path: root/wpa_supplicant/sme.c
Commit message (Collapse)AuthorAgeFilesLines
* Get rid of duplicated cipher suite and AKM definitionsJouni Malinen2013-12-311-3/+2
| | | | | | | | | | | | | WPA_CIPHER_* and CIPHER_* are used for the exact same set of cipher suites with the main difference being that the WPA_CIPHER_* version is suitable to be used as a bitfield. Similarly, WPA_KEY_MGMT_* and KEY_MGMT_* have similar design for AKMs. There is no need to maintain two separate copies of the definitions since the bitfield compatible version can be used for both needs. Get rid of the CIPHER_* and KEY_MGMT_* versions to clean up the implementation by getting rid of unnecessary mapping functions. Signed-hostap: Jouni Malinen <j@w1.fi>
* wpa_supplicant: Use monotonic time for SA query timeoutJohannes Berg2013-12-241-4/+4
| | | | | | | The SA query timeout is just a regular timeout (currently hard-coded to 1000 TU), so use monotonic time for it. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* SAE: Fix group selectionJouni Malinen2013-11-021-5/+9
| | | | | | | | | | | Number of regressions had shown up in wpa_supplicant implementation of SAE group selection due to different integer array termination (-1 in hostapd, 0 in wpa_supplicant) being used for SAE groups. The default_groups list did not seem to use any explicit termination value. In addition, the sae_group_index was not cleared back to 0 properly whenever a new SAE session was started. Signed-hostap: Jouni Malinen <j@w1.fi>
* Clean up wpa_supplicant_event() with deauth/disassoc helper functionsJouni Malinen2013-07-211-1/+1
| | | | | | | wpa_supplicant_event() has grown overly large, so it is useful to split it into smaller pieces. Signed-hostap: Jouni Malinen <j@w1.fi>
* HS 2.0: Include HS 2.0 Indication element only for HS 2.0 associationJouni Malinen2013-05-051-1/+1
| | | | | | | | | | | | | The Hotspot 2.0 specification seems to mandate this element to be included in all (Re)Association Request frames if the station is Hotspot 2.0 capable. However, that results in conflicts with other requirements like no TKIP use when this element is present. The design is really supposed to include the indication element only for Hotspot 2.0 associations regardless of what the current specification implies. Remove the HS 2.0 Indication element from (Re)Association Request frame whenever the connection is not for Hotspot 2.0 purposes. Signed-hostap: Jouni Malinen <j@w1.fi>
* Use a common frequency to channel conversion functionJouni Malinen2013-04-271-34/+4
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* Allow SME SA Query to be used by all driversChet Lanctot2013-03-111-2/+0
| | | | | | | | | | | The unprotected disconnection events were previously processed only for drivers that used the wpa_supplicant SME implementation (separate authentication and association commands). However, this can be useful for drivers that use the connect API, so remove the limitation and allow the same IEEE 802.11w SA Query mechanism to be used even without full use of the wpa_supplicant SME. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* wpa_supplicant: Support VHT capability overridesJohannes Berg2013-03-101-0/+11
| | | | | | | | | Add support for VHT capability overrides to allow testing connections with a subset of the VHT capabilities that are actually supported by the device. The only thing that isn't currently supported (by mac80211 and this code) is the RX/TX highest rate field. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
* Move cipher to enum wpa_cipher conversion into wpa_common.cJouni Malinen2013-01-131-2/+3
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* SAE: Free temporary buffers when moving to Accepted stateJouni Malinen2013-01-121-0/+1
| | | | | | | Most of the variables are not needed anymore once the SAE instance has entered Accepted state. Free these to save memory. Signed-hostap: Jouni Malinen <j@w1.fi>
* SAE: Remove duplicated SAE field debug dumpsJouni Malinen2013-01-121-1/+0
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* SAE: Allow enabled groups to be configuredJouni Malinen2013-01-121-2/+58
