PMK[PMK_LEN_MAX];
+ unsigned int pmk_len;
struct wpa_ptk PTK;
Boolean PTK_valid;
Boolean pairwise_set;
@@ -171,6 +172,7 @@
#endif /* CONFIG_IEEE80211W */
/* Number of references except those in struct wpa_group->next */
unsigned int references;
+ unsigned int num_setup_iface;
};
diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c
index f287297..52ccac3 100644
--- a/src/ap/wpa_auth_ie.c
+++ b/src/ap/wpa_auth_ie.c
@@ -251,7 +251,7 @@
pos += 2;
if (pmkid) {
- if (pos + 2 + PMKID_LEN > buf + len)
+ if (2 + PMKID_LEN > buf + len - pos)
return -1;
/* PMKID Count */
WPA_PUT_LE16(pos, 1);
@@ -261,8 +261,9 @@
}
#ifdef CONFIG_IEEE80211W
- if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
- if (pos + 2 + 4 > buf + len)
+ if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION &&
+ conf->group_mgmt_cipher != WPA_CIPHER_AES_128_CMAC) {
+ if (2 + 4 > buf + len - pos)
return -1;
if (pmkid == NULL) {
/* PMKID Count */
@@ -377,6 +378,23 @@
u8 *pos, buf[128];
int res;
+#ifdef CONFIG_TESTING_OPTIONS
+ if (wpa_auth->conf.own_ie_override_len) {
+ wpa_hexdump(MSG_DEBUG, "WPA: Forced own IE(s) for testing",
+ wpa_auth->conf.own_ie_override,
+ wpa_auth->conf.own_ie_override_len);
+ os_free(wpa_auth->wpa_ie);
+ wpa_auth->wpa_ie =
+ os_malloc(wpa_auth->conf.own_ie_override_len);
+ if (wpa_auth->wpa_ie == NULL)
+ return -1;
+ os_memcpy(wpa_auth->wpa_ie, wpa_auth->conf.own_ie_override,
+ wpa_auth->conf.own_ie_override_len);
+ wpa_auth->wpa_ie_len = wpa_auth->conf.own_ie_override_len;
+ return 0;
+ }
+#endif /* CONFIG_TESTING_OPTIONS */
+
pos = buf;
if (wpa_auth->conf.wpa == WPA_PROTO_OSEN) {
@@ -773,7 +791,7 @@
return 0;
}
- if (pos + 1 + RSN_SELECTOR_LEN < end &&
+ if (1 + RSN_SELECTOR_LEN < end - pos &&
pos[1] >= RSN_SELECTOR_LEN + PMKID_LEN &&
RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_PMKID) {
ie->pmkid = pos + 2 + RSN_SELECTOR_LEN;
@@ -869,13 +887,13 @@
int ret = 0;
os_memset(ie, 0, sizeof(*ie));
- for (pos = buf, end = pos + len; pos + 1 < end; pos += 2 + pos[1]) {
+ for (pos = buf, end = pos + len; end - pos > 1; pos += 2 + pos[1]) {
if (pos[0] == 0xdd &&
((pos == buf + len - 1) || pos[1] == 0)) {
/* Ignore padding */
break;
}
- if (pos + 2 + pos[1] > end) {
+ if (2 + pos[1] > end - pos) {
wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key Key Data "
"underflow (ie=%d len=%d pos=%d)",
pos[0], pos[1], (int) (pos - buf));
diff --git a/src/ap/wps_hostapd.c b/src/ap/wps_hostapd.c
index caed01e..66a43eb 100644
--- a/src/ap/wps_hostapd.c
+++ b/src/ap/wps_hostapd.c
@@ -452,6 +452,11 @@
os_free(hapd->wps->network_key);
hapd->wps->network_key = NULL;
hapd->wps->network_key_len = 0;
+ } else if ((cred->auth_type & (WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK)) &&
+ (cred->key_len < 8 || cred->key_len > 2 * PMK_LEN)) {
+ wpa_printf(MSG_INFO, "WPS: Invalid key length %lu for WPA/WPA2",
+ (unsigned long) cred->key_len);
+ return -1;
} else {
if (hapd->wps->network_key == NULL ||
hapd->wps->network_key_len < cred->key_len) {
@@ -867,7 +872,8 @@
hapd->wps_probe_resp_ie = NULL;
if (deinit_only) {
- hostapd_reset_ap_wps_ie(hapd);
+ if (hapd->drv_priv)
+ hostapd_reset_ap_wps_ie(hapd);
return;
}
@@ -1299,30 +1305,53 @@
}
+struct wps_button_pushed_ctx {
+ const u8 *p2p_dev_addr;
+ unsigned int count;
+};
+
static int wps_button_pushed(struct hostapd_data *hapd, void *ctx)
{
- const u8 *p2p_dev_addr = ctx;
- if (hapd->wps == NULL)
- return -1;
- return wps_registrar_button_pushed(hapd->wps->registrar, p2p_dev_addr);
+ struct wps_button_pushed_ctx *data = ctx;
+
+ if (hapd->wps) {
+ data->count++;
+ return wps_registrar_button_pushed(hapd->wps->registrar,
+ data->p2p_dev_addr);
+ }
+
+ return 0;
}
int hostapd_wps_button_pushed(struct hostapd_data *hapd,
const u8 *p2p_dev_addr)
{
- return hostapd_wps_for_each(hapd, wps_button_pushed,
- (void *) p2p_dev_addr);
+ struct wps_button_pushed_ctx ctx;
+ int ret;
+
+ os_memset(&ctx, 0, sizeof(ctx));
+ ctx.p2p_dev_addr = p2p_dev_addr;
+ ret = hostapd_wps_for_each(hapd, wps_button_pushed, &ctx);
+ if (ret == 0 && !ctx.count)
+ ret = -1;
+ return ret;
}
+struct wps_cancel_ctx {
+ unsigned int count;
+};
+
static int wps_cancel(struct hostapd_data *hapd, void *ctx)
{
- if (hapd->wps == NULL)
- return -1;
+ struct wps_cancel_ctx *data = ctx;
- wps_registrar_wps_cancel(hapd->wps->registrar);
- ap_for_each_sta(hapd, ap_sta_wps_cancel, NULL);
+ if (hapd->wps) {
+ data->count++;
+ wps_registrar_wps_cancel(hapd->wps->registrar);
+ ap_for_each_sta(hapd, ap_sta_wps_cancel, NULL);
+ }
return 0;
}
@@ -1330,7 +1359,14 @@
int hostapd_wps_cancel(struct hostapd_data *hapd)
{
- return hostapd_wps_for_each(hapd, wps_cancel, NULL);
+ struct wps_cancel_ctx ctx;
+ int ret;
+
+ os_memset(&ctx, 0, sizeof(ctx));
+ ret = hostapd_wps_for_each(hapd, wps_cancel, &ctx);
+ if (ret == 0 && !ctx.count)
+ ret = -1;
+ return ret;
}
@@ -1560,6 +1596,10 @@
static int wps_ap_pin_set(struct hostapd_data *hapd, void *ctx)
{
struct wps_ap_pin_data *data = ctx;
+
+ if (!hapd->wps)
+ return 0;
+
os_free(hapd->conf->ap_pin);
hapd->conf->ap_pin = os_strdup(data->pin_txt);
#ifdef CONFIG_WPS_UPNP
diff --git a/src/common/defs.h b/src/common/defs.h
index eb080ea..6aea375 100644
--- a/src/common/defs.h
+++ b/src/common/defs.h
@@ -174,7 +174,7 @@
/**
* WPA_INTERFACE_DISABLED - Interface disabled
*
- * This stat eis entered if the network interface is disabled, e.g.,
+ * This state is entered if the network interface is disabled, e.g.,
* due to rfkill. wpa_supplicant refuses any new operations that would
* use the radio until the interface has been enabled.
*/
diff --git a/src/common/hw_features_common.c b/src/common/hw_features_common.c
index e589a1a..9c37ea6 100644
--- a/src/common/hw_features_common.c
+++ b/src/common/hw_features_common.c
@@ -272,10 +272,8 @@
int affected_start, affected_end;
size_t i;
- if (!mode || !scan_res || !pri_chan || !sec_chan)
- return 0;
-
- if (pri_chan == sec_chan)
+ if (!mode || !scan_res || !pri_chan || !sec_chan ||
+ pri_chan == sec_chan)
return 0;
pri_freq = hw_get_freq(mode, pri_chan);
diff --git a/src/common/ieee802_11_common.c b/src/common/ieee802_11_common.c
index 5385faf..8dee883 100644
--- a/src/common/ieee802_11_common.c
+++ b/src/common/ieee802_11_common.c
@@ -11,6 +11,7 @@
#include "common.h"
#include "defs.h"
#include "wpa_common.h"
+#include "qca-vendor.h"
#include "ieee802_11_defs.h"
#include "ieee802_11_common.h"
@@ -147,6 +148,20 @@
}
break;
+ case OUI_QCA:
+ switch (pos[3]) {
+ case QCA_VENDOR_ELEM_P2P_PREF_CHAN_LIST:
+ elems->pref_freq_list = pos;
+ elems->pref_freq_list_len = elen;
+ break;
+ default:
+ wpa_printf(MSG_EXCESSIVE,
+ "Unknown QCA information element ignored (type=%d len=%lu)",
+ pos[3], (unsigned long) elen);
+ return -1;
+ }
+ break;
+
default:
wpa_printf(MSG_EXCESSIVE, "unknown vendor specific "
"information element ignored (vendor OUI "
@@ -339,6 +354,18 @@
/* after mic everything is encrypted, so stop. */
left = elen;
break;
+ case WLAN_EID_MULTI_BAND:
+ if (elems->mb_ies.nof_ies >= MAX_NOF_MB_IES_SUPPORTED) {
+ wpa_printf(MSG_MSGDUMP,
+ "IEEE 802.11 element parse ignored MB IE (id=%d elen=%d)",
+ id, elen);
+ break;
+ }
+
+ elems->mb_ies.ies[elems->mb_ies.nof_ies].ie = pos;
+ elems->mb_ies.ies[elems->mb_ies.nof_ies].ie_len = elen;
+ elems->mb_ies.nof_ies++;
+ break;
default:
unknown++;
if (!show_errors)
@@ -371,8 +398,8 @@
pos = ies;
end = ies + ies_len;
- while (pos + 2 <= end) {
- if (pos + 2 + pos[1] > end)
+ while (end - pos >= 2) {
+ if (2 + pos[1] > end - pos)
break;
count++;
pos += 2 + pos[1];
@@ -392,8 +419,8 @@
end = ies + ies_len;
ie = NULL;
- while (pos + 1 < end) {
- if (pos + 2 + pos[1] > end)
+ while (end - pos > 1) {
+ if (2 + pos[1] > end - pos)
return NULL;
if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 &&
WPA_GET_BE32(&pos[2]) == oui_type) {
@@ -414,8 +441,8 @@
* There may be multiple vendor IEs in the message, so need to
* concatenate their data fields.
*/
- while (pos + 1 < end) {
- if (pos + 2 + pos[1] > end)
+ while (end - pos > 1) {
+ if (2 + pos[1] > end - pos)
break;
if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 &&
WPA_GET_BE32(&pos[2]) == oui_type)
@@ -541,26 +568,166 @@
enum hostapd_hw_mode ieee80211_freq_to_chan(int freq, u8 *channel)
{
- enum hostapd_hw_mode mode = NUM_HOSTAPD_MODES;
+ u8 op_class;
+
+ return ieee80211_freq_to_channel_ext(freq, 0, VHT_CHANWIDTH_USE_HT,
+ &op_class, channel);
+}
+
+
+/**
+ * ieee80211_freq_to_channel_ext - Convert frequency into channel info
+ * for HT40 and VHT. DFS channels are not covered.
+ * @freq: Frequency (MHz) to convert
+ * @sec_channel: 0 = non-HT40, 1 = sec. channel above, -1 = sec. channel below
+ * @vht: VHT channel width (VHT_CHANWIDTH_*)
+ * @op_class: Buffer for returning operating class
+ * @channel: Buffer for returning channel number
+ * Returns: hw_mode on success, NUM_HOSTAPD_MODES on failure
+ */
+enum hostapd_hw_mode ieee80211_freq_to_channel_ext(unsigned int freq,
+ int sec_channel, int vht,
+ u8 *op_class, u8 *channel)
+{
+ u8 vht_opclass;
+
+ /* TODO: more operating classes */
+
+ if (sec_channel > 1 || sec_channel < -1)
+ return NUM_HOSTAPD_MODES;
if (freq >= 2412 && freq <= 2472) {
- mode = HOSTAPD_MODE_IEEE80211G;
+ if ((freq - 2407) % 5)
+ return NUM_HOSTAPD_MODES;
+
+ if (vht)
+ return NUM_HOSTAPD_MODES;
+
+ /* 2.407 GHz, channels 1..13 */
+ if (sec_channel == 1)
+ *op_class = 83;
+ else if (sec_channel == -1)
+ *op_class = 84;
+ else
+ *op_class = 81;
+
*channel = (freq - 2407) / 5;
- } else if (freq == 2484) {
- mode = HOSTAPD_MODE_IEEE80211B;
- *channel = 14;
- } else if (freq >= 4900 && freq < 5000) {
- mode = HOSTAPD_MODE_IEEE80211A;
- *channel = (freq - 4000) / 5;
- } else if (freq >= 5000 && freq < 5900) {
- mode = HOSTAPD_MODE_IEEE80211A;
- *channel = (freq - 5000) / 5;
- } else if (freq >= 56160 + 2160 * 1 && freq <= 56160 + 2160 * 4) {
- mode = HOSTAPD_MODE_IEEE80211AD;
- *channel = (freq - 56160) / 2160;
+
+ return HOSTAPD_MODE_IEEE80211G;
}
- return mode;
+ if (freq == 2484) {
+ if (sec_channel || vht)
+ return NUM_HOSTAPD_MODES;
+
+ *op_class = 82; /* channel 14 */
+ *channel = 14;
+
+ return HOSTAPD_MODE_IEEE80211B;
+ }
+
+ if (freq >= 4900 && freq < 5000) {
+ if ((freq - 4000) % 5)
+ return NUM_HOSTAPD_MODES;
+ *channel = (freq - 4000) / 5;
+ *op_class = 0; /* TODO */
+ return HOSTAPD_MODE_IEEE80211A;
+ }
+
+ switch (vht) {
+ case VHT_CHANWIDTH_80MHZ:
+ vht_opclass = 128;
+ break;
+ case VHT_CHANWIDTH_160MHZ:
+ vht_opclass = 129;
+ break;
+ case VHT_CHANWIDTH_80P80MHZ:
+ vht_opclass = 130;
+ break;
+ default:
+ vht_opclass = 0;
+ break;
+ }
+
+ /* 5 GHz, channels 36..48 */
+ if (freq >= 5180 && freq <= 5240) {
+ if ((freq - 5000) % 5)
+ return NUM_HOSTAPD_MODES;
+
+ if (vht_opclass)
+ *op_class = vht_opclass;
+ else if (sec_channel == 1)
+ *op_class = 116;
+ else if (sec_channel == -1)
+ *op_class = 117;
+ else
+ *op_class = 115;
+
+ *channel = (freq - 5000) / 5;
+
+ return HOSTAPD_MODE_IEEE80211A;
+ }
+
+ /* 5 GHz, channels 149..169 */
+ if (freq >= 5745 && freq <= 5845) {
+ if ((freq - 5000) % 5)
+ return NUM_HOSTAPD_MODES;
+
+ if (vht_opclass)
+ *op_class = vht_opclass;
+ else if (sec_channel == 1)
+ *op_class = 126;
+ else if (sec_channel == -1)
+ *op_class = 127;
+ else if (freq <= 5805)
+ *op_class = 124;
+ else
+ *op_class = 125;
+
+ *channel = (freq - 5000) / 5;
+
+ return HOSTAPD_MODE_IEEE80211A;
+ }
+
+ /* 5 GHz, channels 100..140 */
+ if (freq >= 5000 && freq <= 5700) {
+ if ((freq - 5000) % 5)
+ return NUM_HOSTAPD_MODES;
+
+ if (vht_opclass)
+ *op_class = vht_opclass;
+ else if (sec_channel == 1)
+ *op_class = 122;
+ else if (sec_channel == -1)
+ *op_class = 123;
+ else
+ *op_class = 121;
+
+ *channel = (freq - 5000) / 5;
+
+ return HOSTAPD_MODE_IEEE80211A;
+ }
+
+ if (freq >= 5000 && freq < 5900) {
+ if ((freq - 5000) % 5)
+ return NUM_HOSTAPD_MODES;
+ *channel = (freq - 5000) / 5;
+ *op_class = 0; /* TODO */
+ return HOSTAPD_MODE_IEEE80211A;
+ }
+
+ /* 56.16 GHz, channel 1..4 */
+ if (freq >= 56160 + 2160 * 1 && freq <= 56160 + 2160 * 4) {
+ if (sec_channel || vht)
+ return NUM_HOSTAPD_MODES;
+
+ *channel = (freq - 56160) / 2160;
+ *op_class = 180;
+
+ return HOSTAPD_MODE_IEEE80211AD;
+ }
+
+ return NUM_HOSTAPD_MODES;
}
@@ -946,3 +1113,62 @@
return "WLAN_FC_TYPE_UNKNOWN";
#undef C2S
}
+
+
+int mb_ies_info_by_ies(struct mb_ies_info *info, const u8 *ies_buf,
+ size_t ies_len)
+{
+ os_memset(info, 0, sizeof(*info));
+
+ while (ies_buf && ies_len >= 2 &&
+ info->nof_ies < MAX_NOF_MB_IES_SUPPORTED) {
+ size_t len = 2 + ies_buf[1];
+
+ if (len > ies_len) {
+ wpa_hexdump(MSG_DEBUG, "Truncated IEs",
+ ies_buf, ies_len);
+ return -1;
+ }
+
+ if (ies_buf[0] == WLAN_EID_MULTI_BAND) {
+ wpa_printf(MSG_DEBUG, "MB IE of %zu bytes found", len);
+ info->ies[info->nof_ies].ie = ies_buf + 2;
+ info->ies[info->nof_ies].ie_len = ies_buf[1];
+ info->nof_ies++;
+ }
+
+ ies_len -= len;
+ ies_buf += len;
+ }
+
+ return 0;
+}
+
+
+struct wpabuf * mb_ies_by_info(struct mb_ies_info *info)
+{
+ struct wpabuf *mb_ies = NULL;
+
+ WPA_ASSERT(info != NULL);
+
+ if (info->nof_ies) {
+ u8 i;
+ size_t mb_ies_size = 0;
+
+ for (i = 0; i < info->nof_ies; i++)
+ mb_ies_size += 2 + info->ies[i].ie_len;
+
+ mb_ies = wpabuf_alloc(mb_ies_size);
+ if (mb_ies) {
+ for (i = 0; i < info->nof_ies; i++) {
+ wpabuf_put_u8(mb_ies, WLAN_EID_MULTI_BAND);
+ wpabuf_put_u8(mb_ies, info->ies[i].ie_len);
+ wpabuf_put_data(mb_ies,
+ info->ies[i].ie,
+ info->ies[i].ie_len);
+ }
+ }
+ }
+
+ return mb_ies;
+}
diff --git a/src/common/ieee802_11_common.h b/src/common/ieee802_11_common.h
index c84d8a7..55ce022 100644
--- a/src/common/ieee802_11_common.h
+++ b/src/common/ieee802_11_common.h
@@ -9,6 +9,16 @@
#ifndef IEEE802_11_COMMON_H
#define IEEE802_11_COMMON_H
+#define MAX_NOF_MB_IES_SUPPORTED 5
+
+struct mb_ies_info {
+ struct {
+ const u8 *ie;
+ u8 ie_len;
+ } ies[MAX_NOF_MB_IES_SUPPORTED];
+ u8 nof_ies;
+};
+
/* Parsed Information Elements */
struct ieee802_11_elems {
const u8 *ssid;
@@ -48,6 +58,7 @@
const u8 *osen;
const u8 *ampe;
const u8 *mic;
+ const u8 *pref_freq_list;
u8 ssid_len;
u8 supp_rates_len;
@@ -76,6 +87,8 @@
u8 osen_len;
u8 ampe_len;
u8 mic_len;
+ u8 pref_freq_list_len;
+ struct mb_ies_info mb_ies;
};
typedef enum { ParseOK = 0, ParseUnknown = 1, ParseFailed = -1 } ParseRes;
@@ -101,9 +114,15 @@
const char *name, const char *val);
enum hostapd_hw_mode ieee80211_freq_to_chan(int freq, u8 *channel);
int ieee80211_chan_to_freq(const char *country, u8 op_class, u8 chan);
+enum hostapd_hw_mode ieee80211_freq_to_channel_ext(unsigned int freq,
+ int sec_channel, int vht,
+ u8 *op_class, u8 *channel);
int ieee80211_is_dfs(int freq);
int supp_rates_11b_only(struct ieee802_11_elems *elems);
+int mb_ies_info_by_ies(struct mb_ies_info *info, const u8 *ies_buf,
+ size_t ies_len);
+struct wpabuf * mb_ies_by_info(struct mb_ies_info *info);
const char * fc2str(u16 fc);
#endif /* IEEE802_11_COMMON_H */
diff --git a/src/common/ieee802_11_defs.h b/src/common/ieee802_11_defs.h
index 47b15de..5b8d130 100644
--- a/src/common/ieee802_11_defs.h
+++ b/src/common/ieee802_11_defs.h
@@ -165,7 +165,10 @@
#define WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ 76
#define WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED 77
#define WLAN_STATUS_TRANSMISSION_FAILURE 79
+#define WLAN_STATUS_REJECTED_WITH_SUGGESTED_BSS_TRANSITION 82
+#define WLAN_STATUS_PENDING_ADMITTING_FST_SESSION 86
#define WLAN_STATUS_QUERY_RESP_OUTSTANDING 95
+#define WLAN_STATUS_DENIED_WITH_SUGGESTED_BAND_AND_CHANNEL 99
#define WLAN_STATUS_ASSOC_DENIED_NO_VHT 104
/* Reason codes (IEEE 802.11-2007, 7.3.1.7, Table 7-22) */
@@ -244,6 +247,7 @@
#define WLAN_EID_TIMEOUT_INTERVAL 56
#define WLAN_EID_RIC_DATA 57
#define WLAN_EID_SUPPORTED_OPERATING_CLASSES 59
+#define WLAN_EID_EXT_CHANSWITCH_ANN 60
#define WLAN_EID_HT_OPERATION 61
#define WLAN_EID_SECONDARY_CHANNEL_OFFSET 62
#define WLAN_EID_WAPI 68
@@ -271,6 +275,8 @@
#define WLAN_EID_AMPE 139
#define WLAN_EID_MIC 140
#define WLAN_EID_CCKM 156
+#define WLAN_EID_MULTI_BAND 158
+#define WLAN_EID_SESSION_TRANSITION 164
#define WLAN_EID_VHT_CAP 191
#define WLAN_EID_VHT_OPERATION 192
#define WLAN_EID_VHT_EXTENDED_BSS_LOAD 193
@@ -299,6 +305,7 @@
#define WLAN_ACTION_TDLS 12
#define WLAN_ACTION_SELF_PROTECTED 15
#define WLAN_ACTION_WMM 17 /* WMM Specification 1.1 */
+#define WLAN_ACTION_FST 18
#define WLAN_ACTION_VENDOR_SPECIFIC 127
/* Public action codes */
@@ -401,7 +408,12 @@
ANQP_AP_LOCATION_PUBLIC_URI = 267,
ANQP_DOMAIN_NAME = 268,
ANQP_EMERGENCY_ALERT_URI = 269,
+ ANQP_TDLS_CAPABILITY = 270,
ANQP_EMERGENCY_NAI = 271,
+ ANQP_NEIGHBOR_REPORT = 272,
+ ANQP_VENUE_URL = 277,
+ ANQP_ADVICE_OF_CHARGE = 278,
+ ANQP_LOCAL_CONTENT = 279,
ANQP_VENDOR_SPECIFIC = 56797
};
@@ -615,6 +627,10 @@
u8 action; /* 15 */
u8 variable[];
} STRUCT_PACKED slf_prot_action;
+ struct {
+ u8 action;
+ u8 variable[];
+ } STRUCT_PACKED fst_action;
} u;
} STRUCT_PACKED action;
} u;
@@ -1067,6 +1083,15 @@
#define P2P_GROUP_CAPAB_GROUP_FORMATION BIT(6)
#define P2P_GROUP_CAPAB_IP_ADDR_ALLOCATION BIT(7)
+/* P2PS Coordination Protocol Transport Bitmap */
+#define P2PS_FEATURE_CAPAB_UDP_TRANSPORT BIT(0)
+#define P2PS_FEATURE_CAPAB_MAC_TRANSPORT BIT(1)
+
+struct p2ps_feature_capab {
+ u8 cpt;
+ u8 reserved;
+} STRUCT_PACKED;
+
/* Invitation Flags */
#define P2P_INVITATION_FLAGS_TYPE BIT(0)
@@ -1358,4 +1383,60 @@
#define SSID_MAX_LEN 32
+/* IEEE Std 802.11ad-2012 - Multi-band element */
+struct multi_band_ie {
+ u8 eid; /* WLAN_EID_MULTI_BAND */
+ u8 len;
+ u8 mb_ctrl;
+ u8 band_id;
+ u8 op_class;
+ u8 chan;
+ u8 bssid[ETH_ALEN];
+ le16 beacon_int;
+ u8 tsf_offs[8];
+ u8 mb_connection_capability;
+ u8 fst_session_tmout;
+ /* Optional:
+ * STA MAC Address
+ * Pairwise Cipher Suite Count
+ * Pairwise Cipher Suite List
+ */
+ u8 variable[0];
+} STRUCT_PACKED;
+
+enum mb_ctrl_sta_role {
+ MB_STA_ROLE_AP = 0,
+ MB_STA_ROLE_TDLS_STA = 1,
+ MB_STA_ROLE_IBSS_STA = 2,
+ MB_STA_ROLE_PCP = 3,
+ MB_STA_ROLE_NON_PCP_NON_AP = 4
+};
+
+#define MB_CTRL_ROLE_MASK (BIT(0) | BIT(1) | BIT(2))
+#define MB_CTRL_ROLE(ctrl) ((u8) ((ctrl) & MB_CTRL_ROLE_MASK))
+#define MB_CTRL_STA_MAC_PRESENT ((u8) (BIT(3)))
+#define MB_CTRL_PAIRWISE_CIPHER_SUITE_PRESENT ((u8) (BIT(4)))
+
+enum mb_band_id {
+ MB_BAND_ID_WIFI_2_4GHZ = 2, /* 2.4 GHz */
+ MB_BAND_ID_WIFI_5GHZ = 4, /* 4.9 and 5 GHz */
+ MB_BAND_ID_WIFI_60GHZ = 5, /* 60 GHz */
+};
+
+#define MB_CONNECTION_CAPABILITY_AP ((u8) (BIT(0)))
+#define MB_CONNECTION_CAPABILITY_PCP ((u8) (BIT(1)))
+#define MB_CONNECTION_CAPABILITY_DLS ((u8) (BIT(2)))
+#define MB_CONNECTION_CAPABILITY_TDLS ((u8) (BIT(3)))
+#define MB_CONNECTION_CAPABILITY_IBSS ((u8) (BIT(4)))
+
+/* IEEE Std 802.11ad-2014 - FST Action field */
+enum fst_action {
+ FST_ACTION_SETUP_REQUEST = 0,
+ FST_ACTION_SETUP_RESPONSE = 1,
+ FST_ACTION_TEAR_DOWN = 2,
+ FST_ACTION_ACK_REQUEST = 3,
+ FST_ACTION_ACK_RESPONSE = 4,
+ FST_ACTION_ON_CHANNEL_TUNNEL = 5,
+};
+
#endif /* IEEE802_11_DEFS_H */
diff --git a/src/common/privsep_commands.h b/src/common/privsep_commands.h
index c6a472d..8dff303 100644
--- a/src/common/privsep_commands.h
+++ b/src/common/privsep_commands.h
@@ -26,6 +26,25 @@
PRIVSEP_CMD_L2_NOTIFY_AUTH_START,
PRIVSEP_CMD_L2_SEND,
PRIVSEP_CMD_SET_COUNTRY,
+ PRIVSEP_CMD_AUTHENTICATE,
+};
+
+struct privsep_cmd_authenticate
+{
+ int freq;
+ u8 bssid[ETH_ALEN];
+ u8 ssid[SSID_MAX_LEN];
+ size_t ssid_len;
+ int auth_alg;
+ size_t ie_len;
+ u8 wep_key[4][16];
+ size_t wep_key_len[4];
+ int wep_tx_keyidx;
+ int local_state_change;
+ int p2p;
+ size_t sae_data_len;
+ /* followed by ie_len bytes of ie */
+ /* followed by sae_data_len bytes of sae_data */
};
struct privsep_cmd_associate
@@ -68,6 +87,18 @@
PRIVSEP_EVENT_STKSTART,
PRIVSEP_EVENT_FT_RESPONSE,
PRIVSEP_EVENT_RX_EAPOL,
+ PRIVSEP_EVENT_SCAN_STARTED,
+ PRIVSEP_EVENT_AUTH,
+};
+
+struct privsep_event_auth {
+ u8 peer[ETH_ALEN];
+ u8 bssid[ETH_ALEN];
+ u16 auth_type;
+ u16 auth_transaction;
+ u16 status_code;
+ size_t ies_len;
+ /* followed by ies_len bytes of ies */
};
#endif /* PRIVSEP_COMMANDS_H */
diff --git a/src/common/qca-vendor.h b/src/common/qca-vendor.h
index 2a6e242..88369e7 100644
--- a/src/common/qca-vendor.h
+++ b/src/common/qca-vendor.h
@@ -156,6 +156,11 @@
QCA_NL80211_VENDOR_SUBCMD_GET_PREFERRED_FREQ_LIST = 103,
QCA_NL80211_VENDOR_SUBCMD_SET_PROBABLE_OPER_CHANNEL = 104,
QCA_NL80211_VENDOR_SUBCMD_SETBAND = 105,
+ QCA_NL80211_VENDOR_SUBCMD_TRIGGER_SCAN = 106,
+ QCA_NL80211_VENDOR_SUBCMD_SCAN_DONE = 107,
+ QCA_NL80211_VENDOR_SUBCMD_OTA_TEST = 108,
+ QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE = 109,
+ /* 110..114 - reserved for QCA */
};
@@ -223,6 +228,7 @@
QCA_WLAN_VENDOR_ATTR_ACS_CH_LIST,
QCA_WLAN_VENDOR_ATTR_ACS_VHT_SEG0_CENTER_CHANNEL,
QCA_WLAN_VENDOR_ATTR_ACS_VHT_SEG1_CENTER_CHANNEL,
+ QCA_WLAN_VENDOR_ATTR_ACS_FREQ_LIST,
/* keep last */
QCA_WLAN_VENDOR_ATTR_ACS_AFTER_LAST,
QCA_WLAN_VENDOR_ATTR_ACS_MAX =
@@ -246,11 +252,14 @@
* after roaming, rather than having the user space wpa_supplicant do it.
* @QCA_WLAN_VENDOR_FEATURE_SUPPORT_HW_MODE_ANY: Device supports automatic
* band selection based on channel selection results.
+ * @QCA_WLAN_VENDOR_FEATURE_OFFCHANNEL_SIMULTANEOUS: Device supports
+ * simultaneous off-channel operations.
* @NUM_QCA_WLAN_VENDOR_FEATURES: Number of assigned feature bits
*/
enum qca_wlan_vendor_features {
QCA_WLAN_VENDOR_FEATURE_KEY_MGMT_OFFLOAD = 0,
QCA_WLAN_VENDOR_FEATURE_SUPPORT_HW_MODE_ANY = 1,
+ QCA_WLAN_VENDOR_FEATURE_OFFCHANNEL_SIMULTANEOUS = 2,
NUM_QCA_WLAN_VENDOR_FEATURES /* keep last */
};
@@ -323,4 +332,116 @@
QCA_SETBAND_2G,
};
+/* IEEE 802.11 Vendor Specific elements */
+
+/**
+ * enum qca_vendor_element_id - QCA Vendor Specific element types
+ *
+ * These values are used to identify QCA Vendor Specific elements. The
+ * payload of the element starts with the three octet OUI (OUI_QCA) and
+ * is followed by a single octet type which is defined by this enum.
+ *
+ * @QCA_VENDOR_ELEM_P2P_PREF_CHAN_LIST: P2P preferred channel list.
+ * This element can be used to specify preference order for supported
+ * channels. The channels in this list are in preference order (the first
+ * one has the highest preference) and are described as a pair of
+ * (global) Operating Class and Channel Number (each one octet) fields.
+ *
+ * This extends the standard P2P functionality by providing option to have
+ * more than one preferred operating channel. When this element is present,
+ * it replaces the preference indicated in the Operating Channel attribute.
+ * For supporting other implementations, the Operating Channel attribute is
+ * expected to be used with the highest preference channel. Similarly, all
+ * the channels included in this Preferred channel list element are
+ * expected to be included in the Channel List attribute.
+ *
+ * This vendor element may be included in GO Negotiation Request, P2P
+ * Invitation Request, and Provision Discovery Request frames.
+ */
+enum qca_vendor_element_id {
+ QCA_VENDOR_ELEM_P2P_PREF_CHAN_LIST = 0,
+};
+
+/**
+ * enum qca_wlan_vendor_attr_scan - Specifies vendor scan attributes
+ *
+ * @QCA_WLAN_VENDOR_ATTR_SCAN_IE: IEs that should be included as part of scan
+ * @QCA_WLAN_VENDOR_ATTR_SCAN_FREQUENCIES: Nested unsigned 32-bit attributes
+ * with frequencies to be scanned (in MHz)
+ * @QCA_WLAN_VENDOR_ATTR_SCAN_SSIDS: Nested attribute with SSIDs to be scanned
+ * @QCA_WLAN_VENDOR_ATTR_SCAN_SUPP_RATES: Nested array attribute of supported
+ * rates to be included
+ * @QCA_WLAN_VENDOR_ATTR_SCAN_TX_NO_CCK_RATE: flag used to send probe requests
+ * at non CCK rate in 2GHz band
+ * @QCA_WLAN_VENDOR_ATTR_SCAN_FLAGS: Unsigned 32-bit scan flags
+ * @QCA_WLAN_VENDOR_ATTR_SCAN_COOKIE: Unsigned 64-bit cookie provided by the
+ * driver for the specific scan request
+ * @QCA_WLAN_VENDOR_ATTR_SCAN_STATUS: Unsigned 8-bit status of the scan
+ * request decoded as in enum scan_status
+ * @QCA_WLAN_VENDOR_ATTR_SCAN_MAC: 6-byte MAC address to use when randomisation
+ * scan flag is set
+ * @QCA_WLAN_VENDOR_ATTR_SCAN_MAC_MASK: 6-byte MAC address mask to be used with
+ * randomisation
+ */
+enum qca_wlan_vendor_attr_scan {
+ QCA_WLAN_VENDOR_ATTR_SCAN_INVALID_PARAM = 0,
+ QCA_WLAN_VENDOR_ATTR_SCAN_IE,
+ QCA_WLAN_VENDOR_ATTR_SCAN_FREQUENCIES,
+ QCA_WLAN_VENDOR_ATTR_SCAN_SSIDS,
+ QCA_WLAN_VENDOR_ATTR_SCAN_SUPP_RATES,
+ QCA_WLAN_VENDOR_ATTR_SCAN_TX_NO_CCK_RATE,
+ QCA_WLAN_VENDOR_ATTR_SCAN_FLAGS,
+ QCA_WLAN_VENDOR_ATTR_SCAN_COOKIE,
+ QCA_WLAN_VENDOR_ATTR_SCAN_STATUS,
+ QCA_WLAN_VENDOR_ATTR_SCAN_MAC,
+ QCA_WLAN_VENDOR_ATTR_SCAN_MAC_MASK,
+ QCA_WLAN_VENDOR_ATTR_SCAN_AFTER_LAST,
+ QCA_WLAN_VENDOR_ATTR_SCAN_MAX =
+ QCA_WLAN_VENDOR_ATTR_SCAN_AFTER_LAST - 1
+};
+
+/**
+ * enum scan_status - Specifies the valid values the vendor scan attribute
+ * QCA_WLAN_VENDOR_ATTR_SCAN_STATUS can take
+ *
+ * @VENDOR_SCAN_STATUS_NEW_RESULTS: implies the vendor scan is successful with
+ * new scan results
+ * @VENDOR_SCAN_STATUS_ABORTED: implies the vendor scan was aborted in-between
+ */
+enum scan_status {
+ VENDOR_SCAN_STATUS_NEW_RESULTS,
+ VENDOR_SCAN_STATUS_ABORTED,
+ VENDOR_SCAN_STATUS_MAX,
+};
+
+/**
+ * enum qca_vendor_attr_ota_test - Specifies the values for vendor
+ * command QCA_NL80211_VENDOR_SUBCMD_OTA_TEST
+ * @QCA_WLAN_VENDOR_ATTR_OTA_TEST_ENABLE: enable ota test
+ */
+enum qca_vendor_attr_ota_test {
+ QCA_WLAN_VENDOR_ATTR_OTA_TEST_INVALID,
+ /* 8-bit unsigned value to indicate if OTA test is enabled */
+ QCA_WLAN_VENDOR_ATTR_OTA_TEST_ENABLE,
+ /* keep last */
+ QCA_WLAN_VENDOR_ATTR_OTA_TEST_AFTER_LAST,
+ QCA_WLAN_VENDOR_ATTR_OTA_TEST_MAX =
+ QCA_WLAN_VENDOR_ATTR_OTA_TEST_AFTER_LAST - 1
+};
+
+/**
+ * enum qca_vendor_attr_txpower_scale - vendor sub commands index
+ *
+ * @QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE: scaling value
+ */
+enum qca_vendor_attr_txpower_scale {
+ QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE_INVALID,
+ /* 8-bit unsigned value to indicate the scaling of tx power */
+ QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE,
+ /* keep last */
+ QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE_AFTER_LAST,
+ QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE_MAX =
+ QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE_AFTER_LAST - 1
+};
+
#endif /* QCA_VENDOR_H */
diff --git a/src/common/sae.c b/src/common/sae.c
index 503fa1d..b962ea2 100644
--- a/src/common/sae.c
+++ b/src/common/sae.c
@@ -923,7 +923,7 @@
const u8 *end, const u8 **token,
size_t *token_len)
{
- if (*pos + (sae->tmp->ec ? 3 : 2) * sae->tmp->prime_len < end) {
+ if ((sae->tmp->ec ? 3 : 2) * sae->tmp->prime_len < end - *pos) {
size_t tlen = end - (*pos + (sae->tmp->ec ? 3 : 2) *
sae->tmp->prime_len);
wpa_hexdump(MSG_DEBUG, "SAE: Anti-Clogging Token", *pos, tlen);
@@ -946,7 +946,7 @@
{
struct crypto_bignum *peer_scalar;
- if (*pos + sae->tmp->prime_len > end) {
+ if (sae->tmp->prime_len > end - *pos) {
wpa_printf(MSG_DEBUG, "SAE: Not enough data for scalar");
return WLAN_STATUS_UNSPECIFIED_FAILURE;
}
@@ -994,7 +994,7 @@
{
u8 prime[SAE_MAX_ECC_PRIME_LEN];
- if (pos + 2 * sae->tmp->prime_len > end) {
+ if (2 * sae->tmp->prime_len > end - pos) {
wpa_printf(MSG_DEBUG, "SAE: Not enough data for "
"commit-element");
return WLAN_STATUS_UNSPECIFIED_FAILURE;
@@ -1040,7 +1040,7 @@
struct crypto_bignum *res, *one;
const u8 one_bin[1] = { 0x01 };
- if (pos + sae->tmp->prime_len > end) {
+ if (sae->tmp->prime_len > end - pos) {
wpa_printf(MSG_DEBUG, "SAE: Not enough data for "
"commit-element");
return WLAN_STATUS_UNSPECIFIED_FAILURE;
@@ -1098,7 +1098,7 @@
u16 res;
/* Check Finite Cyclic Group */
- if (pos + 2 > end)
+ if (end - pos < 2)
return WLAN_STATUS_UNSPECIFIED_FAILURE;
res = sae_group_allowed(sae, allowed_groups, WPA_GET_LE16(pos));
if (res != WLAN_STATUS_SUCCESS)
diff --git a/src/common/version.h b/src/common/version.h
index 5ddf617..ae5c9d4 100644
--- a/src/common/version.h
+++ b/src/common/version.h
@@ -5,6 +5,10 @@
#define VERSION_STR_POSTFIX ""
#endif /* VERSION_STR_POSTFIX */
-#define VERSION_STR "2.5-devel" VERSION_STR_POSTFIX
+#ifndef GIT_VERSION_STR_POSTFIX
+#define GIT_VERSION_STR_POSTFIX ""
+#endif /* GIT_VERSION_STR_POSTFIX */
+
+#define VERSION_STR "2.6-devel" VERSION_STR_POSTFIX GIT_VERSION_STR_POSTFIX
#endif /* VERSION_H */
diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c
index e485b5b..4091bed 100644
--- a/src/common/wpa_common.c
+++ b/src/common/wpa_common.c
@@ -170,6 +170,12 @@
ptk->tk_len = wpa_cipher_key_len(cipher);
ptk_len = ptk->kck_len + ptk->kek_len + ptk->tk_len;
+#ifdef CONFIG_SUITEB192
+ if (wpa_key_mgmt_sha384(akmp))
+ sha384_prf(pmk, pmk_len, label, data, sizeof(data),
+ tmp, ptk_len);
+ else
+#endif /* CONFIG_SUITEB192 */
#ifdef CONFIG_IEEE80211W
if (wpa_key_mgmt_sha256(akmp))
sha256_prf(pmk, pmk_len, label, data, sizeof(data),
@@ -286,38 +292,47 @@
pos = ie + sizeof(struct rsn_ftie);
end = ie + ie_len;
- while (pos + 2 <= end && pos + 2 + pos[1] <= end) {
- switch (pos[0]) {
+ while (end - pos >= 2) {
+ u8 id, len;
+
+ id = *pos++;
+ len = *pos++;
+ if (len > end - pos)
+ break;
+
+ switch (id) {
case FTIE_SUBELEM_R1KH_ID:
- if (pos[1] != FT_R1KH_ID_LEN) {
- wpa_printf(MSG_DEBUG, "FT: Invalid R1KH-ID "
- "length in FTIE: %d", pos[1]);
+ if (len != FT_R1KH_ID_LEN) {
+ wpa_printf(MSG_DEBUG,
+ "FT: Invalid R1KH-ID length in FTIE: %d",
+ len);
return -1;
}
- parse->r1kh_id = pos + 2;
+ parse->r1kh_id = pos;
break;
case FTIE_SUBELEM_GTK:
- parse->gtk = pos + 2;
- parse->gtk_len = pos[1];
+ parse->gtk = pos;
+ parse->gtk_len = len;
break;
case FTIE_SUBELEM_R0KH_ID:
- if (pos[1] < 1 || pos[1] > FT_R0KH_ID_MAX_LEN) {
- wpa_printf(MSG_DEBUG, "FT: Invalid R0KH-ID "
- "length in FTIE: %d", pos[1]);
+ if (len < 1 || len > FT_R0KH_ID_MAX_LEN) {
+ wpa_printf(MSG_DEBUG,
+ "FT: Invalid R0KH-ID length in FTIE: %d",
+ len);
return -1;
}
- parse->r0kh_id = pos + 2;
- parse->r0kh_id_len = pos[1];
+ parse->r0kh_id = pos;
+ parse->r0kh_id_len = len;
break;
#ifdef CONFIG_IEEE80211W
case FTIE_SUBELEM_IGTK:
- parse->igtk = pos + 2;
- parse->igtk_len = pos[1];
+ parse->igtk = pos;
+ parse->igtk_len = len;
break;
#endif /* CONFIG_IEEE80211W */
}
- pos += 2 + pos[1];
+ pos += len;
}
return 0;
@@ -339,11 +354,18 @@
pos = ies;
end = ies + ies_len;
- while (pos + 2 <= end && pos + 2 + pos[1] <= end) {
- switch (pos[0]) {
+ while (end - pos >= 2) {
+ u8 id, len;
+
+ id = *pos++;
+ len = *pos++;
+ if (len > end - pos)
+ break;
+
+ switch (id) {
case WLAN_EID_RSN:
- parse->rsn = pos + 2;
- parse->rsn_len = pos[1];
+ parse->rsn = pos;
+ parse->rsn_len = len;
ret = wpa_parse_wpa_ie_rsn(parse->rsn - 2,
parse->rsn_len + 2,
&data);
@@ -356,32 +378,32 @@
parse->rsn_pmkid = data.pmkid;
break;
case WLAN_EID_MOBILITY_DOMAIN:
- if (pos[1] < sizeof(struct rsn_mdie))
+ if (len < sizeof(struct rsn_mdie))
return -1;
- parse->mdie = pos + 2;
- parse->mdie_len = pos[1];
+ parse->mdie = pos;
+ parse->mdie_len = len;
break;
case WLAN_EID_FAST_BSS_TRANSITION:
- if (pos[1] < sizeof(*ftie))
+ if (len < sizeof(*ftie))
return -1;
- ftie = (const struct rsn_ftie *) (pos + 2);
+ ftie = (const struct rsn_ftie *) pos;
prot_ie_count = ftie->mic_control[1];
- if (wpa_ft_parse_ftie(pos + 2, pos[1], parse) < 0)
+ if (wpa_ft_parse_ftie(pos, len, parse) < 0)
return -1;
break;
case WLAN_EID_TIMEOUT_INTERVAL:
- if (pos[1] != 5)
+ if (len != 5)
break;
- parse->tie = pos + 2;
- parse->tie_len = pos[1];
+ parse->tie = pos;
+ parse->tie_len = len;
break;
case WLAN_EID_RIC_DATA:
if (parse->ric == NULL)
- parse->ric = pos;
+ parse->ric = pos - 2;
break;
}
- pos += 2 + pos[1];
+ pos += len;
}
if (prot_ie_count == 0)
@@ -410,13 +432,15 @@
}
/* Determine the end of the RIC IE(s) */
- pos = parse->ric;
- while (pos && pos + 2 <= end && pos + 2 + pos[1] <= end &&
- prot_ie_count) {
- prot_ie_count--;
- pos += 2 + pos[1];
+ if (parse->ric) {
+ pos = parse->ric;
+ while (end - pos >= 2 && 2 + pos[1] <= end - pos &&
+ prot_ie_count) {
+ prot_ie_count--;
+ pos += 2 + pos[1];
+ }
+ parse->ric_len = pos - parse->ric;
}
- parse->ric_len = pos - parse->ric;
if (prot_ie_count) {
wpa_printf(MSG_DEBUG, "FT: %d protected IEs missing from "
"frame", (int) prot_ie_count);
@@ -492,7 +516,7 @@
}
-static int wpa_cipher_valid_group(int cipher)
+int wpa_cipher_valid_group(int cipher)
{
return wpa_cipher_valid_pairwise(cipher) ||
cipher == WPA_CIPHER_GTK_NOT_USED;
@@ -1292,6 +1316,9 @@
os_memmove(rpos + 2, rpos, end - rpos);
*rpos++ = 0;
*rpos++ = 0;
+ added += 2;
+ start[1] += 2;
+ rend = rpos;
} else {
/* Skip RSN Capabilities */
rpos += 2;
@@ -1304,7 +1331,7 @@
if (rpos == rend) {
/* No PMKID-Count field included; add it */
- os_memmove(rpos + 2 + PMKID_LEN, rpos, end - rpos);
+ os_memmove(rpos + 2 + PMKID_LEN, rpos, end + added - rpos);
WPA_PUT_LE16(rpos, 1);
rpos += 2;
os_memcpy(rpos, pmkid, PMKID_LEN);
@@ -1319,7 +1346,7 @@
}
WPA_PUT_LE16(rpos, 1);
rpos += 2;
- os_memmove(rpos + PMKID_LEN, rpos, end - rpos);
+ os_memmove(rpos + PMKID_LEN, rpos, end + added - rpos);
os_memcpy(rpos, pmkid, PMKID_LEN);
added += PMKID_LEN;
start[1] += PMKID_LEN;
diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
index d7a590f..ee71bfc 100644
--- a/src/common/wpa_common.h
+++ b/src/common/wpa_common.h
@@ -12,6 +12,8 @@
/* IEEE 802.11i */
#define PMKID_LEN 16
#define PMK_LEN 32
+#define PMK_LEN_SUITE_B_192 48
+#define PMK_LEN_MAX 48
#define WPA_REPLAY_COUNTER_LEN 8
#define WPA_NONCE_LEN 32
#define WPA_KEY_RSC_LEN 8
@@ -435,6 +437,7 @@
int wpa_cipher_key_len(int cipher);
int wpa_cipher_rsc_len(int cipher);
int wpa_cipher_to_alg(int cipher);
+int wpa_cipher_valid_group(int cipher);
int wpa_cipher_valid_pairwise(int cipher);
int wpa_cipher_valid_mgmt_group(int cipher);
u32 wpa_cipher_to_suite(int proto, int cipher);
diff --git a/src/common/wpa_ctrl.c b/src/common/wpa_ctrl.c
index 82d4655..5733aa6 100644
--- a/src/common/wpa_ctrl.c
+++ b/src/common/wpa_ctrl.c
@@ -85,6 +85,13 @@
struct wpa_ctrl * wpa_ctrl_open(const char *ctrl_path)
{
+ return wpa_ctrl_open2(ctrl_path, NULL);
+}
+
+
+struct wpa_ctrl * wpa_ctrl_open2(const char *ctrl_path,
+ const char *cli_path)
+{
struct wpa_ctrl *ctrl;
static int counter = 0;
int ret;
@@ -108,10 +115,18 @@
ctrl->local.sun_family = AF_UNIX;
counter++;
try_again:
- ret = os_snprintf(ctrl->local.sun_path, sizeof(ctrl->local.sun_path),
- CONFIG_CTRL_IFACE_CLIENT_DIR "/"
- CONFIG_CTRL_IFACE_CLIENT_PREFIX "%d-%d",
- (int) getpid(), counter);
+ if (cli_path && cli_path[0] == '/') {
+ ret = os_snprintf(ctrl->local.sun_path,
+ sizeof(ctrl->local.sun_path),
+ "%s/" CONFIG_CTRL_IFACE_CLIENT_PREFIX "%d-%d",
+ cli_path, (int) getpid(), counter);
+ } else {
+ ret = os_snprintf(ctrl->local.sun_path,
+ sizeof(ctrl->local.sun_path),
+ CONFIG_CTRL_IFACE_CLIENT_DIR "/"
+ CONFIG_CTRL_IFACE_CLIENT_PREFIX "%d-%d",
+ (int) getpid(), counter);
+ }
if (os_snprintf_error(sizeof(ctrl->local.sun_path), ret)) {
close(ctrl->s);
os_free(ctrl);
@@ -137,6 +152,8 @@
#ifdef ANDROID
chmod(ctrl->local.sun_path, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
+ /* Set group even if we do not have privileges to change owner */
+ chown(ctrl->local.sun_path, -1, AID_WIFI);
chown(ctrl->local.sun_path, AID_SYSTEM, AID_WIFI);
if (os_strncmp(ctrl_path, "@android:", 9) == 0) {
diff --git a/src/common/wpa_ctrl.h b/src/common/wpa_ctrl.h
index e700523..3de4682 100644
--- a/src/common/wpa_ctrl.h
+++ b/src/common/wpa_ctrl.h
@@ -28,6 +28,8 @@
#define WPA_EVENT_DISCONNECTED "CTRL-EVENT-DISCONNECTED "
/** Association rejected during connection attempt */
#define WPA_EVENT_ASSOC_REJECT "CTRL-EVENT-ASSOC-REJECT "
+/** Authentication rejected during connection attempt */
+#define WPA_EVENT_AUTH_REJECT "CTRL-EVENT-AUTH-REJECT "
/** wpa_supplicant is exiting */
#define WPA_EVENT_TERMINATING "CTRL-EVENT-TERMINATING "
/** Password change was completed successfully */
@@ -279,6 +281,7 @@
#define WPA_BSS_MASK_MESH_SCAN BIT(18)
#define WPA_BSS_MASK_SNR BIT(19)
#define WPA_BSS_MASK_EST_THROUGHPUT BIT(20)
+#define WPA_BSS_MASK_FST BIT(21)
/* VENDOR_ELEM_* frame id values */
@@ -315,6 +318,20 @@
*/
struct wpa_ctrl * wpa_ctrl_open(const char *ctrl_path);
+/**
+ * wpa_ctrl_open2 - Open a control interface to wpa_supplicant/hostapd
+ * @ctrl_path: Path for UNIX domain sockets; ignored if UDP sockets are used.
+ * @cli_path: Path for client UNIX domain sockets; ignored if UDP socket
+ * is used.
+ * Returns: Pointer to abstract control interface data or %NULL on failure
+ *
+ * This function is used to open a control interface to wpa_supplicant/hostapd
+ * when the socket path for client need to be specified explicitly. Default
+ * ctrl_path is usually /var/run/wpa_supplicant or /var/run/hostapd and client
+ * socket path is /tmp.
+ */
+struct wpa_ctrl * wpa_ctrl_open2(const char *ctrl_path, const char *cli_path);
+
/**
* wpa_ctrl_close - Close a control interface to wpa_supplicant/hostapd
diff --git a/src/common/wpa_helpers.c b/src/common/wpa_helpers.c
index 28913b9..f159421 100644
--- a/src/common/wpa_helpers.c
+++ b/src/common/wpa_helpers.c
@@ -172,7 +172,8 @@
if (ctrl == NULL)
return -1;
len = sizeof(buf);
- if (wpa_ctrl_request(ctrl, "STATUS", 6, buf, &len, NULL) < 0) {
+ if (wpa_ctrl_request(ctrl, "STATUS-NO_EVENTS", 16, buf, &len,
+ NULL) < 0) {
wpa_ctrl_close(ctrl);
return -1;
}
diff --git a/src/crypto/aes-omac1.c b/src/crypto/aes-omac1.c
index 375db57..8642516 100644
--- a/src/crypto/aes-omac1.c
+++ b/src/crypto/aes-omac1.c
@@ -48,6 +48,9 @@
const u8 *pos, *end;
size_t i, e, left, total_len;
+ if (TEST_FAIL())
+ return -1;
+
ctx = aes_encrypt_init(key, key_len);
if (ctx == NULL)
return -1;
diff --git a/src/crypto/crypto_module_tests.c b/src/crypto/crypto_module_tests.c
index 1d613c9..2b19a4a 100644
--- a/src/crypto/crypto_module_tests.c
+++ b/src/crypto/crypto_module_tests.c
@@ -516,6 +516,7 @@
0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82,
0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5
};
+#ifndef CONFIG_BORINGSSL
/* RFC 3394 - Test vector 4.2 */
u8 kek42[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
@@ -531,6 +532,7 @@
0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2,
0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D
};
+#endif /* CONFIG_BORINGSSL */
/* RFC 3394 - Test vector 4.3 */
u8 kek43[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
@@ -547,6 +549,7 @@
0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A,
0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7,
};
+#ifndef CONFIG_BORINGSSL
/* RFC 3394 - Test vector 4.4 */
u8 kek44[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
@@ -564,6 +567,7 @@
0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93,
0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2
};
+#endif /* CONFIG_BORINGSSL */
/* RFC 3394 - Test vector 4.5 */
u8 kek45[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
@@ -624,6 +628,7 @@
ret++;
}
+#ifndef CONFIG_BORINGSSL
wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.2");
if (aes_wrap(kek42, sizeof(kek42), sizeof(plain42) / 8, plain42,
result)) {
@@ -643,6 +648,7 @@
wpa_printf(MSG_ERROR, "AES-UNWRAP-192 failed");
ret++;
}
+#endif /* CONFIG_BORINGSSL */
wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.3");
if (aes_wrap(kek43, sizeof(kek43), sizeof(plain43) / 8, plain43,
@@ -664,6 +670,7 @@
ret++;
}
+#ifndef CONFIG_BORINGSSL
wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.4");
if (aes_wrap(kek44, sizeof(kek44), sizeof(plain44) / 8, plain44,
result)) {
@@ -683,6 +690,7 @@
wpa_printf(MSG_ERROR, "AES-UNWRAP-192 failed");
ret++;
}
+#endif /* CONFIG_BORINGSSL */
wpa_printf(MSG_INFO, "RFC 3394 - Test vector 4.5");
if (aes_wrap(kek45, sizeof(kek45), sizeof(plain45) / 8, plain45,
@@ -733,6 +741,7 @@
static int test_md5(void)
{
+#ifndef CONFIG_FIPS
struct {
char *data;
char *hash;
@@ -811,6 +820,10 @@
wpa_printf(MSG_INFO, "MD5 test cases passed");
return errors;
+#else /* CONFIG_FIPS */
+ wpa_printf(MSG_INFO, "MD5 test cases skipped due to CONFIG_FIPS");
+ return 0;
+#endif /* CONFIG_FIPS */
}
@@ -842,6 +855,7 @@
0x38, 0x4B, 0x7A, 0x85, 0xBE, 0x16, 0x4D, 0x27,
0x33, 0xD5, 0x24, 0x79, 0x87, 0xB1, 0xC5, 0xA2
};
+#ifndef CONFIG_FIPS
const u8 key_block[] = {
0x59, 0x59, 0xBE, 0x8E, 0x41, 0x3A, 0x77, 0x74,
0x8B, 0xB2, 0xE5, 0xD3, 0x60, 0xAC, 0x4D, 0x35,
@@ -858,6 +872,7 @@
0x64, 0xC1, 0xC8, 0x0C, 0x96, 0x44, 0x09, 0x98,
0xFF, 0x92, 0xA8, 0xB4, 0xC6, 0x42, 0x28, 0x71
};
+#endif /* CONFIG_FIPS */
const u8 sks[] = {
0xD6, 0x4B, 0x7D, 0x72, 0x17, 0x59, 0x28, 0x05,
0xAF, 0xF9, 0xB7, 0xFF, 0x66, 0x6D, 0xA1, 0x96,
@@ -932,6 +947,7 @@
errors++;
}
+#ifndef CONFIG_FIPS
wpa_printf(MSG_INFO, "- PRF (TLS, SHA1/MD5) test case / key_block");
if (tls_prf_sha1_md5(master_secret, sizeof(master_secret),
"key expansion", seed, sizeof(seed),
@@ -940,6 +956,7 @@
wpa_printf(MSG_INFO, "PRF test - FAILED!");
errors++;
}
+#endif /* CONFIG_FIPS */
wpa_printf(MSG_INFO, "- T-PRF (SHA1) test case / IMCK");
if (sha1_t_prf(sks, sizeof(sks), "Inner Methods Compound Keys",
@@ -1486,6 +1503,7 @@
const u8 *addr[2];
size_t len[2];
int errors = 0;
+ u8 *key;
for (i = 0; i < ARRAY_SIZE(tests); i++) {
wpa_printf(MSG_INFO, "SHA256 test case %d:", i + 1);
@@ -1556,6 +1574,31 @@
hash, sizeof(hash));
/* TODO: add proper test case for this */
+ key = os_malloc(8161);
+ if (key) {
+#ifdef CONFIG_HMAC_SHA256_KDF
+ int res;
+
+ res = hmac_sha256_kdf((u8 *) "secret", 6, "label",
+ (u8 *) "seed", 4, key, 8160);
+ if (res) {
+ wpa_printf(MSG_INFO,
+ "Unexpected hmac_sha256_kdf(outlen=8160) failure");
+ errors++;
+ }
+
+ res = hmac_sha256_kdf((u8 *) "secret", 6, "label",
+ (u8 *) "seed", 4, key, 8161);
+ if (res == 0) {
+ wpa_printf(MSG_INFO,
+ "Unexpected hmac_sha256_kdf(outlen=8161) success");
+ errors++;
+ }
+#endif /* CONFIG_HMAC_SHA256_KDF */
+
+ os_free(key);
+ }
+
if (!errors)
wpa_printf(MSG_INFO, "SHA256 test cases passed");
return errors;
@@ -1564,6 +1607,7 @@
static int test_ms_funcs(void)
{
+#ifndef CONFIG_FIPS
/* Test vector from RFC2759 example */
char *username = "User";
char *password = "clientPass";
@@ -1656,6 +1700,10 @@
wpa_printf(MSG_INFO, "ms_funcs test cases passed");
return errors;
+#else /* CONFIG_FIPS */
+ wpa_printf(MSG_INFO, "ms_funcs test cases skipped due to CONFIG_FIPS");
+ return 0;
+#endif /* CONFIG_FIPS */
}
diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index 3703b93..9e344d1 100644
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -69,6 +69,9 @@
size_t i;
unsigned int mac_len;
+ if (TEST_FAIL())
+ return -1;
+
EVP_MD_CTX_init(&ctx);
if (!EVP_DigestInit_ex(&ctx, type, NULL)) {
wpa_printf(MSG_ERROR, "OpenSSL: EVP_DigestInit_ex failed: %s",
@@ -93,10 +96,12 @@
}
+#ifndef CONFIG_FIPS
int md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
{
return openssl_digest_vector(EVP_md4(), num_elem, addr, len, mac);
}
+#endif /* CONFIG_FIPS */
void des_encrypt(const u8 *clear, const u8 *key, u8 *cypher)
@@ -120,6 +125,7 @@
}
+#ifndef CONFIG_NO_RC4
int rc4_skip(const u8 *key, size_t keylen, size_t skip,
u8 *data, size_t data_len)
{
@@ -155,12 +161,15 @@
return res;
#endif /* OPENSSL_NO_RC4 */
}
+#endif /* CONFIG_NO_RC4 */
+#ifndef CONFIG_FIPS
int md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
{
return openssl_digest_vector(EVP_md5(), num_elem, addr, len, mac);
}
+#endif /* CONFIG_FIPS */
int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
@@ -297,6 +306,9 @@
}
+#ifndef CONFIG_FIPS
+#ifndef CONFIG_OPENSSL_INTERNAL_AES_WRAP
+
int aes_wrap(const u8 *kek, size_t kek_len, int n, const u8 *plain, u8 *cipher)
{
AES_KEY actx;
@@ -323,6 +335,9 @@
return res <= 0 ? -1 : 0;
}
+#endif /* CONFIG_OPENSSL_INTERNAL_AES_WRAP */
+#endif /* CONFIG_FIPS */
+
int aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
{
@@ -430,11 +445,13 @@
return NULL;
switch (alg) {
+#ifndef CONFIG_NO_RC4
#ifndef OPENSSL_NO_RC4
case CRYPTO_CIPHER_ALG_RC4:
cipher = EVP_rc4();
break;
#endif /* OPENSSL_NO_RC4 */
+#endif /* CONFIG_NO_RC4 */
#ifndef OPENSSL_NO_AES
case CRYPTO_CIPHER_ALG_AES:
switch (key_len) {
@@ -757,6 +774,9 @@
size_t i;
int res;
+ if (TEST_FAIL())
+ return -1;
+
HMAC_CTX_init(&ctx);
#if OPENSSL_VERSION_NUMBER < 0x00909000
HMAC_Init_ex(&ctx, key, key_len, type, NULL);
@@ -878,6 +898,9 @@
int ret = -1;
size_t outlen, i;
+ if (TEST_FAIL())
+ return -1;
+
ctx = CMAC_CTX_new();
if (ctx == NULL)
return -1;
diff --git a/src/crypto/ms_funcs.c b/src/crypto/ms_funcs.c
index 5f57656..d0d6a96 100644
--- a/src/crypto/ms_funcs.c
+++ b/src/crypto/ms_funcs.c
@@ -48,7 +48,7 @@
WPA_PUT_LE16(ucs2_buffer + j,
((c & 0x1F) << 6) | (c2 & 0x3F));
j += 2;
- } else if (i == utf8_string_len ||
+ } else if (i == utf8_string_len - 1 ||
j >= ucs2_buffer_size - 1) {
/* incomplete surrogate */
return -1;
@@ -174,9 +174,8 @@
u8 password_hash[16];
if (challenge_hash(peer_challenge, auth_challenge, username,
- username_len, challenge))
- return -1;
- if (nt_password_hash(password, password_len, password_hash))
+ username_len, challenge) ||
+ nt_password_hash(password, password_len, password_hash))
return -1;
challenge_response(challenge, password_hash, response);
return 0;
@@ -256,12 +255,9 @@
addr2[1] = challenge;
addr2[2] = magic2;
- if (hash_nt_password_hash(password_hash, password_hash_hash))
- return -1;
- if (sha1_vector(3, addr1, len1, response))
- return -1;
-
- if (challenge_hash(peer_challenge, auth_challenge, username,
+ if (hash_nt_password_hash(password_hash, password_hash_hash) ||
+ sha1_vector(3, addr1, len1, response) ||
+ challenge_hash(peer_challenge, auth_challenge, username,
username_len, challenge))
return -1;
return sha1_vector(3, addr2, len2, response);
@@ -416,6 +412,8 @@
}
+#ifndef CONFIG_NO_RC4
+
#define PWBLOCK_LEN 516
/**
@@ -435,10 +433,8 @@
os_memset(pw_block, 0, PWBLOCK_LEN);
- if (utf8_to_ucs2(password, password_len, pw_block, 512, &ucs2_len) < 0)
- return -1;
-
- if (ucs2_len > 256)
+ if (utf8_to_ucs2(password, password_len, pw_block, 512, &ucs2_len) < 0
+ || ucs2_len > 256)
return -1;
offset = (256 - ucs2_len) * 2;
@@ -483,6 +479,8 @@
return 0;
}
+#endif /* CONFIG_NO_RC4 */
+
/**
* nt_password_hash_encrypted_with_block - NtPasswordHashEncryptedWithBlock() - RFC 2759, Sect 8.13
diff --git a/src/crypto/random.c b/src/crypto/random.c
index bc758aa..3a86a93 100644
--- a/src/crypto/random.c
+++ b/src/crypto/random.c
@@ -181,6 +181,7 @@
#ifdef CONFIG_FIPS
/* Mix in additional entropy from the crypto module */
+ bytes = buf;
left = len;
while (left) {
size_t siz, i;
diff --git a/src/crypto/sha384-prf.c b/src/crypto/sha384-prf.c
new file mode 100644
index 0000000..653920b
--- /dev/null
+++ b/src/crypto/sha384-prf.c
@@ -0,0 +1,100 @@
+/*
+ * SHA384-based KDF (IEEE 802.11ac)
+ * Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "sha384.h"
+#include "crypto.h"
+
+
+/**
+ * sha384_prf - SHA384-based Key derivation function (IEEE 802.11ac, 11.6.1.7.2)
+ * @key: Key for KDF
+ * @key_len: Length of the key in bytes
+ * @label: A unique label for each purpose of the PRF
+ * @data: Extra data to bind into the key
+ * @data_len: Length of the data
+ * @buf: Buffer for the generated pseudo-random key
+ * @buf_len: Number of bytes of key to generate
+ *
+ * This function is used to derive new, cryptographically separate keys from a
+ * given key.
+ */
+void sha384_prf(const u8 *key, size_t key_len, const char *label,
+ const u8 *data, size_t data_len, u8 *buf, size_t buf_len)
+{
+ sha384_prf_bits(key, key_len, label, data, data_len, buf, buf_len * 8);
+}
+
+
+/**
+ * sha384_prf_bits - IEEE Std 802.11ac-2013, 11.6.1.7.2 Key derivation function
+ * @key: Key for KDF
+ * @key_len: Length of the key in bytes
+ * @label: A unique label for each purpose of the PRF
+ * @data: Extra data to bind into the key
+ * @data_len: Length of the data
+ * @buf: Buffer for the generated pseudo-random key
+ * @buf_len: Number of bits of key to generate
+ *
+ * This function is used to derive new, cryptographically separate keys from a
+ * given key. If the requested buf_len is not divisible by eight, the least
+ * significant 1-7 bits of the last octet in the output are not part of the
+ * requested output.
+ */
+void sha384_prf_bits(const u8 *key, size_t key_len, const char *label,
+ const u8 *data, size_t data_len, u8 *buf,
+ size_t buf_len_bits)
+{
+ u16 counter = 1;
+ size_t pos, plen;
+ u8 hash[SHA384_MAC_LEN];
+ const u8 *addr[4];
+ size_t len[4];
+ u8 counter_le[2], length_le[2];
+ size_t buf_len = (buf_len_bits + 7) / 8;
+
+ addr[0] = counter_le;
+ len[0] = 2;
+ addr[1] = (u8 *) label;
+ len[1] = os_strlen(label);
+ addr[2] = data;
+ len[2] = data_len;
+ addr[3] = length_le;
+ len[3] = sizeof(length_le);
+
+ WPA_PUT_LE16(length_le, buf_len_bits);
+ pos = 0;
+ while (pos < buf_len) {
+ plen = buf_len - pos;
+ WPA_PUT_LE16(counter_le, counter);
+ if (plen >= SHA384_MAC_LEN) {
+ hmac_sha384_vector(key, key_len, 4, addr, len,
+ &buf[pos]);
+ pos += SHA384_MAC_LEN;
+ } else {
+ hmac_sha384_vector(key, key_len, 4, addr, len, hash);
+ os_memcpy(&buf[pos], hash, plen);
+ pos += plen;
+ break;
+ }
+ counter++;
+ }
+
+ /*
+ * Mask out unused bits in the last octet if it does not use all the
+ * bits.
+ */
+ if (buf_len_bits % 8) {
+ u8 mask = 0xff << (8 - buf_len_bits % 8);
+ buf[pos - 1] &= mask;
+ }
+
+ os_memset(hash, 0, sizeof(hash));
+}
diff --git a/src/crypto/sha384.h b/src/crypto/sha384.h
index e6a1fe4..3deafa5 100644
--- a/src/crypto/sha384.h
+++ b/src/crypto/sha384.h
@@ -15,5 +15,10 @@
const u8 *addr[], const size_t *len, u8 *mac);
int hmac_sha384(const u8 *key, size_t key_len, const u8 *data,
size_t data_len, u8 *mac);
+void sha384_prf(const u8 *key, size_t key_len, const char *label,
+ const u8 *data, size_t data_len, u8 *buf, size_t buf_len);
+void sha384_prf_bits(const u8 *key, size_t key_len, const char *label,
+ const u8 *data, size_t data_len, u8 *buf,
+ size_t buf_len_bits);
#endif /* SHA384_H */
diff --git a/src/crypto/tls.h b/src/crypto/tls.h
index d13657e..2e56233 100644
--- a/src/crypto/tls.h
+++ b/src/crypto/tls.h
@@ -11,7 +11,7 @@
struct tls_connection;
-struct tls_keys {
+struct tls_random {
const u8 *client_random;
size_t client_random_len;
const u8 *server_random;
@@ -79,6 +79,7 @@
int fips_mode;
int cert_in_cb;
const char *openssl_ciphers;
+ unsigned int tls_session_lifetime;
void (*event_cb)(void *ctx, enum tls_event ev,
union tls_event_data *data);
@@ -93,6 +94,7 @@
#define TLS_CONN_DISABLE_TLSv1_1 BIT(5)
#define TLS_CONN_DISABLE_TLSv1_2 BIT(6)
#define TLS_CONN_EAP_FAST BIT(7)
+#define TLS_CONN_DISABLE_TLSv1_0 BIT(8)
/**
* struct tls_connection_params - Parameters for TLS connection
@@ -304,22 +306,28 @@
* @tls_ctx: TLS context data from tls_init()
* @conn: Connection context data from tls_connection_init()
* @verify_peer: 1 = verify peer certificate
+ * @flags: Connection flags (TLS_CONN_*)
+ * @session_ctx: Session caching context or %NULL to use default
+ * @session_ctx_len: Length of @session_ctx in bytes.
* Returns: 0 on success, -1 on failure
*/
int __must_check tls_connection_set_verify(void *tls_ctx,
struct tls_connection *conn,
- int verify_peer);
+ int verify_peer,
+ unsigned int flags,
+ const u8 *session_ctx,
+ size_t session_ctx_len);
/**
- * tls_connection_get_keys - Get random data from TLS connection
+ * tls_connection_get_random - Get random data from TLS connection
* @tls_ctx: TLS context data from tls_init()
* @conn: Connection context data from tls_connection_init()
- * @keys: Structure of client/server random data (filled on success)
+ * @data: Structure of client/server random data (filled on success)
* Returns: 0 on success, -1 on failure
*/
-int __must_check tls_connection_get_keys(void *tls_ctx,
+int __must_check tls_connection_get_random(void *tls_ctx,
struct tls_connection *conn,
- struct tls_keys *keys);
+ struct tls_random *data);
/**
* tls_connection_prf - Use TLS-PRF to derive keying material
@@ -333,14 +341,11 @@
* @out_len: Length of the output buffer
* Returns: 0 on success, -1 on failure
*
- * This function is optional to implement if tls_connection_get_keys() provides
- * access to master secret and server/client random values. If these values are
- * not exported from the TLS library, tls_connection_prf() is required so that
- * further keying material can be derived from the master secret. If not
- * implemented, the function will still need to be defined, but it can just
- * return -1. Example implementation of this function is in tls_prf_sha1_md5()
- * when it is called with seed set to client_random|server_random (or
- * server_random|client_random).
+ * tls_connection_prf() is required so that further keying material can be
+ * derived from the master secret. Example implementation of this function is in
+ * tls_prf_sha1_md5() when it is called with seed set to
+ * client_random|server_random (or server_random|client_random). For TLSv1.2 and
+ * newer, a different PRF is needed, though.
*/
int __must_check tls_connection_prf(void *tls_ctx,
struct tls_connection *conn,
@@ -466,6 +471,19 @@
u8 *ciphers);
/**
+ * tls_get_version - Get the current TLS version number
+ * @tls_ctx: TLS context data from tls_init()
+ * @conn: Connection context data from tls_connection_init()
+ * @buf: Buffer for returning the TLS version number
+ * @buflen: buf size
+ * Returns: 0 on success, -1 on failure
+ *
+ * Get the currently used TLS version number.
+ */
+int __must_check tls_get_version(void *tls_ctx, struct tls_connection *conn,
+ char *buf, size_t buflen);
+
+/**
* tls_get_cipher - Get current cipher name
* @tls_ctx: TLS context data from tls_init()
* @conn: Connection context data from tls_connection_init()
@@ -532,13 +550,6 @@
int tls_connection_get_write_alerts(void *tls_ctx,
struct tls_connection *conn);
-/**
- * tls_capabilities - Get supported TLS capabilities
- * @tls_ctx: TLS context data from tls_init()
- * Returns: Bit field of supported TLS capabilities (TLS_CAPABILITY_*)
- */
-unsigned int tls_capabilities(void *tls_ctx);
-
typedef int (*tls_session_ticket_cb)
(void *ctx, const u8 *ticket, size_t len, const u8 *client_random,
const u8 *server_random, u8 *master_secret);
@@ -564,4 +575,14 @@
int tls_get_library_version(char *buf, size_t buf_len);
+void tls_connection_set_success_data(struct tls_connection *conn,
+ struct wpabuf *data);
+
+void tls_connection_set_success_data_resumed(struct tls_connection *conn);
+
+const struct wpabuf *
+tls_connection_get_success_data(struct tls_connection *conn);
+
+void tls_connection_remove_session(struct tls_connection *conn);
+
#endif /* TLS_H */
diff --git a/src/crypto/tls_gnutls.c b/src/crypto/tls_gnutls.c
index c7f6464..f994379 100644
--- a/src/crypto/tls_gnutls.c
+++ b/src/crypto/tls_gnutls.c
@@ -708,7 +708,8 @@
int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn,
- int verify_peer)
+ int verify_peer, unsigned int flags,
+ const u8 *session_ctx, size_t session_ctx_len)
{
if (conn == NULL || conn->session == NULL)
return -1;
@@ -722,8 +723,8 @@
}
-int tls_connection_get_keys(void *ssl_ctx, struct tls_connection *conn,
- struct tls_keys *keys)
+int tls_connection_get_random(void *ssl_ctx, struct tls_connection *conn,
+ struct tls_random *keys)
{
#if GNUTLS_VERSION_NUMBER >= 0x030012
gnutls_datum_t client, server;
@@ -1426,6 +1427,14 @@
}
+int tls_get_version(void *ssl_ctx, struct tls_connection *conn,
+ char *buf, size_t buflen)
+{
+ /* TODO */
+ return -1;
+}
+
+
int tls_get_cipher(void *ssl_ctx, struct tls_connection *conn,
char *buf, size_t buflen)
{
@@ -1476,12 +1485,6 @@
}
-unsigned int tls_capabilities(void *tls_ctx)
-{
- return 0;
-}
-
-
int tls_connection_set_session_ticket_cb(void *tls_ctx,
struct tls_connection *conn,
tls_session_ticket_cb cb, void *ctx)
@@ -1495,3 +1498,26 @@
return os_snprintf(buf, buf_len, "GnuTLS build=%s run=%s",
GNUTLS_VERSION, gnutls_check_version(NULL));
}
+
+
+void tls_connection_set_success_data(struct tls_connection *conn,
+ struct wpabuf *data)
+{
+}
+
+
+void tls_connection_set_success_data_resumed(struct tls_connection *conn)
+{
+}
+
+
+const struct wpabuf *
+tls_connection_get_success_data(struct tls_connection *conn)
+{
+ return NULL;
+}
+
+
+void tls_connection_remove_session(struct tls_connection *conn)
+{
+}
diff --git a/src/crypto/tls_internal.c b/src/crypto/tls_internal.c
index afd4695..1b82245 100644
--- a/src/crypto/tls_internal.c
+++ b/src/crypto/tls_internal.c
@@ -64,10 +64,12 @@
tlsv1_client_global_deinit();
#endif /* CONFIG_TLS_INTERNAL_CLIENT */
#ifdef CONFIG_TLS_INTERNAL_SERVER
- tlsv1_cred_free(global->server_cred);
tlsv1_server_global_deinit();
#endif /* CONFIG_TLS_INTERNAL_SERVER */
}
+#ifdef CONFIG_TLS_INTERNAL_SERVER
+ tlsv1_cred_free(global->server_cred);
+#endif /* CONFIG_TLS_INTERNAL_SERVER */
os_free(global);
}
@@ -328,7 +330,8 @@
int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn,
- int verify_peer)
+ int verify_peer, unsigned int flags,
+ const u8 *session_ctx, size_t session_ctx_len)
{
#ifdef CONFIG_TLS_INTERNAL_SERVER
if (conn->server)
@@ -338,16 +341,16 @@
}
-int tls_connection_get_keys(void *tls_ctx, struct tls_connection *conn,
- struct tls_keys *keys)
+int tls_connection_get_random(void *tls_ctx, struct tls_connection *conn,
+ struct tls_random *data)
{
#ifdef CONFIG_TLS_INTERNAL_CLIENT
if (conn->client)
- return tlsv1_client_get_keys(conn->client, keys);
+ return tlsv1_client_get_random(conn->client, data);
#endif /* CONFIG_TLS_INTERNAL_CLIENT */
#ifdef CONFIG_TLS_INTERNAL_SERVER
if (conn->server)
- return tlsv1_server_get_keys(conn->server, keys);
+ return tlsv1_server_get_random(conn->server, data);
#endif /* CONFIG_TLS_INTERNAL_SERVER */
return -1;
}
@@ -617,6 +620,14 @@
}
+int tls_get_version(void *ssl_ctx, struct tls_connection *conn,
+ char *buf, size_t buflen)
+{
+ /* TODO */
+ return -1;
+}
+
+
int tls_get_cipher(void *tls_ctx, struct tls_connection *conn,
char *buf, size_t buflen)
{
@@ -674,12 +685,6 @@
}
-unsigned int tls_capabilities(void *tls_ctx)
-{
- return 0;
-}
-
-
int tls_connection_set_session_ticket_cb(void *tls_ctx,
struct tls_connection *conn,
tls_session_ticket_cb cb,
@@ -705,3 +710,26 @@
{
return os_snprintf(buf, buf_len, "internal");
}
+
+
+void tls_connection_set_success_data(struct tls_connection *conn,
+ struct wpabuf *data)
+{
+}
+
+
+void tls_connection_set_success_data_resumed(struct tls_connection *conn)
+{
+}
+
+
+const struct wpabuf *
+tls_connection_get_success_data(struct tls_connection *conn)
+{
+ return NULL;
+}
+
+
+void tls_connection_remove_session(struct tls_connection *conn)
+{
+}
diff --git a/src/crypto/tls_none.c b/src/crypto/tls_none.c
index 1b1ba56..ae392ad 100644
--- a/src/crypto/tls_none.c
+++ b/src/crypto/tls_none.c
@@ -72,14 +72,15 @@
int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn,
- int verify_peer)
+ int verify_peer, unsigned int flags,
+ const u8 *session_ctx, size_t session_ctx_len)
{
return -1;
}
-int tls_connection_get_keys(void *tls_ctx, struct tls_connection *conn,
- struct tls_keys *keys)
+int tls_connection_get_random(void *tls_ctx, struct tls_connection *conn,
+ struct tls_random *data)
{
return -1;
}
@@ -140,6 +141,13 @@
}
+int tls_get_version(void *ssl_ctx, struct tls_connection *conn,
+ char *buf, size_t buflen)
+{
+ return -1;
+}
+
+
int tls_get_cipher(void *tls_ctx, struct tls_connection *conn,
char *buf, size_t buflen)
{
@@ -181,13 +189,30 @@
}
-unsigned int tls_capabilities(void *tls_ctx)
-{
- return 0;
-}
-
-
int tls_get_library_version(char *buf, size_t buf_len)
{
return os_snprintf(buf, buf_len, "none");
}
+
+
+void tls_connection_set_success_data(struct tls_connection *conn,
+ struct wpabuf *data)
+{
+}
+
+
+void tls_connection_set_success_data_resumed(struct tls_connection *conn)
+{
+}
+
+
+const struct wpabuf *
+tls_connection_get_success_data(struct tls_connection *conn)
+{
+ return NULL;
+}
+
+
+void tls_connection_remove_session(struct tls_connection *conn)
+{
+}
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index db2d73e..c2bb8c5 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -1,6 +1,6 @@
/*
* SSL/TLS interface functions for OpenSSL
- * Copyright (c) 2004-2013, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -23,10 +23,22 @@
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif /* OPENSSL_NO_ENGINE */
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
+
+#ifdef OPENSSL_IS_BORINGSSL
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#endif /* OPENSSL_IS_BORINGSSL */
#include "common.h"
#include "crypto.h"
#include "sha1.h"
+#include "sha256.h"
#include "tls.h"
#if OPENSSL_VERSION_NUMBER < 0x10000000L
@@ -64,10 +76,10 @@
free(value);
return bio;
}
-
#endif /* ANDROID */
static int tls_openssl_ref_count = 0;
+static int tls_ex_idx_session = -1;
struct tls_context {
void (*event_cb)(void *ctx, enum tls_event ev,
@@ -80,6 +92,11 @@
static struct tls_context *tls_global = NULL;
+struct tls_data {
+ SSL_CTX *ssl;
+ unsigned int tls_session_lifetime;
+};
+
struct tls_connection {
struct tls_context *context;
SSL_CTX *ssl_ctx;
@@ -103,6 +120,7 @@
unsigned int cert_probe:1;
unsigned int server_cert_only:1;
unsigned int invalid_hb_used:1;
+ unsigned int success_data:1;
u8 srv_cert_hash[32];
@@ -111,6 +129,11 @@
X509 *peer_cert;
X509 *peer_issuer;
X509 *peer_issuer_issuer;
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ unsigned char client_random[SSL3_RANDOM_SIZE];
+ unsigned char server_random[SSL3_RANDOM_SIZE];
+#endif
};
@@ -733,8 +756,27 @@
#endif /* OPENSSL_NO_ENGINE */
+static void remove_session_cb(SSL_CTX *ctx, SSL_SESSION *sess)
+{
+ struct wpabuf *buf;
+
+ if (tls_ex_idx_session < 0)
+ return;
+ buf = SSL_SESSION_get_ex_data(sess, tls_ex_idx_session);
+ if (!buf)
+ return;
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: Free application session data %p (sess %p)",
+ buf, sess);
+ wpabuf_free(buf);
+
+ SSL_SESSION_set_ex_data(sess, tls_ex_idx_session, NULL);
+}
+
+
void * tls_init(const struct tls_config *conf)
{
+ struct tls_data *data;
SSL_CTX *ssl;
struct tls_context *context;
const char *ciphers;
@@ -746,7 +788,9 @@
#ifdef CONFIG_FIPS
#ifdef OPENSSL_FIPS
if (conf && conf->fips_mode) {
- if (!FIPS_mode_set(1)) {
+ static int fips_enabled = 0;
+
+ if (!fips_enabled && !FIPS_mode_set(1)) {
wpa_printf(MSG_ERROR, "Failed to enable FIPS "
"mode");
ERR_load_crypto_strings();
@@ -754,8 +798,10 @@
os_free(tls_global);
tls_global = NULL;
return NULL;
- } else
+ } else {
wpa_printf(MSG_INFO, "Running in FIPS mode");
+ fips_enabled = 1;
+ }
}
#else /* OPENSSL_FIPS */
if (conf && conf->fips_mode) {
@@ -795,7 +841,11 @@
}
tls_openssl_ref_count++;
- ssl = SSL_CTX_new(SSLv23_method());
+ data = os_zalloc(sizeof(*data));
+ if (data)
+ ssl = SSL_CTX_new(SSLv23_method());
+ else
+ ssl = NULL;
if (ssl == NULL) {
tls_openssl_ref_count--;
if (context != tls_global)
@@ -806,12 +856,37 @@
}
return NULL;
}
+ data->ssl = ssl;
+ if (conf)
+ data->tls_session_lifetime = conf->tls_session_lifetime;
SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv2);
SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv3);
SSL_CTX_set_info_callback(ssl, ssl_info_cb);
SSL_CTX_set_app_data(ssl, context);
+ if (data->tls_session_lifetime > 0) {
+ SSL_CTX_set_quiet_shutdown(ssl, 1);
+ /*
+ * Set default context here. In practice, this will be replaced
+ * by the per-EAP method context in tls_connection_set_verify().
