23 months agoCHROMIUM: hostapd: Add spectrum management option 77/58377/2 factory-4290.B factory-4455.B factory-pit-4280.B factory-pit-4390.B factory-pit-4471.B factory-spring-4262.B firmware-falco_peppy-4389.B firmware-leon-4389.26.B firmware-pit-4482.B firmware-wolf-4389.24.B master release-R29-4319.B release-R30-4537.B stabilize-4287.B stabilize-4443.B stabilize-4512.B
Paul Stewart [Wed, 12 Jun 2013 17:37:24 +0000 (10:37 -0700)]
CHROMIUM: hostapd: Add spectrum management option

Add the Spectrum Management capability flag.  Although hostapd
does not support this feature, we use this flag in testing to
cause clients to enable sensitivity to other 802.11h traffic.

TEST=Run WiFi autotests

Change-Id: If9185a40640333e93bd3d38da253b0e7e89c14a2
Reviewed-by: Christopher Wiley <>
Commit-Queue: Paul Stewart <>
Tested-by: Paul Stewart <>
2 years agoCHROMIUM: hostapd: Provide compile option for weak random numbers 06/48906/2 factory-4128.B factory-spring-4131.B release-R28-4100.B stabilize-4068.0.B stabilize-4100.38.B stabilize-4255.B stabilize-spring-4100.53.B toolchainB
Paul Stewart [Tue, 23 Apr 2013 00:41:55 +0000 (17:41 -0700)]
CHROMIUM: hostapd: Provide compile option for weak random numbers

Provide a configuration option for allowing the use of /dev/urandom
instead of /dev/random for the random number generator source.
This source performs more quickly at the expense of security but
can be useful in some limited scenarios like a testbed for WPA
authentication where the the client should not be denied access
just because the random number pool is too small.

TEST=Compile with and without use-flag; strings the executable

Change-Id: I2b92788205450e3c51dbb725f292d3495f615433
Reviewed-by: Christopher Wiley <>
Reviewed-by: mukesh agrawal <>
Commit-Queue: Paul Stewart <>
Tested-by: Paul Stewart <>
2 years agowpa_supplicant: dbus_new: Add EAP logon/logoff 03/48803/2
Paul Stewart [Mon, 22 Apr 2013 18:24:28 +0000 (11:24 -0700)]
wpa_supplicant: dbus_new: Add EAP logon/logoff

Add "EAPLogoff" and "EAPLogon" interface DBus commands which
parallel the "logoff" and "logon" wpa_ctrl commands which terminate
and restart EAP authentication.  Slightly enhance the "logon" case
by expiring any running "startWhile" timer.

TEST=Tested with new shill functions in

Change-Id: Id8c511d2b75bd289b695027598ce4402dcf3d861
Reviewed-by: Christopher Wiley <>
Commit-Queue: Paul Stewart <>
Tested-by: Paul Stewart <>
2 years agoCHROMIUM: wpa_supplicant: Disable high bitrates after association 51/48051/3 stabilize-4035.0.B
Christopher Wiley [Wed, 10 Apr 2013 21:17:18 +0000 (14:17 -0700)]
CHROMIUM: wpa_supplicant: Disable high bitrates after association

Instead of disabling high bitrates after authentication, disable them
after association.  This helps drivers like mwifiex which will refuse
to disable high rates before association completes.

TEST=Passes on both daisy and lumpy:
Associated lumpy with router by hand:
  - After association, 4-way handshake packets are nicely capped
  - Initial ARP packet is capped, and after we confirm we're talking
    to the same router, we give ourselves the old IP and go up to
    high speeds.


Change-Id: I13fbb9d2996075c446791740ac561ac8ccd11170
Tested-by: Christopher Wiley <>
Reviewed-by: Paul Stewart <>
Commit-Queue: Christopher Wiley <>

2 years agowpa_supplicant: tls_openssl: Store TLS context per-connection 28/47428/4 stabilize-4008.0.B
Paul Stewart [Fri, 5 Apr 2013 17:55:54 +0000 (10:55 -0700)]
wpa_supplicant: tls_openssl: Store TLS context per-connection

Store context for each tls_init() caller, so events are
generated for the correct wpa_s instance.  The tls_global
variable is retained for older OpenSSL implementations
that may not have app-data for SSL_CTX.  This allows us
to properly notify the correct interface when multple
interfaces perform 802.1x negotiations.