| | | | | | | | | hostapd.conf sae_groups parameter can now be used to limit the set of groups that the AP allows for SAE. Similarly, sae_groups parameter is wpa_supplicant.conf can be used to set the preferred order of groups. By default, all implemented groups are enabled. Signed-hostap: Jouni Malinen <j@w1.fi>
* SAE: Maintain EC group context in struct sae_dataJouni Malinen2013-01-121-0/+4
| | | | | | | This can be used to share same EC group context through the SAE exchange. Signed-hostap: Jouni Malinen <j@w1.fi>
* SAE: Add support for Anti-Clogging mechanismJouni Malinen2013-01-121-3/+24
| | | | | | | | | | | hostapd can now be configured to use anti-clogging mechanism based on the new sae_anti_clogging_threshold parameter (which is dot11RSNASAEAntiCloggingThreshold in the standard). The token is generated using a temporary key and the peer station's MAC address. wpa_supplicant will re-try SAE authentication with the token included if commit message is rejected with a token request. Signed-hostap: Jouni Malinen <j@w1.fi>
* SAE: Rename state variables to match IEEE 802.11 standardJouni Malinen2013-01-121-4/+5
| | | | | | | The enum values for struct sae_data::state now match the protocol instance states as defined in IEEE Std 802.11-2012, Signed-hostap: Jouni Malinen <j@w1.fi>
* SAE: Use PMK in 4-way handshakeJouni Malinen2013-01-121-0/+4
| | | | | | | Use the PMK that is derived as part of the SAE authentication in the 4-way handshake instead of the PSK. Signed-hostap: Jouni Malinen <j@w1.fi>
* SAE: Add processing of the confirm messageJouni Malinen2013-01-121-16/+1
| | | | | | This adds validation of the received confirm messages for SAE. Signed-hostap: Jouni Malinen <j@w1.fi>
* SAE: Add generation of the confirm message fieldsJouni Malinen2013-01-121-4/+2
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* SAE: Add processing of the commit messageJouni Malinen2013-01-121-19/+9
| | | | | | | This adds validation of the received commit messages and key derivation for SAE. Signed-hostap: Jouni Malinen <j@w1.fi>
* SAE: Add generation of the commit message fieldsJouni Malinen2013-01-121-8/+21
| | | | | | | This adds derivation of PWE and the needed commit values so that the full SAE commit message can be built. Signed-hostap: Jouni Malinen <j@w1.fi>
* SAE: Use a shared data structure for AP and stationJouni Malinen2013-01-121-7/+10
| | | | | | This makes it easier to share common functions for both roles. Signed-hostap: Jouni Malinen <j@w1.fi>
* Share a single function for building extended capabilities elementJouni Malinen2012-12-221-16/+7
| | | | | | | This makes it easier to update extended capabilities for all uses within wpa_supplicant. Signed-hostap: Jouni Malinen <j@w1.fi>
* WNM: Add WNM-Sleep Mode into Extended Capabilities elementJouni Malinen2012-12-161-6/+11
| | | | Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Mark sme_send_authentication() staticJouni Malinen2012-11-251-3/+3
| | | | | | This function is not used outside sme.c. Signed-hostap: Jouni Malinen <j@w1.fi>
* Allow PMF to be enabled by defaultJouni Malinen2012-11-241-3/+6
| | | | | | | | | | Previously, PMF (protected management frames, IEEE 802.11w) could be enabled only with a per-network parameter (ieee80211w). The new global parameter (pmf) can now be used to change the default behavior to be PMF enabled (pmf=1) or required (pmf=2) for network blocks that do not override this with the ieee80211w parameter. Signed-hostap: Jouni Malinen <j@w1.fi>
* Allow OBSS scan and 20/40 coex reports to non-SME driversAmitkumar Karwar2012-11-241-3/+8
| | | | | | | | We enable this feature for non-SME drivers as well if they explicitly indicate need for it. Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com>
* Allow OKC to be enabled by defaultJouni Malinen2012-11-121-1/+3
| | | | | | | | | | | Previously, OKC (opportunistic key caching, a.k.a. proactive key caching) could be enabled only with a per-network parameter (proactive_key_caching). The new global parameter (okc) can now be used to change the default behavior to be OKC enabled (okc=1) for network blocks that do not override this with the proactive_key_caching parameter. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* SAE: Add Finite Cyclic Group negotiation and Send-ConfirmJouni Malinen2012-10-061-9/+64