+ */
+ SSL_CTX_set_session_id_context(ssl, (u8 *) "hostapd", 7);
+ SSL_CTX_set_session_cache_mode(ssl, SSL_SESS_CACHE_SERVER);
+ SSL_CTX_set_timeout(ssl, data->tls_session_lifetime);
+ SSL_CTX_sess_set_remove_cb(ssl, remove_session_cb);
+ } else {
+ SSL_CTX_set_session_cache_mode(ssl, SSL_SESS_CACHE_OFF);
+ }
+
+ if (tls_ex_idx_session < 0) {
+ tls_ex_idx_session = SSL_SESSION_get_ex_new_index(
+ 0, NULL, NULL, NULL, NULL);
+ if (tls_ex_idx_session < 0) {
+ tls_deinit(data);
+ return NULL;
+ }
+ }
#ifndef OPENSSL_NO_ENGINE
wpa_printf(MSG_DEBUG, "ENGINE: Loading dynamic engine");
@@ -824,7 +899,7 @@
if (tls_engine_load_dynamic_opensc(conf->opensc_engine_path) ||
tls_engine_load_dynamic_pkcs11(conf->pkcs11_engine_path,
conf->pkcs11_module_path)) {
- tls_deinit(ssl);
+ tls_deinit(data);
return NULL;
}
}
@@ -838,20 +913,23 @@
wpa_printf(MSG_ERROR,
"OpenSSL: Failed to set cipher string '%s'",
ciphers);
- tls_deinit(ssl);
+ tls_deinit(data);
return NULL;
}
- return ssl;
+ return data;
}
void tls_deinit(void *ssl_ctx)
{
- SSL_CTX *ssl = ssl_ctx;
+ struct tls_data *data = ssl_ctx;
+ SSL_CTX *ssl = data->ssl;
struct tls_context *context = SSL_CTX_get_app_data(ssl);
if (context != tls_global)
os_free(context);
+ if (data->tls_session_lifetime > 0)
+ SSL_CTX_flush_sessions(ssl, 0);
SSL_CTX_free(ssl);
tls_openssl_ref_count--;
@@ -868,12 +946,10 @@
os_free(tls_global);
tls_global = NULL;
}
+
+ os_free(data);
}
-#ifdef ANDROID
-/* EVP_PKEY_from_keystore comes from system/security/keystore-engine. */
-EVP_PKEY* EVP_PKEY_from_keystore(const char* key_id);
-#endif
#ifndef OPENSSL_NO_ENGINE
@@ -896,6 +972,11 @@
#endif /* OPENSSL_NO_ENGINE */
+#ifdef ANDROID
+/* EVP_PKEY_from_keystore comes from system/security/keystore-engine. */
+EVP_PKEY * EVP_PKEY_from_keystore(const char *key_id);
+#endif /* ANDROID */
+
static int tls_engine_init(struct tls_connection *conn, const char *engine_id,
const char *pin, const char *key_id,
const char *cert_id, const char *ca_cert_id)
@@ -904,7 +985,8 @@
#if !defined(OPENSSL_NO_ENGINE)
#error "This code depends on OPENSSL_NO_ENGINE being defined by BoringSSL."
#endif
-
+ if (!key_id)
+ return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
conn->engine = NULL;
conn->private_key = EVP_PKEY_from_keystore(key_id);
if (!conn->private_key) {
@@ -914,7 +996,7 @@
ERR_error_string(ERR_get_error(), NULL));
return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
}
-#endif
+#endif /* ANDROID && OPENSSL_IS_BORINGSSL */
#ifndef OPENSSL_NO_ENGINE
int ret = -1;
@@ -1022,10 +1104,10 @@
if (conn->engine) {
#if !defined(OPENSSL_IS_BORINGSSL)
ENGINE_finish(conn->engine);
-#endif
+#endif /* !OPENSSL_IS_BORINGSSL */
conn->engine = NULL;
}
-#endif /* OPENSSL_NO_ENGINE */
+#endif /* ANDROID || !OPENSSL_NO_ENGINE */
}
@@ -1044,14 +1126,83 @@
}
+static const char * openssl_content_type(int content_type)
+{
+ switch (content_type) {
+ case 20:
+ return "change cipher spec";
+ case 21:
+ return "alert";
+ case 22:
+ return "handshake";
+ case 23:
+ return "application data";
+ case 24:
+ return "heartbeat";
+ case 256:
+ return "TLS header info"; /* pseudo content type */
+ default:
+ return "?";
+ }
+}
+
+
+static const char * openssl_handshake_type(int content_type, const u8 *buf,
+ size_t len)
+{
+ if (content_type != 22 || !buf || len == 0)
+ return "";
+ switch (buf[0]) {
+ case 0:
+ return "hello request";
+ case 1:
+ return "client hello";
+ case 2:
+ return "server hello";
+ case 4:
+ return "new session ticket";
+ case 11:
+ return "certificate";
+ case 12:
+ return "server key exchange";
+ case 13:
+ return "certificate request";
+ case 14:
+ return "server hello done";
+ case 15:
+ return "certificate verify";
+ case 16:
+ return "client key exchange";
+ case 20:
+ return "finished";
+ case 21:
+ return "certificate url";
+ case 22:
+ return "certificate status";
+ default:
+ return "?";
+ }
+}
+
+
static void tls_msg_cb(int write_p, int version, int content_type,
const void *buf, size_t len, SSL *ssl, void *arg)
{
struct tls_connection *conn = arg;
const u8 *pos = buf;
- wpa_printf(MSG_DEBUG, "OpenSSL: %s ver=0x%x content_type=%d",
- write_p ? "TX" : "RX", version, content_type);
+ if (write_p == 2) {
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: session ver=0x%x content_type=%d",
+ version, content_type);
+ wpa_hexdump_key(MSG_MSGDUMP, "OpenSSL: Data", buf, len);
+ return;
+ }
+
+ wpa_printf(MSG_DEBUG, "OpenSSL: %s ver=0x%x content_type=%d (%s/%s)",
+ write_p ? "TX" : "RX", version, content_type,
+ openssl_content_type(content_type),
+ openssl_handshake_type(content_type, buf, len));
wpa_hexdump_key(MSG_MSGDUMP, "OpenSSL: Message", buf, len);
if (content_type == 24 && len >= 3 && pos[0] == 1) {
size_t payload_len = WPA_GET_BE16(pos + 1);
@@ -1065,7 +1216,8 @@
struct tls_connection * tls_connection_init(void *ssl_ctx)
{
- SSL_CTX *ssl = ssl_ctx;
+ struct tls_data *data = ssl_ctx;
+ SSL_CTX *ssl = data->ssl;
struct tls_connection *conn;
long options;
struct tls_context *context = SSL_CTX_get_app_data(ssl);
@@ -1073,7 +1225,7 @@
conn = os_zalloc(sizeof(*conn));
if (conn == NULL)
return NULL;
- conn->ssl_ctx = ssl_ctx;
+ conn->ssl_ctx = ssl;
conn->ssl = SSL_new(ssl);
if (conn->ssl == NULL) {
tls_show_errors(MSG_INFO, __func__,
@@ -1122,6 +1274,14 @@
{
if (conn == NULL)
return;
+ if (conn->success_data) {
+ /*
+ * Make sure ssl_clear_bad_session() does not remove this
+ * session.
+ */
+ SSL_set_quiet_shutdown(conn->ssl, 1);
+ SSL_shutdown(conn->ssl);
+ }
SSL_free(conn->ssl);
tls_engine_deinit(conn);
os_free(conn->subject_match);
@@ -1494,6 +1654,819 @@
}
+#ifdef OPENSSL_IS_BORINGSSL
+
+/*
+ * CertID ::= SEQUENCE {
+ * hashAlgorithm AlgorithmIdentifier,
+ * issuerNameHash OCTET STRING, -- Hash of Issuer's DN
+ * issuerKeyHash OCTET STRING, -- Hash of Issuer's public key
+ * serialNumber CertificateSerialNumber }
+ */
+typedef struct {
+ X509_ALGOR *hashAlgorithm;
+ ASN1_OCTET_STRING *issuerNameHash;
+ ASN1_OCTET_STRING *issuerKeyHash;
+ ASN1_INTEGER *serialNumber;
+} CertID;
+
+/*
+ * ResponseBytes ::= SEQUENCE {
+ * responseType OBJECT IDENTIFIER,
+ * response OCTET STRING }
+ */
+typedef struct {
+ ASN1_OBJECT *responseType;
+ ASN1_OCTET_STRING *response;
+} ResponseBytes;
+
+/*
+ * OCSPResponse ::= SEQUENCE {
+ * responseStatus OCSPResponseStatus,
+ * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
+ */
+typedef struct {
+ ASN1_ENUMERATED *responseStatus;
+ ResponseBytes *responseBytes;
+} OCSPResponse;
+
+ASN1_SEQUENCE(ResponseBytes) = {
+ ASN1_SIMPLE(ResponseBytes, responseType, ASN1_OBJECT),
+ ASN1_SIMPLE(ResponseBytes, response, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(ResponseBytes);
+
+ASN1_SEQUENCE(OCSPResponse) = {
+ ASN1_SIMPLE(OCSPResponse, responseStatus, ASN1_ENUMERATED),
+ ASN1_EXP_OPT(OCSPResponse, responseBytes, ResponseBytes, 0)
+} ASN1_SEQUENCE_END(OCSPResponse);
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSPResponse);
+
+/*
+ * ResponderID ::= CHOICE {
+ * byName [1] Name,
+ * byKey [2] KeyHash }
+ */
+typedef struct {
+ int type;
+ union {
+ X509_NAME *byName;
+ ASN1_OCTET_STRING *byKey;
+ } value;
+} ResponderID;
+
+/*
+ * RevokedInfo ::= SEQUENCE {
+ * revocationTime GeneralizedTime,
+ * revocationReason [0] EXPLICIT CRLReason OPTIONAL }
+ */
+typedef struct {
+ ASN1_GENERALIZEDTIME *revocationTime;
+ ASN1_ENUMERATED *revocationReason;
+} RevokedInfo;
+
+/*
+ * CertStatus ::= CHOICE {
+ * good [0] IMPLICIT NULL,
+ * revoked [1] IMPLICIT RevokedInfo,
+ * unknown [2] IMPLICIT UnknownInfo }
+ */
+typedef struct {
+ int type;
+ union {
+ ASN1_NULL *good;
+ RevokedInfo *revoked;
+ ASN1_NULL *unknown;
+ } value;
+} CertStatus;
+
+/*
+ * SingleResponse ::= SEQUENCE {
+ * certID CertID,
+ * certStatus CertStatus,
+ * thisUpdate GeneralizedTime,
+ * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
+ * singleExtensions [1] EXPLICIT Extensions OPTIONAL }
+ */
+typedef struct {
+ CertID *certID;
+ CertStatus *certStatus;
+ ASN1_GENERALIZEDTIME *thisUpdate;
+ ASN1_GENERALIZEDTIME *nextUpdate;
+ STACK_OF(X509_EXTENSION) *singleExtensions;
+} SingleResponse;
+
+/*
+ * ResponseData ::= SEQUENCE {
+ * version [0] EXPLICIT Version DEFAULT v1,
+ * responderID ResponderID,
+ * producedAt GeneralizedTime,
+ * responses SEQUENCE OF SingleResponse,
+ * responseExtensions [1] EXPLICIT Extensions OPTIONAL }
+ */
+typedef struct {
+ ASN1_INTEGER *version;
+ ResponderID *responderID;
+ ASN1_GENERALIZEDTIME *producedAt;
+ STACK_OF(SingleResponse) *responses;
+ STACK_OF(X509_EXTENSION) *responseExtensions;
+} ResponseData;
+
+/*
+ * BasicOCSPResponse ::= SEQUENCE {
+ * tbsResponseData ResponseData,
+ * signatureAlgorithm AlgorithmIdentifier,
+ * signature BIT STRING,
+ * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+ */
+typedef struct {
+ ResponseData *tbsResponseData;
+ X509_ALGOR *signatureAlgorithm;
+ ASN1_BIT_STRING *signature;
+ STACK_OF(X509) *certs;
+} BasicOCSPResponse;
+
+ASN1_SEQUENCE(CertID) = {
+ ASN1_SIMPLE(CertID, hashAlgorithm, X509_ALGOR),
+ ASN1_SIMPLE(CertID, issuerNameHash, ASN1_OCTET_STRING),
+ ASN1_SIMPLE(CertID, issuerKeyHash, ASN1_OCTET_STRING),
+ ASN1_SIMPLE(CertID, serialNumber, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(CertID);
+
+ASN1_CHOICE(ResponderID) = {
+ ASN1_EXP(ResponderID, value.byName, X509_NAME, 1),
+ ASN1_EXP(ResponderID, value.byKey, ASN1_OCTET_STRING, 2)
+} ASN1_CHOICE_END(ResponderID);
+
+ASN1_SEQUENCE(RevokedInfo) = {
+ ASN1_SIMPLE(RevokedInfo, revocationTime, ASN1_GENERALIZEDTIME),
+ ASN1_EXP_OPT(RevokedInfo, revocationReason, ASN1_ENUMERATED, 0)
+} ASN1_SEQUENCE_END(RevokedInfo);
+
+ASN1_CHOICE(CertStatus) = {
+ ASN1_IMP(CertStatus, value.good, ASN1_NULL, 0),
+ ASN1_IMP(CertStatus, value.revoked, RevokedInfo, 1),
+ ASN1_IMP(CertStatus, value.unknown, ASN1_NULL, 2)
+} ASN1_CHOICE_END(CertStatus);
+
+ASN1_SEQUENCE(SingleResponse) = {
+ ASN1_SIMPLE(SingleResponse, certID, CertID),
+ ASN1_SIMPLE(SingleResponse, certStatus, CertStatus),
+ ASN1_SIMPLE(SingleResponse, thisUpdate, ASN1_GENERALIZEDTIME),
+ ASN1_EXP_OPT(SingleResponse, nextUpdate, ASN1_GENERALIZEDTIME, 0),
+ ASN1_EXP_SEQUENCE_OF_OPT(SingleResponse, singleExtensions,
+ X509_EXTENSION, 1)
+} ASN1_SEQUENCE_END(SingleResponse);
+
+ASN1_SEQUENCE(ResponseData) = {
+ ASN1_EXP_OPT(ResponseData, version, ASN1_INTEGER, 0),
+ ASN1_SIMPLE(ResponseData, responderID, ResponderID),
+ ASN1_SIMPLE(ResponseData, producedAt, ASN1_GENERALIZEDTIME),
+ ASN1_SEQUENCE_OF(ResponseData, responses, SingleResponse),
+ ASN1_EXP_SEQUENCE_OF_OPT(ResponseData, responseExtensions,
+ X509_EXTENSION, 1)
+} ASN1_SEQUENCE_END(ResponseData);
+
+ASN1_SEQUENCE(BasicOCSPResponse) = {
+ ASN1_SIMPLE(BasicOCSPResponse, tbsResponseData, ResponseData),
+ ASN1_SIMPLE(BasicOCSPResponse, signatureAlgorithm, X509_ALGOR),
+ ASN1_SIMPLE(BasicOCSPResponse, signature, ASN1_BIT_STRING),
+ ASN1_EXP_SEQUENCE_OF_OPT(BasicOCSPResponse, certs, X509, 0)
+} ASN1_SEQUENCE_END(BasicOCSPResponse);
+
+IMPLEMENT_ASN1_FUNCTIONS(BasicOCSPResponse);
+
+#define sk_SingleResponse_num(sk) \
+sk_num(CHECKED_CAST(_STACK *, STACK_OF(SingleResponse) *, sk))
+
+#define sk_SingleResponse_value(sk, i) \
+ ((SingleResponse *) \
+ sk_value(CHECKED_CAST(_STACK *, STACK_OF(SingleResponse) *, sk), (i)))
+
+
+static char * mem_bio_to_str(BIO *out)
+{
+ char *txt;
+ size_t rlen;
+ int res;
+
+ rlen = BIO_ctrl_pending(out);
+ txt = os_malloc(rlen + 1);
+ if (!txt) {
+ BIO_free(out);
+ return NULL;
+ }
+
+ res = BIO_read(out, txt, rlen);
+ BIO_free(out);
+ if (res < 0) {
+ os_free(txt);
+ return NULL;
+ }
+
+ txt[res] = '\0';
+ return txt;
+}
+
+
+static char * generalizedtime_str(ASN1_GENERALIZEDTIME *t)
+{
+ BIO *out;
+
+ out = BIO_new(BIO_s_mem());
+ if (!out)
+ return NULL;
+
+ if (!ASN1_GENERALIZEDTIME_print(out, t)) {
+ BIO_free(out);
+ return NULL;
+ }
+
+ return mem_bio_to_str(out);
+}
+
+
+static char * responderid_str(ResponderID *rid)
+{
+ BIO *out;
+
+ out = BIO_new(BIO_s_mem());
+ if (!out)
+ return NULL;
+
+ switch (rid->type) {
+ case 0:
+ X509_NAME_print_ex(out, rid->value.byName, 0, XN_FLAG_ONELINE);
+ break;
+ case 1:
+ i2a_ASN1_STRING(out, rid->value.byKey, V_ASN1_OCTET_STRING);
+ break;
+ default:
+ BIO_free(out);
+ return NULL;
+ }
+
+ return mem_bio_to_str(out);
+}
+
+
+static char * octet_string_str(ASN1_OCTET_STRING *o)
+{
+ BIO *out;
+
+ out = BIO_new(BIO_s_mem());
+ if (!out)
+ return NULL;
+
+ i2a_ASN1_STRING(out, o, V_ASN1_OCTET_STRING);
+ return mem_bio_to_str(out);
+}
+
+
+static char * integer_str(ASN1_INTEGER *i)
+{
+ BIO *out;
+
+ out = BIO_new(BIO_s_mem());
+ if (!out)
+ return NULL;
+
+ i2a_ASN1_INTEGER(out, i);
+ return mem_bio_to_str(out);
+}
+
+
+static char * algor_str(X509_ALGOR *alg)
+{
+ BIO *out;
+
+ out = BIO_new(BIO_s_mem());
+ if (!out)
+ return NULL;
+
+ i2a_ASN1_OBJECT(out, alg->algorithm);
+ return mem_bio_to_str(out);
+}
+
+
+static char * extensions_str(const char *title, STACK_OF(X509_EXTENSION) *ext)
+{
+ BIO *out;
+
+ if (!ext)
+ return NULL;
+
+ out = BIO_new(BIO_s_mem());
+ if (!out)
+ return NULL;
+
+ if (!X509V3_extensions_print(out, title, ext, 0, 0)) {
+ BIO_free(out);
+ return NULL;
+ }
+ return mem_bio_to_str(out);
+}
+
+
+static int ocsp_resp_valid(ASN1_GENERALIZEDTIME *thisupd,
+ ASN1_GENERALIZEDTIME *nextupd)
+{
+ time_t now, tmp;
+
+ if (!ASN1_GENERALIZEDTIME_check(thisupd)) {
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: Invalid OCSP response thisUpdate");
+ return 0;
+ }
+
+ time(&now);
+ tmp = now + 5 * 60; /* allow five minute clock difference */
+ if (X509_cmp_time(thisupd, &tmp) > 0) {
+ wpa_printf(MSG_DEBUG, "OpenSSL: OCSP response not yet valid");
+ return 0;
+ }
+
+ if (!nextupd)
+ return 1; /* OK - no limit on response age */
+
+ if (!ASN1_GENERALIZEDTIME_check(nextupd)) {
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: Invalid OCSP response nextUpdate");
+ return 0;
+ }
+
+ tmp = now - 5 * 60; /* allow five minute clock difference */
+ if (X509_cmp_time(nextupd, &tmp) < 0) {
+ wpa_printf(MSG_DEBUG, "OpenSSL: OCSP response expired");
+ return 0;
+ }
+
+ if (ASN1_STRING_cmp(nextupd, thisupd) < 0) {
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: OCSP response nextUpdate before thisUpdate");
+ return 0;
+ }
+
+ /* Both thisUpdate and nextUpdate are valid */
+ return -1;
+}
+
+
+static int issuer_match(X509 *cert, X509 *issuer, CertID *certid)
+{
+ X509_NAME *iname;
+ ASN1_BIT_STRING *ikey;
+ const EVP_MD *dgst;
+ unsigned int len;
+ unsigned char md[EVP_MAX_MD_SIZE];
+ ASN1_OCTET_STRING *hash;
+ char *txt;
+
+ dgst = EVP_get_digestbyobj(certid->hashAlgorithm->algorithm);
+ if (!dgst) {
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: Could not find matching hash algorithm for OCSP");
+ return -1;
+ }
+
+ iname = X509_get_issuer_name(cert);
+ if (!X509_NAME_digest(iname, dgst, md, &len))
+ return -1;
+ hash = ASN1_OCTET_STRING_new();
+ if (!hash)
+ return -1;
+ if (!ASN1_OCTET_STRING_set(hash, md, len)) {
+ ASN1_OCTET_STRING_free(hash);
+ return -1;
+ }
+
+ txt = octet_string_str(hash);
+ if (txt) {
+ wpa_printf(MSG_DEBUG, "OpenSSL: calculated issuerNameHash: %s",
+ txt);
+ os_free(txt);
+ }
+
+ if (ASN1_OCTET_STRING_cmp(certid->issuerNameHash, hash)) {
+ ASN1_OCTET_STRING_free(hash);
+ return -1;
+ }
+
+ ikey = X509_get0_pubkey_bitstr(issuer);
+ if (!EVP_Digest(ikey->data, ikey->length, md, &len, dgst, NULL) ||
+ !ASN1_OCTET_STRING_set(hash, md, len)) {
+ ASN1_OCTET_STRING_free(hash);
+ return -1;
+ }
+
+ txt = octet_string_str(hash);
+ if (txt) {
+ wpa_printf(MSG_DEBUG, "OpenSSL: calculated issuerKeyHash: %s",
+ txt);
+ os_free(txt);
+ }
+
+ if (ASN1_OCTET_STRING_cmp(certid->issuerKeyHash, hash)) {
+ ASN1_OCTET_STRING_free(hash);
+ return -1;
+ }
+
+ ASN1_OCTET_STRING_free(hash);
+ return 0;
+}
+
+
+static X509 * ocsp_find_signer(STACK_OF(X509) *certs, ResponderID *rid)
+{
+ unsigned int i;
+ unsigned char hash[SHA_DIGEST_LENGTH];
+
+ if (rid->type == 0) {
+ /* byName */
+ return X509_find_by_subject(certs, rid->value.byName);
+ }
+
+ /* byKey */
+ if (rid->value.byKey->length != SHA_DIGEST_LENGTH)
+ return NULL;
+ for (i = 0; i < sk_X509_num(certs); i++) {
+ X509 *x = sk_X509_value(certs, i);
+
+ X509_pubkey_digest(x, EVP_sha1(), hash, NULL);
+ if (os_memcmp(rid->value.byKey->data, hash,
+ SHA_DIGEST_LENGTH) == 0)
+ return x;
+ }
+
+ return NULL;
+}
+
+
+enum ocsp_result {
+ OCSP_GOOD, OCSP_REVOKED, OCSP_NO_RESPONSE, OCSP_INVALID
+};
+
+static enum ocsp_result check_ocsp_resp(struct tls_connection *conn,
+ X509 *cert, X509 *issuer)
+{
+ const uint8_t *resp_data;
+ size_t resp_len;
+ OCSPResponse *resp;
+ int status;
+ ResponseBytes *bytes;
+ const u8 *basic_data;
+ size_t basic_len;
+ BasicOCSPResponse *basic;
+ ResponseData *rd;
+ char *txt;
+ int i, num;
+ unsigned int j, num_resp;
+ SingleResponse *matching_resp = NULL, *cmp_sresp;
+ enum ocsp_result result = OCSP_INVALID;
+ X509_STORE *store;
+ STACK_OF(X509) *untrusted = NULL, *certs = NULL, *chain = NULL;
+ X509_STORE_CTX ctx;
+ X509 *signer, *tmp_cert;
+ int signer_trusted = 0;
+ EVP_PKEY *skey;
+ int ret;
+ char buf[256];
+
+ txt = integer_str(X509_get_serialNumber(cert));
+ if (txt) {
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: Searching OCSP response for peer certificate serialNumber: %s", txt);
+ os_free(txt);
+ }
+
+ SSL_get0_ocsp_response(conn->ssl, &resp_data, &resp_len);
+ if (resp_data == NULL || resp_len == 0) {
+ wpa_printf(MSG_DEBUG, "OpenSSL: No OCSP response received");
+ return OCSP_NO_RESPONSE;
+ }
+
+ wpa_hexdump(MSG_DEBUG, "OpenSSL: OCSP response", resp_data, resp_len);
+
+ resp = d2i_OCSPResponse(NULL, &resp_data, resp_len);
+ if (!resp) {
+ wpa_printf(MSG_INFO, "OpenSSL: Failed to parse OCSPResponse");
+ return OCSP_INVALID;
+ }
+
+ status = ASN1_ENUMERATED_get(resp->responseStatus);
+ if (status != 0) {
+ wpa_printf(MSG_INFO, "OpenSSL: OCSP responder error %d",
+ status);
+ return OCSP_INVALID;
+ }
+
+ bytes = resp->responseBytes;
+
+ if (!bytes ||
+ OBJ_obj2nid(bytes->responseType) != NID_id_pkix_OCSP_basic) {
+ wpa_printf(MSG_INFO,
+ "OpenSSL: Could not find BasicOCSPResponse");
+ return OCSP_INVALID;
+ }
+
+ basic_data = ASN1_STRING_data(bytes->response);
+ basic_len = ASN1_STRING_length(bytes->response);
+ wpa_hexdump(MSG_DEBUG, "OpenSSL: BasicOCSPResponse",
+ basic_data, basic_len);
+
+ basic = d2i_BasicOCSPResponse(NULL, &basic_data, basic_len);
+ if (!basic) {
+ wpa_printf(MSG_INFO,
+ "OpenSSL: Could not parse BasicOCSPResponse");
+ OCSPResponse_free(resp);
+ return OCSP_INVALID;
+ }
+
+ rd = basic->tbsResponseData;
+
+ if (basic->certs) {
+ untrusted = sk_X509_dup(basic->certs);
+
+ num = sk_X509_num(basic->certs);
+ for (i = 0; i < num; i++) {
+ X509 *extra_cert;
+
+ extra_cert = sk_X509_value(basic->certs, i);
+ X509_NAME_oneline(X509_get_subject_name(extra_cert),
+ buf, sizeof(buf));
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: BasicOCSPResponse cert %s", buf);
+
+ if (!sk_X509_push(untrusted, extra_cert)) {
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: Could not add certificate to the untrusted stack");
+ }
+ }
+ }
+
+ store = SSL_CTX_get_cert_store(conn->ssl_ctx);
+ if (conn->peer_issuer) {
+ if (X509_STORE_add_cert(store, conn->peer_issuer) != 1) {
+ tls_show_errors(MSG_INFO, __func__,
+ "OpenSSL: Could not add issuer to certificate store");
+ }
+ certs = sk_X509_new_null();
+ if (certs) {
+ tmp_cert = X509_dup(conn->peer_issuer);
+ if (tmp_cert && !sk_X509_push(certs, tmp_cert)) {
+ tls_show_errors(
+ MSG_INFO, __func__,
+ "OpenSSL: Could not add issuer to OCSP responder trust store");
+ X509_free(tmp_cert);
+ sk_X509_free(certs);
+ certs = NULL;
+ }
+ if (certs && conn->peer_issuer_issuer) {
+ tmp_cert = X509_dup(conn->peer_issuer_issuer);
+ if (tmp_cert &&
+ !sk_X509_push(certs, tmp_cert)) {
+ tls_show_errors(
+ MSG_INFO, __func__,
+ "OpenSSL: Could not add issuer's issuer to OCSP responder trust store");
+ X509_free(tmp_cert);
+ }
+ }
+ }
+ }
+
+ signer = ocsp_find_signer(certs, rd->responderID);
+ if (!signer)
+ signer = ocsp_find_signer(untrusted, rd->responderID);
+ else
+ signer_trusted = 1;
+ if (!signer) {
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: Could not find OCSP signer certificate");
+ goto fail;
+ }
+
+ skey = X509_get_pubkey(signer);
+ if (!skey) {
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: Could not get OCSP signer public key");
+ goto fail;
+ }
+ if (ASN1_item_verify(ASN1_ITEM_rptr(ResponseData),
+ basic->signatureAlgorithm, basic->signature,
+ basic->tbsResponseData, skey) <= 0) {
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: BasicOCSPResponse signature is invalid");
+ goto fail;
+ }
+
+ X509_NAME_oneline(X509_get_subject_name(signer), buf, sizeof(buf));
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: Found OCSP signer certificate %s and verified BasicOCSPResponse signature",
+ buf);
+
+ if (!X509_STORE_CTX_init(&ctx, store, signer, untrusted))
+ goto fail;
+ X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
+ ret = X509_verify_cert(&ctx);
+ chain = X509_STORE_CTX_get1_chain(&ctx);
+ X509_STORE_CTX_cleanup(&ctx);
+ if (ret <= 0) {
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: Could not validate OCSP signer certificate");
+ goto fail;
+ }
+
+ if (!chain || sk_X509_num(chain) <= 0) {
+ wpa_printf(MSG_DEBUG, "OpenSSL: No OCSP signer chain found");
+ goto fail;
+ }
+
+ if (!signer_trusted) {
+ X509_check_purpose(signer, -1, 0);
+ if ((signer->ex_flags & EXFLAG_XKUSAGE) &&
+ (signer->ex_xkusage & XKU_OCSP_SIGN)) {
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: OCSP signer certificate delegation OK");
+ } else {
+ tmp_cert = sk_X509_value(chain, sk_X509_num(chain) - 1);
+ if (X509_check_trust(tmp_cert, NID_OCSP_sign, 0) !=
+ X509_TRUST_TRUSTED) {
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: OCSP signer certificate not trusted");
+ result = OCSP_NO_RESPONSE;
+ goto fail;
+ }
+ }
+ }
+
+ wpa_printf(MSG_DEBUG, "OpenSSL: OCSP version: %lu",
+ ASN1_INTEGER_get(rd->version));
+
+ txt = responderid_str(rd->responderID);
+ if (txt) {
+ wpa_printf(MSG_DEBUG, "OpenSSL: OCSP responderID: %s",
+ txt);
+ os_free(txt);
+ }
+
+ txt = generalizedtime_str(rd->producedAt);
+ if (txt) {
+ wpa_printf(MSG_DEBUG, "OpenSSL: OCSP producedAt: %s",
+ txt);
+ os_free(txt);
+ }
+
+ num_resp = sk_SingleResponse_num(rd->responses);
+ if (num_resp == 0) {
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: No OCSP SingleResponse within BasicOCSPResponse");
+ result = OCSP_NO_RESPONSE;
+ goto fail;
+ }
+ cmp_sresp = sk_SingleResponse_value(rd->responses, 0);
+ for (j = 0; j < num_resp; j++) {
+ SingleResponse *sresp;
+ CertID *cid1, *cid2;
+
+ sresp = sk_SingleResponse_value(rd->responses, j);
+ wpa_printf(MSG_DEBUG, "OpenSSL: OCSP SingleResponse %u/%u",
+ j + 1, num_resp);
+
+ txt = algor_str(sresp->certID->hashAlgorithm);
+ if (txt) {
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: certID hashAlgorithm: %s", txt);
+ os_free(txt);
+ }
+
+ txt = octet_string_str(sresp->certID->issuerNameHash);
+ if (txt) {
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: certID issuerNameHash: %s", txt);
+ os_free(txt);
+ }
+
+ txt = octet_string_str(sresp->certID->issuerKeyHash);
+ if (txt) {
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: certID issuerKeyHash: %s", txt);
+ os_free(txt);
+ }
+
+ txt = integer_str(sresp->certID->serialNumber);
+ if (txt) {
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: certID serialNumber: %s", txt);
+ os_free(txt);
+ }
+
+ switch (sresp->certStatus->type) {
+ case 0:
+ wpa_printf(MSG_DEBUG, "OpenSSL: certStatus: good");
+ break;
+ case 1:
+ wpa_printf(MSG_DEBUG, "OpenSSL: certStatus: revoked");
+ break;
+ default:
+ wpa_printf(MSG_DEBUG, "OpenSSL: certStatus: unknown");
+ break;
+ }
+
+ txt = generalizedtime_str(sresp->thisUpdate);
+ if (txt) {
+ wpa_printf(MSG_DEBUG, "OpenSSL: thisUpdate: %s", txt);
+ os_free(txt);
+ }
+
+ if (sresp->nextUpdate) {
+ txt = generalizedtime_str(sresp->nextUpdate);
+ if (txt) {
+ wpa_printf(MSG_DEBUG, "OpenSSL: nextUpdate: %s",
+ txt);
+ os_free(txt);
+ }
+ }
+
+ txt = extensions_str("singleExtensions",
+ sresp->singleExtensions);
+ if (txt) {
+ wpa_printf(MSG_DEBUG, "OpenSSL: %s", txt);
+ os_free(txt);
+ }
+
+ cid1 = cmp_sresp->certID;
+ cid2 = sresp->certID;
+ if (j > 0 &&
+ (OBJ_cmp(cid1->hashAlgorithm->algorithm,
+ cid2->hashAlgorithm->algorithm) != 0 ||
+ ASN1_OCTET_STRING_cmp(cid1->issuerNameHash,
+ cid2->issuerNameHash) != 0 ||
+ ASN1_OCTET_STRING_cmp(cid1->issuerKeyHash,
+ cid2->issuerKeyHash) != 0)) {
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: Different OCSP response issuer information between SingleResponse values within BasicOCSPResponse");
+ goto fail;
+ }
+
+ if (!matching_resp && issuer &&
+ ASN1_INTEGER_cmp(sresp->certID->serialNumber,
+ X509_get_serialNumber(cert)) == 0 &&
+ issuer_match(cert, issuer, sresp->certID) == 0) {
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: This response matches peer certificate");
+ matching_resp = sresp;
+ }
+ }
+
+ txt = extensions_str("responseExtensions", rd->responseExtensions);
+ if (txt) {
+ wpa_printf(MSG_DEBUG, "OpenSSL: %s", txt);
+ os_free(txt);
+ }
+
+ if (!matching_resp) {
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: Could not find OCSP response that matches the peer certificate");
+ result = OCSP_NO_RESPONSE;
+ goto fail;
+ }
+
+ if (!ocsp_resp_valid(matching_resp->thisUpdate,
+ matching_resp->nextUpdate)) {
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: OCSP response not valid at this time");
+ goto fail;
+ }
+
+ if (matching_resp->certStatus->type == 1) {
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: OCSP response indicated that the peer certificate has been revoked");
+ result = OCSP_REVOKED;
+ goto fail;
+ }
+
+ if (matching_resp->certStatus->type != 0) {
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: OCSP response did not indicate good status");
+ result = OCSP_NO_RESPONSE;
+ goto fail;
+ }
+
+ /* OCSP response indicated the certificate is good. */
+ result = OCSP_GOOD;
+fail:
+ sk_X509_pop_free(chain, X509_free);
+ sk_X509_free(untrusted);
+ sk_X509_pop_free(certs, X509_free);
+ BasicOCSPResponse_free(basic);
+ OCSPResponse_free(resp);
+
+ return result;
+}
+
+#endif /* OPENSSL_IS_BORINGSSL */
+
+
static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
{
char buf[256];
@@ -1639,6 +2612,29 @@
TLS_FAIL_SERVER_CHAIN_PROBE);
}
+#ifdef OPENSSL_IS_BORINGSSL
+ if (depth == 0 && (conn->flags & TLS_CONN_REQUEST_OCSP)) {
+ enum ocsp_result res;
+
+ res = check_ocsp_resp(conn, err_cert, conn->peer_issuer);
+ if (res == OCSP_REVOKED) {
+ preverify_ok = 0;
+ openssl_tls_fail_event(conn, err_cert, err, depth, buf,
+ "certificate revoked",
+ TLS_FAIL_REVOKED);
+ if (err == X509_V_OK)
+ X509_STORE_CTX_set_error(
+ x509_ctx, X509_V_ERR_CERT_REVOKED);
+ } else if (res != OCSP_GOOD &&
+ (conn->flags & TLS_CONN_REQUIRE_OCSP)) {
+ preverify_ok = 0;
+ openssl_tls_fail_event(conn, err_cert, err, depth, buf,
+ "bad certificate status response",
+ TLS_FAIL_UNSPECIFIED);
+ }
+ }
+#endif /* OPENSSL_IS_BORINGSSL */
+
if (preverify_ok && context->event_cb != NULL)
context->event_cb(context->cb_ctx,
TLS_CERT_CHAIN_SUCCESS, NULL);
@@ -1648,9 +2644,9 @@
#ifndef OPENSSL_NO_STDIO
-static int tls_load_ca_der(void *_ssl_ctx, const char *ca_cert)
+static int tls_load_ca_der(struct tls_data *data, const char *ca_cert)
{
- SSL_CTX *ssl_ctx = _ssl_ctx;
+ SSL_CTX *ssl_ctx = data->ssl;
X509_LOOKUP *lookup;
int ret = 0;
@@ -1680,11 +2676,12 @@
#endif /* OPENSSL_NO_STDIO */
-static int tls_connection_ca_cert(void *_ssl_ctx, struct tls_connection *conn,
+static int tls_connection_ca_cert(struct tls_data *data,
+ struct tls_connection *conn,
const char *ca_cert, const u8 *ca_cert_blob,
size_t ca_cert_blob_len, const char *ca_path)
{
- SSL_CTX *ssl_ctx = _ssl_ctx;
+ SSL_CTX *ssl_ctx = data->ssl;
X509_STORE *store;
/*
@@ -1819,7 +2816,7 @@
tls_show_errors(MSG_WARNING, __func__,
"Failed to load root certificates");
if (ca_cert &&
- tls_load_ca_der(ssl_ctx, ca_cert) == 0) {
+ tls_load_ca_der(data, ca_cert) == 0) {
wpa_printf(MSG_DEBUG, "OpenSSL: %s - loaded "
"DER format CA certificate",
__func__);
@@ -1828,7 +2825,7 @@
} else {
wpa_printf(MSG_DEBUG, "TLS: Trusted root "
"certificate(s) loaded");
- tls_get_errors(ssl_ctx);
+ tls_get_errors(data);
}
#else /* OPENSSL_NO_STDIO */
wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO",
@@ -1845,8 +2842,10 @@
}
-static int tls_global_ca_cert(SSL_CTX *ssl_ctx, const char *ca_cert)
+static int tls_global_ca_cert(struct tls_data *data, const char *ca_cert)
{
+ SSL_CTX *ssl_ctx = data->ssl;
+
if (ca_cert) {
if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, NULL) != 1)
{
@@ -1874,7 +2873,8 @@
int flags;
if (check_crl) {
- X509_STORE *cs = SSL_CTX_get_cert_store(ssl_ctx);
+ struct tls_data *data = ssl_ctx;
+ X509_STORE *cs = SSL_CTX_get_cert_store(data->ssl);
if (cs == NULL) {
tls_show_errors(MSG_INFO, __func__, "Failed to get "
"certificate store when enabling "
@@ -1932,10 +2932,44 @@
}
+static void tls_set_conn_flags(SSL *ssl, unsigned int flags)
+{
+#ifdef SSL_OP_NO_TICKET
+ if (flags & TLS_CONN_DISABLE_SESSION_TICKET)
+ SSL_set_options(ssl, SSL_OP_NO_TICKET);
+#ifdef SSL_clear_options
+ else
+ SSL_clear_options(ssl, SSL_OP_NO_TICKET);
+#endif /* SSL_clear_options */
+#endif /* SSL_OP_NO_TICKET */
+
+#ifdef SSL_OP_NO_TLSv1
+ if (flags & TLS_CONN_DISABLE_TLSv1_0)
+ SSL_set_options(ssl, SSL_OP_NO_TLSv1);
+ else
+ SSL_clear_options(ssl, SSL_OP_NO_TLSv1);
+#endif /* SSL_OP_NO_TLSv1 */
+#ifdef SSL_OP_NO_TLSv1_1
+ if (flags & TLS_CONN_DISABLE_TLSv1_1)
+ SSL_set_options(ssl, SSL_OP_NO_TLSv1_1);
+ else
+ SSL_clear_options(ssl, SSL_OP_NO_TLSv1_1);
+#endif /* SSL_OP_NO_TLSv1_1 */
+#ifdef SSL_OP_NO_TLSv1_2
+ if (flags & TLS_CONN_DISABLE_TLSv1_2)
+ SSL_set_options(ssl, SSL_OP_NO_TLSv1_2);
+ else
+ SSL_clear_options(ssl, SSL_OP_NO_TLSv1_2);
+#endif /* SSL_OP_NO_TLSv1_2 */
+}
+
+
int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn,
- int verify_peer)
+ int verify_peer, unsigned int flags,
+ const u8 *session_ctx, size_t session_ctx_len)
{
static int counter = 0;
+ struct tls_data *data = ssl_ctx;
if (conn == NULL)
return -1;
@@ -1950,20 +2984,25 @@
SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL);
}
+ tls_set_conn_flags(conn->ssl, flags);
+ conn->flags = flags;
+
SSL_set_accept_state(conn->ssl);
- /*
- * Set session id context in order to avoid fatal errors when client
- * tries to resume a session. However, set the context to a unique
- * value in order to effectively disable session resumption for now
- * since not all areas of the server code are ready for it (e.g.,
- * EAP-TTLS needs special handling for Phase 2 after abbreviated TLS
- * handshake).
- */
- counter++;
- SSL_set_session_id_context(conn->ssl,
- (const unsigned char *) &counter,
- sizeof(counter));
+ if (data->tls_session_lifetime == 0) {
+ /*
+ * Set session id context to a unique value to make sure
+ * session resumption cannot be used either through session
+ * caching or TLS ticket extension.
+ */
+ counter++;
+ SSL_set_session_id_context(conn->ssl,
+ (const unsigned char *) &counter,
+ sizeof(counter));
+ } else if (session_ctx) {
+ SSL_set_session_id_context(conn->ssl, session_ctx,
+ session_ctx_len);
+ }
return 0;
}
@@ -2035,9 +3074,12 @@
}
-static int tls_global_client_cert(SSL_CTX *ssl_ctx, const char *client_cert)
+static int tls_global_client_cert(struct tls_data *data,
+ const char *client_cert)
{
#ifndef OPENSSL_NO_STDIO
+ SSL_CTX *ssl_ctx = data->ssl;
+
if (client_cert == NULL)
return 0;
@@ -2071,7 +3113,7 @@
#ifdef PKCS12_FUNCS
-static int tls_parse_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, PKCS12 *p12,
+static int tls_parse_pkcs12(struct tls_data *data, SSL *ssl, PKCS12 *p12,
const char *passwd)
{
EVP_PKEY *pkey;
@@ -2083,6 +3125,8 @@
pkey = NULL;
cert = NULL;
certs = NULL;
+ if (!passwd)
+ passwd = "";
if (!PKCS12_parse(p12, passwd, &pkey, &cert, &certs)) {
tls_show_errors(MSG_DEBUG, __func__,
"Failed to parse PKCS12 file");
@@ -2100,7 +3144,7 @@
if (SSL_use_certificate(ssl, cert) != 1)
res = -1;
} else {
- if (SSL_CTX_use_certificate(ssl_ctx, cert) != 1)
+ if (SSL_CTX_use_certificate(data->ssl, cert) != 1)
res = -1;
}
X509_free(cert);
@@ -2112,13 +3156,52 @@
if (SSL_use_PrivateKey(ssl, pkey) != 1)
res = -1;
} else {
- if (SSL_CTX_use_PrivateKey(ssl_ctx, pkey) != 1)
+ if (SSL_CTX_use_PrivateKey(data->ssl, pkey) != 1)
res = -1;
}
EVP_PKEY_free(pkey);
}
if (certs) {
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+ SSL_clear_chain_certs(ssl);
+ while ((cert = sk_X509_pop(certs)) != NULL) {
+ X509_NAME_oneline(X509_get_subject_name(cert), buf,
+ sizeof(buf));
+ wpa_printf(MSG_DEBUG, "TLS: additional certificate"
+ " from PKCS12: subject='%s'", buf);
+ if (SSL_add1_chain_cert(ssl, cert) != 1) {
+ tls_show_errors(MSG_DEBUG, __func__,
+ "Failed to add additional certificate");
+ res = -1;
+ break;
+ }
+ }
+ if (!res) {
+ /* Try to continue anyway */
+ }
+ sk_X509_free(certs);
+#ifndef OPENSSL_IS_BORINGSSL
+ res = SSL_build_cert_chain(ssl,
+ SSL_BUILD_CHAIN_FLAG_CHECK |
+ SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR);
+ if (!res) {
+ tls_show_errors(MSG_DEBUG, __func__,
+ "Failed to build certificate chain");
+ } else if (res == 2) {
+ wpa_printf(MSG_DEBUG,
+ "TLS: Ignore certificate chain verification error when building chain with PKCS#12 extra certificates");
+ }
+#endif /* OPENSSL_IS_BORINGSSL */
+ /*
+ * Try to continue regardless of result since it is possible for
+ * the extra certificates not to be required.
+ */
+ res = 0;
+#else /* OPENSSL_VERSION_NUMBER >= 0x10002000L */
+#if OPENSSL_VERSION_NUMBER >= 0x10001000L
+ SSL_CTX_clear_extra_chain_certs(data->ssl);
+#endif /* OPENSSL_VERSION_NUMBER >= 0x10001000L */
while ((cert = sk_X509_pop(certs)) != NULL) {
X509_NAME_oneline(X509_get_subject_name(cert), buf,
sizeof(buf));
@@ -2128,26 +3211,28 @@
* There is no SSL equivalent for the chain cert - so
* always add it to the context...
*/
- if (SSL_CTX_add_extra_chain_cert(ssl_ctx, cert) != 1) {
+ if (SSL_CTX_add_extra_chain_cert(data->ssl, cert) != 1)
+ {
res = -1;
break;
}
}
sk_X509_free(certs);
+#endif /* OPENSSL_VERSION_NUMBER >= 0x10002000L */
}
PKCS12_free(p12);
if (res < 0)
- tls_get_errors(ssl_ctx);
+ tls_get_errors(data);
return res;
}
#endif /* PKCS12_FUNCS */
-static int tls_read_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, const char *private_key,
- const char *passwd)
+static int tls_read_pkcs12(struct tls_data *data, SSL *ssl,
+ const char *private_key, const char *passwd)
{
#ifdef PKCS12_FUNCS
FILE *f;
@@ -2166,7 +3251,7 @@
return -1;
}
- return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd);
+ return tls_parse_pkcs12(data, ssl, p12, passwd);
#else /* PKCS12_FUNCS */
wpa_printf(MSG_INFO, "TLS: PKCS12 support disabled - cannot read "
@@ -2176,7 +3261,7 @@
}
-static int tls_read_pkcs12_blob(SSL_CTX *ssl_ctx, SSL *ssl,
+static int tls_read_pkcs12_blob(struct tls_data *data, SSL *ssl,
const u8 *blob, size_t len, const char *passwd)
{
#ifdef PKCS12_FUNCS
@@ -2189,7 +3274,7 @@
return -1;
}
- return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd);
+ return tls_parse_pkcs12(data, ssl, p12, passwd);
#else /* PKCS12_FUNCS */
wpa_printf(MSG_INFO, "TLS: PKCS12 support disabled - cannot parse "
@@ -2260,13 +3345,13 @@
}
-static int tls_connection_engine_ca_cert(void *_ssl_ctx,
+static int tls_connection_engine_ca_cert(struct tls_data *data,
struct tls_connection *conn,
const char *ca_cert_id)
{
#ifndef OPENSSL_NO_ENGINE
X509 *cert;
- SSL_CTX *ssl_ctx = _ssl_ctx;
+ SSL_CTX *ssl_ctx = data->ssl;
X509_STORE *store;
if (tls_engine_get_cert(conn, ca_cert_id, &cert))
@@ -2332,14 +3417,14 @@
}
-static int tls_connection_private_key(void *_ssl_ctx,
+static int tls_connection_private_key(struct tls_data *data,
struct tls_connection *conn,
const char *private_key,
const char *private_key_passwd,
const u8 *private_key_blob,
size_t private_key_blob_len)
{
- SSL_CTX *ssl_ctx = _ssl_ctx;
+ SSL_CTX *ssl_ctx = data->ssl;
char *passwd;
int ok;
@@ -2385,7 +3470,7 @@
break;
}
- if (tls_read_pkcs12_blob(ssl_ctx, conn->ssl, private_key_blob,
+ if (tls_read_pkcs12_blob(data, conn->ssl, private_key_blob,
private_key_blob_len, passwd) == 0) {
wpa_printf(MSG_DEBUG, "OpenSSL: PKCS#12 as blob --> "
"OK");
@@ -2418,7 +3503,7 @@
__func__);
#endif /* OPENSSL_NO_STDIO */
- if (tls_read_pkcs12(ssl_ctx, conn->ssl, private_key, passwd)
+ if (tls_read_pkcs12(data, conn->ssl, private_key, passwd)
== 0) {
wpa_printf(MSG_DEBUG, "OpenSSL: Reading PKCS#12 file "
"--> OK");
@@ -2457,9 +3542,11 @@
}
-static int tls_global_private_key(SSL_CTX *ssl_ctx, const char *private_key,
+static int tls_global_private_key(struct tls_data *data,
+ const char *private_key,
const char *private_key_passwd)
{
+ SSL_CTX *ssl_ctx = data->ssl;
char *passwd;
if (private_key == NULL)
@@ -2481,7 +3568,7 @@
SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key,
SSL_FILETYPE_PEM) != 1 &&
#endif /* OPENSSL_NO_STDIO */
- tls_read_pkcs12(ssl_ctx, NULL, private_key, passwd)) {
+ tls_read_pkcs12(data, NULL, private_key, passwd)) {
tls_show_errors(MSG_INFO, __func__,
"Failed to load private key");
os_free(passwd);
@@ -2576,7 +3663,7 @@
}
-static int tls_global_dh(SSL_CTX *ssl_ctx, const char *dh_file)
+static int tls_global_dh(struct tls_data *data, const char *dh_file)
{
#ifdef OPENSSL_NO_DH
if (dh_file == NULL)
@@ -2585,6 +3672,7 @@
"dh_file specified");
return -1;
#else /* OPENSSL_NO_DH */
+ SSL_CTX *ssl_ctx = data->ssl;
DH *dh;
BIO *bio;
@@ -2650,19 +3738,15 @@
}
-int tls_connection_get_keys(void *ssl_ctx, struct tls_connection *conn,
- struct tls_keys *keys)
+int tls_connection_get_random(void *ssl_ctx, struct tls_connection *conn,
+ struct tls_random *keys)
{
-#ifdef CONFIG_FIPS
- wpa_printf(MSG_ERROR, "OpenSSL: TLS keys cannot be exported in FIPS "
- "mode");
- return -1;
-#else /* CONFIG_FIPS */
SSL *ssl;
if (conn == NULL || keys == NULL)
return -1;
ssl = conn->ssl;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL)
return -1;
@@ -2671,14 +3755,27 @@
keys->client_random_len = SSL3_RANDOM_SIZE;
keys->server_random = ssl->s3->server_random;
keys->server_random_len = SSL3_RANDOM_SIZE;
+#else
+ if (ssl == NULL)
+ return -1;
+
+ os_memset(keys, 0, sizeof(*keys));
+ keys->client_random = conn->client_random;
+ keys->client_random_len = SSL_get_client_random(
+ ssl, conn->client_random, sizeof(conn->client_random));
+ keys->server_random = conn->server_random;
+ keys->server_random_len = SSL_get_server_random(
+ ssl, conn->server_random, sizeof(conn->server_random));
+#endif
return 0;
-#endif /* CONFIG_FIPS */
}
+#ifndef CONFIG_FIPS
static int openssl_get_keyblock_size(SSL *ssl)
{
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
const EVP_CIPHER *c;
const EVP_MD *h;
int md_size;
@@ -2708,10 +3805,38 @@
return 2 * (EVP_CIPHER_key_length(c) +
md_size +
EVP_CIPHER_iv_length(c));
+#else
+ const SSL_CIPHER *ssl_cipher;
+ int cipher, digest;
+ const EVP_CIPHER *c;
+ const EVP_MD *h;
+
+ ssl_cipher = SSL_get_current_cipher(ssl);
+ if (!ssl_cipher)
+ return -1;
+ cipher = SSL_CIPHER_get_cipher_nid(ssl_cipher);
+ digest = SSL_CIPHER_get_digest_nid(ssl_cipher);
+ wpa_printf(MSG_DEBUG, "OpenSSL: cipher nid %d digest nid %d",
+ cipher, digest);
+ if (cipher < 0 || digest < 0)
+ return -1;
+ c = EVP_get_cipherbynid(cipher);
+ h = EVP_get_digestbynid(digest);
+ if (!c || !h)
+ return -1;
+
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: keyblock size: key_len=%d MD_size=%d IV_len=%d",
+ EVP_CIPHER_key_length(c), EVP_MD_size(h),
+ EVP_CIPHER_iv_length(c));
+ return 2 * (EVP_CIPHER_key_length(c) + EVP_MD_size(h) +
+ EVP_CIPHER_iv_length(c));
+#endif
}
+#endif /* CONFIG_FIPS */
-static int openssl_tls_prf(void *tls_ctx, struct tls_connection *conn,
+static int openssl_tls_prf(struct tls_connection *conn,
const char *label, int server_random_first,
int skip_keyblock, u8 *out, size_t out_len)
{
@@ -2720,12 +3845,14 @@
"mode");
return -1;
#else /* CONFIG_FIPS */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
SSL *ssl;
u8 *rnd;
int ret = -1;
int skip = 0;
u8 *tmp_out = NULL;
u8 *_out = out;
+ const char *ver;
/*
* TLS library did not support key generation, so get the needed TLS
@@ -2739,6 +3866,7 @@
if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL ||
ssl->session->master_key_length <= 0)
return -1;
+ ver = SSL_get_version(ssl);
if (skip_keyblock) {
skip = openssl_get_keyblock_size(ssl);
@@ -2766,19 +3894,103 @@
SSL3_RANDOM_SIZE);
}
- /* TODO: TLSv1.2 may need another PRF. This could use something closer
- * to SSL_export_keying_material() design. */
- if (tls_prf_sha1_md5(ssl->session->master_key,
- ssl->session->master_key_length,
- label, rnd, 2 * SSL3_RANDOM_SIZE,
- _out, skip + out_len) == 0)
+ if (os_strcmp(ver, "TLSv1.2") == 0) {
+ tls_prf_sha256(ssl->session->master_key,
+ ssl->session->master_key_length,
+ label, rnd, 2 * SSL3_RANDOM_SIZE,
+ _out, skip + out_len);
ret = 0;
+ } else if (tls_prf_sha1_md5(ssl->session->master_key,
+ ssl->session->master_key_length,
+ label, rnd, 2 * SSL3_RANDOM_SIZE,
+ _out, skip + out_len) == 0) {
+ ret = 0;
+ }
os_free(rnd);
if (ret == 0 && skip_keyblock)
os_memcpy(out, _out + skip, out_len);
bin_clear_free(tmp_out, skip);
return ret;
+#else
+ SSL *ssl;
+ SSL_SESSION *sess;
+ u8 *rnd;
+ int ret = -1;
+ int skip = 0;
+ u8 *tmp_out = NULL;
+ u8 *_out = out;
+ unsigned char client_random[SSL3_RANDOM_SIZE];
+ unsigned char server_random[SSL3_RANDOM_SIZE];
+ unsigned char master_key[64];
+ size_t master_key_len;
+ const char *ver;
+
+ /*
+ * TLS library did not support key generation, so get the needed TLS
+ * session parameters and use an internal implementation of TLS PRF to
+ * derive the key.
+ */
+
+ if (conn == NULL)
+ return -1;
+ ssl = conn->ssl;
+ if (ssl == NULL)
+ return -1;
+ ver = SSL_get_version(ssl);
+ sess = SSL_get_session(ssl);
+ if (!ver || !sess)
+ return -1;
+
+ if (skip_keyblock) {
+ skip = openssl_get_keyblock_size(ssl);
+ if (skip < 0)
+ return -1;
+ tmp_out = os_malloc(skip + out_len);
+ if (!tmp_out)
+ return -1;
+ _out = tmp_out;
+ }
+
+ rnd = os_malloc(2 * SSL3_RANDOM_SIZE);
+ if (!rnd) {
+ os_free(tmp_out);
+ return -1;
+ }
+
+ SSL_get_client_random(ssl, client_random, sizeof(client_random));
+ SSL_get_server_random(ssl, server_random, sizeof(server_random));
+ master_key_len = SSL_SESSION_get_master_key(sess, master_key,
+ sizeof(master_key));
+
+ if (server_random_first) {
+ os_memcpy(rnd, server_random, SSL3_RANDOM_SIZE);
+ os_memcpy(rnd + SSL3_RANDOM_SIZE, client_random,
+ SSL3_RANDOM_SIZE);
+ } else {
+ os_memcpy(rnd, client_random, SSL3_RANDOM_SIZE);
+ os_memcpy(rnd + SSL3_RANDOM_SIZE, server_random,
+ SSL3_RANDOM_SIZE);
+ }
+
+ if (os_strcmp(ver, "TLSv1.2") == 0) {
+ tls_prf_sha256(master_key, master_key_len,
+ label, rnd, 2 * SSL3_RANDOM_SIZE,
+ _out, skip + out_len);
+ ret = 0;
+ } else if (tls_prf_sha1_md5(master_key, master_key_len,
+ label, rnd, 2 * SSL3_RANDOM_SIZE,
+ _out, skip + out_len) == 0) {
+ ret = 0;
+ }
+ os_memset(master_key, 0, sizeof(master_key));
+ os_free(rnd);
+ if (ret == 0 && skip_keyblock)
+ os_memcpy(out, _out + skip, out_len);
+ bin_clear_free(tmp_out, skip);
+
+ return ret;
+#endif
#endif /* CONFIG_FIPS */
}
@@ -2792,7 +4004,7 @@
if (conn == NULL)
return -1;
if (server_random_first || skip_keyblock)
- return openssl_tls_prf(tls_ctx, conn, label,
+ return openssl_tls_prf(conn, label,
server_random_first, skip_keyblock,
out, out_len);
ssl = conn->ssl;
@@ -2802,7 +4014,7 @@
return 0;
}
#endif
- return openssl_tls_prf(tls_ctx, conn, label, server_random_first,
+ return openssl_tls_prf(conn, label, server_random_first,
skip_keyblock, out, out_len);
}
@@ -2818,7 +4030,7 @@
* Give TLS handshake data from the server (if available) to OpenSSL
* for processing.
*/
- if (in_data &&
+ if (in_data && wpabuf_len(in_data) > 0 &&
BIO_write(conn->ssl_in, wpabuf_head(in_data), wpabuf_len(in_data))
< 0) {
tls_show_errors(MSG_INFO, __func__,
@@ -2930,8 +4142,14 @@
return NULL;
}
- if (SSL_is_init_finished(conn->ssl) && appl_data && in_data)
- *appl_data = openssl_get_appl_data(conn, wpabuf_len(in_data));
+ if (SSL_is_init_finished(conn->ssl)) {
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: Handshake finished - resumed=%d",
+ tls_connection_resumed(conn->ssl_ctx, conn));
+ if (appl_data && in_data)
+ *appl_data = openssl_get_appl_data(conn,
+ wpabuf_len(in_data));
+ }
if (conn->invalid_hb_used) {
wpa_printf(MSG_INFO, "TLS: Heartbeat attack detected - do not send response");
@@ -3110,6 +4328,21 @@
wpa_printf(MSG_DEBUG, "OpenSSL: cipher suites: %s", buf + 1);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
+ if (os_strstr(buf, ":ADH-")) {
+ /*
+ * Need to drop to security level 0 to allow anonymous
+ * cipher suites for EAP-FAST.
+ */
+ SSL_set_security_level(conn->ssl, 0);
+ } else if (SSL_get_security_level(conn->ssl) == 0) {
+ /* Force at least security level 1 */
+ SSL_set_security_level(conn->ssl, 1);
+ }
+#endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
+#endif
+
if (SSL_set_cipher_list(conn->ssl, buf + 1) != 1) {
tls_show_errors(MSG_INFO, __func__,
"Cipher suite configuration failed");
@@ -3120,6 +4353,22 @@
}
+int tls_get_version(void *ssl_ctx, struct tls_connection *conn,
+ char *buf, size_t buflen)
+{
+ const char *name;
+ if (conn == NULL || conn->ssl == NULL)
+ return -1;
+
+ name = SSL_get_version(conn->ssl);
+ if (name == NULL)
+ return -1;
+
+ os_strlcpy(buf, name, buflen);
+ return 0;
+}
+
+
int tls_get_cipher(void *ssl_ctx, struct tls_connection *conn,
char *buf, size_t buflen)
{
@@ -3442,6 +4691,7 @@
int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
const struct tls_connection_params *params)
{
+ struct tls_data *data = tls_ctx;
int ret;
unsigned long err;
int can_pkcs11 = 0;
@@ -3483,6 +4733,8 @@
if (can_pkcs11 == 2 && !engine_id)
engine_id = "pkcs11";
+#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
if (params->flags & TLS_CONN_EAP_FAST) {
wpa_printf(MSG_DEBUG,
"OpenSSL: Use TLSv1_method() for EAP-FAST");
@@ -3492,6 +4744,8 @@
return -1;
}
}
+#endif
+#endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
while ((err = ERR_get_error())) {
wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s",
@@ -3513,10 +4767,9 @@
return -1;
if (engine_id && ca_cert_id) {
- if (tls_connection_engine_ca_cert(tls_ctx, conn,
- ca_cert_id))
+ if (tls_connection_engine_ca_cert(data, conn, ca_cert_id))
return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED;
- } else if (tls_connection_ca_cert(tls_ctx, conn, params->ca_cert,
+ } else if (tls_connection_ca_cert(data, conn, params->ca_cert,
params->ca_cert_blob,
params->ca_cert_blob_len,
params->ca_path))
@@ -3534,7 +4787,7 @@
wpa_printf(MSG_DEBUG, "TLS: Using private key from engine");
if (tls_connection_engine_private_key(conn))
return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED;
- } else if (tls_connection_private_key(tls_ctx, conn,
+ } else if (tls_connection_private_key(data, conn,
params->private_key,
params->private_key_passwd,
params->private_key_blob,
@@ -3558,40 +4811,36 @@
return -1;
}
-#ifdef SSL_OP_NO_TICKET
- if (params->flags & TLS_CONN_DISABLE_SESSION_TICKET)
- SSL_set_options(conn->ssl, SSL_OP_NO_TICKET);
-#ifdef SSL_clear_options
- else
- SSL_clear_options(conn->ssl, SSL_OP_NO_TICKET);
-#endif /* SSL_clear_options */
-#endif /* SSL_OP_NO_TICKET */
+ tls_set_conn_flags(conn->ssl, params->flags);
-#ifdef SSL_OP_NO_TLSv1_1
- if (params->flags & TLS_CONN_DISABLE_TLSv1_1)
- SSL_set_options(conn->ssl, SSL_OP_NO_TLSv1_1);
- else
- SSL_clear_options(conn->ssl, SSL_OP_NO_TLSv1_1);
-#endif /* SSL_OP_NO_TLSv1_1 */
-#ifdef SSL_OP_NO_TLSv1_2
- if (params->flags & TLS_CONN_DISABLE_TLSv1_2)
- SSL_set_options(conn->ssl, SSL_OP_NO_TLSv1_2);
- else
- SSL_clear_options(conn->ssl, SSL_OP_NO_TLSv1_2);
-#endif /* SSL_OP_NO_TLSv1_2 */
-
+#ifdef OPENSSL_IS_BORINGSSL
+ if (params->flags & TLS_CONN_REQUEST_OCSP) {
+ SSL_enable_ocsp_stapling(conn->ssl);
+ }
+#else /* OPENSSL_IS_BORINGSSL */
#ifdef HAVE_OCSP
if (params->flags & TLS_CONN_REQUEST_OCSP) {
- SSL_CTX *ssl_ctx = tls_ctx;
+ SSL_CTX *ssl_ctx = data->ssl;
SSL_set_tlsext_status_type(conn->ssl, TLSEXT_STATUSTYPE_ocsp);
SSL_CTX_set_tlsext_status_cb(ssl_ctx, ocsp_resp_cb);
SSL_CTX_set_tlsext_status_arg(ssl_ctx, conn);
}
+#else /* HAVE_OCSP */
+ if (params->flags & TLS_CONN_REQUIRE_OCSP) {
+ wpa_printf(MSG_INFO,
+ "OpenSSL: No OCSP support included - reject configuration");
+ return -1;
+ }
+ if (params->flags & TLS_CONN_REQUEST_OCSP) {
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: No OCSP support included - allow optional OCSP case to continue");
+ }
#endif /* HAVE_OCSP */
+#endif /* OPENSSL_IS_BORINGSSL */
conn->flags = params->flags;
- tls_get_errors(tls_ctx);
+ tls_get_errors(data);
return 0;
}
@@ -3600,7 +4849,8 @@
int tls_global_set_params(void *tls_ctx,
const struct tls_connection_params *params)
{
- SSL_CTX *ssl_ctx = tls_ctx;
+ struct tls_data *data = tls_ctx;
+ SSL_CTX *ssl_ctx = data->ssl;
unsigned long err;
while ((err = ERR_get_error())) {
@@ -3608,19 +4858,12 @@
__func__, ERR_error_string(err, NULL));
}
- if (tls_global_ca_cert(ssl_ctx, params->ca_cert))
- return -1;
-
- if (tls_global_client_cert(ssl_ctx, params->client_cert))
- return -1;
-
- if (tls_global_private_key(ssl_ctx, params->private_key,
- params->private_key_passwd))
- return -1;
-
- if (tls_global_dh(ssl_ctx, params->dh_file)) {
- wpa_printf(MSG_INFO, "TLS: Failed to load DH file '%s'",
- params->dh_file);
+ if (tls_global_ca_cert(data, params->ca_cert) ||
+ tls_global_client_cert(data, params->client_cert) ||
+ tls_global_private_key(data, params->private_key,
+ params->private_key_passwd) ||
+ tls_global_dh(data, params->dh_file)) {
+ wpa_printf(MSG_INFO, "TLS: Failed to set global parameters");
return -1;
}
@@ -3656,12 +4899,6 @@
}
-unsigned int tls_capabilities(void *tls_ctx)
-{
- return 0;
-}
-
-
#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
/* Pre-shared secred requires a patch to openssl, so this function is
* commented out unless explicitly needed for EAP-FAST in order to be able to
@@ -3680,6 +4917,7 @@
struct tls_connection *conn = arg;
int ret;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
if (conn == NULL || conn->session_ticket_cb == NULL)
return 0;
@@ -3688,6 +4926,23 @@
conn->session_ticket_len,
s->s3->client_random,
s->s3->server_random, secret);
+#else
+ unsigned char client_random[SSL3_RANDOM_SIZE];
+ unsigned char server_random[SSL3_RANDOM_SIZE];
+
+ if (conn == NULL || conn->session_ticket_cb == NULL)
+ return 0;
+
+ SSL_get_client_random(s, client_random, sizeof(client_random));
+ SSL_get_server_random(s, server_random, sizeof(server_random));
+
+ ret = conn->session_ticket_cb(conn->session_ticket_cb_ctx,
+ conn->session_ticket,
+ conn->session_ticket_len,
+ client_random,
+ server_random, secret);
+#endif
+
os_free(conn->session_ticket);
conn->session_ticket = NULL;
@@ -3761,3 +5016,70 @@
OPENSSL_VERSION_TEXT,
SSLeay_version(SSLEAY_VERSION));
}
+
+
+void tls_connection_set_success_data(struct tls_connection *conn,
+ struct wpabuf *data)
+{
+ SSL_SESSION *sess;
+ struct wpabuf *old;
+
+ if (tls_ex_idx_session < 0)
+ goto fail;
+ sess = SSL_get_session(conn->ssl);
+ if (!sess)
+ goto fail;
+ old = SSL_SESSION_get_ex_data(sess, tls_ex_idx_session);
+ if (old) {
+ wpa_printf(MSG_DEBUG, "OpenSSL: Replacing old success data %p",
+ old);
+ wpabuf_free(old);
+ }
+ if (SSL_SESSION_set_ex_data(sess, tls_ex_idx_session, data) != 1)
+ goto fail;
+
+ wpa_printf(MSG_DEBUG, "OpenSSL: Stored success data %p", data);
+ conn->success_data = 1;
+ return;
+
+fail:
+ wpa_printf(MSG_INFO, "OpenSSL: Failed to store success data");
+ wpabuf_free(data);
+}
+
+
+void tls_connection_set_success_data_resumed(struct tls_connection *conn)
+{
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: Success data accepted for resumed session");
+ conn->success_data = 1;
+}
+
+
+const struct wpabuf *
+tls_connection_get_success_data(struct tls_connection *conn)
+{
+ SSL_SESSION *sess;
+
+ if (tls_ex_idx_session < 0 ||
+ !(sess = SSL_get_session(conn->ssl)))
+ return NULL;
+ return SSL_SESSION_get_ex_data(sess, tls_ex_idx_session);
+}
+
+
+void tls_connection_remove_session(struct tls_connection *conn)
+{
+ SSL_SESSION *sess;
+
+ sess = SSL_get_session(conn->ssl);
+ if (!sess)
+ return;
+
+ if (SSL_CTX_remove_session(conn->ssl_ctx, sess) != 1)
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: Session was not cached");
+ else
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: Removed cached session to disable session resumption");
+}
diff --git a/src/drivers/driver.h b/src/drivers/driver.h
index 7fe736b..09c4fa1 100644
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -1214,6 +1214,8 @@
#define WPA_DRIVER_FLAGS_VHT_IBSS 0x0000002000000000ULL
/** Driver supports automatic band selection */
#define WPA_DRIVER_FLAGS_SUPPORT_HW_MODE_ANY 0x0000004000000000ULL
+/** Driver supports simultaneous off-channel operations */
+#define WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS 0x0000008000000000ULL
u64 flags;
#define WPA_DRIVER_SMPS_MODE_STATIC 0x00000001
@@ -1297,6 +1299,16 @@
*/
#define WPA_DRIVER_FLAGS_TX_POWER_INSERTION 0x00000008
u32 rrm_flags;
+
+ /* Driver concurrency capabilities */
+ unsigned int conc_capab;
+ /* Maximum number of concurrent channels on 2.4 GHz */
+ unsigned int max_conc_chan_2_4;
+ /* Maximum number of concurrent channels on 5 GHz */
+ unsigned int max_conc_chan_5_0;
+
+ /* Maximum number of supported CSA counters */
+ u16 max_csa_counters;
};
@@ -1397,6 +1409,16 @@
* WPA_IF_MESH - Mesh interface
*/
WPA_IF_MESH,
+
+ /*
+ * WPA_IF_TDLS - TDLS offchannel interface (used for pref freq only)
+ */
+ WPA_IF_TDLS,
+
+ /*
+ * WPA_IF_IBSS - IBSS interface (used for pref freq only)
+ */
+ WPA_IF_IBSS,
};
struct wpa_init_params {
@@ -1537,8 +1559,8 @@
struct beacon_data beacon_csa;
struct beacon_data beacon_after;
- u16 counter_offset_beacon;
- u16 counter_offset_presp;
+ u16 counter_offset_beacon[2];
+ u16 counter_offset_presp[2];
};
/* TDLS peer capabilities for send_tdls_mgmt() */
@@ -1602,6 +1624,7 @@
/* ACS channel list info */
unsigned int ch_list_len;
const u8 *ch_list;
+ const int *freq_list;
};
@@ -1942,10 +1965,13 @@
* @noack: Do not wait for this frame to be acked (disable retries)
* @freq: Frequency (in MHz) to send the frame on, or 0 to let the
* driver decide
+ * @csa_offs: Array of CSA offsets or %NULL
+ * @csa_offs_len: Number of elements in csa_offs
* Returns: 0 on success, -1 on failure
*/
int (*send_mlme)(void *priv, const u8 *data, size_t data_len,
- int noack, unsigned int freq);
+ int noack, unsigned int freq, const u16 *csa_offs,
+ size_t csa_offs_len);
/**
* update_ft_ies - Update FT (IEEE 802.11r) IEs
@@ -2349,7 +2375,8 @@
* Returns: 0 on success, -1 on failure
*/
int (*sta_set_flags)(void *priv, const u8 *addr,
- int total_flags, int flags_or, int flags_and);
+ unsigned int total_flags, unsigned int flags_or,
+ unsigned int flags_and);
/**
* set_tx_queue_params - Set TX queue parameters
@@ -3394,6 +3421,32 @@
* Returns 0 on success, -1 on failure
*/
int (*set_band)(void *priv, enum set_band band);
+
+ /**
+ * get_pref_freq_list - Get preferred frequency list for an interface
+ * @priv: Private driver interface data
+ * @if_type: Interface type
+ * @num: Number of channels
+ * @freq_list: Preferred channel frequency list encoded in MHz values
+ * Returns 0 on success, -1 on failure
+ *
+ * This command can be used to query the preferred frequency list from
+ * the driver specific to a particular interface type.
+ */
+ int (*get_pref_freq_list)(void *priv, enum wpa_driver_if_type if_type,
+ unsigned int *num, unsigned int *freq_list);
+
+ /**
+ * set_prob_oper_freq - Indicate probable P2P operating channel
+ * @priv: Private driver interface data
+ * @freq: Channel frequency in MHz
+ * Returns 0 on success, -1 on failure
+ *
+ * This command can be used to inform the driver of the operating
+ * frequency that an ongoing P2P group formation is likely to come up
+ * on. Local device is assuming P2P Client role.
+ */
+ int (*set_prob_oper_freq)(void *priv, unsigned int freq);
};
@@ -4336,6 +4389,9 @@
* @ssids: Scanned SSIDs (%NULL or zero-length SSID indicates wildcard
* SSID)
* @num_ssids: Number of entries in ssids array
+ * @external_scan: Whether the scan info is for an external scan
+ * @nl_scan_event: 1 if the source of this scan event is a normal scan,
+ * 0 if the source of the scan event is a vendor scan
*/
struct scan_info {
int aborted;
@@ -4343,6 +4399,8 @@
size_t num_freqs;
struct wpa_driver_scan_ssid ssids[WPAS_MAX_SCAN_SSIDS];
size_t num_ssids;
+ int external_scan;
+ int nl_scan_event;
} scan_info;
/**
diff --git a/src/drivers/driver_atheros.c b/src/drivers/driver_atheros.c
index b721c32..1afeeb2 100644
--- a/src/drivers/driver_atheros.c
+++ b/src/drivers/driver_atheros.c
@@ -55,6 +55,10 @@
#include "netlink.h"
#include "linux_ioctl.h"
+#if defined(CONFIG_IEEE80211W) || defined(CONFIG_IEEE80211R) || defined(CONFIG_HS20) || defined(CONFIG_WNM) || defined(CONFIG_WPS)
+#define ATHEROS_USE_RAW_RECEIVE
+#endif
+
struct atheros_driver_data {
struct hostapd_data *hapd; /* back pointer */
@@ -430,7 +434,8 @@
static int
atheros_sta_set_flags(void *priv, const u8 *addr,
- int total_flags, int flags_or, int flags_and)
+ unsigned int total_flags, unsigned int flags_or,
+ unsigned int flags_and)
{
/* For now, only support setting Authorized flag */
if (flags_or & WPA_STA_AUTHORIZED)
@@ -823,7 +828,7 @@
return 0;
}
-#if defined(CONFIG_WPS) || defined(CONFIG_IEEE80211R) || defined(CONFIG_WNM) || defined(CONFIG_HS20)
+#ifdef ATHEROS_USE_RAW_RECEIVE
static void atheros_raw_receive(void *ctx, const u8 *src_addr, const u8 *buf,
size_t len)
{
@@ -911,7 +916,7 @@
break;
}
}
-#endif
+#endif /* ATHEROS_USE_RAW_RECEIVE */
static int atheros_receive_pkt(struct atheros_driver_data *drv)
{
@@ -923,11 +928,11 @@
#ifdef CONFIG_WPS
filt.app_filterype |= IEEE80211_FILTER_TYPE_PROBE_REQ;
#endif /* CONFIG_WPS */
-#ifdef CONFIG_IEEE80211R
+#if defined(CONFIG_IEEE80211W) || defined(CONFIG_IEEE80211R)
filt.app_filterype |= (IEEE80211_FILTER_TYPE_ASSOC_REQ |
IEEE80211_FILTER_TYPE_AUTH |
IEEE80211_FILTER_TYPE_ACTION);
-#endif
+#endif /* CONFIG_IEEE80211R || CONFIG_IEEE80211W */
#ifdef CONFIG_WNM
filt.app_filterype |= IEEE80211_FILTER_TYPE_ACTION;
#endif /* CONFIG_WNM */
@@ -1026,7 +1031,7 @@
#define atheros_set_ap_wps_ie NULL
#endif /* CONFIG_WPS */
-#ifdef CONFIG_IEEE80211R
+#if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W)
static int
atheros_sta_auth(void *priv, const u8 *own_addr, const u8 *addr, u16 seq,
u16 status_code, const u8 *ie, size_t len)
@@ -1102,7 +1107,7 @@
}
return ret;
}
-#endif /* CONFIG_IEEE80211R */
+#endif /* CONFIG_IEEE80211R || CONFIG_IEEE80211W */
static void
atheros_new_sta(struct atheros_driver_data *drv, u8 addr[IEEE80211_ADDR_LEN])
@@ -1177,6 +1182,7 @@
atheros_wireless_event_wireless_custom(struct atheros_driver_data *drv,
char *custom, char *end)
{
+#define MGMT_FRAM_TAG_SIZE 30 /* hardcoded in driver */
wpa_printf(MSG_DEBUG, "Custom wireless event: '%s'", custom);
if (strncmp(custom, "MLME-MICHAELMICFAILURE.indication", 33) == 0) {
@@ -1232,9 +1238,6 @@
* so all are enabled for WPS... ugh.
*/
wpa_supplicant_event(drv->hapd, EVENT_WPS_BUTTON_PUSHED, NULL);
-#endif /* CONFIG_WPS */
-#if defined(CONFIG_WPS) || defined(CONFIG_IEEE80211R) || defined(CONFIG_HS20)
-#define MGMT_FRAM_TAG_SIZE 30 /* hardcoded in driver */
} else if (strncmp(custom, "Manage.prob_req ", 16) == 0) {
/*
* Atheros driver uses a hack to pass Probe Request frames as a
@@ -1243,47 +1246,53 @@
* Format: "Manage.prob_req <frame len>" | zero padding | frame
*/
int len = atoi(custom + 16);
- if (len < 0 || custom + MGMT_FRAM_TAG_SIZE + len > end) {
+ if (len < 0 || MGMT_FRAM_TAG_SIZE + len > end - custom) {
wpa_printf(MSG_DEBUG, "Invalid Manage.prob_req event "
"length %d", len);
return;
}
atheros_raw_receive(drv, NULL,
(u8 *) custom + MGMT_FRAM_TAG_SIZE, len);
+#endif /* CONFIG_WPS */
+#if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W)
} else if (strncmp(custom, "Manage.assoc_req ", 17) == 0) {
/* Format: "Manage.assoc_req <frame len>" | zero padding |
* frame */
int len = atoi(custom + 17);
- if (len < 0 || custom + MGMT_FRAM_TAG_SIZE + len > end) {
- wpa_printf(MSG_DEBUG, "Invalid Manage.prob_req/"
- "assoc_req/auth event length %d", len);
+ if (len < 0 || MGMT_FRAM_TAG_SIZE + len > end - custom) {
+ wpa_printf(MSG_DEBUG,
+ "Invalid Manage.assoc_req event length %d",
+ len);
return;
}
atheros_raw_receive(drv, NULL,
(u8 *) custom + MGMT_FRAM_TAG_SIZE, len);
- } else if (strncmp(custom, "Manage.action ", 14) == 0) {
- /* Format: "Manage.assoc_req <frame len>" | zero padding |
- * frame */
- int len = atoi(custom + 14);
- if (len < 0 || custom + MGMT_FRAM_TAG_SIZE + len > end) {
- wpa_printf(MSG_DEBUG, "Invalid Manage.prob_req/"
- "assoc_req/auth event length %d", len);
- return;
- }
- atheros_raw_receive(drv, NULL,
- (u8 *) custom + MGMT_FRAM_TAG_SIZE, len);
- } else if (strncmp(custom, "Manage.auth ", 12) == 0) {
- /* Format: "Manage.auth <frame len>" | zero padding | frame
- */
+ } else if (strncmp(custom, "Manage.auth ", 12) == 0) {
+ /* Format: "Manage.auth <frame len>" | zero padding | frame */
int len = atoi(custom + 12);
- if (len < 0 || custom + MGMT_FRAM_TAG_SIZE + len > end) {
- wpa_printf(MSG_DEBUG, "Invalid Manage.prob_req/"
- "assoc_req/auth event length %d", len);
+ if (len < 0 ||
+ MGMT_FRAM_TAG_SIZE + len > end - custom) {
+ wpa_printf(MSG_DEBUG,
+ "Invalid Manage.auth event length %d", len);
return;
}
atheros_raw_receive(drv, NULL,
(u8 *) custom + MGMT_FRAM_TAG_SIZE, len);
-#endif /* CONFIG_WPS or CONFIG_IEEE80211R */
+#endif /* CONFIG_IEEE80211W || CONFIG_IEEE80211R */
+#ifdef ATHEROS_USE_RAW_RECEIVE
+ } else if (strncmp(custom, "Manage.action ", 14) == 0) {
+ /* Format: "Manage.assoc_req <frame len>" | zero padding | frame
+ */
+ int len = atoi(custom + 14);
+ if (len < 0 || MGMT_FRAM_TAG_SIZE + len > end - custom) {
+ wpa_printf(MSG_DEBUG,
+ "Invalid Manage.action event length %d",
+ len);
+ return;
+ }
+ atheros_raw_receive(drv, NULL,
+ (u8 *) custom + MGMT_FRAM_TAG_SIZE, len);
+#endif /* ATHEROS_USE_RAW_RECEIVE */
}
}
@@ -1375,7 +1384,7 @@
static void
atheros_wireless_event_wireless(struct atheros_driver_data *drv,
- char *data, int len)
+ char *data, unsigned int len)
{
struct iw_event iwe_buf, *iwe = &iwe_buf;
char *pos, *end, *custom, *buf;
@@ -1383,13 +1392,13 @@
pos = data;
end = data + len;
- while (pos + IW_EV_LCP_LEN <= end) {
+ while ((size_t) (end - pos) >= IW_EV_LCP_LEN) {
/* Event data may be unaligned, so make a local, aligned copy
* before processing. */
memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
wpa_printf(MSG_MSGDUMP, "Wireless event: cmd=0x%x len=%d",
iwe->cmd, iwe->len);
- if (iwe->len <= IW_EV_LCP_LEN)
+ if (iwe->len <= IW_EV_LCP_LEN || iwe->len > end - pos)
return;
custom = pos + IW_EV_POINT_LEN;
@@ -1421,7 +1430,7 @@
* just like IWEVCUSTOM.
