aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* mesh: Check mesh key management methodMasashi Honma2014-11-162-0/+15
| | | | | Signed-off-by: Natsuki Itaya <Natsuki.Itaya@jp.sony.com> Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* mesh: Add wpa_cli action script processing for mesh eventsMasashi Honma2014-11-161-0/+8
| | | | | Signed-off-by: Natsuki Itaya <Natsuki.Itaya@jp.sony.com> Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* mesh: Add scan result for mesh networkMasashi Honma2014-11-164-0/+108
| | | | | | | Android 4.4 uses "BSS" command instead of "SCAN_RESULT" command. So this patch add the mesh scan result for BSS command. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* mesh: Make BSSBasicRateSet configurableMasashi Honma2014-11-164-12/+72
| | | | | | | | | | | | | STAs that have different BSSBasicRateSet cannot connect to each other as per IEEE 802.11s-2011 9.6.0c1: "A mesh STA shall not establish a mesh peering with a mesh STA using a different BSSBasicRateSet." Make BSSBasicRateSet configurable to improve interoperability with other stations. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* Add mesh_group_{add,remove} control interface commandsJavier Lopez2014-11-164-3/+157
| | | | | | | | | | | | | Parse MESH_GROUP_ADD/REMOVE commands on ctrl interface and call wpa_supplicant routines. These commands are used to start or join and leave a mesh network. The mesh id is given in the configuration file, therefore there is no need to scan before joining a mesh network. We reuse the connect_without_scan construct used by P2P for that same purpose. Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: Javier Lopez <jlopex@gmail.com>
* mesh: Reduce none 11N Self-protected Action frame allocation sizeMasashi Honma2014-11-161-11/+18
| | | | | Signed-off-by: Natsuki Itaya <Natsuki.Itaya@jp.sony.com> Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* mesh: Fix 11N capability in Self-protected Action frameMasashi Honma2014-11-161-1/+1
| | | | | | | | mesh_ht_mode default value is CHAN_UNDEFINED. So previous code set 11N capability even though 11N is not used. Signed-off-by: Natsuki Itaya <Natsuki.Itaya@jp.sony.com> Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* mesh: Set driver capability flags to mesh interfaceMasashi Honma2014-11-161-0/+1
| | | | | Signed-off-by: Kenzoh Nishikawa <Kenzoh.Nishikawa@jp.sony.com> Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* mesh: Fix segmentation fault by repeating MESH_GROUP_ADD/REMOVEMasashi Honma2014-11-161-0/+4
| | | | | Signed-off-by: Natsuki Itaya <Natsuki.Itaya@jp.sony.com> Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* mesh: Enable mesh HT modeJason Mobarak2014-11-1610-20/+171
| | | | | | | | | | | | Add a new option "mesh_ht_mode" that specifies the HT mode for the mesh, with this option on, mesh beacons, actions frames, and probe responses with include the appropriate HT information elements. [original implementation by Chun-Yeow Yeoh <yeohchunyeow@gmail.com>] [some fixes by Masashi Honma <masashi.honma@gmail.com>] Signed-off-by: Ashok Nagarajan <ashok.dragon@gmail.com> Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
* mesh: Add timer for SAE authentication in RSN meshChun-Yeow Yeoh2014-11-168-0/+53
| | | | | | | | | | | | Add timer to do SAE re-authentication with number of tries defined by MESH_AUTH_RETRY and timeout defined by MESH_AUTH_TIMEOUT. Ignoring the sending of reply message on "SAE confirm before commit" to avoid "ping-pong" issues with other mesh nodes. This is obvious when number of mesh nodes in MBSS reaching 6. Signed-off-by: Chun-Yeow Yeoh <yeohchunyeow@gmail.com> Signed-off-by: Bob Copeland <me@bobcopeland.com>
* mesh: Start mesh peering after successful authenticationBob Copeland2014-11-162-4/+47
| | | | | [original patch by: Thomas Pedersen <thomas@noack.us>] Signed-off-by: Bob Copeland <me@bobcopeland.com>
* SAE: Enhance AP implementation to handle auth for mesh interfacesBob Copeland2014-11-161-55/+204
| | | | | | | | | | | Add state transition logic to the SAE frame handling in order to more fully implement the state machine from the IEEE 802.11 standard. Special cases are needed for infrastructure BSS case to avoid unexpected Authentication frame sequence by postponing transmission of the second Authentication frame untile the STA sends its Confirm. [original patch by: Thomas Pedersen <thomas@noack.us>] Signed-off-by: Bob Copeland <me@bobcopeland.com>
* mesh: Add mesh robust security networkThomas Pedersen2014-11-169-2/+692
| | | | | | | | | | | | | | This implementation provides: - Mesh SAE authentication mechanism - Key management (set/get PSK) - Cryptographic key establishment - Enhanced protection mechanisms for robust management frames Signed-off-by: Javier Lopez <jlopex@gmail.com> Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name> Signed-off-by: Thomas Pedersen <thomas@noack.us>
* hostapd: Add wowlan_triggers config paramDmitry Shmidt2014-11-167-61/+102
| | | | | | | | | | New kernels in wiphy_suspend() will call cfg80211_leave_all() that will eventually end up in cfg80211_stop_ap() unless wowlan_triggers were set. For now, use the parameters from the station mode as-is. It may be desirable to extend (or constraint) this in the future for specific AP mode needs. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
* nl80211: Fix Android compilation by adding include for fcntl.hIlan Peer2014-11-161-0/+1