TEST=Perform network_8021xWiredAuthentication autotest while doing a
"dbus-monitor --system".  Make sure that the
"path=/fi/w1/wpa_supplicant1/Interfaces/xxx" parameter is consistent
across all "member=EAP" events as well as "member=Certification"

Change-Id: I3848f5370efe8e596d736a556464883d46a9317c
Reviewed-by: mukesh agrawal <>
Commit-Queue: Paul Stewart <>
Tested-by: Paul Stewart <>
2 years agoCHROMIUM: Don't blacklist SSID for locally generated disassociation 63/47263/2
Ashok Nagarajan [Wed, 3 Apr 2013 18:33:02 +0000 (11:33 -0700)]
CHROMIUM: Don't blacklist SSID for locally generated disassociation

During fast assocation process, trying to associate to AP1, we disconnect with
currently connected AP2. During this process, a locally generated
disassociation event happens resulting in AP2 sending a dissassociation frame.
wpa_supplicant wrongly thinks that it got a disassociation event from AP1 and sends AP1
to blacklist. So fix this by checking if the disassociation is generated
locally or not.

TEST=Manual( 1. Turn wpa debug to excessive
     2. Using script or manually, associate alternatively between two
     different APs repeatedly
     3. Shouldn't see any of these APs added
     to blacklist for locally generated disassociation)

Change-Id: Ibf64cfa65394addb54054ce7ff5f983be8d9fefc
Signed-off-by: Ashok Nagarajan <>
Reviewed-by: Paul Stewart <>
2 years agoCHROMIUM: Revert "wpa_supplicant: Disable logic to lower rates" 81/45881/3 release-R27-3912.B stabilize-3912.79.B toolchainA
mukesh agrawal [Tue, 19 Feb 2013 03:02:19 +0000 (19:02 -0800)]
CHROMIUM: Revert "wpa_supplicant: Disable logic to lower rates"

This patch intended to fix problems caused by disabling some
bitrates using NL80211_CMD_SET_TX_BITRATE_MASK. The idea was
that by not disabling any bitrates, we'd avoid the problem
where we disable all 5 GHz bitrates.

The problem with mwifiex's handling of NL80211_CMD_SET_TX_BITRATE_MASK
is fixed in the CL that this CL depends on. Hence, it is now
safe to disable higher bitrates with mwifiex.

This reverts commit 6569a1f252656f71230feae887b003eb628e5f09.

TEST=manual (see below)

Manual testing
- install image on dev-mode machine
- ctrl-alt-f2
- login: root
- wpa_debug debug
- ctrl-alt-f1
- connect to GoogleGuest
- sign in
- egrep "wpa_supplicant.+Disabling high bitrates" /var/log/net.log
  (should see some matches)
- egrep "wpa_supplicant.+Enabling high bitrates" /var/log/net.log
  (should see some matches)
- connect to qtest (see for password)
- suspend
- resume
- verify that system automatically, and successfully, connects to

Change-Id: Ib6055815f0d8a15adf581d8aadace5b822ce3578
Commit-Queue: mukesh agrawal <>
Reviewed-by: mukesh agrawal <>
Tested-by: mukesh agrawal <>
2 years agowpa_supplicant: Disable logic to lower rates during association 54/43354/4 factory-spring-3842.B firmware-spring-3824.4.B firmware-spring-3824.55.B firmware-spring-3824.84.B firmware-spring-3824.B stabilize-3881.0.B
Christopher Wiley [Fri, 15 Feb 2013 00:31:59 +0000 (16:31 -0800)]
wpa_supplicant: Disable logic to lower rates during association

Previously, we disabled high bitrates during the association process in
an effort to make our associations more tolerant to bad rate control
algorithms.  However, this triggers an unfortunately behavior in Snow
where we are unable to association with 5Ghz APs after resume.  For now,
lets disable this change until we have time to fix this by adjusting
rates in a way Snow will tolerate.

