diff options
| author | Dmitry Shmidt <dimitrysh@google.com> | 2015-04-28 10:34:29 -0700 |
|---|---|---|
| committer | Dmitry Shmidt <dimitrysh@google.com> | 2015-04-28 10:34:29 -0700 |
| commit | 1d755d025b206e22b06aeb322e25a79f98ca7777 (patch) | |
| tree | 64b3363a5e8e9fa8ee1f52b868300030584cc109 | |
| parent | 1eb02edb319d462031f0c2f1f3548498558e95a5 (diff) | |
| download | android_external_wpa_supplicant_8-1d755d025b206e22b06aeb322e25a79f98ca7777.tar.gz android_external_wpa_supplicant_8-1d755d025b206e22b06aeb322e25a79f98ca7777.tar.bz2 android_external_wpa_supplicant_8-1d755d025b206e22b06aeb322e25a79f98ca7777.zip | |
Cumulative patch from commit 01a025937c67f0eca6021d94b8ec3b144f8b1730
01a0259 WPS: Add support for 60 GHz band
0ef1e29 WPS: Fix shorter authentication timeout during no-SelReg iteration
3465176 nl80211: Verify that cipher suite conversion succeeds
a250722 Try to set PMK only with key mgmt offload support in the driver
4a7ce98 Make IPv6 NA multicast-to-unicast conversion configurable
9f390f4 Interworking: Fix network selection warning without SIM/USIM support
a0ad9e8 Remove WPA per-VLAN groups when no more stations remain
87b5b53 Make VLAN ID available in STA info over control interface
5678a2d P2P: Allow wpa_supplicant to start if social channels are not supported
209214b vlan: Move CONFIG_FULL_DYNAMIC_VLAN includes to proper places
a6da824 Do not use C++ reserved words as variable names
eaa3728 wpa_gui: Themed icon loader
9a3cb41 Fix wpa_priv (CONFIG_PRIVSEP=y) build
8b423ed Declare all read only data structures as const
fd4fb28 OpenSSL: Try to ensure we don't throw away the PIN unnecessarily
fabc6dd mesh: Retransmit the last Commit Message in the Committed state
068669f vlan: Verify RADIUS returned VLAN-ID and dynamic_vlan=required
5add410 WPS: Use shorter authentication timeout during no-SelReg iteration
e7d2034 WPS: Enforce five second minimum time before AP iteration
bd143cc Remove trailing whitespace from Makefile
74802c0 P2P: Do not create a P2P Device interface if P2P is disabled
579674e Document p2p_disabled option in wpa_supplicant.conf
8ea8a89 nl80211: Extend unique MAC address assignment for station iftype
Change-Id: I8bc8a63f37c0892b83376b9d5a5859827ae50554
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
58 files changed, 463 insertions, 212 deletions
diff --git a/hostapd/config_file.c b/hostapd/config_file.c index 11866445..0c1f401b 100644 --- a/hostapd/config_file.c +++ b/hostapd/config_file.c @@ -2545,7 +2545,9 @@ static int hostapd_config_fill(struct hostapd_config *conf, return 1; } } else if (os_strcmp(buf, "wps_rf_bands") == 0) { - if (os_strcmp(pos, "a") == 0) + if (os_strcmp(pos, "ad") == 0) + bss->wps_rf_bands = WPS_RF_60GHZ; + else if (os_strcmp(pos, "a") == 0) bss->wps_rf_bands = WPS_RF_50GHZ; else if (os_strcmp(pos, "g") == 0 || os_strcmp(pos, "b") == 0) @@ -3138,6 +3140,8 @@ static int hostapd_config_fill(struct hostapd_config *conf, bss->disable_dgaf = atoi(pos); } else if (os_strcmp(buf, "proxy_arp") == 0) { bss->proxy_arp = atoi(pos); + } else if (os_strcmp(buf, "na_mcast_to_ucast") == 0) { + bss->na_mcast_to_ucast = atoi(pos); } else if (os_strcmp(buf, "osen") == 0) { bss->osen = atoi(pos); } else if (os_strcmp(buf, "anqp_domain_id") == 0) { diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf index 90d15232..5c6b28d0 100644 --- a/hostapd/hostapd.conf +++ b/hostapd/hostapd.conf @@ -1433,7 +1433,7 @@ own_ip_addr=127.0.0.1 # 12-digit, all-numeric code that identifies the consumer package. #upc=123456789012 -# WPS RF Bands (a = 5G, b = 2.4G, g = 2.4G, ag = dual band) +# WPS RF Bands (a = 5G, b = 2.4G, g = 2.4G, ag = dual band, ad = 60 GHz) # This value should be set according to RF band(s) supported by the AP if # hw_mode is not set. For dual band dual concurrent devices, this needs to be # set to ag to allow both RF bands to be advertized. @@ -1493,6 +1493,13 @@ own_ip_addr=127.0.0.1 # 1 = enabled #proxy_arp=1 +# IPv6 Neighbor Advertisement multicast-to-unicast conversion +# This can be used with Proxy ARP to allow multicast NAs to be forwarded to +# associated STAs using link layer unicast delivery. +# 0 = disabled (default) +# 1 = enabled +#na_mcast_to_ucast=0 + ##### IEEE 802.11u-2011 ####################################################### # Enable Interworking service diff --git a/hostapd/hostapd_cli.c b/hostapd/hostapd_cli.c index 719d021c..e2991836 100644 --- a/hostapd/hostapd_cli.c +++ b/hostapd/hostapd_cli.c @@ -17,16 +17,16 @@ #include "common/version.h" -static const char *hostapd_cli_version = +static const char *const hostapd_cli_version = "hostapd_cli v" VERSION_STR "\n" "Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi> and contributors"; -static const char *hostapd_cli_license = +static const char *const hostapd_cli_license = "This software may be distributed under the terms of the BSD license.\n" "See README for more details.\n"; -static const char *hostapd_cli_full_license = +static const char *const hostapd_cli_full_license = "This software may be distributed under the terms of the BSD license.\n" "\n" "Redistribution and use in source and binary forms, with or without\n" @@ -57,7 +57,7 @@ static const char *hostapd_cli_full_license = "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n" "\n"; -static const char *commands_help = +static const char *const commands_help = "Commands:\n" " mib get MIB variables (dot1x, dot11, radius)\n" " sta <addr> get MIB variables for one station\n" @@ -1015,7 +1015,7 @@ struct hostapd_cli_cmd { int (*handler)(struct wpa_ctrl *ctrl, int argc, char *argv[]); }; -static struct hostapd_cli_cmd hostapd_cli_commands[] = { +static const struct hostapd_cli_cmd hostapd_cli_commands[] = { { "ping", hostapd_cli_cmd_ping }, { "mib", hostapd_cli_cmd_mib }, { "relog", hostapd_cli_cmd_relog }, @@ -1070,7 +1070,7 @@ static struct hostapd_cli_cmd hostapd_cli_commands[] = { static void wpa_request(struct wpa_ctrl *ctrl, int argc, char *argv[]) { - struct hostapd_cli_cmd *cmd, *match = NULL; + const struct hostapd_cli_cmd *cmd, *match = NULL; int count; count = 0; diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c index cccbfabb..c44f70d6 100644 --- a/src/ap/ap_config.c +++ b/src/ap/ap_config.c @@ -819,9 +819,9 @@ static int hostapd_config_check_bss(struct hostapd_bss_config *bss, if (full_config && bss->wps_state && bss->wpa && (!(bss->wpa & 2) || - !(bss->rsn_pairwise & WPA_CIPHER_CCMP))) { + !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)))) { wpa_printf(MSG_INFO, "WPS: WPA/TKIP configuration without " - "WPA2/CCMP forced WPS to be disabled"); + "WPA2/CCMP/GCMP forced WPS to be disabled"); bss->wps_state = 0; } #endif /* CONFIG_WPS */ diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h index 7b4a7eaa..c3573a48 100644 --- a/src/ap/ap_config.h +++ b/src/ap/ap_config.h @@ -490,6 +490,7 @@ struct hostapd_bss_config { int osen; int proxy_arp; + int na_mcast_to_ucast; #ifdef CONFIG_HS20 int hs20; int disable_dgaf; diff --git a/src/ap/ctrl_iface_ap.c b/src/ap/ctrl_iface_ap.c index 41ab9882..60afcb08 100644 --- a/src/ap/ctrl_iface_ap.c +++ b/src/ap/ctrl_iface_ap.c @@ -153,6 +153,13 @@ static int hostapd_ctrl_iface_sta_mib(struct hostapd_data *hapd, } #endif /* CONFIG_SAE */ + if (sta->vlan_id > 0) { + res = os_snprintf(buf + len, buflen - len, "vlan_id=%d\n", + sta->vlan_id); + if (!os_snprintf_error(buflen - len, res)) + len += res; + } + return len; } diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index 5b265584..9e7d70de 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -609,7 +609,7 @@ static int sae_sm_step(struct hostapd_data *hapd, struct sta_info *sta, return WLAN_STATUS_SUCCESS; sta->sae->sync++; - ret = auth_sae_send_commit(hapd, sta, bssid, 1); + ret = auth_sae_send_commit(hapd, sta, bssid, 0); if (ret) return ret; diff --git a/src/ap/ieee802_11_auth.c b/src/ap/ieee802_11_auth.c index 56c3ce03..0238257d 100644 --- a/src/ap/ieee802_11_auth.c +++ b/src/ap/ieee802_11_auth.c @@ -561,6 +561,19 @@ hostapd_acl_recv_radius(struct radius_msg *msg, struct radius_msg *req, if (hapd->conf->wpa_psk_radius == PSK_RADIUS_REQUIRED && !cache->psk) cache->accepted = HOSTAPD_ACL_REJECT; + + if (cache->vlan_id && + !hostapd_vlan_id_valid(hapd->conf->vlan, cache->vlan_id)) { + hostapd_logger(hapd, query->addr, + HOSTAPD_MODULE_RADIUS, + HOSTAPD_LEVEL_INFO, + "Invalid