path: root/src/ap/ieee802_11.c
Commit message (Collapse)AuthorAgeFilesLines
* mesh: Support simple SAE group negotiation caseJouni Malinen2016-05-301-0/+51
| | | | | | | | | | This allows the simplest case of SAE group negotiation to occur by selecting the next available group if the peer STA indicates the previous one was not supported. This is not yet sufficient to cover all cases, e.g., when both STAs need to change their groups, but at least some cases are no covered. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add assocresp_elements parameter for hostapdBala Krishna Bhamidipati2016-04-201-0/+8
| | | | | | | | This new parameter allows hostapd to add Vendor Specific elements into (Re)Association Response frames similarly to the way vendor_elements parameter can be used for Beacon and Probe Response frames. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Save RM enabled capability of stationDavid Spinadel2016-04-171-1/+12
| | | | | | | Save RM enabled capability element of an associating station if radio measurement is supported in its capability field. Signed-off-by: David Spinadel <david.spinadel@intel.com>
* hostapd: Handle Neighbor Report Request frameDavid Spinadel2016-04-171-0/+4
| | | | | | | Process Neighbor Report Request frame and send Neighbor Report Response frame based on the configured neighbor report data. Signed-off-by: David Spinadel <david.spinadel@intel.com>
* hostapd: Extend the configuration of RRM capabilitiesDavid Spinadel2016-04-161-2/+7
| | | | | | | | | | | | | Extend the radio_measurements parameter to save all the supported RRM capabilities as it's used in RM enabled capabilities element. Make this parameter not directly configurable via config file (though, keep the radio_measurements parameter for some time for backwards compatibility). Instead, add a configuration option to enable neighbor report via radio measurements. Other features can be added later as well. Signed-off-by: David Spinadel <david.spinadel@intel.com>
* Add POLL_STA command to check connectivity in AP modeJouni Malinen2016-04-081-0/+2
| | | | | | | | | The hostapd "POLL_STA <addr>" control interface command can be used to check whether an associated station ACKs a QoS Data frame. The received ACK for such a frame is reported as an event message ("AP-STA-POLL-OK <addr>"). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* AP: Pass station P2P PS capabilities info during station add/setAyala Beker2016-04-081-2/+3
| | | | | | | | | | | | If a legacy client with no P2P PS support is trying to connect to a P2P GO, the driver should know that, and change its PS behavior accordingly. Add a parameter to hostapd_sta_add_params() indicating if P2P PS is supported by the station and pass this parameter to kernel with nl80211 driver when the station is added/set. Signed-off-by: Ayala Beker <ayala.beker@intel.com>
* mesh: Add support for PMKSA cachingMasashi Honma2016-03-201-7/+21
| | | | | | | | | | | | | | | | | | | | | | | | | This patch add functionality of mesh SAE PMKSA caching. If the local STA already has peer's PMKSA entry in the cache, skip SAE authentication and start AMPE with the cached value. If the peer does not support PMKSA caching or does not have the local STA's PMKSA entry in the cache, AMPE will fail and the PMKSA cache entry of the peer will be removed. Then STA retries with ordinary SAE authentication. If the peer does not support PMKSA caching and the local STA uses no_auto_peer=1, the local STA can not retry SAE authentication because NEW_PEER_CANDIDATE event cannot start SAE authentication when no_auto_peer=1. So this patch extends MESH_PEER_ADD command to use duration(sec). Throughout the duration, the local STA can start SAE authentication triggered by NEW_PEER_CANDIDATE even though no_auto_peer=1. This commit requires commit 70c93963edefa37ef84b73efb9d04ea10268341c ('SAE: Fix PMKID calculation for PMKSA cache'). Without that commit, chosen PMK comparison will fail. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* AP: Save EAPOL received before Association Response ACKEliad Peller2016-03-061-0/+19
| | | | | | | | | | | | | There is a race condition in which AP might receive the EAPOL-Start frame (from the just-associated station) before the TX completion of the Association Response frame. This in turn will cause the EAPOL-Start frame to get dropped, and potentially failing the connection. Solve this by saving EAPOL frames from authenticated-but-not-associated stations, and handling them during the Association Response frame TX completion processing. Signed-off-by: Eliad Peller <eliad@wizery.com>
