aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* FILS: Add a space before MAC address to a HLP debug messageJouni Malinen2017-09-071-1/+1
| | | | | | | | The "FILS: No pending HLP DHCP exchange with hw_addr" debug message was missing a space before the following MAC address, so add that there to make the message more readable. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Remove the completely unused FT parameters in driver association dataJouni Malinen2017-09-061-37/+0
| | | | | | | | It looks like these parameters related to FT have never been used, so remove them from causing confusion. The separate update_ft_ies() callback is used to provide the FT elements. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add SHA-384 routines to libcrypto.aJouni Malinen2017-09-051-0/+5
| | | | | | | wlantest needs this for being able to decrypt FILS (Re)Association Request/Response frames. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* SAE: Allow commit fields to be overridden for testing purposesJouni Malinen2017-09-043-0/+11
| | | | | | | | The new sae_commit_override=<hexdump> parameter can be used to force hostapd to override SAE commit message fields for testing purposes. This is included only in CONFIG_TESTING_OPTIONS=y builds. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* SAE: Add testing code for reflection attackJouni Malinen2017-09-042-0/+13
| | | | | | | | Allow hostapd to be configured to perform SAE reflection attack for SAE testing purposes with sae_reflection_attack=1 configuration parameter. This is included only in CONFIG_TESTING_OPTIONS=y builds. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* SAE: Fix PMKSA caching behavior in AP modeJouni Malinen2017-09-042-5/+24
| | | | | | | | Add PMKID into EAPOL-Key 1/4 when using SAE and fix the PMK-from-PMKSA selection in some cases where PSK (from passphrase) could have been used. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Derive PMKID using SHA256() for all curvesJouni Malinen2017-08-241-6/+3
| | | | | | | | This was previously defined inconsistently (H() vs. SHA256()), but it is now clarified in the draft tech spec to use SHA256(), so update implementation to do that. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* nl80211: Fix auth_alg selection with FILS in the connect commandJouni Malinen2017-08-241-0/+2
| | | | | | | | NL80211_ATTR_AUTH_TYPE needs to be skipped if multiple auth_alg options are included. The previous list missed the new FILS auth_alg here and ended up not doing so if OPEN and FILS were included. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FILS: Fix wpa_supplicant AP build without CONFIG_IEEE80211WJouni Malinen2017-08-241-2/+2
| | | | | | | CONFIG_FILS was missed as one of items requiring the p pointer in hostapd_notif_assoc(). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Use Transaction ID in Peer Discovery Request/Response framesJouni Malinen2017-08-233-46/+16
| | | | | | | | | DPP tech spec changed the contents of these frames by replacing the public key hash attributes with a Transaction ID attribute that gets copied from the request to the response to identify the transaction in a simpler manner. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hs20-osu-client: Fix build with new OpenSSL and BoringSSLHu Wang2017-08-231-1/+1
| | | | | | | Use the SSL_get_SSL_CTX() helper instead of dereferencing SSL* since struct ssl_st is not exposed in public header files anymore. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Introduce QCA_NL80211_VENDOR_SUBCMD_HANGSunil Dutt2017-08-231-0/+54
| | | | | | | | | | This is an event indicating to the user space that the driver has detected an internal failure. The driver is expected to recover from such a failure automatically, e.g., by resetting the device. This event carries the information indicating the reason that triggered this detection. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: JSON module tests for additional array parsingJouni Malinen2017-08-221-0/+4
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* JSON: Fix parsing of arrays of numbers, strings, literalsJouni Malinen2017-08-221-0/+26
| | | | | | | The previous implementation was able to parse arrays of objects, but not arrays of other types of items. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Remove devices object from the connectorJouni Malinen2017-08-224-180/+6
| | | | | | | This was removed from the draft DPP tech spec, so remove it from the implementation as well. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* QCA vendor attribute to configure beacon miss penalize count for BTCSachin Ahuja2017-08-181-0/+6
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* QCA vendor attribute to configure beacon miss countSachin Ahuja2017-08-181-0/+5
| | | | | | This can be used to dynamically enable/disable beacon miss count. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* QCA vendor attribute to enable/disable scanSandeep Puligilla2017-08-181-0/+6