VLAN ID %d received from RADIUS server", + cache->vlan_id); + cache->vlan_id = 0; + } + if (hapd->conf->ssid.dynamic_vlan == DYNAMIC_VLAN_REQUIRED && + !cache->vlan_id) + cache->accepted = HOSTAPD_ACL_REJECT; } else cache->accepted = HOSTAPD_ACL_REJECT; cache->next = hapd->acl_cache; diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c index 863a5398..ef268345 100644 --- a/src/ap/ieee802_1x.c +++ b/src/ap/ieee802_1x.c @@ -1285,7 +1285,7 @@ static void ieee802_1x_store_radius_class(struct hostapd_data *hapd, struct sta_info *sta, struct radius_msg *msg) { - u8 *class; + u8 *attr_class; size_t class_len; struct eapol_state_machine *sm = sta->eapol_sm; int count, i; @@ -1307,12 +1307,12 @@ static void ieee802_1x_store_radius_class(struct hostapd_data *hapd, nclass_count = 0; - class = NULL; + attr_class = NULL; for (i = 0; i < count; i++) { do { if (radius_msg_get_attr_ptr(msg, RADIUS_ATTR_CLASS, - &class, &class_len, - class) < 0) { + &attr_class, &class_len, + attr_class) < 0) { i = count; break; } @@ -1322,7 +1322,7 @@ static void ieee802_1x_store_radius_class(struct hostapd_data *hapd, if (nclass[nclass_count].data == NULL) break; - os_memcpy(nclass[nclass_count].data, class, class_len); + os_memcpy(nclass[nclass_count].data, attr_class, class_len); nclass[nclass_count].len = class_len; nclass_count++; } @@ -2342,9 +2342,9 @@ void ieee802_1x_notify_pre_auth(struct eapol_state_machine *sm, int pre_auth) } -static const char * bool_txt(Boolean bool) +static const char * bool_txt(Boolean val) { - return bool ? "TRUE" : "FALSE"; + return val ? "TRUE" : "FALSE"; } diff --git a/src/ap/ndisc_snoop.c b/src/ap/ndisc_snoop.c index b0d42dcd..0adcc97d 100644 --- a/src/ap/ndisc_snoop.c +++ b/src/ap/ndisc_snoop.c @@ -81,6 +81,18 @@ static int sta_has_ip6addr(struct sta_info *sta, struct in6_addr *addr) } +static void ucast_to_stas(struct hostapd_data *hapd, const u8 *buf, size_t len) +{ + struct sta_info *sta; + + for (sta = hapd->sta_list; sta; sta = sta->next) { + if (!(sta->flags & WLAN_STA_AUTHORIZED)) + continue; + x_snoop_mcast_to_ucast_convert_send(hapd, sta, (u8 *) buf, len); + } +} + + static void handle_ndisc(void *ctx, const u8 *src_addr, const u8 *buf, size_t len) { @@ -133,16 +145,12 @@ static void handle_ndisc(void *ctx, const u8 *src_addr, const u8 *buf, } break; case ROUTER_ADVERTISEMENT: - if (!hapd->conf->disable_dgaf) - return; - /* fall through */ + if (hapd->conf->disable_dgaf) + ucast_to_stas(hapd, buf, len); + break; case NEIGHBOR_ADVERTISEMENT: - for (sta = hapd->sta_list; sta; sta = sta->next) { - if (!(sta->flags & WLAN_STA_AUTHORIZED)) - continue; - x_snoop_mcast_to_ucast_convert_send(hapd, sta, - (u8 *) buf, len); - } + if (hapd->conf->na_mcast_to_ucast) + ucast_to_stas(hapd, buf, len); break; default: break; diff --git a/src/ap/vlan_init.c b/src/ap/vlan_init.c index baabbe33..b89a1f43 100644 --- a/src/ap/vlan_init.c +++ b/src/ap/vlan_init.c @@ -9,6 +9,13 @@ */ #include "utils/includes.h" +#ifdef CONFIG_FULL_DYNAMIC_VLAN +#include <net/if.h> +#include <sys/ioctl.h> +#include <linux/sockios.h> +#include <linux/if_vlan.h> +#include <linux/if_bridge.h> +#endif /* CONFIG_FULL_DYNAMIC_VLAN */ #include "utils/common.h" #include "hostapd.h" @@ -20,12 +27,6 @@ #ifdef CONFIG_FULL_DYNAMIC_VLAN -#include <net/if.h> -#include <sys/ioctl.h> -#include <linux/sockios.h> -#include <linux/if_vlan.h> -#include <linux/if_bridge.h> - #include "drivers/priv_netlink.h" #include "utils/eloop.h" diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index b83b4600..f23a57a0 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -45,6 +45,12 @@ static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth, struct wpa_group *group); static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce, const u8 *pmk, struct wpa_ptk *ptk); +static void wpa_group_free(struct wpa_authenticator *wpa_auth, + struct wpa_group *group); +static void wpa_group_get(struct wpa_authenticator *wpa_auth, + struct wpa_group *group); +static void wpa_group_put(struct wpa_authenticator *wpa_auth, + struct wpa_group *group); static const u32 dot11RSNAConfigGroupUpdateCount = 4; static const u32 dot11RSNAConfigPairwiseUpdateCount = 4; @@ -262,15 +268,22 @@ static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx) static void wpa_rekey_gtk(void *eloop_ctx, void *timeout_ctx) { struct wpa_authenticator *wpa_auth = eloop_ctx; - struct wpa_group *group; + struct wpa_group *group, *next; wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "rekeying GTK"); - for (group = wpa_auth->group; group; group = group->next) { + group = wpa_auth->group; + while (group) { + wpa_group_get(wpa_auth, group); + group->GTKReKey = TRUE; do { group->changed = FALSE; wpa_group_sm_step(wpa_auth, group); } while (group->changed); + + next = group->next; + wpa_group_put(wpa_auth, group); + group = next; } if (wpa_auth->conf.wpa_group_rekey) { @@ -573,6 +586,7 @@ wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr, sm->wpa_auth = wpa_auth; sm->group = wpa_auth->group; + wpa_group_get(sm->wpa_auth, sm->group); return sm; } @@ -651,6 +665,7 @@ static void wpa_free_sta_sm(struct wpa_state_machine *sm) #endif /* CONFIG_IEEE80211R */ os_free(sm->last_rx_eapol_key); os_free(sm->wpa_ie); + wpa_group_put(sm->wpa_auth, sm->group); os_free(sm); } @@ -2994,9 +3009,9 @@ void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth) } -static const char * wpa_bool_txt(int bool) +static const char * wpa_bool_txt(int val) { - return bool ? "TRUE" : "FALSE"; + return val ? "TRUE" : "FALSE"; } @@ -3281,6 +3296,63 @@ void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth, } +/* + * Remove and free the group from wpa_authenticator. This is triggered by a + * callback to make sure nobody is currently iterating the group list while it + * gets modified. + */ +static void wpa_group_free(struct wpa_authenticator *wpa_auth, + struct wpa_group *group) +{ + struct wpa_group *prev = wpa_auth->group; + + wpa_printf(MSG_DEBUG, "WPA: Remove group state machine for VLAN-ID %d", + group->vlan_id); + + while (prev) { + if (prev->next == group) { + /* This never frees the special first group as needed */ + prev->next = group->next; + os_free(group); + break; + } + prev = prev->next; + } + +} + + +/* Increase the reference counter for group */ +static void wpa_group_get(struct wpa_authenticator *wpa_auth, + struct wpa_group *group) +{ + /* Skip the special first group */ + if (wpa_auth->group == group) + return; + + group->references++; +} + + +/* Decrease the reference counter and maybe free the group */ +static void wpa_group_put(struct wpa_authenticator *wpa_auth, + struct wpa_group *group) +{ + /* Skip the special first group */ + if (wpa_auth->group == group) + return; + + group->references--; + if (group->references) + return; + wpa_group_free(wpa_auth, group); +} + + +/* + * Add a group that has its references counter set to zero. Caller needs to + * call wpa_group_get() on the return value to mark the entry in use. + */ static struct wpa_group * wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id) { @@ -3331,7 +3403,10 @@ int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id) wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state " "machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id); + wpa_group_get(sm->wpa_auth, group); + wpa_group_put(sm->wpa_auth, sm->group); sm->group = group; + return 0; } diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h index 7b2cd3ea..57b098f2 100644 --- a/src/ap/wpa_auth_i.h +++ b/src/ap/wpa_auth_i.h @@ -169,6 +169,8 @@ struct wpa_group { u8 IGTK[2][WPA_IGTK_MAX_LEN]; int GN_igtk, GM_igtk; #endif /* CONFIG_IEEE80211W */ + /* Number of references except those in struct wpa_group->next */ + unsigned int references; }; diff --git a/src/ap/wps_hostapd.c b/src/ap/wps_hostapd.c index 68eaeca1..caed01e8 100644 --- a/src/ap/wps_hostapd.c +++ b/src/ap/wps_hostapd.c @@ -347,8 +347,12 @@ static int hapd_wps_reconfig_in_memory(struct hostapd_data *hapd, bss->wpa_key_mgmt = WPA_KEY_MGMT_PSK; bss->wpa_pairwise = 0; - if (cred->encr_type & WPS_ENCR_AES) - bss->wpa_pairwise |= WPA_CIPHER_CCMP; + if (cred->encr_type & WPS_ENCR_AES) { + if (hapd->iconf->hw_mode == HOSTAPD_MODE_IEEE80211AD) + bss->wpa_pairwise |= WPA_CIPHER_GCMP; + else + bss->wpa_pairwise |= WPA_CIPHER_CCMP; + } if (cred->encr_type & WPS_ENCR_TKIP) bss->wpa_pairwise |= WPA_CIPHER_TKIP; bss->rsn_pairwise = bss->wpa_pairwise; @@ -530,7 +534,11 @@ static int hapd_wps_cred_cb(struct hostapd_data *hapd, void *ctx) fprintf(nconf, "wpa_pairwise="); prefix = ""; if (cred->encr_type & WPS_ENCR_AES) { - fprintf(nconf, "CCMP"); + if (hapd->iconf->hw_mode == HOSTAPD_MODE_IEEE80211AD) + fprintf(nconf, "GCMP"); + else + fprintf(nconf, "CCMP"); + prefix = " "; } if (cred->encr_type & WPS_ENCR_TKIP) { @@ -844,7 +852,9 @@ static int hostapd_wps_rf_band_cb(void *ctx) struct hostapd_data *hapd = ctx; return hapd->iconf->hw_mode == HOSTAPD_MODE_IEEE80211A ? - WPS_RF_50GHZ : WPS_RF_24GHZ; /* FIX: dualband AP */ + WPS_RF_50GHZ : + hapd->iconf->hw_mode == HOSTAPD_MODE_IEEE80211AD ? + WPS_RF_60GHZ : WPS_RF_24GHZ; /* FIX: dualband AP */ } @@ -1041,7 +1051,9 @@ int hostapd_init_wps(struct hostapd_data *hapd, } else { wps->dev.rf_bands = hapd->iconf->hw_mode == HOSTAPD_MODE_IEEE80211A ? - WPS_RF_50GHZ : WPS_RF_24GHZ; /* FIX: dualband AP */ + WPS_RF_50GHZ : + hapd->iconf->hw_mode == HOSTAPD_MODE_IEEE80211AD ? + WPS_RF_60GHZ : WPS_RF_24GHZ; /* FIX: dualband AP */ } if (conf->wpa & WPA_PROTO_RSN) { diff --git a/src/common/ieee802_11_common.c b/src/common/ieee802_11_common.c index 7843e6fe..e23007a8 100644 --- a/src/common/ieee802_11_common.c +++ b/src/common/ieee802_11_common.c @@ -564,27 +564,27 @@ enum hostapd_hw_mode ieee80211_freq_to_chan(int freq, u8 *channel) } -static const char *us_op_class_cc[] = { +static const char *const us_op_class_cc[] = { "US", "CA", NULL }; -static const char *eu_op_class_cc[] = { +static const char *const eu_op_class_cc[] = { "AL", "AM", "AT", "AZ", "BA", "BE", "BG", "BY", "CH", "CY", "CZ", "DE", "DK", "EE", "EL", "ES", "FI", "FR", "GE", "HR", "HU", "IE", "IS", "IT", "LI", "LT", "LU", "LV", "MD", "ME", "MK", "MT", "NL", "NO", "PL", "PT", "RO", "RS", "RU", "SE", "SI", "SK", "TR", "UA", "UK", NULL }; -static const char *jp_op_class_cc[] = { +static const char *const jp_op_class_cc[] = { "JP", NULL }; -static const char *cn_op_class_cc[] = { +static const char *const cn_op_class_cc[] = { "CN", "CA", NULL }; -static int country_match(const char *cc[], const char *country) +static int country_match(const char *const cc[], const char *const country) { int i; diff --git a/src/crypto/crypto_module_tests.c b/src/crypto/crypto_module_tests.c index 7137c27d..1d613c93 100644 --- a/src/crypto/crypto_module_tests.c +++ b/src/crypto/crypto_module_tests.c @@ -161,7 +161,7 @@ struct omac1_test_vector { u8 tag[16]; }; -static struct omac1_test_vector omac1_test_vectors[] = +static const struct omac1_test_vector omac1_test_vectors[] = { { { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, @@ -210,7 +210,8 @@ static struct omac1_test_vector omac1_test_vectors[] = }; -static int test_omac1_vector(struct omac1_test_vector *tv, unsigned int i) +static int test_omac1_vector(const struct omac1_test_vector *tv, + unsigned int i) { u8 key[] = { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, @@ -983,14 +984,14 @@ static int test_eap_fast(void) } -static u8 key0[] = +static const u8 key0[] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; -static u8 data0[] = "Hi There"; -static u8 prf0[] = +static const u8 data0[] = "Hi There"; +static const u8 prf0[] = { 0xbc, 0xd4, 0xc6, 0x50, 0xb3, 0x0b, 0x96, 0x84, 0x95, 0x18, 0x29, 0xe0, 0xd7, 0x5f, 0x9d, 0x54, @@ -1002,9 +1003,9 @@ static u8 prf0[] = 0xdb, 0x83, 0x73, 0x69, 0x83, 0x56, 0xcf, 0x5a }; -static u8 key1[] = "Jefe"; -static u8 data1[] = "what do ya want for nothing?"; -static u8 prf1[] = +static const u8 key1[] = "Jefe"; +static const u8 data1[] = "what do ya want for nothing?"; +static const u8 prf1[] = { 0x51, 0xf4, 0xde, 0x5b, 0x33, 0xf2, 0x49, 0xad, 0xf8, 0x1a, 0xeb, 0x71, 0x3a, 0x3c, 0x20, 0xf4, @@ -1017,13 +1018,13 @@ static u8 prf1[] = }; -static u8 key2[] = +static const u8 key2[] = { 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa }; -static u8 data2[] = +static const u8 data2[] = { 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, @@ -1033,7 +1034,7 @@ static u8 data2[] = 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd }; -static u8 prf2[] = +static const u8 prf2[] = { 0xe1, 0xac, 0x54, 0x6e, 0xc4, 0xcb, 0x63, 0x6f, 0x99, 0x76, 0x48, 0x7b, 0xe5, 0xc8, 0x6b, 0xe1, @@ -1052,7 +1053,7 @@ struct passphrase_test { char psk[32]; }; -static struct passphrase_test passphrase_tests[] = +static const struct passphrase_test passphrase_tests[] = { { "password", @@ -1097,7 +1098,7 @@ struct rfc6070_test { size_t dk_len; }; -static struct rfc6070_test rfc6070_tests[] = +static const struct rfc6070_test rfc6070_tests[] = { { "password", @@ -1214,7 +1215,7 @@ static int test_sha1(void) wpa_printf(MSG_INFO, "PBKDF2-SHA1 Passphrase test cases:"); for (i = 0; i < NUM_PASSPHRASE_TESTS; i++) { u8 psk[32]; - struct passphrase_test *test = &passphrase_tests[i]; + const struct passphrase_test *test = &passphrase_tests[i]; if (pbkdf2_sha1(test->passphrase, (const u8 *) test->ssid, strlen(test->ssid), @@ -1230,7 +1231,7 @@ static int test_sha1(void) wpa_printf(MSG_INFO, "PBKDF2-SHA1 test cases (RFC 6070):"); for (i = 0; i < NUM_RFC6070_TESTS; i++) { u8 dk[25]; - struct rfc6070_test *test = &rfc6070_tests[i]; + const struct rfc6070_test *test = &rfc6070_tests[i]; if (pbkdf2_sha1(test->p, (const u8 *) test->s, strlen(test->s), test->c, dk, test->dk_len) == 0 && @@ -1248,7 +1249,7 @@ static int test_sha1(void) } -struct { +const struct { char *data; u8 hash[32]; } tests[] = { @@ -1272,7 +1273,7 @@ struct { } }; -struct hmac_test { +const struct hmac_test { u8 key[80]; size_t key_len; u8 data[128]; @@ -1513,7 +1514,7 @@ static int test_sha256(void) } for (i = 0; i < ARRAY_SIZE(hmac_tests); i++) { - struct hmac_test *t = &hmac_tests[i]; + const struct hmac_test *t = &hmac_tests[i]; wpa_printf(MSG_INFO, "HMAC-SHA256 test case %d:", i + 1); diff --git a/src/crypto/dh_groups.c b/src/crypto/dh_groups.c index d3b26319..3aeb2bbc 100644 --- a/src/crypto/dh_groups.c +++ b/src/crypto/dh_groups.c @@ -1153,7 +1153,7 @@ dh_group ## id ## _prime, sizeof(dh_group ## id ## _prime), \ dh_group ## id ## _order, sizeof(dh_group ## id ## _order), safe } -static struct dh_group dh_groups[] = { +static const struct dh_group dh_groups[] = { DH_GROUP(5, 1), #ifdef ALL_DH_GROUPS DH_GROUP(1, 1), diff --git a/src/crypto/tls.h b/src/crypto/tls.h index f9e2e10e..d13657e1 100644 --- a/src/crypto/tls.h +++ b/src/crypto/tls.h @@ -253,6 +253,7 @@ int tls_connection_established(void *tls_ctx, struct tls_connection *conn); int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn); enum { + TLS_SET_PARAMS_ENGINE_PRV_BAD_PIN = -4, TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED = -3, TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED = -2 }; @@ -263,10 +264,12 @@ enum { * @conn: Connection context data from tls_connection_init() * @params: Connection parameters * Returns: 0 on success, -1 on failure, - * TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED (-2) on possible PIN error causing - * PKCS#11 engine failure, or + * TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED (-2) on error causing PKCS#11 engine + * failure, or * TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED (-3) on failure to verify the - * PKCS#11 engine private key. + * PKCS#11 engine private key, or + * TLS_SET_PARAMS_ENGINE_PRV_BAD_PIN (-4) on PIN error causing PKCS#11 engine + * failure. */ int __must_check tls_connection_set_params(void *tls_ctx, struct tls_connection *conn, @@ -277,10 +280,12 @@ tls_connection_set_params(void *tls_ctx, struct tls_connection *conn, * @tls_ctx: TLS context data from tls_init() * @params: Global TLS parameters * Returns: 0 on success, -1 on failure, - * TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED (-2) on possible PIN error causing - * PKCS#11 engine failure, or + * TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED (-2) on error causing PKCS#11 engine + * failure, or * TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED (-3) on failure to verify the - * PKCS#11 engine private key. + * PKCS#11 engine private key, or + * TLS_SET_PARAMS_ENGINE_PRV_BAD_PIN (-4) on PIN error causing PKCS#11 engine + * failure. */ int __must_check tls_global_set_params( void *tls_ctx, const struct tls_connection_params *params); diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index cbd35c40..ffcf83a8 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -890,6 +890,27 @@ void tls_deinit(void *ssl_ctx) EVP_PKEY* EVP_PKEY_from_keystore(const char* key_id); #endif +#ifndef OPENSSL_NO_ENGINE + +/* Cryptoki return values */ +#define CKR_PIN_INCORRECT 0x000000a0 +#define CKR_PIN_INVALID 0x000000a1 +#define CKR_PIN_LEN_RANGE 0x000000a2 + +/* libp11 */ +#define ERR_LIB_PKCS11 ERR_LIB_USER + +static int tls_is_pin_error(unsigned int err) +{ + return ERR_GET_LIB(err) == ERR_LIB_PKCS11 && + (ERR_GET_REASON(err) == CKR_PIN_INCORRECT || + ERR_GET_REASON(err) == CKR_PIN_INVALID || + ERR_GET_REASON(err) == CKR_PIN_LEN_RANGE); +} + +#endif /* OPENSSL_NO_ENGINE */ + + static int tls_engine_init(struct tls_connection *conn, const char *engine_id, const char *pin, const char *key_id, const char *cert_id, const char *ca_cert_id) @@ -957,11 +978,16 @@ static int tls_engine_init(struct tls_connection *conn, const char *engine_id, key_id, NULL, &key_cb); if (!conn->private_key) { + unsigned long err = ERR_get_error(); + wpa_printf(MSG_ERROR, "ENGINE: cannot load private key with id '%s' [%s]", key_id, - ERR_error_string(ERR_get_error(), NULL)); - ret = TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED; + ERR_error_string(err, NULL)); + if (tls_is_pin_error(err)) + ret = TLS_SET_PARAMS_ENGINE_PRV_BAD_PIN; + else + ret = TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED; goto err; } } @@ -2207,9 +2233,13 @@ static int tls_engine_get_cert(struct tls_connection *conn, if (!ENGINE_ctrl_cmd(conn->engine, "LOAD_CERT_CTRL", 0, ¶ms, NULL, 1)) { + unsigned long err = ERR_get_error(); + wpa_printf(MSG_ERROR, "ENGINE: cannot load client cert with id" " '%s' [%s]", cert_id, - ERR_error_string(ERR_get_error(), NULL)); + ERR_error_string(err, NULL)); + if (tls_is_pin_error(err)) + return TLS_SET_PARAMS_ENGINE_PRV_BAD_PIN; return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED; } if (!params.cert) { diff --git a/src/drivers/driver.h b/src/drivers/driver.h index e4d0412a..f7da6366 100644 --- a/src/drivers/driver.h +++ b/src/drivers/driver.h @@ -4640,6 +4640,6 @@ wpa_get_wowlan_triggers(const char *wowlan_triggers, const struct wpa_driver_capa *capa); /* NULL terminated array of linked in driver wrappers */ -extern struct wpa_driver_ops *wpa_drivers[]; +extern const struct wpa_driver_ops *const wpa_drivers[]; #endif /* DRIVER_H */ diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c index be0e7c5d..26e4984d 100644 --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c @@ -2501,7 +2501,7 @@ static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss, { struct wpa_driver_nl80211_data *drv = bss->drv; int ifindex; - struct nl_msg *msg; + struct nl_msg *msg = NULL; int ret; int tdls = 0; @@ -2534,11 +2534,15 @@ static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss, if (!msg) return -ENOBUFS; } else { + u32 suite; + + suite = wpa_alg_to_cipher_suite(alg, key_len); + if (!suite) + goto fail; msg = nl80211_ifindex_msg(drv, ifindex, 0, NL80211_CMD_NEW_KEY); if (!msg || nla_put(msg, NL80211_ATTR_KEY_DATA, key_len, key) || - nla_put_u32(msg, NL80211_ATTR_KEY_CIPHER, - wpa_alg_to_cipher_suite(alg, key_len))) + nla_put_u32(msg, NL80211_ATTR_KEY_CIPHER, suite)) goto fail; wpa_hexdump_key(MSG_DEBUG, "nl80211: KEY_DATA", key, key_len); } @@ -2640,9 +2644,15 @@ static int nl_add_key(struct nl_msg *msg, enum wpa_alg alg, const u8 *key, size_t key_len) { struct nlattr *key_attr = nla_nest_start(msg, NL80211_ATTR_KEY); + u32 suite; + if (!key_attr) return -1; + suite = wpa_alg_to_cipher_suite(alg, key_len); + if (!suite) + return -1; + if (defkey && alg == WPA_ALG_IGTK) { if (nla_put_flag(msg, NL80211_KEY_DEFAULT_MGMT)) return -1; @@ -2652,8 +2662,7 @@ static int nl_add_key(struct nl_msg *msg, enum wpa_alg alg, } if (nla_put_u8(msg, NL80211_KEY_IDX, key_idx) || - nla_put_u32(msg, NL80211_KEY_CIPHER, - wpa_alg_to_cipher_suite(alg, key_len)) || + nla_put_u32(msg, NL80211_KEY_CIPHER, suite) || (seq && seq_len && nla_put(msg, NL80211_KEY_SEQ, seq_len, seq)) || nla_put(msg, NL80211_KEY_DATA, key_len, key)) @@ -5789,8 +5798,6 @@ static enum nl80211_iftype wpa_driver_nl80211_if_type( } -#if defined(CONFIG_P2P) || defined(CONFIG_MESH) - static int nl80211_addr_in_use(struct nl80211_global *global, const u8 *addr) { struct wpa_driver_nl80211_data *drv; @@ -5826,8 +5833,6 @@ static int nl80211_vif_addr(struct wpa_driver_nl80211_data *drv, u8 *new_addr) return 0; } -#endif /* CONFIG_P2P || CONFIG_MESH */ - struct wdev_info { u64 wdev_id; @@ -5903,21 +5908,21 @@ static int wpa_driver_nl80211_if_add(void *priv, enum wpa_driver_if_type type, } if (!addr) { - if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE) + if (nlmode == NL80211_IFTYPE_P2P_DEVICE) os_memcpy(if_addr, bss->addr, ETH_ALEN); else if (linux_get_ifhwaddr(drv->global->ioctl_sock, - bss->ifname, if_addr) < 0) { + ifname, if_addr) < 0) { if (added) nl80211_remove_iface(drv, ifidx); return -1; } } -#if defined(CONFIG_P2P) || defined(CONFIG_MESH) if (!addr && (type == WPA_IF_P2P_CLIENT || type == WPA_IF_P2P_GROUP || - type == WPA_IF_P2P_GO || type == WPA_IF_MESH)) { - /* Enforce unique P2P Interface Address */ + type == WPA_IF_P2P_GO || type == WPA_IF_MESH || + type == WPA_IF_STATION)) { + /* Enforce unique address */ u8 new_addr[ETH_ALEN]; if (linux_get_ifhwaddr(drv->global->ioctl_sock, ifname, @@ -5928,8 +5933,7 @@ static int wpa_driver_nl80211_if_add(void *priv, enum wpa_driver_if_type type, } if (nl80211_addr_in_use(drv->global, new_addr)) { wpa_printf(MSG_DEBUG, "nl80211: Allocate new address " - "for %s interface", type == WPA_IF_MESH ? - "mesh" : "P2P group"); + "for interface %s type %d", ifname, type); if (nl80211_vif_addr(drv, new_addr) < 0) { if (added) nl80211_remove_iface(drv, ifidx); @@ -5944,7 +5948,6 @@ static int wpa_driver_nl80211_if_add(void *priv, enum wpa_driver_if_type type, } os_memcpy(if_addr, new_addr, ETH_ALEN); } -#endif /* CONFIG_P2P || CONFIG_MESH */ if (type == WPA_IF_AP_BSS) { struct i802_bss *new_bss = os_zalloc(sizeof(*new_bss)); diff --git a/src/drivers/driver_privsep.c b/src/drivers/driver_privsep.c index 26d2bab0..1cfc15dc 100644 --- a/src/drivers/driver_privsep.c +++ b/src/drivers/driver_privsep.c @@ -743,7 +743,7 @@ struct wpa_driver_ops wpa_driver_privsep_ops = { }; -struct wpa_driver_ops *wpa_drivers[] = +const struct wpa_driver_ops *const wpa_drivers[] = { &wpa_driver_privsep_ops, NULL diff --git a/src/drivers/drivers.c b/src/drivers/drivers.c index f0c3bb3c..a98af9ac 100644 --- a/src/drivers/drivers.c +++ b/src/drivers/drivers.c @@ -47,7 +47,7 @@ extern struct wpa_driver_ops wpa_driver_none_ops; /* driver_none.c */ #endif /* CONFIG_DRIVER_NONE */ -struct wpa_driver_ops *wpa_drivers[] = +const struct wpa_driver_ops *const wpa_drivers[] = { #ifdef CONFIG_DRIVER_NL80211 &wpa_driver_nl80211_ops, diff --git a/src/eap_common/ikev2_common.c b/src/eap_common/ikev2_common.c index 4f9e64ec..d60358c7 100644 --- a/src/eap_common/ikev2_common.c +++ b/src/eap_common/ikev2_common.c @@ -16,7 +16,7 @@ #include "ikev2_common.h" -static struct ikev2_integ_alg ikev2_integ_algs[] = { +static const struct ikev2_integ_alg ikev2_integ_algs[] = { { AUTH_HMAC_SHA1_96, 20, 12 }, { AUTH_HMAC_MD5_96, 16, 12 } }; @@ -24,7 +24,7 @@ static struct ikev2_integ_alg ikev2_integ_algs[] = { #define NUM_INTEG_ALGS ARRAY_SIZE(ikev2_integ_algs) -static struct ikev2_prf_alg ikev2_prf_algs[] = { +static const struct ikev2_prf_alg ikev2_prf_algs[] = { { PRF_HMAC_SHA1, 20, 20 }, { PRF_HMAC_MD5, 16, 16 } }; @@ -32,7 +32,7 @@ static struct ikev2_prf_alg ikev2_prf_algs[] = { #define NUM_PRF_ALGS ARRAY_SIZE(ikev2_prf_algs) -static struct ikev2_encr_alg ikev2_encr_algs[] = { +static const struct ikev2_encr_alg ikev2_encr_algs[] = { { ENCR_AES_CBC, 16, 16 }, /* only 128-bit keys supported for now */ { ENCR_3DES, 24, 8 } }; diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c index fc4af953..1dbe003e 100644 --- a/src/eap_peer/eap.c +++ b/src/eap_peer/eap.c @@ -1911,7 +1911,7 @@ static void eap_peer_sm_tls_event(void *ctx, enum tls_event ev, * structure remains alive while the EAP state machine is active. */ struct eap_sm * eap_peer_sm_init(void *eapol_ctx, - struct eapol_callbacks *eapol_cb, + const struct eapol_callbacks *eapol_cb, void *msg_ctx, struct eap_config *conf) { struct eap_sm *sm; diff --git a/src/eap_peer/eap.h b/src/eap_peer/eap.h index 702463b9..1a645af8 100644 --- a/src/eap_peer/eap.h +++ b/src/eap_peer/eap.h @@ -307,7 +307,7 @@ struct eap_config { }; struct eap_sm * eap_peer_sm_init(void *eapol_ctx, - struct eapol_callbacks *eapol_cb, + const struct eapol_callbacks *eapol_cb, void *msg_ctx, struct eap_config *conf); void eap_peer_sm_deinit(struct eap_sm *sm); int eap_peer_sm_step(struct eap_sm *sm); diff --git a/src/eap_peer/eap_i.h b/src/eap_peer/eap_i.h index 2d7fdea2..5f8b5fa7 100644 --- a/src/eap_peer/eap_i.h +++ b/src/eap_peer/eap_i.h @@ -328,7 +328,7 @@ struct eap_sm { /* not defined in RFC 4137 */ Boolean changed; void *eapol_ctx; - struct eapol_callbacks *eapol_cb; + const struct eapol_callbacks *eapol_cb; void *eap_method_priv; int init_phase2; int fast_reauth; diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c index 15c1bac5..b4a5b1f3 100644 --- a/src/eap_peer/eap_tls_common.c +++ b/src/eap_peer/eap_tls_common.c @@ -196,28 +196,25 @@ static int eap_tls_init_connection(struct eap_sm *sm, } res = tls_connection_set_params(data->ssl_ctx, data->conn, params); - if (res == TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED) { + if (res == TLS_SET_PARAMS_ENGINE_PRV_BAD_PIN) { /* - * At this point with the pkcs11 engine the PIN might be wrong. - * We reset the PIN in the configuration to be sure to not use - * it again and the calling function must request a new one. + * At this point with the pkcs11 engine the PIN is wrong. We + * reset the PIN in the configuration to be sure to not use it + * again and the calling function must request a new one. */ + wpa_printf(MSG_INFO, + "TLS: Bad PIN provided, requesting a new one"); os_free(config->pin); config->pin = NULL; + eap_sm_request_pin(sm); + sm->ignore = TRUE; + } else if (res == TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED) { + wpa_printf(MSG_INFO, "TLS: Failed to initialize engine"); } else if (res == TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED) { wpa_printf(MSG_INFO, "TLS: Failed to load private key"); - /* - * We do not know exactly but maybe the PIN was wrong, - * so ask for a new one. - */ - os_free(config->pin); - config->pin = NULL; - eap_sm_request_pin(sm); sm->ignore = TRUE; - tls_connection_deinit(data->ssl_ctx, data->conn); - data->conn = NULL; - return -1; - } else if (res) { + } + if (res) { wpa_printf(MSG_INFO, "TLS: Failed to set TLS connection " "parameters"); tls_connection_deinit(data->ssl_ctx, data->conn); diff --git a/src/eap_server/eap.h b/src/eap_server/eap.h index b825e18f..09be5818 100644 --- a/src/eap_server/eap.h +++ b/src/eap_server/eap.h @@ -139,7 +139,7 @@ struct eap_config { struct eap_sm * eap_server_sm_init(void *eapol_ctx, - struct eapol_callbacks *eapol_cb, + const struct eapol_callbacks *eapol_cb, struct eap_config *eap_conf); void eap_server_sm_deinit(struct eap_sm *sm); int eap_server_sm_step(struct eap_sm *sm); diff --git a/src/eap_server/eap_i.h b/src/eap_server/eap_i.h index 7d723091..978c8794 100644 --- a/src/eap_server/eap_i.h +++ b/src/eap_server/eap_i.h @@ -155,7 +155,7 @@ struct eap_sm { /* not defined in RFC 4137 */ Boolean changed; void *eapol_ctx, *msg_ctx; - struct eapol_callbacks *eapol_cb; + const struct eapol_callbacks *eapol_cb; void *eap_method_priv; u8 *identity; size_t identity_len; diff --git a/src/eap_server/eap_server.c b/src/eap_server/eap_server.c index 693debe8..1f38d78b 100644 --- a/src/eap_server/eap_server.c +++ b/src/eap_server/eap_server.c @@ -1802,7 +1802,7 @@ static void eap_user_free(struct eap_user *user) * This function allocates and initializes an EAP state machine. */ struct eap_sm * eap_server_sm_init(void *eapol_ctx, - struct eapol_callbacks *eapol_cb, + const struct eapol_callbacks *eapol_cb, struct eap_config *conf) { struct eap_sm *sm; diff --git a/src/eapol_auth/eapol_auth_sm.c b/src/eapol_auth/eapol_auth_sm.c index 0df6eb56..3b0c2e4d 100644 --- a/src/eapol_auth/eapol_auth_sm.c +++ b/src/eapol_auth/eapol_auth_sm.c @@ -22,7 +22,7 @@ #define STATE_MACHINE_DEBUG_PREFIX "IEEE 802.1X" #define STATE_MACHINE_ADDR sm->addr -static struct eapol_callbacks eapol_cb; +static const struct eapol_callbacks eapol_cb; /* EAPOL state machines are described in IEEE Std 802.1X-2004, Chap. 8.2 */ @@ -1056,7 +1056,7 @@ static int eapol_sm_erp_add_key(void *ctx, struct eap_server_erp_key *erp) } -static struct eapol_callbacks eapol_cb = +static const struct eapol_callbacks eapol_cb = { eapol_sm_get_eap_user, eapol_sm_get_eap_req_id_text, diff --git a/src/eapol_supp/eapol_supp_sm.c b/src/eapol_supp/eapol_supp_sm.c index 9cc234a8..eb8c5bb4 100644 --- a/src/eapol_supp/eapol_supp_sm.c +++ b/src/eapol_supp/eapol_supp_sm.c @@ -1997,7 +1997,7 @@ static void eapol_sm_set_anon_id(void *ctx, const u8 *id, size_t len) } -static struct eapol_callbacks eapol_cb = +static const struct eapol_callbacks eapol_cb = { eapol_sm_get_config, eapol_sm_get_bool, diff --git a/src/radius/radius.c b/src/radius/radius.c index 2c01b3f9..906d8c81 100644 --- a/src/radius/radius.c +++ b/src/radius/radius.c @@ -167,7 +167,7 @@ struct radius_attr_type { } data_type; }; -static struct radius_attr_type radius_attrs[] = +static const struct radius_attr_type radius_attrs[] = { { RADIUS_ATTR_USER_NAME, "User-Name", RADIUS_ATTR_TEXT }, { RADIUS_ATTR_USER_PASSWORD, "User-Password", RADIUS_ATTR_UNDIST }, @@ -259,7 +259,7 @@ static struct radius_attr_type radius_attrs[] = #define RADIUS_ATTRS ARRAY_SIZE(radius_attrs) -static struct radius_attr_type *radius_get_attr_type(u8 type) +static const struct radius_attr_type *radius_get_attr_type(u8 type) { size_t i; @@ -274,7 +274,7 @@ static struct radius_attr_type *radius_get_attr_type(u8 type) static void radius_msg_dump_attr(struct radius_attr_hdr *hdr) { - struct radius_attr_type *attr; + const struct radius_attr_type *attr; int len; unsigned char *pos; char buf[1000]; diff --git a/src/radius/radius_server.c b/src/radius/radius_server.c index 3f881cf3..1c699555 100644 --- a/src/radius/radius_server.c +++ b/src/radius/radius_server.c @@ -35,7 +35,7 @@ */ #define RADIUS_MAX_MSG_LEN 3000 -static struct eapol_callbacks radius_server_eapol_cb; +static const struct eapol_callbacks radius_server_eapol_cb; struct radius_client; struct radius_server_data; @@ -2101,7 +2101,7 @@ static int radius_server_erp_add_key(void *ctx, struct eap_server_erp_key *erp) #endif /* CONFIG_ERP */ -static struct eapol_callbacks radius_server_eapol_cb = +static const struct eapol_callbacks radius_server_eapol_cb = { .get_eap_user = radius_server_get_eap_user, .get_eap_req_id_text = radius_server_get_eap_req_id_text, diff --git a/src/wps/ndef.c b/src/wps/ndef.c index d45dfc8e..8d1ce1ea 100644 --- a/src/wps/ndef.c +++ b/src/wps/ndef.c @@ -29,8 +29,8 @@ struct ndef_record { u32 total_length; }; -static char wifi_handover_type[] = "application/vnd.wfa.wsc"; -static char p2p_handover_type[] = "application/vnd.wfa.p2p"; +static const char wifi_handover_type[] = "application/vnd.wfa.wsc"; +static const char p2p_handover_type[] = "application/vnd.wfa.p2p"; static int ndef_parse_record(const u8 *data, u32 size, struct ndef_record *record) @@ -97,7 +97,7 @@ static struct wpabuf * ndef_parse_records(const struct wpabuf *buf, } -static struct wpabuf * ndef_build_record(u8 flags, void *type, +static struct wpabuf * ndef_build_record(u8 flags, const void *type, u8 type_length, void *id, u8 id_length, const struct wpabuf *payload) diff --git a/src/wps/wps.h b/src/wps/wps.h index c88aaa45..2c91d167 100644 --- a/src/wps/wps.h +++ b/src/wps/wps.h @@ -79,7 +79,7 @@ struct wps_credential { * @sec_dev_type: Array of secondary device types * @num_sec_dev_type: Number of secondary device types * @os_version: OS Version - * @rf_bands: RF bands (WPS_RF_24GHZ, WPS_RF_50GHZ flags) + * @rf_bands: RF bands (WPS_RF_24GHZ, WPS_RF_50GHZ, WPS_RF_60GHZ flags) * @p2p: Whether the device is a P2P device */ struct wps_device_data { diff --git a/src/wps/wps_common.c b/src/wps/wps_common.c index c1ede6a9..16d466e0 