| | | | | | | | This replaces the previously used bogus test data in SAE messages with the first real field. The actual SAE authentication mechanism is still missing and the Scaler, Element, and Confirm fields are not included. Signed-hostap: Jouni Malinen <j@w1.fi>
* Add initial parts for SAEJouni Malinen2012-09-301-4/+120
| | | | | | | | | | | | | This introduces new AKM for SAE and FT-SAE and adds the initial parts for going through the SAE Authentication frame exchange. The actual SAE algorithm and new fields in Authentication frames are not yet included in this commit and will be added separately. This version is able to complete a dummy authentication with the correct authentication algorithm and transaction values to allow cfg80211/mac80211 drivers to be tested (all the missing parts can be handled with hostapd/wpa_supplicant changes). Signed-hostap: Jouni Malinen <j@w1.fi>
* Allow non-WPA IEEE 802.1X to be select even if WPA is also enabledJouni Malinen2012-08-151-0/+9
| | | | | | | | | | If key_mgmt was set to allow both WPA and non-WPA IEEE 802.1X (i.e., to IEEE8021X WPA-EAP), non-WPA IEEE 802.1X was rejected while preparing association parameters. Allow this special case to be handled by selecting non-WPA case if the scan results for the AP do not include either WPA or RSN elements. Signed-hostap: Jouni Malinen <j@w1.fi>
* Convert os_realloc() for an array to use os_realloc_array()Jouni Malinen2012-08-131-3/+3
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* Convert os_zalloc() for an array to use os_calloc()Jouni Malinen2012-08-131-1/+1
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* SME: Correctly check mode HT caps for enabling OBSS scanArik Nemtsov2012-08-111-3/+16
| | | | | | | | Don't assume the 11g mode is always first in the list of mode (sometimes it isn't). Traverse the array of modes and check the HT40 capability is turned on for 11g. Signed-hostap: Arik Nemtsov <arik@wizery.com>
* Set state to DISCONNECTED on auth/assoc failuresJouni Malinen2012-06-251-0/+2
| | | | | | | | | | | | | | Some of the authentication/association failure paths left wpa_state to its previous value. This can result in unexpected behavior when wpa_supplicant tries to find an AP to connect to since the uncleared state can result the in the selected BSS being ignored if it is same as the previously used BSS. This could happen, e.g., when wpa_supplicant SME was used and the AP rejected authentication. Fix this by explicitly setting state to DISCONNECTED on auth/assoc failures that did not yet do this. Signed-hostap: Jouni Malinen <j@w1.fi> intended-for: hostap-1
* HS 2.0: Add HS 2.0 Indication element into (Re)Association RequestJouni Malinen2012-05-081-0/+16
| | | | Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Scan only 2.4 GHz band for OBSS scansJouni Malinen2012-05-031-1/+43
| | | | | | | Since we are reporting 20/40 BSS coex information only for 2.4 GHz band, there is no need to run the full scan on dualband cards. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Add handling of OBSS scan requests and 20/40 BSS coex reportsRajkumar Manoharan2012-05-031-0/+216
| | | | | | | | | | | | | | | | Add support for HT STA to report 40 MHz intolerance to the associated AP. A HT station generates a report (20/40 BSS coexistence) of channel list if it finds a non-HT capable AP or a HT AP which prohibits 40 MHz transmission (i.e., 40 MHz intolerant bit is set in HT capabilities IE) from the scan results. Parse the OBSS scan parameter from Beacon or Probe Response frames and schedule periodic scan to generate 20/40 coexistence channel report if requested to do so. This patch decodes Scan Interval alone from the OBSS Scan Parameters element and triggers scan on timeout. Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com> Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Allow background scan period to be configuredBala Shanmugam2012-03-301-0/+2