TEST=Associations with 5Ghz APs after resume work again.

Change-Id: I0c652c464f22f3154bb32cee19f5acf76d695aca
Commit-Queue: Christopher Wiley <>
Reviewed-by: Christopher Wiley <>
Tested-by: Christopher Wiley <>
2 years agoMake wpa_supplicant D-Bus policy more restrictive. 47/43047/3
Jorge Lucangeli Obes [Mon, 11 Feb 2013 19:38:53 +0000 (11:38 -0800)]
Make wpa_supplicant D-Bus policy more restrictive.

Restrict 'chronos'/'debugd' access to wpa_supplicant's D-Bus interfaces.

TEST=Build image, connect to open WiFi, connect to secure WiFi.
TEST=Check debug info in chrome:system.

Change-Id: Ia9af1f957d9277ececf0af4c7c301e3b062027fc
Tested-by: Jorge Lucangeli Obes <>
Reviewed-by: Kees Cook <>
Reviewed-by: Paul Stewart <>
Commit-Queue: Jorge Lucangeli Obes <>

2 years agoRevert "CHROMIUMOS: wpa_supplicant: Don't log SSIDs at INFO level." 19/42719/2 stabilize-bluetooth-smart
Darin Petkov [Wed, 6 Feb 2013 10:52:57 +0000 (11:52 +0100)]
Revert "CHROMIUMOS: wpa_supplicant: Don't log SSIDs at INFO level."

This reverts commit 7eb5233ba14c4f570e13f2ce8785cc35f536bd14.

TEST=unit tests; tested through feedback 605331133

Change-Id: I762be4894c87f2e93afe262e85c17233f8bfbca8
Tested-by: Darin Petkov <>
Reviewed-by: Paul Stewart <>
Reviewed-by: mukesh agrawal <>
Commit-Queue: Darin Petkov <>

2 years agowpa_supplicant: nl8011: Reassign NL80211_ATTR_SCAN_FLAGS 41/42641/2
Paul Stewart [Tue, 5 Feb 2013 19:50:33 +0000 (11:50 -0800)]
wpa_supplicant: nl8011: Reassign NL80211_ATTR_SCAN_FLAGS

Change the NL80211_ATTR_SCAN_FLAGS value to match upstream kernels.

TEST="test-flimflam scan" with new supplicant and kernel installed

Change-Id: I315dce8b3c39ae02db2a01401f83666f81b51f63
Reviewed-by: mukesh agrawal <>
Commit-Queue: Paul Stewart <>
Tested-by: Paul Stewart <>
2 years agoCHROMIUMOS: nl80211: Clean up pointer types 42/41542/2 stabilize-3658.0.0
Christopher Wiley [Thu, 17 Jan 2013 19:01:40 +0000 (11:01 -0800)]
CHROMIUMOS: nl80211: Clean up pointer types

Change a couple u8* to const char*.  This doesn't affect our
compilation, but it does affect wpa_supplicant's build system.


Change-Id: I59ababb3673777667a0e73e6fa97353706d413a3
Tested-by: Christopher Wiley <>
Reviewed-by: Paul Stewart <>
Commit-Queue: Christopher Wiley <>

2 years agoCHROMIUMOS: wpa_supplicant: Disable high bitrates after association 10/41210/7
Christopher Wiley [Mon, 14 Jan 2013 17:51:27 +0000 (09:51 -0800)]
CHROMIUMOS: wpa_supplicant: Disable high bitrates after association

Add functionality to disable "high" bitrates on association with a BSS.
Users of wpa_supplicant can set disable_high_bitrates=1 in their
interface config, which causes the driver to disable high bitrates on
the interface during associations.  The user can then call over DBus via
EnableHighBitrates() to re-enable high bitrates at their discretion.

This is intended to facilitate staying at low bitrates all the way
through DHCP negotiations and other one time initial connection setup
steps.  Some setup, like WPA negotiation, can time out before the system
rate control algorithm has a chance to wind down to sane rates.