*/
case IWEVCUSTOM:
- if (custom + iwe->u.data.length > end)
+ if (iwe->u.data.length > end - custom)
return;
buf = malloc(iwe->u.data.length + 1);
if (buf == NULL)
@@ -1695,10 +1704,10 @@
atheros_reset_appfilter(drv);
if (drv->wpa_ie || drv->wps_beacon_ie || drv->wps_probe_resp_ie) {
+ atheros_set_opt_ie(priv, NULL, 0);
wpabuf_free(drv->wpa_ie);
wpabuf_free(drv->wps_beacon_ie);
wpabuf_free(drv->wps_probe_resp_ie);
- atheros_set_opt_ie(priv, NULL, 0);
}
netlink_deinit(drv->netlink);
(void) linux_set_iface_flags(drv->ioctl_sock, drv->iface, 0);
@@ -1836,10 +1845,11 @@
}
-#ifdef CONFIG_IEEE80211R
+#if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W)
static int atheros_send_mgmt(void *priv, const u8 *frm, size_t data_len,
- int noack, unsigned int freq)
+ int noack, unsigned int freq,
+ const u16 *csa_offs, size_t csa_offs_len)
{
struct atheros_driver_data *drv = priv;
u8 buf[1510];
@@ -1861,8 +1871,11 @@
return set80211priv(drv, IEEE80211_IOCTL_SEND_MGMT, mgmt_frm,
sizeof(struct ieee80211req_mgmtbuf) + data_len);
}
+#endif /* CONFIG_IEEE80211R || CONFIG_IEEE80211W */
+#ifdef CONFIG_IEEE80211R
+
static int atheros_add_tspec(void *priv, const u8 *addr, u8 *tspec_ie,
size_t tspec_ielen)
{
@@ -2142,10 +2155,12 @@
.set_ap_wps_ie = atheros_set_ap_wps_ie,
.set_authmode = atheros_set_authmode,
.set_ap = atheros_set_ap,
-#ifdef CONFIG_IEEE80211R
+#if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W)
.sta_assoc = atheros_sta_assoc,
.sta_auth = atheros_sta_auth,
.send_mlme = atheros_send_mgmt,
+#endif /* CONFIG_IEEE80211R || CONFIG_IEEE80211W */
+#ifdef CONFIG_IEEE80211R
.add_tspec = atheros_add_tspec,
.add_sta_node = atheros_add_sta_node,
#endif /* CONFIG_IEEE80211R */
diff --git a/src/drivers/driver_bsd.c b/src/drivers/driver_bsd.c
index 9ac87b4..bab1f03 100644
--- a/src/drivers/driver_bsd.c
+++ b/src/drivers/driver_bsd.c
@@ -894,7 +894,8 @@
static int
bsd_set_sta_authorized(void *priv, const u8 *addr,
- int total_flags, int flags_or, int flags_and)
+ unsigned int total_flags, unsigned int flags_or,
+ unsigned int flags_and)
{
int authorized = -1;
diff --git a/src/drivers/driver_hostap.c b/src/drivers/driver_hostap.c
index 8835005..517a3bb 100644
--- a/src/drivers/driver_hostap.c
+++ b/src/drivers/driver_hostap.c
@@ -140,7 +140,7 @@
static void handle_frame(struct hostap_driver_data *drv, u8 *buf, size_t len)
{
struct ieee80211_hdr *hdr;
- u16 fc, extra_len, type, stype;
+ u16 fc, type, stype;
size_t data_len = len;
int ver;
union wpa_event_data event;
@@ -165,19 +165,10 @@
ver = fc & WLAN_FC_PVER;
- /* protocol version 3 is reserved for indicating extra data after the
- * payload, version 2 for indicating ACKed frame (TX callbacks), and
- * version 1 for indicating failed frame (no ACK, TX callbacks) */
- if (ver == 3) {
- u8 *pos = buf + len - 2;
- extra_len = WPA_GET_LE16(pos);
- printf("extra data in frame (elen=%d)\n", extra_len);
- if ((size_t) extra_len + 2 > len) {
- printf(" extra data overflow\n");
- return;
- }
- len -= extra_len + 2;
- } else if (ver == 1 || ver == 2) {
+ /* protocol version 2 is reserved for indicating ACKed frame (TX
+ * callbacks), and version 1 for indicating failed frame (no ACK, TX
+ * callbacks) */
+ if (ver == 1 || ver == 2) {
handle_tx_callback(drv, buf, data_len, ver == 2 ? 1 : 0);
return;
} else if (ver != 0) {
@@ -267,7 +258,8 @@
static int hostap_send_mlme(void *priv, const u8 *msg, size_t len, int noack,
- unsigned int freq)
+ unsigned int freq,
+ const u16 *csa_offs, size_t csa_offs_len)
{
struct hostap_driver_data *drv = priv;
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) msg;
@@ -316,7 +308,7 @@
pos += 2;
memcpy(pos, data, data_len);
- res = hostap_send_mlme(drv, (u8 *) hdr, len, 0);
+ res = hostap_send_mlme(drv, (u8 *) hdr, len, 0, 0, NULL, 0);
if (res < 0) {
wpa_printf(MSG_ERROR, "hostap_send_eapol - packet len: %lu - "
"failed: %d (%s)",
@@ -329,7 +321,8 @@
static int hostap_sta_set_flags(void *priv, const u8 *addr,
- int total_flags, int flags_or, int flags_and)
+ unsigned int total_flags, unsigned int flags_or,
+ unsigned int flags_and)
{
struct hostap_driver_data *drv = priv;
struct prism2_hostapd_param param;
@@ -821,7 +814,7 @@
static void hostapd_wireless_event_wireless(struct hostap_driver_data *drv,
- char *data, int len)
+ char *data, unsigned int len)
{
struct iw_event iwe_buf, *iwe = &iwe_buf;
char *pos, *end, *custom, *buf;
@@ -829,13 +822,13 @@
pos = data;
end = data + len;
- while (pos + IW_EV_LCP_LEN <= end) {
+ while ((size_t) (end - pos) >= IW_EV_LCP_LEN) {
/* Event data may be unaligned, so make a local, aligned copy
* before processing. */
memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
wpa_printf(MSG_DEBUG, "Wireless event: cmd=0x%x len=%d",
iwe->cmd, iwe->len);
- if (iwe->len <= IW_EV_LCP_LEN)
+ if (iwe->len <= IW_EV_LCP_LEN || iwe->len > end - pos)
return;
custom = pos + IW_EV_POINT_LEN;
@@ -854,7 +847,7 @@
switch (iwe->cmd) {
case IWEVCUSTOM:
- if (custom + iwe->u.data.length > end)
+ if (iwe->u.data.length > end - custom)
return;
buf = malloc(iwe->u.data.length + 1);
if (buf == NULL)
@@ -1053,7 +1046,7 @@
memcpy(mgmt.bssid, own_addr, ETH_ALEN);
mgmt.u.deauth.reason_code = host_to_le16(reason);
return hostap_send_mlme(drv, (u8 *) &mgmt, IEEE80211_HDRLEN +
- sizeof(mgmt.u.deauth), 0);
+ sizeof(mgmt.u.deauth), 0, 0, NULL, 0);
}
@@ -1091,7 +1084,7 @@
memcpy(mgmt.bssid, own_addr, ETH_ALEN);
mgmt.u.disassoc.reason_code = host_to_le16(reason);
return hostap_send_mlme(drv, (u8 *) &mgmt, IEEE80211_HDRLEN +
- sizeof(mgmt.u.disassoc), 0);
+ sizeof(mgmt.u.disassoc), 0, 0, NULL, 0);
}
@@ -1169,7 +1162,7 @@
os_memcpy(hdr.IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN);
os_memcpy(hdr.IEEE80211_SA_FROMDS, own_addr, ETH_ALEN);
- hostap_send_mlme(priv, (u8 *)&hdr, sizeof(hdr), 0);
+ hostap_send_mlme(priv, (u8 *)&hdr, sizeof(hdr), 0, 0, NULL, 0);
}
diff --git a/src/drivers/driver_ndis.c b/src/drivers/driver_ndis.c
index 669f1b8..fd32134 100644
--- a/src/drivers/driver_ndis.c
+++ b/src/drivers/driver_ndis.c
@@ -785,8 +785,8 @@
pos = (const u8 *) (res + 1);
end = pos + res->ie_len;
- while (pos + 1 < end) {
- if (pos + 2 + pos[1] > end)
+ while (end - pos > 1) {
+ if (2 + pos[1] > end - pos)
break;
if (pos[0] == ie)
return pos;
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index 2a05a3b..e83a3df 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -176,7 +176,8 @@
static int nl80211_send_frame_cmd(struct i802_bss *bss,
unsigned int freq, unsigned int wait,
const u8 *buf, size_t buf_len, u64 *cookie,
- int no_cck, int no_ack, int offchanok);
+ int no_cck, int no_ack, int offchanok,
+ const u16 *csa_offs, size_t csa_offs_len);
static int wpa_driver_nl80211_probe_req_report(struct i802_bss *bss,
int report);
@@ -1536,6 +1537,10 @@
"after rfkill unblock");
return;
}
+
+ if (is_p2p_net_interface(drv->nlmode))
+ nl80211_disable_11b_rates(drv, drv->ifindex, 1);
+
/* rtnetlink ifup handler will report interface as enabled */
}
@@ -1878,6 +1883,11 @@
ret = -1;
}
#endif /* CONFIG_TDLS */
+#ifdef CONFIG_FST
+ /* FST Action frames */
+ if (nl80211_register_action_frame(bss, (u8 *) "\x12", 1) < 0)
+ ret = -1;
+#endif /* CONFIG_FST */
/* FT Action frames */
if (nl80211_register_action_frame(bss, (u8 *) "\x06", 1) < 0)
@@ -2221,6 +2231,11 @@
"interface '%s' UP", bss->ifname);
return ret;
}
+
+ if (is_p2p_net_interface(nlmode))
+ nl80211_disable_11b_rates(bss->drv,
+ bss->drv->ifindex, 1);
+
if (nlmode == NL80211_IFTYPE_P2P_DEVICE)
return ret;
} else {
@@ -2463,6 +2478,7 @@
}
+#ifdef CONFIG_DRIVER_NL80211_QCA
static int issue_key_mgmt_set_key(struct wpa_driver_nl80211_data *drv,
const u8 *key, size_t key_len)
{
@@ -2490,6 +2506,7 @@
return ret;
}
+#endif /* CONFIG_DRIVER_NL80211_QCA */
static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss,
@@ -2520,6 +2537,7 @@
}
#endif /* CONFIG_TDLS */
+#ifdef CONFIG_DRIVER_NL80211_QCA
if (alg == WPA_ALG_PMK &&
(drv->capa.flags & WPA_DRIVER_FLAGS_KEY_MGMT_OFFLOAD)) {
wpa_printf(MSG_DEBUG, "%s: calling issue_key_mgmt_set_key",
@@ -2527,6 +2545,7 @@
ret = issue_key_mgmt_set_key(drv, key, key_len);
return ret;
}
+#endif /* CONFIG_DRIVER_NL80211_QCA */
if (alg == WPA_ALG_NONE) {
msg = nl80211_ifindex_msg(drv, ifindex, 0, NL80211_CMD_DEL_KEY);
@@ -3084,7 +3103,9 @@
const void *data, size_t len,
int encrypt, int noack,
unsigned int freq, int no_cck,
- int offchanok, unsigned int wait_time)
+ int offchanok, unsigned int wait_time,
+ const u16 *csa_offs,
+ size_t csa_offs_len)
{
struct wpa_driver_nl80211_data *drv = bss->drv;
u64 cookie;
@@ -3110,7 +3131,8 @@
wpa_printf(MSG_DEBUG, "nl80211: send_frame -> send_frame_cmd");
res = nl80211_send_frame_cmd(bss, freq, wait_time, data, len,
- &cookie, no_cck, noack, offchanok);
+ &cookie, no_cck, noack, offchanok,
+ csa_offs, csa_offs_len);
if (res == 0 && !noack) {
const struct ieee80211_mgmt *mgmt;
u16 fc;
@@ -3136,7 +3158,9 @@
size_t data_len, int noack,
unsigned int freq, int no_cck,
int offchanok,
- unsigned int wait_time)
+ unsigned int wait_time,
+ const u16 *csa_offs,
+ size_t csa_offs_len)
{
struct wpa_driver_nl80211_data *drv = bss->drv;
struct ieee80211_mgmt *mgmt;
@@ -3166,7 +3190,7 @@
}
return nl80211_send_frame_cmd(bss, freq, 0,
data, data_len, NULL, 1, noack,
- 1);
+ 1, csa_offs, csa_offs_len);
}
if (drv->device_ap_sme && is_ap_interface(drv->nlmode)) {
@@ -3180,7 +3204,8 @@
wait_time,
data, data_len,
&drv->send_action_cookie,
- no_cck, noack, offchanok);
+ no_cck, noack, offchanok,
+ csa_offs, csa_offs_len);
}
if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
@@ -3200,7 +3225,8 @@
wpa_printf(MSG_DEBUG, "nl80211: send_mlme -> send_frame");
return wpa_driver_nl80211_send_frame(bss, data, data_len, encrypt,
noack, freq, no_cck, offchanok,
- wait_time);
+ wait_time, csa_offs,
+ csa_offs_len);
}
@@ -3253,7 +3279,7 @@
struct i802_bss *bss = priv;
struct wpa_driver_nl80211_data *drv = bss->drv;
struct nl_msg *msg;
- struct nlattr *acl;
+ struct nl_msg *acl;
unsigned int i;
int ret;
@@ -3266,23 +3292,26 @@
wpa_printf(MSG_DEBUG, "nl80211: Set %s ACL (num_mac_acl=%u)",
params->acl_policy ? "Accept" : "Deny", params->num_mac_acl);
- if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_SET_MAC_ACL)) ||
- nla_put_u32(msg, NL80211_ATTR_ACL_POLICY, params->acl_policy ?
- NL80211_ACL_POLICY_DENY_UNLESS_LISTED :
- NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED) ||
- (acl = nla_nest_start(msg, NL80211_ATTR_MAC_ADDRS)) == NULL) {
- nlmsg_free(msg);
+ acl = nlmsg_alloc();
+ if (!acl)
return -ENOMEM;
- }
-
for (i = 0; i < params->num_mac_acl; i++) {
- if (nla_put(msg, i + 1, ETH_ALEN, params->mac_acl[i].addr)) {
- nlmsg_free(msg);
+ if (nla_put(acl, i + 1, ETH_ALEN, params->mac_acl[i].addr)) {
+ nlmsg_free(acl);
return -ENOMEM;
}
}
- nla_nest_end(msg, acl);
+ if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_SET_MAC_ACL)) ||
+ nla_put_u32(msg, NL80211_ATTR_ACL_POLICY, params->acl_policy ?
+ NL80211_ACL_POLICY_DENY_UNLESS_LISTED :
+ NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED) ||
+ nla_put_nested(msg, NL80211_ATTR_MAC_ADDRS, acl)) {
+ nlmsg_free(msg);
+ nlmsg_free(acl);
+ return -ENOMEM;
+ }
+ nlmsg_free(acl);
ret = send_and_recv_msgs(drv, msg, NULL, NULL);
if (ret) {
@@ -4236,7 +4265,7 @@
memcpy(pos, data, data_len);
res = wpa_driver_nl80211_send_frame(bss, (u8 *) hdr, len, encrypt, 0,
- 0, 0, 0, 0);
+ 0, 0, 0, 0, NULL, 0);
if (res < 0) {
wpa_printf(MSG_ERROR, "i802_send_eapol - packet len: %lu - "
"failed: %d (%s)",
@@ -4249,8 +4278,9 @@
static int wpa_driver_nl80211_sta_set_flags(void *priv, const u8 *addr,
- int total_flags,
- int flags_or, int flags_and)
+ unsigned int total_flags,
+ unsigned int flags_or,
+ unsigned int flags_and)
{
struct i802_bss *bss = priv;
struct nl_msg *msg;
@@ -4671,6 +4701,7 @@
int ret;
int algs;
+#ifdef CONFIG_DRIVER_NL80211_QCA
if (params->req_key_mgmt_offload && params->psk &&
(params->key_mgmt_suite == WPA_KEY_MGMT_PSK ||
params->key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256 ||
@@ -4680,6 +4711,7 @@
if (ret)
return ret;
}
+#endif /* CONFIG_DRIVER_NL80211_QCA */
wpa_printf(MSG_DEBUG, "nl80211: Connect (ifindex=%d)", drv->ifindex);
msg = nl80211_drv_msg(drv, 0, NL80211_CMD_CONNECT);
@@ -5424,7 +5456,7 @@
return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt,
IEEE80211_HDRLEN +
sizeof(mgmt.u.deauth), 0, 0, 0, 0,
- 0);
+ 0, NULL, 0);
}
@@ -5451,7 +5483,7 @@
return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt,
IEEE80211_HDRLEN +
sizeof(mgmt.u.disassoc), 0, 0, 0, 0,
- 0);
+ 0, NULL, 0);
}
@@ -5674,8 +5706,8 @@
struct wpa_driver_nl80211_data *drv;
struct i802_bss *bss;
size_t i;
- char brname[IFNAMSIZ];
- int ifindex, br_ifindex;
+ char master_ifname[IFNAMSIZ];
+ int ifindex, br_ifindex = 0;
int br_added = 0;
bss = wpa_driver_nl80211_drv_init(hapd, params->ifname,
@@ -5686,15 +5718,21 @@
drv = bss->drv;
- if (linux_br_get(brname, params->ifname) == 0) {
+ if (linux_br_get(master_ifname, params->ifname) == 0) {
wpa_printf(MSG_DEBUG, "nl80211: Interface %s is in bridge %s",
- params->ifname, brname);
- br_ifindex = if_nametoindex(brname);
- os_strlcpy(bss->brname, brname, IFNAMSIZ);
+ params->ifname, master_ifname);
+ br_ifindex = if_nametoindex(master_ifname);
+ os_strlcpy(bss->brname, master_ifname, IFNAMSIZ);
+ } else if ((params->num_bridge == 0 || !params->bridge[0]) &&
+ linux_master_get(master_ifname, params->ifname) == 0) {
+ wpa_printf(MSG_DEBUG, "nl80211: Interface %s is in master %s",
+ params->ifname, master_ifname);
+ /* start listening for EAPOL on the master interface */
+ add_ifidx(drv, if_nametoindex(master_ifname));
} else {
- brname[0] = '\0';
- br_ifindex = 0;
+ master_ifname[0] = '\0';
}
+
bss->br_ifindex = br_ifindex;
for (i = 0; i < params->num_bridge; i++) {
@@ -5714,7 +5752,7 @@
if (i802_check_bridge(drv, bss, params->bridge[0],
params->ifname) < 0)
goto failed;
- if (os_strcmp(params->bridge[0], brname) != 0)
+ if (os_strcmp(params->bridge[0], master_ifname) != 0)
br_added = 1;
}
@@ -5792,8 +5830,9 @@
return NL80211_IFTYPE_P2P_DEVICE;
case WPA_IF_MESH:
return NL80211_IFTYPE_MESH_POINT;
+ default:
+ return -1;
}
- return -1;
}
@@ -6103,7 +6142,8 @@
unsigned int freq, unsigned int wait,
const u8 *buf, size_t buf_len,
u64 *cookie_out, int no_cck, int no_ack,
- int offchanok)
+ int offchanok, const u16 *csa_offs,
+ size_t csa_offs_len)
{
struct wpa_driver_nl80211_data *drv = bss->drv;
struct nl_msg *msg;
@@ -6123,6 +6163,8 @@
nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK)) ||
(no_cck && nla_put_flag(msg, NL80211_ATTR_TX_NO_CCK_RATE)) ||
(no_ack && nla_put_flag(msg, NL80211_ATTR_DONT_WAIT_FOR_ACK)) ||
+ (csa_offs && nla_put(msg, NL80211_ATTR_CSA_C_OFFSETS_TX,
+ csa_offs_len * sizeof(u16), csa_offs)) ||
nla_put(msg, NL80211_ATTR_FRAME, buf_len, buf))
goto fail;
@@ -6182,12 +6224,12 @@
!drv->use_monitor))
ret = wpa_driver_nl80211_send_mlme(bss, buf, 24 + data_len,
0, freq, no_cck, 1,
- wait_time);
+ wait_time, NULL, 0);
else
ret = nl80211_send_frame_cmd(bss, freq, wait_time, buf,
24 + data_len,
&drv->send_action_cookie,
- no_cck, 0, 1);
+ no_cck, 0, 1, NULL, 0);
os_free(buf);
return ret;
@@ -6438,9 +6480,13 @@
static void wpa_driver_nl80211_resume(void *priv)
{
struct i802_bss *bss = priv;
+ enum nl80211_iftype nlmode = nl80211_get_ifmode(bss);
if (i802_set_iface_flags(bss, 1))
wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface up on resume event");
+
+ if (is_p2p_net_interface(nlmode))
+ nl80211_disable_11b_rates(bss->drv, bss->drv->ifindex, 1);
}
@@ -6529,7 +6575,7 @@
{
struct i802_bss *bss = priv;
return wpa_driver_nl80211_send_frame(bss, data, data_len, encrypt, 0,
- 0, 0, 0, 0);
+ 0, 0, 0, 0, NULL, 0);
}
@@ -6938,7 +6984,7 @@
os_memcpy(nulldata.hdr.IEEE80211_SA_FROMDS, own_addr, ETH_ALEN);
if (wpa_driver_nl80211_send_mlme(bss, (u8 *) &nulldata, size, 0, 0, 0,
- 0, 0) < 0)
+ 0, 0, NULL, 0) < 0)
wpa_printf(MSG_DEBUG, "nl80211_send_null_frame: Failed to "
"send poll frame");
}
@@ -7208,6 +7254,19 @@
struct wpa_driver_scan_params *params)
{
struct i802_bss *bss = priv;
+#ifdef CONFIG_DRIVER_NL80211_QCA
+ struct wpa_driver_nl80211_data *drv = bss->drv;
+
+ /*
+ * Do a vendor specific scan if possible. If only_new_results is
+ * set, do a normal scan since a kernel (cfg80211) BSS cache flush
+ * cannot be achieved through a vendor scan. The below condition may
+ * need to be modified if new scan flags are added in the future whose
+ * functionality can only be achieved through a normal scan.
+ */
+ if (drv->scan_vendor_cmd_avail && !params->only_new_results)
+ return wpa_driver_nl80211_vendor_scan(bss, params);
+#endif /* CONFIG_DRIVER_NL80211_QCA */
return wpa_driver_nl80211_scan(bss, params);
}
@@ -7245,11 +7304,13 @@
static int driver_nl80211_send_mlme(void *priv, const u8 *data,
size_t data_len, int noack,
- unsigned int freq)
+ unsigned int freq,
+ const u16 *csa_offs, size_t csa_offs_len)
{
struct i802_bss *bss = priv;
return wpa_driver_nl80211_send_mlme(bss, data, data_len, noack,
- freq, 0, 0, 0);
+ freq, 0, 0, 0, csa_offs,
+ csa_offs_len);
}
@@ -7476,7 +7537,10 @@
"capa.max_acl_mac_addrs=%u\n"
"capa.num_multichan_concurrent=%u\n"
"capa.mac_addr_rand_sched_scan_supported=%d\n"
- "capa.mac_addr_rand_scan_supported=%d\n",
+ "capa.mac_addr_rand_scan_supported=%d\n"
+ "capa.conc_capab=%u\n"
+ "capa.max_conc_chan_2_4=%u\n"
+ "capa.max_conc_chan_5_0=%u\n",
drv->capa.key_mgmt,
drv->capa.enc,
drv->capa.auth,
@@ -7492,7 +7556,10 @@
drv->capa.max_acl_mac_addrs,
drv->capa.num_multichan_concurrent,
drv->capa.mac_addr_rand_sched_scan_supported,
- drv->capa.mac_addr_rand_scan_supported);
+ drv->capa.mac_addr_rand_scan_supported,
+ drv->capa.conc_capab,
+ drv->capa.max_conc_chan_2_4,
+ drv->capa.max_conc_chan_5_0);
if (os_snprintf_error(end - pos, res))
return pos - buf;
pos += res;
@@ -7535,6 +7602,8 @@
struct wpa_driver_nl80211_data *drv = bss->drv;
struct nlattr *beacon_csa;
int ret = -ENOBUFS;
+ int csa_off_len = 0;
+ int i;
wpa_printf(MSG_DEBUG, "nl80211: Channel switch request (cs_count=%u block_tx=%u freq=%d width=%d cf1=%d cf2=%d)",
settings->cs_count, settings->block_tx,
@@ -7551,20 +7620,56 @@
(drv->nlmode != NL80211_IFTYPE_P2P_GO))
return -EOPNOTSUPP;
- /* check settings validity */
- if (!settings->beacon_csa.tail ||
- ((settings->beacon_csa.tail_len <=
- settings->counter_offset_beacon) ||
- (settings->beacon_csa.tail[settings->counter_offset_beacon] !=
- settings->cs_count)))
+ /*
+ * Remove empty counters, assuming Probe Response and Beacon frame
+ * counters match. This implementation assumes that there are only two
+ * counters.
+ */
+ if (settings->counter_offset_beacon[0] &&
+ !settings->counter_offset_beacon[1]) {
+ csa_off_len = 1;
+ } else if (settings->counter_offset_beacon[1] &&
+ !settings->counter_offset_beacon[0]) {
+ csa_off_len = 1;
+ settings->counter_offset_beacon[0] =
+ settings->counter_offset_beacon[1];
+ settings->counter_offset_presp[0] =
+ settings->counter_offset_presp[1];
+ } else if (settings->counter_offset_beacon[1] &&
+ settings->counter_offset_beacon[0]) {
+ csa_off_len = 2;
+ } else {
+ wpa_printf(MSG_ERROR, "nl80211: No CSA counters provided");
+ return -EINVAL;
+ }
+
+ /* Check CSA counters validity */
+ if (drv->capa.max_csa_counters &&
+ csa_off_len > drv->capa.max_csa_counters) {
+ wpa_printf(MSG_ERROR,
+ "nl80211: Too many CSA counters provided");
+ return -EINVAL;
+ }
+
+ if (!settings->beacon_csa.tail)
return -EINVAL;
- if (settings->beacon_csa.probe_resp &&
- ((settings->beacon_csa.probe_resp_len <=
- settings->counter_offset_presp) ||
- (settings->beacon_csa.probe_resp[settings->counter_offset_presp] !=
- settings->cs_count)))
- return -EINVAL;
+ for (i = 0; i < csa_off_len; i++) {
+ u16 csa_c_off_bcn = settings->counter_offset_beacon[i];
+ u16 csa_c_off_presp = settings->counter_offset_presp[i];
+
+ if ((settings->beacon_csa.tail_len <= csa_c_off_bcn) ||
+ (settings->beacon_csa.tail[csa_c_off_bcn] !=
+ settings->cs_count))
+ return -EINVAL;
+
+ if (settings->beacon_csa.probe_resp &&
+ ((settings->beacon_csa.probe_resp_len <=
+ csa_c_off_presp) ||
+ (settings->beacon_csa.probe_resp[csa_c_off_presp] !=
+ settings->cs_count)))
+ return -EINVAL;
+ }
if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_CHANNEL_SWITCH)) ||
nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT,
@@ -7588,11 +7693,13 @@
if (ret)
goto error;
- if (nla_put_u16(msg, NL80211_ATTR_CSA_C_OFF_BEACON,
- settings->counter_offset_beacon) ||
+ if (nla_put(msg, NL80211_ATTR_CSA_C_OFF_BEACON,
+ csa_off_len * sizeof(u16),
+ settings->counter_offset_beacon) ||
(settings->beacon_csa.probe_resp &&
- nla_put_u16(msg, NL80211_ATTR_CSA_C_OFF_PRESP,
- settings->counter_offset_presp)))
+ nla_put(msg, NL80211_ATTR_CSA_C_OFF_PRESP,
+ csa_off_len * sizeof(u16),
+ settings->counter_offset_presp)))
goto fail;
nla_nest_end(msg, beacon_csa);
@@ -7838,6 +7945,7 @@
}
+#ifdef CONFIG_DRIVER_NL80211_QCA
static int nl80211_roaming(void *priv, int allowed, const u8 *bssid)
{
struct i802_bss *bss = priv;
@@ -7870,6 +7978,7 @@
return send_and_recv_msgs(drv, msg, NULL, NULL);
}
+#endif /* CONFIG_DRIVER_NL80211_QCA */
static int nl80211_set_mac_addr(void *priv, const u8 *addr)
@@ -8354,6 +8463,8 @@
}
+#ifdef CONFIG_DRIVER_NL80211_QCA
+
static int hw_mode_to_qca_acs(enum hostapd_hw_mode hw_mode)
{
switch (hw_mode) {
@@ -8373,6 +8484,26 @@
}
+static int add_acs_freq_list(struct nl_msg *msg, const int *freq_list)
+{
+ int i, len, ret;
+ u32 *freqs;
+
+ if (!freq_list)
+ return 0;
+ len = int_array_len(freq_list);
+ freqs = os_malloc(sizeof(u32) * len);
+ if (!freqs)
+ return -1;
+ for (i = 0; i < len; i++)
+ freqs[i] = freq_list[i];
+ ret = nla_put(msg, QCA_WLAN_VENDOR_ATTR_ACS_FREQ_LIST,
+ sizeof(u32) * len, freqs);
+ os_free(freqs);
+ return ret;
+}
+
+
static int wpa_driver_do_acs(void *priv, struct drv_acs_params *params)
{
struct i802_bss *bss = priv;
@@ -8402,7 +8533,8 @@
params->ch_width) ||
(params->ch_list_len &&
nla_put(msg, QCA_WLAN_VENDOR_ATTR_ACS_CH_LIST, params->ch_list_len,
- params->ch_list))) {
+ params->ch_list)) ||
+ add_acs_freq_list(msg, params->freq_list)) {
nlmsg_free(msg);
return -ENOBUFS;
}
@@ -8470,6 +8602,195 @@
}
+struct nl80211_pcl {
+ unsigned int num;
+ unsigned int *freq_list;
+};
+
+static int preferred_freq_info_handler(struct nl_msg *msg, void *arg)
+{
+ struct nlattr *tb[NL80211_ATTR_MAX + 1];
+ struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
+ struct nl80211_pcl *param = arg;
+ struct nlattr *nl_vend, *attr;
+ enum qca_iface_type iface_type;
+ struct nlattr *tb_vendor[QCA_WLAN_VENDOR_ATTR_MAX + 1];
+ unsigned int num, max_num;
+ u32 *freqs;
+
+ nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
+ genlmsg_attrlen(gnlh, 0), NULL);
+
+ nl_vend = tb[NL80211_ATTR_VENDOR_DATA];
+ if (!nl_vend)
+ return NL_SKIP;
+
+ nla_parse(tb_vendor, QCA_WLAN_VENDOR_ATTR_MAX,
+ nla_data(nl_vend), nla_len(nl_vend), NULL);
+
+ attr = tb_vendor[
+ QCA_WLAN_VENDOR_ATTR_GET_PREFERRED_FREQ_LIST_IFACE_TYPE];
+ if (!attr) {
+ wpa_printf(MSG_ERROR, "nl80211: iface_type couldn't be found");
+ param->num = 0;
+ return NL_SKIP;
+ }
+
+ iface_type = (enum qca_iface_type) nla_get_u32(attr);
+ wpa_printf(MSG_DEBUG, "nl80211: Driver returned iface_type=%d",
+ iface_type);
+
+ attr = tb_vendor[QCA_WLAN_VENDOR_ATTR_GET_PREFERRED_FREQ_LIST];
+ if (!attr) {
+ wpa_printf(MSG_ERROR,
+ "nl80211: preferred_freq_list couldn't be found");
+ param->num = 0;
+ return NL_SKIP;
+ }
+
+ /*
+ * param->num has the maximum number of entries for which there
+ * is room in the freq_list provided by the caller.
+ */
+ freqs = nla_data(attr);
+ max_num = nla_len(attr) / sizeof(u32);
+ if (max_num > param->num)
+ max_num = param->num;
+ for (num = 0; num < max_num; num++)
+ param->freq_list[num] = freqs[num];
+ param->num = num;
+
+ return NL_SKIP;
+}
+
+
+static int nl80211_get_pref_freq_list(void *priv,
+ enum wpa_driver_if_type if_type,
+ unsigned int *num,
+ unsigned int *freq_list)
+{
+ struct i802_bss *bss = priv;
+ struct wpa_driver_nl80211_data *drv = bss->drv;
+ struct nl_msg *msg;
+ int ret;
+ unsigned int i;
+ struct nlattr *params;
+ struct nl80211_pcl param;
+ enum qca_iface_type iface_type;
+
+ if (!drv->get_pref_freq_list)
+ return -1;
+
+ switch (if_type) {
+ case WPA_IF_STATION:
+ iface_type = QCA_IFACE_TYPE_STA;
+ break;
+ case WPA_IF_AP_BSS:
+ iface_type = QCA_IFACE_TYPE_AP;
+ break;
+ case WPA_IF_P2P_GO:
+ iface_type = QCA_IFACE_TYPE_P2P_GO;
+ break;
+ case WPA_IF_P2P_CLIENT:
+ iface_type = QCA_IFACE_TYPE_P2P_CLIENT;
+ break;
+ case WPA_IF_IBSS:
+ iface_type = QCA_IFACE_TYPE_IBSS;
+ break;
+ case WPA_IF_TDLS:
+ iface_type = QCA_IFACE_TYPE_TDLS;
+ break;
+ default:
+ return -1;
+ }
+
+ param.num = *num;
+ param.freq_list = freq_list;
+
+ if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
+ nla_put_u32(msg, NL80211_ATTR_IFINDEX, drv->ifindex) ||
+ nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
+ nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
+ QCA_NL80211_VENDOR_SUBCMD_GET_PREFERRED_FREQ_LIST) ||
+ !(params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
+ nla_put_u32(msg,
+ QCA_WLAN_VENDOR_ATTR_GET_PREFERRED_FREQ_LIST_IFACE_TYPE,
+ iface_type)) {
+ wpa_printf(MSG_ERROR,
+ "%s: err in adding vendor_cmd and vendor_data",
+ __func__);
+ nlmsg_free(msg);
+ return -1;
+ }
+ nla_nest_end(msg, params);
+
+ os_memset(freq_list, 0, *num * sizeof(freq_list[0]));
+ ret = send_and_recv_msgs(drv, msg, preferred_freq_info_handler, ¶m);
+ if (ret) {
+ wpa_printf(MSG_ERROR,
+ "%s: err in send_and_recv_msgs", __func__);
+ return ret;
+ }
+
+ *num = param.num;
+
+ for (i = 0; i < *num; i++) {
+ wpa_printf(MSG_DEBUG, "nl80211: preferred_channel_list[%d]=%d",
+ i, freq_list[i]);
+ }
+
+ return 0;
+}
+
+
+static int nl80211_set_prob_oper_freq(void *priv, unsigned int freq)
+{
+ struct i802_bss *bss = priv;
+ struct wpa_driver_nl80211_data *drv = bss->drv;
+ struct nl_msg *msg;
+ int ret;
+ struct nlattr *params;
+
+ if (!drv->set_prob_oper_freq)
+ return -1;
+
+ wpa_printf(MSG_DEBUG,
+ "nl80211: Set P2P probable operating freq %u for ifindex %d",
+ freq, bss->ifindex);
+
+ if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
+ nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
+ nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
+ QCA_NL80211_VENDOR_SUBCMD_SET_PROBABLE_OPER_CHANNEL) ||
+ !(params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
+ nla_put_u32(msg,
+ QCA_WLAN_VENDOR_ATTR_PROBABLE_OPER_CHANNEL_IFACE_TYPE,
+ QCA_IFACE_TYPE_P2P_CLIENT) ||
+ nla_put_u32(msg,
+ QCA_WLAN_VENDOR_ATTR_PROBABLE_OPER_CHANNEL_FREQ,
+ freq)) {
+ wpa_printf(MSG_ERROR,
+ "%s: err in adding vendor_cmd and vendor_data",
+ __func__);
+ nlmsg_free(msg);
+ return -1;
+ }
+ nla_nest_end(msg, params);
+
+ ret = send_and_recv_msgs(drv, msg, NULL, NULL);
+ msg = NULL;
+ if (ret) {
+ wpa_printf(MSG_ERROR, "%s: err in send_and_recv_msgs",
+ __func__);
+ return ret;
+ }
+ nlmsg_free(msg);
+ return 0;
+}
+
+#endif /* CONFIG_DRIVER_NL80211_QCA */
+
+
const struct wpa_driver_ops wpa_driver_nl80211_ops = {
.name = "nl80211",
.desc = "Linux nl80211/cfg80211",
@@ -8563,7 +8884,9 @@
.vendor_cmd = nl80211_vendor_cmd,
.set_qos_map = nl80211_set_qos_map,
.set_wowlan = nl80211_set_wowlan,
+#ifdef CONFIG_DRIVER_NL80211_QCA
.roaming = nl80211_roaming,
+#endif /* CONFIG_DRIVER_NL80211_QCA */
.set_mac_addr = nl80211_set_mac_addr,
#ifdef CONFIG_MESH
.init_mesh = wpa_driver_nl80211_init_mesh,
@@ -8576,6 +8899,10 @@
.br_set_net_param = wpa_driver_br_set_net_param,
.add_tx_ts = nl80211_add_ts,
.del_tx_ts = nl80211_del_ts,
+#ifdef CONFIG_DRIVER_NL80211_QCA
.do_acs = wpa_driver_do_acs,
.set_band = nl80211_set_band,
+ .get_pref_freq_list = nl80211_get_pref_freq_list,
+ .set_prob_oper_freq = nl80211_set_prob_oper_freq,
+#endif /* CONFIG_DRIVER_NL80211_QCA */
};
diff --git a/src/drivers/driver_nl80211.h b/src/drivers/driver_nl80211.h
index 1536d2f..ea5f058 100644
--- a/src/drivers/driver_nl80211.h
+++ b/src/drivers/driver_nl80211.h
@@ -146,7 +146,11 @@
unsigned int set_rekey_offload:1;
unsigned int p2p_go_ctwindow_supported:1;
unsigned int setband_vendor_cmd_avail:1;
+ unsigned int get_pref_freq_list:1;
+ unsigned int set_prob_oper_freq:1;
+ unsigned int scan_vendor_cmd_avail:1;
+ u64 vendor_scan_cookie;
u64 remain_on_chan_cookie;
u64 send_action_cookie;
@@ -180,6 +184,13 @@
int auth_wep_tx_keyidx;
int auth_local_state_change;
int auth_p2p;
+
+ /*
+ * Tells whether the last scan issued from wpa_supplicant was a normal
+ * scan (NL80211_CMD_TRIGGER_SCAN) or a vendor scan
+ * (NL80211_CMD_VENDOR). 0 if no pending scan request.
+ */
+ int last_scan_cmd;
};
struct nl_msg;
@@ -271,5 +282,7 @@
struct wpa_scan_results * wpa_driver_nl80211_get_scan_results(void *priv);
void nl80211_dump_scan(struct wpa_driver_nl80211_data *drv);
const u8 * nl80211_get_ie(const u8 *ies, size_t ies_len, u8 ie);
+int wpa_driver_nl80211_vendor_scan(struct i802_bss *bss,
+ struct wpa_driver_scan_params *params);
#endif /* DRIVER_NL80211_H */
diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c
index 4929cea..59a8efb 100644
--- a/src/drivers/driver_nl80211_capa.c
+++ b/src/drivers/driver_nl80211_capa.c
@@ -580,6 +580,7 @@
case QCA_NL80211_VENDOR_SUBCMD_TEST:
drv->vendor_cmd_test_avail = 1;
break;
+#ifdef CONFIG_DRIVER_NL80211_QCA
case QCA_NL80211_VENDOR_SUBCMD_ROAMING:
drv->roaming_vendor_cmd_avail = 1;
break;
@@ -589,6 +590,12 @@
case QCA_NL80211_VENDOR_SUBCMD_GET_FEATURES:
drv->get_features_vendor_cmd_avail = 1;
break;
+ case QCA_NL80211_VENDOR_SUBCMD_GET_PREFERRED_FREQ_LIST:
+ drv->get_pref_freq_list = 1;
+ break;
+ case QCA_NL80211_VENDOR_SUBCMD_SET_PROBABLE_OPER_CHANNEL:
+ drv->set_prob_oper_freq = 1;
+ break;
case QCA_NL80211_VENDOR_SUBCMD_DO_ACS:
drv->capa.flags |=
WPA_DRIVER_FLAGS_ACS_OFFLOAD;
@@ -596,6 +603,10 @@
case QCA_NL80211_VENDOR_SUBCMD_SETBAND:
drv->setband_vendor_cmd_avail = 1;
break;
+ case QCA_NL80211_VENDOR_SUBCMD_TRIGGER_SCAN:
+ drv->scan_vendor_cmd_avail = 1;
+ break;
+#endif /* CONFIG_DRIVER_NL80211_QCA */
}
}
@@ -627,6 +638,10 @@
capa->max_stations =
nla_get_u32(tb[NL80211_ATTR_MAX_AP_ASSOC_STA]);
+ if (tb[NL80211_ATTR_MAX_CSA_COUNTERS])
+ capa->max_csa_counters =
+ nla_get_u8(tb[NL80211_ATTR_MAX_CSA_COUNTERS]);
+
return NL_SKIP;
}
@@ -683,8 +698,6 @@
if (!drv->capa.max_remain_on_chan)
drv->capa.max_remain_on_chan = 5000;
- if (info->channel_switch_supported)
- drv->capa.flags |= WPA_DRIVER_FLAGS_AP_CSA;
drv->capa.wmm_ac_supported = info->wmm_ac_supported;
drv->capa.mac_addr_rand_sched_scan_supported =
@@ -692,10 +705,18 @@
drv->capa.mac_addr_rand_scan_supported =
info->mac_addr_rand_scan_supported;
+ if (info->channel_switch_supported) {
+ drv->capa.flags |= WPA_DRIVER_FLAGS_AP_CSA;
+ if (!drv->capa.max_csa_counters)
+ drv->capa.max_csa_counters = 1;
+ }
+
return 0;
}
+#ifdef CONFIG_DRIVER_NL80211_QCA
+
static int dfs_info_handler(struct nl_msg *msg, void *arg)
{
struct nlattr *tb[NL80211_ATTR_MAX + 1];
@@ -751,6 +772,7 @@
struct features_info {
u8 *flags;
size_t flags_len;
+ struct wpa_driver_capa *capa;
};
@@ -776,6 +798,19 @@
info->flags = nla_data(attr);
info->flags_len = nla_len(attr);
}
+ attr = tb_vendor[QCA_WLAN_VENDOR_ATTR_CONCURRENCY_CAPA];
+ if (attr)
+ info->capa->conc_capab = nla_get_u32(attr);
+
+ attr = tb_vendor[
+ QCA_WLAN_VENDOR_ATTR_MAX_CONCURRENT_CHANNELS_2_4_BAND];
+ if (attr)
+ info->capa->max_conc_chan_2_4 = nla_get_u32(attr);
+
+ attr = tb_vendor[
+ QCA_WLAN_VENDOR_ATTR_MAX_CONCURRENT_CHANNELS_5_0_BAND];
+ if (attr)
+ info->capa->max_conc_chan_5_0 = nla_get_u32(attr);
}
return NL_SKIP;
@@ -810,6 +845,7 @@
}
os_memset(&info, 0, sizeof(info));
+ info.capa = &drv->capa;
ret = send_and_recv_msgs(drv, msg, features_info_handler, &info);
if (ret || !info.flags)
return;
@@ -819,8 +855,14 @@
if (check_feature(QCA_WLAN_VENDOR_FEATURE_SUPPORT_HW_MODE_ANY, &info))
drv->capa.flags |= WPA_DRIVER_FLAGS_SUPPORT_HW_MODE_ANY;
+
+ if (check_feature(QCA_WLAN_VENDOR_FEATURE_OFFCHANNEL_SIMULTANEOUS,
+ &info))
+ drv->capa.flags |= WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS;
}
+#endif /* CONFIG_DRIVER_NL80211_QCA */
+
int wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv)
{
@@ -901,9 +943,21 @@
if (!drv->use_monitor && !info.data_tx_status)
drv->capa.flags &= ~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS;
+#ifdef CONFIG_DRIVER_NL80211_QCA
qca_nl80211_check_dfs_capa(drv);
qca_nl80211_get_features(drv);
+ /*
+ * To enable offchannel simultaneous support in wpa_supplicant, the
+ * underlying driver needs to support the same along with offchannel TX.
+ * Offchannel TX support is needed since remain_on_channel and
+ * action_tx use some common data structures and hence cannot be
+ * scheduled simultaneously.
+ */
+ if (!(drv->capa.flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX))
+ drv->capa.flags &= ~WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS;
+#endif /* CONFIG_DRIVER_NL80211_QCA */
+
return 0;
}
diff --git a/src/drivers/driver_nl80211_event.c b/src/drivers/driver_nl80211_event.c
index 7b0f721..721b1b9 100644
--- a/src/drivers/driver_nl80211_event.c
+++ b/src/drivers/driver_nl80211_event.c
@@ -968,7 +968,7 @@
static void send_scan_event(struct wpa_driver_nl80211_data *drv, int aborted,
- struct nlattr *tb[])
+ struct nlattr *tb[], int external_scan)
{
union wpa_event_data event;
struct nlattr *nl;
@@ -978,7 +978,7 @@
int freqs[MAX_REPORT_FREQS];
int num_freqs = 0;
- if (drv->scan_for_auth) {
+ if (!external_scan && drv->scan_for_auth) {
drv->scan_for_auth = 0;
wpa_printf(MSG_DEBUG, "nl80211: Scan results for missing "
"cfg80211 BSS entry");
@@ -989,6 +989,8 @@
os_memset(&event, 0, sizeof(event));
info = &event.scan_info;
info->aborted = aborted;
+ info->external_scan = external_scan;
+ info->nl_scan_event = 1;
if (tb[NL80211_ATTR_SCAN_SSIDS]) {
nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_SSIDS], rem) {
@@ -1004,7 +1006,7 @@
}
}
if (tb[NL80211_ATTR_SCAN_FREQUENCIES]) {
- char msg[200], *pos, *end;
+ char msg[300], *pos, *end;
int res;
pos = msg;
@@ -1444,6 +1446,8 @@
}
+#ifdef CONFIG_DRIVER_NL80211_QCA
+
static void qca_nl80211_avoid_freq(struct wpa_driver_nl80211_data *drv,
const u8 *data, size_t len)
{
@@ -1686,6 +1690,140 @@
}
+static void qca_nl80211_scan_trigger_event(struct wpa_driver_nl80211_data *drv,
+ u8 *data, size_t len)
+{
+ struct nlattr *tb[QCA_WLAN_VENDOR_ATTR_SCAN_MAX + 1];
+ u64 cookie = 0;
+ union wpa_event_data event;
+ struct scan_info *info;
+
+ if (nla_parse(tb, QCA_WLAN_VENDOR_ATTR_SCAN_MAX,
+ (struct nlattr *) data, len, NULL) ||
+ !tb[QCA_WLAN_VENDOR_ATTR_SCAN_COOKIE])
+ return;
+
+ cookie = nla_get_u64(tb[QCA_WLAN_VENDOR_ATTR_SCAN_COOKIE]);
+ if (cookie != drv->vendor_scan_cookie) {
+ /* External scan trigger event, ignore */
+ return;
+ }
+
+ /* Cookie match, own scan */
+ os_memset(&event, 0, sizeof(event));
+ info = &event.scan_info;
+ info->external_scan = 0;
+ info->nl_scan_event = 0;
+
+ drv->scan_state = SCAN_STARTED;
+ wpa_supplicant_event(drv->ctx, EVENT_SCAN_STARTED, &event);
+}
+
+
+static void send_vendor_scan_event(struct wpa_driver_nl80211_data *drv,
+ int aborted, struct nlattr *tb[],
+ int external_scan)
+{
+ union wpa_event_data event;
+ struct nlattr *nl;
+ int rem;
+ struct scan_info *info;
+ int freqs[MAX_REPORT_FREQS];
+ int num_freqs = 0;
+
+ os_memset(&event, 0, sizeof(event));
+ info = &event.scan_info;
+ info->aborted = aborted;
+ info->external_scan = external_scan;
+
+ if (tb[QCA_WLAN_VENDOR_ATTR_SCAN_SSIDS]) {
+ nla_for_each_nested(nl,
+ tb[QCA_WLAN_VENDOR_ATTR_SCAN_SSIDS], rem) {
+ struct wpa_driver_scan_ssid *s =
+ &info->ssids[info->num_ssids];
+ s->ssid = nla_data(nl);
+ s->ssid_len = nla_len(nl);
+ wpa_printf(MSG_DEBUG,
+ "nl80211: Scan probed for SSID '%s'",
+ wpa_ssid_txt(s->ssid, s->ssid_len));
+ info->num_ssids++;
+ if (info->num_ssids == WPAS_MAX_SCAN_SSIDS)
+ break;
+ }
+ }
+
+ if (tb[QCA_WLAN_VENDOR_ATTR_SCAN_FREQUENCIES]) {
+ char msg[300], *pos, *end;
+ int res;
+
+ pos = msg;
+ end = pos + sizeof(msg);
+ *pos = '\0';
+
+ nla_for_each_nested(nl,
+ tb[QCA_WLAN_VENDOR_ATTR_SCAN_FREQUENCIES],
+ rem) {
+ freqs[num_freqs] = nla_get_u32(nl);
+ res = os_snprintf(pos, end - pos, " %d",
+ freqs[num_freqs]);
+ if (!os_snprintf_error(end - pos, res))
+ pos += res;
+ num_freqs++;
+ if (num_freqs == MAX_REPORT_FREQS - 1)
+ break;
+ }
+
+ info->freqs = freqs;
+ info->num_freqs = num_freqs;
+ wpa_printf(MSG_DEBUG, "nl80211: Scan included frequencies:%s",
+ msg);
+ }
+ wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, &event);
+}
+
+
+static void qca_nl80211_scan_done_event(struct wpa_driver_nl80211_data *drv,
+ u8 *data, size_t len)
+{
+ struct nlattr *tb[QCA_WLAN_VENDOR_ATTR_SCAN_MAX + 1];
+ u64 cookie = 0;
+ enum scan_status status;
+ int external_scan;
+
+ if (nla_parse(tb, QCA_WLAN_VENDOR_ATTR_SCAN_MAX,
+ (struct nlattr *) data, len, NULL) ||
+ !tb[QCA_WLAN_VENDOR_ATTR_SCAN_STATUS] ||
+ !tb[QCA_WLAN_VENDOR_ATTR_SCAN_COOKIE])
+ return;
+
+ status = nla_get_u8(tb[QCA_WLAN_VENDOR_ATTR_SCAN_STATUS]);
+ if (status >= VENDOR_SCAN_STATUS_MAX)
+ return; /* invalid status */
+
+ cookie = nla_get_u64(tb[QCA_WLAN_VENDOR_ATTR_SCAN_COOKIE]);
+ if (cookie != drv->vendor_scan_cookie) {
+ /* Event from an external scan, get scan results */
+ external_scan = 1;
+ } else {
+ external_scan = 0;
+ if (status == VENDOR_SCAN_STATUS_NEW_RESULTS)
+ drv->scan_state = SCAN_COMPLETED;
+ else
+ drv->scan_state = SCAN_ABORTED;
+
+ eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv,
+ drv->ctx);
+ drv->vendor_scan_cookie = 0;
+ drv->last_scan_cmd = 0;
+ }
+
+ send_vendor_scan_event(drv, (status == VENDOR_SCAN_STATUS_ABORTED), tb,
+ external_scan);
+}
+
+#endif /* CONFIG_DRIVER_NL80211_QCA */
+
+
static void nl80211_vendor_event_qca(struct wpa_driver_nl80211_data *drv,
u32 subcmd, u8 *data, size_t len)
{
@@ -1693,6 +1831,7 @@
case QCA_NL80211_VENDOR_SUBCMD_TEST:
wpa_hexdump(MSG_DEBUG, "nl80211: QCA test event", data, len);
break;
+#ifdef CONFIG_DRIVER_NL80211_QCA
case QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY:
qca_nl80211_avoid_freq(drv, data, len);
break;
@@ -1709,6 +1848,13 @@
case QCA_NL80211_VENDOR_SUBCMD_DFS_OFFLOAD_RADAR_DETECTED:
qca_nl80211_dfs_offload_radar_event(drv, subcmd, data, len);
break;
+ case QCA_NL80211_VENDOR_SUBCMD_TRIGGER_SCAN:
+ qca_nl80211_scan_trigger_event(drv, data, len);
+ break;
+ case QCA_NL80211_VENDOR_SUBCMD_SCAN_DONE:
+ qca_nl80211_scan_done_event(drv, data, len);
+ break;
+#endif /* CONFIG_DRIVER_NL80211_QCA */
default:
wpa_printf(MSG_DEBUG,
"nl80211: Ignore unsupported QCA vendor event %u",
@@ -1831,6 +1977,7 @@
{
struct wpa_driver_nl80211_data *drv = bss->drv;
union wpa_event_data data;
+ int external_scan_event = 0;
wpa_printf(MSG_DEBUG, "nl80211: Drv Event %d (%s) received for %s",
cmd, nl80211_command_to_string(cmd), bss->ifname);
@@ -1883,28 +2030,38 @@
case NL80211_CMD_NEW_SCAN_RESULTS:
wpa_dbg(drv->ctx, MSG_DEBUG,
"nl80211: New scan results available");
- drv->scan_state = SCAN_COMPLETED;
drv->scan_complete_events = 1;
- eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv,
- drv->ctx);
- send_scan_event(drv, 0, tb);
+ if (drv->last_scan_cmd == NL80211_CMD_TRIGGER_SCAN) {
+ drv->scan_state = SCAN_COMPLETED;
+ eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout,
+ drv, drv->ctx);
+ drv->last_scan_cmd = 0;
+ } else {
+ external_scan_event = 1;
+ }
+ send_scan_event(drv, 0, tb, external_scan_event);
break;
case NL80211_CMD_SCHED_SCAN_RESULTS:
wpa_dbg(drv->ctx, MSG_DEBUG,
"nl80211: New sched scan results available");
drv->scan_state = SCHED_SCAN_RESULTS;
- send_scan_event(drv, 0, tb);
+ send_scan_event(drv, 0, tb, 0);
break;
case NL80211_CMD_SCAN_ABORTED:
wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Scan aborted");
- drv->scan_state = SCAN_ABORTED;
- /*
- * Need to indicate that scan results are available in order
- * not to make wpa_supplicant stop its scanning.
- */
- eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv,
- drv->ctx);
- send_scan_event(drv, 1, tb);
+ if (drv->last_scan_cmd == NL80211_CMD_TRIGGER_SCAN) {
+ drv->scan_state = SCAN_ABORTED;
+ /*
+ * Need to indicate that scan results are available in
+ * order not to make wpa_supplicant stop its scanning.
+ */
+ eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout,
+ drv, drv->ctx);
+ drv->last_scan_cmd = 0;
+ } else {
+ external_scan_event = 1;
+ }
+ send_scan_event(drv, 1, tb, external_scan_event);
break;
case NL80211_CMD_AUTHENTICATE:
case NL80211_CMD_ASSOCIATE:
diff --git a/src/drivers/driver_nl80211_scan.c b/src/drivers/driver_nl80211_scan.c
index f3d45e5..966c3fb 100644
--- a/src/drivers/driver_nl80211_scan.c
+++ b/src/drivers/driver_nl80211_scan.c
@@ -14,6 +14,7 @@
#include "utils/common.h"
#include "utils/eloop.h"
#include "common/ieee802_11_defs.h"
+#include "common/qca-vendor.h"
#include "driver_nl80211.h"
@@ -221,6 +222,9 @@
wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: scan request");
drv->scan_for_auth = 0;
+ if (TEST_FAIL())
+ return -1;
+
msg = nl80211_scan_common(bss, NL80211_CMD_TRIGGER_SCAN, params);
if (!msg)
return -1;
@@ -294,6 +298,7 @@
eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout,
drv, drv->ctx);
+ drv->last_scan_cmd = NL80211_CMD_TRIGGER_SCAN;
fail:
nlmsg_free(msg);
@@ -443,8 +448,8 @@
pos = ies;
end = ies + ies_len;
- while (pos + 1 < end) {
- if (pos + 2 + pos[1] > end)
+ while (end - pos > 1) {
+ if (2 + pos[1] > end - pos)
break;
if (pos[0] == ie)
return pos;
@@ -778,3 +783,194 @@
wpa_scan_results_free(res);
}
+
+
+#ifdef CONFIG_DRIVER_NL80211_QCA
+
+static int scan_cookie_handler(struct nl_msg *msg, void *arg)
+{
+ struct nlattr *tb[NL80211_ATTR_MAX + 1];
+ struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
+ u64 *cookie = arg;
+
+ nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
+ genlmsg_attrlen(gnlh, 0), NULL);
+
+ if (tb[NL80211_ATTR_VENDOR_DATA]) {
+ struct nlattr *nl_vendor = tb[NL80211_ATTR_VENDOR_DATA];
+ struct nlattr *tb_vendor[QCA_WLAN_VENDOR_ATTR_SCAN_MAX + 1];
+
+ nla_parse(tb_vendor, QCA_WLAN_VENDOR_ATTR_SCAN_MAX,
+ nla_data(nl_vendor), nla_len(nl_vendor), NULL);
+
+ if (tb_vendor[QCA_WLAN_VENDOR_ATTR_SCAN_COOKIE])
+ *cookie = nla_get_u64(
+ tb_vendor[QCA_WLAN_VENDOR_ATTR_SCAN_COOKIE]);
+ }
+
+ return NL_SKIP;
+}
+
+
+/**
+ * wpa_driver_nl80211_vendor_scan - Request the driver to initiate a vendor scan
+ * @bss: Pointer to private driver data from wpa_driver_nl80211_init()
+ * @params: Scan parameters
+ * Returns: 0 on success, -1 on failure
+ */
+int wpa_driver_nl80211_vendor_scan(struct i802_bss *bss,
+ struct wpa_driver_scan_params *params)
+{
+ struct wpa_driver_nl80211_data *drv = bss->drv;
+ struct nl_msg *msg = NULL;
+ struct nlattr *attr;
+ size_t i;
+ u32 scan_flags = 0;
+ int ret = -1;
+ u64 cookie = 0;
+
+ wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: vendor scan request");
+ drv->scan_for_auth = 0;
+
+ if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
+ nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
+ nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
+ QCA_NL80211_VENDOR_SUBCMD_TRIGGER_SCAN) )
+ goto fail;
+
+ attr = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
+ if (attr == NULL)
+ goto fail;
+
+ if (params->num_ssids) {
+ struct nlattr *ssids;
+
+ ssids = nla_nest_start(msg, QCA_WLAN_VENDOR_ATTR_SCAN_SSIDS);
+ if (ssids == NULL)
+ goto fail;
+ for (i = 0; i < params->num_ssids; i++) {
+ wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan SSID",
+ params->ssids[i].ssid,
+ params->ssids[i].ssid_len);
+ if (nla_put(msg, i + 1, params->ssids[i].ssid_len,
+ params->ssids[i].ssid))
+ goto fail;
+ }
+ nla_nest_end(msg, ssids);
+ }
+
+ if (params->extra_ies) {
+ wpa_hexdump(MSG_MSGDUMP, "nl80211: Scan extra IEs",
+ params->extra_ies, params->extra_ies_len);
+ if (nla_put(msg, QCA_WLAN_VENDOR_ATTR_SCAN_IE,
+ params->extra_ies_len, params->extra_ies))
+ goto fail;
+ }
+
+ if (params->freqs) {
+ struct nlattr *freqs;
+
+ freqs = nla_nest_start(msg,
+ QCA_WLAN_VENDOR_ATTR_SCAN_FREQUENCIES);
+ if (freqs == NULL)
+ goto fail;
+ for (i = 0; params->freqs[i]; i++) {
+ wpa_printf(MSG_MSGDUMP,
+ "nl80211: Scan frequency %u MHz",
+ params->freqs[i]);
+ if (nla_put_u32(msg, i + 1, params->freqs[i]))
+ goto fail;
+ }
+ nla_nest_end(msg, freqs);
+ }
+
+ os_free(drv->filter_ssids);
+ drv->filter_ssids = params->filter_ssids;
+ params->filter_ssids = NULL;
+ drv->num_filter_ssids = params->num_filter_ssids;
+
+ if (params->low_priority && drv->have_low_prio_scan) {
+ wpa_printf(MSG_DEBUG,
+ "nl80211: Add NL80211_SCAN_FLAG_LOW_PRIORITY");
+ scan_flags |= NL80211_SCAN_FLAG_LOW_PRIORITY;
+ }
+
+ if (params->mac_addr_rand) {
+ wpa_printf(MSG_DEBUG,
+ "nl80211: Add NL80211_SCAN_FLAG_RANDOM_ADDR");
+ scan_flags |= NL80211_SCAN_FLAG_RANDOM_ADDR;
+
+ if (params->mac_addr) {
+ wpa_printf(MSG_DEBUG, "nl80211: MAC address: " MACSTR,
+ MAC2STR(params->mac_addr));
+ if (nla_put(msg, QCA_WLAN_VENDOR_ATTR_SCAN_MAC,
+ ETH_ALEN, params->mac_addr))
+ goto fail;
+ }
+
+ if (params->mac_addr_mask) {
+ wpa_printf(MSG_DEBUG, "nl80211: MAC address mask: "
+ MACSTR, MAC2STR(params->mac_addr_mask));
+ if (nla_put(msg, QCA_WLAN_VENDOR_ATTR_SCAN_MAC_MASK,
+ ETH_ALEN, params->mac_addr_mask))
+ goto fail;
+ }
+ }
+
+ if (scan_flags &&
+ nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, scan_flags))
+ goto fail;
+
+ if (params->p2p_probe) {
+ struct nlattr *rates;
+
+ wpa_printf(MSG_DEBUG, "nl80211: P2P probe - mask SuppRates");
+
+ rates = nla_nest_start(msg,
+ QCA_WLAN_VENDOR_ATTR_SCAN_SUPP_RATES);
+ if (rates == NULL)
+ goto fail;
+
+ /*
+ * Remove 2.4 GHz rates 1, 2, 5.5, 11 Mbps from supported rates
+ * by masking out everything else apart from the OFDM rates 6,
+ * 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS rates. All 5 GHz
+ * rates are left enabled.
+ */
+ if (nla_put(msg, NL80211_BAND_2GHZ, 8,
+ "\x0c\x12\x18\x24\x30\x48\x60\x6c"))
+ goto fail;
+ nla_nest_end(msg, rates);
+
+ if (nla_put_flag(msg, QCA_WLAN_VENDOR_ATTR_SCAN_TX_NO_CCK_RATE))
+ goto fail;
+ }
+
+ nla_nest_end(msg, attr);
+
+ ret = send_and_recv_msgs(drv, msg, scan_cookie_handler, &cookie);
+ msg = NULL;
+ if (ret) {
+ wpa_printf(MSG_DEBUG,
+ "nl80211: Vendor scan trigger failed: ret=%d (%s)",
+ ret, strerror(-ret));
+ goto fail;
+ }
+
+ drv->vendor_scan_cookie = cookie;
+ drv->scan_state = SCAN_REQUESTED;
+
+ wpa_printf(MSG_DEBUG,
+ "nl80211: Vendor scan requested (ret=%d) - scan timeout 30 seconds, scan cookie:0x%llx",
+ ret, (long long unsigned int) cookie);
+ eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
+ eloop_register_timeout(30, 0, wpa_driver_nl80211_scan_timeout,
+ drv, drv->ctx);
+ drv->last_scan_cmd = NL80211_CMD_VENDOR;
+
+fail:
+ nlmsg_free(msg);
+ return ret;
+}
+
+#endif /* CONFIG_DRIVER_NL80211_QCA */
diff --git a/src/drivers/driver_privsep.c b/src/drivers/driver_privsep.c
index 1cfc15d..762c12f 100644
--- a/src/drivers/driver_privsep.c
+++ b/src/drivers/driver_privsep.c
@@ -161,11 +161,11 @@
return NULL;
}
- while (results->num < (size_t) num && pos + sizeof(int) < end) {
+ while (results->num < (size_t) num && end - pos > sizeof(int)) {
int len;
os_memcpy(&len, pos, sizeof(int));
pos += sizeof(int);
- if (len < 0 || len > 10000 || pos + len > end)
+ if (len < 0 || len > 10000 || len > end - pos)
break;
r = os_malloc(len);
@@ -220,6 +220,56 @@
}
+static int wpa_driver_privsep_authenticate(
+ void *priv, struct wpa_driver_auth_params *params)
+{
+ struct wpa_driver_privsep_data *drv = priv;
+ struct privsep_cmd_authenticate *data;
+ int i, res;
+ size_t buflen;
+ u8 *pos;
+
+ wpa_printf(MSG_DEBUG, "%s: priv=%p freq=%d bssid=" MACSTR
+ " auth_alg=%d local_state_change=%d p2p=%d",
+ __func__, priv, params->freq, MAC2STR(params->bssid),
+ params->auth_alg, params->local_state_change, params->p2p);
+
+ buflen = sizeof(*data) + params->ie_len + params->sae_data_len;
+ data = os_zalloc(buflen);
+ if (data == NULL)
+ return -1;
+
+ data->freq = params->freq;
+ os_memcpy(data->bssid, params->bssid, ETH_ALEN);
+ os_memcpy(data->ssid, params->ssid, params->ssid_len);
+ data->ssid_len = params->ssid_len;
+ data->auth_alg = params->auth_alg;
+ data->ie_len = params->ie_len;
+ for (i = 0; i < 4; i++) {
+ if (params->wep_key[i])
+ os_memcpy(data->wep_key[i], params->wep_key[i],
+ params->wep_key_len[i]);
+ data->wep_key_len[i] = params->wep_key_len[i];
+ }
+ data->wep_tx_keyidx = params->wep_tx_keyidx;
+ data->local_state_change = params->local_state_change;
+ data->p2p = params->p2p;
+ pos = (u8 *) (data + 1);
+ if (params->ie_len) {
+ os_memcpy(pos, params->ie, params->ie_len);
+ pos += params->ie_len;
+ }
+ if (params->sae_data_len)
+ os_memcpy(pos, params->sae_data, params->sae_data_len);
+
+ res = wpa_priv_cmd(drv, PRIVSEP_CMD_AUTHENTICATE, data, buflen,
+ NULL, NULL);
+ os_free(data);
+
+ return res;
+}
+
+
static int wpa_driver_privsep_associate(
void *priv, struct wpa_driver_associate_params *params)
{
@@ -309,6 +359,32 @@
}
+static void wpa_driver_privsep_event_auth(void *ctx, u8 *buf, size_t len)
+{
+ union wpa_event_data data;
+ struct privsep_event_auth *auth;
+
+ os_memset(&data, 0, sizeof(data));
+ if (len < sizeof(*auth))
+ return;
+ auth = (struct privsep_event_auth *) buf;
+ if (len < sizeof(*auth) + auth->ies_len)
+ return;
+
+ os_memcpy(data.auth.peer, auth->peer, ETH_ALEN);
+ os_memcpy(data.auth.bssid, auth->bssid, ETH_ALEN);
+ data.auth.auth_type = auth->auth_type;
+ data.auth.auth_transaction = auth->auth_transaction;
+ data.auth.status_code = auth->status_code;
+ if (auth->ies_len) {
+ data.auth.ies = (u8 *) (auth + 1);
+ data.auth.ies_len = auth->ies_len;
+ }
+
+ wpa_supplicant_event(ctx, EVENT_AUTH, &data);
+}
+
+
static void wpa_driver_privsep_event_assoc(void *ctx,
enum wpa_event_type event,
u8 *buf, size_t len)
@@ -468,6 +544,9 @@
case PRIVSEP_EVENT_SCAN_RESULTS:
wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, NULL);
break;
+ case PRIVSEP_EVENT_SCAN_STARTED:
+ wpa_supplicant_event(drv->ctx, EVENT_SCAN_STARTED, NULL);
+ break;
case PRIVSEP_EVENT_ASSOC:
wpa_driver_privsep_event_assoc(drv->ctx, EVENT_ASSOC,
event_buf, event_len);
@@ -503,6 +582,9 @@
wpa_driver_privsep_event_rx_eapol(drv->ctx, event_buf,
event_len);
break;
+ case PRIVSEP_EVENT_AUTH:
+ wpa_driver_privsep_event_auth(drv->ctx, event_buf, event_len);
+ break;
}
os_free(buf);
@@ -703,6 +785,10 @@
res = wpa_priv_cmd(drv, PRIVSEP_CMD_GET_CAPA, NULL, 0, capa, &len);
if (res < 0 || len != sizeof(*capa))
return -1;
+ /* For now, no support for passing extended_capa pointers */
+ capa->extended_capa = NULL;
+ capa->extended_capa_mask = NULL;
+ capa->extended_capa_len = 0;
return 0;
}
@@ -735,6 +821,7 @@
.set_param = wpa_driver_privsep_set_param,
.scan2 = wpa_driver_privsep_scan,
.deauthenticate = wpa_driver_privsep_deauthenticate,
+ .authenticate = wpa_driver_privsep_authenticate,
.associate = wpa_driver_privsep_associate,
.get_capa = wpa_driver_privsep_get_capa,
.get_mac_addr = wpa_driver_privsep_get_mac_addr,
diff --git a/src/drivers/driver_wext.c b/src/drivers/driver_wext.c
index 01defdf..791cd5d 100644
--- a/src/drivers/driver_wext.c
+++ b/src/drivers/driver_wext.c
@@ -422,7 +422,7 @@
static void wpa_driver_wext_event_wireless(struct wpa_driver_wext_data *drv,
- char *data, int len)
+ char *data, unsigned int len)
{
struct iw_event iwe_buf, *iwe = &iwe_buf;
char *pos, *end, *custom, *buf;
@@ -430,13 +430,13 @@
pos = data;
end = data + len;
- while (pos + IW_EV_LCP_LEN <= end) {
+ while ((size_t) (end - pos) >= IW_EV_LCP_LEN) {
/* Event data may be unaligned, so make a local, aligned copy
* before processing. */
os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
wpa_printf(MSG_DEBUG, "Wireless event: cmd=0x%x len=%d",
iwe->cmd, iwe->len);
- if (iwe->len <= IW_EV_LCP_LEN)
+ if (iwe->len <= IW_EV_LCP_LEN || iwe->len > end - pos)
return;
custom = pos + IW_EV_POINT_LEN;
@@ -480,7 +480,7 @@
}
break;
case IWEVMICHAELMICFAILURE:
- if (custom + iwe->u.data.length > end) {
+ if (iwe->u.data.length > end - custom) {
wpa_printf(MSG_DEBUG, "WEXT: Invalid "
"IWEVMICHAELMICFAILURE length");
return;
@@ -489,7 +489,7 @@
drv->ctx, custom, iwe->u.data.length);
break;
case IWEVCUSTOM:
- if (custom + iwe->u.data.length > end) {
+ if (iwe->u.data.length > end - custom) {
wpa_printf(MSG_DEBUG, "WEXT: Invalid "
"IWEVCUSTOM length");
return;
@@ -508,7 +508,7 @@
NULL);
break;
case IWEVASSOCREQIE:
- if (custom + iwe->u.data.length > end) {
+ if (iwe->u.data.length > end - custom) {
wpa_printf(MSG_DEBUG, "WEXT: Invalid "
"IWEVASSOCREQIE length");
return;
@@ -517,7 +517,7 @@
drv, custom, iwe->u.data.length);
break;
case IWEVASSOCRESPIE:
- if (custom + iwe->u.data.length > end) {
+ if (iwe->u.data.length > end - custom) {
wpa_printf(MSG_DEBUG, "WEXT: Invalid "
"IWEVASSOCRESPIE length");
return;
@@ -526,7 +526,7 @@
drv, custom, iwe->u.data.length);
break;
case IWEVPMKIDCAND:
- if (custom + iwe->u.data.length > end) {
+ if (iwe->u.data.length > end - custom) {
wpa_printf(MSG_DEBUG, "WEXT: Invalid "
"IWEVPMKIDCAND length");
return;
@@ -1220,7 +1220,7 @@
char *end)
{
int ssid_len = iwe->u.essid.length;
- if (custom + ssid_len > end)
+ if (ssid_len > end - custom)
return;
if (iwe->u.essid.flags &&
ssid_len > 0 &&
@@ -1316,7 +1316,7 @@
size_t clen;
clen = iwe->len;
- if (custom + clen > end)
+ if (clen > (size_t) (end - custom))
return;
maxrate = 0;
while (((ssize_t) clen) >= (ssize_t) sizeof(struct iw_param)) {
@@ -1369,7 +1369,7 @@
u8 *tmp;
clen = iwe->u.data.length;
- if (custom + clen > end)
+ if (clen > (size_t) (end - custom))
return;
if (clen > 7 && os_strncmp(custom, "wpa_ie=", 7) == 0) {
@@ -1441,8 +1441,8 @@
/* Figure out whether we need to fake any IEs */
pos = data->ie;
end = pos + data->ie_len;
- while (pos && pos + 1 < end) {
- if (pos + 2 + pos[1] > end)
+ while (pos && end - pos > 1) {
+ if (2 + pos[1] > end - pos)
break;
if (pos[0] == WLAN_EID_SSID)
ssid_ie = pos;
@@ -1530,11 +1530,11 @@
end = (char *) res_buf + len;
os_memset(&data, 0, sizeof(data));
- while (pos + IW_EV_LCP_LEN <= end) {
+ while ((size_t) (end - pos) >= IW_EV_LCP_LEN) {
/* Event data may be unaligned, so make a local, aligned copy
* before processing. */
os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
- if (iwe->len <= IW_EV_LCP_LEN)
+ if (iwe->len <= IW_EV_LCP_LEN || iwe->len > end - pos)
break;
custom = pos + IW_EV_POINT_LEN;
diff --git a/src/drivers/drivers.mak b/src/drivers/drivers.mak
index 9434078..c4f5f97 100644
--- a/src/drivers/drivers.mak
+++ b/src/drivers/drivers.mak
@@ -30,6 +30,9 @@
DRV_OBJS += ../src/drivers/driver_nl80211_monitor.o
DRV_OBJS += ../src/drivers/driver_nl80211_scan.o
DRV_OBJS += ../src/utils/radiotap.o
+ifdef CONFIG_DRIVER_NL80211_QCA
+DRV_CFLAGS += -DCONFIG_DRIVER_NL80211_QCA
+endif
NEED_SME=y
NEED_AP_MLME=y
NEED_NETLINK=y
@@ -54,7 +57,9 @@
ifdef CONFIG_LIBNL_TINY
DRV_LIBS += -lnl-tiny
else
- DRV_LIBS += -lnl
+ ifndef CONFIG_OSX
+ DRV_LIBS += -lnl
+ endif
endif
ifdef CONFIG_LIBNL20
diff --git a/src/drivers/drivers.mk b/src/drivers/drivers.mk
index 8da4c53..0a05a24 100644
--- a/src/drivers/drivers.mk
+++ b/src/drivers/drivers.mk
@@ -26,6 +26,9 @@
DRV_OBJS += src/drivers/driver_nl80211_monitor.c
DRV_OBJS += src/drivers/driver_nl80211_scan.c
DRV_OBJS += src/utils/radiotap.c
+ifdef CONFIG_DRIVER_NL80211_QCA
+DRV_CFLAGS += -DCONFIG_DRIVER_NL80211_QCA
+endif
NEED_SME=y
NEED_AP_MLME=y
NEED_NETLINK=y
diff --git a/src/drivers/linux_ioctl.c b/src/drivers/linux_ioctl.c
index 837971d..e21147a 100644
--- a/src/drivers/linux_ioctl.c
+++ b/src/drivers/linux_ioctl.c
@@ -219,3 +219,26 @@
os_strlcpy(brname, pos, IFNAMSIZ);
return 0;
}
+
+
+int linux_master_get(char *master_ifname, const char *ifname)
+{
+ char buf[128], masterlink[128], *pos;
+ ssize_t res;
+
+ /* check whether there is a master */
+ os_snprintf(buf, sizeof(buf), "/sys/class/net/%s/master", ifname);
+
+ res = readlink(buf, masterlink, sizeof(masterlink));
+ if (res < 0 || (size_t) res >= sizeof(masterlink))
+ return -1;
+
+ masterlink[res] = '\0';
+
+ pos = os_strrchr(masterlink, '/');
+ if (pos == NULL)
+ return -1;
+ pos++;
+ os_strlcpy(master_ifname, pos, IFNAMSIZ);
+ return 0;
+}
diff --git a/src/drivers/linux_ioctl.h b/src/drivers/linux_ioctl.h
index c03fe6e..6de4d9b 100644
--- a/src/drivers/linux_ioctl.h
+++ b/src/drivers/linux_ioctl.h
@@ -18,5 +18,6 @@
int linux_br_add_if(int sock, const char *brname, const char *ifname);
int linux_br_del_if(int sock, const char *brname, const char *ifname);
int linux_br_get(char *brname, const char *ifname);
+int linux_master_get(char *master_ifname, const char *ifname);
#endif /* LINUX_IOCTL_H */
diff --git a/src/drivers/nl80211_copy.h b/src/drivers/nl80211_copy.h
index ae16ba9..c0ab6b0 100644
--- a/src/drivers/nl80211_copy.h
+++ b/src/drivers/nl80211_copy.h
@@ -1754,8 +1754,9 @@
* should be contained in the result as the sum of the respective counters
* over all channels.
*
- * @NL80211_ATTR_SCHED_SCAN_DELAY: delay before a scheduled scan (or a
- * WoWLAN net-detect scan) is started, u32 in seconds.
+ * @NL80211_ATTR_SCHED_SCAN_DELAY: delay before the first cycle of a
+ * scheduled scan (or a WoWLAN net-detect scan) is started, u32
+ * in seconds.
* @NL80211_ATTR_REG_INDOOR: flag attribute, if set indicates that the device
* is operating in an indoor environment.
@@ -2619,16 +2620,17 @@
* an indoor surroundings, i.e., it is connected to AC power (and not
* through portable DC inverters) or is under the control of a master
* that is acting as an AP and is connected to AC power.
- * @NL80211_FREQUENCY_ATTR_GO_CONCURRENT: GO operation is allowed on this
+ * @NL80211_FREQUENCY_ATTR_IR_CONCURRENT: IR operation is allowed on this
* channel if it's connected concurrently to a BSS on the same channel on
* the 2 GHz band or to a channel in the same UNII band (on the 5 GHz
- * band), and IEEE80211_CHAN_RADAR is not set. Instantiating a GO on a
- * channel that has the GO_CONCURRENT attribute set can be done when there
- * is a clear assessment that the device is operating under the guidance of
- * an authorized master, i.e., setting up a GO while the device is also
- * connected to an AP with DFS and radar detection on the UNII band (it is
- * up to user-space, i.e., wpa_supplicant to perform the required
- * verifications)
+ * band), and IEEE80211_CHAN_RADAR is not set. Instantiating a GO or TDLS
+ * off-channel on a channel that has the IR_CONCURRENT attribute set can be
+ * done when there is a clear assessment that the device is operating under
+ * the guidance of an authorized master, i.e., setting up a GO or TDLS
+ * off-channel while the device is also connected to an AP with DFS and
+ * radar detection on the UNII band (it is up to user-space, i.e.,
+ * wpa_supplicant to perform the required verifications). Using this
+ * attribute for IR is disallowed for master interfaces (IBSS, AP).
* @NL80211_FREQUENCY_ATTR_NO_20MHZ: 20 MHz operation is not allowed
* on this channel in current regulatory domain.
* @NL80211_FREQUENCY_ATTR_NO_10MHZ: 10 MHz operation is not allowed
@@ -2640,7 +2642,7 @@
* See https://apps.fcc.gov/eas/comments/GetPublishedDocument.html?id=327&tn=528122
* for more information on the FCC description of the relaxations allowed
* by NL80211_FREQUENCY_ATTR_INDOOR_ONLY and
- * NL80211_FREQUENCY_ATTR_GO_CONCURRENT.
+ * NL80211_FREQUENCY_ATTR_IR_CONCURRENT.
*/
enum nl80211_frequency_attr {
__NL80211_FREQUENCY_ATTR_INVALID,
@@ -2658,7 +2660,7 @@
NL80211_FREQUENCY_ATTR_NO_160MHZ,
NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
NL80211_FREQUENCY_ATTR_INDOOR_ONLY,
- NL80211_FREQUENCY_ATTR_GO_CONCURRENT,
+ NL80211_FREQUENCY_ATTR_IR_CONCURRENT,
NL80211_FREQUENCY_ATTR_NO_20MHZ,
NL80211_FREQUENCY_ATTR_NO_10MHZ,
@@ -2671,6 +2673,8 @@
#define NL80211_FREQUENCY_ATTR_PASSIVE_SCAN NL80211_FREQUENCY_ATTR_NO_IR
#define NL80211_FREQUENCY_ATTR_NO_IBSS NL80211_FREQUENCY_ATTR_NO_IR
#define NL80211_FREQUENCY_ATTR_NO_IR NL80211_FREQUENCY_ATTR_NO_IR
+#define NL80211_FREQUENCY_ATTR_GO_CONCURRENT \
+ NL80211_FREQUENCY_ATTR_IR_CONCURRENT
/**
* enum nl80211_bitrate_attr - bitrate attributes
@@ -2829,7 +2833,7 @@
* @NL80211_RRF_AUTO_BW: maximum available bandwidth should be calculated
* base on contiguous rules and wider channels will be allowed to cross
* multiple contiguous/overlapping frequency ranges.
- * @NL80211_RRF_GO_CONCURRENT: See &NL80211_FREQUENCY_ATTR_GO_CONCURRENT
+ * @NL80211_RRF_IR_CONCURRENT: See &NL80211_FREQUENCY_ATTR_IR_CONCURRENT
* @NL80211_RRF_NO_HT40MINUS: channels can't be used in HT40- operation
* @NL80211_RRF_NO_HT40PLUS: channels can't be used in HT40+ operation
* @NL80211_RRF_NO_80MHZ: 80MHz operation not allowed
@@ -2846,7 +2850,7 @@
NL80211_RRF_NO_IR = 1<<7,
__NL80211_RRF_NO_IBSS = 1<<8,
NL80211_RRF_AUTO_BW = 1<<11,
- NL80211_RRF_GO_CONCURRENT = 1<<12,
+ NL80211_RRF_IR_CONCURRENT = 1<<12,
NL80211_RRF_NO_HT40MINUS = 1<<13,
NL80211_RRF_NO_HT40PLUS = 1<<14,
NL80211_RRF_NO_80MHZ = 1<<15,
@@ -2858,6 +2862,7 @@
#define NL80211_RRF_NO_IR NL80211_RRF_NO_IR
#define NL80211_RRF_NO_HT40 (NL80211_RRF_NO_HT40MINUS |\
NL80211_RRF_NO_HT40PLUS)
+#define NL80211_RRF_GO_CONCURRENT NL80211_RRF_IR_CONCURRENT
/* For backport compatibility with older userspace */
#define NL80211_RRF_NO_IR_ALL (NL80211_RRF_NO_IR | __NL80211_RRF_NO_IBSS)
diff --git a/src/eap_common/eap_gpsk_common.c b/src/eap_common/eap_gpsk_common.c
index 8c7ae27..b081879 100644
--- a/src/eap_common/eap_gpsk_common.c
+++ b/src/eap_common/eap_gpsk_common.c
@@ -92,7 +92,8 @@
n = (len + hashlen - 1) / hashlen;
for (i = 1; i <= n; i++) {
WPA_PUT_BE16(ibuf, i);
- hmac_sha256_vector(psk, 32, 2, addr, vlen, hash);
+ if (hmac_sha256_vector(psk, 32, 2, addr, vlen, hash))
+ return -1;
clen = left > hashlen ? hashlen : left;
os_memcpy(opos, hash, clen);
opos += clen;
@@ -534,8 +535,7 @@
break;
#ifdef EAP_GPSK_SHA256
case EAP_GPSK_CIPHER_SHA256:
- hmac_sha256(sk, sk_len, data, len, mic);
- ret = 0;
+ ret = hmac_sha256(sk, sk_len, data, len, mic);
break;
#endif /* EAP_GPSK_SHA256 */
default:
@@ -545,5 +545,8 @@
break;
}
+ if (ret)
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: Could not compute MIC");
+
return ret;
}
diff --git a/src/eap_common/eap_pwd_common.c b/src/eap_common/eap_pwd_common.c
index 4d27623..67f8f70 100644
--- a/src/eap_common/eap_pwd_common.c
+++ b/src/eap_common/eap_pwd_common.c
@@ -115,6 +115,26 @@
case 26:
nid = NID_secp224r1;
break;
+#ifdef NID_brainpoolP224r1
+ case 27:
+ nid = NID_brainpoolP224r1;
+ break;
+#endif /* NID_brainpoolP224r1 */
+#ifdef NID_brainpoolP256r1
+ case 28:
+ nid = NID_brainpoolP256r1;
+ break;
+#endif /* NID_brainpoolP256r1 */
+#ifdef NID_brainpoolP384r1
+ case 29:
+ nid = NID_brainpoolP384r1;
+ break;
+#endif /* NID_brainpoolP384r1 */
+#ifdef NID_brainpoolP512r1
+ case 30:
+ nid = NID_brainpoolP512r1;
+ break;
+#endif /* NID_brainpoolP512r1 */
default:
wpa_printf(MSG_INFO, "EAP-pwd: unsupported group %d", num);
return -1;
diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c
index 1dbe003..28d5116 100644
--- a/src/eap_peer/eap.c
+++ b/src/eap_peer/eap.c
@@ -188,6 +188,14 @@
*/
eapol_set_bool(sm, EAPOL_eapResp, FALSE);
eapol_set_bool(sm, EAPOL_eapNoResp, FALSE);
+ /*
+ * RFC 4137 does not reset ignore here, but since it is possible for
+ * some method code paths to end up not setting ignore=FALSE, clear the
+ * value here to avoid issues if a previous authentication attempt
+ * failed with ignore=TRUE being left behind in the last
+ * m.check(eapReqData) operation.