* AP: Store STA supported operating classes informationJouni Malinen2016-02-241-0/+3
| | | | | | | | | | | This makes hostapd track Supported Operating Classes information from the associated STAs. The stored information is available through the STA control interface command (supp_op_classes row) as a hexdump of the Supported Operating Classes element starting from the Length field. This information can be used as input to BSS transition management and channel switching decisions. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* AP: Debug print management frame TX resultDedy Lansky2016-02-221-2/+2
| | | | | | | Inside management frame TX status callback, print the TX result where it was missing. This is useful for debugging management frame drops. Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
* MBO: Mandate use of PMF for WPA2+MBO association (AP)Jouni Malinen2016-02-221-0/+10
| | | | | | | | If WPA2 and MBO are enabled, PMF needs to be enabled in hostapd configuration. If PMF is optional in the configuration, an MBO STA is required to negotiate use of PMF. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* MBO: Track STA cellular data capability from association requestJouni Malinen2016-02-221-0/+3
| | | | | | | | This makes hostapd parse the MBO attribute in (Re)Association Request frame and track the cellular data capability (mbo_cell_capa=<val> in STA control interface command). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Add MBO IE to Beacon, Probe Response, Association ResponseAvraham Stern2016-02-221-0/+9
| | | | | | | | | | | | | | | | | | Add MBO IE with AP capability attribute to Beacon, Probe Response, and (Re)Association Response frames to indicate the AP supports MBO. Add option to add Association Disallowed attribute to Beacon, Probe Response, and (Re)Association Response frames. Usage: SET mbo_assoc_disallow <reason code> Valid reason code values are between 1-5. Setting the reason code to 0 will remove the Association Disallowed attribute from the MBO IE and will allow new associations. MBO functionality is enabled by setting "mbo=1" in the config file. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* AP: Set STA assoc flag in the driver before sending Assoc Resp frameAndrei Otcheretianski2016-02-201-66/+97
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, stations were added to the driver only after the (Re)Association Response frame was acked. In the time period between the station has acked the (Re)Association Response frame and the time the station was added to the kernel, the station can already start sending Data frames, which will be dropped by the hardware/driver. In addition to the data loss, the driver may ignore NDPs with PM bit set from this STA. Fix this by setting/adding the STA with associated flag set to the driver before the AP sends the (Re)Association Response frame with status success. If the (Re)Association Response frame wasn't acked, remove the station from the driver. Note that setting a station to associated state before the non-AP station acknowledges the (Re)Association Response frame is not compliant with the IEEE 802.11 standard that specifically states that a non-AP station should transition to authenticated/associated state only after it acknowledged the (Re)Association Response frame. However, this is a justifiable simplification to work around the issue described above since 1. The station will be removed in case it does not acknowledge the (Re)Association Response frame. 2. All Data frames would be dropped until the station is set to authorized state and there are no known issues with processing the other Class 3 frames during the short window before the acknowledgement is seen. Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
* AP: Add support for full station stateAyala Beker2016-02-201-67/+192
| | | | | | | | | | | | | Add support for drivers that support full AP client state, i.e., can handle adding stations that are not associated yet. For such drivers, add a station after processing the authentication request, instead of adding it in the association response callback. Doing so is beneficial in cases where the driver cannot handle the add station request, in which case it is useless to perform the complete connection establishment. Signed-off-by: Ayala Beker <ayala.beker@intel.com>
* Use os_get_random() for Shared Key authentication challengeNick Lowe2016-02-191-6/+7