TEST=Manual - connect to a 802.11g or n network and observe that the WPA
negotiations and DHCP lease negotiation takes place at artificially low
bitrates.  Observe that a connection manager can successfully re-enable
high bitrates after initial setup is finished.

Change-Id: Ibc4e9070344833b3a4bf5ac4abe736fd24e5013e
Commit-Queue: Christopher Wiley <>
Reviewed-by: Christopher Wiley <>
Tested-by: Christopher Wiley <>
2 years agoCHROMIUMOS: wpa_supplicant: Implement fast-associate on SelectNetwork 41/41341/5
Paul Stewart [Wed, 16 Jan 2013 02:28:09 +0000 (18:28 -0800)]
CHROMIUMOS: wpa_supplicant: Implement fast-associate on SelectNetwork

If scan results are available when we perform a SelectNetwork, use
them to make an associate decision.  This can save an entire scan
interval-worth of time in situations where something external to
wpa_supplicant (like a connection manager) has just previously
requested a scan before calling SelectNetwork.

TEST=Tested using WiFiMatFunc; the site_wlan_connect scripts in
the WiFi testbed do a good job of approximating the user "drop-down"

daisy before the change:

 [   0.011] Service not found; requesting scan...
 [   4.282] Service added to service list
 [   4.307] Initial state is association
 [   4.308] Supplicant state is 'scanning'
 [   8.518] Supplicant state is 'associating'
 [   8.525] Supplicant state is 'completed'
 [   8.528] Received signal (Strength=59)
 [   8.540] Service State changed to 'configuration'
 [   8.604] Received signal (IPConfig=/ipconfig/mlan0_8_dhcp)
 [   8.609] Received signal (Profile=/profile/test)
 [   8.611] Service State changed to 'ready'

daisy after the change:

 [   0.009] Service not found; requesting scan...
 [   4.303] Service added to service list
 [   4.334] Initial state is association
 [   4.336] Supplicant state is 'associating'
 [   4.336] Supplicant state is 'completed'
 [   4.416] Received signal (IPConfig=/ipconfig/mlan0_11_dhcp)
 [   4.417] Received signal (Profile=/profile/test)
 [   4.419] Service State changed to 'ready'

lumpy before the change:

 [   0.010] Service not found; requesting scan...
 [   4.009] Service added to service list
 [   4.026] Initial state is association
 [   4.027] Supplicant state is 'scanning'
 [   7.989] Supplicant state is 'authenticating'
 [   7.993] Received signal (Strength=78)
 [   7.998] Supplicant state is 'associating'
 [   8.009] Supplicant state is 'completed'
 [   8.013] Service State changed to 'configuration'
 [   8.096] Received signal (IPConfig=/ipconfig/wlan0_5_dhcp)
 [   8.097] Received signal (Profile=/profile/test)
 [   8.099] Service State changed to 'ready'

lumpy after the change:

 [   0.009] Service not found; requesting scan...
 [   4.028] Service added to service list
 [   4.040] Initial state is association
 [   4.042] Supplicant state is 'authenticating'
 [   4.042] Supplicant state is 'associating'
 [   4.048] Supplicant state is 'completed'
 [   4.053] Service State changed to 'configuration'
 [   4.103] Received signal (IPConfig=/ipconfig/wlan0_8_dhcp)
 [   4.105] Received signal (Profile=/profile/test)
 [   4.106] Service State changed to 'ready'

Change-Id: If19db6ec931907aba8e438743c7d0b773c5499a0
Reviewed-by: Christopher Wiley <>
Reviewed-by: mukesh agrawal <>
Commit-Queue: Paul Stewart <>
Tested-by: Paul Stewart <>
2 years agoUPSTREAM: Handle assoc reject events without wpa_supplicant SME 35/40535/2
Christopher Wiley [Wed, 7 Nov 2012 19:51:29 +0000 (11:51 -0800)]
UPSTREAM: Handle assoc reject events without wpa_supplicant SME

This is the upstream version of an my earlier change:

If the driver indicates the association (or authentication) was
rejected, wpa_supplicant should handle this connection failure similarly
to other cases. Previously, this was only handled with drivers that use
wpa_supplicant SME.