| | | | | | This is needed for fcntl() at least with Android KK. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* tests: Suite BJouni Malinen2014-11-163-0/+42
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Suite B: Select EAPOL-Key integrity and key-wrap algorithms based on AKMJouni Malinen2014-11-166-38/+90
| | | | | | | | | This adds support for AKM 00-0F-AC:11 to specify the integrity and key-wrap algorithms for EAPOL-Key frames using the new design where descriptor version is set to 0 and algorithms are determined based on AKM. Signed-off-by: Jouni Malinen <j@w1.fi>
* Suite B: PMKID derivation for AKM 00-0F-AC:11Jouni Malinen2014-11-1613-8/+117
| | | | | | | | | The new AKM uses a different mechanism of deriving the PMKID based on KCK instead of PMK. hostapd was already doing this after the KCK had been derived, but wpa_supplicant functionality needs to be moved from processing of EAPOL-Key frame 1/4 to 3/4 to have the KCK available. Signed-off-by: Jouni Malinen <j@w1.fi>
* Suite B: Add AKM 00-0F-AC:11Jouni Malinen2014-11-1617-8/+82
| | | | | | | | This adds definitions for the 128-bit level Suite B AKM 00-0F-AC:11. The functionality itself is not yet complete, i.e., this commit only includes parts to negotiate the new AKM. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Clear ignore_old_scan_res settingJouni Malinen2014-11-151-0/+1
| | | | | | | | | | This parameter was used in some of the NFC test cases to make scanning more robust in case of changing AP configuration. However, the parameter was not cleared anywhere, so it could have been left in use for other test cases as well. To get more consistent behavior, clear the value back to its default between test cases. Signed-off-by: Jouni Malinen <j@w1.fi>
* OpenSSL: Allow TLS v1.1 and v1.2 to be negotiated by defaultJouni Malinen2014-11-151-1/+4
| | | | | | | | | Use SSLv23_method() to enable TLS version negotiation for any version equal to or newer than 1.0. If the old behavior is needed as a workaround for some broken authentication servers, it can be configured with phase1="tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1". Signed-off-by: Jouni Malinen <j@w1.fi>
* EAP-IKEv2: Fix compilation warningAndrei Otcheretianski2014-11-151-1/+1
| | | | | | | Fix signed/unsigned comparison compilation warning introduced in 08ef442 "EAP-IKEv2: Fix the payload parser". Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
* Add CTRL-EVENT-SCAN-FAILED notification in case of scan failureDmitry Shmidt2014-11-152-0/+4
| | | | | | | | This is needed since the SCAN command with radio work returns before the actual driver operation to trigger a scan has been executed and as such, cannot return result of that operation. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
* Work around AP misbehavior on EAPOL-Key descriptor versionJouni Malinen2014-11-141-0/+3
| | | | | | | | | | | | | | | | | | | It looks like some APs are incorrectly selecting descriptor version 3 (AES-128-CMAC) for EAPOL-Key frames when version 2 (HMAC-SHA1) was expected to be used. This is likely triggered by an attempt to negotiate PMF with SHA1-based AKM. Since AES-128-CMAC is considered stronger than HMAC-SHA1, allow the incorrect, but stronger, option to be used in these cases to avoid interoperability issues with deployed APs. This issue shows up with "WPA: CCMP is used, but EAPOL-Key descriptor version (3) is not 2" in debug log. With the new workaround, this issue is ignored and "WPA: Interoperability workaround: allow incorrect (should have been HMAC-SHA1), but stronger (is AES-128-CMAC), descriptor version to be used" is written to the log. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: PMF required with SHA1-based AKMJouni Malinen2014-11-141-0/+19
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Change drv_flags from unsigned int to u64Yanbo Li2014-11-141-1/+1
| | | | | | | | Some flag already using a bit larger than 32, so extend the hostapd drv_flags type similarly to the earlier wpa_supplicant change to get the full flag content. Signed-off-by: Yanbo Li <yanbol@qti.qualcomm.com>
* Assign QCA vendor specific nl80211 command id 52 for APFINDJouni Malinen2014-11-131-0/+1
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: DFS with chanlistJouni Malinen2014-11-011-1/+113
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Remove unused EVENT_MLME_RXJouni Malinen2014-11-012-19/+0
| | | | | | | This was used in driver_test.c, but that driver wrapper has been removed and there are no remaining or expected users for EVENT_MLME_RX. Signed-off-by: Jouni Malinen <j@w1.fi>
* Remove unused EVENT_FT_RRB_RXJouni Malinen2014-11-013-21/+0
| | | | | | | | This was used in hostapd driver_test.c, but that driver wrapper has been removed and there are no remaining or expected users for EVENT_FT_RRB_RX. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Make vm-run.sh arguments non-positionalIlan Peer2014-11-011-18/+26
| | | | | | | | This was currently breaking parallel-run.*, as it was passing --split num/num parameters (intended for rnu-tests.py) to vm-run.sh which broke the --codecov and --timewrap options. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* tests: Update vm READMEIlan Peer2014-11-011-1/+1
| | | | | | | Update the code coverage documentation to also specify the source base directory for the code coverage generation. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* tests: Add usage() to run-all.shIlan Peer2014-11-011-0/+11