| | | | | | | | | Do not use the system clock or os_random() that uses a low quality PRNG as part of the pseudo-random challenge in auth_shared_key(). The construction can be improved upon by replacing it with a call to os_get_random(), which uses a high quality PRNG. Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
* mesh: Drop Authentication frames from BLOCKED STAMasashi Honma2016-02-181-1/+10
| | | | | | | Previously, only mesh Action frames from BLOCKED STA were dropped. Extend that to drop Authentication frames as well. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* SAE: Fix PMKID calculation for PMKSA cacheMasashi Honma2016-02-181-1/+1
| | | | | | | | The SAE PMKID is calculated with IEEE Std 802.11-2012, but the PMKID was re-calculated with and saved into PMKSA cache. Fix this to save the PMKID calculated with into the PMKSA cache. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* VLAN: Add per-STA vif optionMichael Braun2016-02-171-15/+15
| | | | | | | | This allows the stations to be assigned to their own vif. It does not need dynamic_vlan to be set. Make hostapd call ap_sta_set_vlan even if !vlan_desc.notempty, so vlan_id can be assigned regardless. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
* radius: Add tagged VLAN parsingMichael Braun2016-02-171-2/+3
| | | | | | | | | | | | | | 1. Add tagged VLAN to struct vlan_description (compile limited number of tagged VLANs per description) For k tagged VLANs, the first k entries in vlan_description.tagged are used. They are sorted in ascending order. All other entries are zero. This way os_memcmp() can find identical configurations. 2. Let tagged VLANs be parsed from RADIUS Access-Accept 3. Print VLAN %d+ with %d=untagged VID if tagged VLANs are set 4. Select an unused vlan_id > 4096 for new tagged VLAN configurations 5. Add EGRESS_VLAN RADIUS attribute parsing also for untagged VLANs Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
* VLAN: Separate station grouping and uplink configurationMichael Braun2016-02-171-7/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Separate uplink configuration (IEEE 802.1q VID) and grouping of stations into AP_VLAN interfaces. The int vlan_id will continue to identify the AP_VLAN interface the station should be assigned to. Each AP_VLAN interface corresponds to an instance of struct hostapd_vlan that is uniquely identified by int vlan_id within an BSS. New: Each station and struct hostapd_vlan holds a struct vlan_description vlan_desc member that describes the uplink configuration requested. Currently this is just an int untagged IEEE 802.1q VID, but can be extended to tagged VLANs and other settings easily. When the station was about to be assigned its vlan_id, vlan_desc and vlan_id will now be set simultaneously by ap_sta_set_vlan(). So sta->vlan_id can still be tested for whether the station needs to be moved to an AP_VLAN interface. To ease addition of tagged VLAN support, a member notempty is added to struct vlan_description. Is is set to 1 if an untagged or tagged VLAN assignment is requested and needs to be validated. The inverted form allows os_zalloc() to initialize an empty description. Though not depended on by the code, vlan_id assignment ensures: * vlan_id = 0 will continue to mean no AP_VLAN interface * vlan_id < 4096 will continue to mean vlan_id = untagged vlan id with no per_sta_vif and no extra tagged vlan. * vlan_id > 4096 will be used for per_sta_vif and/or tagged vlans. This way struct wpa_group and drivers API do not need to be changed in order to implement tagged VLANs or per_sta_vif support. DYNAMIC_VLAN_* will refer to (struct vlan_description).notempty only, thus grouping of the stations for per_sta_vif can be used with DYNAMIC_VLAN_DISABLED, but not with CONFIG_NO_VLAN, as struct hostapd_vlan is still used to manage AP_VLAN interfaces. MAX_VLAN_ID will be checked in hostapd_vlan_valid and during setup of VLAN interfaces and refer to IEEE 802.1q VID. VLAN_ID_WILDCARD will continue to refer to int vlan_id. Renaming vlan_id to vlan_desc when type changed from int to struct vlan_description was avoided when vlan_id was also used in a way that did not depend on its type (for example, when passed to another function). Output of "VLAN ID %d" continues to refer to int vlan_id, while "VLAN %d" will refer to untagged IEEE 802.1q VID. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
* Fix wpa_supplicant AP mode P2P IE handling if P2P is disabledJouni Malinen2016-01-011-1/+1