100644 --- a/src/wps/wps_common.c +++ b/src/wps/wps_common.c @@ -764,6 +764,8 @@ static int wps_build_ap_freq(struct wpabuf *msg, int freq) rf_band = WPS_RF_24GHZ; else if (mode == HOSTAPD_MODE_IEEE80211A) rf_band = WPS_RF_50GHZ; + else if (mode == HOSTAPD_MODE_IEEE80211AD) + rf_band = WPS_RF_60GHZ; else return 0; /* Unknown band */ ap_channel = channel; diff --git a/src/wps/wps_defs.h b/src/wps/wps_defs.h index 43341559..a23b979d 100644 --- a/src/wps/wps_defs.h +++ b/src/wps/wps_defs.h @@ -237,6 +237,7 @@ enum wps_error_indication { /* RF Bands */ #define WPS_RF_24GHZ 0x01 #define WPS_RF_50GHZ 0x02 +#define WPS_RF_60GHZ 0x04 /* Config Methods */ #define WPS_CONFIG_USBA 0x0001 diff --git a/src/wps/wps_module_tests.c b/src/wps/wps_module_tests.c index 6800e86d..35063076 100644 --- a/src/wps/wps_module_tests.c +++ b/src/wps/wps_module_tests.c @@ -17,7 +17,7 @@ struct wps_attr_parse_test { int extra; }; -struct wps_attr_parse_test wps_attr_parse_test_cases[] = { +const struct wps_attr_parse_test wps_attr_parse_test_cases[] = { /* Empty message */ { "", 0, 0 }, /* Truncated attribute header */ @@ -271,7 +271,7 @@ static int wps_attr_parse_tests(void) for (i = 0; i < ARRAY_SIZE(wps_attr_parse_test_cases); i++) { struct wpabuf *buf; size_t len; - struct wps_attr_parse_test *test = + const struct wps_attr_parse_test *test = &wps_attr_parse_test_cases[i]; len = os_strlen(test->data) / 2; diff --git a/src/wps/wps_registrar.c b/src/wps/wps_registrar.c index 48b7e128..8bcf2b34 100644 --- a/src/wps/wps_registrar.c +++ b/src/wps/wps_registrar.c @@ -3226,8 +3226,13 @@ static enum wps_process_res wps_process_wsc_done(struct wps_data *wps, os_memset(&cred, 0, sizeof(cred)); os_memcpy(cred.ssid, wps->wps->ssid, wps->wps->ssid_len); cred.ssid_len = wps->wps->ssid_len; - cred.auth_type = WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK; - cred.encr_type = WPS_ENCR_TKIP | WPS_ENCR_AES; + if (wps->wps->rf_band_cb(wps->wps->cb_ctx) == WPS_RF_60GHZ) { + cred.auth_type = WPS_AUTH_WPA2PSK; + cred.encr_type = WPS_ENCR_AES; + } else { + cred.auth_type = WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK; + cred.encr_type = WPS_ENCR_TKIP | WPS_ENCR_AES; + } os_memcpy(cred.key, wps->new_psk, wps->new_psk_len); cred.key_len = wps->new_psk_len; diff --git a/src/wps/wps_validate.c b/src/wps/wps_validate.c index 1c6a14bc..267b565e 100644 --- a/src/wps/wps_validate.c +++ b/src/wps/wps_validate.c @@ -224,6 +224,8 @@ static int wps_validate_rf_bands(const u8 *rf_bands, int mandatory) return 0; } if (*rf_bands != WPS_RF_24GHZ && *rf_bands != WPS_RF_50GHZ && + *rf_bands != WPS_RF_60GHZ && + *rf_bands != (WPS_RF_24GHZ | WPS_RF_50GHZ | WPS_RF_60GHZ) && *rf_bands != (WPS_RF_24GHZ | WPS_RF_50GHZ)) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Rf Bands " "attribute value 0x%x", *rf_bands); diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile index af2d9242..39d3d28a 100644 --- a/wpa_supplicant/Makefile +++ b/wpa_supplicant/Makefile @@ -988,6 +988,7 @@ LIBS += -lssl endif OBJS += ../src/crypto/crypto_openssl.o OBJS_p += ../src/crypto/crypto_openssl.o +OBJS_priv += ../src/crypto/crypto_openssl.o ifdef NEED_FIPS186_2_PRF OBJS += ../src/crypto/fips_prf_openssl.o endif @@ -1006,6 +1007,7 @@ LIBS += -lgnutls -lgpg-error endif OBJS += ../src/crypto/crypto_gnutls.o OBJS_p += ../src/crypto/crypto_gnutls.o +OBJS_priv += ../src/crypto/crypto_gnutls.o ifdef NEED_FIPS186_2_PRF OBJS += ../src/crypto/fips_prf_internal.o SHA1OBJS += ../src/crypto/sha1-internal.o @@ -1216,6 +1218,7 @@ MD5OBJS += ../src/crypto/md5-internal.o endif OBJS += $(MD5OBJS) OBJS_p += $(MD5OBJS) +OBJS_priv += $(MD5OBJS) endif ifdef NEED_MD4 @@ -1452,6 +1455,7 @@ OBJS += $(SHA1OBJS) $(DESOBJS) OBJS_p += $(SHA1OBJS) OBJS_p += $(SHA256OBJS) +OBJS_priv += $(SHA1OBJS) ifdef CONFIG_BGSCAN_SIMPLE CFLAGS += -DCONFIG_BGSCAN_SIMPLE @@ -1720,7 +1724,7 @@ wpa_gui: @echo "wpa_gui has been removed - see wpa_gui-qt4 for replacement" wpa_gui-qt4/Makefile: - qmake -o wpa_gui-qt4/Makefile wpa_gui-qt4/wpa_gui.pro + qmake -o wpa_gui-qt4/Makefile wpa_gui-qt4/wpa_gui.pro wpa_gui-qt4/lang/wpa_gui_de.qm: wpa_gui-qt4/lang/wpa_gui_de.ts lrelease wpa_gui-qt4/wpa_gui.pro diff --git a/wpa_supplicant/bss.c b/wpa_supplicant/bss.c index 46ed5aa3..81345627 100644 --- a/wpa_supplicant/bss.c +++ b/wpa_supplicant/bss.c @@ -398,7 +398,7 @@ static struct wpa_bss * wpa_bss_add(struct wpa_supplicant *wpa_s, static int are_ies_equal(const struct wpa_bss *old, - const struct wpa_scan_res *new, u32 ie) + const struct wpa_scan_res *new_res, u32 ie) { const u8 *old_ie, *new_ie; struct wpabuf *old_ie_buff = NULL; @@ -408,19 +408,19 @@ static int are_ies_equal(const struct wpa_bss *old, switch (ie) { case WPA_IE_VENDOR_TYPE: old_ie = wpa_bss_get_vendor_ie(old, ie); - new_ie = wpa_scan_get_vendor_ie(new, ie); + new_ie = wpa_scan_get_vendor_ie(new_res, ie); is_multi = 0; break; case WPS_IE_VENDOR_TYPE: old_ie_buff = wpa_bss_get_vendor_ie_multi(old, ie); - new_ie_buff = wpa_scan_get_vendor_ie_multi(new, ie); + new_ie_buff = wpa_scan_get_vendor_ie_multi(new_res, ie); is_multi = 1; break; case WLAN_EID_RSN: case WLAN_EID_SUPP_RATES: case WLAN_EID_EXT_SUPP_RATES: old_ie = wpa_bss_get_ie(old, ie); - new_ie = wpa_scan_get_ie(new, ie); + new_ie = wpa_scan_get_ie(new_res, ie); is_multi = 0; break; default: @@ -454,15 +454,15 @@ static int are_ies_equal(const struct wpa_bss *old, static u32 wpa_bss_compare_res(const struct wpa_bss *old, - const struct wpa_scan_res *new) + const struct wpa_scan_res *new_res) { u32 changes = 0; - int caps_diff = old->caps ^ new->caps; + int caps_diff = old->caps ^ new_res->caps; - if (old->freq != new->freq) + if (old->freq != new_res->freq) changes |= WPA_BSS_FREQ_CHANGED_FLAG; - if (old->level != new->level) + if (old->level != new_res->level) changes |= WPA_BSS_SIGNAL_CHANGED_FLAG; if (caps_diff & IEEE80211_CAP_PRIVACY) @@ -471,22 +471,22 @@ static u32 wpa_bss_compare_res(const struct wpa_bss *old, if (caps_diff & IEEE80211_CAP_IBSS) changes |= WPA_BSS_MODE_CHANGED_FLAG; - if (old->ie_len == new->ie_len && - os_memcmp(old + 1, new + 1, old->ie_len) == 0) + if (old->ie_len == new_res->ie_len && + os_memcmp(old + 1, new_res + 1, old->ie_len) == 0) return changes; changes |= WPA_BSS_IES_CHANGED_FLAG; - if (!are_ies_equal(old, new, WPA_IE_VENDOR_TYPE)) + if (!are_ies_equal(old, new_res, WPA_IE_VENDOR_TYPE)) changes |= WPA_BSS_WPAIE_CHANGED_FLAG; - if (!are_ies_equal(old, new, WLAN_EID_RSN)) + if (!are_ies_equal(old, new_res, WLAN_EID_RSN)) changes |= WPA_BSS_RSNIE_CHANGED_FLAG; - if (!are_ies_equal(old, new, WPS_IE_VENDOR_TYPE)) + if (!are_ies_equal(old, new_res, WPS_IE_VENDOR_TYPE)) changes |= WPA_BSS_WPS_CHANGED_FLAG; - if (!are_ies_equal(old, new, WLAN_EID_SUPP_RATES) || - !are_ies_equal(old, new, WLAN_EID_EXT_SUPP_RATES)) + if (!are_ies_equal(old, new_res, WLAN_EID_SUPP_RATES) || + !are_ies_equal(old, new_res, WLAN_EID_EXT_SUPP_RATES)) changes |= WPA_BSS_RATES_CHANGED_FLAG; return changes; diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c index a6aafee0..91617fb2 100644 --- a/wpa_supplicant/ctrl_iface.c +++ b/wpa_supplicant/ctrl_iface.c @@ -8686,7 +8686,7 @@ static int wpa_supplicant_global_iface_list(struct wpa_global *global, char *pos, *end; for (i = 0; wpa_drivers[i]; i++) { - struct wpa_driver_ops *drv = wpa_drivers[i]; + const struct wpa_driver_ops *drv = wpa_drivers[i]; if (drv->get_interfaces == NULL) continue; tmp = drv->get_interfaces(global->drv_priv[i]); diff --git a/wpa_supplicant/eapol_test.c b/wpa_supplicant/eapol_test.c index 9b7af305..983bbcdc 100644 --- a/wpa_supplicant/eapol_test.c +++ b/wpa_supplicant/eapol_test.c @@ -30,7 +30,7 @@ #include "wpas_glue.h" -struct wpa_driver_ops *wpa_drivers[] = { NULL }; +const struct wpa_driver_ops *const wpa_drivers[] = { NULL }; struct extra_radius_attr { diff --git a/wpa_supplicant/interworking.c b/wpa_supplicant/interworking.c index 4a396654..35885ee2 100644 --- a/wpa_supplicant/interworking.c +++ b/wpa_supplicant/interworking.c @@ -2058,7 +2058,7 @@ static struct wpa_cred * interworking_credentials_available_helper( int *excluded) { struct wpa_cred *cred, *cred2; - int excluded1, excluded2; + int excluded1, excluded2 = 0; if (disallowed_bssid(wpa_s, bss->bssid) || disallowed_ssid(wpa_s, bss->ssid, bss->ssid_len)) { diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c