+ */
+ sm->ignore = 0;
sm->num_rounds = 0;
sm->prev_failure = 0;
sm->expected_failure = 0;
@@ -584,7 +592,7 @@
wpa_printf(MSG_DEBUG, "EAP: Valid ERP key found %s (SEQ=%u)",
erp->keyname_nai, erp->next_seq);
- msg = eap_msg_alloc(EAP_VENDOR_IETF, EAP_ERP_TYPE_REAUTH,
+ msg = eap_msg_alloc(EAP_VENDOR_IETF, (EapType) EAP_ERP_TYPE_REAUTH,
1 + 2 + 2 + os_strlen(erp->keyname_nai) + 1 + 16,
EAP_CODE_INITIATE, hdr->identifier);
if (msg == NULL)
@@ -708,7 +716,7 @@
wpabuf_free(sm->lastRespData);
if (sm->eapRespData) {
if (sm->workaround)
- os_memcpy(sm->last_md5, sm->req_md5, 16);
+ os_memcpy(sm->last_sha1, sm->req_sha1, 20);
sm->lastId = sm->reqId;
sm->lastRespData = wpabuf_dup(sm->eapRespData);
eapol_set_bool(sm, EAPOL_eapResp, TRUE);
@@ -914,12 +922,12 @@
duplicate = (sm->reqId == sm->lastId) && sm->rxReq;
if (sm->workaround && duplicate &&
- os_memcmp(sm->req_md5, sm->last_md5, 16) != 0) {
+ os_memcmp(sm->req_sha1, sm->last_sha1, 20) != 0) {
/*
* RFC 4137 uses (reqId == lastId) as the only verification for
* duplicate EAP requests. However, this misses cases where the
* AS is incorrectly using the same id again; and
- * unfortunately, such implementations exist. Use MD5 hash as
+ * unfortunately, such implementations exist. Use SHA1 hash as
* an extra verification for the packets being duplicate to
* workaround these issues.
*/
@@ -1765,7 +1773,7 @@
if (sm->workaround) {
const u8 *addr[1];
addr[0] = wpabuf_head(req);
- md5_vector(1, addr, &plen, sm->req_md5);
+ sha1_vector(1, addr, &plen, sm->req_sha1);
}
switch (hdr->code) {
diff --git a/src/eap_peer/eap_fast.c b/src/eap_peer/eap_fast.c
index f636e74..833dcb6 100644
--- a/src/eap_peer/eap_fast.c
+++ b/src/eap_peer/eap_fast.c
@@ -1096,7 +1096,7 @@
/* Parse TLVs from the decrypted Phase 2 data */
pos = wpabuf_mhead(decrypted);
end = pos + wpabuf_len(decrypted);
- while (pos + 4 < end) {
+ while (end - pos > 4) {
mandatory = pos[0] & 0x80;
tlv_type = WPA_GET_BE16(pos) & 0x3fff;
pos += 2;
@@ -1572,6 +1572,13 @@
EAP_TYPE_FAST,
data->fast_version, id, &msg,
&resp);
+ if (res < 0) {
+ wpa_printf(MSG_DEBUG,
+ "EAP-FAST: TLS processing failed");
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_FAIL;
+ return resp;
+ }
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
char cipher[80];
diff --git a/src/eap_peer/eap_fast_pac.c b/src/eap_peer/eap_fast_pac.c
index 89e604e..c0986b3 100644
--- a/src/eap_peer/eap_fast_pac.c
+++ b/src/eap_peer/eap_fast_pac.c
@@ -709,7 +709,7 @@
pos = pac->pac_info;
end = pos + pac->pac_info_len;
- while (pos + 4 < end) {
+ while (end - pos > 4) {
type = WPA_GET_BE16(pos);
pos += 2;
len = WPA_GET_BE16(pos);
diff --git a/src/eap_peer/eap_i.h b/src/eap_peer/eap_i.h
index 5f8b5fa..99b44da 100644
--- a/src/eap_peer/eap_i.h
+++ b/src/eap_peer/eap_i.h
@@ -338,9 +338,9 @@
Boolean rxResp /* LEAP only */;
Boolean leap_done;
Boolean peap_done;
- u8 req_md5[16]; /* MD5() of the current EAP packet */
- u8 last_md5[16]; /* MD5() of the previously received EAP packet; used
- * in duplicate request detection. */
+ u8 req_sha1[20]; /* SHA1() of the current EAP packet */
+ u8 last_sha1[20]; /* SHA1() of the previously received EAP packet; used
+ * in duplicate request detection. */
void *msg_ctx;
void *scard_ctx;
diff --git a/src/eap_peer/eap_mschapv2.c b/src/eap_peer/eap_mschapv2.c
index 9e486e7..6acf1e8 100644
--- a/src/eap_peer/eap_mschapv2.c
+++ b/src/eap_peer/eap_mschapv2.c
@@ -511,6 +511,11 @@
struct eap_sm *sm, struct eap_mschapv2_data *data,
struct eap_method_ret *ret, const struct eap_mschapv2_hdr *req, u8 id)
{
+#ifdef CONFIG_NO_RC4
+ wpa_printf(MSG_ERROR,
+ "EAP-MSCHAPV2: RC4 not support in the build - cannot change password");
+ return NULL;
+#else /* CONFIG_NO_RC4 */
struct wpabuf *resp;
int ms_len;
const u8 *username, *password, *new_password;
@@ -628,6 +633,7 @@
fail:
wpabuf_free(resp);
return NULL;
+#endif /* CONFIG_NO_RC4 */
}
diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c
index 4f68fce..98a48a6 100644
--- a/src/eap_peer/eap_peap.c
+++ b/src/eap_peer/eap_peap.c
@@ -1011,6 +1011,13 @@
data->peap_version, id, &msg,
&resp);
+ if (res < 0) {
+ wpa_printf(MSG_DEBUG,
+ "EAP-PEAP: TLS processing failed");
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_FAIL;
+ return resp;
+ }
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
char *label;
wpa_printf(MSG_DEBUG,
diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
index 5a60b3f..1f78544 100644
--- a/src/eap_peer/eap_pwd.c
+++ b/src/eap_peer/eap_pwd.c
@@ -288,6 +288,12 @@
}
if (id->prep == EAP_PWD_PREP_MS) {
+#ifdef CONFIG_FIPS
+ wpa_printf(MSG_ERROR,
+ "EAP-PWD (peer): MS password hash not supported in FIPS mode");
+ eap_pwd_state(data, FAILURE);
+ return;
+#else /* CONFIG_FIPS */
if (data->password_hash) {
res = hash_nt_password_hash(data->password, pwhashhash);
} else {
@@ -307,6 +313,7 @@
password = pwhashhash;
password_len = sizeof(pwhashhash);
+#endif /* CONFIG_FIPS */
} else {
password = data->password;
password_len = data->password_len;
diff --git a/src/eap_peer/eap_tls.c b/src/eap_peer/eap_tls.c
index d81b1cf..66a027a 100644
--- a/src/eap_peer/eap_tls.c
+++ b/src/eap_peer/eap_tls.c
@@ -156,20 +156,6 @@
ret->methodState = METHOD_DONE;
ret->decision = DECISION_FAIL;
- if (res == -1) {
- struct eap_peer_config *config = eap_get_config(sm);
- if (config) {
- /*
- * The TLS handshake failed. So better forget the old
- * PIN. It may be wrong, we cannot be sure but trying
- * the wrong one again might block it on the card--so
- * better ask the user again.
- */
- os_free(config->pin);
- config->pin = NULL;
- }
- }
-
if (resp) {
/*
* This is likely an alert message, so send it instead of just
diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c
index fef7fdb..af2b754 100644
--- a/src/eap_peer/eap_tls_common.c
+++ b/src/eap_peer/eap_tls_common.c
@@ -68,6 +68,10 @@
params->flags |= TLS_CONN_DISABLE_SESSION_TICKET;
if (os_strstr(txt, "tls_disable_session_ticket=0"))
params->flags &= ~TLS_CONN_DISABLE_SESSION_TICKET;
+ if (os_strstr(txt, "tls_disable_tlsv1_0=1"))
+ params->flags |= TLS_CONN_DISABLE_TLSv1_0;
+ if (os_strstr(txt, "tls_disable_tlsv1_0=0"))
+ params->flags &= ~TLS_CONN_DISABLE_TLSv1_0;
if (os_strstr(txt, "tls_disable_tlsv1_1=1"))
params->flags |= TLS_CONN_DISABLE_TLSv1_1;
if (os_strstr(txt, "tls_disable_tlsv1_1=0"))
@@ -343,10 +347,10 @@
struct eap_ssl_data *data, u8 eap_type,
size_t *len)
{
- struct tls_keys keys;
+ struct tls_random keys;
u8 *out;
- if (tls_connection_get_keys(sm->ssl_ctx, data->conn, &keys))
+ if (tls_connection_get_random(sm->ssl_ctx, data->conn, &keys))
return NULL;
if (keys.client_random == NULL || keys.server_random == NULL)
@@ -678,12 +682,18 @@
if (tls_connection_get_failed(data->ssl_ctx, data->conn)) {
/* TLS processing has failed - return error */
wpa_printf(MSG_DEBUG, "SSL: Failed - tls_out available to "
- "report error");
+ "report error (len=%u)",
+ (unsigned int) wpabuf_len(data->tls_out));
ret = -1;
/* TODO: clean pin if engine used? */
+ if (wpabuf_len(data->tls_out) == 0) {
+ wpabuf_free(data->tls_out);
+ data->tls_out = NULL;
+ return -1;
+ }
}
- if (data->tls_out == NULL || wpabuf_len(data->tls_out) == 0) {
+ if (wpabuf_len(data->tls_out) == 0) {
/*
* TLS negotiation should now be complete since all other cases
* needing more data should have been caught above based on
@@ -749,20 +759,24 @@
int eap_peer_tls_status(struct eap_sm *sm, struct eap_ssl_data *data,
char *buf, size_t buflen, int verbose)
{
- char name[128];
+ char version[20], name[128];
int len = 0, ret;
- if (tls_get_cipher(data->ssl_ctx, data->conn, name, sizeof(name)) == 0)
- {
- ret = os_snprintf(buf + len, buflen - len,
- "EAP TLS cipher=%s\n"
- "tls_session_reused=%d\n",
- name, tls_connection_resumed(data->ssl_ctx,
- data->conn));
- if (os_snprintf_error(buflen - len, ret))
- return len;
- len += ret;
- }
+ if (tls_get_version(data->ssl_ctx, data->conn, version,
+ sizeof(version)) < 0)
+ version[0] = '\0';
+ if (tls_get_cipher(data->ssl_ctx, data->conn, name, sizeof(name)) < 0)
+ name[0] = '\0';
+
+ ret = os_snprintf(buf + len, buflen - len,
+ "eap_tls_version=%s\n"
+ "EAP TLS cipher=%s\n"
+ "tls_session_reused=%d\n",
+ version, name,
+ tls_connection_resumed(data->ssl_ctx, data->conn));
+ if (os_snprintf_error(buflen - len, ret))
+ return len;
+ len += ret;
return len;
}
diff --git a/src/eap_peer/eap_ttls.c b/src/eap_peer/eap_ttls.c
index 25e3cba..b186c91 100644
--- a/src/eap_peer/eap_ttls.c
+++ b/src/eap_peer/eap_ttls.c
@@ -175,7 +175,8 @@
}
avp->avp_code = host_to_be32(avp_code);
- avp->avp_length = host_to_be32((flags << 24) | (u32) (hdrlen + len));
+ avp->avp_length = host_to_be32(((u32) flags << 24) |
+ (u32) (hdrlen + len));
return avphdr + hdrlen;
}
@@ -253,11 +254,13 @@
}
+#ifndef CONFIG_FIPS
static u8 * eap_ttls_implicit_challenge(struct eap_sm *sm,
struct eap_ttls_data *data, size_t len)
{
return eap_peer_tls_derive_key(sm, &data->ssl, "ttls challenge", len);
}
+#endif /* CONFIG_FIPS */
static void eap_ttls_phase2_select_eap_method(struct eap_ttls_data *data,
@@ -428,6 +431,10 @@
struct eap_method_ret *ret,
struct wpabuf **resp)
{
+#ifdef CONFIG_FIPS
+ wpa_printf(MSG_ERROR, "EAP-TTLS: MSCHAPV2 not supported in FIPS build");
+ return -1;
+#else /* CONFIG_FIPS */
#ifdef EAP_MSCHAPv2
struct wpabuf *msg;
u8 *buf, *pos, *challenge, *peer_challenge;
@@ -510,6 +517,7 @@
wpa_printf(MSG_ERROR, "EAP-TTLS: MSCHAPv2 not included in the build");
return -1;
#endif /* EAP_MSCHAPv2 */
+#endif /* CONFIG_FIPS */
}
@@ -518,6 +526,10 @@
struct eap_method_ret *ret,
struct wpabuf **resp)
{
+#ifdef CONFIG_FIPS
+ wpa_printf(MSG_ERROR, "EAP-TTLS: MSCHAP not supported in FIPS build");
+ return -1;
+#else /* CONFIG_FIPS */
struct wpabuf *msg;
u8 *buf, *pos, *challenge;
const u8 *identity, *password;
@@ -592,6 +604,7 @@
ret->decision = DECISION_COND_SUCC;
return 0;
+#endif /* CONFIG_FIPS */
}
@@ -654,6 +667,10 @@
struct eap_method_ret *ret,
struct wpabuf **resp)
{
+#ifdef CONFIG_FIPS
+ wpa_printf(MSG_ERROR, "EAP-TTLS: CHAP not supported in FIPS build");
+ return -1;
+#else /* CONFIG_FIPS */
struct wpabuf *msg;
u8 *buf, *pos, *challenge;
const u8 *identity, *password;
@@ -722,6 +739,7 @@
ret->decision = DECISION_COND_SUCC;
return 0;
+#endif /* CONFIG_FIPS */
}
@@ -1393,6 +1411,12 @@
res = eap_peer_tls_process_helper(sm, &data->ssl, EAP_TYPE_TTLS,
data->ttls_version, identifier,
in_data, out_data);
+ if (res < 0) {
+ wpa_printf(MSG_DEBUG, "EAP-TTLS: TLS processing failed");
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_FAIL;
+ return -1;
+ }
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
wpa_printf(MSG_DEBUG, "EAP-TTLS: TLS done, proceed to "
diff --git a/src/eap_peer/eap_wsc.c b/src/eap_peer/eap_wsc.c
index 7ce0a53..7ac99c7 100644
--- a/src/eap_peer/eap_wsc.c
+++ b/src/eap_peer/eap_wsc.c
@@ -557,6 +557,9 @@
if (data->out_buf == NULL) {
wpa_printf(MSG_DEBUG, "EAP-WSC: Failed to receive "
"message from WPS");
+ eap_wsc_state(data, FAIL);
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_FAIL;
return NULL;
}
data->out_used = 0;
diff --git a/src/eap_peer/ikev2.c b/src/eap_peer/ikev2.c
index 55ab72a..ca6502e 100644
--- a/src/eap_peer/ikev2.c
+++ b/src/eap_peer/ikev2.c
@@ -128,7 +128,7 @@
t = (const struct ikev2_transform *) pos;
transform_len = WPA_GET_BE16(t->transform_length);
- if (transform_len < (int) sizeof(*t) || pos + transform_len > end) {
+ if (transform_len < (int) sizeof(*t) || transform_len > end - pos) {
wpa_printf(MSG_INFO, "IKEV2: Invalid transform length %d",
transform_len);
return -1;
@@ -248,7 +248,7 @@
ppos = (const u8 *) (p + 1);
pend = pos + proposal_len;
- if (ppos + p->spi_size > pend) {
+ if (p->spi_size > pend - ppos) {
wpa_printf(MSG_INFO, "IKEV2: Not enough room for SPI "
"in proposal");
return -1;
diff --git a/src/eap_server/eap.h b/src/eap_server/eap.h
index 09be581..69eaab8 100644
--- a/src/eap_server/eap.h
+++ b/src/eap_server/eap.h
@@ -131,6 +131,7 @@
const u8 *server_id;
size_t server_id_len;
int erp;
+ unsigned int tls_session_lifetime;
#ifdef CONFIG_TESTING_OPTIONS
u32 tls_test_flags;
diff --git a/src/eap_server/eap_i.h b/src/eap_server/eap_i.h
index 978c879..c90443d 100644
--- a/src/eap_server/eap_i.h
+++ b/src/eap_server/eap_i.h
@@ -210,6 +210,7 @@
Boolean initiate_reauth_start_sent;
Boolean try_initiate_reauth;
int erp;
+ unsigned int tls_session_lifetime;
#ifdef CONFIG_TESTING_OPTIONS
u32 tls_test_flags;
diff --git a/src/eap_server/eap_server.c b/src/eap_server/eap_server.c
index 6651229..84ecafc 100644
--- a/src/eap_server/eap_server.c
+++ b/src/eap_server/eap_server.c
@@ -96,7 +96,8 @@
plen += 2 + domain_len;
}
- msg = eap_msg_alloc(EAP_VENDOR_IETF, EAP_ERP_TYPE_REAUTH_START, plen,
+ msg = eap_msg_alloc(EAP_VENDOR_IETF,
+ (EapType) EAP_ERP_TYPE_REAUTH_START, plen,
EAP_CODE_INITIATE, id);
if (msg == NULL)
return NULL;
@@ -714,8 +715,8 @@
plen = 1 + 2 + 2 + os_strlen(nai);
if (hash_len)
plen += 1 + hash_len;
- msg = eap_msg_alloc(EAP_VENDOR_IETF, EAP_ERP_TYPE_REAUTH, plen,
- EAP_CODE_FINISH, id);
+ msg = eap_msg_alloc(EAP_VENDOR_IETF, (EapType) EAP_ERP_TYPE_REAUTH,
+ plen, EAP_CODE_FINISH, id);
if (msg == NULL)
return;
wpabuf_put_u8(msg, flags);
@@ -799,7 +800,7 @@
sm->rxInitiate = FALSE;
- pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_ERP_TYPE_REAUTH,
+ pos = eap_hdr_validate(EAP_VENDOR_IETF, (EapType) EAP_ERP_TYPE_REAUTH,
sm->eap_if.eapRespData, &len);
if (pos == NULL) {
wpa_printf(MSG_INFO, "EAP-Initiate: Invalid frame");
@@ -1246,6 +1247,17 @@
break;
}
SM_ENTER(EAP, SEND_REQUEST);
+ if (sm->eap_if.eapNoReq && !sm->eap_if.eapReq) {
+ /*
+ * This transition is not mentioned in RFC 4137, but it
+ * is needed to handle cleanly a case where EAP method
+ * buildReq fails.
+ */
+ wpa_printf(MSG_DEBUG,
+ "EAP: Method did not return a request");
+ SM_ENTER(EAP, FAILURE);
+ break;
+ }
break;
case EAP_METHOD_RESPONSE:
/*
@@ -1853,6 +1865,7 @@
sm->server_id = conf->server_id;
sm->server_id_len = conf->server_id_len;
sm->erp = conf->erp;
+ sm->tls_session_lifetime = conf->tls_session_lifetime;
#ifdef CONFIG_TESTING_OPTIONS
sm->tls_test_flags = conf->tls_test_flags;
diff --git a/src/eap_server/eap_server_fast.c b/src/eap_server/eap_server_fast.c
index 6745100..47210e1 100644
--- a/src/eap_server/eap_server_fast.c
+++ b/src/eap_server/eap_server_fast.c
@@ -180,42 +180,47 @@
buf, end - buf);
pos = buf;
- while (pos + 1 < end) {
- if (pos + 2 + pos[1] > end)
+ while (end - pos > 1) {
+ u8 id, elen;
+
+ id = *pos++;
+ elen = *pos++;
+ if (elen > end - pos)
break;
- switch (*pos) {
+ switch (id) {
case PAC_OPAQUE_TYPE_PAD:
goto done;
case PAC_OPAQUE_TYPE_KEY:
- if (pos[1] != EAP_FAST_PAC_KEY_LEN) {
- wpa_printf(MSG_DEBUG, "EAP-FAST: Invalid "
- "PAC-Key length %d", pos[1]);
+ if (elen != EAP_FAST_PAC_KEY_LEN) {
+ wpa_printf(MSG_DEBUG,
+ "EAP-FAST: Invalid PAC-Key length %d",
+ elen);
os_free(buf);
return -1;
}
- pac_key = pos + 2;
+ pac_key = pos;
wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: PAC-Key from "
"decrypted PAC-Opaque",
pac_key, EAP_FAST_PAC_KEY_LEN);
break;
case PAC_OPAQUE_TYPE_LIFETIME:
- if (pos[1] != 4) {
+ if (elen != 4) {
wpa_printf(MSG_DEBUG, "EAP-FAST: Invalid "
"PAC-Key lifetime length %d",
- pos[1]);
+ elen);
os_free(buf);
return -1;
}
- lifetime = WPA_GET_BE32(pos + 2);
+ lifetime = WPA_GET_BE32(pos);
break;
case PAC_OPAQUE_TYPE_IDENTITY:
- identity = pos + 2;
- identity_len = pos[1];
+ identity = pos;
+ identity_len = elen;
break;
}
- pos += 2 + pos[1];
+ pos += elen;
}
done:
@@ -428,7 +433,7 @@
}
data->state = START;
- if (eap_server_tls_ssl_init(sm, &data->ssl, 0)) {
+ if (eap_server_tls_ssl_init(sm, &data->ssl, 0, EAP_TYPE_FAST)) {
wpa_printf(MSG_INFO, "EAP-FAST: Failed to initialize SSL.");
eap_fast_reset(sm, data);
return NULL;
@@ -1134,7 +1139,7 @@
pos = wpabuf_mhead(data);
end = pos + wpabuf_len(data);
- while (pos + 4 < end) {
+ while (end - pos > 4) {
mandatory = pos[0] & 0x80;
tlv_type = WPA_GET_BE16(pos) & 0x3fff;
pos += 2;
diff --git a/src/eap_server/eap_server_peap.c b/src/eap_server/eap_server_peap.c
index 3848f30..51062b0 100644
--- a/src/eap_server/eap_server_peap.c
+++ b/src/eap_server/eap_server_peap.c
@@ -95,6 +95,37 @@
eap_peap_state_txt(data->state),
eap_peap_state_txt(state));
data->state = state;
+ if (state == FAILURE || state == FAILURE_REQ)
+ tls_connection_remove_session(data->ssl.conn);
+}
+
+
+static void eap_peap_valid_session(struct eap_sm *sm,
+ struct eap_peap_data *data)
+{
+ struct wpabuf *buf;
+
+ if (!sm->tls_session_lifetime ||
+ tls_connection_resumed(sm->ssl_ctx, data->ssl.conn))
+ return;
+
+ buf = wpabuf_alloc(1 + 1 + sm->identity_len);
+ if (!buf)
+ return;
+ wpabuf_put_u8(buf, EAP_TYPE_PEAP);
+ if (sm->identity) {
+ u8 id_len;
+
+ if (sm->identity_len <= 255)
+ id_len = sm->identity_len;
+ else
+ id_len = 255;
+ wpabuf_put_u8(buf, id_len);
+ wpabuf_put_data(buf, sm->identity, id_len);
+ } else {
+ wpabuf_put_u8(buf, 0);
+ }
+ tls_connection_set_success_data(data->ssl.conn, buf);
}
@@ -151,7 +182,7 @@
data->state = START;
data->crypto_binding = OPTIONAL_BINDING;
- if (eap_server_tls_ssl_init(sm, &data->ssl, 0)) {
+ if (eap_server_tls_ssl_init(sm, &data->ssl, 0, EAP_TYPE_PEAP)) {
wpa_printf(MSG_INFO, "EAP-PEAP: Failed to initialize SSL.");
eap_peap_reset(sm, data);
return NULL;
@@ -708,10 +739,12 @@
if (status == EAP_TLV_RESULT_SUCCESS) {
wpa_printf(MSG_INFO, "EAP-PEAP: TLV Result - Success "
"- requested %s", requested);
- if (data->tlv_request == TLV_REQ_SUCCESS)
+ if (data->tlv_request == TLV_REQ_SUCCESS) {
eap_peap_state(data, SUCCESS);
- else
+ eap_peap_valid_session(sm, data);
+ } else {
eap_peap_state(data, FAILURE);
+ }
} else if (status == EAP_TLV_RESULT_FAILURE) {
wpa_printf(MSG_INFO, "EAP-PEAP: TLV Result - Failure "
@@ -1094,6 +1127,7 @@
wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 Success");
if (data->state == SUCCESS_REQ) {
eap_peap_state(data, SUCCESS);
+ eap_peap_valid_session(sm, data);
}
break;
case EAP_CODE_FAILURE:
@@ -1159,6 +1193,7 @@
break;
case SUCCESS_REQ:
eap_peap_state(data, SUCCESS);
+ eap_peap_valid_session(sm, data);
break;
case FAILURE_REQ:
eap_peap_state(data, FAILURE);
@@ -1175,10 +1210,65 @@
struct wpabuf *respData)
{
struct eap_peap_data *data = priv;
+ const struct wpabuf *buf;
+ const u8 *pos;
+ u8 id_len;
+
if (eap_server_tls_process(sm, &data->ssl, respData, data,
EAP_TYPE_PEAP, eap_peap_process_version,
- eap_peap_process_msg) < 0)
+ eap_peap_process_msg) < 0) {
eap_peap_state(data, FAILURE);
+ return;
+ }
+
+ if (data->state == SUCCESS ||
+ !tls_connection_established(sm->ssl_ctx, data->ssl.conn) ||
+ !tls_connection_resumed(sm->ssl_ctx, data->ssl.conn))
+ return;
+
+ buf = tls_connection_get_success_data(data->ssl.conn);
+ if (!buf || wpabuf_len(buf) < 2) {
+ wpa_printf(MSG_DEBUG,
+ "EAP-PEAP: No success data in resumed session - reject attempt");
+ eap_peap_state(data, FAILURE);
+ return;
+ }
+
+ pos = wpabuf_head(buf);
+ if (*pos != EAP_TYPE_PEAP) {
+ wpa_printf(MSG_DEBUG,
+ "EAP-PEAP: Resumed session for another EAP type (%u) - reject attempt",
+ *pos);
+ eap_peap_state(data, FAILURE);
+ return;
+ }
+
+ pos++;
+ id_len = *pos++;
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP-PEAP: Identity from cached session",
+ pos, id_len);
+ os_free(sm->identity);
+ sm->identity = os_malloc(id_len ? id_len : 1);
+ if (!sm->identity) {
+ sm->identity_len = 0;
+ eap_peap_state(data, FAILURE);
+ return;
+ }
+
+ os_memcpy(sm->identity, pos, id_len);
+ sm->identity_len = id_len;
+
+ if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) {
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP-PEAP: Phase2 Identity not found in the user database",
+ sm->identity, sm->identity_len);
+ eap_peap_state(data, FAILURE);
+ return;
+ }
+
+ wpa_printf(MSG_DEBUG,
+ "EAP-PEAP: Resuming previous session - skip Phase2");
+ eap_peap_state(data, SUCCESS_REQ);
+ tls_connection_set_success_data_resumed(data->ssl.conn);
}
diff --git a/src/eap_server/eap_server_tls.c b/src/eap_server/eap_server_tls.c
index 58cfe8a..bd18a4b 100644
--- a/src/eap_server/eap_server_tls.c
+++ b/src/eap_server/eap_server_tls.c
@@ -48,6 +48,23 @@
eap_tls_state_txt(data->state),
eap_tls_state_txt(state));
data->state = state;
+ if (state == FAILURE)
+ tls_connection_remove_session(data->ssl.conn);
+}
+
+
+static void eap_tls_valid_session(struct eap_sm *sm, struct eap_tls_data *data)
+{
+ struct wpabuf *buf;
+
+ if (!sm->tls_session_lifetime)
+ return;
+
+ buf = wpabuf_alloc(1);
+ if (!buf)
+ return;
+ wpabuf_put_u8(buf, data->eap_type);
+ tls_connection_set_success_data(data->ssl.conn, buf);
}
@@ -60,7 +77,7 @@
return NULL;
data->state = START;
- if (eap_server_tls_ssl_init(sm, &data->ssl, 1)) {
+ if (eap_server_tls_ssl_init(sm, &data->ssl, 1, EAP_TYPE_TLS)) {
wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL.");
eap_tls_reset(sm, data);
return NULL;
@@ -82,7 +99,7 @@
return NULL;
data->state = START;
- if (eap_server_tls_ssl_init(sm, &data->ssl, 0)) {
+ if (eap_server_tls_ssl_init(sm, &data->ssl, 0, EAP_UNAUTH_TLS_TYPE)) {
wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL.");
eap_tls_reset(sm, data);
return NULL;
@@ -104,7 +121,8 @@
return NULL;
data->state = START;
- if (eap_server_tls_ssl_init(sm, &data->ssl, 0)) {
+ if (eap_server_tls_ssl_init(sm, &data->ssl, 0,
+ EAP_WFA_UNAUTH_TLS_TYPE)) {
wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL.");
eap_tls_reset(sm, data);
return NULL;
@@ -183,6 +201,7 @@
* fragments waiting to be sent out. */
wpa_printf(MSG_DEBUG, "EAP-TLS: Done");
eap_tls_state(data, SUCCESS);
+ eap_tls_valid_session(sm, data);
}
return res;
@@ -234,10 +253,41 @@
struct wpabuf *respData)
{
struct eap_tls_data *data = priv;
+ const struct wpabuf *buf;
+ const u8 *pos;
+
if (eap_server_tls_process(sm, &data->ssl, respData, data,
data->eap_type, NULL, eap_tls_process_msg) <
- 0)
+ 0) {
eap_tls_state(data, FAILURE);
+ return;
+ }
+
+ if (!tls_connection_established(sm->ssl_ctx, data->ssl.conn) ||
+ !tls_connection_resumed(sm->ssl_ctx, data->ssl.conn))
+ return;
+
+ buf = tls_connection_get_success_data(data->ssl.conn);
+ if (!buf || wpabuf_len(buf) < 1) {
+ wpa_printf(MSG_DEBUG,
+ "EAP-TLS: No success data in resumed session - reject attempt");
+ eap_tls_state(data, FAILURE);
+ return;
+ }
+
+ pos = wpabuf_head(buf);
+ if (*pos != data->eap_type) {
+ wpa_printf(MSG_DEBUG,
+ "EAP-TLS: Resumed session for another EAP type (%u) - reject attempt",
+ *pos);
+ eap_tls_state(data, FAILURE);
+ return;
+ }
+
+ wpa_printf(MSG_DEBUG,
+ "EAP-TLS: Resuming previous session");
+ eap_tls_state(data, SUCCESS);
+ tls_connection_set_success_data_resumed(data->ssl.conn);
}
diff --git a/src/eap_server/eap_server_tls_common.c b/src/eap_server/eap_server_tls_common.c
index 23498c9..05677b7 100644
--- a/src/eap_server/eap_server_tls_common.c
+++ b/src/eap_server/eap_server_tls_common.c
@@ -44,8 +44,11 @@
int eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
- int verify_peer)
+ int verify_peer, int eap_type)
{
+ u8 session_ctx[8];
+ unsigned int flags = 0;
+
if (sm->ssl_ctx == NULL) {
wpa_printf(MSG_ERROR, "TLS context not initialized - cannot use TLS-based EAP method");
return -1;
@@ -68,7 +71,13 @@
#endif /* CONFIG_TESTING_OPTIONS */
#endif /* CONFIG_TLS_INTERNAL */
- if (tls_connection_set_verify(sm->ssl_ctx, data->conn, verify_peer)) {
+ if (eap_type != EAP_TYPE_FAST)
+ flags |= TLS_CONN_DISABLE_SESSION_TICKET;
+ os_memcpy(session_ctx, "hostapd", 7);
+ session_ctx[7] = (u8) eap_type;
+ if (tls_connection_set_verify(sm->ssl_ctx, data->conn, verify_peer,
+ flags, session_ctx,
+ sizeof(session_ctx))) {
wpa_printf(MSG_INFO, "SSL: Failed to configure verification "
"of TLS peer certificate");
tls_connection_deinit(sm->ssl_ctx, data->conn);
@@ -133,10 +142,10 @@
struct eap_ssl_data *data, u8 eap_type,
size_t *len)
{
- struct tls_keys keys;
+ struct tls_random keys;
u8 *out;
- if (tls_connection_get_keys(sm->ssl_ctx, data->conn, &keys))
+ if (tls_connection_get_random(sm->ssl_ctx, data->conn, &keys))
return NULL;
if (keys.client_random == NULL || keys.server_random == NULL)
diff --git a/src/eap_server/eap_server_ttls.c b/src/eap_server/eap_server_ttls.c
index 31c67e8..53ffa1e 100644
--- a/src/eap_server/eap_server_ttls.c
+++ b/src/eap_server/eap_server_ttls.c
@@ -71,6 +71,36 @@
eap_ttls_state_txt(data->state),
eap_ttls_state_txt(state));
data->state = state;
+ if (state == FAILURE)
+ tls_connection_remove_session(data->ssl.conn);
+}
+
+
+static void eap_ttls_valid_session(struct eap_sm *sm,
+ struct eap_ttls_data *data)
+{
+ struct wpabuf *buf;
+
+ if (!sm->tls_session_lifetime)
+ return;
+
+ buf = wpabuf_alloc(1 + 1 + sm->identity_len);
+ if (!buf)
+ return;
+ wpabuf_put_u8(buf, EAP_TYPE_TTLS);
+ if (sm->identity) {
+ u8 id_len;
+
+ if (sm->identity_len <= 255)
+ id_len = sm->identity_len;
+ else
+ id_len = 255;
+ wpabuf_put_u8(buf, id_len);
+ wpabuf_put_data(buf, sm->identity, id_len);
+ } else {
+ wpabuf_put_u8(buf, 0);
+ }
+ tls_connection_set_success_data(data->ssl.conn, buf);
}
@@ -317,7 +347,7 @@
data->ttls_version = EAP_TTLS_VERSION;
data->state = START;
- if (eap_server_tls_ssl_init(sm, &data->ssl, 0)) {
+ if (eap_server_tls_ssl_init(sm, &data->ssl, 0, EAP_TYPE_TTLS)) {
wpa_printf(MSG_INFO, "EAP-TTLS: Failed to initialize SSL.");
eap_ttls_reset(sm, data);
return NULL;
@@ -518,6 +548,7 @@
wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP: Correct user password");
eap_ttls_state(data, SUCCESS);
+ eap_ttls_valid_session(sm, data);
}
@@ -576,6 +607,7 @@
0) {
wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Correct user password");
eap_ttls_state(data, SUCCESS);
+ eap_ttls_valid_session(sm, data);
} else {
wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Invalid user password");
eap_ttls_state(data, FAILURE);
@@ -643,6 +675,7 @@
if (os_memcmp_const(nt_response, response + 2 + 24, 24) == 0) {
wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Correct response");
eap_ttls_state(data, SUCCESS);
+ eap_ttls_valid_session(sm, data);
} else {
wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Invalid NT-Response");
wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAP: Received",
@@ -906,6 +939,7 @@
break;
case PHASE2_METHOD:
eap_ttls_state(data, SUCCESS);
+ eap_ttls_valid_session(sm, data);
break;
case FAILURE:
break;
@@ -1129,6 +1163,7 @@
wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Peer "
"acknowledged response");
eap_ttls_state(data, SUCCESS);
+ eap_ttls_valid_session(sm, data);
} else if (!data->mschapv2_resp_ok) {
wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Peer "
"acknowledged error");
@@ -1155,10 +1190,64 @@
struct wpabuf *respData)
{
struct eap_ttls_data *data = priv;
+ const struct wpabuf *buf;
+ const u8 *pos;
+ u8 id_len;
+
if (eap_server_tls_process(sm, &data->ssl, respData, data,
EAP_TYPE_TTLS, eap_ttls_process_version,
- eap_ttls_process_msg) < 0)
+ eap_ttls_process_msg) < 0) {
eap_ttls_state(data, FAILURE);
+ return;
+ }
+
+ if (!tls_connection_established(sm->ssl_ctx, data->ssl.conn) ||
+ !tls_connection_resumed(sm->ssl_ctx, data->ssl.conn))
+ return;
+
+ buf = tls_connection_get_success_data(data->ssl.conn);
+ if (!buf || wpabuf_len(buf) < 1) {
+ wpa_printf(MSG_DEBUG,
+ "EAP-TTLS: No success data in resumed session - reject attempt");
+ eap_ttls_state(data, FAILURE);
+ return;
+ }
+
+ pos = wpabuf_head(buf);
+ if (*pos != EAP_TYPE_TTLS) {
+ wpa_printf(MSG_DEBUG,
+ "EAP-TTLS: Resumed session for another EAP type (%u) - reject attempt",
+ *pos);
+ eap_ttls_state(data, FAILURE);
+ return;
+ }
+
+ pos++;
+ id_len = *pos++;
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: Identity from cached session",
+ pos, id_len);
+ os_free(sm->identity);
+ sm->identity = os_malloc(id_len ? id_len : 1);
+ if (!sm->identity) {
+ sm->identity_len = 0;
+ eap_ttls_state(data, FAILURE);
+ return;
+ }
+
+ os_memcpy(sm->identity, pos, id_len);
+ sm->identity_len = id_len;
+
+ if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) {
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: Phase2 Identity not found in the user database",
+ sm->identity, sm->identity_len);
+ eap_ttls_state(data, FAILURE);
+ return;
+ }
+
+ wpa_printf(MSG_DEBUG,
+ "EAP-TTLS: Resuming previous session - skip Phase2");
+ eap_ttls_state(data, SUCCESS);
+ tls_connection_set_success_data_resumed(data->ssl.conn);
}
diff --git a/src/eap_server/eap_sim_db.c b/src/eap_server/eap_sim_db.c
index acf5435..d84c3d2 100644
--- a/src/eap_server/eap_sim_db.c
+++ b/src/eap_server/eap_sim_db.c
@@ -66,6 +66,7 @@
struct eap_sim_pseudonym *pseudonyms;
struct eap_sim_reauth *reauths;
struct eap_sim_db_pending *pending;
+ unsigned int eap_sim_db_timeout;
#ifdef CONFIG_SQLITE
sqlite3 *sqlite_db;
char db_tmp_identity[100];
@@ -76,6 +77,10 @@
};
+static void eap_sim_db_del_timeout(void *eloop_ctx, void *user_ctx);
+static void eap_sim_db_query_timeout(void *eloop_ctx, void *user_ctx);
+
+
#ifdef CONFIG_SQLITE
static int db_table_exists(sqlite3 *db, const char *name)
@@ -397,6 +402,57 @@
}
+static void eap_sim_db_free_pending(struct eap_sim_db_data *data,
+ struct eap_sim_db_pending *entry)
+{
+ eloop_cancel_timeout(eap_sim_db_query_timeout, data, entry);
+ eloop_cancel_timeout(eap_sim_db_del_timeout, data, entry);
+ os_free(entry);
+}
+
+
+static void eap_sim_db_del_pending(struct eap_sim_db_data *data,
+ struct eap_sim_db_pending *entry)
+{
+ struct eap_sim_db_pending **pp = &data->pending;
+
+ while (*pp != NULL) {
+ if (*pp == entry) {
+ *pp = entry->next;
+ eap_sim_db_free_pending(data, entry);
+ return;
+ }
+ pp = &(*pp)->next;
+ }
+}
+
+
+static void eap_sim_db_del_timeout(void *eloop_ctx, void *user_ctx)
+{
+ struct eap_sim_db_data *data = eloop_ctx;
+ struct eap_sim_db_pending *entry = user_ctx;
+
+ wpa_printf(MSG_DEBUG, "EAP-SIM DB: Delete query timeout for %p", entry);
+ eap_sim_db_del_pending(data, entry);
+}
+
+
+static void eap_sim_db_query_timeout(void *eloop_ctx, void *user_ctx)
+{
+ struct eap_sim_db_data *data = eloop_ctx;
+ struct eap_sim_db_pending *entry = user_ctx;
+
+ /*
+ * Report failure and allow some time for EAP server to process it
+ * before deleting the query.
+ */
+ wpa_printf(MSG_DEBUG, "EAP-SIM DB: Query timeout for %p", entry);
+ entry->state = FAILURE;
+ data->get_complete_cb(data->ctx, entry->cb_session_ctx);
+ eloop_register_timeout(1, 0, eap_sim_db_del_timeout, data, entry);
+}
+
+
static void eap_sim_db_sim_resp_auth(struct eap_sim_db_data *data,
const char *imsi, char *buf)
{
@@ -472,7 +528,7 @@
parse_fail:
wpa_printf(MSG_DEBUG, "EAP-SIM DB: Failed to parse response string");
- os_free(entry);
+ eap_sim_db_free_pending(data, entry);
}
@@ -563,7 +619,7 @@
parse_fail:
wpa_printf(MSG_DEBUG, "EAP-SIM DB: Failed to parse response string");
- os_free(entry);
+ eap_sim_db_free_pending(data, entry);
}
@@ -690,12 +746,13 @@
/**
* eap_sim_db_init - Initialize EAP-SIM DB / authentication gateway interface
* @config: Configuration data (e.g., file name)
+ * @db_timeout: Database lookup timeout
* @get_complete_cb: Callback function for reporting availability of triplets
* @ctx: Context pointer for get_complete_cb
* Returns: Pointer to a private data structure or %NULL on failure
*/
struct eap_sim_db_data *
-eap_sim_db_init(const char *config,
+eap_sim_db_init(const char *config, unsigned int db_timeout,
void (*get_complete_cb)(void *ctx, void *session_ctx),
void *ctx)
{
@@ -709,6 +766,7 @@
data->sock = -1;
data->get_complete_cb = get_complete_cb;
data->ctx = ctx;
+ data->eap_sim_db_timeout = db_timeout;
data->fname = os_strdup(config);
if (data->fname == NULL)
goto fail;
@@ -796,7 +854,7 @@
while (pending) {
prev_pending = pending;
pending = pending->next;
- os_free(prev_pending);
+ eap_sim_db_free_pending(data, prev_pending);
}
os_free(data);
@@ -833,11 +891,11 @@
}
-static void eap_sim_db_expire_pending(struct eap_sim_db_data *data)
+static void eap_sim_db_expire_pending(struct eap_sim_db_data *data,
+ struct eap_sim_db_pending *entry)
{
- /* TODO: add limit for maximum length for pending list; remove latest
- * (i.e., last) entry from the list if the limit is reached; could also
- * use timeout to expire pending entries */
+ eloop_register_timeout(data->eap_sim_db_timeout, 0,
+ eap_sim_db_query_timeout, data, entry);
}
@@ -891,7 +949,7 @@
if (entry->state == FAILURE) {
wpa_printf(MSG_DEBUG, "EAP-SIM DB: Pending entry -> "
"failure");
- os_free(entry);
+ eap_sim_db_free_pending(data, entry);
return EAP_SIM_DB_FAILURE;
}
@@ -911,7 +969,7 @@
os_memcpy(sres, entry->u.sim.sres,
num_chal * EAP_SIM_SRES_LEN);
os_memcpy(kc, entry->u.sim.kc, num_chal * EAP_SIM_KC_LEN);
- os_free(entry);
+ eap_sim_db_free_pending(data, entry);
return num_chal;
}
@@ -945,7 +1003,8 @@
entry->cb_session_ctx = cb_session_ctx;
entry->state = PENDING;
eap_sim_db_add_pending(data, entry);
- eap_sim_db_expire_pending(data);
+ eap_sim_db_expire_pending(data, entry);
+ wpa_printf(MSG_DEBUG, "EAP-SIM DB: Added query %p", entry);
return EAP_SIM_DB_PENDING;
}
@@ -1356,7 +1415,7 @@
entry = eap_sim_db_get_pending(data, imsi, 1);
if (entry) {
if (entry->state == FAILURE) {
- os_free(entry);
+ eap_sim_db_free_pending(data, entry);
wpa_printf(MSG_DEBUG, "EAP-SIM DB: Failure");
return EAP_SIM_DB_FAILURE;
}
@@ -1375,7 +1434,7 @@
os_memcpy(ck, entry->u.aka.ck, EAP_AKA_CK_LEN);
os_memcpy(res, entry->u.aka.res, EAP_AKA_RES_MAX_LEN);
*res_len = entry->u.aka.res_len;
- os_free(entry);
+ eap_sim_db_free_pending(data, entry);
return 0;
}
@@ -1406,7 +1465,8 @@
entry->cb_session_ctx = cb_session_ctx;
entry->state = PENDING;
eap_sim_db_add_pending(data, entry);
- eap_sim_db_expire_pending(data);
+ eap_sim_db_expire_pending(data, entry);
+ wpa_printf(MSG_DEBUG, "EAP-SIM DB: Added query %p", entry);
return EAP_SIM_DB_PENDING;
}
diff --git a/src/eap_server/eap_sim_db.h b/src/eap_server/eap_sim_db.h
index 53a1a7c..ca900b9 100644
--- a/src/eap_server/eap_sim_db.h
+++ b/src/eap_server/eap_sim_db.h
@@ -31,7 +31,7 @@
struct eap_sim_db_data;
struct eap_sim_db_data *
-eap_sim_db_init(const char *config,
+eap_sim_db_init(const char *config, unsigned int db_timeout,
void (*get_complete_cb)(void *ctx, void *session_ctx),
void *ctx);
diff --git a/src/eap_server/eap_tls_common.h b/src/eap_server/eap_tls_common.h
index ddf90b8..dc943eb 100644
--- a/src/eap_server/eap_tls_common.h
+++ b/src/eap_server/eap_tls_common.h
@@ -70,7 +70,7 @@
struct wpabuf * eap_tls_msg_alloc(EapType type, size_t payload_len,
u8 code, u8 identifier);
int eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
- int verify_peer);
+ int verify_peer, int eap_type);
void eap_server_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data);
u8 * eap_server_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data,
char *label, size_t len);
diff --git a/src/eap_server/ikev2.c b/src/eap_server/ikev2.c
index 632598f..5385cd8 100644
--- a/src/eap_server/ikev2.c
+++ b/src/eap_server/ikev2.c
@@ -133,7 +133,7 @@
t = (const struct ikev2_transform *) pos;
transform_len = WPA_GET_BE16(t->transform_length);
- if (transform_len < (int) sizeof(*t) || pos + transform_len > end) {
+ if (transform_len < (int) sizeof(*t) || transform_len > end - pos) {
wpa_printf(MSG_INFO, "IKEV2: Invalid transform length %d",
transform_len);
return -1;
@@ -221,7 +221,7 @@
p = (const struct ikev2_proposal *) pos;
proposal_len = WPA_GET_BE16(p->proposal_length);
- if (proposal_len < (int) sizeof(*p) || pos + proposal_len > end) {
+ if (proposal_len < (int) sizeof(*p) || proposal_len > end - pos) {
wpa_printf(MSG_INFO, "IKEV2: Invalid proposal length %d",
proposal_len);
return -1;
@@ -256,7 +256,7 @@
ppos = (const u8 *) (p + 1);
pend = pos + proposal_len;
- if (ppos + p->spi_size > pend) {
+ if (p->spi_size > pend - ppos) {
wpa_printf(MSG_INFO, "IKEV2: Not enough room for SPI "
"in proposal");
return -1;
diff --git a/src/eapol_auth/eapol_auth_sm.c b/src/eapol_auth/eapol_auth_sm.c
index 3b0c2e4..ff33d28 100644
--- a/src/eapol_auth/eapol_auth_sm.c
+++ b/src/eapol_auth/eapol_auth_sm.c
@@ -1,6 +1,6 @@
/*
* IEEE 802.1X-2004 Authenticator - EAPOL state machine
- * Copyright (c) 2002-2014, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2002-2015, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -198,6 +198,18 @@
{
SM_ENTRY_MA(AUTH_PAE, INITIALIZE, auth_pae);
sm->portMode = Auto;
+
+ /*
+ * Clearing keyRun here is not specified in IEEE Std 802.1X-2004, but
+ * it looks like this would be logical thing to do here since the
+ * EAPOL-Key exchange is not possible in this state. It is possible to
+ * get here on disconnection event without advancing to the
+ * AUTHENTICATING state to clear keyRun before the IEEE 802.11 RSN
+ * authenticator state machine runs and that may advance from
+ * AUTHENTICATION2 to INITPMK if keyRun = TRUE has been left from the
+ * last association. This can be avoided by clearing keyRun here.
+ */
+ sm->keyRun = FALSE;
}
@@ -835,6 +847,7 @@
eap_conf.server_id = eapol->conf.server_id;
eap_conf.server_id_len = eapol->conf.server_id_len;
eap_conf.erp = eapol->conf.erp;
+ eap_conf.tls_session_lifetime = eapol->conf.tls_session_lifetime;
sm->eap = eap_server_sm_init(sm, &eapol_cb, &eap_conf);
if (sm->eap == NULL) {
eapol_auth_free(sm);
@@ -1080,6 +1093,87 @@
}
+void eapol_auth_reauthenticate(struct eapol_state_machine *sm)
+{
+ wpa_printf(MSG_DEBUG, "EAPOL: External reauthentication trigger for "
+ MACSTR, MAC2STR(sm->addr));
+ sm->reAuthenticate = TRUE;
+ eapol_auth_step(sm);
+}
+
+
+int eapol_auth_set_conf(struct eapol_state_machine *sm, const char *param,
+ const char *value)
+{
+ wpa_printf(MSG_DEBUG, "EAPOL: External configuration operation for "
+ MACSTR " - param=%s value=%s",
+ MAC2STR(sm->addr), param, value);
+
+ if (os_strcasecmp(param, "AdminControlledDirections") == 0) {
+ if (os_strcmp(value, "Both") == 0)
+ sm->adminControlledDirections = Both;
+ else if (os_strcmp(value, "In") == 0)
+ sm->adminControlledDirections = In;
+ else
+ return -1;
+ eapol_auth_step(sm);
+ return 0;
+ }
+
+ if (os_strcasecmp(param, "AdminControlledPortControl") == 0) {
+ if (os_strcmp(value, "ForceAuthorized") == 0)
+ sm->portControl = ForceAuthorized;
+ else if (os_strcmp(value, "ForceUnauthorized") == 0)
+ sm->portControl = ForceUnauthorized;
+ else if (os_strcmp(value, "Auto") == 0)
+ sm->portControl = Auto;
+ else
+ return -1;
+ eapol_auth_step(sm);
+ return 0;
+ }
+
+ if (os_strcasecmp(param, "quietPeriod") == 0) {
+ sm->quietPeriod = atoi(value);
+ return 0;
+ }
+
+ if (os_strcasecmp(param, "serverTimeout") == 0) {
+ sm->serverTimeout = atoi(value);
+ return 0;
+ }
+
+ if (os_strcasecmp(param, "reAuthPeriod") == 0) {
+ sm->reAuthPeriod = atoi(value);
+ return 0;
+ }
+
+ if (os_strcasecmp(param, "reAuthEnabled") == 0) {
+ if (os_strcmp(value, "TRUE") == 0)
+ sm->reAuthEnabled = TRUE;
+ else if (os_strcmp(value, "FALSE") == 0)
+ sm->reAuthEnabled = FALSE;
+ else
+ return -1;
+ eapol_auth_step(sm);
+ return 0;
+ }
+
+ if (os_strcasecmp(param, "KeyTransmissionEnabled") == 0) {
+ if (os_strcmp(value, "TRUE") == 0)
+ sm->keyTxEnabled = TRUE;
+ else if (os_strcmp(value, "FALSE") == 0)
+ sm->keyTxEnabled = FALSE;
+ else
+ return -1;
+ eapol_auth_step(sm);
+ return 0;
+ }
+
+ return -1;
+}
+
+
static int eapol_auth_conf_clone(struct eapol_auth_config *dst,
struct eapol_auth_config *src)
{
@@ -1148,6 +1242,7 @@
}
dst->erp_send_reauth_start = src->erp_send_reauth_start;
dst->erp = src->erp;
+ dst->tls_session_lifetime = src->tls_session_lifetime;
return 0;
diff --git a/src/eapol_auth/eapol_auth_sm.h b/src/eapol_auth/eapol_auth_sm.h
index ebed19a..e1974e4 100644
--- a/src/eapol_auth/eapol_auth_sm.h
+++ b/src/eapol_auth/eapol_auth_sm.h
@@ -1,6 +1,6 @@
/*
* IEEE 802.1X-2004 Authenticator - EAPOL state machine
- * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2002-2015, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -27,6 +27,7 @@
int erp_send_reauth_start;
char *erp_domain; /* a copy of this will be allocated */
int erp; /* Whether ERP is enabled on authentication server */
+ unsigned int tls_session_lifetime;
u8 *pac_opaque_encr_key;
u8 *eap_fast_a_id;
size_t eap_fast_a_id_len;
@@ -94,5 +95,8 @@
int eapol_auth_dump_state(struct eapol_state_machine *sm, char *buf,
size_t buflen);
int eapol_auth_eap_pending_cb(struct eapol_state_machine *sm, void *ctx);
+void eapol_auth_reauthenticate(struct eapol_state_machine *sm);
+int eapol_auth_set_conf(struct eapol_state_machine *sm, const char *param,
+ const char *value);
#endif /* EAPOL_AUTH_SM_H */
diff --git a/src/eapol_auth/eapol_auth_sm_i.h b/src/eapol_auth/eapol_auth_sm_i.h
index a29b49c..aa3e117 100644
--- a/src/eapol_auth/eapol_auth_sm_i.h
+++ b/src/eapol_auth/eapol_auth_sm_i.h
@@ -162,12 +162,6 @@
struct radius_class_data radius_class;
struct wpabuf *radius_cui; /* Chargeable-User-Identity */
- /* Keys for encrypting and signing EAPOL-Key frames */
- u8 *eapol_key_sign;
- size_t eapol_key_sign_len;
- u8 *eapol_key_crypt;
- size_t eapol_key_crypt_len;
-
struct eap_sm *eap;
Boolean initializing; /* in process of initializing state machines */
diff --git a/src/eapol_supp/eapol_supp_sm.c b/src/eapol_supp/eapol_supp_sm.c
index eb8c5bb..09cf4f6 100644
--- a/src/eapol_supp/eapol_supp_sm.c
+++ b/src/eapol_supp/eapol_supp_sm.c
@@ -244,7 +244,8 @@
SM_STATE(SUPP_PAE, CONNECTING)
{
- int send_start = sm->SUPP_PAE_state == SUPP_PAE_CONNECTING;
+ int send_start = sm->SUPP_PAE_state == SUPP_PAE_CONNECTING ||
+ sm->SUPP_PAE_state == SUPP_PAE_HELD;
SM_ENTRY(SUPP_PAE, CONNECTING);
if (sm->eapTriggerStart)
@@ -653,7 +654,9 @@
struct ieee802_1x_eapol_key *key;
struct eap_key_data keydata;
u8 orig_key_sign[IEEE8021X_KEY_SIGN_LEN], datakey[32];
+#ifndef CONFIG_NO_RC4
u8 ekey[IEEE8021X_KEY_IV_LEN + IEEE8021X_ENCR_KEY_LEN];
+#endif /* CONFIG_NO_RC4 */
int key_len, res, sign_key_len, encr_key_len;
u16 rx_key_length;
size_t plen;
@@ -747,6 +750,13 @@
return;
}
if (key_len == rx_key_length) {
+#ifdef CONFIG_NO_RC4
+ if (encr_key_len) {
+ /* otherwise unused */
+ }
+ wpa_printf(MSG_ERROR, "EAPOL: RC4 not supported in the build");
+ return;
+#else /* CONFIG_NO_RC4 */
os_memcpy(ekey, key->key_iv, IEEE8021X_KEY_IV_LEN);
os_memcpy(ekey + IEEE8021X_KEY_IV_LEN, keydata.encr_key,
encr_key_len);
@@ -755,6 +765,7 @@
datakey, key_len);
wpa_hexdump_key(MSG_DEBUG, "EAPOL: Decrypted(RC4) key",
datakey, key_len);
+#endif /* CONFIG_NO_RC4 */
} else if (key_len == 0) {
/*
* IEEE 802.1X-2004 specifies that least significant Key Length
diff --git a/src/fst/Makefile b/src/fst/Makefile
new file mode 100644
index 0000000..9c41962
--- /dev/null
+++ b/src/fst/Makefile
@@ -0,0 +1,8 @@
+all:
+ @echo Nothing to be made.
+
+clean:
+ rm -f *~ *.o *.d
+
+install:
+ @echo Nothing to be made.
diff --git a/src/fst/fst.c b/src/fst/fst.c
new file mode 100644
index 0000000..2880870
--- /dev/null
+++ b/src/fst/fst.c
@@ -0,0 +1,225 @@
+/*
+ * FST module implementation
+ * Copyright (c) 2014, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "utils/includes.h"
+
+#include "utils/common.h"
+#include "utils/eloop.h"
+#include "fst/fst.h"
+#include "fst/fst_internal.h"
+#include "fst/fst_defs.h"
+#include "fst/fst_ctrl_iface.h"
+
+struct dl_list fst_global_ctrls_list;
+
+
+static void fst_ctrl_iface_notify_peer_state_change(struct fst_iface *iface,
+ Boolean connected,
+ const u8 *peer_addr)
+{
+ union fst_event_extra extra;
+
+ extra.peer_state.connected = connected;
+ os_strlcpy(extra.peer_state.ifname, fst_iface_get_name(iface),
+ sizeof(extra.peer_state.ifname));
+ os_memcpy(extra.peer_state.addr, peer_addr, ETH_ALEN);
+
+ foreach_fst_ctrl_call(on_event, EVENT_PEER_STATE_CHANGED,
+ iface, NULL, &extra);
+}
+
+
+struct fst_iface * fst_attach(const char *ifname, const u8 *own_addr,
+ const struct fst_wpa_obj *iface_obj,
+ const struct fst_iface_cfg *cfg)
+{
+ struct fst_group *g;
+ struct fst_group *group = NULL;
+ struct fst_iface *iface = NULL;
+ Boolean new_group = FALSE;
+
+ WPA_ASSERT(ifname != NULL);
+ WPA_ASSERT(iface_obj != NULL);
+ WPA_ASSERT(cfg != NULL);
+
+ foreach_fst_group(g) {
+ if (os_strcmp(cfg->group_id, fst_group_get_id(g)) == 0) {
+ group = g;
+ break;
+ }
+ }
+
+ if (!group) {
+ group = fst_group_create(cfg->group_id);
+ if (!group) {
+ fst_printf(MSG_ERROR, "%s: FST group cannot be created",
+ cfg->group_id);
+ return NULL;
+ }
+ new_group = TRUE;
+ }
+
+ iface = fst_iface_create(group, ifname, own_addr, iface_obj, cfg);
+ if (!iface) {
+ fst_printf_group(group, MSG_ERROR, "cannot create iface for %s",
+ ifname);
+ if (new_group)
+ fst_group_delete(group);
+ return NULL;
+ }
+
+ fst_group_attach_iface(group, iface);
+ fst_group_update_ie(group);
+
+ foreach_fst_ctrl_call(on_iface_added, iface);
+
+ fst_printf_iface(iface, MSG_DEBUG,
+ "iface attached to group %s (prio=%d, llt=%d)",
+ cfg->group_id, cfg->priority, cfg->llt);
+
+ return iface;
+}
+
+
+void fst_detach(struct fst_iface *iface)
+{
+ struct fst_group *group = fst_iface_get_group(iface);
+
+ fst_printf_iface(iface, MSG_DEBUG, "iface detached from group %s",
+ fst_group_get_id(group));
+ fst_session_global_on_iface_detached(iface);
+ foreach_fst_ctrl_call(on_iface_removed, iface);
+ fst_group_detach_iface(group, iface);
+ fst_iface_delete(iface);
+ fst_group_update_ie(group);
+ fst_group_delete_if_empty(group);
+}
+
+
+int fst_global_init(void)
+{
+ dl_list_init(&fst_global_groups_list);
+ dl_list_init(&fst_global_ctrls_list);
+ fst_session_global_init();
+ return 0;
+}
+
+
+void fst_global_deinit(void)
+{
+ struct fst_group *group;
+ struct fst_ctrl_handle *h;
+
+ fst_session_global_deinit();
+ while ((group = fst_first_group()) != NULL)
+ fst_group_delete(group);
+ while ((h = dl_list_first(&fst_global_ctrls_list,
+ struct fst_ctrl_handle,
+ global_ctrls_lentry)))
+ fst_global_del_ctrl(h);
+}
+
+
+struct fst_ctrl_handle * fst_global_add_ctrl(const struct fst_ctrl *ctrl)
+{
+ struct fst_ctrl_handle *h;
+
+ if (!ctrl)
+ return NULL;
+
+ h = os_zalloc(sizeof(*h));
+ if (!h)
+ return NULL;
+
+ if (ctrl->init && ctrl->init()) {
+ os_free(h);
+ return NULL;
+ }
+
+ h->ctrl = *ctrl;
+ dl_list_add_tail(&fst_global_ctrls_list, &h->global_ctrls_lentry);
+
+ return h;
+}
+
+
+void fst_global_del_ctrl(struct fst_ctrl_handle *h)
+{
+ dl_list_del(&h->global_ctrls_lentry);
+ if (h->ctrl.deinit)
+ h->ctrl.deinit();
+ os_free(h);
+}
+
+
+void fst_rx_action(struct fst_iface *iface, const struct ieee80211_mgmt *mgmt,
+ size_t len)
+{
+ if (fst_iface_is_connected(iface, mgmt->sa))
+ fst_session_on_action_rx(iface, mgmt, len);
+ else
+ wpa_printf(MSG_DEBUG,
+ "FST: Ignore FST Action frame - no FST connection with "
+ MACSTR, MAC2STR(mgmt->sa));
+}
+
+
+void fst_notify_peer_connected(struct fst_iface *iface, const u8 *addr)
+{
+ if (is_zero_ether_addr(addr))
+ return;
+
+#ifndef HOSTAPD
+ fst_group_update_ie(fst_iface_get_group(iface));
+#endif /* HOSTAPD */
+
+ fst_printf_iface(iface, MSG_DEBUG, MACSTR " became connected",
+ MAC2STR(addr));
+
+ fst_ctrl_iface_notify_peer_state_change(iface, TRUE, addr);
+}
+
+
+void fst_notify_peer_disconnected(struct fst_iface *iface, const u8 *addr)
+{
+ if (is_zero_ether_addr(addr))
+ return;
+
+#ifndef HOSTAPD
+ fst_group_update_ie(fst_iface_get_group(iface));
+#endif /* HOSTAPD */
+
+ fst_printf_iface(iface, MSG_DEBUG, MACSTR " became disconnected",
+ MAC2STR(addr));
+
+ fst_ctrl_iface_notify_peer_state_change(iface, FALSE, addr);
+}
+
+
+Boolean fst_are_ifaces_aggregated(struct fst_iface *iface1,
+ struct fst_iface *iface2)
+{
+ return fst_iface_get_group(iface1) == fst_iface_get_group(iface2);
+}
+
+
+enum mb_band_id fst_hw_mode_to_band(enum hostapd_hw_mode mode)
+{
+ switch (mode) {
+ case HOSTAPD_MODE_IEEE80211B:
+ case HOSTAPD_MODE_IEEE80211G:
+ return MB_BAND_ID_WIFI_2_4GHZ;
+ case HOSTAPD_MODE_IEEE80211A:
+ return MB_BAND_ID_WIFI_5GHZ;
+ case HOSTAPD_MODE_IEEE80211AD:
+ return MB_BAND_ID_WIFI_60GHZ;
+ default:
+ WPA_ASSERT(0);
+ return MB_BAND_ID_WIFI_2_4GHZ;
+ }
+}
diff --git a/src/fst/fst.h b/src/fst/fst.h
new file mode 100644
index 0000000..0c0e435
--- /dev/null
+++ b/src/fst/fst.h
@@ -0,0 +1,296 @@
+/*
+ * FST module - interface definitions
+ * Copyright (c) 2014, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef FST_H
+#define FST_H
+
+#ifdef CONFIG_FST
+
+#include "common/defs.h"
+#include "fst/fst_ctrl_iface.h"
+
+/* FST module hostap integration API */
+
+#define US_IN_MS 1000
+#define LLT_UNIT_US 32 /* See 10.32.2.2 Transitioning between states */
+
+#define FST_LLT_MS_TO_VAL(m) (((u32) (m)) * US_IN_MS / LLT_UNIT_US)
+#define FST_LLT_VAL_TO_MS(v) (((u32) (v)) * LLT_UNIT_US / US_IN_MS)
+
+#define FST_MAX_LLT_MS FST_LLT_VAL_TO_MS(-1)
+#define FST_MAX_PRIO_VALUE ((u8) -1)
+#define FST_MAX_GROUP_ID_LEN IFNAMSIZ
+
+#define FST_DEFAULT_LLT_CFG_VALUE 50
+
+struct hostapd_hw_modes;
+struct ieee80211_mgmt;
+struct fst_iface;
+struct fst_group;
+struct fst_session;
+struct fst_get_peer_ctx;
+struct fst_ctrl_handle;
+
+struct fst_wpa_obj {
+ void *ctx;
+
+ /**
+ * get_bssid - Get BSSID of the interface
+ * @ctx: User context %ctx
+ * Returns: BSSID for success, %NULL for failure.
+ *
+ * NOTE: For AP it returns the own BSSID, while for STA - the BSSID of
+ * the associated AP.
+ */
+ const u8 * (*get_bssid)(void *ctx);
+
+ /**
+ * get_channel_info - Get current channel info
+ * @ctx: User context %ctx
+ * @hw_mode: OUT, current HW mode
+ * @channel: OUT, current channel
+ */
+ void (*get_channel_info)(void *ctx, enum hostapd_hw_mode *hw_mode,
+ u8 *channel);
+
+ /**
+ * get_hw_modes - Get hardware modes
+ * @ctx: User context %ctx
+ * @modes: OUT, pointer on array of hw modes
+ *
+ * Returns: Number of hw modes available.
+ */
+ int (*get_hw_modes)(void *ctx, struct hostapd_hw_modes **modes);
+
+ /**
+ * set_ies - Set interface's MB IE
+ * @ctx: User context %ctx
+ * @fst_ies: MB IE buffer (owned by FST module)
+ */
+ void (*set_ies)(void *ctx, const struct wpabuf *fst_ies);
+
+ /**
+ * send_action - Send FST Action frame via the interface
+ * @ctx: User context %ctx
+ * @addr: Address of the destination STA
+ * @data: Action frame buffer
+ * Returns: 0 for success, negative error code for failure.
+ */
+ int (*send_action)(void *ctx, const u8 *addr, struct wpabuf *data);
+
+ /**
+ * get_mb_ie - Get last MB IE received from STA
+ * @ctx: User context %ctx
+ * @addr: Address of the STA
+ * Returns: MB IE buffer, %NULL if no MB IE received from the STA
+ */
+ const struct wpabuf * (*get_mb_ie)(void *ctx, const u8 *addr);
+
+ /**
+ * update_mb_ie - Update last MB IE received from STA
+ * @ctx: User context %ctx
+ * @addr: Address of the STA
+ * @buf: Buffer that contains the MB IEs data
+ * @size: Size of data in %buf
+ */
+ void (*update_mb_ie)(void *ctx, const u8 *addr,
+ const u8 *buf, size_t size);
+
+ /**
+ * get_peer_first - Get MAC address of the 1st connected STA
+ * @ctx: User context %ctx
+ * @get_ctx: Context to be used for %get_peer_next call
+ * @mb_only: %TRUE if only multi-band capable peer should be reported
+ * Returns: Address of the 1st connected STA, %NULL if no STAs connected
+ */
+ const u8 * (*get_peer_first)(void *ctx,
+ struct fst_get_peer_ctx **get_ctx,
+ Boolean mb_only);
+ /**
+ * get_peer_next - Get MAC address of the next connected STA
+ * @ctx: User context %ctx
+ * @get_ctx: Context received from %get_peer_first or previous
+ * %get_peer_next call
+ * @mb_only: %TRUE if only multi-band capable peer should be reported
+ * Returns: Address of the next connected STA, %NULL if no more STAs
+ * connected
+ */
+ const u8 * (*get_peer_next)(void *ctx,
+ struct fst_get_peer_ctx **get_ctx,
+ Boolean mb_only);
+};
+
+/**
+ * fst_global_init - Global FST module initiator
+ * Returns: 0 for success, negative error code for failure.
+ * Note: The purpose of this function is to allocate and initiate global
+ * FST module data structures (linked lists, static data etc.)
+ * This function should be called prior to the 1st %fst_attach call.
+ */
+int fst_global_init(void);
+
+/**
+ * fst_global_deinit - Global FST module de-initiator
+ * Note: The purpose of this function is to deallocate and de-initiate global
+ * FST module data structures (linked lists, static data etc.)
+ */
+void fst_global_deinit(void);
+
+/**
+ * struct fst_ctrl - Notification interface for FST module
+ */
+struct fst_ctrl {
+ /**
+ * init - Initialize the notification interface
+ * Returns: 0 for success, negative error code for failure.
+ */
+ int (*init)(void);
+
+ /**
+ * deinit - Deinitialize the notification interface
+ */
+ void (*deinit)(void);
+
+ /**
+ * on_group_created - Notify about FST group creation
+ * Returns: 0 for success, negative error code for failure.
+ */
+ int (*on_group_created)(struct fst_group *g);
+
+ /**
+ * on_group_deleted - Notify about FST group deletion
+ */
+ void (*on_group_deleted)(struct fst_group *g);
+
+ /**
+ * on_iface_added - Notify about interface addition
+ * Returns: 0 for success, negative error code for failure.
+ */
+ int (*on_iface_added)(struct fst_iface *i);
+
+ /**
+ * on_iface_removed - Notify about interface removal
+ */
+ void (*on_iface_removed)(struct fst_iface *i);
+
+ /**
+ * on_session_added - Notify about FST session addition
+ * Returns: 0 for success, negative error code for failure.
+ */
+ int (*on_session_added)(struct fst_session *s);
+
+ /**
+ * on_session_removed - Notify about FST session removal
+ */
+ void (*on_session_removed)(struct fst_session *s);
+
+ /**
+ * on_event - Notify about FST event
+ * @event_type: Event type
+ * @i: Interface object that relates to the event or NULL
+ * @g: Group object that relates to the event or NULL
+ * @extra - Event specific data (see fst_ctrl_iface.h for more info)
+ */
+ void (*on_event)(enum fst_event_type event_type, struct fst_iface *i,
+ struct fst_session *s,
+ const union fst_event_extra *extra);
+};
+
+struct fst_ctrl_handle * fst_global_add_ctrl(const struct fst_ctrl *ctrl);
+void fst_global_del_ctrl(struct fst_ctrl_handle *h);
+
+/**
+ * NOTE: These values have to be read from configuration file
+ */
+struct fst_iface_cfg {
+ char group_id[FST_MAX_GROUP_ID_LEN + 1];
+ u8 priority;
+ u32 llt;
+};
+
+/**
+ * fst_attach - Attach interface to an FST group according to configuration read
+ * @ifname: Interface name
+ * @own_addr: Own interface MAC address
+ * @iface_obj: Callbacks to be used by FST module to communicate with
+ * hostapd/wpa_supplicant
+ * @cfg: FST-related interface configuration read from the configuration file
+ * Returns: FST interface object for success, %NULL for failure.
+ */
+struct fst_iface * fst_attach(const char *ifname,
+ const u8 *own_addr,
+ const struct fst_wpa_obj *iface_obj,
+ const struct fst_iface_cfg *cfg);
+
+/**
+ * fst_detach - Detach an interface
+ * @iface: FST interface object
+ */
+void fst_detach(struct fst_iface *iface);
+
+/* FST module inputs */
+/**
+ * fst_rx_action - FST Action frames handler
+ * @iface: FST interface object
+ * @mgmt: Action frame arrived
+ * @len: Action frame length
+ */
+void fst_rx_action(struct fst_iface *iface, const struct ieee80211_mgmt *mgmt,
+ size_t len);
+
+/**
+ * fst_notify_peer_connected - FST STA connect handler
+ * @iface: FST interface object
+ * @addr: Address of the connected STA
+ */
+void fst_notify_peer_connected(struct fst_iface *iface, const u8 *addr);
+
+/**
+ * fst_notify_peer_disconnected - FST STA disconnect handler
+ * @iface: FST interface object
+ * @addr: Address of the disconnected STA
+ */
+void fst_notify_peer_disconnected(struct fst_iface *iface, const u8 *addr);
+
+/* FST module auxiliary routines */
+
+/**
+ * fst_are_ifaces_aggregated - Determines whether 2 interfaces belong to the
+ * same FST group
+ * @iface1: 1st FST interface object
+ * @iface1: 2nd FST interface object
+ *
+ * Returns: %TRUE if the interfaces belong to the same FST group,
+ * %FALSE otherwise
+ */
+Boolean fst_are_ifaces_aggregated(struct fst_iface *iface1,
+ struct fst_iface *iface2);
+
+#else /* CONFIG_FST */
+
+static inline int fst_global_init(void)
+{
+ return 0;
+}
+
+static inline int fst_global_start(void)
+{
+ return 0;
+}
+
+static inline void fst_global_stop(void)
+{
+}
+
+static inline void fst_global_deinit(void)
+{
+}
+
+#endif /* CONFIG_FST */
+
+#endif /* FST_H */
diff --git a/src/fst/fst_ctrl_aux.c b/src/fst/fst_ctrl_aux.c
new file mode 100644
index 0000000..dc7b2a7
--- /dev/null
+++ b/src/fst/fst_ctrl_aux.c
@@ -0,0 +1,69 @@
+/*
+ * FST module implementation
+ * Copyright (c) 2014, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "utils/includes.h"
+#include "utils/common.h"
+#include "common/defs.h"
+#include "fst_ctrl_defs.h"
+#include "fst_ctrl_aux.h"
+
+
+static const char *session_event_names[] = {
+ [EVENT_FST_ESTABLISHED] FST_PVAL_EVT_TYPE_ESTABLISHED,
+ [EVENT_FST_SETUP] FST_PVAL_EVT_TYPE_SETUP,
+ [EVENT_FST_SESSION_STATE_CHANGED] FST_PVAL_EVT_TYPE_SESSION_STATE,
+};
+
+static const char *reason_names[] = {
+ [REASON_TEARDOWN] FST_CS_PVAL_REASON_TEARDOWN,
+ [REASON_SETUP] FST_CS_PVAL_REASON_SETUP,
+ [REASON_SWITCH] FST_CS_PVAL_REASON_SWITCH,
+ [REASON_STT] FST_CS_PVAL_REASON_STT,
+ [REASON_REJECT] FST_CS_PVAL_REASON_REJECT,
+ [REASON_ERROR_PARAMS] FST_CS_PVAL_REASON_ERROR_PARAMS,
+ [REASON_RESET] FST_CS_PVAL_REASON_RESET,
+ [REASON_DETACH_IFACE] FST_CS_PVAL_REASON_DETACH_IFACE,
+};
+
+static const char *session_state_names[] = {
+ [FST_SESSION_STATE_INITIAL] FST_CS_PVAL_STATE_INITIAL,
+ [FST_SESSION_STATE_SETUP_COMPLETION] FST_CS_PVAL_STATE_SETUP_COMPLETION,
+ [FST_SESSION_STATE_TRANSITION_DONE] FST_CS_PVAL_STATE_TRANSITION_DONE,
+ [FST_SESSION_STATE_TRANSITION_CONFIRMED]
+ FST_CS_PVAL_STATE_TRANSITION_CONFIRMED,
+};
+
+
+/* helpers */
+const char * fst_get_str_name(unsigned index, const char *names[],
+ size_t names_size)
+{
+ if (index >= names_size || !names[index])
+ return FST_NAME_UNKNOWN;
+ return names[index];
+}
+
+
+const char * fst_session_event_type_name(enum fst_event_type event)
+{
+ return fst_get_str_name(event, session_event_names,
+ ARRAY_SIZE(session_event_names));
+}
+
+
+const char * fst_reason_name(enum fst_reason reason)
+{
+ return fst_get_str_name(reason, reason_names, ARRAY_SIZE(reason_names));
+}
+
+
+const char * fst_session_state_name(enum fst_session_state state)
+{
+ return fst_get_str_name(state, session_state_names,
+ ARRAY_SIZE(session_state_names));
+}
diff --git a/src/fst/fst_ctrl_aux.h b/src/fst/fst_ctrl_aux.h
new file mode 100644
index 0000000..e2133f5
--- /dev/null
+++ b/src/fst/fst_ctrl_aux.h
@@ -0,0 +1,91 @@
+/*
+ * FST module - miscellaneous definitions
+ * Copyright (c) 2014, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef FST_CTRL_AUX_H
+#define FST_CTRL_AUX_H
+
+#include "common/defs.h"
+
+/* FST module control interface API */
+#define FST_INVALID_SESSION_ID ((u32) -1)
+#define FST_MAX_GROUP_ID_SIZE 32
+#define FST_MAX_INTERFACE_SIZE 32
+
+enum fst_session_state {
+ FST_SESSION_STATE_INITIAL,
+ FST_SESSION_STATE_SETUP_COMPLETION,
+ FST_SESSION_STATE_TRANSITION_DONE,
+ FST_SESSION_STATE_TRANSITION_CONFIRMED,
+ FST_SESSION_STATE_LAST
+};
+
+enum fst_event_type {
+ EVENT_FST_IFACE_STATE_CHANGED, /* An interface has been either attached
+ * to or detached from an FST group */
+ EVENT_FST_ESTABLISHED, /* FST Session has been established */
+ EVENT_FST_SETUP, /* FST Session request received */
+ EVENT_FST_SESSION_STATE_CHANGED,/* FST Session state has been changed */
+ EVENT_PEER_STATE_CHANGED /* FST related generic event occurred,
+ * see struct fst_hostap_event_data for
+ * more info */
+};
+
+enum fst_initiator {
+ FST_INITIATOR_UNDEFINED,
+ FST_INITIATOR_LOCAL,
+ FST_INITIATOR_REMOTE,
+};
+
+union fst_event_extra {
+ struct fst_event_extra_iface_state {
+ Boolean attached;
+ char ifname[FST_MAX_INTERFACE_SIZE];
+ char group_id[FST_MAX_GROUP_ID_SIZE];
+ } iface_state; /* for EVENT_FST_IFACE_STATE_CHANGED */
+ struct fst_event_extra_peer_state {
+ Boolean connected;
+ char ifname[FST_MAX_INTERFACE_SIZE];
+ u8 addr[ETH_ALEN];
+ } peer_state; /* for EVENT_PEER_STATE_CHANGED */
+ struct fst_event_extra_session_state {
+ enum fst_session_state old_state;
+ enum fst_session_state new_state;
+ union fst_session_state_switch_extra {
+ struct {
+ enum fst_reason {
+ REASON_TEARDOWN,
+ REASON_SETUP,
+ REASON_SWITCH,
+ REASON_STT,
+ REASON_REJECT,
+ REASON_ERROR_PARAMS,
+ REASON_RESET,
+ REASON_DETACH_IFACE,
+ } reason;
+ u8 reject_code; /* REASON_REJECT */
+ /* REASON_SWITCH,
+ * REASON_TEARDOWN,
+ * REASON_REJECT
+ */
+ enum fst_initiator initiator;
+ } to_initial;
+ } extra;
+ } session_state; /* for EVENT_FST_SESSION_STATE_CHANGED */
+};
+
+/* helpers - prints enum in string form */
+#define FST_NAME_UNKNOWN "UNKNOWN"
+
+const char * fst_get_str_name(unsigned index, const char *names[],
+ size_t names_size);
+
+const char * fst_session_event_type_name(enum fst_event_type);
+const char * fst_reason_name(enum fst_reason reason);
+const char * fst_session_state_name(enum fst_session_state state);
+
+#endif /* FST_CTRL_AUX_H */
diff --git a/src/fst/fst_ctrl_defs.h b/src/fst/fst_ctrl_defs.h
new file mode 100644
index 0000000..6735389
--- /dev/null
+++ b/src/fst/fst_ctrl_defs.h
@@ -0,0 +1,109 @@
+/*
+ * FST module - shared Control interface definitions
+ * Copyright (c) 2014, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef FST_CTRL_DEFS_H
+#define FST_CTRL_DEFS_H
+
+/* Undefined value */
+#define FST_CTRL_PVAL_NONE "NONE"
+
+/* FST-ATTACH parameters */
+#define FST_ATTACH_CMD_PNAME_LLT "llt" /* pval = desired LLT */
+#define FST_ATTACH_CMD_PNAME_PRIORITY "priority" /* pval = desired priority */
+
+/* FST-MANAGER parameters */
+/* FST Session states */
+#define FST_CS_PVAL_STATE_INITIAL "INITIAL"
+#define FST_CS_PVAL_STATE_SETUP_COMPLETION "SETUP_COMPLETION"
+#define FST_CS_PVAL_STATE_TRANSITION_DONE "TRANSITION_DONE"
+#define FST_CS_PVAL_STATE_TRANSITION_CONFIRMED "TRANSITION_CONFIRMED"
+
+/* FST Session reset reasons */
+#define FST_CS_PVAL_REASON_TEARDOWN "REASON_TEARDOWN"
+#define FST_CS_PVAL_REASON_SETUP "REASON_SETUP"
+#define FST_CS_PVAL_REASON_SWITCH "REASON_SWITCH"
+#define FST_CS_PVAL_REASON_STT "REASON_STT"
+#define FST_CS_PVAL_REASON_REJECT "REASON_REJECT"
+#define FST_CS_PVAL_REASON_ERROR_PARAMS "REASON_ERROR_PARAMS"
+#define FST_CS_PVAL_REASON_RESET "REASON_RESET"
+#define FST_CS_PVAL_REASON_DETACH_IFACE "REASON_DETACH_IFACE"
+
+/* FST Session responses */
+#define FST_CS_PVAL_RESPONSE_ACCEPT "ACCEPT"
+#define FST_CS_PVAL_RESPONSE_REJECT "REJECT"
+
+/* FST Session action initiator */
+#define FST_CS_PVAL_INITIATOR_LOCAL "LOCAL"
+#define FST_CS_PVAL_INITIATOR_REMOTE "REMOTE"
+
+/* FST-CLI subcommands and parameter names */
+#define FST_CMD_LIST_GROUPS "list_groups"
+#define FST_CMD_LIST_IFACES "list_ifaces"
+#define FST_CMD_IFACE_PEERS "iface_peers"
+#define FST_CMD_GET_PEER_MBIES "get_peer_mbies"
+#define FST_CMD_LIST_SESSIONS "list_sessions"
+#define FST_CMD_SESSION_ADD "session_add"
+#define FST_CMD_SESSION_REMOVE "session_remove"
+#define FST_CMD_SESSION_GET "session_get"
+#define FST_CSG_PNAME_OLD_PEER_ADDR "old_peer_addr" /* pval = address string */
+#define FST_CSG_PNAME_NEW_PEER_ADDR "new_peer_addr" /* pval = address string */
+#define FST_CSG_PNAME_OLD_IFNAME "old_ifname" /* pval = ifname */
+#define FST_CSG_PNAME_NEW_IFNAME "new_ifname" /* pval = ifname */
+#define FST_CSG_PNAME_LLT "llt" /* pval = numeric llt value */
+#define FST_CSG_PNAME_STATE "state" /* pval = FST_CS_PVAL_STATE_... */
+#define FST_CMD_SESSION_SET "session_set"
+#define FST_CSS_PNAME_OLD_PEER_ADDR FST_CSG_PNAME_OLD_PEER_ADDR
+#define FST_CSS_PNAME_NEW_PEER_ADDR FST_CSG_PNAME_NEW_PEER_ADDR
+#define FST_CSS_PNAME_OLD_IFNAME FST_CSG_PNAME_OLD_IFNAME
+#define FST_CSS_PNAME_NEW_IFNAME FST_CSG_PNAME_NEW_IFNAME
+#define FST_CSS_PNAME_LLT FST_CSG_PNAME_LLT
+#define FST_CMD_SESSION_INITIATE "session_initiate"
+#define FST_CMD_SESSION_RESPOND "session_respond"
+#define FST_CMD_SESSION_TRANSFER "session_transfer"
+#define FST_CMD_SESSION_TEARDOWN "session_teardown"
+
+#ifdef CONFIG_FST_TEST
+#define FST_CTR_PVAL_BAD_NEW_BAND "bad_new_band"
+
+#define FST_CMD_TEST_REQUEST "test_request"
+#define FST_CTR_IS_SUPPORTED "is_supported"
+#define FST_CTR_SEND_SETUP_REQUEST "send_setup_request"
+#define FST_CTR_SEND_SETUP_RESPONSE "send_setup_response"
+#define FST_CTR_SEND_ACK_REQUEST "send_ack_request"
+#define FST_CTR_SEND_ACK_RESPONSE "send_ack_response"
+#define FST_CTR_SEND_TEAR_DOWN "send_tear_down"
+#define FST_CTR_GET_FSTS_ID "get_fsts_id"
+#define FST_CTR_GET_LOCAL_MBIES "get_local_mbies"
+#endif /* CONFIG_FST_TEST */
+
+/* Events */
+#define FST_CTRL_EVENT_IFACE "FST-EVENT-IFACE"
+#define FST_CEI_PNAME_IFNAME "ifname"
+#define FST_CEI_PNAME_GROUP "group"
+#define FST_CEI_PNAME_ATTACHED "attached"
+#define FST_CEI_PNAME_DETACHED "detached"
+#define FST_CTRL_EVENT_PEER "FST-EVENT-PEER"
+#define FST_CEP_PNAME_IFNAME "ifname"
+#define FST_CEP_PNAME_ADDR "peer_addr"
+#define FST_CEP_PNAME_CONNECTED "connected"
+#define FST_CEP_PNAME_DISCONNECTED "disconnected"
+#define FST_CTRL_EVENT_SESSION "FST-EVENT-SESSION"
+#define FST_CES_PNAME_SESSION_ID "session_id"
+#define FST_CES_PNAME_EVT_TYPE "event_type"
+#define FST_PVAL_EVT_TYPE_SESSION_STATE "EVENT_FST_SESSION_STATE"
+/* old_state/new_state: pval = FST_CS_PVAL_STATE_... */
+#define FST_CES_PNAME_OLD_STATE "old_state"
+#define FST_CES_PNAME_NEW_STATE "new_state"
+#define FST_CES_PNAME_REASON "reason" /* pval = FST_CS_PVAL_REASON_... */
+#define FST_CES_PNAME_REJECT_CODE "reject_code" /* pval = u8 code */
+/* pval = FST_CS_PVAL_INITIATOR_... */
+#define FST_CES_PNAME_INITIATOR "initiator"
+#define FST_PVAL_EVT_TYPE_ESTABLISHED "EVENT_FST_ESTABLISHED"
+#define FST_PVAL_EVT_TYPE_SETUP "EVENT_FST_SETUP"
+
+#endif /* FST_CTRL_DEFS_H */
diff --git a/src/fst/fst_ctrl_iface.c b/src/fst/fst_ctrl_iface.c
new file mode 100644
index 0000000..d090718
--- /dev/null
+++ b/src/fst/fst_ctrl_iface.c
@@ -0,0 +1,948 @@
+/*
+ * FST module - Control Interface implementation
+ * Copyright (c) 2014, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "utils/includes.h"
+#include "utils/common.h"
+#include "common/defs.h"
+#include "list.h"
+#include "fst/fst.h"
+#include "fst/fst_internal.h"
+#include "fst_ctrl_defs.h"
+#include "fst_ctrl_iface.h"
+
+
+static struct fst_group * get_fst_group_by_id(const char *id)
+{
+ struct fst_group *g;
+
+ foreach_fst_group(g) {
+ const char *group_id = fst_group_get_id(g);
+
+ if (os_strncmp(group_id, id, os_strlen(group_id)) == 0)
+ return g;
+ }
+
+ return NULL;
+}
+
+
+/* notifications */
+static Boolean format_session_state_extra(const union fst_event_extra *extra,
+ char *buffer, size_t size)
+{
+ int len;
+ char reject_str[32] = FST_CTRL_PVAL_NONE;
+ const char *initiator = FST_CTRL_PVAL_NONE;
+ const struct fst_event_extra_session_state *ss;
+
+ ss = &extra->session_state;
+ if (ss->new_state != FST_SESSION_STATE_INITIAL)
+ return TRUE;
+
+ switch (ss->extra.to_initial.reason) {
+ case REASON_REJECT:
+ if (ss->extra.to_initial.reject_code != WLAN_STATUS_SUCCESS)
+ os_snprintf(reject_str, sizeof(reject_str), "%u",
+ ss->extra.to_initial.reject_code);
+ /* no break */
+ case REASON_TEARDOWN:
+ case REASON_SWITCH:
+ switch (ss->extra.to_initial.initiator) {
+ case FST_INITIATOR_LOCAL:
+ initiator = FST_CS_PVAL_INITIATOR_LOCAL;
+ break;
+ case FST_INITIATOR_REMOTE:
+ initiator = FST_CS_PVAL_INITIATOR_REMOTE;
+ break;
+ default:
+ break;
+ }
+ break;
+ default:
+ break;
+ }
+
+ len = os_snprintf(buffer, size,
+ FST_CES_PNAME_REASON "=%s "
+ FST_CES_PNAME_REJECT_CODE "=%s "
+ FST_CES_PNAME_INITIATOR "=%s",
+ fst_reason_name(ss->extra.to_initial.reason),
+ reject_str, initiator);
+
+ return !os_snprintf_error(size, len);
+}
+
+
+static void fst_ctrl_iface_notify(struct fst_iface *f, u32 session_id,
+ enum fst_event_type event_type,
+ const union fst_event_extra *extra)
+{
+ struct fst_group *g;
+ char extra_str[128] = "";
+ const struct fst_event_extra_session_state *ss;
+ const struct fst_event_extra_iface_state *is;
+ const struct fst_event_extra_peer_state *ps;
+
+ /*
+ * FST can use any of interface objects as it only sends messages
+ * on global Control Interface, so we just pick the 1st one.