In case of cfg80211-based drivers, a rejected association was actually
already handled since cfg80211 generates a deauthentication event after
indicating connection failure. However, rejected authentication resulted
in wpa_supplicant waiting for authentication timeout to expire which is
unnecessary long wait.

Fix this by calling wpas_connection_failed() to use the common mechanism
to reschedule a new connection attempt with the previously attempted
BSSID blacklisted.

Signed-hostap: Jouni Malinen <>

TEST=Walk around the building with a device with a fullmac driver that
doesn't support SME.  Note that we roam correctly between BSS's.

Change-Id: I10b1348209a484f042720cf9e6f6fbdafa0fb39a
Tested-by: Christopher Wiley <>
Reviewed-by: Paul Stewart <>
Commit-Queue: Christopher Wiley <>

2 years agoCHROMIUMOS: wpa_supplicant: Add more DBus EAP status 24/41124/2
Paul Stewart [Fri, 11 Jan 2013 13:48:33 +0000 (05:48 -0800)]
CHROMIUMOS: wpa_supplicant: Add more DBus EAP status

Signal the start of EAP authentication as well as when additional
credentials are required to complete.

TEST=network_WiFiSecMat/072CheckWPA_1x_PEAP, observe DBus traffic

Change-Id: I80b6887fcfde1362ff5fc37ee25a8d8c7477e8d7
Reviewed-by: mukesh agrawal <>
Commit-Queue: Paul Stewart <>
Tested-by: Paul Stewart <>
2 years agoCHROMIUMOS: wpa_supplicant: Don't log SSIDs at INFO level. 10/41010/3
Darin Petkov [Thu, 10 Jan 2013 09:49:58 +0000 (10:49 +0100)]
CHROMIUMOS: wpa_supplicant: Don't log SSIDs at INFO level.

SSIDs are sensitive from PII standpoint so avoid logging them at
default (INFO) level. Audited all instances of wpa_ssid_txt.

TEST=tested on device, inspected logs

Change-Id: Ie3fe04df64cf8bca650a00fa4009cc9472f4330b
Tested-by: Darin Petkov <>
Reviewed-by: Paul Stewart <>
Commit-Queue: Darin Petkov <>

2 years agoCHROMIUMOS: wpa_supplicant: new_dbus_handlers: Clear errno 45/37645/2 factory-3536.B stabilize2 toolchain-3428.65.B
Paul Stewart [Thu, 8 Nov 2012 19:43:19 +0000 (11:43 -0800)]
CHROMIUMOS: wpa_supplicant: new_dbus_handlers: Clear errno

There are a few instances where dbus handlers test the value
of errno to test whether strtoul completes successfully.
Since strtoul does not clear errno, and there's no strong
reason to suspect that errno is already clear, it is safer
to clear it right before calling strtoul.  Also, any failure
in strtoul (setting errno non-zero) should be considered a

While testing using dbus-send, I found that a malformed
network path can cause a crash due to net_id being left
NULL.  We should test for this before calling strtoul
on it.

TEST=Manual -- switch between networks (causing RemoveNetwork)
to be called.

dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
    /fi/w1/wpa_supplicant1/Interfaces/0 \
    org.freedesktop.DBus.Properties.Get \
    string:fi.w1.wpa_supplicant1.Interface string:Networks
dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
   /fi/w1/wpa_supplicant1/Interfaces/0 \
   fi.w1.wpa_supplicant1.Interface.RemoveNetwork \
dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
   /fi/w1/wpa_supplicant1/Interfaces/0 \
   fi.w1.wpa_supplicant1.Interface.RemoveNetwork \
dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
   /fi/w1/wpa_supplicant1/Interfaces/0 \
   fi.w1.wpa_supplicant1.Interface.RemoveNetwork \