index 4c71ef4c..def959f6 100644 --- a/wpa_supplicant/p2p_supplicant.c +++ b/wpa_supplicant/p2p_supplicant.c @@ -3099,7 +3099,7 @@ struct p2p_oper_class_map { enum { BW20, BW40PLUS, BW40MINUS, BW80, BW2160 } bw; }; -static struct p2p_oper_class_map op_class[] = { +static const struct p2p_oper_class_map op_class[] = { { HOSTAPD_MODE_IEEE80211G, 81, 1, 13, 1, BW20 }, #if 0 /* Do not enable HT40 on 2 GHz for now */ { HOSTAPD_MODE_IEEE80211G, 83, 1, 9, 1, BW40PLUS }, @@ -3232,7 +3232,7 @@ static int wpas_p2p_setup_channels(struct wpa_supplicant *wpa_s, cla = cli_cla = 0; for (op = 0; op_class[op].op_class; op++) { - struct p2p_oper_class_map *o = &op_class[op]; + const struct p2p_oper_class_map *o = &op_class[op]; u8 ch; struct p2p_reg_class *reg = NULL, *cli_reg = NULL; @@ -3291,7 +3291,7 @@ int wpas_p2p_get_ht40_mode(struct wpa_supplicant *wpa_s, enum chan_allowed ret; for (op = 0; op_class[op].op_class; op++) { - struct p2p_oper_class_map *o = &op_class[op]; + const struct p2p_oper_class_map *o = &op_class[op]; u8 ch; for (ch = o->min_chan; ch <= o->max_chan; ch += o->inc) { @@ -3931,9 +3931,9 @@ int wpas_p2p_init(struct wpa_global *global, struct wpa_supplicant *wpa_s) */ if (p2p_config_get_random_social(&p2p, &p2p.reg_class, &p2p.channel) != 0) { - wpa_printf(MSG_ERROR, - "P2P: Failed to select random social channel as listen channel"); - return -1; + wpa_printf(MSG_INFO, + "P2P: No social channels supported by the driver - do not enable P2P"); + return 0; } p2p.channel_forced = 0; } diff --git a/wpa_supplicant/preauth_test.c b/wpa_supplicant/preauth_test.c index ed570858..f4bba98e 100644 --- a/wpa_supplicant/preauth_test.c +++ b/wpa_supplicant/preauth_test.c @@ -27,7 +27,7 @@ #include "drivers/driver.h" -struct wpa_driver_ops *wpa_drivers[] = { NULL }; +const struct wpa_driver_ops *const wpa_drivers[] = { NULL }; struct preauth_test_data { diff --git a/wpa_supplicant/wpa_cli.c b/wpa_supplicant/wpa_cli.c index 9fbc5328..bf0a03f2 100644 --- a/wpa_supplicant/wpa_cli.c +++ b/wpa_supplicant/wpa_cli.c @@ -26,16 +26,16 @@ #endif /* ANDROID */ -static const char *wpa_cli_version = +static const char *const wpa_cli_version = "wpa_cli v" VERSION_STR "\n" "Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi> and contributors"; -static const char *wpa_cli_license = +static const char *const wpa_cli_license = "This software may be distributed under the terms of the BSD license.\n" "See README for more details.\n"; -static const char *wpa_cli_full_license = +static const char *const wpa_cli_full_license = "This software may be distributed under the terms of the BSD license.\n" "\n" "Redistribution and use in source and binary forms, with or without\n" @@ -2805,7 +2805,7 @@ struct wpa_cli_cmd { const char *usage; }; -static struct wpa_cli_cmd wpa_cli_commands[] = { +static const struct wpa_cli_cmd wpa_cli_commands[] = { { "status", wpa_cli_cmd_status, NULL, cli_cmd_flag_none, "[verbose] = get current WPA/EAPOL/EAP status" }, @@ -3350,7 +3350,7 @@ static struct wpa_cli_cmd wpa_cli_commands[] = { /* * Prints command usage, lines are padded with the specified string. */ -static void print_cmd_help(struct wpa_cli_cmd *cmd, const char *pad) +static void print_cmd_help(const struct wpa_cli_cmd *cmd, const char *pad) { char c; size_t n; @@ -3488,7 +3488,7 @@ static char ** wpa_cli_edit_completion_cb(void *ctx, const char *str, int pos) static int wpa_request(struct wpa_ctrl *ctrl, int argc, char *argv[]) { - struct wpa_cli_cmd *cmd, *match = NULL; + const struct wpa_cli_cmd *cmd, *match = NULL; int count; int ret = 0; diff --git a/wpa_supplicant/wpa_gui-qt4/wpagui.cpp b/wpa_supplicant/wpa_gui-qt4/wpagui.cpp index 408e3876..d2d76f16 100644 --- a/wpa_supplicant/wpa_gui-qt4/wpagui.cpp +++ b/wpa_supplicant/wpa_gui-qt4/wpagui.cpp @@ -1503,8 +1503,8 @@ void WpaGui::updateTrayIcon(TrayIconType type) if (!tray_icon || currentIconType == type) return; - QIcon icon; QIcon fallback_icon; + QStringList names; if (QImageReader::supportedImageFormats().contains(QByteArray("svg"))) fallback_icon = QIcon(":/icons/wpa_gui.svg"); @@ -1513,41 +1513,59 @@ void WpaGui::updateTrayIcon(TrayIconType type) switch (type) { case TrayIconOffline: - icon = QIcon::fromTheme("network-wireless-offline", - fallback_icon); + names << "network-wireless-offline-symbolic" + << "network-wireless-offline" + << "network-wireless-signal-none-symbolic" + << "network-wireless-signal-none"; break; case TrayIconAcquiring: - icon = QIcon::fromTheme("network-wireless-acquiring", - fallback_icon); + names << "network-wireless-acquiring-symbolic" + << "network-wireless-acquiring"; break; case TrayIconConnected: - icon = QIcon::fromTheme("network-wireless-connected", - fallback_icon); + names << "network-wireless-connected-symbolic" + << "network-wireless-connected"; break; case TrayIconSignalNone: - icon = QIcon::fromTheme("network-wireless-signal-none", - fallback_icon); + names << "network-wireless-signal-none-symbolic" + << "network-wireless-signal-none"; break; case TrayIconSignalWeak: - icon = QIcon::fromTheme("network-wireless-signal-weak", - fallback_icon); + names << "network-wireless-signal-weak-symbolic" + << "network-wireless-signal-weak"; break; case TrayIconSignalOk: - icon = QIcon::fromTheme("network-wireless-signal-ok", - fallback_icon); + names << "network-wireless-signal-ok-symbolic" + << "network-wireless-signal-ok"; break; case TrayIconSignalGood: - icon = QIcon::fromTheme("network-wireless-signal-good", - fallback_icon); + names << "network-wireless-signal-good-symbolic" + << "network-wireless-signal-good"; break; case TrayIconSignalExcellent: - icon = QIcon::fromTheme("network-wireless-signal-excellent", - fallback_icon); + names << "network-wireless-signal-excellent-symbolic" + << "network-wireless-signal-excellent"; break; } currentIconType = type; - tray_icon->setIcon(icon); + tray_icon->setIcon(loadThemedIcon(names, fallback_icon)); +} + + +QIcon WpaGui::loadThemedIcon(const QStringList &names, + const QIcon &fallback) +{ + QIcon icon; + + for (QStringList::ConstIterator it = names.begin(); + it != names.end(); it++) { + icon = QIcon::fromTheme(*it); + if (!icon.isNull()) + return icon; + } + + return fallback; } diff --git a/wpa_supplicant/wpa_gui-qt4/wpagui.h b/wpa_supplicant/wpa_gui-qt4/wpagui.h index c0de67b0..58c655d7 100644 --- a/wpa_supplicant/wpa_gui-qt4/wpagui.h +++ b/wpa_supplicant/wpa_gui-qt4/wpagui.h @@ -85,6 +85,8 @@ public slots: virtual void showTrayStatus(); virtual void updateTrayIcon(TrayIconType type); virtual void updateTrayToolTip(const QString &msg); + virtual QIcon loadThemedIcon(const QStringList &names, + const QIcon &fallback); virtual void wpsDialog(); virtual void peersDialog(); virtual void tabChanged(int index); diff --git a/wpa_supplicant/wpa_priv.c b/wpa_supplicant/wpa_priv.c index 6bd60b9e..4611a1d2 100644 --- a/wpa_supplicant/wpa_priv.c +++ b/wpa_supplicant/wpa_priv.c @@ -29,7 +29,7 @@ struct wpa_priv_interface { char *sock_name; int fd; - struct wpa_driver_ops *driver; + const struct wpa_driver_ops *driver; void *drv_priv; struct sockaddr_un drv_addr; int wpas_registered; diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c index b96fd8e7..06a16967 100644 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c @@ -55,11 +55,11 @@ #include "wpas_kay.h" #include "mesh.h" -const char *wpa_supplicant_version = +const char *const wpa_supplicant_version = "wpa_supplicant v" VERSION_STR "\n" "Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi> and contributors"; -const char *wpa_supplicant_license = +const char *const wpa_supplicant_license = "This software may be distributed under the terms of the BSD license.\n" "See README for more details.\n" #ifdef EAP_TLS_OPENSSL @@ -70,16 +70,16 @@ const char *wpa_supplicant_license = #ifndef CONFIG_NO_STDOUT_DEBUG /* Long text divided into parts in order to fit in C89 strings size limits. */ -const char *wpa_supplicant_full_license1 = +const char *const wpa_supplicant_full_license1 = ""; -const char *wpa_supplicant_full_license2 = +const char *const wpa_supplicant_full_license2 = "This software may be distributed under the terms of the BSD license.