| | | | | | | | | | | | If P2P support is included in wpa_supplicant build (CONFIG_P2P=y), but P2P functionality is explicitly disabled (e.g., "P2P_SET disabled 1"), couple of AP management frame processing steps did not check against hapd->p2p_group being NULL and could end up dereferencing a NULL pointer if a Probe Request frame or (Re)Association Request frame was received with a P2P IE in it. Fix this by skipping these steps if hapd->p2p_group is NULL. Signed-off-by: Jouni Malinen <j@w1.fi>
* HS 2.0: Postpone WNM-Notification sending by 100 msJouni Malinen2015-12-311-1/+1
| | | | | | | | | | | | | | This makes it somewhat easier for the station to be able to receive and process the encrypted WNM-Notification frames that the AP previously sentt immediately after receiving EAPOL-Key msg 4/4. While the station is supposed to have the TK configured for receive before sending out EAPOL-Key msg 4/4, not many actual implementations do that. As such, there is a race condition in being able to configure the key at the station and the AP sending out the first encrypted frame after EAPOL-Key 4/4. The extra 100 ms time here makes it more likely for the station to have managed to configure the key in time. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* mesh: Generate proper AID for peerBob Copeland2015-10-051-1/+1
| | | | | | | | | IEEE Std 802.11-2012 13.3.1 states that the AID should be generated on the local node for each peer. Previously, we were using the peer link ID (generated by the peer) which may not be unique among all peers. Correct this by reusing the AP AID generation code. Signed-off-by: Bob Copeland <me@bobcopeland.com>
* P2P: Implement P2P_GO_FREQ_MOVE_SCM_ECSA policyAndrei Otcheretianski2015-10-031-0/+3
| | | | | | | | Add new GO frequency move policy. The P2P_GO_FREQ_MOVE_SCM_ECSA prefers SCM if all the clients advertise eCSA support and the candidate frequency is one of the group common frequencies. Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
* Do not copy STA VHT capabilities if VHT is not enabled for APAshok Raj Nagarajan2015-09-231-6/+8
| | | | | | | | | | | Previously, station's VHT information elements were copied and passed regardless of the AP's VHT configuration. As a result, AP with VHT disabled in configuration could have ended up transmitting packets in VHT rates though AP is not advertising VHT support. Fix this by copying the station's VHT capabilities only when AP supports VHT (both hardware and configuration). Signed-off-by: Ashok Raj Nagarajan <arnagara@qti.qualcomm.com>
* Add station tracking based on other management frame subtypesJouni Malinen2015-09-051-0/+3
| | | | | | | | This extends the previous tracking design to add a station entry based on other management frames than Probe Request frames. For example, this covers a case where the station is using passive scanning. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add option to reject authentication on 2.4 GHz from dualband STAJouni Malinen2015-09-051-0/+56
| | | | | | | | | | | | | | | | | | The new no_auth_if_seen_on=<ifname> parameter can now be used to configure hostapd to reject authentication from a station that was seen on another radio. This can be used with enabled track_sta_max_num configuration on another interface controlled by the same hostapd process to reject authentication attempts from a station that has been detected to be capable of operating on another band, e.g., to try to reduce likelihood of the station selecting a 2.4 GHz BSS when the AP operates both a 2.4 GHz and 5 GHz BSS concurrently. Note: Enabling this can cause connectivity issues and increase latency for connecting with the AP. Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Fix mesh SAE auth on low spec devicesMasashi Honma2015-08-021-4/+5
| | | | | | | | | | | | | | | | | | | | | | | | | The mesh SAE auth often fails with master branch. By bisect I found commit eb5fee0bf50444419ac12d3c7f38f27a47523a47 ('SAE: Add side-channel protection to PWE derivation with ECC') causes this issue. This does not mean the commit has a bug. This is just a CPU resource issue. After the commit, sae_derive_pwe_ecc() spends 101(msec) on my PC (Intel Atom N270 1.6GHz). But dot11RSNASAERetransPeriod is 40(msec). So auth_sae_retransmit_timer() is always called and it can causes continuous frame exchanges. Before the commit, it was 23(msec). On the IEEE 802.11 spec, the default value of dot11RSNASAERetransPeriod is defined as 40(msec). But it looks short because generally mesh functionality will be used on low spec devices. Indeed Raspberry Pi B+ (ARM ARM1176JZF-S 700MHz) requires 287(msec) for new sae_derive_pwe_ecc(). So this patch makes the default to 1000(msec) and makes it configurable. This issue does not occur on infrastructure SAE because the dot11RSNASAERetransPeriod is not used on it. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* Add build option to remove all internal RC4 usesJouni Malinen2015-08-021-0/+14