+ */
+
+ if (!f) {
+ foreach_fst_group(g) {
+ f = fst_group_first_iface(g);
+ if (f)
+ break;
+ }
+ if (!f)
+ return;
+ }
+
+ WPA_ASSERT(f->iface_obj.ctx);
+
+ switch (event_type) {
+ case EVENT_FST_IFACE_STATE_CHANGED:
+ if (!extra)
+ return;
+ is = &extra->iface_state;
+ wpa_msg_global_only(f->iface_obj.ctx, MSG_INFO,
+ FST_CTRL_EVENT_IFACE " %s "
+ FST_CEI_PNAME_IFNAME "=%s "
+ FST_CEI_PNAME_GROUP "=%s",
+ is->attached ? FST_CEI_PNAME_ATTACHED :
+ FST_CEI_PNAME_DETACHED,
+ is->ifname, is->group_id);
+ break;
+ case EVENT_PEER_STATE_CHANGED:
+ if (!extra)
+ return;
+ ps = &extra->peer_state;
+ wpa_msg_global_only(fst_iface_get_wpa_obj_ctx(f), MSG_INFO,
+ FST_CTRL_EVENT_PEER " %s "
+ FST_CEP_PNAME_IFNAME "=%s "
+ FST_CEP_PNAME_ADDR "=" MACSTR,
+ ps->connected ? FST_CEP_PNAME_CONNECTED :
+ FST_CEP_PNAME_DISCONNECTED,
+ ps->ifname, MAC2STR(ps->addr));
+ break;
+ case EVENT_FST_SESSION_STATE_CHANGED:
+ if (!extra)
+ return;
+ if (!format_session_state_extra(extra, extra_str,
+ sizeof(extra_str))) {
+ fst_printf(MSG_ERROR,
+ "CTRL: Cannot format STATE_CHANGE extra");
+ extra_str[0] = 0;
+ }
+ ss = &extra->session_state;
+ wpa_msg_global_only(fst_iface_get_wpa_obj_ctx(f), MSG_INFO,
+ FST_CTRL_EVENT_SESSION " "
+ FST_CES_PNAME_SESSION_ID "=%u "
+ FST_CES_PNAME_EVT_TYPE "=%s "
+ FST_CES_PNAME_OLD_STATE "=%s "
+ FST_CES_PNAME_NEW_STATE "=%s %s",
+ session_id,
+ fst_session_event_type_name(event_type),
+ fst_session_state_name(ss->old_state),
+ fst_session_state_name(ss->new_state),
+ extra_str);
+ break;
+ case EVENT_FST_ESTABLISHED:
+ case EVENT_FST_SETUP:
+ wpa_msg_global_only(fst_iface_get_wpa_obj_ctx(f), MSG_INFO,
+ FST_CTRL_EVENT_SESSION " "
+ FST_CES_PNAME_SESSION_ID "=%u "
+ FST_CES_PNAME_EVT_TYPE "=%s",
+ session_id,
+ fst_session_event_type_name(event_type));
+ break;
+ }
+}
+
+
+/* command processors */
+
+/* fst session_get */
+static int session_get(const char *session_id, char *buf, size_t buflen)
+{
+ struct fst_session *s;
+ struct fst_iface *new_iface, *old_iface;
+ const u8 *old_peer_addr, *new_peer_addr;
+ u32 id;
+
+ id = strtoul(session_id, NULL, 0);
+
+ s = fst_session_get_by_id(id);
+ if (!s) {
+ fst_printf(MSG_WARNING, "CTRL: Cannot find session %u", id);
+ return os_snprintf(buf, buflen, "FAIL\n");
+ }
+
+ old_peer_addr = fst_session_get_peer_addr(s, TRUE);
+ new_peer_addr = fst_session_get_peer_addr(s, FALSE);
+ new_iface = fst_session_get_iface(s, FALSE);
+ old_iface = fst_session_get_iface(s, TRUE);
+
+ return os_snprintf(buf, buflen,
+ FST_CSG_PNAME_OLD_PEER_ADDR "=" MACSTR "\n"
+ FST_CSG_PNAME_NEW_PEER_ADDR "=" MACSTR "\n"
+ FST_CSG_PNAME_NEW_IFNAME "=%s\n"
+ FST_CSG_PNAME_OLD_IFNAME "=%s\n"
+ FST_CSG_PNAME_LLT "=%u\n"
+ FST_CSG_PNAME_STATE "=%s\n",
+ MAC2STR(old_peer_addr),
+ MAC2STR(new_peer_addr),
+ new_iface ? fst_iface_get_name(new_iface) :
+ FST_CTRL_PVAL_NONE,
+ old_iface ? fst_iface_get_name(old_iface) :
+ FST_CTRL_PVAL_NONE,
+ fst_session_get_llt(s),
+ fst_session_state_name(fst_session_get_state(s)));
+}
+
+
+/* fst session_set */
+static int session_set(const char *session_id, char *buf, size_t buflen)
+{
+ struct fst_session *s;
+ char *p, *q;
+ u32 id;
+ int ret;
+
+ id = strtoul(session_id, &p, 0);
+
+ s = fst_session_get_by_id(id);
+ if (!s) {
+ fst_printf(MSG_WARNING, "CTRL: Cannot find session %u", id);
+ return os_snprintf(buf, buflen, "FAIL\n");
+ }
+
+ if (*p != ' ' || !(q = os_strchr(p + 1, '=')))
+ return os_snprintf(buf, buflen, "FAIL\n");
+ p++;
+
+ if (os_strncasecmp(p, FST_CSS_PNAME_OLD_IFNAME, q - p) == 0) {
+ ret = fst_session_set_str_ifname(s, q + 1, TRUE);
+ } else if (os_strncasecmp(p, FST_CSS_PNAME_NEW_IFNAME, q - p) == 0) {
+ ret = fst_session_set_str_ifname(s, q + 1, FALSE);
+ } else if (os_strncasecmp(p, FST_CSS_PNAME_OLD_PEER_ADDR, q - p) == 0) {
+ ret = fst_session_set_str_peer_addr(s, q + 1, TRUE);
+ } else if (os_strncasecmp(p, FST_CSS_PNAME_NEW_PEER_ADDR, q - p) == 0) {
+ ret = fst_session_set_str_peer_addr(s, q + 1, FALSE);
+ } else if (os_strncasecmp(p, FST_CSS_PNAME_LLT, q - p) == 0) {
+ ret = fst_session_set_str_llt(s, q + 1);
+ } else {
+ fst_printf(MSG_ERROR, "CTRL: Unknown parameter: %s", p);
+ return os_snprintf(buf, buflen, "FAIL\n");
+ }
+
+ return os_snprintf(buf, buflen, "%s\n", ret ? "FAIL" : "OK");
+}
+
+
+/* fst session_add/remove */
+static int session_add(const char *group_id, char *buf, size_t buflen)
+{
+ struct fst_group *g;
+ struct fst_session *s;
+
+ g = get_fst_group_by_id(group_id);
+ if (!g) {
+ fst_printf(MSG_WARNING, "CTRL: Cannot find group '%s'",
+ group_id);
+ return os_snprintf(buf, buflen, "FAIL\n");
+ }
+
+ s = fst_session_create(g);
+ if (!s) {
+ fst_printf(MSG_ERROR,
+ "CTRL: Cannot create session for group '%s'",
+ group_id);
+ return os_snprintf(buf, buflen, "FAIL\n");
+ }
+
+ return os_snprintf(buf, buflen, "%u\n", fst_session_get_id(s));
+}
+
+
+static int session_remove(const char *session_id, char *buf, size_t buflen)
+{
+ struct fst_session *s;
+ struct fst_group *g;
+ u32 id;
+
+ id = strtoul(session_id, NULL, 0);
+
+ s = fst_session_get_by_id(id);
+ if (!s) {
+ fst_printf(MSG_WARNING, "CTRL: Cannot find session %u", id);
+ return os_snprintf(buf, buflen, "FAIL\n");
+ }
+
+ g = fst_session_get_group(s);
+ fst_session_reset(s);
+ fst_session_delete(s);
+ fst_group_delete_if_empty(g);
+
+ return os_snprintf(buf, buflen, "OK\n");
+}
+
+
+/* fst session_initiate */
+static int session_initiate(const char *session_id, char *buf, size_t buflen)
+{
+ struct fst_session *s;
+ u32 id;
+
+ id = strtoul(session_id, NULL, 0);
+
+ s = fst_session_get_by_id(id);
+ if (!s) {
+ fst_printf(MSG_WARNING, "CTRL: Cannot find session %u", id);
+ return os_snprintf(buf, buflen, "FAIL\n");
+ }
+
+ if (fst_session_initiate_setup(s)) {
+ fst_printf(MSG_WARNING, "CTRL: Cannot initiate session %u", id);
+ return os_snprintf(buf, buflen, "FAIL\n");
+ }
+
+ return os_snprintf(buf, buflen, "OK\n");
+}
+
+
+/* fst session_respond */
+static int session_respond(const char *session_id, char *buf, size_t buflen)
+{
+ struct fst_session *s;
+ char *p;
+ u32 id;
+ u8 status_code;
+
+ id = strtoul(session_id, &p, 0);
+
+ s = fst_session_get_by_id(id);
+ if (!s) {
+ fst_printf(MSG_WARNING, "CTRL: Cannot find session %u", id);
+ return os_snprintf(buf, buflen, "FAIL\n");
+ }
+
+ if (*p != ' ')
+ return os_snprintf(buf, buflen, "FAIL\n");
+ p++;
+
+ if (!os_strcasecmp(p, FST_CS_PVAL_RESPONSE_ACCEPT)) {
+ status_code = WLAN_STATUS_SUCCESS;
+ } else if (!os_strcasecmp(p, FST_CS_PVAL_RESPONSE_REJECT)) {
+ status_code = WLAN_STATUS_PENDING_ADMITTING_FST_SESSION;
+ } else {
+ fst_printf(MSG_WARNING,
+ "CTRL: session %u: unknown response status: %s",
+ id, p);
+ return os_snprintf(buf, buflen, "FAIL\n");
+ }
+
+ if (fst_session_respond(s, status_code)) {
+ fst_printf(MSG_WARNING, "CTRL: Cannot respond to session %u",
+ id);
+ return os_snprintf(buf, buflen, "FAIL\n");
+ }
+
+ fst_printf(MSG_INFO, "CTRL: session %u responded", id);
+
+ return os_snprintf(buf, buflen, "OK\n");
+}
+
+
+/* fst session_transfer */
+static int session_transfer(const char *session_id, char *buf, size_t buflen)
+{
+ struct fst_session *s;
+ u32 id;
+
+ id = strtoul(session_id, NULL, 0);
+
+ s = fst_session_get_by_id(id);
+ if (!s) {
+ fst_printf(MSG_WARNING, "CTRL: Cannot find session %u", id);
+ return os_snprintf(buf, buflen, "FAIL\n");
+ }
+
+ if (fst_session_initiate_switch(s)) {
+ fst_printf(MSG_WARNING,
+ "CTRL: Cannot initiate ST for session %u", id);
+ return os_snprintf(buf, buflen, "FAIL\n");
+ }
+
+ return os_snprintf(buf, buflen, "OK\n");
+}
+
+
+/* fst session_teardown */
+static int session_teardown(const char *session_id, char *buf, size_t buflen)
+{
+ struct fst_session *s;
+ u32 id;
+
+ id = strtoul(session_id, NULL, 0);
+
+ s = fst_session_get_by_id(id);
+ if (!s) {
+ fst_printf(MSG_WARNING, "CTRL: Cannot find session %u", id);
+ return os_snprintf(buf, buflen, "FAIL\n");
+ }
+
+ if (fst_session_tear_down_setup(s)) {
+ fst_printf(MSG_WARNING, "CTRL: Cannot tear down session %u",
+ id);
+ return os_snprintf(buf, buflen, "FAIL\n");
+ }
+
+ return os_snprintf(buf, buflen, "OK\n");
+}
+
+
+#ifdef CONFIG_FST_TEST
+/* fst test_request */
+static int test_request(const char *request, char *buf, size_t buflen)
+{
+ const char *p = request;
+ int ret;
+
+ if (!os_strncasecmp(p, FST_CTR_SEND_SETUP_REQUEST,
+ os_strlen(FST_CTR_SEND_SETUP_REQUEST))) {
+ ret = fst_test_req_send_fst_request(
+ p + os_strlen(FST_CTR_SEND_SETUP_REQUEST));
+ } else if (!os_strncasecmp(p, FST_CTR_SEND_SETUP_RESPONSE,
+ os_strlen(FST_CTR_SEND_SETUP_RESPONSE))) {
+ ret = fst_test_req_send_fst_response(
+ p + os_strlen(FST_CTR_SEND_SETUP_RESPONSE));
+ } else if (!os_strncasecmp(p, FST_CTR_SEND_ACK_REQUEST,
+ os_strlen(FST_CTR_SEND_ACK_REQUEST))) {
+ ret = fst_test_req_send_ack_request(
+ p + os_strlen(FST_CTR_SEND_ACK_REQUEST));
+ } else if (!os_strncasecmp(p, FST_CTR_SEND_ACK_RESPONSE,
+ os_strlen(FST_CTR_SEND_ACK_RESPONSE))) {
+ ret = fst_test_req_send_ack_response(
+ p + os_strlen(FST_CTR_SEND_ACK_RESPONSE));
+ } else if (!os_strncasecmp(p, FST_CTR_SEND_TEAR_DOWN,
+ os_strlen(FST_CTR_SEND_TEAR_DOWN))) {
+ ret = fst_test_req_send_tear_down(
+ p + os_strlen(FST_CTR_SEND_TEAR_DOWN));
+ } else if (!os_strncasecmp(p, FST_CTR_GET_FSTS_ID,
+ os_strlen(FST_CTR_GET_FSTS_ID))) {
+ u32 fsts_id = fst_test_req_get_fsts_id(
+ p + os_strlen(FST_CTR_GET_FSTS_ID));
+ if (fsts_id != FST_FSTS_ID_NOT_FOUND)
+ return os_snprintf(buf, buflen, "%u\n", fsts_id);
+ return os_snprintf(buf, buflen, "FAIL\n");
+ } else if (!os_strncasecmp(p, FST_CTR_GET_LOCAL_MBIES,
+ os_strlen(FST_CTR_GET_LOCAL_MBIES))) {
+ return fst_test_req_get_local_mbies(
+ p + os_strlen(FST_CTR_GET_LOCAL_MBIES), buf, buflen);
+ } else if (!os_strncasecmp(p, FST_CTR_IS_SUPPORTED,
+ os_strlen(FST_CTR_IS_SUPPORTED))) {
+ ret = 0;
+ } else {
+ fst_printf(MSG_ERROR, "CTRL: Unknown parameter: %s", p);
+ return os_snprintf(buf, buflen, "FAIL\n");
+ }
+
+ return os_snprintf(buf, buflen, "%s\n", ret ? "FAIL" : "OK");
+}
+#endif /* CONFIG_FST_TEST */
+
+
+/* fst list_sessions */
+struct list_sessions_cb_ctx {
+ char *buf;
+ size_t buflen;
+ size_t reply_len;
+};
+
+
+static void list_session_enum_cb(struct fst_group *g, struct fst_session *s,
+ void *ctx)
+{
+ struct list_sessions_cb_ctx *c = ctx;
+ int ret;
+
+ ret = os_snprintf(c->buf, c->buflen, " %u", fst_session_get_id(s));
+
+ c->buf += ret;
+ c->buflen -= ret;
+ c->reply_len += ret;
+}
+
+
+static int list_sessions(const char *group_id, char *buf, size_t buflen)
+{
+ struct list_sessions_cb_ctx ctx;
+ struct fst_group *g;
+
+ g = get_fst_group_by_id(group_id);
+ if (!g) {
+ fst_printf(MSG_WARNING, "CTRL: Cannot find group '%s'",
+ group_id);
+ return os_snprintf(buf, buflen, "FAIL\n");
+ }
+
+ ctx.buf = buf;
+ ctx.buflen = buflen;
+ ctx.reply_len = 0;
+
+ fst_session_enum(g, list_session_enum_cb, &ctx);
+
+ ctx.reply_len += os_snprintf(buf + ctx.reply_len, ctx.buflen, "\n");
+
+ return ctx.reply_len;
+}
+
+
+/* fst iface_peers */
+static int iface_peers(const char *group_id, char *buf, size_t buflen)
+{
+ const char *ifname;
+ struct fst_group *g;
+ struct fst_iface *f;
+ struct fst_get_peer_ctx *ctx;
+ const u8 *addr;
+ unsigned found = 0;
+ int ret = 0;
+
+ g = get_fst_group_by_id(group_id);
+ if (!g) {
+ fst_printf(MSG_WARNING, "CTRL: Cannot find group '%s'",
+ group_id);
+ return os_snprintf(buf, buflen, "FAIL\n");
+ }
+
+ ifname = os_strchr(group_id, ' ');
+ if (!ifname)
+ return os_snprintf(buf, buflen, "FAIL\n");
+ ifname++;
+
+ foreach_fst_group_iface(g, f) {
+ const char *in = fst_iface_get_name(f);
+
+ if (os_strncmp(ifname, in, os_strlen(in)) == 0) {
+ found = 1;
+ break;
+ }
+ }
+
+ if (!found)
+ return os_snprintf(buf, buflen, "FAIL\n");
+
+ addr = fst_iface_get_peer_first(f, &ctx, FALSE);
+ for (; addr != NULL; addr = fst_iface_get_peer_next(f, &ctx, FALSE)) {
+ int res;
+
+ res = os_snprintf(buf + ret, buflen - ret, MACSTR "\n",
+ MAC2STR(addr));
+ if (os_snprintf_error(buflen - ret, res))
+ break;
+ ret += res;
+ }
+
+ return ret;
+}
+
+
+static int get_peer_mbies(const char *params, char *buf, size_t buflen)
+{
+ char *endp;
+ char ifname[FST_MAX_INTERFACE_SIZE];
+ u8 peer_addr[ETH_ALEN];
+ struct fst_group *g;
+ struct fst_iface *iface = NULL;
+ const struct wpabuf *mbies;
+
+ if (fst_read_next_text_param(params, ifname, sizeof(ifname), &endp) ||
+ !*ifname)
+ goto problem;
+
+ while (isspace(*endp))
+ endp++;
+ if (fst_read_peer_addr(endp, peer_addr))
+ goto problem;
+
+ foreach_fst_group(g) {
+ iface = fst_group_get_iface_by_name(g, ifname);
+ if (iface)
+ break;
+ }
+ if (!iface)
+ goto problem;
+
+ mbies = fst_iface_get_peer_mb_ie(iface, peer_addr);
+ if (!mbies)
+ goto problem;
+
+ return wpa_snprintf_hex(buf, buflen, wpabuf_head(mbies),
+ wpabuf_len(mbies));
+
+problem:
+ return os_snprintf(buf, buflen, "FAIL\n");
+}
+
+
+/* fst list_ifaces */
+static int list_ifaces(const char *group_id, char *buf, size_t buflen)
+{
+ struct fst_group *g;
+ struct fst_iface *f;
+ int ret = 0;
+
+ g = get_fst_group_by_id(group_id);
+ if (!g) {
+ fst_printf(MSG_WARNING, "CTRL: Cannot find group '%s'",
+ group_id);
+ return os_snprintf(buf, buflen, "FAIL\n");
+ }
+
+ foreach_fst_group_iface(g, f) {
+ int res;
+ const u8 *iface_addr = fst_iface_get_addr(f);
+
+ res = os_snprintf(buf + ret, buflen - ret,
+ "%s|" MACSTR "|%u|%u\n",
+ fst_iface_get_name(f),
+ MAC2STR(iface_addr),
+ fst_iface_get_priority(f),
+ fst_iface_get_llt(f));
+ if (os_snprintf_error(buflen - ret, res))
+ break;
+ ret += res;
+ }
+
+ return ret;
+}
+
+
+/* fst list_groups */
+static int list_groups(const char *cmd, char *buf, size_t buflen)
+{
+ struct fst_group *g;
+ int ret = 0;
+
+ foreach_fst_group(g) {
+ int res;
+
+ res = os_snprintf(buf + ret, buflen - ret, "%s\n",
+ fst_group_get_id(g));
+ if (os_snprintf_error(buflen - ret, res))
+ break;
+ ret += res;
+ }
+
+ return ret;
+}
+
+
+static const char * band_freq(enum mb_band_id band)
+{
+ static const char *band_names[] = {
+ [MB_BAND_ID_WIFI_2_4GHZ] "2.4GHZ",
+ [MB_BAND_ID_WIFI_5GHZ] "5GHZ",
+ [MB_BAND_ID_WIFI_60GHZ] "60GHZ",
+ };
+
+ return fst_get_str_name(band, band_names, ARRAY_SIZE(band_names));
+}
+
+
+static int print_band(unsigned num, struct fst_iface *iface, const u8 *addr,
+ char *buf, size_t buflen)
+{
+ const struct wpabuf *wpabuf;
+ enum hostapd_hw_mode hw_mode;
+ u8 channel;
+ int ret = 0;
+
+ fst_iface_get_channel_info(iface, &hw_mode, &channel);
+
+ ret += os_snprintf(buf + ret, buflen - ret, "band%u_frequency=%s\n",
+ num, band_freq(fst_hw_mode_to_band(hw_mode)));
+ ret += os_snprintf(buf + ret, buflen - ret, "band%u_iface=%s\n",
+ num, fst_iface_get_name(iface));
+ wpabuf = fst_iface_get_peer_mb_ie(iface, addr);
+ if (wpabuf) {
+ ret += os_snprintf(buf + ret, buflen - ret, "band%u_mb_ies=",
+ num);
+ ret += wpa_snprintf_hex(buf + ret, buflen - ret,
+ wpabuf_head(wpabuf),
+ wpabuf_len(wpabuf));
+ ret += os_snprintf(buf + ret, buflen - ret, "\n");
+ }
+ ret += os_snprintf(buf + ret, buflen - ret, "band%u_fst_group_id=%s\n",
+ num, fst_iface_get_group_id(iface));
+ ret += os_snprintf(buf + ret, buflen - ret, "band%u_fst_priority=%u\n",
+ num, fst_iface_get_priority(iface));
+ ret += os_snprintf(buf + ret, buflen - ret, "band%u_fst_llt=%u\n",
+ num, fst_iface_get_llt(iface));
+
+ return ret;
+}
+
+
+static void fst_ctrl_iface_on_iface_state_changed(struct fst_iface *i,
+ Boolean attached)
+{
+ union fst_event_extra extra;
+
+ os_memset(&extra, 0, sizeof(extra));
+ extra.iface_state.attached = attached;
+ os_strlcpy(extra.iface_state.ifname, fst_iface_get_name(i),
+ sizeof(extra.iface_state.ifname));
+ os_strlcpy(extra.iface_state.group_id, fst_iface_get_group_id(i),
+ sizeof(extra.iface_state.group_id));
+
+ fst_ctrl_iface_notify(i, FST_INVALID_SESSION_ID,
+ EVENT_FST_IFACE_STATE_CHANGED, &extra);
+}
+
+
+static int fst_ctrl_iface_on_iface_added(struct fst_iface *i)
+{
+ fst_ctrl_iface_on_iface_state_changed(i, TRUE);
+ return 0;
+}
+
+
+static void fst_ctrl_iface_on_iface_removed(struct fst_iface *i)
+{
+ fst_ctrl_iface_on_iface_state_changed(i, FALSE);
+}
+
+
+static void fst_ctrl_iface_on_event(enum fst_event_type event_type,
+ struct fst_iface *i, struct fst_session *s,
+ const union fst_event_extra *extra)
+{
+ u32 session_id = s ? fst_session_get_id(s) : FST_INVALID_SESSION_ID;
+
+ fst_ctrl_iface_notify(i, session_id, event_type, extra);
+}
+
+
+static const struct fst_ctrl ctrl_cli = {
+ .on_iface_added = fst_ctrl_iface_on_iface_added,
+ .on_iface_removed = fst_ctrl_iface_on_iface_removed,
+ .on_event = fst_ctrl_iface_on_event,
+};
+
+const struct fst_ctrl *fst_ctrl_cli = &ctrl_cli;
+
+
+int fst_ctrl_iface_mb_info(const u8 *addr, char *buf, size_t buflen)
+{
+ struct fst_group *g;
+ struct fst_iface *f;
+ unsigned num = 0;
+ int ret = 0;
+
+ foreach_fst_group(g) {
+ foreach_fst_group_iface(g, f) {
+ if (fst_iface_is_connected(f, addr)) {
+ ret += print_band(num++, f, addr,
+ buf + ret, buflen - ret);
+ }
+ }
+ }
+
+ return ret;
+}
+
+
+/* fst ctrl processor */
+int fst_ctrl_iface_receive(const char *cmd, char *reply, size_t reply_size)
+{
+ static const struct fst_command {
+ const char *name;
+ unsigned has_param;
+ int (*process)(const char *group_id, char *buf, size_t buflen);
+ } commands[] = {
+ { FST_CMD_LIST_GROUPS, 0, list_groups},
+ { FST_CMD_LIST_IFACES, 1, list_ifaces},
+ { FST_CMD_IFACE_PEERS, 1, iface_peers},
+ { FST_CMD_GET_PEER_MBIES, 1, get_peer_mbies},
+ { FST_CMD_LIST_SESSIONS, 1, list_sessions},
+ { FST_CMD_SESSION_ADD, 1, session_add},
+ { FST_CMD_SESSION_REMOVE, 1, session_remove},
+ { FST_CMD_SESSION_GET, 1, session_get},
+ { FST_CMD_SESSION_SET, 1, session_set},
+ { FST_CMD_SESSION_INITIATE, 1, session_initiate},
+ { FST_CMD_SESSION_RESPOND, 1, session_respond},
+ { FST_CMD_SESSION_TRANSFER, 1, session_transfer},
+ { FST_CMD_SESSION_TEARDOWN, 1, session_teardown},
+#ifdef CONFIG_FST_TEST
+ { FST_CMD_TEST_REQUEST, 1, test_request },
+#endif /* CONFIG_FST_TEST */
+ { NULL, 0, NULL }
+ };
+ const struct fst_command *c;
+ const char *p;
+ const char *temp;
+ Boolean non_spaces_found;
+
+ for (c = commands; c->name; c++) {
+ if (os_strncasecmp(cmd, c->name, os_strlen(c->name)) != 0)
+ continue;
+ p = cmd + os_strlen(c->name);
+ if (c->has_param) {
+ if (!isspace(p[0]))
+ return os_snprintf(reply, reply_size, "FAIL\n");
+ p++;
+ temp = p;
+ non_spaces_found = FALSE;
+ while (*temp) {
+ if (!isspace(*temp)) {
+ non_spaces_found = TRUE;
+ break;
+ }
+ temp++;
+ }
+ if (!non_spaces_found)
+ return os_snprintf(reply, reply_size, "FAIL\n");
+ }
+ return c->process(p, reply, reply_size);
+ }
+
+ return os_snprintf(reply, reply_size, "UNKNOWN FST COMMAND\n");
+}
+
+
+int fst_read_next_int_param(const char *params, Boolean *valid, char **endp)
+{
+ int ret = -1;
+ const char *curp;
+
+ *valid = FALSE;
+ *endp = (char *) params;
+ curp = params;
+ if (*curp) {
+ ret = (int) strtol(curp, endp, 0);
+ if (!**endp || isspace(**endp))
+ *valid = TRUE;
+ }
+
+ return ret;
+}
+
+
+int fst_read_next_text_param(const char *params, char *buf, size_t buflen,
+ char **endp)
+{
+ size_t max_chars_to_copy;
+ char *cur_dest;
+
+ *endp = (char *) params;
+ while (isspace(**endp))
+ (*endp)++;
+ if (!**endp || buflen <= 1)
+ return -EINVAL;
+
+ max_chars_to_copy = buflen - 1;
+ /* We need 1 byte for the terminating zero */
+ cur_dest = buf;
+ while (**endp && !isspace(**endp) && max_chars_to_copy > 0) {
+ *cur_dest = **endp;
+ (*endp)++;
+ cur_dest++;
+ max_chars_to_copy--;
+ }
+ *cur_dest = 0;
+
+ return 0;
+}
+
+
+int fst_read_peer_addr(const char *mac, u8 *peer_addr)
+{
+ if (hwaddr_aton(mac, peer_addr)) {
+ fst_printf(MSG_WARNING, "Bad peer_mac %s: invalid addr string",
+ mac);
+ return -1;
+ }
+
+ if (is_zero_ether_addr(peer_addr) ||
+ is_multicast_ether_addr(peer_addr)) {
+ fst_printf(MSG_WARNING, "Bad peer_mac %s: not a unicast addr",
+ mac);
+ return -1;
+ }
+
+ return 0;
+}
+
+
+int fst_parse_attach_command(const char *cmd, char *ifname, size_t ifname_size,
+ struct fst_iface_cfg *cfg)
+{
+ char *pos;
+ char *endp;
+ Boolean is_valid;
+ int val;
+
+ if (fst_read_next_text_param(cmd, ifname, ifname_size, &endp) ||
+ fst_read_next_text_param(endp, cfg->group_id, sizeof(cfg->group_id),
+ &endp))
+ return -EINVAL;
+
+ cfg->llt = FST_DEFAULT_LLT_CFG_VALUE;
+ cfg->priority = 0;
+ pos = os_strstr(endp, FST_ATTACH_CMD_PNAME_LLT);
+ if (pos) {
+ pos += os_strlen(FST_ATTACH_CMD_PNAME_LLT);
+ if (*pos == '=') {
+ val = fst_read_next_int_param(pos + 1, &is_valid,
+ &endp);
+ if (is_valid)
+ cfg->llt = val;
+ }
+ }
+ pos = os_strstr(endp, FST_ATTACH_CMD_PNAME_PRIORITY);
+ if (pos) {
+ pos += os_strlen(FST_ATTACH_CMD_PNAME_PRIORITY);
+ if (*pos == '=') {
+ val = fst_read_next_int_param(pos + 1, &is_valid,
+ &endp);
+ if (is_valid)
+ cfg->priority = (u8) val;
+ }
+ }
+
+ return 0;
+}
+
+
+int fst_parse_detach_command(const char *cmd, char *ifname, size_t ifname_size)
+{
+ char *endp;
+
+ return fst_read_next_text_param(cmd, ifname, ifname_size, &endp);
+}
+
+
+int fst_iface_detach(const char *ifname)
+{
+ struct fst_group *g;
+
+ foreach_fst_group(g) {
+ struct fst_iface *f;
+
+ f = fst_group_get_iface_by_name(g, ifname);
+ if (f) {
+ fst_detach(f);
+ return 0;
+ }
+ }
+
+ return -EINVAL;
+}
diff --git a/src/fst/fst_ctrl_iface.h b/src/fst/fst_ctrl_iface.h
new file mode 100644
index 0000000..4d0cd9f
--- /dev/null
+++ b/src/fst/fst_ctrl_iface.h
@@ -0,0 +1,45 @@
+/*
+ * FST module - internal Control interface definitions
+ * Copyright (c) 2014, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef FST_CTRL_IFACE_H
+#define FST_CTRL_IFACE_H
+
+#include "fst/fst_ctrl_aux.h"
+
+#ifdef CONFIG_FST
+
+/* receiver */
+int fst_ctrl_iface_mb_info(const u8 *addr, char *buf, size_t buflen);
+
+int fst_ctrl_iface_receive(const char *txtaddr, char *buf, size_t buflen);
+
+extern const struct fst_ctrl *fst_ctrl_cli;
+
+#else /* CONFIG_FST */
+
+static inline int
+fst_ctrl_iface_mb_info(const u8 *addr, char *buf, size_t buflen)
+{
+ return 0;
+}
+
+#endif /* CONFIG_FST */
+
+int fst_read_next_int_param(const char *params, Boolean *valid, char **endp);
+int fst_read_next_text_param(const char *params, char *buf, size_t buflen,
+ char **endp);
+int fst_read_peer_addr(const char *mac, u8 *peer_addr);
+
+struct fst_iface_cfg;
+
+int fst_parse_attach_command(const char *cmd, char *ifname, size_t ifname_size,
+ struct fst_iface_cfg *cfg);
+int fst_parse_detach_command(const char *cmd, char *ifname, size_t ifname_size);
+int fst_iface_detach(const char *ifname);
+
+#endif /* CTRL_IFACE_FST_H */
diff --git a/src/fst/fst_defs.h b/src/fst/fst_defs.h
new file mode 100644
index 0000000..8ddcc61
--- /dev/null
+++ b/src/fst/fst_defs.h
@@ -0,0 +1,87 @@
+/*
+ * FST module - FST related definitions
+ * Copyright (c) 2014, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef IEEE_80211_FST_DEFS_H
+#define IEEE_80211_FST_DEFS_H
+
+/* IEEE Std 802.11ad */
+
+#define MB_STA_CHANNEL_ALL 0
+
+enum session_type {
+ SESSION_TYPE_BSS = 0, /* Infrastructure BSS */
+ SESSION_TYPE_IBSS = 1,
+ SESSION_TYPE_DLS = 2,
+ SESSION_TYPE_TDLS = 3,
+ SESSION_TYPE_PBSS = 4
+};
+
+#define SESSION_CONTROL(session_type, switch_intent) \
+ (((u8) ((session_type) & 0x7)) | ((switch_intent) ? 0x10 : 0x00))
+
+#define GET_SESSION_CONTROL_TYPE(session_control) \
+ ((u8) ((session_control) & 0x7))
+
+#define GET_SESSION_CONTROL_SWITCH_INTENT(session_control) \
+ (((session_control) & 0x10) >> 4)
+
+/* 8.4.2.147 Session Transition element */
+struct session_transition_ie {
+ u8 element_id;
+ u8 length;
+ u32 fsts_id;
+ u8 session_control;
+ u8 new_band_id;
+ u8 new_band_setup;
+ u8 new_band_op;
+ u8 old_band_id;
+ u8 old_band_setup;
+ u8 old_band_op;
+} STRUCT_PACKED;
+
+struct fst_setup_req {
+ u8 action;
+ u8 dialog_token;
+ u32 llt;
+ struct session_transition_ie stie;
+ /* Multi-band (optional) */
+ /* Wakeup Schedule (optional) */
+ /* Awake Window (optional) */
+ /* Switching Stream (optional) */
+} STRUCT_PACKED;
+
+struct fst_setup_res {
+ u8 action;
+ u8 dialog_token;
+ u8 status_code;
+ struct session_transition_ie stie;
+ /* Multi-band (optional) */
+ /* Wakeup Schedule (optional) */
+ /* Awake Window (optional) */
+ /* Switching Stream (optional) */
+ /* Timeout Interval (optional) */
+} STRUCT_PACKED;
+
+struct fst_ack_req {
+ u8 action;
+ u8 dialog_token;
+ u32 fsts_id;
+} STRUCT_PACKED;
+
+struct fst_ack_res {
+ u8 action;
+ u8 dialog_token;
+ u32 fsts_id;
+} STRUCT_PACKED;
+
+struct fst_tear_down {
+ u8 action;
+ u32 fsts_id;
+} STRUCT_PACKED;
+
+#endif /* IEEE_80211_FST_DEFS_H */
diff --git a/src/fst/fst_group.c b/src/fst/fst_group.c
new file mode 100644
index 0000000..f6c7be9
--- /dev/null
+++ b/src/fst/fst_group.c
@@ -0,0 +1,462 @@
+/*
+ * FST module - FST group object implementation
+ * Copyright (c) 2014, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "utils/includes.h"
+#include "utils/common.h"
+#include "common/defs.h"
+#include "common/ieee802_11_defs.h"
+#include "common/ieee802_11_common.h"
+#include "drivers/driver.h"
+#include "fst/fst_internal.h"
+#include "fst/fst_defs.h"
+
+
+struct dl_list fst_global_groups_list;
+
+#ifndef HOSTAPD
+static Boolean fst_has_fst_peer(struct fst_iface *iface, Boolean *has_peer)
+{
+ const u8 *bssid;
+
+ bssid = fst_iface_get_bssid(iface);
+ if (!bssid) {
+ *has_peer = FALSE;
+ return FALSE;
+ }
+
+ *has_peer = TRUE;
+ return fst_iface_get_peer_mb_ie(iface, bssid) != NULL;
+}
+#endif /* HOSTAPD */
+
+
+static void fst_dump_mb_ies(const char *group_id, const char *ifname,
+ struct wpabuf *mbies)
+{
+ const u8 *p = wpabuf_head(mbies);
+ size_t s = wpabuf_len(mbies);
+
+ while (s >= 2) {
+ const struct multi_band_ie *mbie =
+ (const struct multi_band_ie *) p;
+ WPA_ASSERT(mbie->eid == WLAN_EID_MULTI_BAND);
+ WPA_ASSERT(2 + mbie->len >= sizeof(*mbie));
+
+ fst_printf(MSG_WARNING,
+ "%s: %s: mb_ctrl=%u band_id=%u op_class=%u chan=%u bssid="
+ MACSTR
+ " beacon_int=%u tsf_offs=[%u %u %u %u %u %u %u %u] mb_cc=0x%02x tmout=%u",
+ group_id, ifname,
+ mbie->mb_ctrl, mbie->band_id, mbie->op_class,
+ mbie->chan, MAC2STR(mbie->bssid), mbie->beacon_int,
+ mbie->tsf_offs[0], mbie->tsf_offs[1],
+ mbie->tsf_offs[2], mbie->tsf_offs[3],
+ mbie->tsf_offs[4], mbie->tsf_offs[5],
+ mbie->tsf_offs[6], mbie->tsf_offs[7],
+ mbie->mb_connection_capability,
+ mbie->fst_session_tmout);
+
+ p += 2 + mbie->len;
+ s -= 2 + mbie->len;
+ }
+}
+
+
+static void fst_fill_mb_ie(struct wpabuf *buf, const u8 *bssid,
+ const u8 *own_addr, enum mb_band_id band, u8 channel)
+{
+ struct multi_band_ie *mbie;
+ size_t len = sizeof(*mbie);
+
+ if (own_addr)
+ len += ETH_ALEN;
+
+ mbie = wpabuf_put(buf, len);
+
+ os_memset(mbie, 0, len);
+
+ mbie->eid = WLAN_EID_MULTI_BAND;
+ mbie->len = len - 2;
+#ifdef HOSTAPD
+ mbie->mb_ctrl = MB_STA_ROLE_AP;
+ mbie->mb_connection_capability = MB_CONNECTION_CAPABILITY_AP;
+#else /* HOSTAPD */
+ mbie->mb_ctrl = MB_STA_ROLE_NON_PCP_NON_AP;
+ mbie->mb_connection_capability = 0;
+#endif /* HOSTAPD */
+ if (bssid)
+ os_memcpy(mbie->bssid, bssid, ETH_ALEN);
+ mbie->band_id = band;
+ mbie->op_class = 0; /* means all */
+ mbie->chan = channel;
+ mbie->fst_session_tmout = FST_DEFAULT_SESSION_TIMEOUT_TU;
+
+ if (own_addr) {
+ mbie->mb_ctrl |= MB_CTRL_STA_MAC_PRESENT;
+ os_memcpy(&mbie[1], own_addr, ETH_ALEN);
+ }
+}
+
+
+static unsigned fst_fill_iface_mb_ies(struct fst_iface *f, struct wpabuf *buf)
+{
+ const u8 *bssid;
+
+ bssid = fst_iface_get_bssid(f);
+ if (bssid) {
+ enum hostapd_hw_mode hw_mode;
+ u8 channel;
+
+ if (buf) {
+ fst_iface_get_channel_info(f, &hw_mode, &channel);
+ fst_fill_mb_ie(buf, bssid, fst_iface_get_addr(f),
+ fst_hw_mode_to_band(hw_mode), channel);
+ }
+ return 1;
+ } else {
+ unsigned bands[MB_BAND_ID_WIFI_60GHZ + 1] = {};
+ struct hostapd_hw_modes *modes;
+ enum mb_band_id b;
+ int num_modes = fst_iface_get_hw_modes(f, &modes);
+ int ret = 0;
+
+ while (num_modes--) {
+ b = fst_hw_mode_to_band(modes->mode);
+ modes++;
+ if (b >= ARRAY_SIZE(bands) || bands[b]++)
+ continue;
+ ret++;
+ if (buf)
+ fst_fill_mb_ie(buf, NULL, fst_iface_get_addr(f),
+ b, MB_STA_CHANNEL_ALL);
+ }
+ return ret;
+ }
+}
+
+
+static struct wpabuf * fst_group_create_mb_ie(struct fst_group *g,
+ struct fst_iface *i)
+{
+ struct wpabuf *buf;
+ struct fst_iface *f;
+ unsigned int nof_mbies = 0;
+ unsigned int nof_ifaces_added = 0;
+#ifndef HOSTAPD
+ Boolean has_peer;
+ Boolean has_fst_peer;
+
+ foreach_fst_group_iface(g, f) {
+ has_fst_peer = fst_has_fst_peer(f, &has_peer);
+ if (has_peer && !has_fst_peer)
+ return NULL;
+ }
+#endif /* HOSTAPD */
+
+ foreach_fst_group_iface(g, f) {
+ if (f == i)
+ continue;
+ nof_mbies += fst_fill_iface_mb_ies(f, NULL);
+ }
+
+ buf = wpabuf_alloc(nof_mbies *
+ (sizeof(struct multi_band_ie) + ETH_ALEN));
+ if (!buf) {
+ fst_printf_iface(i, MSG_ERROR,
+ "cannot allocate mem for %u MB IEs",
+ nof_mbies);
+ return NULL;
+ }
+
+ /* The list is sorted in descending order by priorities, so MB IEs will
+ * be arranged in the same order, as required by spec (see corresponding
+ * comment in.fst_attach().
+ */
+ foreach_fst_group_iface(g, f) {
+ if (f == i)
+ continue;
+
+ fst_fill_iface_mb_ies(f, buf);
+ ++nof_ifaces_added;
+
+ fst_printf_iface(i, MSG_DEBUG, "added to MB IE");
+ }
+
+ if (!nof_ifaces_added) {
+ wpabuf_free(buf);
+ buf = NULL;
+ fst_printf_iface(i, MSG_INFO,
+ "cannot add MB IE: no backup ifaces");
+ } else {
+ fst_dump_mb_ies(fst_group_get_id(g), fst_iface_get_name(i),
+ buf);
+ }
+
+ return buf;
+}
+
+
+static const u8 * fst_mbie_get_peer_addr(const struct multi_band_ie *mbie)
+{
+ const u8 *peer_addr = NULL;
+
+ switch (MB_CTRL_ROLE(mbie->mb_ctrl)) {
+ case MB_STA_ROLE_AP:
+ peer_addr = mbie->bssid;
+ break;
+ case MB_STA_ROLE_NON_PCP_NON_AP:
+ if (mbie->mb_ctrl & MB_CTRL_STA_MAC_PRESENT &&
+ (size_t) 2 + mbie->len >= sizeof(*mbie) + ETH_ALEN)
+ peer_addr = (const u8 *) &mbie[1];
+ break;
+ default:
+ break;
+ }
+
+ return peer_addr;
+}
+
+
+static struct fst_iface *
+fst_group_get_new_iface_by_mbie_and_band_id(struct fst_group *g,
+ const u8 *mb_ies_buff,
+ size_t mb_ies_size,
+ u8 band_id,
+ u8 *iface_peer_addr)
+{
+ while (mb_ies_size >= 2) {
+ const struct multi_band_ie *mbie =
+ (const struct multi_band_ie *) mb_ies_buff;
+
+ if (mbie->eid != WLAN_EID_MULTI_BAND ||
+ (size_t) 2 + mbie->len < sizeof(*mbie))
+ break;
+
+ if (mbie->band_id == band_id) {
+ struct fst_iface *iface;
+
+ foreach_fst_group_iface(g, iface) {
+ const u8 *peer_addr =
+ fst_mbie_get_peer_addr(mbie);
+
+ if (peer_addr &&
+ fst_iface_is_connected(iface, peer_addr) &&
+ band_id == fst_iface_get_band_id(iface)) {
+ os_memcpy(iface_peer_addr, peer_addr,
+ ETH_ALEN);
+ return iface;
+ }
+ }
+ break;
+ }
+
+ mb_ies_buff += 2 + mbie->len;
+ mb_ies_size -= 2 + mbie->len;
+ }
+
+ return NULL;
+}
+
+
+struct fst_iface * fst_group_get_iface_by_name(struct fst_group *g,
+ const char *ifname)
+{
+ struct fst_iface *f;
+
+ foreach_fst_group_iface(g, f) {
+ const char *in = fst_iface_get_name(f);
+
+ if (os_strncmp(in, ifname, os_strlen(in)) == 0)
+ return f;
+ }
+
+ return NULL;
+}
+
+
+u8 fst_group_assign_dialog_token(struct fst_group *g)
+{
+ g->dialog_token++;
+ if (g->dialog_token == 0)
+ g->dialog_token++;
+ return g->dialog_token;
+}
+
+
+u32 fst_group_assign_fsts_id(struct fst_group *g)
+{
+ g->fsts_id++;
+ return g->fsts_id;
+}
+
+
+static Boolean
+fst_group_does_iface_appear_in_other_mbies(struct fst_group *g,
+ struct fst_iface *iface,
+ struct fst_iface *other,
+ u8 *peer_addr)
+{
+ struct fst_get_peer_ctx *ctx;
+ const u8 *addr;
+ const u8 *iface_addr;
+ enum mb_band_id iface_band_id;
+
+ WPA_ASSERT(g == fst_iface_get_group(iface));
+ WPA_ASSERT(g == fst_iface_get_group(other));
+
+ iface_addr = fst_iface_get_addr(iface);
+ iface_band_id = fst_iface_get_band_id(iface);
+
+ addr = fst_iface_get_peer_first(other, &ctx, TRUE);
+ for (; addr; addr = fst_iface_get_peer_next(other, &ctx, TRUE)) {
+ const struct wpabuf *mbies;
+ u8 other_iface_peer_addr[ETH_ALEN];
+ struct fst_iface *other_new_iface;
+
+ mbies = fst_iface_get_peer_mb_ie(other, addr);
+ if (!mbies)
+ continue;
+
+ other_new_iface = fst_group_get_new_iface_by_mbie_and_band_id(
+ g, wpabuf_head(mbies), wpabuf_len(mbies),
+ iface_band_id, other_iface_peer_addr);
+ if (other_new_iface == iface &&
+ os_memcmp(iface_addr, other_iface_peer_addr,
+ ETH_ALEN) != 0) {
+ os_memcpy(peer_addr, addr, ETH_ALEN);
+ return TRUE;
+ }
+ }
+
+ return FALSE;
+}
+
+
+struct fst_iface *
+fst_group_find_new_iface_by_stie(struct fst_group *g,
+ struct fst_iface *iface,
+ const u8 *peer_addr,
+ const struct session_transition_ie *stie,
+ u8 *iface_peer_addr)
+{
+ struct fst_iface *i;
+
+ foreach_fst_group_iface(g, i) {
+ if (i == iface ||
+ stie->new_band_id != fst_iface_get_band_id(i))
+ continue;
+ if (fst_group_does_iface_appear_in_other_mbies(g, iface, i,
+ iface_peer_addr))
+ return i;
+ break;
+ }
+ return NULL;
+}
+
+
+struct fst_iface *
+fst_group_get_new_iface_by_stie_and_mbie(
+ struct fst_group *g, const u8 *mb_ies_buff, size_t mb_ies_size,
+ const struct session_transition_ie *stie, u8 *iface_peer_addr)
+{
+ return fst_group_get_new_iface_by_mbie_and_band_id(
+ g, mb_ies_buff, mb_ies_size, stie->new_band_id,
+ iface_peer_addr);
+}
+
+
+struct fst_group * fst_group_create(const char *group_id)
+{
+ struct fst_group *g;
+
+ g = os_zalloc(sizeof(*g));
+ if (g == NULL) {
+ fst_printf(MSG_ERROR, "%s: Cannot alloc group", group_id);
+ return NULL;
+ }
+
+ dl_list_init(&g->ifaces);
+ os_strlcpy(g->group_id, group_id, sizeof(g->group_id));
+
+ dl_list_add_tail(&fst_global_groups_list, &g->global_groups_lentry);
+ fst_printf_group(g, MSG_DEBUG, "instance created");
+
+ foreach_fst_ctrl_call(on_group_created, g);
+
+ return g;
+}
+
+
+void fst_group_attach_iface(struct fst_group *g, struct fst_iface *i)
+{
+ struct dl_list *list = &g->ifaces;
+ struct fst_iface *f;
+
+ /*
+ * Add new interface to the list.
+ * The list is sorted in descending order by priority to allow
+ * multiple MB IEs creation according to the spec (see 10.32 Multi-band
+ * operation, 10.32.1 General), as they should be ordered according to
+ * priorities.
+ */
+ foreach_fst_group_iface(g, f) {
+ if (fst_iface_get_priority(f) < fst_iface_get_priority(i))
+ break;
+ list = &f->group_lentry;
+ }
+ dl_list_add(list, &i->group_lentry);
+}
+
+
+void fst_group_detach_iface(struct fst_group *g, struct fst_iface *i)
+{
+ dl_list_del(&i->group_lentry);
+}
+
+
+void fst_group_delete(struct fst_group *group)
+{
+ struct fst_session *s;
+
+ dl_list_del(&group->global_groups_lentry);
+ WPA_ASSERT(dl_list_empty(&group->ifaces));
+ foreach_fst_ctrl_call(on_group_deleted, group);
+ fst_printf_group(group, MSG_DEBUG, "instance deleted");
+ while ((s = fst_session_global_get_first_by_group(group)) != NULL)
+ fst_session_delete(s);
+ os_free(group);
+}
+
+
+Boolean fst_group_delete_if_empty(struct fst_group *group)
+{
+ Boolean is_empty = !fst_group_has_ifaces(group) &&
+ !fst_session_global_get_first_by_group(group);
+
+ if (is_empty)
+ fst_group_delete(group);
+
+ return is_empty;
+}
+
+
+void fst_group_update_ie(struct fst_group *g)
+{
+ struct fst_iface *i;
+
+ foreach_fst_group_iface(g, i) {
+ struct wpabuf *mbie = fst_group_create_mb_ie(g, i);
+
+ if (!mbie)
+ fst_printf_iface(i, MSG_WARNING, "cannot create MB IE");
+
+ fst_iface_attach_mbie(i, mbie);
+ fst_iface_set_ies(i, mbie);
+ fst_printf_iface(i, MSG_DEBUG, "multi-band IE set to %p", mbie);
+ }
+}
diff --git a/src/fst/fst_group.h b/src/fst/fst_group.h
new file mode 100644
index 0000000..3a87c0b
--- /dev/null
+++ b/src/fst/fst_group.h
@@ -0,0 +1,75 @@
+/*
+ * FST module - FST group object definitions
+ * Copyright (c) 2014, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef FST_GROUP_H
+#define FST_GROUP_H
+
+struct fst_group {
+ char group_id[IFNAMSIZ + 1];
+ struct dl_list ifaces;
+ u8 dialog_token;
+ u32 fsts_id;
+ struct dl_list global_groups_lentry;
+};
+
+struct session_transition_ie;
+
+#define foreach_fst_group_iface(g, i) \
+ dl_list_for_each((i), &(g)->ifaces, struct fst_iface, group_lentry)
+
+struct fst_group * fst_group_create(const char *group_id);
+void fst_group_attach_iface(struct fst_group *g, struct fst_iface *i);
+void fst_group_detach_iface(struct fst_group *g, struct fst_iface *i);
+void fst_group_delete(struct fst_group *g);
+
+void fst_group_update_ie(struct fst_group *g);
+
+static inline Boolean fst_group_has_ifaces(struct fst_group *g)
+{
+ return !dl_list_empty(&g->ifaces);
+}
+
+static inline struct fst_iface * fst_group_first_iface(struct fst_group *g)
+{
+ return dl_list_first(&g->ifaces, struct fst_iface, group_lentry);
+}
+
+static inline const char * fst_group_get_id(struct fst_group *g)
+{
+ return g->group_id;
+}
+
+Boolean fst_group_delete_if_empty(struct fst_group *group);
+struct fst_iface * fst_group_get_iface_by_name(struct fst_group *g,
+ const char *ifname);
+struct fst_iface *
+fst_group_find_new_iface_by_stie(struct fst_group *g,
+ struct fst_iface *iface,
+ const u8 *peer_addr,
+ const struct session_transition_ie *stie,
+ u8 *iface_peer_addr);
+struct fst_iface *
+fst_group_get_new_iface_by_stie_and_mbie(
+ struct fst_group *g, const u8 *mb_ies_buff, size_t mb_ies_size,
+ const struct session_transition_ie *stie, u8 *iface_peer_addr);
+u8 fst_group_assign_dialog_token(struct fst_group *g);
+u32 fst_group_assign_fsts_id(struct fst_group *g);
+
+extern struct dl_list fst_global_groups_list;
+
+#define foreach_fst_group(g) \
+ dl_list_for_each((g), &fst_global_groups_list, \
+ struct fst_group, global_groups_lentry)
+
+static inline struct fst_group * fst_first_group(void)
+{
+ return dl_list_first(&fst_global_groups_list, struct fst_group,
+ global_groups_lentry);
+}
+
+#endif /* FST_GROUP_H */
diff --git a/src/fst/fst_iface.c b/src/fst/fst_iface.c
new file mode 100644
index 0000000..5a92d2c
--- /dev/null
+++ b/src/fst/fst_iface.c
@@ -0,0 +1,79 @@
+/*
+ * FST module - FST interface object implementation
+ * Copyright (c) 2014, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "utils/includes.h"
+#include "utils/common.h"
+#include "fst/fst_internal.h"
+#include "fst/fst_defs.h"
+
+
+struct fst_iface * fst_iface_create(struct fst_group *g, const char *ifname,
+ const u8 *own_addr,
+ const struct fst_wpa_obj *iface_obj,
+ const struct fst_iface_cfg *cfg)
+{
+ struct fst_iface *i;
+
+ i = os_zalloc(sizeof(*i));
+ if (!i) {
+ fst_printf_group(g, MSG_ERROR, "cannot allocate iface for %s",
+ ifname);
+ return NULL;
+ }
+
+ i->cfg = *cfg;
+ i->iface_obj = *iface_obj;
+ i->group = g;
+ os_strlcpy(i->ifname, ifname, sizeof(i->ifname));
+ os_memcpy(i->own_addr, own_addr, sizeof(i->own_addr));
+
+ if (!i->cfg.llt) {
+ fst_printf_iface(i, MSG_WARNING, "Zero llt adjusted");
+ i->cfg.llt = FST_DEFAULT_LLT_CFG_VALUE;
+ }
+
+ return i;
+}
+
+
+void fst_iface_delete(struct fst_iface *i)
+{
+ fst_iface_set_ies(i, NULL);
+ wpabuf_free(i->mb_ie);
+ os_free(i);
+}
+
+
+Boolean fst_iface_is_connected(struct fst_iface *iface, const u8 *addr)
+{
+ struct fst_get_peer_ctx *ctx;
+ const u8 *a = fst_iface_get_peer_first(iface, &ctx, TRUE);
+
+ for (; a != NULL; a = fst_iface_get_peer_next(iface, &ctx, TRUE))
+ if (os_memcmp(addr, a, ETH_ALEN) == 0)
+ return TRUE;
+
+ return FALSE;
+}
+
+
+void fst_iface_attach_mbie(struct fst_iface *i, struct wpabuf *mbie)
+{
+ wpabuf_free(i->mb_ie);
+ i->mb_ie = mbie;
+}
+
+
+enum mb_band_id fst_iface_get_band_id(struct fst_iface *i)
+{
+ enum hostapd_hw_mode hw_mode;
+ u8 channel;
+
+ fst_iface_get_channel_info(i, &hw_mode, &channel);
+ return fst_hw_mode_to_band(hw_mode);
+}
diff --git a/src/fst/fst_iface.h b/src/fst/fst_iface.h
new file mode 100644
index 0000000..4670d89
--- /dev/null
+++ b/src/fst/fst_iface.h
@@ -0,0 +1,135 @@
+/*
+ * FST module - FST interface object definitions
+ * Copyright (c) 2014, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+
+#ifndef FST_IFACE_H
+#define FST_IFACE_H
+
+#include "utils/includes.h"
+#include "utils/common.h"
+#include "list.h"
+#include "fst.h"
+
+struct fst_iface {
+ struct fst_group *group;
+ struct fst_wpa_obj iface_obj;
+ u8 own_addr[ETH_ALEN];
+ struct wpabuf *mb_ie;
+ char ifname[IFNAMSIZ + 1];
+ struct fst_iface_cfg cfg;
+ struct dl_list group_lentry;
+};
+
+struct fst_iface * fst_iface_create(struct fst_group *g, const char *ifname,
+ const u8 *own_addr,
+ const struct fst_wpa_obj *iface_obj,
+ const struct fst_iface_cfg *cfg);
+void fst_iface_delete(struct fst_iface *i);
+
+static inline struct fst_group * fst_iface_get_group(struct fst_iface *i)
+{
+ return i->group;
+}
+
+static inline const char * fst_iface_get_name(struct fst_iface *i)
+{
+ return i->ifname;
+}
+
+static inline const u8 * fst_iface_get_addr(struct fst_iface *i)
+{
+ return i->own_addr;
+}
+
+static inline const char * fst_iface_get_group_id(struct fst_iface *i)
+{
+ return i->cfg.group_id;
+}
+
+static inline u8 fst_iface_get_priority(struct fst_iface *i)
+{
+ return i->cfg.priority;
+}
+
+static inline u32 fst_iface_get_llt(struct fst_iface *i)
+{
+ return i->cfg.llt;
+}
+
+static inline const struct wpabuf * fst_iface_get_mbie(struct fst_iface *i)
+{
+ return i->mb_ie;
+}
+
+static inline const u8 * fst_iface_get_bssid(struct fst_iface *i)
+{
+ return i->iface_obj.get_bssid(i->iface_obj.ctx);
+}
+
+static inline void fst_iface_get_channel_info(struct fst_iface *i,
+ enum hostapd_hw_mode *hw_mode,
+ u8 *channel)
+{
+ i->iface_obj.get_channel_info(i->iface_obj.ctx, hw_mode, channel);
+}
+
+static inline int fst_iface_get_hw_modes(struct fst_iface *i,
+ struct hostapd_hw_modes **modes)
+{
+ return i->iface_obj.get_hw_modes(i->iface_obj.ctx, modes);
+}
+
+static inline void fst_iface_set_ies(struct fst_iface *i,
+ const struct wpabuf *fst_ies)
+{
+ i->iface_obj.set_ies(i->iface_obj.ctx, fst_ies);
+}
+
+static inline int fst_iface_send_action(struct fst_iface *i,
+ const u8 *addr, struct wpabuf *data)
+{
+ return i->iface_obj.send_action(i->iface_obj.ctx, addr, data);
+}
+
+static inline const struct wpabuf *
+fst_iface_get_peer_mb_ie(struct fst_iface *i, const u8 *addr)
+{
+ return i->iface_obj.get_mb_ie(i->iface_obj.ctx, addr);
+}
+
+static inline void fst_iface_update_mb_ie(struct fst_iface *i,
+ const u8 *addr,
+ const u8 *buf, size_t size)
+{
+ return i->iface_obj.update_mb_ie(i->iface_obj.ctx, addr, buf, size);
+}
+
+static inline const u8 * fst_iface_get_peer_first(struct fst_iface *i,
+ struct fst_get_peer_ctx **ctx,
+ Boolean mb_only)
+{
+ return i->iface_obj.get_peer_first(i->iface_obj.ctx, ctx, mb_only);
+}
+
+static inline const u8 * fst_iface_get_peer_next(struct fst_iface *i,
+ struct fst_get_peer_ctx **ctx,
+ Boolean mb_only)
+{
+ return i->iface_obj.get_peer_next(i->iface_obj.ctx, ctx, mb_only);
+}
+
+Boolean fst_iface_is_connected(struct fst_iface *iface, const u8 *addr);
+void fst_iface_attach_mbie(struct fst_iface *i, struct wpabuf *mbie);
+enum mb_band_id fst_iface_get_band_id(struct fst_iface *i);
+
+static inline void * fst_iface_get_wpa_obj_ctx(struct fst_iface *i)
+{
+ return i->iface_obj.ctx;
+}
+
+#endif /* FST_IFACE_H */
diff --git a/src/fst/fst_internal.h b/src/fst/fst_internal.h
new file mode 100644
index 0000000..9fe32b8
--- /dev/null
+++ b/src/fst/fst_internal.h
@@ -0,0 +1,49 @@
+/*
+ * FST module - auxiliary definitions
+ * Copyright (c) 2014, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef FST_INTERNAL_H
+#define FST_INTERNAL_H
+
+#include "utils/includes.h"
+#include "utils/common.h"
+#include "common/defs.h"
+#include "common/ieee802_11_defs.h"
+#include "fst/fst_iface.h"
+#include "fst/fst_group.h"
+#include "fst/fst_session.h"
+
+#define fst_printf(level, format, ...) \
+ wpa_printf((level), "FST: " format, ##__VA_ARGS__)
+
+#define fst_printf_group(group, level, format, ...) \
+ wpa_printf((level), "FST: %s: " format, \
+ fst_group_get_id(group), ##__VA_ARGS__)
+
+#define fst_printf_iface(iface, level, format, ...) \
+ fst_printf_group(fst_iface_get_group(iface), (level), "%s: " format, \
+ fst_iface_get_name(iface), ##__VA_ARGS__)
+
+enum mb_band_id fst_hw_mode_to_band(enum hostapd_hw_mode mode);
+
+struct fst_ctrl_handle {
+ struct fst_ctrl ctrl;
+ struct dl_list global_ctrls_lentry;
+};
+
+extern struct dl_list fst_global_ctrls_list;
+
+#define foreach_fst_ctrl_call(clb, ...) \
+ do { \
+ struct fst_ctrl_handle *__fst_ctrl_h; \
+ dl_list_for_each(__fst_ctrl_h, &fst_global_ctrls_list, \
+ struct fst_ctrl_handle, global_ctrls_lentry) \
+ if (__fst_ctrl_h->ctrl.clb) \
+ __fst_ctrl_h->ctrl.clb(__VA_ARGS__);\
+ } while (0)
+
+#endif /* FST_INTERNAL_H */
diff --git a/src/fst/fst_session.c b/src/fst/fst_session.c
new file mode 100644
index 0000000..55fa694
--- /dev/null
+++ b/src/fst/fst_session.c
@@ -0,0 +1,1620 @@
+/*
+ * FST module - FST Session implementation
+ * Copyright (c) 2014, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "utils/includes.h"
+
+#include "utils/common.h"
+#include "utils/eloop.h"
+#include "common/defs.h"
+#include "fst/fst_internal.h"
+#include "fst/fst_defs.h"
+#include "fst/fst_ctrl_iface.h"
+#ifdef CONFIG_FST_TEST
+#include "fst/fst_ctrl_defs.h"
+#endif /* CONFIG_FST_TEST */
+
+#define US_80211_TU 1024
+
+#define US_TO_TU(m) ((m) * / US_80211_TU)
+#define TU_TO_US(m) ((m) * US_80211_TU)
+
+#define FST_LLT_SWITCH_IMMEDIATELY 0
+
+#define fst_printf_session(s, level, format, ...) \
+ fst_printf((level), "%u (0x%08x): [" MACSTR "," MACSTR "] :" format, \
+ (s)->id, (s)->data.fsts_id, \
+ MAC2STR((s)->data.old_peer_addr), \
+ MAC2STR((s)->data.new_peer_addr), \
+ ##__VA_ARGS__)
+
+#define fst_printf_siface(s, iface, level, format, ...) \
+ fst_printf_session((s), (level), "%s: " format, \
+ fst_iface_get_name(iface), ##__VA_ARGS__)
+
+#define fst_printf_sframe(s, is_old, level, format, ...) \
+ fst_printf_siface((s), \
+ (is_old) ? (s)->data.old_iface : (s)->data.new_iface, \
+ (level), format, ##__VA_ARGS__)
+
+#define FST_LLT_MS_DEFAULT 50
+#define FST_ACTION_MAX_SUPPORTED FST_ACTION_ON_CHANNEL_TUNNEL
+
+const char * const fst_action_names[] = {
+ [FST_ACTION_SETUP_REQUEST] = "Setup Request",
+ [FST_ACTION_SETUP_RESPONSE] = "Setup Response",
+ [FST_ACTION_TEAR_DOWN] = "Tear Down",
+ [FST_ACTION_ACK_REQUEST] = "Ack Request",
+ [FST_ACTION_ACK_RESPONSE] = "Ack Response",
+ [FST_ACTION_ON_CHANNEL_TUNNEL] = "On Channel Tunnel",
+};
+
+struct fst_session {
+ struct {
+ /* Session configuration that can be zeroed on reset */
+ u8 old_peer_addr[ETH_ALEN];
+ u8 new_peer_addr[ETH_ALEN];
+ struct fst_iface *new_iface;
+ struct fst_iface *old_iface;
+ u32 llt_ms;
+ u8 pending_setup_req_dlgt;
+ u32 fsts_id; /* FSTS ID, see spec, 8.4.2.147
+ * Session Transition element */
+ } data;
+ /* Session object internal fields which won't be zeroed on reset */
+ struct dl_list global_sessions_lentry;
+ u32 id; /* Session object ID used to identify
+ * specific session object */
+ struct fst_group *group;
+ enum fst_session_state state;
+ Boolean stt_armed;
+};
+
+static struct dl_list global_sessions_list;
+static u32 global_session_id = 0;
+
+#define foreach_fst_session(s) \
+ dl_list_for_each((s), &global_sessions_list, \
+ struct fst_session, global_sessions_lentry)
+
+#define foreach_fst_session_safe(s, temp) \
+ dl_list_for_each_safe((s), (temp), &global_sessions_list, \
+ struct fst_session, global_sessions_lentry)
+
+
+static void fst_session_global_inc_id(void)
+{
+ global_session_id++;
+ if (global_session_id == FST_INVALID_SESSION_ID)
+ global_session_id++;
+}
+
+
+int fst_session_global_init(void)
+{
+ dl_list_init(&global_sessions_list);
+ return 0;
+}
+
+
+void fst_session_global_deinit(void)
+{
+ WPA_ASSERT(dl_list_empty(&global_sessions_list));
+}
+
+
+static inline void fst_session_notify_ctrl(struct fst_session *s,
+ enum fst_event_type event_type,
+ union fst_event_extra *extra)
+{
+ foreach_fst_ctrl_call(on_event, event_type, NULL, s, extra);
+}
+
+
+static void fst_session_set_state(struct fst_session *s,
+ enum fst_session_state state,
+ union fst_session_state_switch_extra *extra)
+{
+ if (s->state != state) {
+ union fst_event_extra evext = {
+ .session_state = {
+ .old_state = s->state,
+ .new_state = state,
+ },
+ };
+
+ if (extra)
+ evext.session_state.extra = *extra;
+ fst_session_notify_ctrl(s, EVENT_FST_SESSION_STATE_CHANGED,
+ &evext);
+ fst_printf_session(s, MSG_INFO, "State: %s => %s",
+ fst_session_state_name(s->state),
+ fst_session_state_name(state));
+ s->state = state;
+ }
+}
+
+
+static u32 fst_find_free_session_id(void)
+{
+ u32 i, id = FST_INVALID_SESSION_ID;
+ struct fst_session *s;
+
+ for (i = 0; i < (u32) -1; i++) {
+ Boolean in_use = FALSE;
+
+ foreach_fst_session(s) {
+ if (s->id == global_session_id) {
+ fst_session_global_inc_id();
+ in_use = TRUE;
+ break;
+ }
+ }
+ if (!in_use) {
+ id = global_session_id;
+ fst_session_global_inc_id();
+ break;
+ }
+ }
+
+ return id;
+}
+
+
+static void fst_session_timeout_handler(void *eloop_data, void *user_ctx)
+{
+ struct fst_session *s = user_ctx;
+ union fst_session_state_switch_extra extra = {
+ .to_initial = {
+ .reason = REASON_STT,
+ },
+ };
+
+ fst_printf_session(s, MSG_WARNING, "Session State Timeout");
+ fst_session_set_state(s, FST_SESSION_STATE_INITIAL, &extra);
+}
+
+
+static void fst_session_stt_arm(struct fst_session *s)
+{
+ eloop_register_timeout(0, TU_TO_US(FST_DEFAULT_SESSION_TIMEOUT_TU),
+ fst_session_timeout_handler, NULL, s);
+ s->stt_armed = TRUE;
+}
+
+
+static void fst_session_stt_disarm(struct fst_session *s)
+{
+ if (s->stt_armed) {
+ eloop_cancel_timeout(fst_session_timeout_handler, NULL, s);
+ s->stt_armed = FALSE;
+ }
+}
+
+
+static Boolean fst_session_is_in_transition(struct fst_session *s)
+{
+ /* See spec, 10.32.2.2 Transitioning between states */
+ return s->stt_armed;
+}
+
+
+static int fst_session_is_in_progress(struct fst_session *s)
+{
+ return s->state != FST_SESSION_STATE_INITIAL;
+}
+
+
+static int fst_session_is_ready_pending(struct fst_session *s)
+{
+ return s->state == FST_SESSION_STATE_SETUP_COMPLETION &&
+ fst_session_is_in_transition(s);
+}
+
+
+static int fst_session_is_ready(struct fst_session *s)
+{
+ return s->state == FST_SESSION_STATE_SETUP_COMPLETION &&
+ !fst_session_is_in_transition(s);
+}
+
+
+static int fst_session_is_switch_requested(struct fst_session *s)
+{
+ return s->state == FST_SESSION_STATE_TRANSITION_DONE &&
+ fst_session_is_in_transition(s);
+}
+
+
+static struct fst_session *
+fst_find_session_in_progress(const u8 *peer_addr, struct fst_group *g)
+{
+ struct fst_session *s;
+
+ foreach_fst_session(s) {
+ if (s->group == g &&
+ (os_memcmp(s->data.old_peer_addr, peer_addr,
+ ETH_ALEN) == 0 ||
+ os_memcmp(s->data.new_peer_addr, peer_addr,
+ ETH_ALEN) == 0) &&
+ fst_session_is_in_progress(s))
+ return s;
+ }
+
+ return NULL;
+}
+
+
+static void fst_session_reset_ex(struct fst_session *s, enum fst_reason reason)
+{
+ union fst_session_state_switch_extra evext = {
+ .to_initial = {
+ .reason = reason,
+ },
+ };
+
+ if (s->state == FST_SESSION_STATE_SETUP_COMPLETION ||
+ s->state == FST_SESSION_STATE_TRANSITION_DONE)
+ fst_session_tear_down_setup(s);
+ fst_session_stt_disarm(s);
+ os_memset(&s->data, 0, sizeof(s->data));
+ fst_session_set_state(s, FST_SESSION_STATE_INITIAL, &evext);
+}
+
+
+static int fst_session_send_action(struct fst_session *s, Boolean old_iface,
+ const void *payload, size_t size,
+ const struct wpabuf *extra_buf)
+{
+ size_t len;
+ int res;
+ struct wpabuf *buf;
+ u8 action;
+ struct fst_iface *iface =
+ old_iface ? s->data.old_iface : s->data.new_iface;
+
+ WPA_ASSERT(payload != NULL);
+ WPA_ASSERT(size != 0);
+
+ action = *(const u8 *) payload;
+
+ WPA_ASSERT(action <= FST_ACTION_MAX_SUPPORTED);
+
+ if (!iface) {
+ fst_printf_session(s, MSG_ERROR,
+ "no %s interface for FST Action '%s' sending",
+ old_iface ? "old" : "new",
+ fst_action_names[action]);
+ return -1;
+ }
+
+ len = sizeof(u8) /* category */ + size;
+ if (extra_buf)
+ len += wpabuf_size(extra_buf);
+
+ buf = wpabuf_alloc(len);
+ if (!buf) {
+ fst_printf_session(s, MSG_ERROR,
+ "cannot allocate buffer of %zu bytes for FST Action '%s' sending",
+ len, fst_action_names[action]);
+ return -1;
+ }
+
+ wpabuf_put_u8(buf, WLAN_ACTION_FST);
+ wpabuf_put_data(buf, payload, size);
+ if (extra_buf)
+ wpabuf_put_buf(buf, extra_buf);
+
+ res = fst_iface_send_action(iface,
+ old_iface ? s->data.old_peer_addr :
+ s->data.new_peer_addr, buf);
+ if (res < 0)
+ fst_printf_siface(s, iface, MSG_ERROR,
+ "failed to send FST Action '%s'",
+ fst_action_names[action]);
+ else
+ fst_printf_siface(s, iface, MSG_DEBUG, "FST Action '%s' sent",
+ fst_action_names[action]);
+ wpabuf_free(buf);
+
+ return res;
+}
+
+
+static int fst_session_send_tear_down(struct fst_session *s)
+{
+ struct fst_tear_down td;
+ int res;
+
+ if (!fst_session_is_in_progress(s)) {
+ fst_printf_session(s, MSG_ERROR, "No FST setup to tear down");
+ return -1;
+ }
+
+ WPA_ASSERT(s->data.old_iface != NULL);
+ WPA_ASSERT(s->data.new_iface != NULL);
+
+ os_memset(&td, 0, sizeof(td));
+
+ td.action = FST_ACTION_TEAR_DOWN;
+ td.fsts_id = host_to_le32(s->data.fsts_id);
+
+ res = fst_session_send_action(s, TRUE, &td, sizeof(td), NULL);
+ if (!res)
+ fst_printf_sframe(s, TRUE, MSG_INFO, "FST TearDown sent");
+ else
+ fst_printf_sframe(s, TRUE, MSG_ERROR,
+ "failed to send FST TearDown");
+
+ return res;
+}
+
+
+static void fst_session_handle_setup_request(struct fst_iface *iface,
+ const struct ieee80211_mgmt *mgmt,
+ size_t frame_len)
+{
+ struct fst_session *s;
+ const struct fst_setup_req *req;
+ struct fst_iface *new_iface = NULL;
+ struct fst_group *g;
+ u8 new_iface_peer_addr[ETH_ALEN];
+ const struct wpabuf *peer_mbies;
+ size_t plen;
+
+ if (frame_len < IEEE80211_HDRLEN + 1 + sizeof(*req)) {
+ fst_printf_iface(iface, MSG_WARNING,
+ "FST Request dropped: too short (%zu < %zu)",
+ frame_len,
+ IEEE80211_HDRLEN + 1 + sizeof(*req));
+ return;
+ }
+ plen = frame_len - IEEE80211_HDRLEN - 1;
+ req = (const struct fst_setup_req *)
+ (((const u8 *) mgmt) + IEEE80211_HDRLEN + 1);
+ if (req->stie.element_id != WLAN_EID_SESSION_TRANSITION ||
+ req->stie.length < 11) {
+ fst_printf_iface(iface, MSG_WARNING,
+ "FST Request dropped: invalid STIE");
+ return;
+ }
+
+ if (req->stie.new_band_id == req->stie.old_band_id) {
+ fst_printf_iface(iface, MSG_WARNING,
+ "FST Request dropped: new and old band IDs are the same");
+ return;
+ }
+
+ g = fst_iface_get_group(iface);
+
+ if (plen > sizeof(*req)) {
+ fst_iface_update_mb_ie(iface, mgmt->sa, (const u8 *) (req + 1),
+ plen - sizeof(*req));
+ fst_printf_iface(iface, MSG_INFO,
+ "FST Request: MB IEs updated for " MACSTR,
+ MAC2STR(mgmt->sa));
+ }
+
+ peer_mbies = fst_iface_get_peer_mb_ie(iface, mgmt->sa);
+ if (peer_mbies) {
+ new_iface = fst_group_get_new_iface_by_stie_and_mbie(
+ g, wpabuf_head(peer_mbies), wpabuf_len(peer_mbies),
+ &req->stie, new_iface_peer_addr);
+ if (new_iface)
+ fst_printf_iface(iface, MSG_INFO,
+ "FST Request: new iface (%s:" MACSTR
+ ") found by MB IEs",
+ fst_iface_get_name(new_iface),
+ MAC2STR(new_iface_peer_addr));
+ }
+
+ if (!new_iface) {
+ new_iface = fst_group_find_new_iface_by_stie(
+ g, iface, mgmt->sa, &req->stie,
+ new_iface_peer_addr);
+ if (new_iface)
+ fst_printf_iface(iface, MSG_INFO,
+ "FST Request: new iface (%s:" MACSTR
+ ") found by others",
+ fst_iface_get_name(new_iface),
+ MAC2STR(new_iface_peer_addr));
+ }
+
+ if (!new_iface) {
+ fst_printf_iface(iface, MSG_WARNING,
+ "FST Request dropped: new iface not found");
+ return;
+ }
+
+ s = fst_find_session_in_progress(mgmt->sa, g);
+ if (s) {
+ union fst_session_state_switch_extra evext = {
+ .to_initial = {
+ .reason = REASON_SETUP,
+ },
+ };
+
+ /*
+ * 10.32.2.2 Transitioning between states:
+ * Upon receipt of an FST Setup Request frame, the responder
+ * shall respond with an FST Setup Response frame unless it has
+ * a pending FST Setup Request frame addressed to the initiator
+ * and the responder has a numerically larger MAC address than
+ * the initiator’s MAC address, in which case, the responder
+ * shall delete the received FST Setup Request.
+ */
+ if (os_memcmp(mgmt->da, mgmt->sa, ETH_ALEN) > 0) {
+ fst_printf_session(s, MSG_WARNING,
+ "FST Request dropped due to MAC comparison (our MAC is "
+ MACSTR ")",
+ MAC2STR(mgmt->da));
+ return;
+ }
+
+ if (!fst_session_is_ready_pending(s)) {
+ fst_printf_session(s, MSG_WARNING,
+ "FST Request from " MACSTR
+ " dropped due to inappropriate state %s",
+ MAC2STR(mgmt->da),
+ fst_session_state_name(s->state));
+ return;
+ }
+
+
+ /*
+ * If FST Setup Request arrived with the same FSTS ID as one we
+ * initialized before, it means the other side either didn't
+ * receive our FST Request or skipped it for some reason (for
+ * example, due to numerical MAC comparison).
+ *
+ * In this case, there's no need to tear down the session.
+ * Moreover, as FSTS ID is the same, the other side will
+ * associate this tear down with the session it initiated that
+ * will break the sync.