\n" "\n" "Redistribution and use in source and binary forms, with or without\n" "modification, are permitted provided that the following conditions are\n" "met:\n" "\n"; -const char *wpa_supplicant_full_license3 = +const char *const wpa_supplicant_full_license3 = "1. Redistributions of source code must retain the above copyright\n" " notice, this list of conditions and the following disclaimer.\n" "\n" @@ -87,7 +87,7 @@ const char *wpa_supplicant_full_license3 = " notice, this list of conditions and the following disclaimer in the\n" " documentation and/or other materials provided with the distribution.\n" "\n"; -const char *wpa_supplicant_full_license4 = +const char *const wpa_supplicant_full_license4 = "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n" " names of its contributors may be used to endorse or promote products\n" " derived from this software without specific prior written permission.\n" @@ -96,7 +96,7 @@ const char *wpa_supplicant_full_license4 = "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n" "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n" "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n"; -const char *wpa_supplicant_full_license5 = +const char *const wpa_supplicant_full_license5 = "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n" "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n" "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n" @@ -3077,12 +3077,34 @@ void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr, (wpa_s->current_ssid == NULL || wpa_s->current_ssid->mode != IEEE80211_MODE_IBSS)) { /* Timeout for completing IEEE 802.1X and WPA authentication */ - wpa_supplicant_req_auth_timeout( - wpa_s, - (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) || - wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA || - wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) ? - 70 : 10, 0); + int timeout = 10; + + if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) || + wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA || + wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) { + /* Use longer timeout for IEEE 802.1X/EAP */ + timeout = 70; + } + + if (wpa_s->current_ssid && wpa_s->current_bss && + (wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_WPS) && + eap_is_wps_pin_enrollee(&wpa_s->current_ssid->eap)) { + /* + * Use shorter timeout if going through WPS AP iteration + * for PIN config method with an AP that does not + * advertise Selected Registrar. + */ + struct wpabuf *wps_ie; + + wps_ie = wpa_bss_get_vendor_ie_multi( + wpa_s->current_bss, WPS_IE_VENDOR_TYPE); + if (wps_ie && + !wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1)) + timeout = 10; + wpabuf_free(wps_ie); + } + + wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0); } wpa_s->eapol_received++; @@ -4386,6 +4408,7 @@ struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global, #ifdef CONFIG_P2P if (wpa_s->global->p2p == NULL && + !wpa_s->global->p2p_disabled && !wpa_s->conf->p2p_disabled && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) && wpas_p2p_add_p2pdev_interface(wpa_s, iface->conf_p2p_dev) < 0) { wpa_printf(MSG_INFO, diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf index eb7434a8..c1bcbd49 100644 --- a/wpa_supplicant/wpa_supplicant.conf +++ b/wpa_supplicant/wpa_supplicant.conf @@ -297,6 +297,10 @@ fast_reauth=1 # format: <backend name>[:<optional backend parameters>] #ext_password_backend=test:pw1=password|pw2=testing + +# Disable P2P functionality +# p2p_disabled=1 + # Timeout in seconds to detect STA inactivity (default: 300 seconds) # # This timeout value is used in P2P GO mode to clean up diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h index 1b9753c0..8ed8b725 100644 --- a/wpa_supplicant/wpa_supplicant_i.h +++ b/wpa_supplicant/wpa_supplicant_i.h @@ -17,14 +17,14 @@ #include "config_ssid.h" #include "wmm_ac.h" -extern const char *wpa_supplicant_version; -extern const char *wpa_supplicant_license; +extern const char *const wpa_supplicant_version; +extern const char *const wpa_supplicant_license; #ifndef CONFIG_NO_STDOUT_DEBUG -extern const char *wpa_supplicant_full_license1; -extern const char *wpa_supplicant_full_license2; -extern const char *wpa_supplicant_full_license3; -extern const char *wpa_supplicant_full_license4; -extern const char *wpa_supplicant_full_license5; +extern const char *const wpa_supplicant_full_license1; +extern const char *const wpa_supplicant_full_license2; +extern const char *const wpa_supplicant_full_license3; +extern const char *const wpa_supplicant_full_license4; +extern const char *const wpa_supplicant_full_license5; #endif /* CONFIG_NO_STDOUT_DEBUG */ struct wpa_sm; @@ -518,7 +518,7 @@ struct wpa_supplicant { unsigned int last_scan_res_size; struct os_reltime last_scan; - struct wpa_driver_ops *driver; + const struct wpa_driver_ops *driver; int interface_removed; /* whether the network interface has been * removed */ struct wpa_sm *wpa; @@ -639,6 +639,7 @@ struct wpa_supplicant { int wps_success; /* WPS success event received */ struct wps_er *wps_er; unsigned int wps_run; + struct os_reltime wps_pin_start_time; int blacklist_cleared; struct wpabuf *pending_eapol_rx; diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c index 48a5d698..29c22ba2 100644 --- a/wpa_supplicant/wpas_glue.c +++ b/wpa_supplicant/wpas_glue.c @@ -1021,7 +1021,8 @@ static int wpa_supplicant_key_mgmt_set_pmk(void *ctx, const u8 *pmk, { struct wpa_supplicant *wpa_s = ctx; - if (wpa_s->conf->key_mgmt_offload) + if (wpa_s->conf->key_mgmt_offload && + (wpa_s->drv_flags & WPA_DRIVER_FLAGS_KEY_MGMT_OFFLOAD)) return wpa_drv_set_key(wpa_s, WPA_ALG_PMK, NULL, 0, 0, NULL, 0, pmk, pmk_len); else diff --git a/wpa_supplicant/wps_supplicant.c b/wpa_supplicant/wps_supplicant.c index 52594a10..8a5cb8e8 100644 --- a/wpa_supplicant/wps_supplicant.c +++ b/wpa_supplicant/wps_supplicant.c @@ -39,6 +39,14 @@ #define WPS_PIN_SCAN_IGNORE_SEL_REG 3 #endif /* WPS_PIN_SCAN_IGNORE_SEL_REG */ +/* + * The minimum time in seconds before trying to associate to a WPS PIN AP that + * does not have Selected Registrar TRUE. + */ +#ifndef WPS_PIN_TIME_IGNORE_SEL_REG +#define WPS_PIN_TIME_IGNORE_SEL_REG 5 +#endif /* WPS_PIN_TIME_IGNORE_SEL_REG */ + static void wpas_wps_timeout(void *eloop_ctx, void *timeout_ctx); static void wpas_clear_wps(struct wpa_supplicant *wpa_s); @@ -880,7 +888,8 @@ static int wpa_supplicant_wps_rf_band(void *ctx) if (!wpa_s->current_ssid || !wpa_s->assoc_freq) return 0; - return (wpa_s->assoc_freq > 2484) ? WPS_RF_50GHZ : WPS_RF_24GHZ; + return (wpa_s->assoc_freq > 50000) ? WPS_RF_60GHZ : + (wpa_s->assoc_freq > 2484) ? WPS_RF_50GHZ : WPS_RF_24GHZ; } @@ -1216,6 +1225,7 @@ static int wpas_wps_start_dev_pw(struct wpa_supplicant *wpa_s, int wpas_wps_start_pin(struct wpa_supplicant *wpa_s, const u8 *bssid, const char *pin, int p2p_group, u16 dev_pw_id) { + os_get_reltime(&wpa_s->wps_pin_start_time); return wpas_wps_start_dev_pw(wpa_s, NULL, bssid, pin, p2p_group, dev_pw_id, NULL, NULL, 0, 0); } @@ -1487,6 +1497,8 @@ int wpas_wps_init(struct wpa_supplicant *wpa_s) wps->dev.rf_bands |= WPS_RF_24GHZ; else if (modes[m].mode == HOSTAPD_MODE_IEEE80211A) wps->dev.rf_bands |= WPS_RF_50GHZ; + else if (modes[m].mode == HOSTAPD_MODE_IEEE80211AD) + wps->dev.rf_bands |= WPS_RF_60GHZ; } } if (wps->dev.rf_bands == 0) { @@ -1609,9 +1621,15 @@ int wpas_wps_ssid_bss_match(struct wpa_supplicant *wpa_s, * external Registrar. */ if (!wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1)) { - if (wpa_s->scan_runs < WPS_PIN_SCAN_IGNORE_SEL_REG) { - wpa_printf(MSG_DEBUG, " skip - WPS AP " - "without active PIN Registrar"); + struct os_reltime age; + + os_reltime_age(&wpa_s->wps_pin_start_time, &age); + + if (wpa_s->scan_runs < WPS_PIN_SCAN_IGNORE_SEL_REG || + age.sec < WPS_PIN_TIME_IGNORE_SEL_REG) { + wpa_printf(MSG_DEBUG, + " skip - WPS AP without active PIN Registrar (scan_runs=%d age=%d)", + wpa_s->scan_runs, (int) age.sec); wpabuf_free(wps_ie); return 0; } @@ -2582,6 +2600,10 @@ static int wpas_wps_nfc_rx_handover_sel(struct wpa_supplicant *wpa_s, (attr.rf_bands == NULL || *attr.rf_bands & WPS_RF_50GHZ)) freq = 5000 + 5 * chan; + else if (chan >= 1 && chan <= 4 && + (attr.rf_bands == NULL || + *attr.rf_bands & WPS_RF_60GHZ)) + freq = 56160 + 2160 * chan; if (freq) { wpa_printf(MSG_DEBUG, |