| | | | | | | This commit introduces QCA vendor attribute to disable/enable scan. Signed-off-by: Sandeep Puligilla <spuligil@qti.qualcomm.com>
* hw_features: Fix check of supported 802.11ac channel widthSven Eckelmann2017-07-182-2/+2
| | | | | | | | | | | | | | | | | | The two channel width bits in the VHT capability field can be decoded in following values (IEEE Std 802.11ac-2013 8.4.2.160.2 VHT Capabilities Info field): * 0: no 160 or 80+80 MHz support * 1: 160 MHz support * 2: 160 and 80+80 MHz support * 3: (reserved) The check must therefore not be done bitwise but instead it must checked whether the capabilities announced by the driver are at least the ones requested by the user. Fixes: c781eb842852 ("hostapd: Verify VHT capabilities are supported by driver") Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
* WNM: Differentiate between WNM for station and for AP in buildAvraham Stern2017-07-185-14/+14
| | | | | | | | | | | | | | Previously, CONFIG_WNM enabled build that supports WNM for both station mode and AP mode. However, in most wpa_supplicant cases only station mode WNM is required and there is no need for AP mode WNM. Add support to differentiate between station mode WNM and AP mode WNM in wpa_supplicant builds by adding CONFIG_WNM_AP that should be used when AP mode WNM support is required in addition to station mode WNM. This allows binary size to be reduced for builds that require only the station side WNM functionality. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* DPP: Fix build with OpenSSL 1.1.0Jouni Malinen2017-07-171-0/+4
| | | | | | | | X509_ALGOR_get0() was modified to use const ** pointer as the first argument in OpenSSL 1.1.0, so need to use different type here to avoid compilation issues. Signed-off-by: Jouni Malinen <j@w1.fi>
* OpenSSL: Clear default_passwd_cb more thoroughlyJouni Malinen2017-07-171-5/+17
| | | | | | | | | | Previously, the pointer to strdup passwd was left in OpenSSL library default_passwd_cb_userdata and even the default_passwd_cb was left set on an error path. To avoid unexpected behavior if something were to manage to use there pointers, clear them explicitly once done with loading of the private key. Signed-off-by: Jouni Malinen <j@w1.fi>
* OpenSSL: Fix private key password handling with OpenSSL >= 1.1.0fBeniamino Galvani2017-07-171-0/+12
| | | | | | | | | Since OpenSSL version 1.1.0f, SSL_use_PrivateKey_file() uses the callback from the SSL object instead of the one from the CTX, so let's set the callback on both SSL and CTX. Note that SSL_set_default_passwd_cb*() is available only in 1.1.0. Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
* OpenSSL: Add build option to select default ciphersBeniamino Galvani2017-07-171-1/+1
| | | | | | | | | | | | | | Add a build option to select different default ciphers for OpenSSL instead of the hardcoded default "DEFAULT:!EXP:!LOW". This new option is useful on distributions where the security level should be consistent for all applications, as in Fedora [1]. In such cases the new configuration option would be set to "" or "PROFILE=SYSTEM" to select the global crypto policy by default. [1] https://fedoraproject.org/wiki/Changes/CryptoPolicy Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
* OCE: Add hostapd mode OCE capability indication if enabledAshwini Patil2017-07-145-10/+48
| | | | | | | Add OCE IE in Beacon, Probe Response, and (Re)Association Response frames if OCE is enabled in the configuration. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* STA: Add OCE capability indication attributeAshwini Patil2017-07-141-0/+3
| | | | | | | Add OCE capability indication attribute in Probe Request and (Re)Association Request frames. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* nl80211: Check if driver supports OCE specific featuresAshwini Patil2017-07-142-0/+17
| | | | | | | | Check if device supports OCE STA/STA-CFON/AP specific mandatory features. This commit includes checking based on the QCA vendor attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add vendor flags for OCE feature support indicationvamsi krishna2017-07-141-0/+12
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Introduce a vendor attribute to represent the PNO/EPNO Request IDSunil Dutt2017-07-141-0/+2
| | | | | | | | | | This request ID was wrongly referred from the REQUEST_ID in enum qca_wlan_vendor_attr_gscan_config_params which is mapped to QCA_WLAN_VENDOR_ATTR_PNO_PASSPOINT_LIST_PARAM_NUM in PNO Config. Hence define a different attribute to represent the request ID for PNO Config. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FILS: Fix compilation with CONFIG_NO_WPAEmmanuel Grumbach2017-07-081-1/+6
| | | | | | wpa_fils_is_completed() was not defined. Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
* EAP-TTLS: Fix a memory leak on error pathsJouni Malinen2017-07-081-0/+2
| | | | | | The allocated challenge needs to be freed on these error paths as well. Signed-off-by: Jouni Malinen <j@w1.fi>
* EAP-TTLS: Fix possible memory leak in eap_ttls_phase2_request_mschap()Ilan Peer2017-07-081-2/+12