| | | | | | | | | | | | The new CONFIG_NO_RC4=y build option can be used to remove all internal hostapd and wpa_supplicant uses of RC4. It should be noted that external uses (e.g., within a TLS library) do not get disabled when doing this. This removes capability of supporting WPA/TKIP, dynamic WEP keys with IEEE 802.1X, WEP shared key authentication, and MSCHAPv2 password changes. Signed-off-by: Jouni Malinen <j@w1.fi>
* FST: Print reason for ignoring FST Action frame in debug logJouni Malinen2015-07-251-0/+3
| | | | | | This makes it easier to understand why some frames are not processed. Signed-off-by: Jouni Malinen <j@w1.fi>
* FST: Add FST IEs into AP mode management framesAnton Nayshtut2015-07-161-0/+8
| | | | | | | This adds the FST IEs received from the FST module into Beacon, Probe Response, and (Re)Association Response frames. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FST: Send FST Action frames to AP mode processingAnton Nayshtut2015-07-161-0/+7
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FST: Store MB IEs from (Re)Association RequestAnton Nayshtut2015-07-161-0/+8
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* SAE: Verify that own/peer commit-scalar and COMMIT-ELEMENT are differentJouni Malinen2015-06-231-0/+6
| | | | | | | | | This check explicitly for reflection attack and stops authentication immediately if that is detected instead of continuing to the following 4-way handshake that would fail due to the attacker not knowing the key from the SAE exchange. Signed-off-by: Jouni Malinen <j@w1.fi>
* Check Public Action length explicitly before reading Action CodeJouni Malinen2015-05-031-1/+2
| | | | | | | | | | | In theory, the previous version could have resulted in reading one byte beyond the end of the management frame RX buffer if the local driver were to deliver a truncated Public Action frame for processing. In practice, this did not seem to happen with mac80211-based drivers and even if it were, the extra octet would be an uninitialized value in a buffer rather than read beyond the end of the buffer. Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Retransmit the last Commit Message in the Committed stateMasashi Honma2015-04-251-1/+1
| | | | | | | | | | | | | | | Previously, mesh state machine transmits updated Commit Message when receiving a Confirm Message in Committed state. According to the standard, it should (re)send the latest Commit Message previously sent. IEEE Std 802.11-2012, Protocol instance behavior - Committed state: "Upon receipt of a Con event, ... If Sync is not greater than dot11RSNASAESync, the protocol instance shall increment Sync, transmit the last Commit Message sent to the peer, and set the t0 (retransmission) timer." Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* Simplify VHT Capabilities element parsingJouni Malinen2015-04-221-2/+1
| | | | | | | Check the element length in the parser and remove the length field from struct ieee802_11_elems since the element is of fixed length. Signed-off-by: Jouni Malinen <j@w1.fi>
* Simplify HT Capabilities element parsingJouni Malinen2015-04-221-2/+1
| | | | | | | Check the element length in the parser and remove the length field from struct ieee802_11_elems since the element is of fixed length. Signed-off-by: Jouni Malinen <j@w1.fi>
* Remove unused leftover from multi-SSID designJouni Malinen2015-04-221-18/+3
| | | | | | | | | | The multi-SSID design that used a single beaconing BSSID with multiple SSIDs was never completed in this repository, so there is no need to maintain the per-STA ssid/ssid_probe pointers that could only point to &hapd->conf->ssid. Save some memory and reduce code complexity by removing this unused partial capability. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Remove VLAN interface on STA freeMichael Braun2015-04-131-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, vlan_remove_dynamic() is only called when the station VLAN ID is changed (ap_sta_bind_vlan), but not when the station is freed. So dynamic VLAN interfaces are not removed actually except within 1x reauthentification VLAN ID change, although most of the code is already there. This patch fixes this by calling vlan_remove_dynamic() in ap_free_sta(). It cannot just use sta->vlan_id for this, as this might have been changed without calling ap_sta_bind_vlan() (ap/ieee802_11.c:handle_auth fetches from RADIUS cache for WPA-PSK), thus reference counting might not have been updated. Additionally, reference counting might get wrong due to old_vlanid = 0 being passed unconditionally, thus increasing the reference counter multiple times. So tracking the currently assigned (i.e., dynamic_vlan counter increased) VLAN is done in a new variable sta->vlan_id_bound. Therefore, the old_vlan_id argument of ap_sta_bind_vlan() is no longer needed and setting the VLAN for the sta in driver happens unconditionally. Additionally, vlan->dynamic_vlan is only incremented when it actually is a dynamic VLAN. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