| | | | | | | The -h or --help command line arguments can now be used to request usage information for run-all.sh. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* tests: Add option to build before running all testsIlan Peer2014-11-011-1/+39
| | | | | | | | Add an option --build to run-all.sh to build before starting to run all the tests. In addition, add an option --codecov to extract the code coverage data at the end of the run. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* tests: Make run-all.sh arguments non-positionalIlan Peer2014-11-011-20/+37
| | | | Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* Remove completed to-do itemsJouni Malinen2014-11-011-9/+3
| | | | | | | While this file has not really been updated in years, some of the completed items can easily be removed. Signed-off-by: Jouni Malinen <j@w1.fi>
* Remove references to madwifi from various filesJouni Malinen2014-11-019-29/+13
| | | | | | | | Number of documentation and configuration files had references to the madwifi driver interface that was removed in the previous commit. Remove these references as well. Signed-off-by: Jouni Malinen <j@w1.fi>
* madwifi: Remove obsolete madwifi driver interfaceJouni Malinen2014-11-014-1333/+0
| | | | | | | | The MadWifi project is not active anymore and the last release happened in early 2008. As such, there is no remaining justification for maintaining the madwifi-specific driver interface for hostapd either. Signed-off-by: Jouni Malinen <j@w1.fi>
* dbus: Fix memory leak in wpas_dbus_getter_bss_wpsSlava Monich2014-11-011-0/+2
| | | | Signed-off-by: Slava Monich <slava.monich@jolla.com>
* wpa_gui: Use dialog window typeMartin Kletzander2014-11-011-0/+1
| | | | | | | | This helps window managers treat the window properly. Mostly tiling WMs are affected by this. All other windows inherit this option from QDialog already. Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
* tests: Concurrent station mode scan and p2p_find with P2P DeviceJouni Malinen2014-10-301-0/+12
| | | | | | | This verifies that station mode interface SCAN command gets executed if P2P Device instance is running p2p_find. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: P2P_STOP_FIND/P2P_FLUSH to ignore new resultsJouni Malinen2014-10-301-0/+31
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* P2P: Do not consider the p2p_scan results after p2p_stop_findSunil Dutt2014-10-302-0/+29
| | | | | | | | | | If p2p_stop_find is issued after the p2p_scan request is triggered to the host driver, the obtained scan results are also considered to update the P2P peer entries. This is not always desired behavior, i.e., it can be clearer if no P2P-DEVICE-FOUND events are generated based of that final pending scan. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* P2P: Document p2p_in_progress() return value 2Jouni Malinen2014-10-301-1/+2
| | | | | | Function documentation was not in sync with the implementation. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* P2P: Delay scan operation only when P2P is not in search stateSunil Dutt2014-10-301-2/+3
| | | | | | | | | | With the radio work interface in place, station interface SCAN command was not scheduled (i.e., it got continously delayed with "Delay station mode scan while P2P operation is in progress") when a p2p_find was operational. Fix this be delaying station mode scan only when a P2P operation is in progress, but not in search state. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* P2P: Set p2p_scan_running based on driver scan request resultSunil Dutt2014-10-303-15/+28
| | | | | | | | | | | With the radio work interface, the actual request to start p2p_scan operation is scheduled from a radio work and hence the initial return value cannot provide the real result of the driver operation to trigger a scan. Introduce a new notification API to indicate the scan trigger status based on which the p2p_scan_running instance can be set using the real return value from the driver operation. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* MACsec: Fix policy configurationJouni Malinen2014-10-301-2/+2
| | | | | | | | | | | macsec_validate variable was set incorrectly to FALSE(0) or TRUE(1) instead of the enum validate_frames values (Disabled(0), Checked(1), Strict(2). This ended up policy == SHOULD_SECURE to be mapped to macsec_validate == Checked instead of Strict. This could have resulted in unintended SecY forwarding of invalid packets rather than dropping them. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* P2P: Clean up p2p_go_neg_failed() callsJouni Malinen2014-10-293-33/+28
| | | | | | | | | | This function is always called with the peer argument equal to p2p->go_neg_peer, so there is no need for that argument to be there. In addition, p2p->go_neg_peer is not NULL in cases where there is an ongoing GO Negotiation, so the function can be simplified to just check once whether the peer pointer is set and if not, skip all processing. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: GO Negotiation and timeout while waiting for peerJouni Malinen2014-10-291-0/+26
| | | | | | | | grpform_cred_ready_timeout2 is similar to the grpform_cred_ready_timeout test case with the difference being in initiating a P2P_FIND operation during the wait. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>