+ */
+ if (le_to_host32(req->stie.fsts_id) != s->data.fsts_id)
+ fst_session_send_tear_down(s);
+ else
+ fst_printf_session(s, MSG_WARNING,
+ "Skipping TearDown as the FST request has the same FSTS ID as initiated");
+ fst_session_set_state(s, FST_SESSION_STATE_INITIAL, &evext);
+ fst_session_stt_disarm(s);
+ fst_printf_session(s, MSG_WARNING, "reset due to FST request");
+ }
+
+ s = fst_session_create(g);
+ if (!s) {
+ fst_printf(MSG_WARNING,
+ "FST Request dropped: cannot create session for %s and %s",
+ fst_iface_get_name(iface),
+ fst_iface_get_name(new_iface));
+ return;
+ }
+
+ fst_session_set_iface(s, iface, TRUE);
+ fst_session_set_peer_addr(s, mgmt->sa, TRUE);
+ fst_session_set_iface(s, new_iface, FALSE);
+ fst_session_set_peer_addr(s, new_iface_peer_addr, FALSE);
+ fst_session_set_llt(s, FST_LLT_VAL_TO_MS(le_to_host32(req->llt)));
+ s->data.pending_setup_req_dlgt = req->dialog_token;
+ s->data.fsts_id = le_to_host32(req->stie.fsts_id);
+
+ fst_session_stt_arm(s);
+
+ fst_session_notify_ctrl(s, EVENT_FST_SETUP, NULL);
+
+ fst_session_set_state(s, FST_SESSION_STATE_SETUP_COMPLETION, NULL);
+}
+
+
+static void fst_session_handle_setup_response(struct fst_session *s,
+ struct fst_iface *iface,
+ const struct ieee80211_mgmt *mgmt,
+ size_t frame_len)
+{
+ const struct fst_setup_res *res;
+ size_t plen = frame_len - IEEE80211_HDRLEN - 1;
+ enum hostapd_hw_mode hw_mode;
+ u8 channel;
+ union fst_session_state_switch_extra evext = {
+ .to_initial = {0},
+ };
+
+ if (iface != s->data.old_iface) {
+ fst_printf_session(s, MSG_WARNING,
+ "FST Response dropped: %s is not the old iface",
+ fst_iface_get_name(iface));
+ return;
+ }
+
+ if (!fst_session_is_ready_pending(s)) {
+ fst_printf_session(s, MSG_WARNING,
+ "FST Response dropped due to wrong state: %s",
+ fst_session_state_name(s->state));
+ return;
+ }
+
+ if (plen < sizeof(*res)) {
+ fst_printf_session(s, MSG_WARNING,
+ "Too short FST Response dropped");
+ return;
+ }
+ res = (const struct fst_setup_res *)
+ (((const u8 *) mgmt) + IEEE80211_HDRLEN + 1);
+ if (res->stie.element_id != WLAN_EID_SESSION_TRANSITION ||
+ res->stie.length < 11) {
+ fst_printf_iface(iface, MSG_WARNING,
+ "FST Response dropped: invalid STIE");
+ return;
+ }
+
+ if (res->dialog_token != s->data.pending_setup_req_dlgt) {
+ fst_printf_session(s, MSG_WARNING,
+ "FST Response dropped due to wrong dialog token (%u != %u)",
+ s->data.pending_setup_req_dlgt,
+ res->dialog_token);
+ return;
+ }
+
+ if (res->status_code == WLAN_STATUS_SUCCESS &&
+ le_to_host32(res->stie.fsts_id) != s->data.fsts_id) {
+ fst_printf_session(s, MSG_WARNING,
+ "FST Response dropped due to wrong FST Session ID (%u)",
+ le_to_host32(res->stie.fsts_id));
+ return;
+ }
+
+ fst_session_stt_disarm(s);
+
+ if (res->status_code != WLAN_STATUS_SUCCESS) {
+ /*
+ * 10.32.2.2 Transitioning between states
+ * The initiator shall set the STT to the value of the
+ * FSTSessionTimeOut field at ... and at each ACK frame sent in
+ * response to a received FST Setup Response with the Status
+ * Code field equal to PENDING_ADMITTING_FST_SESSION or
+ * PENDING_GAP_IN_BA_WINDOW.
+ */
+ evext.to_initial.reason = REASON_REJECT;
+ evext.to_initial.reject_code = res->status_code;
+ evext.to_initial.initiator = FST_INITIATOR_REMOTE;
+ fst_session_set_state(s, FST_SESSION_STATE_INITIAL, &evext);
+ fst_printf_session(s, MSG_WARNING,
+ "FST Setup rejected by remote side with status %u",
+ res->status_code);
+ return;
+ }
+
+ fst_iface_get_channel_info(s->data.new_iface, &hw_mode, &channel);
+
+ if (fst_hw_mode_to_band(hw_mode) != res->stie.new_band_id) {
+ evext.to_initial.reason = REASON_ERROR_PARAMS;
+ fst_session_set_state(s, FST_SESSION_STATE_INITIAL, &evext);
+ fst_printf_session(s, MSG_WARNING,
+ "invalid FST Setup parameters");
+ fst_session_tear_down_setup(s);
+ return;
+ }
+
+ fst_printf_session(s, MSG_INFO,
+ "%s: FST Setup established for %s (llt=%u)",
+ fst_iface_get_name(s->data.old_iface),
+ fst_iface_get_name(s->data.new_iface),
+ s->data.llt_ms);
+
+ fst_session_notify_ctrl(s, EVENT_FST_ESTABLISHED, NULL);
+
+ if (s->data.llt_ms == FST_LLT_SWITCH_IMMEDIATELY)
+ fst_session_initiate_switch(s);
+}
+
+
+static void fst_session_handle_tear_down(struct fst_session *s,
+ struct fst_iface *iface,
+ const struct ieee80211_mgmt *mgmt,
+ size_t frame_len)
+{
+ const struct fst_tear_down *td;
+ size_t plen = frame_len - IEEE80211_HDRLEN - 1;
+ union fst_session_state_switch_extra evext = {
+ .to_initial = {
+ .reason = REASON_TEARDOWN,
+ .initiator = FST_INITIATOR_REMOTE,
+ },
+ };
+
+ if (plen < sizeof(*td)) {
+ fst_printf_session(s, MSG_WARNING,
+ "Too short FST Tear Down dropped");
+ return;
+ }
+ td = (const struct fst_tear_down *)
+ (((const u8 *) mgmt) + IEEE80211_HDRLEN + 1);
+
+ if (le_to_host32(td->fsts_id) != s->data.fsts_id) {
+ fst_printf_siface(s, iface, MSG_WARNING,
+ "tear down for wrong FST Setup ID (%u)",
+ le_to_host32(td->fsts_id));
+ return;
+ }
+
+ fst_session_stt_disarm(s);
+
+ fst_session_set_state(s, FST_SESSION_STATE_INITIAL, &evext);
+}
+
+
+static void fst_session_handle_ack_request(struct fst_session *s,
+ struct fst_iface *iface,
+ const struct ieee80211_mgmt *mgmt,
+ size_t frame_len)
+{
+ const struct fst_ack_req *req;
+ size_t plen = frame_len - IEEE80211_HDRLEN - 1;
+ struct fst_ack_res res;
+ union fst_session_state_switch_extra evext = {
+ .to_initial = {
+ .reason = REASON_SWITCH,
+ .initiator = FST_INITIATOR_REMOTE,
+ },
+ };
+
+ if (!fst_session_is_ready(s) && !fst_session_is_switch_requested(s)) {
+ fst_printf_siface(s, iface, MSG_ERROR,
+ "cannot initiate switch due to wrong session state (%s)",
+ fst_session_state_name(s->state));
+ return;
+ }
+
+ WPA_ASSERT(s->data.new_iface != NULL);
+
+ if (iface != s->data.new_iface) {
+ fst_printf_siface(s, iface, MSG_ERROR,
+ "Ack received on wrong interface");
+ return;
+ }
+
+ if (plen < sizeof(*req)) {
+ fst_printf_session(s, MSG_WARNING,
+ "Too short FST Ack Request dropped");
+ return;
+ }
+ req = (const struct fst_ack_req *)
+ (((const u8 *) mgmt) + IEEE80211_HDRLEN + 1);
+
+ if (le_to_host32(req->fsts_id) != s->data.fsts_id) {
+ fst_printf_siface(s, iface, MSG_WARNING,
+ "Ack for wrong FST Setup ID (%u)",
+ le_to_host32(req->fsts_id));
+ return;
+ }
+
+ os_memset(&res, 0, sizeof(res));
+
+ res.action = FST_ACTION_ACK_RESPONSE;
+ res.dialog_token = req->dialog_token;
+ res.fsts_id = req->fsts_id;
+
+ if (!fst_session_send_action(s, FALSE, &res, sizeof(res), NULL)) {
+ fst_printf_sframe(s, FALSE, MSG_INFO, "FST Ack Response sent");
+ fst_session_stt_disarm(s);
+ fst_session_set_state(s, FST_SESSION_STATE_TRANSITION_DONE,
+ NULL);
+ fst_session_set_state(s, FST_SESSION_STATE_TRANSITION_CONFIRMED,
+ NULL);
+ fst_session_set_state(s, FST_SESSION_STATE_INITIAL, &evext);
+ }
+}
+
+
+static void
+fst_session_handle_ack_response(struct fst_session *s,
+ struct fst_iface *iface,
+ const struct ieee80211_mgmt *mgmt,
+ size_t frame_len)
+{
+ const struct fst_ack_res *res;
+ size_t plen = frame_len - IEEE80211_HDRLEN - 1;
+ union fst_session_state_switch_extra evext = {
+ .to_initial = {
+ .reason = REASON_SWITCH,
+ .initiator = FST_INITIATOR_LOCAL,
+ },
+ };
+
+ if (!fst_session_is_switch_requested(s)) {
+ fst_printf_siface(s, iface, MSG_ERROR,
+ "Ack Response in inappropriate session state (%s)",
+ fst_session_state_name(s->state));
+ return;
+ }
+
+ WPA_ASSERT(s->data.new_iface != NULL);
+
+ if (iface != s->data.new_iface) {
+ fst_printf_siface(s, iface, MSG_ERROR,
+ "Ack response received on wrong interface");
+ return;
+ }
+
+ if (plen < sizeof(*res)) {
+ fst_printf_session(s, MSG_WARNING,
+ "Too short FST Ack Response dropped");
+ return;
+ }
+ res = (const struct fst_ack_res *)
+ (((const u8 *) mgmt) + IEEE80211_HDRLEN + 1);
+
+ if (le_to_host32(res->fsts_id) != s->data.fsts_id) {
+ fst_printf_siface(s, iface, MSG_ERROR,
+ "Ack response for wrong FST Setup ID (%u)",
+ le_to_host32(res->fsts_id));
+ return;
+ }
+
+ fst_session_set_state(s, FST_SESSION_STATE_TRANSITION_CONFIRMED, NULL);
+ fst_session_set_state(s, FST_SESSION_STATE_INITIAL, &evext);
+
+ fst_session_stt_disarm(s);
+}
+
+
+struct fst_session * fst_session_create(struct fst_group *g)
+{
+ struct fst_session *s;
+ u32 id;
+
+ WPA_ASSERT(!is_zero_ether_addr(own_addr));
+
+ id = fst_find_free_session_id();
+ if (id == FST_INVALID_SESSION_ID) {
+ fst_printf(MSG_ERROR, "Cannot assign new session ID");
+ return NULL;
+ }
+
+ s = os_zalloc(sizeof(*s));
+ if (!s) {
+ fst_printf(MSG_ERROR, "Cannot allocate new session object");
+ return NULL;
+ }
+
+ s->id = id;
+ s->group = g;
+ s->state = FST_SESSION_STATE_INITIAL;
+
+ s->data.llt_ms = FST_LLT_MS_DEFAULT;
+
+ fst_printf(MSG_INFO, "Session %u created", s->id);
+
+ dl_list_add_tail(&global_sessions_list, &s->global_sessions_lentry);
+
+ foreach_fst_ctrl_call(on_session_added, s);
+
+ return s;
+}
+
+
+void fst_session_set_iface(struct fst_session *s, struct fst_iface *iface,
+ Boolean is_old)
+{
+ if (is_old)
+ s->data.old_iface = iface;
+ else
+ s->data.new_iface = iface;
+
+}
+
+
+void fst_session_set_llt(struct fst_session *s, u32 llt)
+{
+ s->data.llt_ms = llt;
+}
+
+
+void fst_session_set_peer_addr(struct fst_session *s, const u8 *addr,
+ Boolean is_old)
+{
+ u8 *a = is_old ? s->data.old_peer_addr : s->data.new_peer_addr;
+
+ os_memcpy(a, addr, ETH_ALEN);
+}
+
+
+int fst_session_initiate_setup(struct fst_session *s)
+{
+ struct fst_setup_req req;
+ int res;
+ u32 fsts_id;
+ u8 dialog_token;
+ struct fst_session *_s;
+
+ if (fst_session_is_in_progress(s)) {
+ fst_printf_session(s, MSG_ERROR, "Session in progress");
+ return -EINVAL;
+ }
+
+ if (is_zero_ether_addr(s->data.old_peer_addr)) {
+ fst_printf_session(s, MSG_ERROR, "No old peer MAC address");
+ return -EINVAL;
+ }
+
+ if (is_zero_ether_addr(s->data.new_peer_addr)) {
+ fst_printf_session(s, MSG_ERROR, "No new peer MAC address");
+ return -EINVAL;
+ }
+
+ if (!s->data.old_iface) {
+ fst_printf_session(s, MSG_ERROR, "No old interface defined");
+ return -EINVAL;
+ }
+
+ if (!s->data.new_iface) {
+ fst_printf_session(s, MSG_ERROR, "No new interface defined");
+ return -EINVAL;
+ }
+
+ if (s->data.new_iface == s->data.old_iface) {
+ fst_printf_session(s, MSG_ERROR,
+ "Same interface set as old and new");
+ return -EINVAL;
+ }
+
+ if (!fst_iface_is_connected(s->data.old_iface, s->data.old_peer_addr)) {
+ fst_printf_session(s, MSG_ERROR,
+ "The preset old peer address is not connected");
+ return -EINVAL;
+ }
+
+ if (!fst_iface_is_connected(s->data.new_iface, s->data.new_peer_addr)) {
+ fst_printf_session(s, MSG_ERROR,
+ "The preset new peer address is not connected");
+ return -EINVAL;
+ }
+
+ _s = fst_find_session_in_progress(s->data.old_peer_addr, s->group);
+ if (_s) {
+ fst_printf_session(s, MSG_ERROR,
+ "There is another session in progress (old): %u",
+ _s->id);
+ return -EINVAL;
+ }
+
+ _s = fst_find_session_in_progress(s->data.new_peer_addr, s->group);
+ if (_s) {
+ fst_printf_session(s, MSG_ERROR,
+ "There is another session in progress (new): %u",
+ _s->id);
+ return -EINVAL;
+ }
+
+ dialog_token = fst_group_assign_dialog_token(s->group);
+ fsts_id = fst_group_assign_fsts_id(s->group);
+
+ os_memset(&req, 0, sizeof(req));
+
+ fst_printf_siface(s, s->data.old_iface, MSG_INFO,
+ "initiating FST setup for %s (llt=%u ms)",
+ fst_iface_get_name(s->data.new_iface), s->data.llt_ms);
+
+ req.action = FST_ACTION_SETUP_REQUEST;
+ req.dialog_token = dialog_token;
+ req.llt = host_to_le32(FST_LLT_MS_TO_VAL(s->data.llt_ms));
+ /* 8.4.2.147 Session Transition element */
+ req.stie.element_id = WLAN_EID_SESSION_TRANSITION;
+ req.stie.length = sizeof(req.stie) - 2;
+ req.stie.fsts_id = host_to_le32(fsts_id);
+ req.stie.session_control = SESSION_CONTROL(SESSION_TYPE_BSS, 0);
+
+ req.stie.new_band_id = fst_iface_get_band_id(s->data.new_iface);
+ req.stie.new_band_op = 1;
+ req.stie.new_band_setup = 0;
+
+ req.stie.old_band_id = fst_iface_get_band_id(s->data.old_iface);
+ req.stie.old_band_op = 1;
+ req.stie.old_band_setup = 0;
+
+ res = fst_session_send_action(s, TRUE, &req, sizeof(req),
+ fst_iface_get_mbie(s->data.old_iface));
+ if (!res) {
+ s->data.fsts_id = fsts_id;
+ s->data.pending_setup_req_dlgt = dialog_token;
+ fst_printf_sframe(s, TRUE, MSG_INFO, "FST Setup Request sent");
+ fst_session_set_state(s, FST_SESSION_STATE_SETUP_COMPLETION,
+ NULL);
+
+ fst_session_stt_arm(s);
+ }
+
+ return res;
+}
+
+
+int fst_session_respond(struct fst_session *s, u8 status_code)
+{
+ struct fst_setup_res res;
+ enum hostapd_hw_mode hw_mode;
+ u8 channel;
+
+ if (!fst_session_is_ready_pending(s)) {
+ fst_printf_session(s, MSG_ERROR, "incorrect state: %s",
+ fst_session_state_name(s->state));
+ return -EINVAL;
+ }
+
+ if (is_zero_ether_addr(s->data.old_peer_addr)) {
+ fst_printf_session(s, MSG_ERROR, "No peer MAC address");
+ return -EINVAL;
+ }
+
+ if (!s->data.old_iface) {
+ fst_printf_session(s, MSG_ERROR, "No old interface defined");
+ return -EINVAL;
+ }
+
+ if (!s->data.new_iface) {
+ fst_printf_session(s, MSG_ERROR, "No new interface defined");
+ return -EINVAL;
+ }
+
+ if (s->data.new_iface == s->data.old_iface) {
+ fst_printf_session(s, MSG_ERROR,
+ "Same interface set as old and new");
+ return -EINVAL;
+ }
+
+ if (!fst_iface_is_connected(s->data.old_iface, s->data.old_peer_addr)) {
+ fst_printf_session(s, MSG_ERROR,
+ "The preset peer address is not in the peer list");
+ return -EINVAL;
+ }
+
+ fst_session_stt_disarm(s);
+
+ os_memset(&res, 0, sizeof(res));
+
+ res.action = FST_ACTION_SETUP_RESPONSE;
+ res.dialog_token = s->data.pending_setup_req_dlgt;
+ res.status_code = status_code;
+
+ res.stie.element_id = WLAN_EID_SESSION_TRANSITION;
+ res.stie.length = sizeof(res.stie) - 2;
+
+ if (status_code == WLAN_STATUS_SUCCESS) {
+ res.stie.fsts_id = s->data.fsts_id;
+ res.stie.session_control = SESSION_CONTROL(SESSION_TYPE_BSS, 0);
+
+ fst_iface_get_channel_info(s->data.new_iface, &hw_mode,
+ &channel);
+ res.stie.new_band_id = fst_hw_mode_to_band(hw_mode);
+ res.stie.new_band_op = 1;
+ res.stie.new_band_setup = 0;
+
+ fst_iface_get_channel_info(s->data.old_iface, &hw_mode,
+ &channel);
+ res.stie.old_band_id = fst_hw_mode_to_band(hw_mode);
+ res.stie.old_band_op = 1;
+ res.stie.old_band_setup = 0;
+
+ fst_printf_session(s, MSG_INFO,
+ "%s: FST Setup Request accepted for %s (llt=%u)",
+ fst_iface_get_name(s->data.old_iface),
+ fst_iface_get_name(s->data.new_iface),
+ s->data.llt_ms);
+ } else {
+ fst_printf_session(s, MSG_WARNING,
+ "%s: FST Setup Request rejected with code %d",
+ fst_iface_get_name(s->data.old_iface),
+ status_code);
+ }
+
+ if (fst_session_send_action(s, TRUE, &res, sizeof(res),
+ fst_iface_get_mbie(s->data.old_iface))) {
+ fst_printf_sframe(s, TRUE, MSG_ERROR,
+ "cannot send FST Setup Response with code %d",
+ status_code);
+ return -EINVAL;
+ }
+
+ fst_printf_sframe(s, TRUE, MSG_INFO, "FST Setup Response sent");
+
+ if (status_code != WLAN_STATUS_SUCCESS) {
+ union fst_session_state_switch_extra evext = {
+ .to_initial = {
+ .reason = REASON_REJECT,
+ .reject_code = status_code,
+ .initiator = FST_INITIATOR_LOCAL,
+ },
+ };
+ fst_session_set_state(s, FST_SESSION_STATE_INITIAL, &evext);
+ }
+
+ return 0;
+}
+
+
+int fst_session_initiate_switch(struct fst_session *s)
+{
+ struct fst_ack_req req;
+ int res;
+ u8 dialog_token;
+
+ if (!fst_session_is_ready(s)) {
+ fst_printf_session(s, MSG_ERROR,
+ "cannot initiate switch due to wrong setup state (%d)",
+ s->state);
+ return -1;
+ }
+
+ dialog_token = fst_group_assign_dialog_token(s->group);
+
+ WPA_ASSERT(s->data.new_iface != NULL);
+ WPA_ASSERT(s->data.old_iface != NULL);
+
+ fst_printf_session(s, MSG_INFO, "initiating FST switch: %s => %s",
+ fst_iface_get_name(s->data.old_iface),
+ fst_iface_get_name(s->data.new_iface));
+
+ os_memset(&req, 0, sizeof(req));
+
+ req.action = FST_ACTION_ACK_REQUEST;
+ req.dialog_token = dialog_token;
+ req.fsts_id = host_to_le32(s->data.fsts_id);
+
+ res = fst_session_send_action(s, FALSE, &req, sizeof(req), NULL);
+ if (!res) {
+ fst_printf_sframe(s, FALSE, MSG_INFO, "FST Ack Request sent");
+ fst_session_set_state(s, FST_SESSION_STATE_TRANSITION_DONE,
+ NULL);
+ fst_session_stt_arm(s);
+ } else {
+ fst_printf_sframe(s, FALSE, MSG_ERROR,
+ "Cannot send FST Ack Request");
+ }
+
+ return res;
+}
+
+
+void fst_session_handle_action(struct fst_session *s,
+ struct fst_iface *iface,
+ const struct ieee80211_mgmt *mgmt,
+ size_t frame_len)
+{
+ switch (mgmt->u.action.u.fst_action.action) {
+ case FST_ACTION_SETUP_REQUEST:
+ WPA_ASSERT(0);
+ break;
+ case FST_ACTION_SETUP_RESPONSE:
+ fst_session_handle_setup_response(s, iface, mgmt, frame_len);
+ break;
+ case FST_ACTION_TEAR_DOWN:
+ fst_session_handle_tear_down(s, iface, mgmt, frame_len);
+ break;
+ case FST_ACTION_ACK_REQUEST:
+ fst_session_handle_ack_request(s, iface, mgmt, frame_len);
+ break;
+ case FST_ACTION_ACK_RESPONSE:
+ fst_session_handle_ack_response(s, iface, mgmt, frame_len);
+ break;
+ case FST_ACTION_ON_CHANNEL_TUNNEL:
+ default:
+ fst_printf_sframe(s, FALSE, MSG_ERROR,
+ "Unsupported FST Action frame");
+ break;
+ }
+}
+
+
+int fst_session_tear_down_setup(struct fst_session *s)
+{
+ int res;
+ union fst_session_state_switch_extra evext = {
+ .to_initial = {
+ .reason = REASON_TEARDOWN,
+ .initiator = FST_INITIATOR_LOCAL,
+ },
+ };
+
+ res = fst_session_send_tear_down(s);
+
+ fst_session_set_state(s, FST_SESSION_STATE_INITIAL, &evext);
+
+ return res;
+}
+
+
+void fst_session_reset(struct fst_session *s)
+{
+ fst_session_reset_ex(s, REASON_RESET);
+}
+
+
+void fst_session_delete(struct fst_session *s)
+{
+ fst_printf(MSG_INFO, "Session %u deleted", s->id);
+ dl_list_del(&s->global_sessions_lentry);
+ foreach_fst_ctrl_call(on_session_removed, s);
+ os_free(s);
+}
+
+
+struct fst_group * fst_session_get_group(struct fst_session *s)
+{
+ return s->group;
+}
+
+
+struct fst_iface * fst_session_get_iface(struct fst_session *s, Boolean is_old)
+{
+ return is_old ? s->data.old_iface : s->data.new_iface;
+}
+
+
+u32 fst_session_get_id(struct fst_session *s)
+{
+ return s->id;
+}
+
+
+const u8 * fst_session_get_peer_addr(struct fst_session *s, Boolean is_old)
+{
+ return is_old ? s->data.old_peer_addr : s->data.new_peer_addr;
+}
+
+
+u32 fst_session_get_llt(struct fst_session *s)
+{
+ return s->data.llt_ms;
+}
+
+
+enum fst_session_state fst_session_get_state(struct fst_session *s)
+{
+ return s->state;
+}
+
+
+struct fst_session * fst_session_get_by_id(u32 id)
+{
+ struct fst_session *s;
+
+ foreach_fst_session(s) {
+ if (id == s->id)
+ return s;
+ }
+
+ return NULL;
+}
+
+
+void fst_session_enum(struct fst_group *g, fst_session_enum_clb clb, void *ctx)
+{
+ struct fst_session *s;
+
+ foreach_fst_session(s) {
+ if (!g || s->group == g)
+ clb(s->group, s, ctx);
+ }
+}
+
+
+void fst_session_on_action_rx(struct fst_iface *iface,
+ const struct ieee80211_mgmt *mgmt,
+ size_t len)
+{
+ struct fst_session *s;
+
+ if (len < IEEE80211_HDRLEN + 2 ||
+ mgmt->u.action.category != WLAN_ACTION_FST) {
+ fst_printf_iface(iface, MSG_ERROR,
+ "invalid Action frame received");
+ return;
+ }
+
+ if (mgmt->u.action.u.fst_action.action <= FST_ACTION_MAX_SUPPORTED) {
+ fst_printf_iface(iface, MSG_DEBUG,
+ "FST Action '%s' received!",
+ fst_action_names[mgmt->u.action.u.fst_action.action]);
+ } else {
+ fst_printf_iface(iface, MSG_WARNING,
+ "unknown FST Action (%u) received!",
+ mgmt->u.action.u.fst_action.action);
+ return;
+ }
+
+ if (mgmt->u.action.u.fst_action.action == FST_ACTION_SETUP_REQUEST) {
+ fst_session_handle_setup_request(iface, mgmt, len);
+ return;
+ }
+
+ s = fst_find_session_in_progress(mgmt->sa, fst_iface_get_group(iface));
+ if (s) {
+ fst_session_handle_action(s, iface, mgmt, len);
+ } else {
+ fst_printf_iface(iface, MSG_WARNING,
+ "FST Action '%s' dropped: no session in progress found",
+ fst_action_names[mgmt->u.action.u.fst_action.action]);
+ }
+}
+
+
+int fst_session_set_str_ifname(struct fst_session *s, const char *ifname,
+ Boolean is_old)
+{
+ struct fst_group *g = fst_session_get_group(s);
+ struct fst_iface *i;
+
+ i = fst_group_get_iface_by_name(g, ifname);
+ if (!i) {
+ fst_printf_session(s, MSG_WARNING,
+ "Cannot set iface %s: no such iface within group '%s'",
+ ifname, fst_group_get_id(g));
+ return -1;
+ }
+
+ fst_session_set_iface(s, i, is_old);
+
+ return 0;
+}
+
+
+int fst_session_set_str_peer_addr(struct fst_session *s, const char *mac,
+ Boolean is_old)
+{
+ u8 peer_addr[ETH_ALEN];
+ int res = fst_read_peer_addr(mac, peer_addr);
+
+ if (res)
+ return res;
+
+ fst_session_set_peer_addr(s, peer_addr, is_old);
+
+ return 0;
+}
+
+
+int fst_session_set_str_llt(struct fst_session *s, const char *llt_str)
+{
+ char *endp;
+ long int llt = strtol(llt_str, &endp, 0);
+
+ if (*endp || llt < 0 || (unsigned long int) llt > FST_MAX_LLT_MS) {
+ fst_printf_session(s, MSG_WARNING,
+ "Cannot set llt %s: Invalid llt value (1..%u expected)",
+ llt_str, FST_MAX_LLT_MS);
+ return -1;
+ }
+ fst_session_set_llt(s, (u32) llt);
+
+ return 0;
+}
+
+
+void fst_session_global_on_iface_detached(struct fst_iface *iface)
+{
+ struct fst_session *s;
+
+ foreach_fst_session(s) {
+ if (fst_session_is_in_progress(s) &&
+ (s->data.new_iface == iface ||
+ s->data.old_iface == iface))
+ fst_session_reset_ex(s, REASON_DETACH_IFACE);
+ }
+}
+
+
+struct fst_session * fst_session_global_get_first_by_group(struct fst_group *g)
+{
+ struct fst_session *s;
+
+ foreach_fst_session(s) {
+ if (s->group == g)
+ return s;
+ }
+
+ return NULL;
+}
+
+
+#ifdef CONFIG_FST_TEST
+
+static int get_group_fill_session(struct fst_group **g, struct fst_session *s)
+{
+ const u8 *old_addr, *new_addr;
+ struct fst_get_peer_ctx *ctx;
+
+ os_memset(s, 0, sizeof(*s));
+ foreach_fst_group(*g) {
+ s->data.new_iface = fst_group_first_iface(*g);
+ if (s->data.new_iface)
+ break;
+ }
+ if (!s->data.new_iface)
+ return -EINVAL;
+
+ s->data.old_iface = dl_list_entry(s->data.new_iface->group_lentry.next,
+ struct fst_iface, group_lentry);
+ if (!s->data.old_iface)
+ return -EINVAL;
+
+ old_addr = fst_iface_get_peer_first(s->data.old_iface, &ctx, TRUE);
+ if (!old_addr)
+ return -EINVAL;
+
+ new_addr = fst_iface_get_peer_first(s->data.new_iface, &ctx, TRUE);
+ if (!new_addr)
+ return -EINVAL;
+
+ os_memcpy(s->data.old_peer_addr, old_addr, ETH_ALEN);
+ os_memcpy(s->data.new_peer_addr, new_addr, ETH_ALEN);
+
+ return 0;
+}
+
+
+#define FST_MAX_COMMAND_WORD_NAME_LENGTH 16
+
+int fst_test_req_send_fst_request(const char *params)
+{
+ int fsts_id;
+ Boolean is_valid;
+ char *endp;
+ struct fst_setup_req req;
+ struct fst_session s;
+ struct fst_group *g;
+ enum hostapd_hw_mode hw_mode;
+ u8 channel;
+ char additional_param[FST_MAX_COMMAND_WORD_NAME_LENGTH];
+
+ if (params[0] != ' ')
+ return -EINVAL;
+ params++;
+ fsts_id = fst_read_next_int_param(params, &is_valid, &endp);
+ if (!is_valid)
+ return -EINVAL;
+
+ if (get_group_fill_session(&g, &s))
+ return -EINVAL;
+
+ req.action = FST_ACTION_SETUP_REQUEST;
+ req.dialog_token = g->dialog_token;
+ req.llt = host_to_le32(FST_LLT_MS_DEFAULT);
+ /* 8.4.2.147 Session Transition element */
+ req.stie.element_id = WLAN_EID_SESSION_TRANSITION;
+ req.stie.length = sizeof(req.stie) - 2;
+ req.stie.fsts_id = host_to_le32(fsts_id);
+ req.stie.session_control = SESSION_CONTROL(SESSION_TYPE_BSS, 0);
+
+ fst_iface_get_channel_info(s.data.new_iface, &hw_mode, &channel);
+ req.stie.new_band_id = fst_hw_mode_to_band(hw_mode);
+ req.stie.new_band_op = 1;
+ req.stie.new_band_setup = 0;
+
+ fst_iface_get_channel_info(s.data.old_iface, &hw_mode, &channel);
+ req.stie.old_band_id = fst_hw_mode_to_band(hw_mode);
+ req.stie.old_band_op = 1;
+ req.stie.old_band_setup = 0;
+
+ if (!fst_read_next_text_param(endp, additional_param,
+ sizeof(additional_param), &endp)) {
+ if (!os_strcasecmp(additional_param, FST_CTR_PVAL_BAD_NEW_BAND))
+ req.stie.new_band_id = req.stie.old_band_id;
+ }
+
+ return fst_session_send_action(&s, TRUE, &req, sizeof(req),
+ s.data.old_iface->mb_ie);
+}
+
+
+int fst_test_req_send_fst_response(const char *params)
+{
+ int fsts_id;
+ Boolean is_valid;
+ char *endp;
+ struct fst_setup_res res;
+ struct fst_session s;
+ struct fst_group *g;
+ enum hostapd_hw_mode hw_mode;
+ u8 status_code;
+ u8 channel;
+ char response[FST_MAX_COMMAND_WORD_NAME_LENGTH];
+ struct fst_session *_s;
+
+ if (params[0] != ' ')
+ return -EINVAL;
+ params++;
+ fsts_id = fst_read_next_int_param(params, &is_valid, &endp);
+ if (!is_valid)
+ return -EINVAL;
+
+ if (get_group_fill_session(&g, &s))
+ return -EINVAL;
+
+ status_code = WLAN_STATUS_SUCCESS;
+ if (!fst_read_next_text_param(endp, response, sizeof(response),
+ &endp)) {
+ if (!os_strcasecmp(response, FST_CS_PVAL_RESPONSE_REJECT))
+ status_code = WLAN_STATUS_PENDING_ADMITTING_FST_SESSION;
+ }
+
+ os_memset(&res, 0, sizeof(res));
+
+ res.action = FST_ACTION_SETUP_RESPONSE;
+ /*
+ * If some session has just received an FST Setup Request, then
+ * use the correct dialog token copied from this request.
+ */
+ _s = fst_find_session_in_progress(fst_session_get_peer_addr(&s, TRUE),
+ g);
+ res.dialog_token = (_s && fst_session_is_ready_pending(_s)) ?
+ _s->data.pending_setup_req_dlgt : g->dialog_token;
+ res.status_code = status_code;
+
+ res.stie.element_id = WLAN_EID_SESSION_TRANSITION;
+ res.stie.length = sizeof(res.stie) - 2;
+
+ if (res.status_code == WLAN_STATUS_SUCCESS) {
+ res.stie.fsts_id = fsts_id;
+ res.stie.session_control = SESSION_CONTROL(SESSION_TYPE_BSS, 0);
+
+ fst_iface_get_channel_info(s.data.new_iface, &hw_mode,
+ &channel);
+ res.stie.new_band_id = fst_hw_mode_to_band(hw_mode);
+ res.stie.new_band_op = 1;
+ res.stie.new_band_setup = 0;
+
+ fst_iface_get_channel_info(s.data.old_iface, &hw_mode,
+ &channel);
+ res.stie.old_band_id = fst_hw_mode_to_band(hw_mode);
+ res.stie.old_band_op = 1;
+ res.stie.old_band_setup = 0;
+ }
+
+ if (!fst_read_next_text_param(endp, response, sizeof(response),
+ &endp)) {
+ if (!os_strcasecmp(response, FST_CTR_PVAL_BAD_NEW_BAND))
+ res.stie.new_band_id = res.stie.old_band_id;
+ }
+
+ return fst_session_send_action(&s, TRUE, &res, sizeof(res),
+ s.data.old_iface->mb_ie);
+}
+
+
+int fst_test_req_send_ack_request(const char *params)
+{
+ int fsts_id;
+ Boolean is_valid;
+ char *endp;
+ struct fst_ack_req req;
+ struct fst_session s;
+ struct fst_group *g;
+
+ if (params[0] != ' ')
+ return -EINVAL;
+ params++;
+ fsts_id = fst_read_next_int_param(params, &is_valid, &endp);
+ if (!is_valid)
+ return -EINVAL;
+
+ if (get_group_fill_session(&g, &s))
+ return -EINVAL;
+
+ os_memset(&req, 0, sizeof(req));
+ req.action = FST_ACTION_ACK_REQUEST;
+ req.dialog_token = g->dialog_token;
+ req.fsts_id = fsts_id;
+
+ return fst_session_send_action(&s, FALSE, &req, sizeof(req), NULL);
+}
+
+
+int fst_test_req_send_ack_response(const char *params)
+{
+ int fsts_id;
+ Boolean is_valid;
+ char *endp;
+ struct fst_ack_res res;
+ struct fst_session s;
+ struct fst_group *g;
+
+ if (params[0] != ' ')
+ return -EINVAL;
+ params++;
+ fsts_id = fst_read_next_int_param(params, &is_valid, &endp);
+ if (!is_valid)
+ return -EINVAL;
+
+ if (get_group_fill_session(&g, &s))
+ return -EINVAL;
+
+ os_memset(&res, 0, sizeof(res));
+ res.action = FST_ACTION_ACK_RESPONSE;
+ res.dialog_token = g->dialog_token;
+ res.fsts_id = fsts_id;
+
+ return fst_session_send_action(&s, FALSE, &res, sizeof(res), NULL);
+}
+
+
+int fst_test_req_send_tear_down(const char *params)
+{
+ int fsts_id;
+ Boolean is_valid;
+ char *endp;
+ struct fst_tear_down td;
+ struct fst_session s;
+ struct fst_group *g;
+
+ if (params[0] != ' ')
+ return -EINVAL;
+ params++;
+ fsts_id = fst_read_next_int_param(params, &is_valid, &endp);
+ if (!is_valid)
+ return -EINVAL;
+
+ if (get_group_fill_session(&g, &s))
+ return -EINVAL;
+
+ os_memset(&td, 0, sizeof(td));
+ td.action = FST_ACTION_TEAR_DOWN;
+ td.fsts_id = fsts_id;
+
+ return fst_session_send_action(&s, TRUE, &td, sizeof(td), NULL);
+}
+
+
+u32 fst_test_req_get_fsts_id(const char *params)
+{
+ int sid;
+ Boolean is_valid;
+ char *endp;
+ struct fst_session *s;
+
+ if (params[0] != ' ')
+ return FST_FSTS_ID_NOT_FOUND;
+ params++;
+ sid = fst_read_next_int_param(params, &is_valid, &endp);
+ if (!is_valid)
+ return FST_FSTS_ID_NOT_FOUND;
+
+ s = fst_session_get_by_id(sid);
+ if (!s)
+ return FST_FSTS_ID_NOT_FOUND;
+
+ return s->data.fsts_id;
+}
+
+
+int fst_test_req_get_local_mbies(const char *request, char *buf, size_t buflen)
+{
+ char *endp;
+ char ifname[FST_MAX_COMMAND_WORD_NAME_LENGTH];
+ struct fst_group *g;
+ struct fst_iface *iface;
+
+ if (request[0] != ' ')
+ return -EINVAL;
+ request++;
+ if (fst_read_next_text_param(request, ifname, sizeof(ifname), &endp) ||
+ !*ifname)
+ goto problem;
+ g = dl_list_first(&fst_global_groups_list, struct fst_group,
+ global_groups_lentry);
+ if (!g)
+ goto problem;
+ iface = fst_group_get_iface_by_name(g, ifname);
+ if (!iface || !iface->mb_ie)
+ goto problem;
+ return wpa_snprintf_hex(buf, buflen, wpabuf_head(iface->mb_ie),
+ wpabuf_len(iface->mb_ie));
+
+problem:
+ return os_snprintf(buf, buflen, "FAIL\n");
+}
+
+#endif /* CONFIG_FST_TEST */
diff --git a/src/fst/fst_session.h b/src/fst/fst_session.h
new file mode 100644
index 0000000..1162de4
--- /dev/null
+++ b/src/fst/fst_session.h
@@ -0,0 +1,80 @@
+/*
+ * FST module - FST Session related definitions
+ * Copyright (c) 2014, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef FST_SESSION_H
+#define FST_SESSION_H
+
+#define FST_DEFAULT_SESSION_TIMEOUT_TU 255 /* u8 */
+
+struct fst_iface;
+struct fst_group;
+struct fst_session;
+enum fst_session_state;
+
+int fst_session_global_init(void);
+void fst_session_global_deinit(void);
+void fst_session_global_on_iface_detached(struct fst_iface *iface);
+struct fst_session *
+fst_session_global_get_first_by_group(struct fst_group *g);
+
+struct fst_session * fst_session_create(struct fst_group *g);
+void fst_session_set_iface(struct fst_session *s, struct fst_iface *iface,
+ Boolean is_old);
+void fst_session_set_llt(struct fst_session *s, u32 llt);
+void fst_session_set_peer_addr(struct fst_session *s, const u8 *addr,
+ Boolean is_old);
+int fst_session_initiate_setup(struct fst_session *s);
+int fst_session_respond(struct fst_session *s, u8 status_code);
+int fst_session_initiate_switch(struct fst_session *s);
+void fst_session_handle_action(struct fst_session *s, struct fst_iface *iface,
+ const struct ieee80211_mgmt *mgmt,
+ size_t frame_len);
+int fst_session_tear_down_setup(struct fst_session *s);
+void fst_session_reset(struct fst_session *s);
+void fst_session_delete(struct fst_session *s);
+
+struct fst_group * fst_session_get_group(struct fst_session *s);
+struct fst_iface * fst_session_get_iface(struct fst_session *s, Boolean is_old);
+const u8 * fst_session_get_peer_addr(struct fst_session *s, Boolean is_old);
+u32 fst_session_get_id(struct fst_session *s);
+u32 fst_session_get_llt(struct fst_session *s);
+enum fst_session_state fst_session_get_state(struct fst_session *s);
+
+struct fst_session *fst_session_get_by_id(u32 id);
+
+typedef void (*fst_session_enum_clb)(struct fst_group *g, struct fst_session *s,
+ void *ctx);
+
+void fst_session_enum(struct fst_group *g, fst_session_enum_clb clb, void *ctx);
+
+void fst_session_on_action_rx(struct fst_iface *iface,
+ const struct ieee80211_mgmt *mgmt, size_t len);
+
+
+int fst_session_set_str_ifname(struct fst_session *s, const char *ifname,
+ Boolean is_old);
+int fst_session_set_str_peer_addr(struct fst_session *s, const char *mac,
+ Boolean is_old);
+int fst_session_set_str_llt(struct fst_session *s, const char *llt_str);
+
+#ifdef CONFIG_FST_TEST
+
+#define FST_FSTS_ID_NOT_FOUND ((u32) -1)
+
+int fst_test_req_send_fst_request(const char *params);
+int fst_test_req_send_fst_response(const char *params);
+int fst_test_req_send_ack_request(const char *params);
+int fst_test_req_send_ack_response(const char *params);
+int fst_test_req_send_tear_down(const char *params);
+u32 fst_test_req_get_fsts_id(const char *params);
+int fst_test_req_get_local_mbies(const char *request, char *buf,
+ size_t buflen);
+
+#endif /* CONFIG_FST_TEST */
+
+#endif /* FST_SESSION_H */
diff --git a/src/l2_packet/l2_packet_linux.c b/src/l2_packet/l2_packet_linux.c
index 41de2f8..f52f7a2 100644
--- a/src/l2_packet/l2_packet_linux.c
+++ b/src/l2_packet/l2_packet_linux.c
@@ -30,11 +30,13 @@
int l2_hdr; /* whether to include layer 2 (Ethernet) header data
* buffers */
+#ifndef CONFIG_NO_LINUX_PACKET_SOCKET_WAR
/* For working around Linux packet socket behavior and regression. */
int fd_br_rx;
int last_from_br;
u8 last_hash[SHA1_MAC_LEN];
- unsigned int num_rx, num_rx_br;
+ unsigned int num_rx_br;
+#endif /* CONFIG_NO_LINUX_PACKET_SOCKET_WAR */
};
/* Generated by 'sudo tcpdump -s 3000 -dd greater 278 and ip and udp and
@@ -127,7 +129,6 @@
struct sockaddr_ll ll;
socklen_t fromlen;
- l2->num_rx++;
os_memset(&ll, 0, sizeof(ll));
fromlen = sizeof(ll);
res = recvfrom(sock, buf, sizeof(buf), 0, (struct sockaddr *) &ll,
@@ -141,6 +142,7 @@
wpa_printf(MSG_DEBUG, "%s: src=" MACSTR " len=%d",
__func__, MAC2STR(ll.sll_addr), (int) res);
+#ifndef CONFIG_NO_LINUX_PACKET_SOCKET_WAR
if (l2->fd_br_rx >= 0) {
u8 hash[SHA1_MAC_LEN];
const u8 *addr[1];
@@ -173,10 +175,12 @@
}
l2->last_from_br = 0;
+#endif /* CONFIG_NO_LINUX_PACKET_SOCKET_WAR */
l2->rx_callback(l2->rx_callback_ctx, ll.sll_addr, buf, res);
}
+#ifndef CONFIG_NO_LINUX_PACKET_SOCKET_WAR
static void l2_packet_receive_br(int sock, void *eloop_ctx, void *sock_ctx)
{
struct l2_packet_data *l2 = eloop_ctx;
@@ -214,6 +218,7 @@
os_memcpy(l2->last_hash, hash, SHA1_MAC_LEN);
l2->rx_callback(l2->rx_callback_ctx, ll.sll_addr, buf, res);
}
+#endif /* CONFIG_NO_LINUX_PACKET_SOCKET_WAR */
struct l2_packet_data * l2_packet_init(
@@ -233,7 +238,9 @@
l2->rx_callback = rx_callback;
l2->rx_callback_ctx = rx_callback_ctx;
l2->l2_hdr = l2_hdr;
+#ifndef CONFIG_NO_LINUX_PACKET_SOCKET_WAR
l2->fd_br_rx = -1;
+#endif /* CONFIG_NO_LINUX_PACKET_SOCKET_WAR */
l2->fd = socket(PF_PACKET, l2_hdr ? SOCK_RAW : SOCK_DGRAM,
htons(protocol));
@@ -289,6 +296,7 @@
void *rx_callback_ctx, int l2_hdr)
{
struct l2_packet_data *l2;
+#ifndef CONFIG_NO_LINUX_PACKET_SOCKET_WAR
struct sock_filter ethertype_sock_filter_insns[] = {
/* Load ethertype */
BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 2 * ETH_ALEN),
@@ -304,12 +312,14 @@
.filter = ethertype_sock_filter_insns,
};
struct sockaddr_ll ll;
+#endif /* CONFIG_NO_LINUX_PACKET_SOCKET_WAR */
l2 = l2_packet_init(br_ifname, own_addr, protocol, rx_callback,
rx_callback_ctx, l2_hdr);
if (!l2)
return NULL;
+#ifndef CONFIG_NO_LINUX_PACKET_SOCKET_WAR
/*
* The Linux packet socket behavior has changed over the years and there
* is an inconvenient regression in it that breaks RX for a specific
@@ -357,6 +367,7 @@
}
eloop_register_read_sock(l2->fd_br_rx, l2_packet_receive_br, l2, NULL);
+#endif /* CONFIG_NO_LINUX_PACKET_SOCKET_WAR */
return l2;
}
@@ -372,10 +383,12 @@
close(l2->fd);
}
+#ifndef CONFIG_NO_LINUX_PACKET_SOCKET_WAR
if (l2->fd_br_rx >= 0) {
eloop_unregister_read_sock(l2->fd_br_rx);
close(l2->fd_br_rx);
}
+#endif /* CONFIG_NO_LINUX_PACKET_SOCKET_WAR */
os_free(l2);
}
diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c
index b87ff96..d901169 100644
--- a/src/p2p/p2p.c
+++ b/src/p2p/p2p.c
@@ -48,9 +48,8 @@
#define P2P_PEER_EXPIRATION_AGE 60
#endif /* P2P_PEER_EXPIRATION_AGE */
-#define P2P_PEER_EXPIRATION_INTERVAL (P2P_PEER_EXPIRATION_AGE / 2)
-static void p2p_expire_peers(struct p2p_data *p2p)
+void p2p_expire_peers(struct p2p_data *p2p)
{
struct p2p_device *dev, *n;
struct os_reltime now;
@@ -103,15 +102,6 @@
}
-static void p2p_expiration_timeout(void *eloop_ctx, void *timeout_ctx)
-{
- struct p2p_data *p2p = eloop_ctx;
- p2p_expire_peers(p2p);
- eloop_register_timeout(P2P_PEER_EXPIRATION_INTERVAL, 0,
- p2p_expiration_timeout, p2p, NULL);
-}
-
-
static const char * p2p_state_txt(int state)
{
switch (state) {
@@ -455,8 +445,9 @@
static void p2p_copy_client_info(struct p2p_device *dev,
struct p2p_client_info *cli)
{
- os_memcpy(dev->info.device_name, cli->dev_name, cli->dev_name_len);
- dev->info.device_name[cli->dev_name_len] = '\0';
+ p2p_copy_filter_devname(dev->info.device_name,
+ sizeof(dev->info.device_name),
+ cli->dev_name, cli->dev_name_len);
dev->info.dev_capab = cli->dev_capab;
dev->info.config_methods = cli->config_methods;
os_memcpy(dev->info.pri_dev_type, cli->pri_dev_type, 8);
@@ -646,11 +637,11 @@
end = ies + ies_len;
- for (pos = ies; pos + 1 < end; pos += len) {
+ for (pos = ies; end - pos > 1; pos += len) {
id = *pos++;
len = *pos++;
- if (pos + len > end)
+ if (len > end - pos)
break;
if (id != WLAN_EID_VENDOR_SPECIFIC || len < 3)
@@ -1142,7 +1133,7 @@
if (adv_len >= sizeof(str_buf))
return 0;
- for (i = 0; str[i] && i < adv_len; i++) {
+ for (i = 0; i < adv_len; i++) {
if (str[i] >= 'A' && str[i] <= 'Z')
str_buf[i] = str[i] - 'A' + 'a';
else
@@ -1469,7 +1460,7 @@
/**
- * p2p_prepare_channel - Select operating channel for GO Negotiation
+ * p2p_prepare_channel - Select operating channel for GO Negotiation or P2PS PD
* @p2p: P2P module context from p2p_init()
* @dev: Selected peer device
* @force_freq: Forced frequency in MHz or 0 if not forced
@@ -1478,9 +1469,9 @@
* Returns: 0 on success, -1 on failure (channel not supported for P2P)
*
* This function is used to do initial operating channel selection for GO
- * Negotiation prior to having received peer information. The selected channel
- * may be further optimized in p2p_reselect_channel() once the peer information
- * is available.
+ * Negotiation prior to having received peer information or for P2PS PD
+ * signalling. The selected channel may be further optimized in
+ * p2p_reselect_channel() once the peer information is available.
*/
int p2p_prepare_channel(struct p2p_data *p2p, struct p2p_device *dev,
unsigned int force_freq, unsigned int pref_freq, int go)
@@ -2689,13 +2680,14 @@
int p2p_service_add_asp(struct p2p_data *p2p, int auto_accept, u32 adv_id,
const char *adv_str, u8 svc_state, u16 config_methods,
- const char *svc_info)
+ const char *svc_info, const u8 *cpt_priority)
{
struct p2ps_advertisement *adv_data, *tmp, **prev;
u8 buf[P2PS_HASH_LEN];
size_t adv_data_len, adv_len, info_len = 0;
+ int i;
- if (!p2p || !adv_str || !adv_str[0])
+ if (!p2p || !adv_str || !adv_str[0] || !cpt_priority)
return -1;
if (!(config_methods & p2p->cfg->config_methods)) {
@@ -2724,6 +2716,11 @@
adv_data->auto_accept = (u8) auto_accept;
os_memcpy(adv_data->svc_name, adv_str, adv_len);
+ for (i = 0; cpt_priority[i] && i < P2PS_FEATURE_CAPAB_CPT_MAX; i++) {
+ adv_data->cpt_priority[i] = cpt_priority[i];
+ adv_data->cpt_mask |= cpt_priority[i];
+ }
+
if (svc_info && info_len) {
adv_data->svc_info = &adv_data->svc_name[adv_len + 1];
os_memcpy(adv_data->svc_info, svc_info, info_len);
@@ -2762,8 +2759,9 @@
inserted:
p2p_dbg(p2p,
- "Added ASP advertisement adv_id=0x%x config_methods=0x%x svc_state=0x%x adv_str='%s'",
- adv_id, adv_data->config_methods, svc_state, adv_str);
+ "Added ASP advertisement adv_id=0x%x config_methods=0x%x svc_state=0x%x adv_str='%s' cpt_mask=0x%x",
+ adv_id, adv_data->config_methods, svc_state, adv_str,
+ adv_data->cpt_mask);
return 0;
}
@@ -2919,9 +2917,6 @@
dl_list_init(&p2p->devices);
- eloop_register_timeout(P2P_PEER_EXPIRATION_INTERVAL, 0,
- p2p_expiration_timeout, p2p, NULL);
-
p2p->go_timeout = 100;
p2p->client_timeout = 20;
p2p->num_p2p_sd_queries = 0;
@@ -2950,8 +2945,6 @@
wpabuf_free(p2p->wfd_coupled_sink_info);
#endif /* CONFIG_WIFI_DISPLAY */
- eloop_cancel_timeout(p2p_expiration_timeout, p2p, NULL);
- eloop_cancel_timeout(p2p_ext_listen_timeout, p2p, NULL);
eloop_cancel_timeout(p2p_scan_timeout, p2p, NULL);
eloop_cancel_timeout(p2p_go_neg_start, p2p, NULL);
eloop_cancel_timeout(p2p_go_neg_wait_timeout, p2p, NULL);
@@ -2978,6 +2971,8 @@
void p2p_flush(struct p2p_data *p2p)
{
struct p2p_device *dev, *prev;
+
+ p2p_ext_listen(p2p, 0, 0);
p2p_stop_find(p2p);
dl_list_for_each_safe(dev, prev, &p2p->devices, struct p2p_device,
list) {
@@ -2987,6 +2982,7 @@
p2p_free_sd_queries(p2p);
os_free(p2p->after_scan_tx);
p2p->after_scan_tx = NULL;
+ p2p->ssid_set = 0;
}
@@ -3332,6 +3328,43 @@
}
/*
+ * If after PD Request the peer doesn't expect to receive PD Response
+ * the PD Request ACK indicates a completion of the current PD. This
+ * happens only on the advertiser side sending the follow-on PD Request
+ * with the status different than 12 (Success: accepted by user).
+ */
+ if (p2p->p2ps_prov && !p2p->p2ps_prov->pd_seeker &&
+ p2p->p2ps_prov->status != P2P_SC_SUCCESS_DEFERRED) {
+ p2p_dbg(p2p, "P2PS PD completion on Follow-on PD Request ACK");
+
+ if (p2p->send_action_in_progress) {
+ p2p->send_action_in_progress = 0;
+ p2p->cfg->send_action_done(p2p->cfg->cb_ctx);
+ }
+
+ p2p->pending_action_state = P2P_NO_PENDING_ACTION;
+
+ if (p2p->cfg->p2ps_prov_complete) {
+ p2p->cfg->p2ps_prov_complete(
+ p2p->cfg->cb_ctx,
+ p2p->p2ps_prov->status,
+ p2p->p2ps_prov->adv_mac,
+ p2p->p2ps_prov->adv_mac,
+ p2p->p2ps_prov->session_mac,
+ NULL, p2p->p2ps_prov->adv_id,
+ p2p->p2ps_prov->session_id,
+ 0, 0, NULL, 0, 0, 0,
+ NULL, NULL, 0, 0);
+ }
+
+ if (p2p->user_initiated_pd)
+ p2p_reset_pending_pd(p2p);
+
+ p2ps_prov_free(p2p);
+ return;
+ }
+
+ /*
* This postponing, of resetting pending_action_state, needs to be
* done only for user initiated PD requests and not internal ones.
*/
@@ -5389,3 +5422,20 @@
"Timeout on waiting peer to become ready for GO Negotiation");
p2p_go_neg_failed(p2p, -1);
}
+
+
+void p2p_set_own_pref_freq_list(struct p2p_data *p2p,
+ const unsigned int *pref_freq_list,
+ unsigned int size)
+{
+ unsigned int i;
+
+ if (size > P2P_MAX_PREF_CHANNELS)
+ size = P2P_MAX_PREF_CHANNELS;
+ p2p->num_pref_freq = size;
+ for (i = 0; i < size; i++) {
+ p2p->pref_freq_list[i] = pref_freq_list[i];
+ p2p_dbg(p2p, "Own preferred frequency list[%u]=%u MHz",
+ i, p2p->pref_freq_list[i]);
+ }
+}
diff --git a/src/p2p/p2p.h b/src/p2p/p2p.h
index 67b8bdb..1839357 100644
--- a/src/p2p/p2p.h
+++ b/src/p2p/p2p.h
@@ -21,6 +21,12 @@
#define P2PS_WILD_HASH_STR "org.wi-fi.wfds"
#define P2PS_HASH_LEN 6
#define P2P_MAX_QUERY_HASH 6
+#define P2PS_FEATURE_CAPAB_CPT_MAX 2
+
+/**
+ * P2P_MAX_PREF_CHANNELS - Maximum number of preferred channels
+ */
+#define P2P_MAX_PREF_CHANNELS 100
/**
* P2P_MAX_REG_CLASSES - Maximum number of regulatory classes
@@ -156,6 +162,11 @@
struct p2ps_provision {
/**
+ * pd_seeker - P2PS provision discovery seeker role
+ */
+ unsigned int pd_seeker:1;
+
+ /**
* status - Remote returned provisioning status code
*/
int status;
@@ -196,6 +207,33 @@
u8 adv_mac[ETH_ALEN];
/**
+ * cpt_mask - Supported Coordination Protocol Transport mask
+ *
+ * A bitwise mask of supported ASP Coordination Protocol Transports.
+ * This property is set together and corresponds with cpt_priority.
+ */
+ u8 cpt_mask;
+
+ /**
+ * cpt_priority - Coordination Protocol Transport priority list
+ *
+ * Priorities of supported ASP Coordination Protocol Transports.
+ * This property is set together and corresponds with cpt_mask.
+ * The CPT priority list is 0 terminated.
+ */
+ u8 cpt_priority[P2PS_FEATURE_CAPAB_CPT_MAX + 1];
+
+ /**
+ * force_freq - The only allowed channel frequency in MHz or 0.
+ */
+ unsigned int force_freq;
+
+ /**
+ * pref_freq - Preferred operating frequency in MHz or 0.
+ */
+ unsigned int pref_freq;
+
+ /**
* info - Vendor defined extra Provisioning information
*/
char info[0];
@@ -235,6 +273,23 @@
u8 hash[P2PS_HASH_LEN];
/**
+ * cpt_mask - supported Coordination Protocol Transport mask
+ *
+ * A bitwise mask of supported ASP Coordination Protocol Transports.
+ * This property is set together and corresponds with cpt_priority.
+ */
+ u8 cpt_mask;
+
+ /**
+ * cpt_priority - Coordination Protocol Transport priority list
+ *
+ * Priorities of supported ASP Coordinatin Protocol Transports.
+ * This property is set together and corresponds with cpt_mask.
+ * The CPT priority list is 0 terminated.
+ */
+ u8 cpt_priority[P2PS_FEATURE_CAPAB_CPT_MAX + 1];
+
+ /**
* svc_name - NULL Terminated UTF-8 Service Name, and svc_info storage
*/
char svc_name[0];
@@ -955,18 +1010,21 @@
/**
* Determine if we have a persistent group we share with remote peer
+ * and allocate interface for this group if needed
* @ctx: Callback context from cb_ctx
* @addr: Peer device address to search for
* @ssid: Persistent group SSID or %NULL if any
* @ssid_len: Length of @ssid
- * @go_dev_addr: Buffer for returning intended GO P2P Device Address
+ * @go_dev_addr: Buffer for returning GO P2P Device Address
* @ret_ssid: Buffer for returning group SSID
* @ret_ssid_len: Buffer for returning length of @ssid
+ * @intended_iface_addr: Buffer for returning intended iface address
* Returns: 1 if a matching persistent group was found, 0 otherwise
*/
int (*get_persistent_group)(void *ctx, const u8 *addr, const u8 *ssid,
size_t ssid_len, u8 *go_dev_addr,
- u8 *ret_ssid, size_t *ret_ssid_len);
+ u8 *ret_ssid, size_t *ret_ssid_len,
+ u8 *intended_iface_addr);
/**
* Get information about a possible local GO role
@@ -976,6 +1034,8 @@
* @ssid_len: Buffer for returning length of @ssid
* @group_iface: Buffer for returning whether a separate group interface
* would be used
+ * @freq: Variable for returning the current operating frequency of a
+ * currently running P2P GO.
* Returns: 1 if GO info found, 0 otherwise
*
* This is used to compose New Group settings (SSID, and intended
@@ -983,7 +1043,8 @@
* result in our being an autonomous GO.
*/
int (*get_go_info)(void *ctx, u8 *intended_addr,
- u8 *ssid, size_t *ssid_len, int *group_iface);
+ u8 *ssid, size_t *ssid_len, int *group_iface,
+ unsigned int *freq);
/**
* remove_stale_groups - Remove stale P2PS groups
@@ -1007,7 +1068,9 @@
u8 conncap, int passwd_id,
const u8 *persist_ssid,
size_t persist_ssid_size, int response_done,
- int prov_start, const char *session_info);
+ int prov_start, const char *session_info,
+ const u8 *feat_cap, size_t feat_cap_len,
+ unsigned int freq);
/**
* prov_disc_resp_cb - Callback for indicating completion of PD Response
@@ -1021,14 +1084,34 @@
/**
* p2ps_group_capability - Determine group capability
+ * @ctx: Callback context from cb_ctx
+ * @incoming: Peer requested roles, expressed with P2PS_SETUP_* bitmap.
+ * @role: Local roles, expressed with P2PS_SETUP_* bitmap.
+ * @force_freq: Variable for returning forced frequency for the group.
+ * @pref_freq: Variable for returning preferred frequency for the group.
+ * Returns: P2PS_SETUP_* bitmap of group capability result.
*
- * This function can be used to determine group capability based on
- * information from P2PS PD exchange and the current state of ongoing
- * groups and driver capabilities.
- *
- * P2PS_SETUP_* bitmap is used as the parameters and return value.
+ * This function can be used to determine group capability and
+ * frequencies based on information from P2PS PD exchange and the
+ * current state of ongoing groups and driver capabilities.
*/
- u8 (*p2ps_group_capability)(void *ctx, u8 incoming, u8 role);
+ u8 (*p2ps_group_capability)(void *ctx, u8 incoming, u8 role,
+ unsigned int *force_freq,
+ unsigned int *pref_freq);
+
+ /**
+ * get_pref_freq_list - Get preferred frequency list for an interface
+ * @ctx: Callback context from cb_ctx
+ * @go: Whether the use if for GO role
+ * @len: Length of freq_list in entries (both IN and OUT)
+ * @freq_list: Buffer for returning the preferred frequencies (MHz)
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function can be used to query the preferred frequency list from
+ * the driver specific to a particular interface type.
+ */
+ int (*get_pref_freq_list)(void *ctx, int go,
+ unsigned int *len, unsigned int *freq_list);
};
@@ -2248,9 +2331,33 @@
p2p_service_p2ps_id(struct p2p_data *p2p, u32 adv_id);
int p2p_service_add_asp(struct p2p_data *p2p, int auto_accept, u32 adv_id,
const char *adv_str, u8 svc_state,
- u16 config_methods, const char *svc_info);
+ u16 config_methods, const char *svc_info,
+ const u8 *cpt_priority);
int p2p_service_del_asp(struct p2p_data *p2p, u32 adv_id);
void p2p_service_flush_asp(struct p2p_data *p2p);
struct p2ps_advertisement * p2p_get_p2ps_adv_list(struct p2p_data *p2p);
+/**
+ * p2p_expire_peers - Periodic cleanup function to expire peers
+ * @p2p: P2P module context from p2p_init()
+ *
+ * This is a cleanup function that the entity calling p2p_init() is
+ * expected to call periodically to clean up expired peer entries.
+ */
+void p2p_expire_peers(struct p2p_data *p2p);
+
+void p2p_set_own_pref_freq_list(struct p2p_data *p2p,
+ const unsigned int *pref_freq_list,
+ unsigned int size);
+
+/**
+ * p2p_group_get_common_freqs - Get the group common frequencies
+ * @group: P2P group context from p2p_group_init()
+ * @common_freqs: On return will hold the group common frequencies
+ * @num: On return will hold the number of group common frequencies
+ * Returns: 0 on success, -1 otherwise
+ */
+int p2p_group_get_common_freqs(struct p2p_group *group, int *common_freqs,
+ unsigned int *num);
+
#endif /* P2P_H */
diff --git a/src/p2p/p2p_build.c b/src/p2p/p2p_build.c
index c733543..793d28b 100644
--- a/src/p2p/p2p_build.c
+++ b/src/p2p/p2p_build.c
@@ -10,6 +10,7 @@
#include "common.h"
#include "common/ieee802_11_defs.h"
+#include "common/qca-vendor.h"
#include "wps/wps_i.h"
#include "p2p_i.h"
@@ -109,6 +110,44 @@
}
+void p2p_buf_add_pref_channel_list(struct wpabuf *buf,
+ const u32 *preferred_freq_list,
+ unsigned int size)
+{
+ unsigned int i, count = 0;
+ u8 op_class, op_channel;
+
+ if (!size)
+ return;
+
+ /*
+ * First, determine the number of P2P supported channels in the
+ * pref_freq_list returned from driver. This is needed for calculations
+ * of the vendor IE size.
+ */
+ for (i = 0; i < size; i++) {
+ if (p2p_freq_to_channel(preferred_freq_list[i], &op_class,
+ &op_channel) == 0)
+ count++;
+ }
+
+ wpabuf_put_u8(buf, WLAN_EID_VENDOR_SPECIFIC);
+ wpabuf_put_u8(buf, 4 + count * sizeof(u16));
+ wpabuf_put_be24(buf, OUI_QCA);
+ wpabuf_put_u8(buf, QCA_VENDOR_ELEM_P2P_PREF_CHAN_LIST);
+ for (i = 0; i < size; i++) {
+ if (p2p_freq_to_channel(preferred_freq_list[i], &op_class,
+ &op_channel) < 0) {
+ wpa_printf(MSG_DEBUG, "Unsupported frequency %u MHz",
+ preferred_freq_list[i]);
+ continue;
+ }
+ wpabuf_put_u8(buf, op_class);
+ wpabuf_put_u8(buf, op_channel);
+ }
+}
+
+
void p2p_buf_add_channel_list(struct wpabuf *buf, const char *country,
struct p2p_channels *chan)
{
diff --git a/src/p2p/p2p_go_neg.c b/src/p2p/p2p_go_neg.c
index 19f1daa..096ccd6 100644
--- a/src/p2p/p2p_go_neg.c
+++ b/src/p2p/p2p_go_neg.c
@@ -38,7 +38,7 @@
{
const u8 *pos, *end;
struct p2p_channels *ch;
- size_t channels;
+ u8 channels;
struct p2p_channels intersection;
ch = &dev->channels;
@@ -58,14 +58,14 @@
}
pos += 3;
- while (pos + 2 < end) {
+ while (end - pos > 2) {
struct p2p_reg_class *cl = &ch->reg_class[ch->reg_classes];
cl->reg_class = *pos++;
- if (pos + 1 + pos[0] > end) {
+ channels = *pos++;
+ if (channels > end - pos) {
p2p_info(p2p, "Invalid peer Channel List");
return -1;
}
- channels = *pos++;
cl->channels = channels > P2P_MAX_REG_CLASS_CHANNELS ?
P2P_MAX_REG_CLASS_CHANNELS : channels;
os_memcpy(cl->channel, pos, cl->channels);
@@ -185,6 +185,9 @@
p2p->op_reg_class, p2p->op_channel);
p2p_buf_update_ie_hdr(buf, len);
+ p2p_buf_add_pref_channel_list(buf, p2p->pref_freq_list,
+ p2p->num_pref_freq);
+
/* WPS IE with Device Password ID attribute */
pw_id = p2p_wps_method_pw_id(peer->wps_method);
if (peer->oob_pw_id)
@@ -312,7 +315,7 @@
group_capab);
p2p_buf_add_go_intent(buf, (p2p->go_intent << 1) | tie_breaker);
p2p_buf_add_config_timeout(buf, p2p->go_timeout, p2p->client_timeout);
- if (peer && peer->go_state == REMOTE_GO) {
+ if (peer && peer->go_state == REMOTE_GO && !p2p->num_pref_freq) {
p2p_dbg(p2p, "Omit Operating Channel attribute");
} else {
p2p_buf_add_operating_channel(buf, p2p->cfg->country,
@@ -542,6 +545,195 @@
}
+static void p2p_check_pref_chan_no_recv(struct p2p_data *p2p, int go,
+ struct p2p_device *dev,
+ struct p2p_message *msg,
+ unsigned freq_list[], unsigned int size)
+{
+ u8 op_class, op_channel;
+ unsigned int oper_freq = 0, i, j;
+ int found = 0;
+
+ p2p_dbg(p2p,
+ "Peer didn't provide a preferred frequency list, see if any of our preferred channels are supported by peer device");
+
+ /*
+ * Search for a common channel in our preferred frequency list which is
+ * also supported by the peer device.
+ */
+ for (i = 0; i < size && !found; i++) {
+ /*
+ * Make sure that the common frequency is:
+ * 1. Supported by peer
+ * 2. Allowed for P2P use.
+ */
+ oper_freq = freq_list[i];
+ if (p2p_freq_to_channel(oper_freq, &op_class,
+ &op_channel) < 0) {
+ p2p_dbg(p2p, "Unsupported frequency %u MHz", oper_freq);
+ continue;
+ }
+ if (!p2p_channels_includes(&p2p->cfg->channels,
+ op_class, op_channel) &&
+ (go || !p2p_channels_includes(&p2p->cfg->cli_channels,
+ op_class, op_channel))) {
+ p2p_dbg(p2p,
+ "Freq %u MHz (oper_class %u channel %u) not allowed for P2P",
+ oper_freq, op_class, op_channel);
+ break;
+ }
+ for (j = 0; j < msg->channel_list_len; j++) {
+
+ if (op_channel != msg->channel_list[j])
+ continue;
+
+ p2p->op_reg_class = op_class;
+ p2p->op_channel = op_channel;
+ os_memcpy(&p2p->channels, &p2p->cfg->channels,
+ sizeof(struct p2p_channels));
+ found = 1;
+ break;
+ }
+ }
+
+ if (found) {
+ p2p_dbg(p2p,
+ "Freq %d MHz is a preferred channel and is also supported by peer, use it as the operating channel",
+ oper_freq);
+ } else {
+ p2p_dbg(p2p,
+ "None of our preferred channels are supported by peer!. Use: %d MHz for oper_channel",
+ dev->oper_freq);
+ }
+}
+
+
+static void p2p_check_pref_chan_recv(struct p2p_data *p2p, int go,
+ struct p2p_device *dev,
+ struct p2p_message *msg,
+ unsigned freq_list[], unsigned int size)
+{
+ u8 op_class, op_channel;
+ unsigned int oper_freq = 0, i, j;
+ int found = 0;
+
+ /*
+ * Peer device supports a Preferred Frequency List.
+ * Search for a common channel in the preferred frequency lists
+ * of both peer and local devices.
+ */
+ for (i = 0; i < size && !found; i++) {
+ for (j = 2; j < (msg->pref_freq_list_len / 2); j++) {
+ oper_freq = p2p_channel_to_freq(
+ msg->pref_freq_list[2 * j],
+ msg->pref_freq_list[2 * j + 1]);
+ if (freq_list[i] != oper_freq)
+ continue;
+
+ /*
+ * Make sure that the found frequency is:
+ * 1. Supported
+ * 2. Allowed for P2P use.
+ */
+ if (p2p_freq_to_channel(oper_freq, &op_class,
+ &op_channel) < 0) {
+ p2p_dbg(p2p, "Unsupported frequency %u MHz",
+ oper_freq);
+ continue;
+ }
+
+ if (!p2p_channels_includes(&p2p->cfg->channels,
+ op_class, op_channel) &&
+ (go ||
+ !p2p_channels_includes(&p2p->cfg->cli_channels,
+ op_class, op_channel))) {
+ p2p_dbg(p2p,
+ "Freq %u MHz (oper_class %u channel %u) not allowed for P2P",
+ oper_freq, op_class, op_channel);
+ break;
+ }
+ p2p->op_reg_class = op_class;
+ p2p->op_channel = op_channel;
+ os_memcpy(&p2p->channels, &p2p->cfg->channels,
+ sizeof(struct p2p_channels));
+ found = 1;
+ break;
+ }
+ }
+
+ if (found) {
+ p2p_dbg(p2p,
+ "Freq %d MHz is a common preferred channel for both peer and local, use it as operating channel",
+ oper_freq);
+ } else {
+ p2p_dbg(p2p,
+ "No common preferred channels found! Use: %d MHz for oper_channel",
+ dev->oper_freq);
+ }
+}
+
+
+void p2p_check_pref_chan(struct p2p_data *p2p, int go,
+ struct p2p_device *dev, struct p2p_message *msg)
+{
+ unsigned int freq_list[P2P_MAX_PREF_CHANNELS], size;
+ unsigned int i;
+ u8 op_class, op_channel;
+
+ /*
+ * Use the preferred channel list from the driver only if there is no
+ * forced_freq, e.g., P2P_CONNECT freq=..., and no preferred operating
+ * channel hardcoded in the configuration file.
+ */
+ if (!p2p->cfg->get_pref_freq_list || p2p->cfg->num_pref_chan ||
+ (dev->flags & P2P_DEV_FORCE_FREQ) || p2p->cfg->cfg_op_channel)
+ return;
+
+ /* Obtain our preferred frequency list from driver based on P2P role. */
+ size = P2P_MAX_PREF_CHANNELS;
+ if (p2p->cfg->get_pref_freq_list(p2p->cfg->cb_ctx, go, &size,
+ freq_list))
+ return;
+
+ /*
+ * Check if peer's preference of operating channel is in
+ * our preferred channel list.
+ */
+ for (i = 0; i < size; i++) {
+ if (freq_list[i] == (unsigned int) dev->oper_freq)
+ break;
+ }
+ if (i != size) {
+ /* Peer operating channel preference matches our preference */
+ if (p2p_freq_to_channel(freq_list[i], &op_class, &op_channel) <
+ 0) {
+ p2p_dbg(p2p,
+ "Peer operating channel preference is unsupported frequency %u MHz",
+ freq_list[i]);
+ } else {
+ p2p->op_reg_class = op_class;
+ p2p->op_channel = op_channel;
+ os_memcpy(&p2p->channels, &p2p->cfg->channels,
+ sizeof(struct p2p_channels));
+ return;
+ }
+ }
+
+ p2p_dbg(p2p,
+ "Peer operating channel preference: %d MHz is not in our preferred channel list",
+ dev->oper_freq);
+
+ /*
+ Check if peer's preferred channel list is
+ * _not_ included in the GO Negotiation Request or Invitation Request.
+ */
+ if (msg->pref_freq_list_len == 0)
+ p2p_check_pref_chan_no_recv(p2p, go, dev, msg, freq_list, size);
+ else
+ p2p_check_pref_chan_recv(p2p, go, dev, msg, freq_list, size);
+}
+
+
void p2p_process_go_neg_req(struct p2p_data *p2p, const u8 *sa,
const u8 *data, size_t len, int rx_freq)
{
@@ -709,6 +901,14 @@
return;
}
+ if (dev->go_neg_req_sent &&
+ (dev->flags & P2P_DEV_PEER_WAITING_RESPONSE)) {
+ p2p_dbg(p2p,
+ "Do not reply since peer is waiting for us to start a new GO Negotiation and GO Neg Request already sent");
+ p2p_parse_free(&msg);
+ return;
+ }
+
go = p2p_go_det(p2p->go_intent, *msg.go_intent);
if (go < 0) {
p2p_dbg(p2p, "Incompatible GO Intent");
@@ -799,6 +999,12 @@
p2p_dbg(p2p, "Peer operating channel preference: %d MHz",
dev->oper_freq);
+ /*
+ * Use the driver preferred frequency list extension if
+ * supported.
+ */
+ p2p_check_pref_chan(p2p, go, dev, &msg);
+
if (msg.config_timeout) {
dev->go_timeout = msg.config_timeout[0];
dev->client_timeout = msg.config_timeout[1];
@@ -1150,6 +1356,13 @@
if (go && p2p_go_select_channel(p2p, dev, &status) < 0)
goto fail;
+ /*
+ * Use the driver preferred frequency list extension if local device is
+ * GO.
+ */
+ if (go)
+ p2p_check_pref_chan(p2p, go, dev, &msg);
+
p2p_set_state(p2p, P2P_GO_NEG);
p2p_clear_timeout(p2p);
diff --git a/src/p2p/p2p_group.c b/src/p2p/p2p_group.c
index 41ca99f..2cf2450 100644
--- a/src/p2p/p2p_group.c
+++ b/src/p2p/p2p_group.c
@@ -296,14 +296,14 @@
os_memset(zero_addr, 0, ETH_ALEN);
pos = wpabuf_head_u8(m->wfd_ie);
end = pos + wpabuf_len(m->wfd_ie);
- while (pos + 1 < end) {
+ while (end - pos >= 3) {
u8 id;
u16 len;
id = *pos++;
len = WPA_GET_BE16(pos);
pos += 2;
- if (pos + len > end)
+ if (len > end - pos)
break;
switch (id) {
@@ -1071,3 +1071,43 @@
break;
}
}
+
+
+int p2p_group_get_common_freqs(struct p2p_group *group, int *common_freqs,
+ unsigned int *num)
+
+{
+ struct p2p_channels intersect, res;
+ struct p2p_group_member *m;
+
+ if (!group || !common_freqs || !num)
+ return -1;
+
+ os_memset(&intersect, 0, sizeof(intersect));
+ os_memset(&res, 0, sizeof(res));
+
+ p2p_channels_union(&intersect, &group->p2p->cfg->channels,
+ &intersect);
+
+ p2p_channels_dump(group->p2p,
+ "Group common freqs before iterating members",
+ &intersect);
+
+ for (m = group->members; m; m = m->next) {
+ struct p2p_device *dev;
+
+ dev = p2p_get_device(group->p2p, m->dev_addr);
+ if (!dev)
+ continue;
+
+ p2p_channels_intersect(&intersect, &dev->channels, &res);
+ intersect = res;
+ }
+
+ p2p_channels_dump(group->p2p, "Group common channels", &intersect);
+
+ os_memset(common_freqs, 0, *num * sizeof(int));
+ *num = p2p_channels_to_freqs(&intersect, common_freqs, *num);
+
+ return 0;
+}
diff --git a/src/p2p/p2p_i.h b/src/p2p/p2p_i.h
index a1042d2..7f65ace 100644
--- a/src/p2p/p2p_i.h
+++ b/src/p2p/p2p_i.h
@@ -53,6 +53,9 @@
* from Beacon/Probe Response), the interface address is stored here.
* p2p_device_addr must still be set in such a case to the unique
* identifier for the P2P Device.
+ *
+ * This field is also used during P2PS PD to store the intended GO
+ * address of the peer.
*/
u8 interface_addr[ETH_ALEN];
@@ -535,6 +538,9 @@
u16 authorized_oob_dev_pw_id;
struct wpabuf **vendor_elem;
+
+ unsigned int pref_freq_list[P2P_MAX_PREF_CHANNELS];
+ unsigned int num_pref_freq;
};
/**
@@ -637,6 +643,9 @@
const u8 *persistent_dev;
const u8 *persistent_ssid;
size_t persistent_ssid_len;
+
+ const u8 *pref_freq_list;
+ size_t pref_freq_list_len;
};
@@ -682,6 +691,8 @@
u8 *op_channel);
/* p2p_parse.c */
+void p2p_copy_filter_devname(char *dst, size_t dst_len,
+ const void *src, size_t src_len);
int p2p_parse_p2p_ie(const struct wpabuf *buf, struct p2p_message *msg);
int p2p_parse_ies(const u8 *data, size_t len, struct p2p_message *msg);
int p2p_parse(const u8 *data, size_t len, struct p2p_message *msg);
@@ -763,6 +774,8 @@
const u8 *ssid, size_t ssid_len);
int p2p_build_wps_ie(struct p2p_data *p2p, struct wpabuf *buf, int pw_id,
int all_attr);
+void p2p_buf_add_pref_channel_list(struct wpabuf *buf,
+ const u32 *preferred_freq_list, u32 size);
/* p2p_sd.c */
struct p2p_sd_query * p2p_pending_sd_req(struct p2p_data *p2p,
@@ -792,6 +805,8 @@
u16 p2p_wps_method_pw_id(enum p2p_wps_method wps_method);
void p2p_reselect_channel(struct p2p_data *p2p,
struct p2p_channels *intersection);
+void p2p_check_pref_chan(struct p2p_data *p2p, int go,
+ struct p2p_device *dev, struct p2p_message *msg);
/* p2p_pd.c */
void p2p_process_prov_disc_req(struct p2p_data *p2p, const u8 *sa,
diff --git a/src/p2p/p2p_invitation.c b/src/p2p/p2p_invitation.c
index f5454f7..108e5b7 100644
--- a/src/p2p/p2p_invitation.c
+++ b/src/p2p/p2p_invitation.c
@@ -85,6 +85,9 @@
p2p_buf_add_device_info(buf, p2p, peer);
p2p_buf_update_ie_hdr(buf, len);
+ p2p_buf_add_pref_channel_list(buf, p2p->pref_freq_list,
+ p2p->num_pref_freq);
+
#ifdef CONFIG_WIFI_DISPLAY
if (wfd_ie)
wpabuf_put_buf(buf, wfd_ie);
@@ -343,6 +346,12 @@
p2p_reselect_channel(p2p, &intersection);
}
+ /*
+ * Use the driver preferred frequency list extension if
+ * supported.
+ */
+ p2p_check_pref_chan(p2p, go, dev, &msg);
+
op_freq = p2p_channel_to_freq(p2p->op_reg_class,
p2p->op_channel);
if (op_freq < 0) {
@@ -534,6 +543,12 @@
peer_oper_freq = 0;
}
+ /*
+ * Use the driver preferred frequency list extension if
+ * supported.