Signed-hostap: Paul Stewart <>

Change-Id: Icc26e2b420510ec1d8af5ddba1cf1fd939e58bfe
Reviewed-by: mukesh agrawal <>
Commit-Ready: Paul Stewart <>
Tested-by: Paul Stewart <>
2 years agoCHROMIUM: wpa_supplicant: Roam correctly through cfg80211 without SME
Christopher Wiley [Tue, 9 Oct 2012 18:20:26 +0000 (11:20 -0700)]
CHROMIUM: wpa_supplicant: Roam correctly through cfg80211 without SME

Change the nl80211 driver in wpa_supplicant to correctly handle
connecting to a new AP through cfg80211 without SME capability.  As
before, the driver will disconnect from the previously associated AP,
but now we attempt to immediately connect to our intended AP.  This
prevents us from blacklisting the AP we were trying to connect to
because of a semantic mismatch between cfg80211 and wpa_supplicant.  The
disconnect/connect patch generates a local disconnect nl80211 event
which we discard because we're already correctly tracking the pending
association request.

In detail:

cfg80211 does not support connecting to a new BSS while already
connected to another BSS, if the underlying driver doesn't support
separate authenticate and associate commands.  wpa_supplicant is written
to expect that this is a supported operation, except for a little error
handling that disconnects from the current BSS when roaming fails and
relies on autoconnect logic to reconnect later.  However, this failure
to connect is incorrectly attributed to the new AP we attempted to
associate with, rather than a local condition in cfg80211.

The combined effect of these two conditions is that full-mac drivers
accessible through cfg80211 but without SME capability take a long time
to roam across BSS's because wpa_supplicant will:
1) Fail to associate for local reasons
2) Disconnect and return that the association request failed
3) Blacklist the association target (incorrectly)
4) Do a scan
5) Pick a less desirable AP to associate with

TEST=Walk around the building with a device with a fullmac driver that
doesn't support SME.  Note that we roam correctly between BSS's.

Change-Id: Ibd75816cbf373fc606a1752a9f01610b9852aa27
Commit-Ready: Christopher Wiley <>
Reviewed-by: Christopher Wiley <>
Tested-by: Christopher Wiley <>
2 years agoCHROMIUM: wpa_supplicant: Abort associations on ASSOC_REJECT events
Christopher Wiley [Tue, 9 Oct 2012 17:37:48 +0000 (10:37 -0700)]
CHROMIUM: wpa_supplicant: Abort associations on ASSOC_REJECT events

Change wpa_supplicant to respond to AP triggered association failures by
locally aborting the association process.  For instance, certain
enterprise AP's return status code 17 (too many STAs) and reject
association requests when a particular AP has too many associated
devices.  Locally aborting the association process lets wpa_supplicant
begin roaming immediately rather than waiting for the authentication
timeout to fire.

This is similar to the behavior triggered when the driver does in fact
support separate authentication and association requests.

TEST=Walk around a building with multiple APs serving the same ESS and
some APs refusing associations with code 17.  Note that roaming to an
overbooked AP now immediately triggers an attempt to roam to a better
AP, rather than waiting the 5 seconds for the authentication attempt to

Change-Id: Ib715796fe770943c1206808d6ba503438c4d7bf6
Tested-by: Christopher Wiley <>
Reviewed-by: Paul Stewart <>
Reviewed-by: mukesh agrawal <>
Commit-Ready: Christopher Wiley <>

2 years agoUPSTREAM: Allow OBSS scan and 20/40 coex reports to non-SME drivers
Bing Zhao [Fri, 5 Oct 2012 23:11:57 +0000 (16:11 -0700)]
UPSTREAM: Allow OBSS scan and 20/40 coex reports to non-SME drivers

Some nl80211 based non-SME drivers (ex. mwifiex) are capable of
receiving management frames prepared in wpa_supplicant. Hence the
check for WPA_DRIVER_FLAGS_SME flag is removed so that they can
use 20/40 coex feature.