| | | | | | | | A network block specific background scan period can now be configured for drivers that implement internal background scan mechanism for roaming and BSS selection. Signed-hostap: Bala Shanmugam <bkamatch@qca.qualcomm.com>
* Remove the GPL notification from files contributed by Jouni MalinenJouni Malinen2012-02-111-8/+2
| | | | | | | Remove the GPL notification text from the files that were initially contributed by myself. Signed-hostap: Jouni Malinen <j@w1.fi>
* Support HT capability overridesBen Greear2012-01-291-0/+11
| | | | | | | | | | | | | | | | | | | | | | This allows HT capabilities overrides on kernels that support these features. MCS Rates can be disabled to force to slower speeds when using HT. Rates cannot be forced higher. HT can be disabled, forcing an 802.11a/b/g/n station to act like an 802.11a/b/g station. HT40 can be disabled. MAX A-MSDU can be disabled. A-MPDU Factor and A-MPDU Density can be modified. Please note that these are suggestions to the kernel. Only mac80211 drivers will work at all. The A-MPDU Factor can only be decreased and the A-MPDU Density can only be increased currently. Signed-hostap: Ben Greear <greearb@candelatech.com>
* SME: Fix processing of Authentication timeout and failureEyal Shapira2012-01-291-2/+2
| | | | | | | | | | current_bss and pending_bssid weren't cleaned up so BSS kept appearing in the scan results even when it was actually gone. Use wpa_supplicant_mark_disassoc() to cleanup the wpa_s context instead of just dropping wpa_state back to DISCONNECTED. Reported-by: Vishal Mahaveer <vishalm@ti.com> Signed-hostap: Eyal Shapira <eyal@wizery.com>
* SME: Fix processing of Authentication timeoutJouni Malinen2011-12-041-0/+1
| | | | | | | The wpa_state needs to be dropped back to DISCONNECTED to allow scan results to trigger a new authentication attempt. Signed-hostap: Jouni Malinen <j@w1.fi>
* SME: Fix processing of Authentication request failureJouni Malinen2011-12-041-1/+2
| | | | | | | | | | The wpa_state needs to be dropped back to DISCONNECTED to allow scan results to trigger a new authentication attempt. In addition, we can use wpas_connection_failed() instead of requesting a scan after a fixed time to make this error case more consistent with other similar error paths in sme.c. Signed-hostap: Jouni Malinen <j@w1.fi>
* Use wpa_key_mgmt_*() helpersJouni Malinen2011-11-241-12/+3
| | | | | | | This cleans up the source code and makes it less likely that new AKM addition misses some needed changes in the future. Signed-hostap: Jouni Malinen <j@w1.fi>
* Mark local functions staticJouni Malinen2011-11-181-1/+1
| | | | | | These functions are not used outside the file in which they are defined. Signed-hostap: Jouni Malinen <j@w1.fi>
* Remove unnecessary include file inclusionJouni Malinen2011-11-131-1/+0
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* Add no_cck parameter for send_action() driver_opsJouni Malinen2011-10-291-1/+1
| | | | | | | | | This can be used to apply the no-CCK rule conditionally depending on which frame is being sent. The no-CCK rule applies only for P2P management frames while SA Query and FT use cases do not have similar restrictions. Signed-hostap: Jouni Malinen <j@w1.fi>
* Remove user space client MLMEJouni Malinen2011-10-221-2/+1
| | | | | | | | | This code was used only with driver_test.c to allow MLME operations in hostapd to be tested without having to use a real radio. There are no plans on extending this to any other use than testing and mac80211_hwsim has now obsoled the need for this type of testing. As such, we can drop this code from wpa_supplicant to clean up the implementation of unnecessary complexity.
* Add Extended Capability element to AssocReq for InterworkingJouni Malinen2011-10-161-0/+18
| | | | | If Interworking is enabled, add Extended Capability element to (Re)Association Request frames to indicate support for Interworking.
* Use sched_scan in driver initLuciano Coelho2011-10-151-0/+1
| | | | | | | | This patch uses sched_scan, if available, when the driver is initialized. It also adds a couple of cancel operations where appropriate. Signed-off-by: Luciano Coelho <coelho@ti.com>