* hostapd: Add vendor specific VHT extension for the 2.4 GHz bandYanbo Li2015-01-131-2/+16
| | | | | | | | | | | | This allows vendor specific information element to be used to advertise support for VHT on 2.4 GHz band. In practice, this is used to enable use of 256 QAM rates (VHT-MCS 8 and 9) on 2.4 GHz band. This functionality is disabled by default, but can be enabled with vendor_vht=1 parameter in hostapd.conf if the driver advertises support for VHT on either 2.4 or 5 GHz bands. Signed-off-by: Yanbo Li <yanbol@qti.qualcomm.com>
* SAE: Implement retransmission timerBob Copeland2015-01-101-1/+92
| | | | | | | | Add the t0 retransmission timer as specified by IEEE Std 802.11-2012, This makes SAE much more likely to succeed in the case of lost frames. Signed-off-by: Bob Copeland <me@bobcopeland.com>
* SAE: Centralize function for sending initial COMMITBob Copeland2015-01-101-0/+31
| | | | | | | | | | | | When performing SAE authentication in mesh, one station may initiate authentication by sending a COMMIT as soon as a peer candidate is discovered. Previously we did this in mesh_rsn.c, but this left some of the state initialization in a different part of the code from the rest of the state machine, and we may need to add other initializations here in the future, so move that to a more central function. Signed-off-by: Bob Copeland <me@bobcopeland.com>
* mesh: Delay Authentication frame process with no_auto_peerJouni Malinen2014-12-231-0/+10
| | | | | | | | | | | | There is a possible race condition between receiving the NEW_PEER_CANDIDATE event and the Authentication frame from the peer. Previously, if the Authentication frame RX event was indicated first, that frame got dropped silently. Now, this frame is still dropped, but a copy of it is stored and the frame gets processed on the following NEW_PEER_CANDIDATE event if that is received for the same peer within two seconds. Signed-off-by: Jouni Malinen <j@w1.fi>
* SAE: Check Status Code in Authentication framesJouni Malinen2014-12-141-11/+21
| | | | | | | | | | | | | | | | | | | While other authentication algorithms mark Status Code as being Reserved in the case of the transaction number 1, SAE does not. Check that the Status Code indicates success before creating SAE state. In addition, fix the mesh anti-clogging token request parsing on big endian CPUs. Transaction number 2 (confirm) can also have non-zero Status Code to report an error. Those should be processed, but not replied to with yet another error message. This could happen in mesh case. Avoid a loop of error messages by dropping the non-success case without additional response. In addition, don't reply to unknown transaction numbers if the status code is non-zero. This avoids a loop of error messages if an invalid frame where to be injected (or unlikely corruption were to occur). Signed-off-by: Jouni Malinen <j@w1.fi>
* RRM: Add AP mode minimal advertisement support for testingJouni Malinen2014-12-121-0/+3
| | | | | | | | | | The new hostapd.conf radio_measurements parameter can now be used to configure a test build to advertise support for radio measurements with neighbor report enabled. There is no real functionality that would actually process the request, i.e., this only for the purpose of minimal STA side testing for now. Signed-off-by: Jouni Malinen <j@w1.fi>
* SAE: Fix Anti-Clogging Token request frame formatMasashi Honma2014-11-251-7/+26
| | | | | | | | This commit inserts Finite Cyclic Group to Anti-Clogging Token request frame because IEEE Std 802.11-2012, Table 8-29 says "Finite Cyclic Group is present if Status is zero or 76". Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* mesh: Fix SAE anti-clogging functionality for meshMasashi Honma2014-11-251-8/+43
| | | | | | | | The mesh anti-clogging functionality is implemented partially. This patch fixes to parse anti-clogging request frame and use anti-clogging token. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>