+ */
+ p2p_check_pref_chan(p2p, 0, dev, &msg);
+
p2p->cfg->invitation_result(p2p->cfg->cb_ctx, *msg.status,
msg.group_bssid, channels, sa,
freq, peer_oper_freq);
diff --git a/src/p2p/p2p_parse.c b/src/p2p/p2p_parse.c
index 980dddf..5d2299c 100644
--- a/src/p2p/p2p_parse.c
+++ b/src/p2p/p2p_parse.c
@@ -15,11 +15,29 @@
#include "p2p_i.h"
+void p2p_copy_filter_devname(char *dst, size_t dst_len,
+ const void *src, size_t src_len)
+{
+ size_t i;
+
+ if (src_len >= dst_len)
+ src_len = dst_len - 1;
+ os_memcpy(dst, src, src_len);
+ dst[src_len] = '\0';
+ for (i = 0; i < src_len; i++) {
+ if (dst[i] == '\0')
+ break;
+ if (is_ctrl_char(dst[i]))
+ dst[i] = '_';
+ }
+}
+
+
static int p2p_parse_attribute(u8 id, const u8 *data, u16 len,
struct p2p_message *msg)
{
const u8 *pos;
- size_t i, nlen;
+ u16 nlen;
char devtype[WPS_DEV_TYPE_BUFSIZE];
switch (id) {
@@ -149,21 +167,14 @@
pos += 2;
nlen = WPA_GET_BE16(pos);
pos += 2;
- if (data + len - pos < (int) nlen ||
- nlen > WPS_DEV_NAME_MAX_LEN) {
+ if (nlen > data + len - pos || nlen > WPS_DEV_NAME_MAX_LEN) {
wpa_printf(MSG_DEBUG, "P2P: Invalid Device Name "
- "length %d (buf len %d)", (int) nlen,
+ "length %u (buf len %d)", nlen,
(int) (data + len - pos));
return -1;
}
- os_memcpy(msg->device_name, pos, nlen);
- msg->device_name[nlen] = '\0';
- for (i = 0; i < nlen; i++) {
- if (msg->device_name[i] == '\0')
- break;
- if (is_ctrl_char(msg->device_name[i]))
- msg->device_name[i] = '_';
- }
+ p2p_copy_filter_devname(msg->device_name,
+ sizeof(msg->device_name), pos, nlen);
wpa_printf(MSG_DEBUG, "P2P: * Device Info: addr " MACSTR
" primary device type %s device name '%s' "
"config methods 0x%x",
@@ -548,6 +559,9 @@
}
#endif /* CONFIG_WIFI_DISPLAY */
+ msg->pref_freq_list = elems.pref_freq_list;
+ msg->pref_freq_list_len = elems.pref_freq_list_len;
+
return 0;
}
@@ -634,49 +648,48 @@
gend = gi + gi_len;
while (g < gend) {
struct p2p_client_info *cli;
- const u8 *t, *cend;
- int count;
+ const u8 *cend;
+ u16 count;
+ u8 len;
cli = &info->client[info->num_clients];
- cend = g + 1 + g[0];
- if (cend > gend)
+ len = *g++;
+ if (len > gend - g || len < 2 * ETH_ALEN + 1 + 2 + 8 + 1)
return -1; /* invalid data */
+ cend = g + len;
/* g at start of P2P Client Info Descriptor */
- /* t at Device Capability Bitmap */
- t = g + 1 + 2 * ETH_ALEN;
- if (t > cend)
- return -1; /* invalid data */
- cli->p2p_device_addr = g + 1;
- cli->p2p_interface_addr = g + 1 + ETH_ALEN;
- cli->dev_capab = t[0];
+ cli->p2p_device_addr = g;
+ g += ETH_ALEN;
+ cli->p2p_interface_addr = g;
+ g += ETH_ALEN;
+ cli->dev_capab = *g++;
- if (t + 1 + 2 + 8 + 1 > cend)
- return -1; /* invalid data */
+ cli->config_methods = WPA_GET_BE16(g);
+ g += 2;
+ cli->pri_dev_type = g;
+ g += 8;
- cli->config_methods = WPA_GET_BE16(&t[1]);
- cli->pri_dev_type = &t[3];
-
- t += 1 + 2 + 8;
- /* t at Number of Secondary Device Types */
- cli->num_sec_dev_types = *t++;
- if (t + 8 * cli->num_sec_dev_types > cend)
+ /* g at Number of Secondary Device Types */
+ len = *g++;
+ if (8 * len > cend - g)
return -1; /* invalid data */
- cli->sec_dev_types = t;
- t += 8 * cli->num_sec_dev_types;
+ cli->num_sec_dev_types = len;
+ cli->sec_dev_types = g;
+ g += 8 * len;
- /* t at Device Name in WPS TLV format */
- if (t + 2 + 2 > cend)
+ /* g at Device Name in WPS TLV format */
+ if (cend - g < 2 + 2)
return -1; /* invalid data */
- if (WPA_GET_BE16(t) != ATTR_DEV_NAME)
+ if (WPA_GET_BE16(g) != ATTR_DEV_NAME)
return -1; /* invalid Device Name TLV */
- t += 2;
- count = WPA_GET_BE16(t);
- t += 2;
- if (count > cend - t)
+ g += 2;
+ count = WPA_GET_BE16(g);
+ g += 2;
+ if (count > cend - g)
return -1; /* invalid Device Name TLV */
if (count >= WPS_DEV_NAME_MAX_LEN)
count = WPS_DEV_NAME_MAX_LEN;
- cli->dev_name = (const char *) t;
+ cli->dev_name = (const char *) g;
cli->dev_name_len = count;
g = cend;
diff --git a/src/p2p/p2p_pd.c b/src/p2p/p2p_pd.c
index 86558f7..c416ab6 100644
--- a/src/p2p/p2p_pd.c
+++ b/src/p2p/p2p_pd.c
@@ -40,24 +40,38 @@
}
-static void p2ps_add_new_group_info(struct p2p_data *p2p, struct wpabuf *buf)
+static void p2ps_add_new_group_info(struct p2p_data *p2p,
+ struct p2p_device *dev,
+ struct wpabuf *buf)
{
int found;
u8 intended_addr[ETH_ALEN];
u8 ssid[SSID_MAX_LEN];
size_t ssid_len;
int group_iface;
+ unsigned int force_freq;
if (!p2p->cfg->get_go_info)
return;
found = p2p->cfg->get_go_info(
p2p->cfg->cb_ctx, intended_addr, ssid,
- &ssid_len, &group_iface);
+ &ssid_len, &group_iface, &force_freq);
if (found) {
+ if (force_freq > 0) {
+ p2p->p2ps_prov->force_freq = force_freq;
+ p2p->p2ps_prov->pref_freq = 0;
+
+ if (dev)
+ p2p_prepare_channel(p2p, dev, force_freq, 0, 0);
+ }
p2p_buf_add_group_id(buf, p2p->cfg->dev_addr,
ssid, ssid_len);
- p2p_buf_add_intended_addr(buf, intended_addr);
+
+ if (group_iface)
+ p2p_buf_add_intended_addr(buf, p2p->intended_addr);
+ else
+ p2p_buf_add_intended_addr(buf, intended_addr);
} else {
if (!p2p->ssid_set) {
p2p_build_ssid(p2p, p2p->ssid, &p2p->ssid_len);
@@ -82,76 +96,82 @@
struct wpabuf *buf, u16 config_methods)
{
struct p2ps_provision *prov = p2p->p2ps_prov;
- u8 feat_cap_mask[] = { 1, 0 };
+ struct p2ps_feature_capab fcap = { prov->cpt_mask, 0 };
int shared_group = 0;
u8 ssid[SSID_MAX_LEN];
size_t ssid_len;
u8 go_dev_addr[ETH_ALEN];
+ u8 intended_addr[ETH_ALEN];
+ int follow_on_req_fail = prov->status >= 0 &&
+ prov->status != P2P_SC_SUCCESS_DEFERRED;
/* If we might be explicite group owner, add GO details */
- if (prov->conncap & (P2PS_SETUP_GROUP_OWNER |
- P2PS_SETUP_NEW))
- p2ps_add_new_group_info(p2p, buf);
+ if (!follow_on_req_fail &&
+ (prov->conncap & (P2PS_SETUP_GROUP_OWNER | P2PS_SETUP_NEW)))
+ p2ps_add_new_group_info(p2p, dev, buf);
if (prov->status >= 0)
p2p_buf_add_status(buf, (u8) prov->status);
else
prov->method = config_methods;
- if (p2p->cfg->get_persistent_group) {
- shared_group = p2p->cfg->get_persistent_group(
- p2p->cfg->cb_ctx, dev->info.p2p_device_addr, NULL, 0,
- go_dev_addr, ssid, &ssid_len);
- }
+ if (!follow_on_req_fail) {
+ if (p2p->cfg->get_persistent_group) {
+ shared_group = p2p->cfg->get_persistent_group(
+ p2p->cfg->cb_ctx, dev->info.p2p_device_addr,
+ NULL, 0, go_dev_addr, ssid, &ssid_len,
+ intended_addr);
+ }
- /* Add Operating Channel if conncap includes GO */
- if (shared_group ||
- (prov->conncap & (P2PS_SETUP_GROUP_OWNER |
- P2PS_SETUP_NEW))) {
- u8 tmp;
+ if (shared_group ||
+ (prov->conncap & (P2PS_SETUP_CLIENT | P2PS_SETUP_NEW)))
+ p2p_buf_add_channel_list(buf, p2p->cfg->country,
+ &p2p->channels);
- p2p_go_select_channel(p2p, dev, &tmp);
-
- if (p2p->op_reg_class && p2p->op_channel)
+ if ((shared_group && !is_zero_ether_addr(intended_addr)) ||
+ (prov->conncap & (P2PS_SETUP_GROUP_OWNER | P2PS_SETUP_NEW)))
p2p_buf_add_operating_channel(buf, p2p->cfg->country,
p2p->op_reg_class,
p2p->op_channel);
- else
- p2p_buf_add_operating_channel(buf, p2p->cfg->country,
- p2p->cfg->op_reg_class,
- p2p->cfg->op_channel);
}
- p2p_buf_add_channel_list(buf, p2p->cfg->country, &p2p->cfg->channels);
-
- if (prov->info[0])
+ if (prov->status < 0 && prov->info[0])
p2p_buf_add_session_info(buf, prov->info);
- p2p_buf_add_connection_capability(buf, prov->conncap);
+ if (!follow_on_req_fail)
+ p2p_buf_add_connection_capability(buf, prov->conncap);
p2p_buf_add_advertisement_id(buf, prov->adv_id, prov->adv_mac);
- if (shared_group || prov->conncap == P2PS_SETUP_NEW ||
- prov->conncap ==
- (P2PS_SETUP_GROUP_OWNER | P2PS_SETUP_NEW) ||
- prov->conncap ==
- (P2PS_SETUP_GROUP_OWNER | P2PS_SETUP_CLIENT)) {
- /* Add Config Timeout */
- p2p_buf_add_config_timeout(buf, p2p->go_timeout,
- p2p->client_timeout);
- }
+ if (!follow_on_req_fail) {
+ if (shared_group || prov->conncap == P2PS_SETUP_NEW ||
+ prov->conncap ==
+ (P2PS_SETUP_GROUP_OWNER | P2PS_SETUP_NEW) ||
+ prov->conncap ==
+ (P2PS_SETUP_GROUP_OWNER | P2PS_SETUP_CLIENT)) {
+ /* Add Config Timeout */
+ p2p_buf_add_config_timeout(buf, p2p->go_timeout,
+ p2p->client_timeout);
+ }
- p2p_buf_add_listen_channel(buf, p2p->cfg->country, p2p->cfg->reg_class,
- p2p->cfg->channel);
+ p2p_buf_add_listen_channel(buf, p2p->cfg->country,
+ p2p->cfg->reg_class,
+ p2p->cfg->channel);
+ }
p2p_buf_add_session_id(buf, prov->session_id, prov->session_mac);
- p2p_buf_add_feature_capability(buf, sizeof(feat_cap_mask),
- feat_cap_mask);
+ p2p_buf_add_feature_capability(buf, sizeof(fcap), (const u8 *) &fcap);
- if (shared_group)
+ if (shared_group) {
p2p_buf_add_persistent_group_info(buf, go_dev_addr,
ssid, ssid_len);
+ /* Add intended interface address if it is not added yet */
+ if ((prov->conncap == P2PS_SETUP_NONE ||
+ prov->conncap == P2PS_SETUP_CLIENT) &&
+ !is_zero_ether_addr(intended_addr))
+ p2p_buf_add_intended_addr(buf, intended_addr);
+ }
}
@@ -232,7 +252,9 @@
const u8 *group_id,
size_t group_id_len,
const u8 *persist_ssid,
- size_t persist_ssid_len)
+ size_t persist_ssid_len,
+ const u8 *fcap,
+ u16 fcap_len)
{
struct wpabuf *buf;
size_t extra = 0;
@@ -270,10 +292,14 @@
/* Add P2P IE for P2PS */
if (p2p->p2ps_prov && p2p->p2ps_prov->adv_id == adv_id) {
- u8 feat_cap_mask[] = { 1, 0 };
u8 *len = p2p_buf_add_ie_hdr(buf);
struct p2ps_provision *prov = p2p->p2ps_prov;
u8 group_capab;
+ u8 conncap = 0;
+
+ if (status == P2P_SC_SUCCESS ||
+ status == P2P_SC_SUCCESS_DEFERRED)
+ conncap = prov->conncap;
if (!status && prov->status != -1)
status = prov->status;
@@ -290,33 +316,33 @@
group_capab);
p2p_buf_add_device_info(buf, p2p, NULL);
- if (persist_ssid && p2p->cfg->get_persistent_group &&
+ if (persist_ssid && p2p->cfg->get_persistent_group && dev &&
(status == P2P_SC_SUCCESS ||
status == P2P_SC_SUCCESS_DEFERRED)) {
u8 ssid[SSID_MAX_LEN];
size_t ssid_len;
u8 go_dev_addr[ETH_ALEN];
+ u8 intended_addr[ETH_ALEN];
persist = p2p->cfg->get_persistent_group(
p2p->cfg->cb_ctx,
dev->info.p2p_device_addr,
persist_ssid, persist_ssid_len, go_dev_addr,
- ssid, &ssid_len);
- if (persist)
+ ssid, &ssid_len, intended_addr);
+ if (persist) {
p2p_buf_add_persistent_group_info(
buf, go_dev_addr, ssid, ssid_len);
+ if (!is_zero_ether_addr(intended_addr))
+ p2p_buf_add_intended_addr(
+ buf, intended_addr);
+ }
}
- if (!persist && (prov->conncap & P2PS_SETUP_GROUP_OWNER))
- p2ps_add_new_group_info(p2p, buf);
+ if (!persist && (conncap & P2PS_SETUP_GROUP_OWNER))
+ p2ps_add_new_group_info(p2p, dev, buf);
/* Add Operating Channel if conncap indicates GO */
- if (persist || (prov->conncap & P2PS_SETUP_GROUP_OWNER)) {
- u8 tmp;
-
- if (dev)
- p2p_go_select_channel(p2p, dev, &tmp);
-
+ if (persist || (conncap & P2PS_SETUP_GROUP_OWNER)) {
if (p2p->op_reg_class && p2p->op_channel)
p2p_buf_add_operating_channel(
buf, p2p->cfg->country,
@@ -329,23 +355,25 @@
p2p->cfg->op_channel);
}
- p2p_buf_add_channel_list(buf, p2p->cfg->country,
- &p2p->cfg->channels);
+ if (persist ||
+ (conncap & (P2PS_SETUP_CLIENT | P2PS_SETUP_GROUP_OWNER)))
+ p2p_buf_add_channel_list(buf, p2p->cfg->country,
+ &p2p->channels);
- if (!persist && (status == P2P_SC_SUCCESS ||
- status == P2P_SC_SUCCESS_DEFERRED))
- p2p_buf_add_connection_capability(buf, prov->conncap);
+ if (!persist && conncap)
+ p2p_buf_add_connection_capability(buf, conncap);
p2p_buf_add_advertisement_id(buf, adv_id, prov->adv_mac);
- p2p_buf_add_config_timeout(buf, p2p->go_timeout,
- p2p->client_timeout);
+ if (persist ||
+ (conncap & (P2PS_SETUP_CLIENT | P2PS_SETUP_GROUP_OWNER)))
+ p2p_buf_add_config_timeout(buf, p2p->go_timeout,
+ p2p->client_timeout);
p2p_buf_add_session_id(buf, prov->session_id,
prov->session_mac);
- p2p_buf_add_feature_capability(buf, sizeof(feat_cap_mask),
- feat_cap_mask);
+ p2p_buf_add_feature_capability(buf, fcap_len, fcap);
p2p_buf_update_ie_hdr(buf, len);
} else if (status != P2P_SC_SUCCESS || adv_id) {
u8 *len = p2p_buf_add_ie_hdr(buf);
@@ -400,6 +428,129 @@
}
+static u8 p2ps_own_preferred_cpt(const u8 *cpt_priority, u8 req_cpt_mask)
+{
+ int i;
+
+ for (i = 0; cpt_priority[i]; i++)
+ if (req_cpt_mask & cpt_priority[i])
+ return cpt_priority[i];
+
+ return 0;
+}
+
+
+/* Check if the message contains a valid P2PS PD Request */
+static int p2ps_validate_pd_req(struct p2p_data *p2p, struct p2p_message *msg,
+ const u8 *addr)
+{
+ u8 group_id = 0;
+ u8 intended_addr = 0;
+ u8 operating_channel = 0;
+ u8 channel_list = 0;
+ u8 config_timeout = 0;
+ u8 listen_channel = 0;
+
+#define P2PS_PD_REQ_CHECK(_val, _attr) \
+do { \
+ if ((_val) && !msg->_attr) { \
+ p2p_dbg(p2p, "Not P2PS PD Request. Missing %s", #_attr); \
+ return -1; \
+ } \
+} while (0)
+
+ P2PS_PD_REQ_CHECK(1, adv_id);
+ P2PS_PD_REQ_CHECK(1, session_id);
+ P2PS_PD_REQ_CHECK(1, session_mac);
+ P2PS_PD_REQ_CHECK(1, adv_mac);
+ P2PS_PD_REQ_CHECK(1, capability);
+ P2PS_PD_REQ_CHECK(1, p2p_device_info);
+ P2PS_PD_REQ_CHECK(1, feature_cap);
+
+ /*
+ * We don't need to check Connection Capability, Persistent Group,
+ * and related attributes for follow-on PD Request with a status
+ * other than SUCCESS_DEFERRED.
+ */
+ if (msg->status && *msg->status != P2P_SC_SUCCESS_DEFERRED)
+ return 0;
+
+ P2PS_PD_REQ_CHECK(1, conn_cap);
+
+ /*
+ * Note 1: A feature capability attribute structure can be changed
+ * in the future. The assumption is that such modifications are
+ * backward compatible, therefore we allow processing of msg.feature_cap
+ * exceeding the size of the p2ps_feature_capab structure.
+ * Note 2: Verification of msg.feature_cap_len below has to be changed
+ * to allow 2 byte feature capability processing if
+ * struct p2ps_feature_capab is extended to include additional fields
+ * and it affects the structure size.
+ */
+ if (msg->feature_cap_len < sizeof(struct p2ps_feature_capab)) {
+ p2p_dbg(p2p, "P2PS: Invalid feature capability len");
+ return -1;
+ }
+
+ switch (*msg->conn_cap) {
+ case P2PS_SETUP_NEW:
+ group_id = 1;
+ intended_addr = 1;
+ operating_channel = 1;
+ channel_list = 1;
+ config_timeout = 1;
+ listen_channel = 1;
+ break;
+ case P2PS_SETUP_CLIENT:
+ channel_list = 1;
+ listen_channel = 1;
+ break;
+ case P2PS_SETUP_GROUP_OWNER:
+ group_id = 1;
+ intended_addr = 1;
+ operating_channel = 1;
+ break;
+ case P2PS_SETUP_NEW | P2PS_SETUP_GROUP_OWNER:
+ group_id = 1;
+ operating_channel = 1;
+ intended_addr = 1;
+ channel_list = 1;
+ config_timeout = 1;
+ break;
+ case P2PS_SETUP_CLIENT | P2PS_SETUP_GROUP_OWNER:
+ group_id = 1;
+ intended_addr = 1;
+ operating_channel = 1;
+ channel_list = 1;
+ config_timeout = 1;
+ break;
+ default:
+ p2p_dbg(p2p, "Invalid P2PS PD connection capability");
+ return -1;
+ }
+
+ if (msg->persistent_dev) {
+ channel_list = 1;
+ config_timeout = 1;
+ if (os_memcmp(msg->persistent_dev, addr, ETH_ALEN) == 0) {
+ intended_addr = 1;
+ operating_channel = 1;
+ }
+ }
+
+ P2PS_PD_REQ_CHECK(group_id, group_id);
+ P2PS_PD_REQ_CHECK(intended_addr, intended_addr);
+ P2PS_PD_REQ_CHECK(operating_channel, operating_channel);
+ P2PS_PD_REQ_CHECK(channel_list, channel_list);
+ P2PS_PD_REQ_CHECK(config_timeout, config_timeout);
+ P2PS_PD_REQ_CHECK(listen_channel, listen_channel);
+
+#undef P2PS_PD_REQ_CHECK
+
+ return 0;
+}
+
+
void p2p_process_prov_disc_req(struct p2p_data *p2p, const u8 *sa,
const u8 *data, size_t len, int rx_freq)
{
@@ -413,11 +564,16 @@
u8 conncap = P2PS_SETUP_NEW;
u8 auto_accept = 0;
u32 session_id = 0;
- u8 session_mac[ETH_ALEN];
- u8 adv_mac[ETH_ALEN];
- u8 group_mac[ETH_ALEN];
+ u8 session_mac[ETH_ALEN] = { 0, 0, 0, 0, 0, 0 };
+ u8 adv_mac[ETH_ALEN] = { 0, 0, 0, 0, 0, 0 };
+ const u8 *group_mac;
int passwd_id = DEV_PW_DEFAULT;
u16 config_methods;
+ u16 allowed_config_methods = WPS_CONFIG_DISPLAY | WPS_CONFIG_KEYPAD;
+ struct p2ps_feature_capab resp_fcap = { 0, 0 };
+ struct p2ps_feature_capab *req_fcap = NULL;
+ u8 remote_conncap;
+ u16 method;
if (p2p_parse(data, len, &msg))
return;
@@ -425,6 +581,7 @@
p2p_dbg(p2p, "Received Provision Discovery Request from " MACSTR
" with config methods 0x%x (freq=%d)",
MAC2STR(sa), msg.wps_config_methods, rx_freq);
+ group_mac = msg.intended_addr;
dev = p2p_get_device(p2p, sa);
if (dev == NULL || (dev->flags & P2P_DEV_PROBE_REQ_ONLY)) {
@@ -435,256 +592,431 @@
0)) {
p2p_dbg(p2p, "Provision Discovery Request add device failed "
MACSTR, MAC2STR(sa));
+ goto out;
+ }
+
+ if (!dev) {
+ dev = p2p_get_device(p2p, sa);
+ if (!dev) {
+ p2p_dbg(p2p,
+ "Provision Discovery device not found "
+ MACSTR, MAC2STR(sa));
+ goto out;
+ }
}
} else if (msg.wfd_subelems) {
wpabuf_free(dev->info.wfd_subelems);
dev->info.wfd_subelems = wpabuf_dup(msg.wfd_subelems);
}
- if (!(msg.wps_config_methods &
- (WPS_CONFIG_DISPLAY | WPS_CONFIG_KEYPAD |
- WPS_CONFIG_PUSHBUTTON | WPS_CONFIG_P2PS))) {
- p2p_dbg(p2p, "Unsupported Config Methods in Provision Discovery Request");
- goto out;
- }
-
- /* Legacy (non-P2PS) - Unknown groups allowed for P2PS */
- if (!msg.adv_id && msg.group_id) {
- size_t i;
- for (i = 0; i < p2p->num_groups; i++) {
- if (p2p_group_is_group_id_match(p2p->groups[i],
- msg.group_id,
- msg.group_id_len))
- break;
- }
- if (i == p2p->num_groups) {
- p2p_dbg(p2p, "PD request for unknown P2P Group ID - reject");
+ if (!msg.adv_id) {
+ allowed_config_methods |= WPS_CONFIG_PUSHBUTTON;
+ if (!(msg.wps_config_methods & allowed_config_methods)) {
+ p2p_dbg(p2p,
+ "Unsupported Config Methods in Provision Discovery Request");
goto out;
}
- }
- if (dev) {
- dev->flags &= ~(P2P_DEV_PD_PEER_DISPLAY |
- P2P_DEV_PD_PEER_KEYPAD |
- P2P_DEV_PD_PEER_P2PS);
+ /* Legacy (non-P2PS) - Unknown groups allowed for P2PS */
+ if (msg.group_id) {
+ size_t i;
- /* Remove stale persistent groups */
- if (p2p->cfg->remove_stale_groups) {
- p2p->cfg->remove_stale_groups(
- p2p->cfg->cb_ctx, dev->info.p2p_device_addr,
- msg.persistent_dev,
- msg.persistent_ssid, msg.persistent_ssid_len);
+ for (i = 0; i < p2p->num_groups; i++) {
+ if (p2p_group_is_group_id_match(
+ p2p->groups[i],
+ msg.group_id, msg.group_id_len))
+ break;
+ }
+ if (i == p2p->num_groups) {
+ p2p_dbg(p2p,
+ "PD request for unknown P2P Group ID - reject");
+ goto out;
+ }
}
- }
- if (msg.wps_config_methods & WPS_CONFIG_DISPLAY) {
- p2p_dbg(p2p, "Peer " MACSTR
- " requested us to show a PIN on display", MAC2STR(sa));
- if (dev)
- dev->flags |= P2P_DEV_PD_PEER_KEYPAD;
- passwd_id = DEV_PW_USER_SPECIFIED;
- } else if (msg.wps_config_methods & WPS_CONFIG_KEYPAD) {
- p2p_dbg(p2p, "Peer " MACSTR
- " requested us to write its PIN using keypad",
- MAC2STR(sa));
- if (dev)
- dev->flags |= P2P_DEV_PD_PEER_DISPLAY;
- passwd_id = DEV_PW_REGISTRAR_SPECIFIED;
- } else if (msg.wps_config_methods & WPS_CONFIG_P2PS) {
- p2p_dbg(p2p, "Peer " MACSTR " requesting P2PS PIN",
- MAC2STR(sa));
- if (dev)
- dev->flags |= P2P_DEV_PD_PEER_P2PS;
- passwd_id = DEV_PW_P2PS_DEFAULT;
- }
+ } else {
+ allowed_config_methods |= WPS_CONFIG_P2PS;
- reject = P2P_SC_SUCCESS;
+ /*
+ * Set adv_id here, so in case of an error, a P2PS PD Response
+ * will be sent.
+ */
+ adv_id = WPA_GET_LE32(msg.adv_id);
+ if (p2ps_validate_pd_req(p2p, &msg, sa) < 0) {
+ reject = P2P_SC_FAIL_INVALID_PARAMS;
+ goto out;
+ }
- os_memset(session_mac, 0, ETH_ALEN);
- os_memset(adv_mac, 0, ETH_ALEN);
- os_memset(group_mac, 0, ETH_ALEN);
-
- if (msg.adv_id && msg.session_id && msg.session_mac && msg.adv_mac &&
- (msg.status || msg.conn_cap)) {
- u8 remote_conncap;
-
- if (msg.intended_addr)
- os_memcpy(group_mac, msg.intended_addr, ETH_ALEN);
+ req_fcap = (struct p2ps_feature_capab *) msg.feature_cap;
os_memcpy(session_mac, msg.session_mac, ETH_ALEN);
os_memcpy(adv_mac, msg.adv_mac, ETH_ALEN);
session_id = WPA_GET_LE32(msg.session_id);
- adv_id = WPA_GET_LE32(msg.adv_id);
-
- if (!msg.status)
- p2ps_adv = p2p_service_p2ps_id(p2p, adv_id);
-
- p2p_dbg(p2p, "adv_id: %x - p2ps_adv - %p", adv_id, p2ps_adv);
if (msg.conn_cap)
conncap = *msg.conn_cap;
- remote_conncap = conncap;
- if (p2ps_adv) {
- auto_accept = p2ps_adv->auto_accept;
- conncap = p2p->cfg->p2ps_group_capability(
- p2p->cfg->cb_ctx, conncap, auto_accept);
+ /*
+ * We need to verify a P2PS config methog in an initial PD
+ * request or in a follow-on PD request with the status
+ * SUCCESS_DEFERRED.
+ */
+ if ((!msg.status || *msg.status == P2P_SC_SUCCESS_DEFERRED) &&
+ !(msg.wps_config_methods & allowed_config_methods)) {
+ p2p_dbg(p2p,
+ "Unsupported Config Methods in Provision Discovery Request");
+ goto out;
+ }
- p2p_dbg(p2p, "Conncap: local:%d remote:%d result:%d",
- auto_accept, remote_conncap, conncap);
+ /*
+ * TODO: since we don't support multiple PD, reject PD request
+ * if we are in the middle of P2PS PD with some other peer
+ */
+ }
- if (p2ps_adv->config_methods &&
- !(msg.wps_config_methods &
- p2ps_adv->config_methods)) {
- p2p_dbg(p2p,
- "Unsupported config methods in Provision Discovery Request (own=0x%x peer=0x%x)",
- p2ps_adv->config_methods,
- msg.wps_config_methods);
- reject = P2P_SC_FAIL_INCOMPATIBLE_PARAMS;
- } else if (!p2ps_adv->state) {
- p2p_dbg(p2p, "P2PS state unavailable");
- reject = P2P_SC_FAIL_UNABLE_TO_ACCOMMODATE;
- } else if (!conncap) {
- p2p_dbg(p2p, "Conncap resolution failed");
- reject = P2P_SC_FAIL_INCOMPATIBLE_PARAMS;
- }
+ dev->flags &= ~(P2P_DEV_PD_PEER_DISPLAY |
+ P2P_DEV_PD_PEER_KEYPAD |
+ P2P_DEV_PD_PEER_P2PS);
- if (msg.wps_config_methods & WPS_CONFIG_KEYPAD) {
- p2p_dbg(p2p, "Keypad - always defer");
- auto_accept = 0;
- }
+ if (msg.wps_config_methods & WPS_CONFIG_DISPLAY) {
+ p2p_dbg(p2p, "Peer " MACSTR
+ " requested us to show a PIN on display", MAC2STR(sa));
+ dev->flags |= P2P_DEV_PD_PEER_KEYPAD;
+ passwd_id = DEV_PW_USER_SPECIFIED;
+ } else if (msg.wps_config_methods & WPS_CONFIG_KEYPAD) {
+ p2p_dbg(p2p, "Peer " MACSTR
+ " requested us to write its PIN using keypad",
+ MAC2STR(sa));
+ dev->flags |= P2P_DEV_PD_PEER_DISPLAY;
+ passwd_id = DEV_PW_REGISTRAR_SPECIFIED;
+ } else if (msg.wps_config_methods & WPS_CONFIG_P2PS) {
+ p2p_dbg(p2p, "Peer " MACSTR " requesting P2PS PIN",
+ MAC2STR(sa));
+ dev->flags |= P2P_DEV_PD_PEER_P2PS;
+ passwd_id = DEV_PW_P2PS_DEFAULT;
+ }
- if (auto_accept || reject != P2P_SC_SUCCESS) {
- struct p2ps_provision *tmp;
+ /* Remove stale persistent groups */
+ if (p2p->cfg->remove_stale_groups) {
+ p2p->cfg->remove_stale_groups(
+ p2p->cfg->cb_ctx, dev->info.p2p_device_addr,
+ msg.persistent_dev,
+ msg.persistent_ssid, msg.persistent_ssid_len);
+ }
- if (reject == P2P_SC_SUCCESS && !conncap) {
- reject =
- P2P_SC_FAIL_INCOMPATIBLE_PARAMS;
- }
+ reject = P2P_SC_SUCCESS;
- if (p2ps_setup_p2ps_prov(
- p2p, adv_id, session_id,
- msg.wps_config_methods,
- session_mac, adv_mac) < 0) {
- reject = P2P_SC_FAIL_UNABLE_TO_ACCOMMODATE;
- goto out;
- }
+ /*
+ * End of a legacy P2P PD Request processing, from this point continue
+ * with P2PS one.
+ */
+ if (!msg.adv_id)
+ goto out;
- tmp = p2p->p2ps_prov;
- if (conncap) {
- tmp->conncap = conncap;
- tmp->status = P2P_SC_SUCCESS;
- } else {
- tmp->conncap = auto_accept;
- tmp->status = P2P_SC_FAIL_INCOMPATIBLE_PARAMS;
- }
+ remote_conncap = conncap;
- if (reject != P2P_SC_SUCCESS)
- goto out;
- }
- } else if (!msg.status) {
+ if (!msg.status) {
+ unsigned int forced_freq, pref_freq;
+
+ if (os_memcmp(p2p->cfg->dev_addr, msg.adv_mac, ETH_ALEN)) {
+ p2p_dbg(p2p,
+ "P2PS PD adv mac does not match the local one");
reject = P2P_SC_FAIL_INCOMPATIBLE_PARAMS;
goto out;
}
- if (!msg.status && !auto_accept &&
- (!p2p->p2ps_prov || p2p->p2ps_prov->adv_id != adv_id)) {
- struct p2ps_provision *tmp;
+ p2ps_adv = p2p_service_p2ps_id(p2p, adv_id);
+ if (!p2ps_adv) {
+ p2p_dbg(p2p, "P2PS PD invalid adv_id=0x%X", adv_id);
+ reject = P2P_SC_FAIL_INCOMPATIBLE_PARAMS;
+ goto out;
+ }
+ p2p_dbg(p2p, "adv_id: 0x%X, p2ps_adv: %p", adv_id, p2ps_adv);
- if (!conncap) {
- reject = P2P_SC_FAIL_INCOMPATIBLE_PARAMS;
- goto out;
+ auto_accept = p2ps_adv->auto_accept;
+ conncap = p2p->cfg->p2ps_group_capability(p2p->cfg->cb_ctx,
+ conncap, auto_accept,
+ &forced_freq,
+ &pref_freq);
+
+ p2p_dbg(p2p, "Conncap: local:%d remote:%d result:%d",
+ auto_accept, remote_conncap, conncap);
+
+ p2p_prepare_channel(p2p, dev, forced_freq, pref_freq, 0);
+
+ resp_fcap.cpt = p2ps_own_preferred_cpt(p2ps_adv->cpt_priority,
+ req_fcap->cpt);
+
+ p2p_dbg(p2p, "cpt: service:0x%x remote:0x%x result:0x%x",
+ p2ps_adv->cpt_mask, req_fcap->cpt, resp_fcap.cpt);
+
+ if (!resp_fcap.cpt) {
+ p2p_dbg(p2p,
+ "Incompatible P2PS feature capability CPT bitmask");
+ reject = P2P_SC_FAIL_INCOMPATIBLE_PARAMS;
+ } else if (p2ps_adv->config_methods &&
+ !(msg.wps_config_methods &
+ p2ps_adv->config_methods)) {
+ p2p_dbg(p2p,
+ "Unsupported config methods in Provision Discovery Request (own=0x%x peer=0x%x)",
+ p2ps_adv->config_methods,
+ msg.wps_config_methods);
+ reject = P2P_SC_FAIL_INCOMPATIBLE_PARAMS;
+ } else if (!p2ps_adv->state) {
+ p2p_dbg(p2p, "P2PS state unavailable");
+ reject = P2P_SC_FAIL_UNABLE_TO_ACCOMMODATE;
+ } else if (!conncap) {
+ p2p_dbg(p2p, "Conncap resolution failed");
+ reject = P2P_SC_FAIL_INCOMPATIBLE_PARAMS;
+ }
+
+ if (msg.wps_config_methods & WPS_CONFIG_KEYPAD) {
+ p2p_dbg(p2p, "Keypad - always defer");
+ auto_accept = 0;
+ }
+
+ if ((remote_conncap & (P2PS_SETUP_NEW | P2PS_SETUP_CLIENT) ||
+ msg.persistent_dev) && conncap != P2PS_SETUP_NEW &&
+ msg.channel_list && msg.channel_list_len &&
+ p2p_peer_channels_check(p2p, &p2p->channels, dev,
+ msg.channel_list,
+ msg.channel_list_len) < 0) {
+ p2p_dbg(p2p,
+ "No common channels - force deferred flow");
+ auto_accept = 0;
+ }
+
+ if (((remote_conncap & P2PS_SETUP_GROUP_OWNER) ||
+ msg.persistent_dev) && msg.operating_channel) {
+ struct p2p_channels intersect;
+
+ /*
+ * There are cases where only the operating channel is
+ * provided. This requires saving the channel as the
+ * supported channel list, and verifying that it is
+ * supported.
+ */
+ if (dev->channels.reg_classes == 0 ||
+ !p2p_channels_includes(&dev->channels,
+ msg.operating_channel[3],
+ msg.operating_channel[4])) {
+ struct p2p_channels *ch = &dev->channels;
+
+ os_memset(ch, 0, sizeof(*ch));
+ ch->reg_class[0].reg_class =
+ msg.operating_channel[3];
+ ch->reg_class[0].channel[0] =
+ msg.operating_channel[4];
+ ch->reg_class[0].channels = 1;
+ ch->reg_classes = 1;
}
+ p2p_channels_intersect(&p2p->channels, &dev->channels,
+ &intersect);
+
+ if (intersect.reg_classes == 0) {
+ p2p_dbg(p2p,
+ "No common channels - force deferred flow");
+ auto_accept = 0;
+ }
+ }
+
+ if (auto_accept || reject != P2P_SC_SUCCESS) {
+ struct p2ps_provision *tmp;
+
if (p2ps_setup_p2ps_prov(p2p, adv_id, session_id,
msg.wps_config_methods,
session_mac, adv_mac) < 0) {
reject = P2P_SC_FAIL_UNABLE_TO_ACCOMMODATE;
goto out;
}
+
tmp = p2p->p2ps_prov;
- reject = P2P_SC_FAIL_INFO_CURRENTLY_UNAVAILABLE;
- tmp->status = reject;
- }
-
- if (msg.status) {
- if (*msg.status &&
- *msg.status != P2P_SC_SUCCESS_DEFERRED) {
- reject = *msg.status;
- } else if (*msg.status == P2P_SC_SUCCESS_DEFERRED &&
- p2p->p2ps_prov) {
- u16 method = p2p->p2ps_prov->method;
-
- conncap = p2p->cfg->p2ps_group_capability(
- p2p->cfg->cb_ctx, remote_conncap,
- p2p->p2ps_prov->conncap);
-
- p2p_dbg(p2p,
- "Conncap: local:%d remote:%d result:%d",
- p2p->p2ps_prov->conncap,
- remote_conncap, conncap);
-
- /*
- * Ensure that if we asked for PIN originally,
- * our method is consistent with original
- * request.
- */
- if (method & WPS_CONFIG_DISPLAY)
- method = WPS_CONFIG_KEYPAD;
- else if (method & WPS_CONFIG_KEYPAD)
- method = WPS_CONFIG_DISPLAY;
-
- /* Reject this "Deferred Accept* if incompatible
- * conncap or method */
- if (!conncap ||
- !(msg.wps_config_methods & method))
- reject =
- P2P_SC_FAIL_INCOMPATIBLE_PARAMS;
- else
- reject = P2P_SC_SUCCESS;
-
- p2p->p2ps_prov->status = reject;
- p2p->p2ps_prov->conncap = conncap;
+ tmp->force_freq = forced_freq;
+ tmp->pref_freq = pref_freq;
+ if (conncap) {
+ tmp->conncap = conncap;
+ tmp->status = P2P_SC_SUCCESS;
+ } else {
+ tmp->conncap = auto_accept;
+ tmp->status = P2P_SC_FAIL_INCOMPATIBLE_PARAMS;
}
+
+ if (reject != P2P_SC_SUCCESS)
+ goto out;
}
}
+ if (!msg.status && !auto_accept &&
+ (!p2p->p2ps_prov || p2p->p2ps_prov->adv_id != adv_id)) {
+ struct p2ps_provision *tmp;
+
+ if (!conncap) {
+ reject = P2P_SC_FAIL_INCOMPATIBLE_PARAMS;
+ goto out;
+ }
+
+ if (p2ps_setup_p2ps_prov(p2p, adv_id, session_id,
+ msg.wps_config_methods,
+ session_mac, adv_mac) < 0) {
+ reject = P2P_SC_FAIL_UNABLE_TO_ACCOMMODATE;
+ goto out;
+ }
+ tmp = p2p->p2ps_prov;
+ reject = P2P_SC_FAIL_INFO_CURRENTLY_UNAVAILABLE;
+ tmp->status = reject;
+ }
+
+ /* Not a P2PS Follow-on PD */
+ if (!msg.status)
+ goto out;
+
+ if (*msg.status && *msg.status != P2P_SC_SUCCESS_DEFERRED) {
+ reject = *msg.status;
+ goto out;
+ }
+
+ if (*msg.status != P2P_SC_SUCCESS_DEFERRED || !p2p->p2ps_prov)
+ goto out;
+
+ if (p2p->p2ps_prov->adv_id != adv_id ||
+ os_memcmp(p2p->p2ps_prov->adv_mac, msg.adv_mac, ETH_ALEN)) {
+ p2p_dbg(p2p,
+ "P2PS Follow-on PD with mismatch Advertisement ID/MAC");
+ goto out;
+ }
+
+ if (p2p->p2ps_prov->session_id != session_id ||
+ os_memcmp(p2p->p2ps_prov->session_mac, msg.session_mac, ETH_ALEN)) {
+ p2p_dbg(p2p, "P2PS Follow-on PD with mismatch Session ID/MAC");
+ goto out;
+ }
+
+ method = p2p->p2ps_prov->method;
+
+ conncap = p2p->cfg->p2ps_group_capability(p2p->cfg->cb_ctx,
+ remote_conncap,
+ p2p->p2ps_prov->conncap,
+ &p2p->p2ps_prov->force_freq,
+ &p2p->p2ps_prov->pref_freq);
+
+ resp_fcap.cpt = p2ps_own_preferred_cpt(p2p->p2ps_prov->cpt_priority,
+ req_fcap->cpt);
+
+ p2p_dbg(p2p, "cpt: local:0x%x remote:0x%x result:0x%x",
+ p2p->p2ps_prov->cpt_mask, req_fcap->cpt, resp_fcap.cpt);
+
+ p2p_prepare_channel(p2p, dev, p2p->p2ps_prov->force_freq,
+ p2p->p2ps_prov->pref_freq, 0);
+
+ /*
+ * Ensure that if we asked for PIN originally, our method is consistent
+ * with original request.
+ */
+ if (method & WPS_CONFIG_DISPLAY)
+ method = WPS_CONFIG_KEYPAD;
+ else if (method & WPS_CONFIG_KEYPAD)
+ method = WPS_CONFIG_DISPLAY;
+
+ if (!conncap || !(msg.wps_config_methods & method)) {
+ /*
+ * Reject this "Deferred Accept*
+ * if incompatible conncap or method
+ */
+ reject = P2P_SC_FAIL_INCOMPATIBLE_PARAMS;
+ } else if (!resp_fcap.cpt) {
+ p2p_dbg(p2p,
+ "Incompatible P2PS feature capability CPT bitmask");
+ reject = P2P_SC_FAIL_INCOMPATIBLE_PARAMS;
+ } else if ((remote_conncap & (P2PS_SETUP_NEW | P2PS_SETUP_CLIENT) ||
+ msg.persistent_dev) && conncap != P2PS_SETUP_NEW &&
+ msg.channel_list && msg.channel_list_len &&
+ p2p_peer_channels_check(p2p, &p2p->channels, dev,
+ msg.channel_list,
+ msg.channel_list_len) < 0) {
+ p2p_dbg(p2p,
+ "No common channels in Follow-On Provision Discovery Request");
+ reject = P2P_SC_FAIL_NO_COMMON_CHANNELS;
+ } else {
+ reject = P2P_SC_SUCCESS;
+ }
+
+ dev->oper_freq = 0;
+ if (reject == P2P_SC_SUCCESS || reject == P2P_SC_SUCCESS_DEFERRED) {
+ u8 tmp;
+
+ if (msg.operating_channel)
+ dev->oper_freq =
+ p2p_channel_to_freq(msg.operating_channel[3],
+ msg.operating_channel[4]);
+
+ if ((conncap & P2PS_SETUP_GROUP_OWNER) &&
+ p2p_go_select_channel(p2p, dev, &tmp) < 0)
+ reject = P2P_SC_FAIL_NO_COMMON_CHANNELS;
+ }
+
+ p2p->p2ps_prov->status = reject;
+ p2p->p2ps_prov->conncap = conncap;
+
out:
if (reject == P2P_SC_SUCCESS ||
reject == P2P_SC_FAIL_INFO_CURRENTLY_UNAVAILABLE)
config_methods = msg.wps_config_methods;
else
config_methods = 0;
- resp = p2p_build_prov_disc_resp(p2p, dev, msg.dialog_token, reject,
- config_methods, adv_id,
- msg.group_id, msg.group_id_len,
- msg.persistent_ssid,
- msg.persistent_ssid_len);
- if (resp == NULL) {
- p2p_parse_free(&msg);
- return;
- }
- p2p_dbg(p2p, "Sending Provision Discovery Response");
- if (rx_freq > 0)
- freq = rx_freq;
- else
- freq = p2p_channel_to_freq(p2p->cfg->reg_class,
- p2p->cfg->channel);
- if (freq < 0) {
- p2p_dbg(p2p, "Unknown regulatory class/channel");
- wpabuf_free(resp);
- p2p_parse_free(&msg);
- return;
- }
- p2p->pending_action_state = P2P_PENDING_PD_RESPONSE;
- if (p2p_send_action(p2p, freq, sa, p2p->cfg->dev_addr,
- p2p->cfg->dev_addr,
- wpabuf_head(resp), wpabuf_len(resp), 200) < 0) {
- p2p_dbg(p2p, "Failed to send Action frame");
- } else
- p2p->send_action_in_progress = 1;
- wpabuf_free(resp);
+ /*
+ * Send PD Response for an initial PD Request or for follow-on
+ * PD Request with P2P_SC_SUCCESS_DEFERRED status.
+ */
+ if (!msg.status || *msg.status == P2P_SC_SUCCESS_DEFERRED) {
+ resp = p2p_build_prov_disc_resp(p2p, dev, msg.dialog_token,
+ reject, config_methods, adv_id,
+ msg.group_id, msg.group_id_len,
+ msg.persistent_ssid,
+ msg.persistent_ssid_len,
+ (const u8 *) &resp_fcap,
+ sizeof(resp_fcap));
+ if (!resp) {
+ p2p_parse_free(&msg);
+ return;
+ }
+ p2p_dbg(p2p, "Sending Provision Discovery Response");
+ if (rx_freq > 0)
+ freq = rx_freq;
+ else
+ freq = p2p_channel_to_freq(p2p->cfg->reg_class,
+ p2p->cfg->channel);
+ if (freq < 0) {
+ p2p_dbg(p2p, "Unknown regulatory class/channel");
+ wpabuf_free(resp);
+ p2p_parse_free(&msg);
+ return;
+ }
+ p2p->pending_action_state = P2P_PENDING_PD_RESPONSE;
+ if (p2p_send_action(p2p, freq, sa, p2p->cfg->dev_addr,
+ p2p->cfg->dev_addr,
+ wpabuf_head(resp), wpabuf_len(resp),
+ 200) < 0)
+ p2p_dbg(p2p, "Failed to send Action frame");
+ else
+ p2p->send_action_in_progress = 1;
+
+ wpabuf_free(resp);
+ }
+
+ if (!dev) {
+ p2p_parse_free(&msg);
+ return;
+ }
+
+ freq = 0;
+ if (reject == P2P_SC_SUCCESS && conncap == P2PS_SETUP_GROUP_OWNER) {
+ freq = p2p_channel_to_freq(p2p->op_reg_class,
+ p2p->op_channel);
+ if (freq < 0)
+ freq = 0;
+ }
if (!p2p->cfg->p2ps_prov_complete) {
/* Don't emit anything */
@@ -696,7 +1028,7 @@
NULL, adv_id, session_id,
0, 0, msg.persistent_ssid,
msg.persistent_ssid_len,
- 0, 0, NULL);
+ 0, 0, NULL, NULL, 0, freq);
} else if (msg.status && *msg.status == P2P_SC_SUCCESS_DEFERRED &&
p2p->p2ps_prov) {
p2p->p2ps_prov->status = reject;
@@ -709,7 +1041,7 @@
session_id, conncap, 0,
msg.persistent_ssid,
msg.persistent_ssid_len, 0,
- 0, NULL);
+ 0, NULL, NULL, 0, freq);
else
p2p->cfg->p2ps_prov_complete(p2p->cfg->cb_ctx,
*msg.status,
@@ -719,7 +1051,9 @@
passwd_id,
msg.persistent_ssid,
msg.persistent_ssid_len, 0,
- 0, NULL);
+ 0, NULL,
+ (const u8 *) &resp_fcap,
+ sizeof(resp_fcap), freq);
} else if (msg.status && p2p->p2ps_prov) {
p2p->p2ps_prov->status = P2P_SC_SUCCESS;
p2p->cfg->p2ps_prov_complete(p2p->cfg->cb_ctx, *msg.status, sa,
@@ -728,7 +1062,9 @@
passwd_id,
msg.persistent_ssid,
msg.persistent_ssid_len,
- 0, 0, NULL);
+ 0, 0, NULL,
+ (const u8 *) &resp_fcap,
+ sizeof(resp_fcap), freq);
} else if (msg.status) {
} else if (auto_accept && reject == P2P_SC_SUCCESS) {
p2p->cfg->p2ps_prov_complete(p2p->cfg->cb_ctx, P2P_SC_SUCCESS,
@@ -737,7 +1073,9 @@
conncap, passwd_id,
msg.persistent_ssid,
msg.persistent_ssid_len,
- 0, 0, NULL);
+ 0, 0, NULL,
+ (const u8 *) &resp_fcap,
+ sizeof(resp_fcap), freq);
} else if (reject == P2P_SC_FAIL_INFO_CURRENTLY_UNAVAILABLE &&
(!msg.session_info || !msg.session_info_len)) {
p2p->p2ps_prov->method = msg.wps_config_methods;
@@ -748,7 +1086,9 @@
conncap, passwd_id,
msg.persistent_ssid,
msg.persistent_ssid_len,
- 0, 1, NULL);
+ 0, 1, NULL,
+ (const u8 *) &resp_fcap,
+ sizeof(resp_fcap), freq);
} else if (reject == P2P_SC_FAIL_INFO_CURRENTLY_UNAVAILABLE) {
size_t buf_len = msg.session_info_len;
char *buf = os_malloc(2 * buf_len + 1);
@@ -764,14 +1104,46 @@
adv_mac, session_mac, group_mac, adv_id,
session_id, conncap, passwd_id,
msg.persistent_ssid, msg.persistent_ssid_len,
- 0, 1, buf);
+ 0, 1, buf,
+ (const u8 *) &resp_fcap, sizeof(resp_fcap),
+ freq);
os_free(buf);
}
}
- if (reject == P2P_SC_SUCCESS && p2p->cfg->prov_disc_req) {
+ /*
+ * prov_disc_req callback is used to generate P2P-PROV-DISC-ENTER-PIN,
+ * P2P-PROV-DISC-SHOW-PIN, and P2P-PROV-DISC-PBC-REQ events.
+ * Call it either on legacy P2P PD or on P2PS PD only if we need to
+ * enter/show PIN.
+ *
+ * The callback is called in the following cases:
+ * 1. Legacy P2P PD request, response status SUCCESS
+ * 2. P2PS advertiser, method: DISPLAY, autoaccept: TRUE,
+ * response status: SUCCESS
+ * 3. P2PS advertiser, method DISPLAY, autoaccept: FALSE,
+ * response status: INFO_CURRENTLY_UNAVAILABLE
+ * 4. P2PS advertiser, method: KEYPAD, autoaccept==any,
+ * response status: INFO_CURRENTLY_UNAVAILABLE
+ * 5. P2PS follow-on with SUCCESS_DEFERRED,
+ * advertiser role: DISPLAY, autoaccept: FALSE,
+ * seeker: KEYPAD, response status: SUCCESS
+ */
+ if (p2p->cfg->prov_disc_req &&
+ ((reject == P2P_SC_SUCCESS && !msg.adv_id) ||
+ (!msg.status &&
+ (reject == P2P_SC_SUCCESS ||
+ reject == P2P_SC_FAIL_INFO_CURRENTLY_UNAVAILABLE) &&
+ passwd_id == DEV_PW_USER_SPECIFIED) ||
+ (!msg.status &&
+ reject == P2P_SC_FAIL_INFO_CURRENTLY_UNAVAILABLE &&
+ passwd_id == DEV_PW_REGISTRAR_SPECIFIED) ||
+ (reject == P2P_SC_SUCCESS &&
+ msg.status && *msg.status == P2P_SC_SUCCESS_DEFERRED &&
+ passwd_id == DEV_PW_REGISTRAR_SPECIFIED))) {
const u8 *dev_addr = sa;
+
if (msg.p2p_device_addr)
dev_addr = msg.p2p_device_addr;
p2p->cfg->prov_disc_req(p2p->cfg->cb_ctx, sa,
@@ -783,10 +1155,133 @@
0,
msg.group_id, msg.group_id_len);
}
+
+ if (reject == P2P_SC_SUCCESS) {
+ switch (config_methods) {
+ case WPS_CONFIG_DISPLAY:
+ dev->wps_prov_info = WPS_CONFIG_KEYPAD;
+ break;
+ case WPS_CONFIG_KEYPAD:
+ dev->wps_prov_info = WPS_CONFIG_DISPLAY;
+ break;
+ case WPS_CONFIG_PUSHBUTTON:
+ dev->wps_prov_info = WPS_CONFIG_PUSHBUTTON;
+ break;
+ case WPS_CONFIG_P2PS:
+ dev->wps_prov_info = WPS_CONFIG_P2PS;
+ break;
+ default:
+ dev->wps_prov_info = 0;
+ break;
+ }
+
+ if (msg.intended_addr)
+ os_memcpy(dev->interface_addr, msg.intended_addr,
+ ETH_ALEN);
+ }
p2p_parse_free(&msg);
}
+static int p2p_validate_p2ps_pd_resp(struct p2p_data *p2p,
+ struct p2p_message *msg)
+{
+ u8 conn_cap_go = 0;
+ u8 conn_cap_cli = 0;
+ u32 session_id;
+ u32 adv_id;
+
+#define P2PS_PD_RESP_CHECK(_val, _attr) \
+ do { \
+ if ((_val) && !msg->_attr) { \
+ p2p_dbg(p2p, "P2PS PD Response missing " #_attr); \
+ return -1; \
+ } \
+ } while (0)
+
+ P2PS_PD_RESP_CHECK(1, status);
+ P2PS_PD_RESP_CHECK(1, adv_id);
+ P2PS_PD_RESP_CHECK(1, adv_mac);
+ P2PS_PD_RESP_CHECK(1, capability);
+ P2PS_PD_RESP_CHECK(1, p2p_device_info);
+ P2PS_PD_RESP_CHECK(1, session_id);
+ P2PS_PD_RESP_CHECK(1, session_mac);
+ P2PS_PD_RESP_CHECK(1, feature_cap);
+
+ session_id = WPA_GET_LE32(msg->session_id);
+ adv_id = WPA_GET_LE32(msg->adv_id);
+
+ if (p2p->p2ps_prov->session_id != session_id) {
+ p2p_dbg(p2p,
+ "Ignore PD Response with unexpected Session ID");
+ return -1;
+ }
+
+ if (os_memcmp(p2p->p2ps_prov->session_mac, msg->session_mac,
+ ETH_ALEN)) {
+ p2p_dbg(p2p,
+ "Ignore PD Response with unexpected Session MAC");
+ return -1;
+ }
+
+ if (p2p->p2ps_prov->adv_id != adv_id) {
+ p2p_dbg(p2p,
+ "Ignore PD Response with unexpected Advertisement ID");
+ return -1;
+ }
+
+ if (os_memcmp(p2p->p2ps_prov->adv_mac, msg->adv_mac, ETH_ALEN) != 0) {
+ p2p_dbg(p2p,
+ "Ignore PD Response with unexpected Advertisement MAC");
+ return -1;
+ }
+
+ if (msg->listen_channel) {
+ p2p_dbg(p2p,
+ "Ignore malformed PD Response - unexpected Listen Channel");
+ return -1;
+ }
+
+ if (*msg->status == P2P_SC_SUCCESS &&
+ !(!!msg->conn_cap ^ !!msg->persistent_dev)) {
+ p2p_dbg(p2p,
+ "Ignore malformed PD Response - either conn_cap or persistent group should be present");
+ return -1;
+ }
+
+ if (msg->persistent_dev && *msg->status != P2P_SC_SUCCESS) {
+ p2p_dbg(p2p,
+ "Ignore malformed PD Response - persistent group is present, but the status isn't success");
+ return -1;
+ }
+
+ if (msg->conn_cap) {
+ conn_cap_go = *msg->conn_cap == P2PS_SETUP_GROUP_OWNER;
+ conn_cap_cli = *msg->conn_cap == P2PS_SETUP_CLIENT;
+ }
+
+ P2PS_PD_RESP_CHECK(msg->persistent_dev || conn_cap_go || conn_cap_cli,
+ channel_list);
+ P2PS_PD_RESP_CHECK(msg->persistent_dev || conn_cap_go || conn_cap_cli,
+ config_timeout);
+
+ P2PS_PD_RESP_CHECK(conn_cap_go, group_id);
+ P2PS_PD_RESP_CHECK(conn_cap_go, intended_addr);
+ P2PS_PD_RESP_CHECK(conn_cap_go, operating_channel);
+ /*
+ * TODO: Also validate that operating channel is present if the device
+ * is a GO in a persistent group. We can't do it here since we don't
+ * know what is the role of the peer. It should be probably done in
+ * p2ps_prov_complete callback, but currently operating channel isn't
+ * passed to it.
+ */
+
+#undef P2PS_PD_RESP_CHECK
+
+ return 0;
+}
+
+
void p2p_process_prov_disc_resp(struct p2p_data *p2p, const u8 *sa,
const u8 *data, size_t len)
{
@@ -794,24 +1289,26 @@
struct p2p_device *dev;
u16 report_config_methods = 0, req_config_methods;
u8 status = P2P_SC_SUCCESS;
- int success = 0;
u32 adv_id = 0;
u8 conncap = P2PS_SETUP_NEW;
u8 adv_mac[ETH_ALEN];
- u8 group_mac[ETH_ALEN];
+ const u8 *group_mac;
int passwd_id = DEV_PW_DEFAULT;
+ int p2ps_seeker;
if (p2p_parse(data, len, &msg))
return;
+ if (p2p->p2ps_prov && p2p_validate_p2ps_pd_resp(p2p, &msg)) {
+ p2p_parse_free(&msg);
+ return;
+ }
+
/* Parse the P2PS members present */
if (msg.status)
status = *msg.status;
- if (msg.intended_addr)
- os_memcpy(group_mac, msg.intended_addr, ETH_ALEN);
- else
- os_memset(group_mac, 0, ETH_ALEN);
+ group_mac = msg.intended_addr;
if (msg.adv_mac)
os_memcpy(adv_mac, msg.adv_mac, ETH_ALEN);
@@ -859,6 +1356,8 @@
p2p->pending_action_state = P2P_NO_PENDING_ACTION;
}
+ p2ps_seeker = p2p->p2ps_prov && p2p->p2ps_prov->pd_seeker;
+
/*
* Use a local copy of the requested config methods since
* p2p_reset_pending_pd() can clear this in the peer entry.
@@ -907,30 +1406,80 @@
passwd_id = DEV_PW_P2PS_DEFAULT;
}
- if ((msg.conn_cap || msg.persistent_dev) &&
- msg.adv_id &&
- (status == P2P_SC_SUCCESS || status == P2P_SC_SUCCESS_DEFERRED) &&
+ if ((status == P2P_SC_SUCCESS || status == P2P_SC_SUCCESS_DEFERRED) &&
p2p->p2ps_prov) {
+ dev->oper_freq = 0;
+
+ /*
+ * Save the reported channel list and operating frequency.
+ * Note that the specification mandates that the responder
+ * should include in the channel list only channels reported by
+ * the initiator, so this is only a sanity check, and if this
+ * fails the flow would continue, although it would probably
+ * fail. Same is true for the operating channel.
+ */
+ if (msg.channel_list && msg.channel_list_len &&
+ p2p_peer_channels_check(p2p, &p2p->channels, dev,
+ msg.channel_list,
+ msg.channel_list_len) < 0)
+ p2p_dbg(p2p, "P2PS PD Response - no common channels");
+
+ if (msg.operating_channel) {
+ if (p2p_channels_includes(&p2p->channels,
+ msg.operating_channel[3],
+ msg.operating_channel[4]) &&
+ p2p_channels_includes(&dev->channels,
+ msg.operating_channel[3],
+ msg.operating_channel[4])) {
+ dev->oper_freq =
+ p2p_channel_to_freq(
+ msg.operating_channel[3],
+ msg.operating_channel[4]);
+ } else {
+ p2p_dbg(p2p,
+ "P2PS PD Response - invalid operating channel");
+ }
+ }
+
if (p2p->cfg->p2ps_prov_complete) {
+ int freq = 0;
+
+ if (conncap == P2PS_SETUP_GROUP_OWNER) {
+ u8 tmp;
+
+ /*
+ * Re-select the operating channel as it is
+ * possible that original channel is no longer
+ * valid. This should not really fail.
+ */
+ if (p2p_go_select_channel(p2p, dev, &tmp) < 0)
+ p2p_dbg(p2p,
+ "P2PS PD channel selection failed");
+
+ freq = p2p_channel_to_freq(p2p->op_reg_class,
+ p2p->op_channel);
+ if (freq < 0)
+ freq = 0;
+ }
+
p2p->cfg->p2ps_prov_complete(
p2p->cfg->cb_ctx, status, sa, adv_mac,
p2p->p2ps_prov->session_mac,
group_mac, adv_id, p2p->p2ps_prov->session_id,
conncap, passwd_id, msg.persistent_ssid,
- msg.persistent_ssid_len, 1, 0, NULL);
+ msg.persistent_ssid_len, 1, 0, NULL,
+ msg.feature_cap, msg.feature_cap_len, freq);
}
p2ps_prov_free(p2p);
- }
-
- if (status != P2P_SC_SUCCESS &&
- status != P2P_SC_FAIL_INFO_CURRENTLY_UNAVAILABLE &&
- status != P2P_SC_SUCCESS_DEFERRED && p2p->p2ps_prov) {
+ } else if (status != P2P_SC_SUCCESS &&
+ status != P2P_SC_FAIL_INFO_CURRENTLY_UNAVAILABLE &&
+ status != P2P_SC_SUCCESS_DEFERRED && p2p->p2ps_prov) {
if (p2p->cfg->p2ps_prov_complete)
p2p->cfg->p2ps_prov_complete(
p2p->cfg->cb_ctx, status, sa, adv_mac,
p2p->p2ps_prov->session_mac,
group_mac, adv_id, p2p->p2ps_prov->session_id,
- 0, 0, NULL, 0, 1, 0, NULL);
+ 0, 0, NULL, 0, 1, 0, NULL, NULL, 0, 0);
p2ps_prov_free(p2p);
}
@@ -966,13 +1515,12 @@
p2p->cfg->cb_ctx, sa,
P2P_PROV_DISC_INFO_UNAVAILABLE,
adv_id, adv_mac, NULL);
- } else if (msg.wps_config_methods != dev->req_config_methods ||
- status != P2P_SC_SUCCESS) {
+ } else if (status != P2P_SC_SUCCESS) {
p2p_dbg(p2p, "Peer rejected our Provision Discovery Request");
if (p2p->cfg->prov_disc_fail)
p2p->cfg->prov_disc_fail(p2p->cfg->cb_ctx, sa,
- P2P_PROV_DISC_REJECTED, 0,
- NULL, NULL);
+ P2P_PROV_DISC_REJECTED,
+ adv_id, adv_mac, NULL);
p2p_parse_free(&msg);
p2ps_prov_free(p2p);
goto out;
@@ -980,9 +1528,10 @@
/* Store the provisioning info */
dev->wps_prov_info = msg.wps_config_methods;
+ if (msg.intended_addr)
+ os_memcpy(dev->interface_addr, msg.intended_addr, ETH_ALEN);
p2p_parse_free(&msg);
- success = 1;
out:
dev->req_config_methods = 0;
@@ -994,7 +1543,28 @@
p2p_connect_send(p2p, dev);
return;
}
- if (success && p2p->cfg->prov_disc_resp)
+
+ /*
+ * prov_disc_resp callback is used to generate P2P-PROV-DISC-ENTER-PIN,
+ * P2P-PROV-DISC-SHOW-PIN, and P2P-PROV-DISC-PBC-REQ events.
+ * Call it only for a legacy P2P PD or for P2PS PD scenarios where
+ * show/enter PIN events are needed.
+ *
+ * The callback is called in the following cases:
+ * 1. Legacy P2P PD response with a status SUCCESS
+ * 2. P2PS, advertiser method: DISPLAY, autoaccept: true,
+ * response status: SUCCESS, local method KEYPAD
+ * 3. P2PS, advertiser method: KEYPAD,Seeker side,
+ * response status: INFO_CURRENTLY_UNAVAILABLE,
+ * local method: DISPLAY
+ */
+ if (p2p->cfg->prov_disc_resp &&
+ ((status == P2P_SC_SUCCESS && !adv_id) ||
+ (p2ps_seeker && status == P2P_SC_SUCCESS &&
+ passwd_id == DEV_PW_REGISTRAR_SPECIFIED) ||
+ (p2ps_seeker &&
+ status == P2P_SC_FAIL_INFO_CURRENTLY_UNAVAILABLE &&
+ passwd_id == DEV_PW_USER_SPECIFIED)))
p2p->cfg->prov_disc_resp(p2p->cfg->cb_ctx, sa,
report_config_methods);
@@ -1058,6 +1628,10 @@
"Building PD Request based on P2PS config method 0x%x status %d --> req_config_methods 0x%x",
p2p->p2ps_prov->method, p2p->p2ps_prov->status,
dev->req_config_methods);
+
+ if (p2p_prepare_channel(p2p, dev, p2p->p2ps_prov->force_freq,
+ p2p->p2ps_prov->pref_freq, 1) < 0)
+ return -1;
}
req = p2p_build_prov_disc_req(p2p, dev, join);
diff --git a/src/p2p/p2p_sd.c b/src/p2p/p2p_sd.c
index 1a2af04..559af9d 100644
--- a/src/p2p/p2p_sd.c
+++ b/src/p2p/p2p_sd.c
@@ -28,11 +28,11 @@
pos = wpabuf_head(wfd);
end = pos + wpabuf_len(wfd);
- while (pos + 3 <= end) {
+ while (end - pos >= 3) {
subelem = *pos++;
len = WPA_GET_BE16(pos);
pos += 2;
- if (pos + len > end)
+ if (len > end - pos)
break;
if (subelem == WFD_SUBELEM_DEVICE_INFO && len >= 6) {
@@ -355,11 +355,11 @@
pos++;
slen = *pos++;
- next = pos + slen;
- if (next > end || slen < 2) {
+ if (slen > end - pos || slen < 2) {
p2p_dbg(p2p, "Invalid IE in GAS Initial Request");
return;
}
+ next = pos + slen;
pos++; /* skip QueryRespLenLimit and PAME-BI */
if (*pos != ACCESS_NETWORK_QUERY_PROTOCOL) {
@@ -370,16 +370,16 @@
pos = next;
/* Query Request */
- if (pos + 2 > end)
+ if (end - pos < 2)
return;
slen = WPA_GET_LE16(pos);
pos += 2;
- if (pos + slen > end)
+ if (slen > end - pos)
return;
end = pos + slen;
/* ANQP Query Request */
- if (pos + 4 > end)
+ if (end - pos < 4)
return;
if (WPA_GET_LE16(pos) != ANQP_VENDOR_SPECIFIC) {
p2p_dbg(p2p, "Unsupported ANQP Info ID %u", WPA_GET_LE16(pos));
@@ -389,7 +389,7 @@
slen = WPA_GET_LE16(pos);
pos += 2;
- if (pos + slen > end || slen < 3 + 1) {
+ if (slen > end - pos || slen < 3 + 1) {
p2p_dbg(p2p, "Invalid ANQP Query Request length");
return;
}
@@ -401,7 +401,7 @@
}
pos += 4;
- if (pos + 2 > end)
+ if (end - pos < 2)
return;
update_indic = WPA_GET_LE16(pos);
p2p_dbg(p2p, "Service Update Indicator: %u", update_indic);
@@ -512,11 +512,11 @@
pos++;
slen = *pos++;
- next = pos + slen;
- if (next > end || slen < 2) {
+ if (slen > end - pos || slen < 2) {
p2p_dbg(p2p, "Invalid IE in GAS Initial Response");
return;
}
+ next = pos + slen;
pos++; /* skip QueryRespLenLimit and PAME-BI */
if (*pos != ACCESS_NETWORK_QUERY_PROTOCOL) {
@@ -527,14 +527,14 @@
pos = next;
/* Query Response */
- if (pos + 2 > end) {
+ if (end - pos < 2) {
p2p_dbg(p2p, "Too short Query Response");
return;
}
slen = WPA_GET_LE16(pos);
pos += 2;
p2p_dbg(p2p, "Query Response Length: %d", slen);
- if (pos + slen > end) {
+ if (slen > end - pos) {
p2p_dbg(p2p, "Not enough Query Response data");
return;
}
@@ -552,7 +552,7 @@
}
/* ANQP Query Response */
- if (pos + 4 > end)
+ if (end - pos < 4)
return;
if (WPA_GET_LE16(pos) != ANQP_VENDOR_SPECIFIC) {
p2p_dbg(p2p, "Unsupported ANQP Info ID %u", WPA_GET_LE16(pos));
@@ -562,7 +562,7 @@
slen = WPA_GET_LE16(pos);
pos += 2;
- if (pos + slen > end || slen < 3 + 1) {
+ if (slen > end - pos || slen < 3 + 1) {
p2p_dbg(p2p, "Invalid ANQP Query Response length");
return;
}
@@ -574,7 +574,7 @@
}
pos += 4;
- if (pos + 2 > end)
+ if (end - pos < 2)
return;
update_indic = WPA_GET_LE16(pos);
p2p_dbg(p2p, "Service Update Indicator: %u", update_indic);
@@ -727,11 +727,11 @@
pos++;
slen = *pos++;
- next = pos + slen;
- if (next > end || slen < 2) {
+ if (slen > end - pos || slen < 2) {
p2p_dbg(p2p, "Invalid IE in GAS Comeback Response");
return;
}
+ next = pos + slen;
pos++; /* skip QueryRespLenLimit and PAME-BI */
if (*pos != ACCESS_NETWORK_QUERY_PROTOCOL) {
@@ -742,14 +742,14 @@
pos = next;
/* Query Response */
- if (pos + 2 > end) {
+ if (end - pos < 2) {
p2p_dbg(p2p, "Too short Query Response");
return;
}
slen = WPA_GET_LE16(pos);
pos += 2;
p2p_dbg(p2p, "Query Response Length: %d", slen);
- if (pos + slen > end) {
+ if (slen > end - pos) {
p2p_dbg(p2p, "Not enough Query Response data");
return;
}
@@ -768,7 +768,7 @@
}
/* ANQP Query Response */
- if (pos + 4 > end)
+ if (end - pos < 4)
return;
if (WPA_GET_LE16(pos) != ANQP_VENDOR_SPECIFIC) {
p2p_dbg(p2p, "Unsupported ANQP Info ID %u", WPA_GET_LE16(pos));
@@ -783,7 +783,7 @@
p2p_dbg(p2p, "Invalid ANQP Query Response length");
return;
}
- if (pos + 4 > end)
+ if (end - pos < 4)
return;
if (WPA_GET_BE32(pos) != P2P_IE_VENDOR_TYPE) {
@@ -793,7 +793,7 @@
}
pos += 4;
- if (pos + 2 > end)
+ if (end - pos < 2)
return;
p2p->sd_rx_update_indic = WPA_GET_LE16(pos);
p2p_dbg(p2p, "Service Update Indicator: %u", p2p->sd_rx_update_indic);
diff --git a/src/p2p/p2p_utils.c b/src/p2p/p2p_utils.c
index eee3c5a..2e2aa8a 100644
--- a/src/p2p/p2p_utils.c
+++ b/src/p2p/p2p_utils.c
@@ -9,6 +9,7 @@
#include "includes.h"
#include "common.h"
+#include "common/defs.h"
#include "common/ieee802_11_common.h"
#include "p2p_i.h"
@@ -67,59 +68,11 @@
*/
int p2p_freq_to_channel(unsigned int freq, u8 *op_class, u8 *channel)
{
- /* TODO: more operating classes */
- if (freq >= 2412 && freq <= 2472) {
- if ((freq - 2407) % 5)
- return -1;
+ if (ieee80211_freq_to_channel_ext(freq, 0, 0, op_class, channel) ==
+ NUM_HOSTAPD_MODES)
+ return -1;
- *op_class = 81; /* 2.407 GHz, channels 1..13 */
- *channel = (freq - 2407) / 5;
- return 0;
- }
-
- if (freq == 2484) {
- *op_class = 82; /* channel 14 */
- *channel = 14;
- return 0;
- }
-
- if (freq >= 5180 && freq <= 5240) {
- if ((freq - 5000) % 5)
- return -1;
-
- *op_class = 115; /* 5 GHz, channels 36..48 */
- *channel = (freq - 5000) / 5;
- return 0;
- }
-
- if (freq >= 5745 && freq <= 5805) {
- if ((freq - 5000) % 5)
- return -1;
-
- *op_class = 124; /* 5 GHz, channels 149..161 */
- *channel = (freq - 5000) / 5;
- return 0;
- }
-
- if (freq >= 5745 && freq <= 5845) {
- if ((freq - 5000) % 5)
- return -1;
-
- *op_class = 125; /* 5 GHz, channels 149..169 */
- *channel = (freq - 5000) / 5;
- return 0;
- }
-
- if (freq >= 58320 && freq <= 64800) {
- if ((freq - 58320) % 2160)
- return -1;
-
- *op_class = 180; /* 60 GHz, channels 1..4 */
- *channel = (freq - 56160) / 2160;
- return 0;
- }
-
- return -1;
+ return 0;
}
@@ -506,12 +459,22 @@
break;
for (j = 0; j < c->channels; j++) {
int freq;
+ unsigned int k;
+
if (idx + 1 == max_len)
break;
freq = p2p_channel_to_freq(c->reg_class,
c->channel[j]);
if (freq < 0)
continue;
+
+ for (k = 0; k < idx; k++) {
+ if (freq_list[k] == freq)
+ break;
+ }
+
+ if (k < idx)
+ continue;
freq_list[idx++] = freq;
}
}
diff --git a/src/radius/radius.c b/src/radius/radius.c
index 1ebfd11..266b29f 100644
--- a/src/radius/radius.c
+++ b/src/radius/radius.c
@@ -1,6 +1,6 @@
/*
* RADIUS message processing
- * Copyright (c) 2002-2009, 2011-2014, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2002-2009, 2011-2015, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -173,6 +173,7 @@
{ RADIUS_ATTR_USER_PASSWORD, "User-Password", RADIUS_ATTR_UNDIST },
{ RADIUS_ATTR_NAS_IP_ADDRESS, "NAS-IP-Address", RADIUS_ATTR_IP },
{ RADIUS_ATTR_NAS_PORT, "NAS-Port", RADIUS_ATTR_INT32 },
+ { RADIUS_ATTR_FRAMED_IP_ADDRESS, "Framed-IP-Address", RADIUS_ATTR_IP },
{ RADIUS_ATTR_FRAMED_MTU, "Framed-MTU", RADIUS_ATTR_INT32 },
{ RADIUS_ATTR_REPLY_MESSAGE, "Reply-Message", RADIUS_ATTR_TEXT },
{ RADIUS_ATTR_STATE, "State", RADIUS_ATTR_UNDIST },
@@ -703,7 +704,7 @@
attr = (struct radius_attr_hdr *) pos;
- if (pos + attr->length > end || attr->length < sizeof(*attr))
+ if (attr->length > end - pos || attr->length < sizeof(*attr))
goto fail;
/* TODO: check that attr->length is suitable for attr->type */
diff --git a/src/radius/radius.h b/src/radius/radius.h
index 5977339..f14de53 100644
--- a/src/radius/radius.h
+++ b/src/radius/radius.h
@@ -1,6 +1,6 @@
/*
* RADIUS message processing
- * Copyright (c) 2002-2009, 2012, 2014, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2002-2009, 2012, 2014-2015, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -52,6 +52,7 @@
RADIUS_ATTR_USER_PASSWORD = 2,
RADIUS_ATTR_NAS_IP_ADDRESS = 4,
RADIUS_ATTR_NAS_PORT = 5,
+ RADIUS_ATTR_FRAMED_IP_ADDRESS = 8,
RADIUS_ATTR_FRAMED_MTU = 12,
RADIUS_ATTR_REPLY_MESSAGE = 18,
RADIUS_ATTR_STATE = 24,
diff --git a/src/radius/radius_client.c b/src/radius/radius_client.c
index 693f61e..0bcdb45 100644
--- a/src/radius/radius_client.c
+++ b/src/radius/radius_client.c
@@ -407,7 +407,6 @@
static void radius_client_timer(void *eloop_ctx, void *timeout_ctx)
{
struct radius_client_data *radius = eloop_ctx;
- struct hostapd_radius_servers *conf = radius->conf;
struct os_reltime now;
os_time_t first;
struct radius_msg_list *entry, *prev, *tmp;
@@ -476,10 +475,10 @@
(long int) (first - now.sec));
}
- if (auth_failover && conf->num_auth_servers > 1)
+ if (auth_failover)
radius_client_auth_failover(radius);
- if (acct_failover && conf->num_acct_servers > 1)
+ if (acct_failover)
radius_client_acct_failover(radius);
}
@@ -1015,6 +1014,9 @@
int sel_sock;
struct radius_msg_list *entry;
struct hostapd_radius_servers *conf = radius->conf;
+ struct sockaddr_in disconnect_addr = {
+ .sin_family = AF_UNSPEC,
+ };
hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
HOSTAPD_LEVEL_INFO,
@@ -1023,6 +1025,12 @@
hostapd_ip_txt(&nserv->addr, abuf, sizeof(abuf)),
nserv->port);
+ if (oserv && oserv == nserv) {
+ /* Reconnect to same server, flush */
+ if (auth)
+ radius_client_flush(radius, 1);
+ }
+
if (oserv && oserv != nserv &&
(nserv->shared_secret_len != oserv->shared_secret_len ||
os_memcmp(nserv->shared_secret, oserv->shared_secret,
@@ -1125,6 +1133,11 @@
}
}
+ /* Force a reconnect by disconnecting the socket first */
+ if (connect(sel_sock, (struct sockaddr *) &disconnect_addr,
+ sizeof(disconnect_addr)) < 0)
+ wpa_printf(MSG_INFO, "disconnect[radius]: %s", strerror(errno));
+
if (connect(sel_sock, addr, addrlen) < 0) {
wpa_printf(MSG_INFO, "connect[radius]: %s", strerror(errno));
return -1;
diff --git a/src/radius/radius_das.c b/src/radius/radius_das.c
index 39ceea8..b7d991b 100644
--- a/src/radius/radius_das.c
+++ b/src/radius/radius_das.c
@@ -245,7 +245,7 @@
(u8 *) &val, 4);
if (res == 4) {
u32 timestamp = ntohl(val);
- if ((unsigned int) abs(now.sec - timestamp) >
+ if ((unsigned int) abs((int) (now.sec - timestamp)) >
das->time_window) {
wpa_printf(MSG_DEBUG, "DAS: Unacceptable "
"Event-Timestamp (%u; local time %u) in "
diff --git a/src/radius/radius_server.c b/src/radius/radius_server.c
index bdb7e42..744283c 100644
--- a/src/radius/radius_server.c
+++ b/src/radius/radius_server.c
@@ -265,6 +265,8 @@
struct dl_list erp_keys; /* struct eap_server_erp_key */
+ unsigned int tls_session_lifetime;
+
/**
* wps - Wi-Fi Protected Setup context
*
@@ -688,6 +690,7 @@
eap_conf.server_id = (const u8 *) data->server_id;
eap_conf.server_id_len = os_strlen(data->server_id);
eap_conf.erp = data->erp;
+ eap_conf.tls_session_lifetime = data->tls_session_lifetime;
radius_server_testing_options(sess, &eap_conf);
sess->eap = eap_server_sm_init(sess, &radius_server_eapol_cb,
&eap_conf);
@@ -1745,6 +1748,7 @@
}
data->erp = conf->erp;
data->erp_domain = conf->erp_domain;
+ data->tls_session_lifetime = conf->tls_session_lifetime;
if (conf->subscr_remediation_url) {
data->subscr_remediation_url =
diff --git a/src/radius/radius_server.h b/src/radius/radius_server.h
index ca4e38c..7a25802 100644
--- a/src/radius/radius_server.h
+++ b/src/radius/radius_server.h
@@ -170,6 +170,8 @@
const char *erp_domain;
+ unsigned int tls_session_lifetime;
+
/**
* wps - Wi-Fi Protected Setup context
*
diff --git a/src/rsn_supp/pmksa_cache.c b/src/rsn_supp/pmksa_cache.c
index ef7b683..b221e12 100644
--- a/src/rsn_supp/pmksa_cache.c
+++ b/src/rsn_supp/pmksa_cache.c
@@ -130,7 +130,7 @@
struct rsn_pmksa_cache_entry *entry, *pos, *prev;
struct os_reltime now;
- if (pmk_len > PMK_LEN)
+ if (pmk_len > PMK_LEN_MAX)
return NULL;
if (wpa_key_mgmt_suite_b(akmp) && !kck)
diff --git a/src/rsn_supp/pmksa_cache.h b/src/rsn_supp/pmksa_cache.h
index f8e040e..7ec09ea 100644
--- a/src/rsn_supp/pmksa_cache.h
+++ b/src/rsn_supp/pmksa_cache.h
@@ -15,7 +15,7 @@
struct rsn_pmksa_cache_entry {
struct rsn_pmksa_cache_entry *next;
u8 pmkid[PMKID_LEN];
- u8 pmk[PMK_LEN];
+ u8 pmk[PMK_LEN_MAX];
size_t pmk_len;
os_time_t expiration;
int akmp; /* WPA_KEY_MGMT_* */
diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
index 6b1df71..48752d7 100644
--- a/src/rsn_supp/tdls.c
+++ b/src/rsn_supp/tdls.c
@@ -12,6 +12,7 @@
#include "utils/eloop.h"
#include "utils/os.h"
#include "common/ieee802_11_defs.h"
+#include "common/ieee802_11_common.h"
#include "crypto/sha256.h"
#include "crypto/crypto.h"
#include "crypto/aes_wrap.h"
@@ -626,9 +627,15 @@
*/
if (peer->initiator) {
+ u8 addr[ETH_ALEN];
+
wpa_printf(MSG_DEBUG, "TDLS: TPK lifetime expired for " MACSTR
" - try to renew", MAC2STR(peer->addr));
- wpa_tdls_start(sm, peer->addr);
+ /* cache the peer address before do_teardown */
+ os_memcpy(addr, peer->addr, ETH_ALEN);
+ wpa_tdls_do_teardown(sm, peer,
+ WLAN_REASON_TDLS_TEARDOWN_UNSPECIFIED);
+ wpa_tdls_start(sm, addr);
} else {
wpa_printf(MSG_DEBUG, "TDLS: TPK lifetime expired for " MACSTR
" - tear down", MAC2STR(peer->addr));
@@ -2385,7 +2392,7 @@
wpa_printf(MSG_DEBUG, "TDLS: Sending TDLS Setup Confirm / "
"TPK Handshake Message 3");
if (wpa_tdls_send_tpk_m3(sm, src_addr, dtoken, lnkid, peer) < 0)
- goto error;
+ goto error_no_msg;
if (!peer->tpk_success) {
/*
@@ -2406,6 +2413,7 @@
error:
wpa_tdls_send_error(sm, src_addr, WLAN_TDLS_SETUP_CONFIRM, dtoken, 1,
status);
+error_no_msg:
wpa_tdls_disable_peer_link(sm, peer);
return -1;
}
@@ -2859,14 +2867,14 @@
}
-static int wpa_tdls_prohibited(struct wpa_eapol_ie_parse *elems)
+static int wpa_tdls_prohibited(struct ieee802_11_elems *elems)
{
/* bit 38 - TDLS Prohibited */
return !!(elems->ext_capab[2 + 4] & 0x40);
}
-static int wpa_tdls_chan_switch_prohibited(struct wpa_eapol_ie_parse *elems)
+static int wpa_tdls_chan_switch_prohibited(struct ieee802_11_elems *elems)
{
/* bit 39 - TDLS Channel Switch Prohibited */
return !!(elems->ext_capab[2 + 4] & 0x80);
@@ -2875,12 +2883,13 @@
void wpa_tdls_ap_ies(struct wpa_sm *sm, const u8 *ies, size_t len)
{
- struct wpa_eapol_ie_parse elems;
+ struct ieee802_11_elems elems;
sm->tdls_prohibited = 0;
sm->tdls_chan_switch_prohibited = 0;
- if (ies == NULL || wpa_supplicant_parse_ies(ies, len, &elems) < 0 ||
+ if (ies == NULL ||
+ ieee802_11_parse_elems(ies, len, &elems, 0) == ParseFailed ||
elems.ext_capab == NULL || elems.ext_capab_len < 2 + 5)
return;
@@ -2896,9 +2905,10 @@
void wpa_tdls_assoc_resp_ies(struct wpa_sm *sm, const u8 *ies, size_t len)
{
- struct wpa_eapol_ie_parse elems;
+ struct ieee802_11_elems elems;
- if (ies == NULL || wpa_supplicant_parse_ies(ies, len, &elems) < 0 ||
+ if (ies == NULL ||
+ ieee802_11_parse_elems(ies, len, &elems, 0) == ParseFailed ||
elems.ext_capab == NULL || elems.ext_capab_len < 2 + 5)
return;
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index faffe36..0b5fe51 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -1,6 +1,7 @@
/*
* WPA Supplicant - WPA state machine and EAPOL-Key processing
* Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi>
+ * Copyright(c) 2015 Intel Deutschland GmbH
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -23,6 +24,9 @@
#include "peerkey.h"
+static const u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
+
+
/**
* wpa_eapol_key_send - Send WPA/RSN EAPOL-Key message
* @sm: Pointer to WPA state machine data from wpa_sm_init()
@@ -34,11 +38,13 @@
* @msg: EAPOL-Key message
* @msg_len: Length of message
* @key_mic: Pointer to the buffer to which the EAPOL-Key MIC is written
+ * Returns: >= 0 on success, < 0 on failure
*/
-void wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck, size_t kck_len,
- int ver, const u8 *dest, u16 proto,
- u8 *msg, size_t msg_len, u8 *key_mic)
+int wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck, size_t kck_len,
+ int ver, const u8 *dest, u16 proto,
+ u8 *msg, size_t msg_len, u8 *key_mic)
{
+ int ret = -1;
size_t mic_len = wpa_mic_len(sm->key_mgmt);
if (is_zero_ether_addr(dest) && is_zero_ether_addr(sm->bssid)) {
@@ -69,10 +75,11 @@
wpa_hexdump_key(MSG_DEBUG, "WPA: KCK", kck, kck_len);
wpa_hexdump(MSG_DEBUG, "WPA: Derived Key MIC", key_mic, mic_len);
wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key", msg, msg_len);
- wpa_sm_ether_send(sm, dest, proto, msg, msg_len);
+ ret = wpa_sm_ether_send(sm, dest, proto, msg, msg_len);
eapol_sm_notify_tx_eapol_key(sm->eapol);
out:
os_free(msg);
+ return ret;
}
@@ -206,15 +213,21 @@
#endif /* CONFIG_IEEE80211R */
} else if (wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && sm->eapol) {
int res, pmk_len;
- pmk_len = PMK_LEN;
- res = eapol_sm_get_key(sm->eapol, sm->pmk, PMK_LEN);
+
+ if (sm->key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
+ pmk_len = PMK_LEN_SUITE_B_192;
+ else
+ pmk_len = PMK_LEN;
+ res = eapol_sm_get_key(sm->eapol, sm->pmk, pmk_len);
if (res) {
- /*
- * EAP-LEAP is an exception from other EAP methods: it
- * uses only 16-byte PMK.
- */
- res = eapol_sm_get_key(sm->eapol, sm->pmk, 16);
- pmk_len = 16;
+ if (pmk_len == PMK_LEN) {
+ /*
+ * EAP-LEAP is an exception from other EAP
+ * methods: it uses only 16-byte PMK.