Signed-off-by: Amitkumar Karwar <>
Signed-off-by: Bing Zhao <>
Original patch submitted to wpa_supplicant mailing list:

TEST=pass pre-WiFi Cert. test case 5.2.48

Change-Id: If1d9b57f5ae139515f11ba4b5e73432441118225
Reviewed-by: Paul Stewart <>
Commit-Ready: Bing Zhao <>
Tested-by: Bing Zhao <>
2 years agoUPSTREAM: Add handling of OBSS scan requests and 20/40 BSS coex reports
Bing Zhao [Fri, 5 Oct 2012 23:10:22 +0000 (16:10 -0700)]
UPSTREAM: Add handling of OBSS scan requests and 20/40 BSS coex reports

Add support for HT STA to report 40 MHz intolerance to the associated AP.
A HT station generates a report (20/40 BSS coexistence) of channel list
if it finds a non-HT capable AP or a HT AP which prohibits 40 MHz
transmission (i.e., 40 MHz intolerant bit is set in HT capabilities IE)
from the scan results.

Parse the OBSS scan parameter from Beacon or Probe Response frames and
schedule periodic scan to generate 20/40 coexistence channel report if
requested to do so. This patch decodes Scan Interval alone from the OBSS
Scan Parameters element and triggers scan on timeout.

Signed-off-by: Rajkumar Manoharan <>
Signed-hostap: Jouni Malinen <>
Signed-off-by: Amitkumar Karwar <>
Signed-off-by: Bing Zhao <>
TEST=pass pre-WiFi Cert. test case 5.2.48

Change-Id: I6433b6490d421f890d6367ccc741e7116055f343
Reviewed-by: Paul Stewart <>
Commit-Ready: Bing Zhao <>
Tested-by: Bing Zhao <>
2 years agoUPSTREAM: Define 20/40 BSS Coexistence elements
Bing Zhao [Fri, 5 Oct 2012 23:08:28 +0000 (16:08 -0700)]
UPSTREAM: Define 20/40 BSS Coexistence elements

This patch defines 20/40 BSS Intolerant Channel Report element
(IEEE 802.11-2012 and 20/40 BSS Coexistence element
(IEEE 802.11-2012

Signed-off-by: Rajkumar Manoharan <>
Signed-hostap: Jouni Malinen <>
Signed-off-by: Amitkumar Karwar <>
Signed-off-by: Bing Zhao <>
TEST=pass pre-WiFi Cert. test case 5.2.48

Change-Id: Id0b9bd6d526ae027dc2f49a03df9990a651a20df
Reviewed-by: Paul Stewart <>
Commit-Ready: Bing Zhao <>
Tested-by: Bing Zhao <>
2 years agoCHROMIUMOS: bgscan_simple: set maximum fast-scans factory-2914.B factory-2985.B factory-2993.B factory-3004.B
Paul Stewart [Thu, 13 Sep 2012 22:41:59 +0000 (15:41 -0700)]
CHROMIUMOS: bgscan_simple: set maximum fast-scans

The maximum number of fast scans is currently computed by
counting the number of fast scans that can occur within
a long scan period.  ChromeOS can sometimes specify a very
lengthy long scan period.  To prevent this from causing us
to do a great number of background scans, provide an absolute
maximum for short scans.

TEST=Run on real machine starting off in a low-signal state,
observe backoff to long scan interval after 5 scans.

Change-Id: Ib9d408b0fe343fa1014f87cfc5a5c8a266d3515a
Commit-Ready: Paul Stewart <>
Reviewed-by: Paul Stewart <>
Tested-by: Paul Stewart <>
2 years agoCHROMIUM: wpa_supplicant: Don't stop bgscan on group rekey factory-2846.B factory-2848.B
Paul Stewart [Tue, 28 Aug 2012 16:03:16 +0000 (09:03 -0700)]
CHROMIUM: wpa_supplicant: Don't stop bgscan on group rekey

Depending on the network, WPA group rekeying can happen quite often.
On each of these events wpa_supplicant currently deinitializes
background-scan state.  Doing so will erase all state we currently
have and in poor-RSSI multi-AP scenarios, this will restart
fast-scanning.  Change this behavior and except the group-rekeying
state from the set of non-CONNECTED states that cause us to
de-initialize background scan.