| | | | | | The msg buffer needs to be freed on these two error paths. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* EAP-LEAP: Fix possible memory leak in eap_leap_process_request()Ilan Peer2017-07-081-0/+1
| | | | | | Free 'resp' object in case of a failure to derive the response. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* ap: Fix invalid HT40 channel pair fallbackNaftali Goldstein2017-07-081-0/+1
| | | | | | | | | | | | | In case of incorrect HT40 configuration as part of an attempt to create a 80 MHz AP, iface->conf->vht_oper_centr_freq_seg0_idx and iface->conf->vht_oper_centr_freq_seg1_idx are zero'ed, but iface->conf->vht_oper_chwidth remains VHT_CHANWIDTH_80MHZ. This causes the logic in dfs_get_start_chan_idx to fail. Fix this by setting iface->conf->vht_oper_chwidth to VHT_CHANWIDTH_USE_HT when zero'ing the center frequency parameters. Signed-off-by: Naftali Goldstein <naftali.goldstein@intel.com>
* ap: Fix return value in hostapd_drv_switch_channel()Ilan Peer2017-07-081-1/+1
| | | | | | | The documentation in driver.h state that in case of an error -1 is returned. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* DPP: Fix compilation without opensslAndrei Otcheretianski2017-07-075-6/+3
| | | | | | | | | dpp.h file requires openssl in order to compile, which breaks compilation on systems without it. Move DPP_OUI_TYPE to ieee802_11_defs.h and don't include dpp.h when not really needed. Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
* FILS: Advertize FILS capability based on driver capabilityVidyullatha Kanchanapally2017-07-072-0/+14
| | | | | | | | Add changes to control interface command get_capability to advertize FILS capability, FILS AKMs suites, and FILS Authentication algorithms based on the driver capabilities. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Fix a typo in vendor attribute documentationJouni Malinen2017-07-071-1/+1
| | | | | | | The attribute is QCA_WLAN_VENDOR_ATTR_SAR_LIMITS_SAR_ENABLE, not QCA_WLAN_VENDOR_ATTR_SAR_LIMITS_SELECT. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FILS: Add HLP support with driver-based AP SMEJeffin Mammen2017-07-067-9/+127
| | | | | | | This allows HLP processing to postpone association processing in hostapd_notify_assoc(). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FILS: Fix the IP header protocol field in HLP DHCP responseJeffin Mammen2017-07-061-0/+1
| | | | | | The IP header should indicate that UDP is used in the message. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FILS: ERP-based PMKSA cache addition on APJouni Malinen2017-07-052-1/+29
| | | | | | | | | | hostapd did not add a new PMKSA cache entry when FILS shared key authentication was used, i.e., only the initial full authentication resulted in a PMKSA cache entry being created. Derive the PMKID for the ERP case as well and add a PMKSA cache entry if the ERP exchange succeeds. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FILS: Fix a frame name in a debug printJouni Malinen2017-07-051-1/+1
| | | | | | | The EAP message included in FILS Wrapped Data from the non-AP STA to the AP is EAP-Initiate/Re-auth. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* OCE: Define OCE attributes and other related macrosAshwini Patil2017-07-041-0/+11
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Add DPP_CONFIGURATOR_SIGN to generate own connectorJouni Malinen2017-07-042-0/+46
| | | | | | | The DPP Configurator can use this new command to generate its own signed connector for the network that it manages. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: DPP_BOOTSTRAP_INFO for hostapdJouni Malinen2017-07-042-0/+23
| | | | | | | This extends the hostapd control interface to support the DPP_BOOTSTRAP_INFO command that was recently added for wpa_supplicant. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Share bootstrap type to string helper functionJouni Malinen2017-07-042-0/+13
| | | | | | This can be used in hostapd as well. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add new key_mgmt values for wpa_supplicant STATUS commandJouni Malinen2017-07-031-0/+4
| | | | | | Recently added OWE and DPP were missing from the key_mgmt string list. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add mgmt_group_cipher to wpa_supplicant STATUS commandJouni Malinen2017-07-032-2/+13
| | | | | | | This can be used to check which management group cipher is used in an association that uses PMF. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Update default wpa_group_rekey to once-per-day when using CCMP/GCMPJouni Malinen2017-07-032-0/+4
| | | | | | | | | The default value for GTK rekeying period was previously hardcoded to 600 seconds for all cases. Leave that short value only for TKIP as group cipher while moving to the IEEE 802.11 default value of 86400 seconds (once-per-day) for CCMP/GCMP. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Set PMKSA expiration based on peer connectorJouni Malinen2017-07-033-11/+15
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>