+ */
+ res = eapol_sm_get_key(sm->eapol, sm->pmk, 16);
+ pmk_len = 16;
+ }
} else {
#ifdef CONFIG_IEEE80211R
u8 buf[2 * PMK_LEN];
@@ -318,7 +331,7 @@
* @wpa_ie: WPA/RSN IE
* @wpa_ie_len: Length of the WPA/RSN IE
* @ptk: PTK to use for keyed hash and encryption
- * Returns: 0 on success, -1 on failure
+ * Returns: >= 0 on success, < 0 on failure
*/
int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst,
const struct wpa_eapol_key *key,
@@ -409,10 +422,8 @@
os_memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN);
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/4");
- wpa_eapol_key_send(sm, ptk->kck, ptk->kck_len, ver, dst, ETH_P_EAPOL,
- rbuf, rlen, key_mic);
-
- return 0;
+ return wpa_eapol_key_send(sm, ptk->kck, ptk->kck_len, ver, dst,
+ ETH_P_EAPOL, rbuf, rlen, key_mic);
}
@@ -500,6 +511,7 @@
os_memset(buf, 0, sizeof(buf));
}
sm->tptk_set = 1;
+ sm->tk_to_set = 1;
kde = sm->assoc_wpa_ie;
kde_len = sm->assoc_wpa_ie_len;
@@ -525,7 +537,7 @@
#endif /* CONFIG_P2P */
if (wpa_supplicant_send_2_of_4(sm, sm->bssid, key, ver, sm->snonce,
- kde, kde_len, ptk))
+ kde, kde_len, ptk) < 0)
goto failed;
os_free(kde_buf);
@@ -603,7 +615,12 @@
int keylen, rsclen;
enum wpa_alg alg;
const u8 *key_rsc;
- u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
+
+ if (!sm->tk_to_set) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Do not re-install same PTK to the driver");
+ return 0;
+ }
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
"WPA: Installing PTK to the driver");
@@ -643,6 +660,7 @@
/* TK is not needed anymore in supplicant */
os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
+ sm->tk_to_set = 0;
if (sm->wpa_ptk_rekey) {
eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
@@ -753,12 +771,43 @@
}
+static int wpa_supplicant_rsc_relaxation(const struct wpa_sm *sm,
+ const u8 *rsc)
+{
+ int rsclen;
+
+ if (!sm->wpa_rsc_relaxation)
+ return 0;
+
+ rsclen = wpa_cipher_rsc_len(sm->group_cipher);
+
+ /*
+ * Try to detect RSC (endian) corruption issue where the AP sends
+ * the RSC bytes in EAPOL-Key message in the wrong order, both if
+ * it's actually a 6-byte field (as it should be) and if it treats
+ * it as an 8-byte field.
+ * An AP model known to have this bug is the Sapido RB-1632.
+ */
+ if (rsclen == 6 && ((rsc[5] && !rsc[0]) || rsc[6] || rsc[7])) {
+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+ "RSC %02x%02x%02x%02x%02x%02x%02x%02x is likely bogus, using 0",
+ rsc[0], rsc[1], rsc[2], rsc[3],
+ rsc[4], rsc[5], rsc[6], rsc[7]);
+
+ return 1;
+ }
+
+ return 0;
+}
+
+
static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
const struct wpa_eapol_key *key,
const u8 *gtk, size_t gtk_len,
int key_info)
{
struct wpa_gtk_data gd;
+ const u8 *key_rsc;
/*
* IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames - Figure 43x
@@ -784,11 +833,15 @@
os_memcpy(gd.gtk, gtk, gtk_len);
gd.gtk_len = gtk_len;
+ key_rsc = key->key_rsc;
+ if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
+ key_rsc = null_rsc;
+
if (sm->group_cipher != WPA_CIPHER_GTK_NOT_USED &&
(wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
gtk_len, gtk_len,
&gd.key_rsc_len, &gd.alg) ||
- wpa_supplicant_install_gtk(sm, &gd, key->key_rsc))) {
+ wpa_supplicant_install_gtk(sm, &gd, key_rsc))) {
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
"RSN: Failed to install GTK");
os_memset(&gd, 0, sizeof(gd));
@@ -989,8 +1042,8 @@
if (sm->assoc_resp_ies) {
pos = sm->assoc_resp_ies;
end = pos + sm->assoc_resp_ies_len;
- while (pos + 2 < end) {
- if (pos + 2 + pos[1] > end)
+ while (end - pos > 2) {
+ if (2 + pos[1] > end - pos)
break;
switch (*pos) {
case WLAN_EID_MOBILITY_DOMAIN:
@@ -1086,7 +1139,7 @@
* @ver: Version bits from EAPOL-Key Key Info
* @key_info: Key Info
* @ptk: PTK to use for keyed hash and encryption
- * Returns: 0 on success, -1 on failure
+ * Returns: >= 0 on success, < 0 on failure
*/
int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst,
const struct wpa_eapol_key *key,
@@ -1126,10 +1179,8 @@
WPA_PUT_BE16(reply->key_data_length, 0);
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 4/4");
- wpa_eapol_key_send(sm, ptk->kck, ptk->kck_len, ver, dst, ETH_P_EAPOL,
- rbuf, rlen, key_mic);
-
- return 0;
+ return wpa_eapol_key_send(sm, ptk->kck, ptk->kck_len, ver, dst,
+ ETH_P_EAPOL, rbuf, rlen, key_mic);
}
@@ -1202,7 +1253,7 @@
#endif /* CONFIG_P2P */
if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info,
- &sm->ptk)) {
+ &sm->ptk) < 0) {
goto failed;
}
@@ -1292,8 +1343,8 @@
&gd->key_rsc_len, &gd->alg))
return -1;
- wpa_hexdump(MSG_DEBUG, "RSN: received GTK in group key handshake",
- ie.gtk, ie.gtk_len);
+ wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in group key handshake",
+ ie.gtk, ie.gtk_len);
gd->keyidx = ie.gtk[0] & 0x3;
gd->tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
!!(ie.gtk[0] & BIT(2)));
@@ -1344,6 +1395,11 @@
gd->keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
WPA_KEY_INFO_KEY_INDEX_SHIFT;
if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) {
+#ifdef CONFIG_NO_RC4
+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+ "WPA: RC4 not supported in the build");
+ return -1;
+#else /* CONFIG_NO_RC4 */
u8 ek[32];
if (key_data_len > sizeof(gd->gtk)) {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
@@ -1361,6 +1417,7 @@
return -1;
}
os_memset(ek, 0, sizeof(ek));
+#endif /* CONFIG_NO_RC4 */
} else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
if (maxkeylen % 8) {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
@@ -1431,10 +1488,8 @@
WPA_PUT_BE16(reply->key_data_length, 0);
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2");
- wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver, sm->bssid,
- ETH_P_EAPOL, rbuf, rlen, key_mic);
-
- return 0;
+ return wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver,
+ sm->bssid, ETH_P_EAPOL, rbuf, rlen, key_mic);
}
@@ -1447,6 +1502,7 @@
u16 key_info;
int rekey, ret;
struct wpa_gtk_data gd;
+ const u8 *key_rsc;
if (!sm->msg_3_of_4_ok) {
wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
@@ -1477,8 +1533,12 @@
if (ret)
goto failed;
- if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc) ||
- wpa_supplicant_send_2_of_2(sm, key, ver, key_info))
+ key_rsc = key->key_rsc;
+ if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
+ key_rsc = null_rsc;
+
+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) ||
+ wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
goto failed;
os_memset(&gd, 0, sizeof(gd));
@@ -1575,6 +1635,11 @@
/* Decrypt key data here so that this operation does not need
* to be implemented separately for each message type. */
if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) {
+#ifdef CONFIG_NO_RC4
+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+ "WPA: RC4 not supported in the build");
+ return -1;
+#else /* CONFIG_NO_RC4 */
u8 ek[32];
os_memcpy(ek, key->key_iv, 16);
os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len);
@@ -1585,6 +1650,7 @@
return -1;
}
os_memset(ek, 0, sizeof(ek));
+#endif /* CONFIG_NO_RC4 */
} else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
ver == WPA_KEY_INFO_TYPE_AES_128_CMAC ||
sm->key_mgmt == WPA_KEY_MGMT_OSEN ||
@@ -2427,6 +2493,7 @@
sm->ssid_len = 0;
sm->wpa_ptk_rekey = config->wpa_ptk_rekey;
sm->p2p = config->p2p;
+ sm->wpa_rsc_relaxation = config->wpa_rsc_relaxation;
} else {
sm->network_ctx = NULL;
sm->peerkey_enabled = 0;
@@ -2437,6 +2504,7 @@
sm->ssid_len = 0;
sm->wpa_ptk_rekey = 0;
sm->p2p = 0;
+ sm->wpa_rsc_relaxation = 0;
}
}
diff --git a/src/rsn_supp/wpa.h b/src/rsn_supp/wpa.h
index e163b70..9bfe0e2 100644
--- a/src/rsn_supp/wpa.h
+++ b/src/rsn_supp/wpa.h
@@ -104,6 +104,7 @@
size_t ssid_len;
int wpa_ptk_rekey;
int p2p;
+ int wpa_rsc_relaxation;
};
#ifndef CONFIG_NO_WPA
diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
index 06dea05..205793e 100644
--- a/src/rsn_supp/wpa_ft.c
+++ b/src/rsn_supp/wpa_ft.c
@@ -168,9 +168,7 @@
pos = (u8 *) (rsnie + 1);
/* Group Suite Selector */
- if (sm->group_cipher != WPA_CIPHER_CCMP &&
- sm->group_cipher != WPA_CIPHER_GCMP &&
- sm->group_cipher != WPA_CIPHER_TKIP) {
+ if (!wpa_cipher_valid_group(sm->group_cipher)) {
wpa_printf(MSG_WARNING, "FT: Invalid group cipher (%d)",
sm->group_cipher);
os_free(buf);
diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
index 965a9c1..14b7799 100644
--- a/src/rsn_supp/wpa_i.h
+++ b/src/rsn_supp/wpa_i.h
@@ -19,11 +19,12 @@
* struct wpa_sm - Internal WPA state machine data
*/
struct wpa_sm {
- u8 pmk[PMK_LEN];
+ u8 pmk[PMK_LEN_MAX];
size_t pmk_len;
struct wpa_ptk ptk, tptk;
int ptk_set, tptk_set;
unsigned int msg_3_of_4_ok:1;
+ unsigned int tk_to_set:1;
u8 snonce[WPA_NONCE_LEN];
u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
int renew_snonce;
@@ -60,6 +61,7 @@
size_t ssid_len;
int wpa_ptk_rekey;
int p2p;
+ int wpa_rsc_relaxation;
u8 own_addr[ETH_ALEN];
const char *ifname;
@@ -349,9 +351,9 @@
return sm->ctx->key_mgmt_set_pmk(sm->ctx->ctx, pmk, pmk_len);
}
-void wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck, size_t kck_len,
- int ver, const u8 *dest, u16 proto,
- u8 *msg, size_t msg_len, u8 *key_mic);
+int wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck, size_t kck_len,
+ int ver, const u8 *dest, u16 proto,
+ u8 *msg, size_t msg_len, u8 *key_mic);
int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst,
const struct wpa_eapol_key *key,
int ver, const u8 *nonce,
diff --git a/src/rsn_supp/wpa_ie.c b/src/rsn_supp/wpa_ie.c
index 0c37b35..c44844e 100644
--- a/src/rsn_supp/wpa_ie.c
+++ b/src/rsn_supp/wpa_ie.c
@@ -378,7 +378,7 @@
return 0;
}
- if (pos + 1 + RSN_SELECTOR_LEN < end &&
+ if (1 + RSN_SELECTOR_LEN < end - pos &&
pos[1] >= RSN_SELECTOR_LEN + PMKID_LEN &&
RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_PMKID) {
ie->pmkid = pos + 2 + RSN_SELECTOR_LEN;
@@ -491,13 +491,13 @@
int ret = 0;
os_memset(ie, 0, sizeof(*ie));
- for (pos = buf, end = pos + len; pos + 1 < end; pos += 2 + pos[1]) {
+ for (pos = buf, end = pos + len; end - pos > 1; pos += 2 + pos[1]) {
if (pos[0] == 0xdd &&
((pos == buf + len - 1) || pos[1] == 0)) {
/* Ignore padding */
break;
}
- if (pos + 2 + pos[1] > end) {
+ if (2 + pos[1] > end - pos) {
wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key Key Data "
"underflow (ie=%d len=%d pos=%d)",
pos[0], pos[1], (int) (pos - buf));
diff --git a/src/tls/tlsv1_client.c b/src/tls/tlsv1_client.c
index 533286c..a6f0587 100644
--- a/src/tls/tlsv1_client.c
+++ b/src/tls/tlsv1_client.c
@@ -714,12 +714,12 @@
/**
- * tlsv1_client_get_keys - Get master key and random data from TLS connection
+ * tlsv1_client_get_random - Get random data from TLS connection
* @conn: TLSv1 client connection data from tlsv1_client_init()
- * @keys: Structure of key/random data (filled on success)
+ * @keys: Structure of random data (filled on success)
* Returns: 0 on success, -1 on failure
*/
-int tlsv1_client_get_keys(struct tlsv1_client *conn, struct tls_keys *keys)
+int tlsv1_client_get_random(struct tlsv1_client *conn, struct tls_random *keys)
{
os_memset(keys, 0, sizeof(*keys));
if (conn->state == CLIENT_HELLO)
diff --git a/src/tls/tlsv1_client.h b/src/tls/tlsv1_client.h
index 8ec85f1..a4e25e9 100644
--- a/src/tls/tlsv1_client.h
+++ b/src/tls/tlsv1_client.h
@@ -36,7 +36,7 @@
int tlsv1_client_resumed(struct tlsv1_client *conn);
int tlsv1_client_hello_ext(struct tlsv1_client *conn, int ext_type,
const u8 *data, size_t data_len);
-int tlsv1_client_get_keys(struct tlsv1_client *conn, struct tls_keys *keys);
+int tlsv1_client_get_random(struct tlsv1_client *conn, struct tls_random *data);
int tlsv1_client_get_keyblock_size(struct tlsv1_client *conn);
int tlsv1_client_set_cipher_list(struct tlsv1_client *conn, u8 *ciphers);
int tlsv1_client_set_cred(struct tlsv1_client *conn,
diff --git a/src/tls/tlsv1_client_write.c b/src/tls/tlsv1_client_write.c
index d192f44..c5a4d4e 100644
--- a/src/tls/tlsv1_client_write.c
+++ b/src/tls/tlsv1_client_write.c
@@ -134,6 +134,11 @@
struct x509_certificate *cert;
pos = *msgpos;
+ if (TLS_RECORD_HEADER_LEN + 1 + 3 + 3 > end - pos) {
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_INTERNAL_ERROR);
+ return -1;
+ }
wpa_printf(MSG_DEBUG, "TLSv1: Send Certificate");
rhdr = pos;
@@ -154,7 +159,7 @@
pos += 3;
cert = conn->cred ? conn->cred->cert : NULL;
while (cert) {
- if (pos + 3 + cert->cert_len > end) {
+ if (3 + cert->cert_len > (size_t) (end - pos)) {
wpa_printf(MSG_DEBUG, "TLSv1: Not enough buffer space "
"for Certificate (cert_len=%lu left=%lu)",
(unsigned long) cert->cert_len,
@@ -265,9 +270,16 @@
wpa_hexdump(MSG_DEBUG, "TLSv1: DH Yc (client's public value)",
dh_yc, dh_yc_len);
+ if (end - *pos < 2) {
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_INTERNAL_ERROR);
+ os_free(csecret);
+ os_free(dh_yc);
+ return -1;
+ }
WPA_PUT_BE16(*pos, dh_yc_len);
*pos += 2;
- if (*pos + dh_yc_len > end) {
+ if (dh_yc_len > (size_t) (end - *pos)) {
wpa_printf(MSG_DEBUG, "TLSv1: Not enough room in the "
"message buffer for Yc");
tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
diff --git a/src/tls/tlsv1_server.c b/src/tls/tlsv1_server.c
index 4df756f..ba47337 100644
--- a/src/tls/tlsv1_server.c
+++ b/src/tls/tlsv1_server.c
@@ -610,12 +610,12 @@
/**
- * tlsv1_server_get_keys - Get master key and random data from TLS connection
+ * tlsv1_server_get_random - Get random data from TLS connection
* @conn: TLSv1 server connection data from tlsv1_server_init()
- * @keys: Structure of key/random data (filled on success)
+ * @keys: Structure of random data (filled on success)
* Returns: 0 on success, -1 on failure
*/
-int tlsv1_server_get_keys(struct tlsv1_server *conn, struct tls_keys *keys)
+int tlsv1_server_get_random(struct tlsv1_server *conn, struct tls_random *keys)
{
os_memset(keys, 0, sizeof(*keys));
if (conn->state == CLIENT_HELLO)
diff --git a/src/tls/tlsv1_server.h b/src/tls/tlsv1_server.h
index b2b28d1..10e7699 100644
--- a/src/tls/tlsv1_server.h
+++ b/src/tls/tlsv1_server.h
@@ -32,7 +32,7 @@
size_t buflen);
int tlsv1_server_shutdown(struct tlsv1_server *conn);
int tlsv1_server_resumed(struct tlsv1_server *conn);
-int tlsv1_server_get_keys(struct tlsv1_server *conn, struct tls_keys *keys);
+int tlsv1_server_get_random(struct tlsv1_server *conn, struct tls_random *data);
int tlsv1_server_get_keyblock_size(struct tlsv1_server *conn);
int tlsv1_server_set_cipher_list(struct tlsv1_server *conn, u8 *ciphers);
int tlsv1_server_set_verify(struct tlsv1_server *conn, int verify_peer);
diff --git a/src/tls/tlsv1_server_write.c b/src/tls/tlsv1_server_write.c
index 15e6692..65cda3c 100644
--- a/src/tls/tlsv1_server_write.c
+++ b/src/tls/tlsv1_server_write.c
@@ -168,6 +168,11 @@
}
pos = *msgpos;
+ if (TLS_RECORD_HEADER_LEN + 1 + 3 + 3 > end - pos) {
+ tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_INTERNAL_ERROR);
+ return -1;
+ }
tlsv1_server_log(conn, "Send Certificate");
rhdr = pos;
@@ -188,7 +193,7 @@
pos += 3;
cert = conn->cred->cert;
while (cert) {
- if (pos + 3 + cert->cert_len > end) {
+ if (3 + cert->cert_len > (size_t) (end - pos)) {
wpa_printf(MSG_DEBUG, "TLSv1: Not enough buffer space "
"for Certificate (cert_len=%lu left=%lu)",
(unsigned long) cert->cert_len,
@@ -371,7 +376,7 @@
/* body - ServerDHParams */
server_params = pos;
/* dh_p */
- if (pos + 2 + dh_p_len > end) {
+ if (2 + dh_p_len > (size_t) (end - pos)) {
wpa_printf(MSG_DEBUG, "TLSv1: Not enough buffer space for "
"dh_p");
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
@@ -385,7 +390,7 @@
pos += dh_p_len;
/* dh_g */
- if (pos + 2 + conn->cred->dh_g_len > end) {
+ if (2 + conn->cred->dh_g_len > (size_t) (end - pos)) {
wpa_printf(MSG_DEBUG, "TLSv1: Not enough buffer space for "
"dh_g");
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
@@ -399,7 +404,7 @@
pos += conn->cred->dh_g_len;
/* dh_Ys */
- if (pos + 2 + dh_ys_len > end) {
+ if (2 + dh_ys_len > (size_t) (end - pos)) {
wpa_printf(MSG_DEBUG, "TLSv1: Not enough buffer space for "
"dh_Ys");
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
@@ -457,7 +462,7 @@
* SignatureAlgorithm signature;
* } SignatureAndHashAlgorithm;
*/
- if (hlen < 0 || pos + 2 > end) {
+ if (hlen < 0 || end - pos < 2) {
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_INTERNAL_ERROR);
return -1;
diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c
index b51dfcd..e7b7c41 100644
--- a/src/tls/x509v3.c
+++ b/src/tls/x509v3.c
@@ -199,12 +199,11 @@
hdr.class, hdr.tag);
return -1;
}
+ if (hdr.length > buf + len - hdr.payload)
+ return -1;
pos = hdr.payload;
end = pos + hdr.length;
- if (end > buf + len)
- return -1;
-
*next = end;
if (asn1_get_oid(pos, end - pos, &id->oid, &pos))
@@ -243,7 +242,7 @@
}
pos = hdr.payload;
- if (pos + hdr.length > end)
+ if (hdr.length > end - pos)
return -1;
end = pos + hdr.length;
*next = end;
@@ -319,7 +318,7 @@
}
pos = hdr.payload;
- if (pos + hdr.length > buf + len)
+ if (hdr.length > buf + len - pos)
return -1;
end = *next = pos + hdr.length;
@@ -677,7 +676,7 @@
pos = hdr.payload;
plen = hdr.length;
- if (pos + plen > buf + len)
+ if (plen > (size_t) (buf + len - pos))
return -1;
*next = pos + plen;
@@ -801,7 +800,7 @@
}
cert->ca = hdr.payload[0];
- if (hdr.payload + hdr.length == pos + len) {
+ if (hdr.length == pos + len - hdr.payload) {
wpa_printf(MSG_DEBUG, "X509: BasicConstraints - cA=%d",
cert->ca);
return 0;
@@ -1503,12 +1502,12 @@
}
pos = hdr.payload;
- if (pos + hdr.length > end) {
+ if (hdr.length > end - pos) {
x509_certificate_free(cert);
return NULL;
}
- if (pos + hdr.length < end) {
+ if (hdr.length < end - pos) {
wpa_hexdump(MSG_MSGDUMP, "X509: Ignoring extra data after DER "
"encoded certificate",
pos + hdr.length, end - (pos + hdr.length));
diff --git a/src/utils/browser-wpadebug.c b/src/utils/browser-wpadebug.c
index 5fc40fa..59ba4d1 100644
--- a/src/utils/browser-wpadebug.c
+++ b/src/utils/browser-wpadebug.c
@@ -96,7 +96,7 @@
if (pid == 0) {
/* run the external command in the child process */
- char *argv[12];
+ char *argv[14];
argv[0] = "browser-wpadebug";
argv[1] = "start";
@@ -109,7 +109,9 @@
argv[8] = "-e";
argv[9] = "w1.fi.wpadebug.URL";
argv[10] = (void *) url;
- argv[11] = NULL;
+ argv[11] = "--user";
+ argv[12] = "-3"; /* USER_CURRENT_OR_SELF */
+ argv[13] = NULL;
execv("/system/bin/am", argv);
wpa_printf(MSG_ERROR, "execv: %s", strerror(errno));
diff --git a/src/utils/common.c b/src/utils/common.c
index 5cf0d57..e74a2ae 100644
--- a/src/utils/common.c
+++ b/src/utils/common.c
@@ -498,7 +498,7 @@
*txt++ = 't';
break;
default:
- if (data[i] >= 32 && data[i] <= 127) {
+ if (data[i] >= 32 && data[i] <= 126) {
*txt++ = data[i];
} else {
txt += os_snprintf(txt, end - txt, "\\x%02x",
@@ -973,6 +973,48 @@
/**
+ * cstr_token - Get next token from const char string
+ * @str: a constant string to tokenize
+ * @delim: a string of delimiters
+ * @last: a pointer to a character following the returned token
+ * It has to be set to NULL for the first call and passed for any
+ * futher call.
+ * Returns: a pointer to token position in str or NULL
+ *
+ * This function is similar to str_token, but it can be used with both
+ * char and const char strings. Differences:
+ * - The str buffer remains unmodified
+ * - The returned token is not a NULL terminated string, but a token
+ * position in str buffer. If a return value is not NULL a size
+ * of the returned token could be calculated as (last - token).
+ */
+const char * cstr_token(const char *str, const char *delim, const char **last)
+{
+ const char *end, *token = str;
+
+ if (!str || !delim || !last)
+ return NULL;
+
+ if (*last)
+ token = *last;
+
+ while (*token && os_strchr(delim, *token))
+ token++;
+
+ if (!*token)
+ return NULL;
+
+ end = token + 1;
+
+ while (*end && !os_strchr(delim, *end))
+ end++;
+
+ *last = end;
+ return token;
+}
+
+
+/**
* str_token - Get next token from a string
* @buf: String to tokenize. Note that the string might be modified.
* @delim: String of delimiters
@@ -982,25 +1024,12 @@
*/
char * str_token(char *str, const char *delim, char **context)
{
- char *end, *pos = str;
+ char *token = (char *) cstr_token(str, delim, (const char **) context);
- if (*context)
- pos = *context;
+ if (token && **context)
+ *(*context)++ = '\0';
- while (*pos && os_strchr(delim, *pos))
- pos++;
- if (!*pos)
- return NULL;
-
- end = pos + 1;
- while (*end && !os_strchr(delim, *end))
- end++;
-
- if (*end)
- *end++ = '\0';
-
- *context = end;
- return pos;
+ return token;
}
diff --git a/src/utils/common.h b/src/utils/common.h
index 88318f5..0b9cc3d 100644
--- a/src/utils/common.h
+++ b/src/utils/common.h
@@ -53,16 +53,6 @@
}
#endif /* __APPLE__ */
-#ifdef CONFIG_TI_COMPILER
-#define __BIG_ENDIAN 4321
-#define __LITTLE_ENDIAN 1234
-#ifdef __big_endian__
-#define __BYTE_ORDER __BIG_ENDIAN
-#else
-#define __BYTE_ORDER __LITTLE_ENDIAN
-#endif
-#endif /* CONFIG_TI_COMPILER */
-
#ifdef CONFIG_NATIVE_WINDOWS
#include <winsock.h>
@@ -110,22 +100,6 @@
#define WPA_TYPES_DEFINED
#endif /* __vxworks */
-#ifdef CONFIG_TI_COMPILER
-#ifdef _LLONG_AVAILABLE
-typedef unsigned long long u64;
-#else
-/*
- * TODO: 64-bit variable not available. Using long as a workaround to test the
- * build, but this will likely not work for all operations.
- */
-typedef unsigned long u64;
-#endif
-typedef unsigned int u32;
-typedef unsigned short u16;
-typedef unsigned char u8;
-#define WPA_TYPES_DEFINED
-#endif /* CONFIG_TI_COMPILER */
-
#ifndef WPA_TYPES_DEFINED
#ifdef CONFIG_USE_INTTYPES_H
#include <inttypes.h>
@@ -262,7 +236,7 @@
static inline u32 WPA_GET_BE32(const u8 *a)
{
- return (a[0] << 24) | (a[1] << 16) | (a[2] << 8) | a[3];
+ return ((u32) a[0] << 24) | (a[1] << 16) | (a[2] << 8) | a[3];
}
static inline void WPA_PUT_BE32(u8 *a, u32 val)
@@ -275,7 +249,7 @@
static inline u32 WPA_GET_LE32(const u8 *a)
{
- return (a[3] << 24) | (a[2] << 16) | (a[1] << 8) | a[0];
+ return ((u32) a[3] << 24) | (a[2] << 16) | (a[1] << 8) | a[0];
}
static inline void WPA_PUT_LE32(u8 *a, u32 val)
@@ -433,7 +407,7 @@
#endif
#ifndef BIT
-#define BIT(x) (1 << (x))
+#define BIT(x) (1U << (x))
#endif
/*
@@ -518,6 +492,11 @@
return (a[0] & a[1] & a[2] & a[3] & a[4] & a[5]) == 0xff;
}
+static inline int is_multicast_ether_addr(const u8 *a)
+{
+ return a[0] & 0x01;
+}
+
#define broadcast_ether_addr (const u8 *) "\xff\xff\xff\xff\xff\xff"
#include "wpa_debug.h"
@@ -549,6 +528,7 @@
int random_mac_addr(u8 *addr);
int random_mac_addr_keep_oui(u8 *addr);
+const char * cstr_token(const char *str, const char *delim, const char **last);
char * str_token(char *str, const char *delim, char **context);
size_t utf8_escape(const char *inp, size_t in_size,
char *outp, size_t out_size);
diff --git a/src/utils/eloop.c b/src/utils/eloop.c
index 4a565eb..8647229 100644
--- a/src/utils/eloop.c
+++ b/src/utils/eloop.c
@@ -61,11 +61,8 @@
struct eloop_sock_table {
int count;
struct eloop_sock *table;
-#ifdef CONFIG_ELOOP_EPOLL
eloop_event_type type;
-#else /* CONFIG_ELOOP_EPOLL */
int changed;
-#endif /* CONFIG_ELOOP_EPOLL */
};
struct eloop_data {
@@ -256,9 +253,7 @@
table->table = tmp;
eloop.max_sock = new_max_sock;
eloop.count++;
-#ifndef CONFIG_ELOOP_EPOLL
table->changed = 1;
-#endif /* CONFIG_ELOOP_EPOLL */
eloop_trace_sock_add_ref(table);
#ifdef CONFIG_ELOOP_EPOLL
@@ -314,9 +309,7 @@
}
table->count--;
eloop.count--;
-#ifndef CONFIG_ELOOP_EPOLL
table->changed = 1;
-#endif /* CONFIG_ELOOP_EPOLL */
eloop_trace_sock_add_ref(table);
#ifdef CONFIG_ELOOP_EPOLL
if (epoll_ctl(eloop.epollfd, EPOLL_CTL_DEL, sock, NULL) < 0) {
@@ -523,6 +516,10 @@
continue;
table->handler(table->sock, table->eloop_data,
table->user_data);
+ if (eloop.readers.changed ||
+ eloop.writers.changed ||
+ eloop.exceptions.changed)
+ break;
}
}
#endif /* CONFIG_ELOOP_EPOLL */
@@ -923,6 +920,20 @@
(!dl_list_empty(&eloop.timeout) || eloop.readers.count > 0 ||
eloop.writers.count > 0 || eloop.exceptions.count > 0)) {
struct eloop_timeout *timeout;
+
+ if (eloop.pending_terminate) {
+ /*
+ * This may happen in some corner cases where a signal
+ * is received during a blocking operation. We need to
+ * process the pending signals and exit if requested to
+ * avoid hitting the SIGALRM limit if the blocking
+ * operation took more than two seconds.
+ */
+ eloop_process_pending_signals();
+ if (eloop.terminate)
+ break;
+ }
+
timeout = dl_list_first(&eloop.timeout, struct eloop_timeout,
list);
if (timeout) {
@@ -977,6 +988,11 @@
, strerror(errno));
goto out;
}
+
+ eloop.readers.changed = 0;
+ eloop.writers.changed = 0;
+ eloop.exceptions.changed = 0;
+
eloop_process_pending_signals();
/* check if some registered timeouts have occurred */
@@ -998,6 +1014,19 @@
if (res <= 0)
continue;
+ if (eloop.readers.changed ||
+ eloop.writers.changed ||
+ eloop.exceptions.changed) {
+ /*
+ * Sockets may have been closed and reopened with the
+ * same FD in the signal or timeout handlers, so we
+ * must skip the previous results and check again
+ * whether any of the currently registered sockets have
+ * events.
+ */
+ continue;
+ }
+
#ifdef CONFIG_ELOOP_POLL
eloop_sock_table_dispatch(&eloop.readers, &eloop.writers,
&eloop.exceptions, eloop.pollfds_map,
@@ -1073,7 +1102,7 @@
int eloop_terminated(void)
{
- return eloop.terminate;
+ return eloop.terminate || eloop.pending_terminate;
}
diff --git a/src/utils/http_curl.c b/src/utils/http_curl.c
index 653eb54..df2ce83 100644
--- a/src/utils/http_curl.c
+++ b/src/utils/http_curl.c
@@ -421,6 +421,28 @@
IMPLEMENT_ASN1_FUNCTIONS(LogotypeExtn);
+#ifdef OPENSSL_IS_BORINGSSL
+#define sk_LogotypeInfo_num(st) \
+sk_num(CHECKED_CAST(_STACK *, STACK_OF(LogotypeInfo) *, (st)))
+#define sk_LogotypeInfo_value(st, i) (LogotypeInfo *) \
+sk_value(CHECKED_CAST(_STACK *, const STACK_OF(LogotypeInfo) *, (st)), (i))
+#define sk_LogotypeImage_num(st) \
+sk_num(CHECKED_CAST(_STACK *, STACK_OF(LogotypeImage) *, (st)))
+#define sk_LogotypeImage_value(st, i) (LogotypeImage *) \
+sk_value(CHECKED_CAST(_STACK *, const STACK_OF(LogotypeImage) *, (st)), (i))
+#define sk_LogotypeAudio_num(st) \
+sk_num(CHECKED_CAST(_STACK *, STACK_OF(LogotypeAudio) *, (st)))
+#define sk_LogotypeAudio_value(st, i) (LogotypeAudio *) \
+sk_value(CHECK_CAST(_STACK *, const STACK_OF(LogotypeAudio) *, (st)), (i))
+#define sk_HashAlgAndValue_num(st) \
+sk_num(CHECKED_CAST(_STACK *, STACK_OF(HashAlgAndValue) *, (st)))
+#define sk_HashAlgAndValue_value(st, i) (HashAlgAndValue *) \
+sk_value(CHECKED_CAST(_STACK *, const STACK_OF(HashAlgAndValue) *, (st)), (i))
+#define sk_ASN1_IA5STRING_num(st) \
+sk_num(CHECKED_CAST(_STACK *, STACK_OF(ASN1_IA5STRING) *, (st)))
+#define sk_ASN1_IA5STRING_value(st, i) (ASN1_IA5STRING *) \
+sk_value(CHECKED_CAST(_STACK *, const STACK_OF(ASN1_IA5STRING) *, (st)), (i))
+#else /* OPENSSL_IS_BORINGSSL */
#define sk_LogotypeInfo_num(st) SKM_sk_num(LogotypeInfo, (st))
#define sk_LogotypeInfo_value(st, i) SKM_sk_value(LogotypeInfo, (st), (i))
#define sk_LogotypeImage_num(st) SKM_sk_num(LogotypeImage, (st))
@@ -431,6 +453,7 @@
#define sk_HashAlgAndValue_value(st, i) SKM_sk_value(HashAlgAndValue, (st), (i))
#define sk_ASN1_IA5STRING_num(st) SKM_sk_num(ASN1_IA5STRING, (st))
#define sk_ASN1_IA5STRING_value(st, i) SKM_sk_value(ASN1_IA5STRING, (st), (i))
+#endif /* OPENSSL_IS_BORINGSSL */
static void add_logo(struct http_ctx *ctx, struct http_cert *hcert,
diff --git a/src/utils/includes.h b/src/utils/includes.h
index 6c6ec87..75513fc 100644
--- a/src/utils/includes.h
+++ b/src/utils/includes.h
@@ -17,26 +17,22 @@
#include "build_config.h"
#include <stdlib.h>
+#include <stddef.h>
#include <stdio.h>
#include <stdarg.h>
#include <string.h>
#ifndef _WIN32_WCE
-#ifndef CONFIG_TI_COMPILER
#include <signal.h>
#include <sys/types.h>
-#endif /* CONFIG_TI_COMPILER */
#include <errno.h>
#endif /* _WIN32_WCE */
#include <ctype.h>
-#ifndef CONFIG_TI_COMPILER
#ifndef _MSC_VER
#include <unistd.h>
#endif /* _MSC_VER */
-#endif /* CONFIG_TI_COMPILER */
#ifndef CONFIG_NATIVE_WINDOWS
-#ifndef CONFIG_TI_COMPILER
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
@@ -44,7 +40,6 @@
#include <sys/uio.h>
#include <sys/time.h>
#endif /* __vxworks */
-#endif /* CONFIG_TI_COMPILER */
#endif /* CONFIG_NATIVE_WINDOWS */
#endif /* INCLUDES_H */
diff --git a/src/utils/os.h b/src/utils/os.h
index 8913854..9e496fb 100644
--- a/src/utils/os.h
+++ b/src/utils/os.h
@@ -247,11 +247,11 @@
int os_file_exists(const char *fname);
/**
- * os_fsync - Sync a file's (for a given stream) state with storage device
+ * os_fdatasync - Sync a file's (for a given stream) state with storage device
* @stream: the stream to be flushed
* Returns: 0 if the operation succeeded or -1 on failure
*/
-int os_fsync(FILE *stream);
+int os_fdatasync(FILE *stream);
/**
* os_zalloc - Allocate and zero memory
@@ -653,4 +653,12 @@
#define strcpy OS_DO_NOT_USE_strcpy
#endif /* OS_REJECT_C_LIB_FUNCTIONS */
+
+#if defined(WPA_TRACE_BFD) && defined(CONFIG_TESTING_OPTIONS)
+#define TEST_FAIL() testing_test_fail()
+int testing_test_fail(void);
+#else
+#define TEST_FAIL() 0
+#endif
+
#endif /* OS_H */
diff --git a/src/utils/os_internal.c b/src/utils/os_internal.c
index b8fb2db..ed6eb3c 100644
--- a/src/utils/os_internal.c
+++ b/src/utils/os_internal.c
@@ -243,7 +243,7 @@
}
-int os_fsync(FILE *stream)
+int os_fdatasync(FILE *stream)
{
return 0;
}
diff --git a/src/utils/os_none.c b/src/utils/os_none.c
index 96d243d..0c3214d 100644
--- a/src/utils/os_none.c
+++ b/src/utils/os_none.c
@@ -102,7 +102,7 @@
}
-int os_fsync(FILE *stream)
+int os_fdatasync(FILE *stream)
{
return 0;
}
diff --git a/src/utils/os_unix.c b/src/utils/os_unix.c
index ac73f7a..8f8dc5b 100644
--- a/src/utils/os_unix.c
+++ b/src/utils/os_unix.c
@@ -17,6 +17,12 @@
#include <private/android_filesystem_config.h>
#endif /* ANDROID */
+#ifdef __MACH__
+#include <CoreServices/CoreServices.h>
+#include <mach/mach.h>
+#include <mach/mach_time.h>
+#endif /* __MACH__ */
+
#include "os.h"
#include "common.h"
@@ -36,7 +42,7 @@
struct dl_list list;
size_t len;
WPA_TRACE_INFO
-};
+} __attribute__((aligned(16)));
#endif /* WPA_TRACE */
@@ -63,6 +69,7 @@
int os_get_reltime(struct os_reltime *t)
{
+#ifndef __MACH__
#if defined(CLOCK_BOOTTIME)
static clockid_t clock_id = CLOCK_BOOTTIME;
#elif defined(CLOCK_MONOTONIC)
@@ -95,6 +102,23 @@
return -1;
}
}
+#else /* __MACH__ */
+ uint64_t abstime, nano;
+ static mach_timebase_info_data_t info = { 0, 0 };
+
+ if (!info.denom) {
+ if (mach_timebase_info(&info) != KERN_SUCCESS)
+ return -1;
+ }
+
+ abstime = mach_absolute_time();
+ nano = (abstime * info.numer) / info.denom;
+
+ t->sec = nano / NSEC_PER_SEC;
+ t->usec = (nano - (((uint64_t) t->sec) * NSEC_PER_SEC)) / NSEC_PER_USEC;
+
+ return 0;
+#endif /* __MACH__ */
}
@@ -226,6 +250,9 @@
FILE *f;
size_t rc;
+ if (TEST_FAIL())
+ return -1;
+
f = fopen("/dev/urandom", "rb");
if (f == NULL) {
printf("Could not open /dev/urandom.\n");
@@ -415,10 +442,21 @@
}
-int os_fsync(FILE *stream)
+int os_fdatasync(FILE *stream)
{
- if (!fflush(stream))
+ if (!fflush(stream)) {
+#ifdef __linux__
+ return fdatasync(fileno(stream));
+#else /* !__linux__ */
+#ifdef F_FULLFSYNC
+ /* OS X does not implement fdatasync(). */
+ return fcntl(fileno(stream), F_FULLFSYNC);
+#else /* F_FULLFSYNC */
return fsync(fileno(stream));
+#endif /* F_FULLFSYNC */
+#endif /* __linux__ */
+ }
+
return -1;
}
@@ -556,6 +594,78 @@
return 0;
}
+
+char wpa_trace_test_fail_func[256] = { 0 };
+unsigned int wpa_trace_test_fail_after;
+
+int testing_test_fail(void)
+{
+ const char *func[WPA_TRACE_LEN];
+ size_t i, res, len;
+ char *pos, *next;
+ int match;
+
+ if (!wpa_trace_test_fail_after)
+ return 0;
+
+ res = wpa_trace_calling_func(func, WPA_TRACE_LEN);
+ i = 0;
+ if (i < res && os_strcmp(func[i], __func__) == 0)
+ i++;
+
+ pos = wpa_trace_test_fail_func;
+
+ match = 0;
+ while (i < res) {
+ int allow_skip = 1;
+ int maybe = 0;
+
+ if (*pos == '=') {
+ allow_skip = 0;
+ pos++;
+ } else if (*pos == '?') {
+ maybe = 1;
+ pos++;
+ }
+ next = os_strchr(pos, ';');
+ if (next)
+ len = next - pos;
+ else
+ len = os_strlen(pos);
+ if (os_memcmp(pos, func[i], len) != 0) {
+ if (maybe && next) {
+ pos = next + 1;
+ continue;
+ }
+ if (allow_skip) {
+ i++;
+ continue;
+ }
+ return 0;
+ }
+ if (!next) {
+ match = 1;
+ break;
+ }
+ pos = next + 1;
+ i++;
+ }
+ if (!match)
+ return 0;
+
+ wpa_trace_test_fail_after--;
+ if (wpa_trace_test_fail_after == 0) {
+ wpa_printf(MSG_INFO, "TESTING: fail at %s",
+ wpa_trace_test_fail_func);
+ for (i = 0; i < res; i++)
+ wpa_printf(MSG_INFO, "backtrace[%d] = %s",
+ (int) i, func[i]);
+ return 1;
+ }
+
+ return 0;
+}
+
#else
static inline int testing_fail_alloc(void)
diff --git a/src/utils/os_win32.c b/src/utils/os_win32.c
index 890abf4..dea27b9 100644
--- a/src/utils/os_win32.c
+++ b/src/utils/os_win32.c
@@ -216,18 +216,18 @@
}
-int os_fsync(FILE *stream)
+int os_fdatasync(FILE *stream)
{
- HANDLE hFile;
+ HANDLE h;
if (stream == NULL)
return -1;
- hFile = _get_osfhandle(_fileno(stream));
- if (hFile == INVALID_HANDLE_VALUE)
+ h = (HANDLE) _get_osfhandle(_fileno(stream));
+ if (h == INVALID_HANDLE_VALUE)
return -1;
- if (!FlushFileBuffers(hFile))
+ if (!FlushFileBuffers(h))
return -1;
return 0;
diff --git a/src/utils/pcsc_funcs.c b/src/utils/pcsc_funcs.c
index 6f5ea93..2f1157b 100644
--- a/src/utils/pcsc_funcs.c
+++ b/src/utils/pcsc_funcs.c
@@ -275,7 +275,7 @@
pos++;
if (pos >= end)
return -1;
- if ((pos + pos[0]) < end)
+ if (pos[0] < end - pos)
end = pos + 1 + pos[0];
pos++;
wpa_hexdump(MSG_DEBUG, "SCARD: file header FSP template",
@@ -1385,7 +1385,7 @@
end = buf + len;
/* RES */
- if (pos[0] > RES_MAX_LEN || pos + pos[0] > end) {
+ if (pos[0] > RES_MAX_LEN || pos[0] > end - pos) {
wpa_printf(MSG_DEBUG, "SCARD: Invalid RES");
return -1;
}
@@ -1395,7 +1395,7 @@
wpa_hexdump(MSG_DEBUG, "SCARD: RES", res, *res_len);
/* CK */
- if (pos[0] != CK_LEN || pos + CK_LEN > end) {
+ if (pos[0] != CK_LEN || CK_LEN > end - pos) {
wpa_printf(MSG_DEBUG, "SCARD: Invalid CK");
return -1;
}
@@ -1405,7 +1405,7 @@
wpa_hexdump(MSG_DEBUG, "SCARD: CK", ck, CK_LEN);
/* IK */
- if (pos[0] != IK_LEN || pos + IK_LEN > end) {
+ if (pos[0] != IK_LEN || IK_LEN > end - pos) {
wpa_printf(MSG_DEBUG, "SCARD: Invalid IK");
return -1;
}
diff --git a/src/utils/radiotap.c b/src/utils/radiotap.c
index f8f815a..c9a5023 100644
--- a/src/utils/radiotap.c
+++ b/src/utils/radiotap.c
@@ -123,13 +123,13 @@
/* find payload start allowing for extended bitmap(s) */
- if (iterator->_bitmap_shifter & (1<<IEEE80211_RADIOTAP_EXT)) {
+ if (iterator->_bitmap_shifter & BIT(IEEE80211_RADIOTAP_EXT)) {
if ((unsigned long)iterator->_arg -
(unsigned long)iterator->_rtheader + sizeof(uint32_t) >
(unsigned long)iterator->_max_length)
return -EINVAL;
while (get_unaligned_le32(iterator->_arg) &
- (1 << IEEE80211_RADIOTAP_EXT)) {
+ BIT(IEEE80211_RADIOTAP_EXT)) {
iterator->_arg += sizeof(uint32_t);
/*
diff --git a/src/utils/utils_module_tests.c b/src/utils/utils_module_tests.c
index b2c7e08..41511b9 100644
--- a/src/utils/utils_module_tests.c
+++ b/src/utils/utils_module_tests.c
@@ -14,6 +14,8 @@
#include "utils/ext_password.h"
#include "utils/trace.h"
#include "utils/base64.h"
+#include "utils/ip_addr.h"
+#include "utils/eloop.h"
struct printf_test_data {
@@ -44,6 +46,7 @@
char buf[100];
u8 bin[100];
int errors = 0;
+ int array[10];
wpa_printf(MSG_INFO, "printf encode/decode tests");
@@ -92,9 +95,24 @@
if (printf_decode(bin, 3, "\\xa") != 1 || bin[0] != 10)
errors++;
+ if (printf_decode(bin, 3, "\\xq") != 1 || bin[0] != 'q')
+ errors++;
+
if (printf_decode(bin, 3, "\\a") != 1 || bin[0] != 'a')
errors++;
+ array[0] = 10;
+ array[1] = 10;
+ array[2] = 5;
+ array[3] = 10;
+ array[4] = 5;
+ array[5] = 0;
+ if (int_array_len(array) != 5)
+ errors++;
+ int_array_sort_unique(array);
+ if (int_array_len(array) != 2)
+ errors++;
+
if (errors) {
wpa_printf(MSG_ERROR, "%d printf test(s) failed", errors);
return -1;
@@ -336,7 +354,7 @@
static int common_tests(void)
{
- char buf[3];
+ char buf[3], longbuf[100];
u8 addr[ETH_ALEN] = { 1, 2, 3, 4, 5, 6 };
u8 bin[3];
int errors = 0;
@@ -409,6 +427,11 @@
errors++;
}
+ if (wpa_snprintf_hex_sep(longbuf, 0, addr, ETH_ALEN, '-') != 0 ||
+ wpa_snprintf_hex_sep(longbuf, 5, addr, ETH_ALEN, '-') != 3 ||
+ os_strcmp(longbuf, "01-0") != 0)
+ errors++;
+
if (errors) {
wpa_printf(MSG_ERROR, "%d common test(s) failed", errors);
return -1;
@@ -418,6 +441,403 @@
}
+static int os_tests(void)
+{
+ int errors = 0;
+ void *ptr;
+ os_time_t t;
+
+ wpa_printf(MSG_INFO, "os tests");
+
+ ptr = os_calloc((size_t) -1, (size_t) -1);
+ if (ptr) {
+ errors++;
+ os_free(ptr);
+ }
+ ptr = os_calloc((size_t) 2, (size_t) -1);
+ if (ptr) {
+ errors++;
+ os_free(ptr);
+ }
+ ptr = os_calloc((size_t) -1, (size_t) 2);
+ if (ptr) {
+ errors++;
+ os_free(ptr);
+ }
+
+ ptr = os_realloc_array(NULL, (size_t) -1, (size_t) -1);
+ if (ptr) {
+ errors++;
+ os_free(ptr);
+ }
+
+ os_sleep(1, 1);
+
+ if (os_mktime(1969, 1, 1, 1, 1, 1, &t) == 0 ||
+ os_mktime(1971, 0, 1, 1, 1, 1, &t) == 0 ||
+ os_mktime(1971, 13, 1, 1, 1, 1, &t) == 0 ||
+ os_mktime(1971, 1, 0, 1, 1, 1, &t) == 0 ||
+ os_mktime(1971, 1, 32, 1, 1, 1, &t) == 0 ||
+ os_mktime(1971, 1, 1, -1, 1, 1, &t) == 0 ||
+ os_mktime(1971, 1, 1, 24, 1, 1, &t) == 0 ||
+ os_mktime(1971, 1, 1, 1, -1, 1, &t) == 0 ||
+ os_mktime(1971, 1, 1, 1, 60, 1, &t) == 0 ||
+ os_mktime(1971, 1, 1, 1, 1, -1, &t) == 0 ||
+ os_mktime(1971, 1, 1, 1, 1, 61, &t) == 0 ||
+ os_mktime(1971, 1, 1, 1, 1, 1, &t) != 0 ||
+ os_mktime(2020, 1, 2, 3, 4, 5, &t) != 0 ||
+ os_mktime(2015, 12, 31, 23, 59, 59, &t) != 0)
+ errors++;
+
+ if (os_setenv("hwsim_test_env", "test value", 0) != 0 ||
+ os_setenv("hwsim_test_env", "test value 2", 1) != 0 ||
+ os_unsetenv("hwsim_test_env") != 0)
+ errors++;
+
+ if (os_file_exists("/this-file-does-not-exists-hwsim") != 0)
+ errors++;
+
+ if (errors) {
+ wpa_printf(MSG_ERROR, "%d os test(s) failed", errors);
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static int wpabuf_tests(void)
+{
+ int errors = 0;
+ void *ptr;
+ struct wpabuf *buf;
+
+ wpa_printf(MSG_INFO, "wpabuf tests");
+
+ ptr = os_malloc(100);
+ if (ptr) {
+ buf = wpabuf_alloc_ext_data(ptr, 100);
+ if (buf) {
+ if (wpabuf_resize(&buf, 100) < 0)
+ errors++;
+ else
+ wpabuf_put(buf, 100);
+ wpabuf_free(buf);
+ } else {
+ errors++;
+ os_free(ptr);
+ }
+ } else {
+ errors++;
+ }
+
+ buf = wpabuf_alloc(100);
+ if (buf) {
+ struct wpabuf *buf2;
+
+ wpabuf_put(buf, 100);
+ if (wpabuf_resize(&buf, 100) < 0)
+ errors++;
+ else
+ wpabuf_put(buf, 100);
+ buf2 = wpabuf_concat(buf, NULL);
+ if (buf2 != buf)
+ errors++;
+ wpabuf_free(buf2);
+ } else {
+ errors++;
+ }
+
+ buf = NULL;
+ buf = wpabuf_zeropad(buf, 10);
+ if (buf != NULL)
+ errors++;
+
+ if (errors) {
+ wpa_printf(MSG_ERROR, "%d wpabuf test(s) failed", errors);
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static int ip_addr_tests(void)
+{
+ int errors = 0;
+ struct hostapd_ip_addr addr;
+ char buf[100];
+
+ wpa_printf(MSG_INFO, "ip_addr tests");
+
+ if (hostapd_parse_ip_addr("1.2.3.4", &addr) != 0 ||
+ addr.af != AF_INET ||
+ hostapd_ip_txt(NULL, buf, sizeof(buf)) != NULL ||
+ hostapd_ip_txt(&addr, buf, 1) != buf || buf[0] != '\0' ||
+ hostapd_ip_txt(&addr, buf, 0) != NULL ||
+ hostapd_ip_txt(&addr, buf, sizeof(buf)) != buf)
+ errors++;
+
+ if (hostapd_parse_ip_addr("::", &addr) != 0 ||
+ addr.af != AF_INET6 ||
+ hostapd_ip_txt(&addr, buf, 1) != buf || buf[0] != '\0' ||
+ hostapd_ip_txt(&addr, buf, sizeof(buf)) != buf)
+ errors++;
+
+ if (errors) {
+ wpa_printf(MSG_ERROR, "%d ip_addr test(s) failed", errors);
+ return -1;
+ }
+
+ return 0;
+}
+
+
+struct test_eloop {
+ unsigned int magic;
+ int close_in_timeout;
+ int pipefd1[2];
+ int pipefd2[2];
+};
+
+
+static void eloop_tests_start(int close_in_timeout);
+
+
+static void eloop_test_read_2(int sock, void *eloop_ctx, void *sock_ctx)
+{
+ struct test_eloop *t = eloop_ctx;
+ ssize_t res;
+ char buf[10];
+
+ wpa_printf(MSG_INFO, "%s: sock=%d", __func__, sock);
+
+ if (t->magic != 0x12345678) {
+ wpa_printf(MSG_INFO, "%s: unexpected magic 0x%x",
+ __func__, t->magic);
+ }
+
+ if (t->pipefd2[0] != sock) {
+ wpa_printf(MSG_INFO, "%s: unexpected sock %d != %d",
+ __func__, sock, t->pipefd2[0]);
+ }
+
+ res = read(sock, buf, sizeof(buf));
+ wpa_printf(MSG_INFO, "%s: sock=%d --> res=%d",
+ __func__, sock, (int) res);
+}
+
+
+static void eloop_test_read_2_wrong(int sock, void *eloop_ctx, void *sock_ctx)
+{
+ struct test_eloop *t = eloop_ctx;
+
+ wpa_printf(MSG_INFO, "%s: sock=%d", __func__, sock);
+
+ if (t->magic != 0x12345678) {
+ wpa_printf(MSG_INFO, "%s: unexpected magic 0x%x",
+ __func__, t->magic);
+ }
+
+ if (t->pipefd2[0] != sock) {
+ wpa_printf(MSG_INFO, "%s: unexpected sock %d != %d",
+ __func__, sock, t->pipefd2[0]);
+ }
+
+ /*
+ * This is expected to block due to the original socket with data having
+ * been closed and no new data having been written to the new socket
+ * with the same fd. To avoid blocking the process during test, skip the
+ * read here.
+ */
+ wpa_printf(MSG_ERROR, "%s: FAIL - should not have called this function",
+ __func__);
+}
+
+
+static void reopen_pipefd2(struct test_eloop *t)
+{
+ if (t->pipefd2[0] < 0) {
+ wpa_printf(MSG_INFO, "pipefd2 had been closed");
+ } else {
+ int res;
+
+ wpa_printf(MSG_INFO, "close pipefd2");
+ eloop_unregister_read_sock(t->pipefd2[0]);
+ close(t->pipefd2[0]);
+ t->pipefd2[0] = -1;
+ close(t->pipefd2[1]);
+ t->pipefd2[1] = -1;
+
+ res = pipe(t->pipefd2);
+ if (res < 0) {
+ wpa_printf(MSG_INFO, "pipe: %s", strerror(errno));
+ t->pipefd2[0] = -1;
+ t->pipefd2[1] = -1;
+ return;
+ }
+
+ wpa_printf(MSG_INFO,
+ "re-register pipefd2 with new sockets %d,%d",
+ t->pipefd2[0], t->pipefd2[1]);
+ eloop_register_read_sock(t->pipefd2[0], eloop_test_read_2_wrong,
+ t, NULL);
+ }
+}
+
+
+static void eloop_test_read_1(int sock, void *eloop_ctx, void *sock_ctx)
+{
+ struct test_eloop *t = eloop_ctx;
+ ssize_t res;
+ char buf[10];
+
+ wpa_printf(MSG_INFO, "%s: sock=%d", __func__, sock);
+
+ if (t->magic != 0x12345678) {
+ wpa_printf(MSG_INFO, "%s: unexpected magic 0x%x",
+ __func__, t->magic);
+ }
+
+ if (t->pipefd1[0] != sock) {
+ wpa_printf(MSG_INFO, "%s: unexpected sock %d != %d",
+ __func__, sock, t->pipefd1[0]);
+ }
+
+ res = read(sock, buf, sizeof(buf));
+ wpa_printf(MSG_INFO, "%s: sock=%d --> res=%d",
+ __func__, sock, (int) res);
+
+ if (!t->close_in_timeout)
+ reopen_pipefd2(t);
+}
+
+
+static void eloop_test_cb(void *eloop_data, void *user_ctx)
+{
+ struct test_eloop *t = eloop_data;
+
+ wpa_printf(MSG_INFO, "%s", __func__);
+
+ if (t->magic != 0x12345678) {
+ wpa_printf(MSG_INFO, "%s: unexpected magic 0x%x",
+ __func__, t->magic);
+ }
+
+ if (t->close_in_timeout)
+ reopen_pipefd2(t);
+}
+
+
+static void eloop_test_timeout(void *eloop_data, void *user_ctx)
+{
+ struct test_eloop *t = eloop_data;
+ int next_run = 0;
+
+ wpa_printf(MSG_INFO, "%s", __func__);
+
+ if (t->magic != 0x12345678) {
+ wpa_printf(MSG_INFO, "%s: unexpected magic 0x%x",
+ __func__, t->magic);
+ }
+
+ if (t->pipefd1[0] >= 0) {
+ wpa_printf(MSG_INFO, "pipefd1 had not been closed");
+ eloop_unregister_read_sock(t->pipefd1[0]);
+ close(t->pipefd1[0]);
+ t->pipefd1[0] = -1;
+ close(t->pipefd1[1]);
+ t->pipefd1[1] = -1;
+ }
+
+ if (t->pipefd2[0] >= 0) {
+ wpa_printf(MSG_INFO, "pipefd2 had not been closed");
+ eloop_unregister_read_sock(t->pipefd2[0]);
+ close(t->pipefd2[0]);
+ t->pipefd2[0] = -1;
+ close(t->pipefd2[1]);
+ t->pipefd2[1] = -1;
+ }
+
+ next_run = t->close_in_timeout;
+ t->magic = 0;
+ wpa_printf(MSG_INFO, "%s - free(%p)", __func__, t);
+ os_free(t);
+
+ if (next_run)
+ eloop_tests_start(0);
+}
+
+
+static void eloop_tests_start(int close_in_timeout)
+{
+ struct test_eloop *t;
+ int res;
+
+ t = os_zalloc(sizeof(*t));
+ if (!t)
+ return;
+ t->magic = 0x12345678;
+ t->close_in_timeout = close_in_timeout;
+
+ wpa_printf(MSG_INFO, "starting eloop tests (%p) (close_in_timeout=%d)",
+ t, close_in_timeout);
+
+ res = pipe(t->pipefd1);
+ if (res < 0) {
+ wpa_printf(MSG_INFO, "pipe: %s", strerror(errno));
+ os_free(t);
+ return;
+ }
+
+ res = pipe(t->pipefd2);
+ if (res < 0) {
+ wpa_printf(MSG_INFO, "pipe: %s", strerror(errno));
+ close(t->pipefd1[0]);
+ close(t->pipefd1[1]);
+ os_free(t);
+ return;
+ }
+
+ wpa_printf(MSG_INFO, "pipe fds: %d,%d %d,%d",
+ t->pipefd1[0], t->pipefd1[1],
+ t->pipefd2[0], t->pipefd2[1]);
+
+ eloop_register_read_sock(t->pipefd1[0], eloop_test_read_1, t, NULL);
+ eloop_register_read_sock(t->pipefd2[0], eloop_test_read_2, t, NULL);
+ eloop_register_timeout(0, 0, eloop_test_cb, t, NULL);
+ eloop_register_timeout(0, 200000, eloop_test_timeout, t, NULL);
+
+ if (write(t->pipefd1[1], "HELLO", 5) < 0)
+ wpa_printf(MSG_INFO, "write: %s", strerror(errno));
+ if (write(t->pipefd2[1], "TEST", 4) < 0)
+ wpa_printf(MSG_INFO, "write: %s", strerror(errno));
+ os_sleep(0, 50000);
+ wpa_printf(MSG_INFO, "waiting for eloop callbacks");
+}
+
+
+static void eloop_tests_run(void *eloop_data, void *user_ctx)
+{
+ eloop_tests_start(1);
+}
+
+
+static int eloop_tests(void)
+{
+ wpa_printf(MSG_INFO, "schedule eloop tests to be run");
+
+ /*
+ * Cannot return error from these without a significant design change,
+ * so for now, run the tests from a scheduled timeout and require
+ * separate verification of the results from the debug log.
+ */
+ eloop_register_timeout(0, 0, eloop_tests_run, NULL, NULL);
+
+ return 0;
+}
+
+
int utils_module_tests(void)
{
int ret = 0;
@@ -430,6 +850,10 @@
bitfield_tests() < 0 ||
base64_tests() < 0 ||
common_tests() < 0 ||
+ os_tests() < 0 ||
+ wpabuf_tests() < 0 ||
+ ip_addr_tests() < 0 ||
+ eloop_tests() < 0 ||
int_array_tests() < 0)
ret = -1;
diff --git a/src/utils/wpa_debug.c b/src/utils/wpa_debug.c
index 3c26301..3275524 100644
--- a/src/utils/wpa_debug.c
+++ b/src/utils/wpa_debug.c
@@ -517,16 +517,18 @@
{
#ifdef CONFIG_DEBUG_FILE
int rv;
- if (last_path) {
- char *tmp = os_strdup(last_path);
- wpa_debug_close_file();
- rv = wpa_debug_open_file(tmp);
- os_free(tmp);
- } else {
- wpa_printf(MSG_ERROR, "Last-path was not set, cannot "
- "re-open log file.");
- rv = -1;
- }
+ char *tmp;
+
+ if (!last_path)
+ return 0; /* logfile not used */
+
+ tmp = os_strdup(last_path);
+ if (!tmp)
+ return -1;
+
+ wpa_debug_close_file();
+ rv = wpa_debug_open_file(tmp);
+ os_free(tmp);
return rv;
#else /* CONFIG_DEBUG_FILE */
return 0;
@@ -819,3 +821,42 @@
bin_clear_free(buf, buflen);
}
#endif /* CONFIG_NO_HOSTAPD_LOGGER */
+
+
+const char * debug_level_str(int level)
+{
+ switch (level) {
+ case MSG_EXCESSIVE:
+ return "EXCESSIVE";
+ case MSG_MSGDUMP:
+ return "MSGDUMP";
+ case MSG_DEBUG:
+ return "DEBUG";
+ case MSG_INFO:
+ return "INFO";
+ case MSG_WARNING:
+ return "WARNING";
+ case MSG_ERROR:
+ return "ERROR";
+ default:
+ return "?";
+ }
+}
+
+
+int str_to_debug_level(const char *s)
+{
+ if (os_strcasecmp(s, "EXCESSIVE") == 0)
+ return MSG_EXCESSIVE;
+ if (os_strcasecmp(s, "MSGDUMP") == 0)
+ return MSG_MSGDUMP;
+ if (os_strcasecmp(s, "DEBUG") == 0)
+ return MSG_DEBUG;
+ if (os_strcasecmp(s, "INFO") == 0)
+ return MSG_INFO;
+ if (os_strcasecmp(s, "WARNING") == 0)
+ return MSG_WARNING;
+ if (os_strcasecmp(s, "ERROR") == 0)
+ return MSG_ERROR;
+ return -1;
+}
diff --git a/src/utils/wpa_debug.h b/src/utils/wpa_debug.h
index 87bd7fa..17d8f96 100644
--- a/src/utils/wpa_debug.h
+++ b/src/utils/wpa_debug.h
@@ -364,4 +364,7 @@
#define WPA_ASSERT(a) do { } while (0)
#endif
+const char * debug_level_str(int level);
+int str_to_debug_level(const char *s);
+
#endif /* WPA_DEBUG_H */
diff --git a/src/utils/wpabuf.c b/src/utils/wpabuf.c
index 7aafa0a..11e7323 100644
--- a/src/utils/wpabuf.c
+++ b/src/utils/wpabuf.c
@@ -17,7 +17,7 @@
struct wpabuf_trace {
unsigned int magic;
-};
+} __attribute__((aligned(8)));
static struct wpabuf_trace * wpabuf_get_trace(const struct wpabuf *buf)
{
diff --git a/src/wps/http_client.c b/src/wps/http_client.c
index 0290013..cdf3a51 100644
--- a/src/wps/http_client.c
+++ b/src/wps/http_client.c
@@ -85,15 +85,16 @@
{
struct http_client *c = eloop_ctx;
int res;
+ size_t send_len;
+ send_len = wpabuf_len(c->req) - c->req_pos;
wpa_printf(MSG_DEBUG, "HTTP: Send client request to %s:%d (%lu of %lu "
"bytes remaining)",
inet_ntoa(c->dst.sin_addr), ntohs(c->dst.sin_port),
(unsigned long) wpabuf_len(c->req),
- (unsigned long) wpabuf_len(c->req) - c->req_pos);
+ (unsigned long) send_len);
- res = send(c->sd, wpabuf_head_u8(c->req) + c->req_pos,
- wpabuf_len(c->req) - c->req_pos, 0);
+ res = send(c->sd, wpabuf_head_u8(c->req) + c->req_pos, send_len, 0);
if (res < 0) {
wpa_printf(MSG_DEBUG, "HTTP: Failed to send buffer: %s",
strerror(errno));
@@ -102,12 +103,11 @@
return;
}
- if ((size_t) res < wpabuf_len(c->req) - c->req_pos) {
+ if ((size_t) res < send_len) {
wpa_printf(MSG_DEBUG, "HTTP: Sent %d of %lu bytes; %lu bytes "
"remaining",
res, (unsigned long) wpabuf_len(c->req),
- (unsigned long) wpabuf_len(c->req) - c->req_pos -
- res);
+ (unsigned long) send_len - res);
c->req_pos += res;
return;
}
@@ -146,24 +146,20 @@
c->cb_ctx = cb_ctx;
c->sd = socket(AF_INET, SOCK_STREAM, 0);
- if (c->sd < 0) {
- http_client_free(c);
- return NULL;
- }
+ if (c->sd < 0)
+ goto fail;
if (fcntl(c->sd, F_SETFL, O_NONBLOCK) != 0) {
wpa_printf(MSG_DEBUG, "HTTP: fnctl(O_NONBLOCK) failed: %s",
strerror(errno));
- http_client_free(c);
- return NULL;
+ goto fail;
}
if (connect(c->sd, (struct sockaddr *) dst, sizeof(*dst))) {
if (errno != EINPROGRESS) {
wpa_printf(MSG_DEBUG, "HTTP: Failed to connect: %s",
strerror(errno));
- http_client_free(c);
- return NULL;
+ goto fail;
}
/*
@@ -173,20 +169,18 @@
}
if (eloop_register_sock(c->sd, EVENT_TYPE_WRITE, http_client_tx_ready,
- c, NULL)) {
- http_client_free(c);
- return NULL;
- }
-
- if (eloop_register_timeout(HTTP_CLIENT_TIMEOUT_SEC, 0,
- http_client_timeout, c, NULL)) {
- http_client_free(c);
- return NULL;
- }
+ c, NULL) ||
+ eloop_register_timeout(HTTP_CLIENT_TIMEOUT_SEC, 0,
+ http_client_timeout, c, NULL))
+ goto fail;
c->req = req;
return c;
+
+fail:
+ http_client_free(c);
+ return NULL;
}
diff --git a/src/wps/http_server.c b/src/wps/http_server.c
index ac088c4..507abe8 100644
--- a/src/wps/http_server.c
+++ b/src/wps/http_server.c
@@ -277,11 +277,9 @@
"%s", srv->port, strerror(errno));
goto fail;
}
- if (listen(srv->fd, 10 /* max backlog */) < 0)
- goto fail;
- if (fcntl(srv->fd, F_SETFL, O_NONBLOCK) < 0)
- goto fail;
- if (eloop_register_sock(srv->fd, EVENT_TYPE_READ, http_server_cb,
+ if (listen(srv->fd, 10 /* max backlog */) < 0 ||
+ fcntl(srv->fd, F_SETFL, O_NONBLOCK) < 0 ||
+ eloop_register_sock(srv->fd, EVENT_TYPE_READ, http_server_cb,
srv, NULL))
goto fail;
diff --git a/src/wps/httpread.c b/src/wps/httpread.c
index 180b572..7a2ba50 100644
--- a/src/wps/httpread.c
+++ b/src/wps/httpread.c
@@ -278,8 +278,6 @@
}
}
*uri = 0; /* null terminate */
- while (isgraph(*hbp))
- hbp++;
while (*hbp == ' ' || *hbp == '\t')
hbp++;
/* get version */
@@ -506,10 +504,13 @@
new_alloc_nbytes < (h->content_length + 1))
new_alloc_nbytes = h->content_length + 1;
if (new_alloc_nbytes < h->body_alloc_nbytes ||
- new_alloc_nbytes > h->max_bytes) {
+ new_alloc_nbytes > h->max_bytes +
+ HTTPREAD_BODYBUF_DELTA) {
wpa_printf(MSG_DEBUG,
- "httpread: Unacceptable body length %d",
- new_alloc_nbytes);
+ "httpread: Unacceptable body length %d (body_alloc_nbytes=%u max_bytes=%u)",
+ new_alloc_nbytes,
+ h->body_alloc_nbytes,
+ h->max_bytes);
goto bad;
}
if ((new_body = os_realloc(h->body, new_alloc_nbytes))
diff --git a/src/wps/ndef.c b/src/wps/ndef.c
index 8d1ce1e..bb3c055 100644
--- a/src/wps/ndef.c
+++ b/src/wps/ndef.c
@@ -45,9 +45,14 @@
return -1;
record->payload_length = *pos++;
} else {
+ u32 len;
+
if (size < 6)
return -1;
- record->payload_length = ntohl(*(u32 *)pos);
+ len = WPA_GET_BE32(pos);
+ if (len > size - 6 || len > 20000)
+ return -1;
+ record->payload_length = len;
pos += sizeof(u32);
}
@@ -68,7 +73,8 @@
pos += record->payload_length;
record->total_length = pos - data;
- if (record->total_length > size)
+ if (record->total_length > size ||
+ record->total_length < record->payload_length)
return -1;
return 0;
}
diff --git a/src/wps/wps.c b/src/wps/wps.c
index 498f11f..fbaf85a 100644
--- a/src/wps/wps.c
+++ b/src/wps/wps.c
@@ -355,16 +355,16 @@
int wps_ap_priority_compar(const struct wpabuf *wps_a,
const struct wpabuf *wps_b)
{
- struct wps_parse_attr attr_a, attr_b;
+ struct wps_parse_attr attr;
int sel_a, sel_b;
- if (wps_a == NULL || wps_parse_msg(wps_a, &attr_a) < 0)
+ if (wps_a == NULL || wps_parse_msg(wps_a, &attr) < 0)
return 1;
- if (wps_b == NULL || wps_parse_msg(wps_b, &attr_b) < 0)
- return -1;
+ sel_a = attr.selected_registrar && *attr.selected_registrar != 0;
- sel_a = attr_a.selected_registrar && *attr_a.selected_registrar != 0;
- sel_b = attr_b.selected_registrar && *attr_b.selected_registrar != 0;
+ if (wps_b == NULL || wps_parse_msg(wps_b, &attr) < 0)
+ return -1;
+ sel_b = attr.selected_registrar && *attr.selected_registrar != 0;
if (sel_a && !sel_b)
return -1;
diff --git a/src/wps/wps_attr_parse.c b/src/wps/wps_attr_parse.c
index 11a967b..756d57e 100644
--- a/src/wps/wps_attr_parse.c
+++ b/src/wps/wps_attr_parse.c
@@ -83,10 +83,10 @@
const u8 *end = pos + len;
u8 id, elen;
- while (pos + 2 <= end) {
+ while (end - pos >= 2) {
id = *pos++;
elen = *pos++;
- if (pos + elen > end)
+ if (elen > end - pos)
break;
if (wps_set_vendor_ext_wfa_subelem(attr, id, elen, pos) < 0)
return -1;
diff --git a/src/wps/wps_attr_parse.h b/src/wps/wps_attr_parse.h
index 82c4739..8188fe9 100644
--- a/src/wps/wps_attr_parse.h
+++ b/src/wps/wps_attr_parse.h
@@ -59,43 +59,44 @@
/* variable length fields */
const u8 *manufacturer;
- size_t manufacturer_len;
const u8 *model_name;
- size_t model_name_len;
const u8 *model_number;
- size_t model_number_len;
const u8 *serial_number;
- size_t serial_number_len;
const u8 *dev_name;
- size_t dev_name_len;
const u8 *public_key;
- size_t public_key_len;
const u8 *encr_settings;
- size_t encr_settings_len;
const u8 *ssid; /* <= 32 octets */
- size_t ssid_len;
const u8 *network_key; /* <= 64 octets */
- size_t network_key_len;
const u8 *authorized_macs; /* <= 30 octets */
- size_t authorized_macs_len;
const u8 *sec_dev_type_list; /* <= 128 octets */
- size_t sec_dev_type_list_len;
const u8 *oob_dev_password; /* 38..54 octets */
- size_t oob_dev_password_len;
+ u16 manufacturer_len;
+ u16 model_name_len;
+ u16 model_number_len;
+ u16 serial_number_len;
+ u16 dev_name_len;
+ u16 public_key_len;
+ u16 encr_settings_len;
+ u16 ssid_len;
+ u16 network_key_len;
+ u16 authorized_macs_len;
+ u16 sec_dev_type_list_len;
+ u16 oob_dev_password_len;
/* attributes that can occur multiple times */
#define MAX_CRED_COUNT 10
- const u8 *cred[MAX_CRED_COUNT];
- size_t cred_len[MAX_CRED_COUNT];
- size_t num_cred;
-
#define MAX_REQ_DEV_TYPE_COUNT 10
- const u8 *req_dev_type[MAX_REQ_DEV_TYPE_COUNT];
- size_t num_req_dev_type;
+ unsigned int num_cred;
+ unsigned int num_req_dev_type;
+ unsigned int num_vendor_ext;
+
+ u16 cred_len[MAX_CRED_COUNT];
+ u16 vendor_ext_len[MAX_WPS_PARSE_VENDOR_EXT];
+
+ const u8 *cred[MAX_CRED_COUNT];
+ const u8 *req_dev_type[MAX_REQ_DEV_TYPE_COUNT];
const u8 *vendor_ext[MAX_WPS_PARSE_VENDOR_EXT];
- size_t vendor_ext_len[MAX_WPS_PARSE_VENDOR_EXT];
- size_t num_vendor_ext;
};
int wps_parse_msg(const struct wpabuf *msg, struct wps_parse_attr *attr);
diff --git a/src/wps/wps_common.c b/src/wps/wps_common.c
index 16d466e..88f85fe 100644
--- a/src/wps/wps_common.c
+++ b/src/wps/wps_common.c
@@ -528,7 +528,7 @@
{
u16 methods = 0;
- if (str == NULL) {
+ if (str == NULL || str[0] == '\0') {
/* Default to enabling methods based on build configuration */
methods |= WPS_CONFIG_DISPLAY | WPS_CONFIG_KEYPAD;
methods |= WPS_CONFIG_VIRT_DISPLAY;
diff --git a/src/wps/wps_enrollee.c b/src/wps/wps_enrollee.c
index 89957b1..9321b72 100644
--- a/src/wps/wps_enrollee.c
+++ b/src/wps/wps_enrollee.c
@@ -759,7 +759,7 @@
static int wps_process_creds(struct wps_data *wps, const u8 *cred[],
- size_t cred_len[], size_t num_cred, int wps2)
+ u16 cred_len[], unsigned int num_cred, int wps2)
{
size_t i;
int ok = 0;
@@ -799,6 +799,7 @@
struct wpabuf *attrs, int wps2)
{
struct wps_credential cred;
+ int ret = 0;
if (!wps->wps->ap)
return 0;
@@ -877,10 +878,10 @@
if (wps->wps->cred_cb) {
cred.cred_attr = wpabuf_head(attrs);
cred.cred_attr_len = wpabuf_len(attrs);
- wps->wps->cred_cb(wps->wps->cb_ctx, &cred);
+ ret = wps->wps->cred_cb(wps->wps->cb_ctx, &cred);
}
- return 0;
+ return ret;
}
diff --git a/src/wps/wps_er.c b/src/wps/wps_er.c
index 078ff72..b840acd 100644
--- a/src/wps/wps_er.c
+++ b/src/wps/wps_er.c
@@ -1649,11 +1649,15 @@
case HTTP_CLIENT_OK:
wpa_printf(MSG_DEBUG, "WPS ER: PutMessage OK");
reply = http_client_get_body(c);
- if (reply == NULL)
+ if (reply)
+ msg = os_zalloc(wpabuf_len(reply) + 1);
+ if (msg == NULL) {
+ if (ap->wps) {
+ wps_deinit(ap->wps);
+ ap->wps = NULL;
+ }
break;
- msg = os_zalloc(wpabuf_len(reply) + 1);
- if (msg == NULL)
- break;
+ }
os_memcpy(msg, wpabuf_head(reply), wpabuf_len(reply));
break;
case HTTP_CLIENT_FAILED:
@@ -1709,21 +1713,30 @@
url = http_client_url_parse(ap->control_url, &dst, &path);
if (url == NULL) {
wpa_printf(MSG_DEBUG, "WPS ER: Failed to parse controlURL");
- return;
+ goto fail;
}
buf = wps_er_soap_hdr(msg, "PutMessage", "NewInMessage", path, &dst,
&len_ptr, &body_ptr);
os_free(url);
if (buf == NULL)
- return;
+ goto fail;
wps_er_soap_end(buf, "PutMessage", len_ptr, body_ptr);
ap->http = http_client_addr(&dst, buf, 10000,
wps_er_http_put_message_cb, ap);
- if (ap->http == NULL)
+ if (ap->http == NULL) {
wpabuf_free(buf);
+ goto fail;
+ }
+ return;
+
+fail:
+ if (ap->wps) {
+ wps_deinit(ap->wps);
+ ap->wps = NULL;
+ }
}
diff --git a/src/wps/wps_er_ssdp.c b/src/wps/wps_er_ssdp.c
index e381fec..280b2b3 100644
--- a/src/wps/wps_er_ssdp.c
+++ b/src/wps/wps_er_ssdp.c
@@ -78,9 +78,7 @@
if (os_strstr(start, "ssdp:byebye"))
byebye = 1;
} else if (os_strncasecmp(start, "CACHE-CONTROL:", 14) == 0) {
- start += 9;
- while (*start == ' ')
- start++;
+ start += 14;
pos2 = os_strstr(start, "max-age=");
if (pos2 == NULL)
continue;
diff --git a/src/wps/wps_registrar.c b/src/wps/wps_registrar.c
index 8bcf2b3..4ca3a42 100644
--- a/src/wps/wps_registrar.c
+++ b/src/wps/wps_registrar.c
@@ -2605,13 +2605,16 @@
token = wps_get_nfc_pw_token(
&wps->wps->registrar->nfc_pw_tokens, wps->dev_pw_id);
if (token && token->peer_pk_hash_known) {
+ size_t len;
+
wpa_printf(MSG_DEBUG, "WPS: Found matching NFC "
"Password Token");
dl_list_del(&token->list);
wps->nfc_pw_token = token;
addr[0] = attr->public_key;
- sha256_vector(1, addr, &attr->public_key_len, hash);
+ len = attr->public_key_len;
+ sha256_vector(1, addr, &len, hash);
if (os_memcmp_const(hash,
wps->nfc_pw_token->pubkey_hash,
WPS_OOB_PUBKEY_HASH_LEN) != 0) {
diff --git a/src/wps/wps_upnp.c b/src/wps/wps_upnp.c
index 933d734..44318e0 100644
--- a/src/wps/wps_upnp.c
+++ b/src/wps/wps_upnp.c
@@ -695,6 +695,7 @@
struct subscription *s;
time_t now = time(NULL);
time_t expire = now + UPNP_SUBSCRIBE_SEC;
+ char str[80];
/* Get rid of expired subscriptions so we have room */
subscription_list_age(sm, now);
@@ -743,8 +744,10 @@
subscription_destroy(s);
return NULL;
}
- wpa_printf(MSG_DEBUG, "WPS UPnP: Subscription %p started with %s",
- s, callback_urls);
+ uuid_bin2str(s->uuid, str, sizeof(str));
+ wpa_printf(MSG_DEBUG,
+ "WPS UPnP: Subscription %p (SID %s) started with %s",
+ s, str, callback_urls);
/* Schedule sending this */
event_send_all_later(sm);
return s;
diff --git a/src/wps/wps_upnp_ap.c b/src/wps/wps_upnp_ap.c
index 2949f14..cca3905 100644
--- a/src/wps/wps_upnp_ap.c
+++ b/src/wps/wps_upnp_ap.c
@@ -34,10 +34,8 @@
wpa_hexdump_buf(MSG_MSGDUMP, "WPS: SetSelectedRegistrar attributes",
msg);
- if (wps_validate_upnp_set_selected_registrar(msg) < 0)
- return -1;
-
- if (wps_parse_msg(msg, &attr) < 0)
+ if (wps_validate_upnp_set_selected_registrar(msg) < 0 ||
+ wps_parse_msg(msg, &attr) < 0)
return -1;
s->reg = reg;
diff --git a/src/wps/wps_upnp_event.c b/src/wps/wps_upnp_event.c
index 2c8ed4f..94aae75 100644
--- a/src/wps/wps_upnp_event.c
+++ b/src/wps/wps_upnp_event.c
@@ -276,11 +276,9 @@
* Assume we are called ONLY with no current event and ONLY with
* nonempty event queue and ONLY with at least one address to send to.
*/
- if (dl_list_empty(&s->addr_list))
- return -1;
- if (s->current_event)
- return -1;
- if (dl_list_empty(&s->event_queue))
+ if (dl_list_empty(&s->addr_list) ||
+ s->current_event ||
+ dl_list_empty(&s->event_queue))
return -1;
s->current_event = e = event_dequeue(s);
diff --git a/src/wps/wps_upnp_ssdp.c b/src/wps/wps_upnp_ssdp.c
index 26a740d..968fc03 100644
--- a/src/wps/wps_upnp_ssdp.c
+++ b/src/wps/wps_upnp_ssdp.c
@@ -139,7 +139,7 @@
uuid_bin2str(iface->wps->uuid, uuid_string, sizeof(uuid_string));
msg = wpabuf_alloc(800); /* more than big enough */
if (msg == NULL)
- goto fail;
+ return NULL;
switch (a->type) {
case ADVERTISE_UP:
case ADVERTISE_DOWN:
@@ -213,10 +213,6 @@
*islast = 1;
return msg;
-
-fail:
- wpabuf_free(msg);
- return NULL;
}
@@ -744,11 +740,9 @@
int sd;
sd = socket(AF_INET, SOCK_DGRAM, 0);
- if (sd < 0)
- goto fail;
- if (fcntl(sd, F_SETFL, O_NONBLOCK) != 0)
- goto fail;
- if (setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)))
+ if (sd < 0 ||
+ fcntl(sd, F_SETFL, O_NONBLOCK) != 0 ||
+ setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)))
goto fail;
os_memset(&addr, 0, sizeof(addr));
addr.sin_family = AF_INET;
@@ -760,9 +754,8 @@
mcast_addr.imr_interface.s_addr = htonl(INADDR_ANY);
mcast_addr.imr_multiaddr.s_addr = inet_addr(UPNP_MULTICAST_ADDRESS);
if (setsockopt(sd, IPPROTO_IP, IP_ADD_MEMBERSHIP,
- (char *) &mcast_addr, sizeof(mcast_addr)))
- goto fail;
- if (setsockopt(sd, IPPROTO_IP, IP_MULTICAST_TTL,
+ (char *) &mcast_addr, sizeof(mcast_addr)) ||
+ setsockopt(sd, IPPROTO_IP, IP_MULTICAST_TTL,
&ttl, sizeof(ttl)))
goto fail;
diff --git a/src/wps/wps_upnp_web.c b/src/wps/wps_upnp_web.c
index b1cf571..e841b1f 100644
--- a/src/wps/wps_upnp_web.c
+++ b/src/wps/wps_upnp_web.c
@@ -300,7 +300,8 @@
* would appear to be required (given that we will be closing it!).
*/
static void web_connection_parse_get(struct upnp_wps_device_sm *sm,
- struct http_request *hreq, char *filename)
+ struct http_request *hreq,
+ const char *filename)
{
struct wpabuf *buf; /* output buffer, allocated */
char *put_length_here;
@@ -1003,6 +1004,8 @@
ret = HTTP_INTERNAL_SERVER_ERROR;
goto error;
}
+ if (len > 0 && callback_urls[len - 1] == '\r')
+ callback_urls[len - 1] = '\0';
continue;
}
/* SID is only for renewal */
@@ -1214,18 +1217,25 @@
}
if (got_uuid) {
+ char str[80];
+
+ uuid_bin2str(uuid, str, sizeof(str));
+
s = subscription_find(sm, uuid);
if (s) {
struct subscr_addr *sa;
sa = dl_list_first(&s->addr_list, struct subscr_addr,
list);
- wpa_printf(MSG_DEBUG, "WPS UPnP: Unsubscribing %p %s",
- s, (sa && sa->domain_and_port) ?
+ wpa_printf(MSG_DEBUG,
+ "WPS UPnP: Unsubscribing %p (SID %s) %s",
+ s, str, (sa && sa->domain_and_port) ?
sa->domain_and_port : "-null-");
dl_list_del(&s->list);
subscription_destroy(s);
} else {
- wpa_printf(MSG_INFO, "WPS UPnP: Could not find matching subscription to unsubscribe");
+ wpa_printf(MSG_INFO,
+ "WPS UPnP: Could not find matching subscription to unsubscribe (SID %s)",
+ str);
ret = HTTP_PRECONDITION_FAILED;
goto send_msg;
}