TEST=Modified version of network_WiFiSecMat.016CheckWPA_GTK_Rekey
for which bgscan parameters are manually specified.   Monitor logs
for messages about bgscan init / deinit.  Observe that without
the change bgscan is stoped on "COMPLETED -> GROUP_HANDSHAKE"
and restarted on "GROUP_HANDSHAKE -> COMPLETED", and with this
change neither transition occurs.

Change-Id: I910aa7ad2da1c519e3bf2989e2b8be2cc712ef8d
Reviewed-by: Wade Guthrie <>
Reviewed-by: mukesh agrawal <>
Commit-Ready: Paul Stewart <>
Tested-by: Paul Stewart <>
2 years agoCHROMIUM: wpa_supplicant: disable the SessionTicket extension in SSL firmware-stout-2817.B
mukesh agrawal [Fri, 24 Aug 2012 17:31:18 +0000 (10:31 -0700)]
CHROMIUM: wpa_supplicant: disable the SessionTicket extension in SSL

Some RADIUS servers choke if the Client Hello message includes
unrecognized options. Turn off the SessionTicket extension, to
work with these servers.

TEST=manual (see below)

Manual testing: do packet capture on DUT while associating
with an 802.1x network, verify that the "SessionTicket TLS"
extension is not sent in Client Hello message.

Change-Id: I44027ca1c60004d3eb7df4e9d7050bbdf4476373
Reviewed-by: Paul Stewart <>
Commit-Ready: mukesh agrawal <>
Tested-by: mukesh agrawal <>
2 years agoCHROMIUM: wpa_supplicant: Add DBus "Reassociate" command firmware-butterfly-2788.B
Paul Stewart [Thu, 9 Aug 2012 04:28:21 +0000 (21:28 -0700)]
CHROMIUM: wpa_supplicant: Add DBus "Reassociate" command

Create a DBus command to reassociate, similar to the
ctrl-interface "reassociate" command.

dbus-send  --system --print-reply --dest=fi.w1.wpa_supplicant1 /fi/w1/wpa_supplicant1/Interfaces/0 fi.w1.wpa_supplicant1.Interface.Reassociate
both while connected and while disconnected.

Change-Id: Ic9fa6c577808e3d753175d8cba8acbe3463eb1ee
Reviewed-by: mukesh agrawal <>
Tested-by: Paul Stewart <>
Commit-Ready: Paul Stewart <>

2 years agoCHROMIUMOS: wpa_supplicant: ca_cert_verify for TPM factory-2717.B factory-2723.14.B firmware-link-2695.2.B firmware-link-2695.B firmware-parrot-2685.B firmware-snow-2695.90.B firmware-snow-2695.B
Christopher Wiley [Tue, 24 Jul 2012 21:10:15 +0000 (14:10 -0700)]
CHROMIUMOS: wpa_supplicant: ca_cert_verify for TPM

This bit is set in the code path that handles keys and certs from places
other than openssl authentication engines.  Setting this bit causes
authentication to fail when the server provides certificates that don't
match the client certificate authority.

TEST=Ran patched 019CheckWPA_1x_AES test, fixes described situation
Change-Id: I65acf4a9adc2c57ebc2fd4f410b260e374b481ea
Tested-by: Christopher Wiley <>
Reviewed-by: Paul Stewart <>
Reviewed-by: mukesh agrawal <>
Commit-Ready: Christopher Wiley <>

2 years agoCHROMIUMOS: wpa_supplicant: adjust "Fix a couple memory leaks"
Paul Stewart [Fri, 13 Jul 2012 18:13:35 +0000 (11:13 -0700)]
CHROMIUMOS: wpa_supplicant: adjust "Fix a couple memory leaks"

Upstream comments to commit fcf6214497aa80cb2a8901f6877cda39381a8684
pointed out an issue with the use of a macro that had an embedded
"goto" in it.  This change is a fix-up to the current version of
the proposed upstream fix.


Change-Id: I44ab44511579c9425fd5c972403d51567166781f
Reviewed-by: mukesh agrawal <>
Commit-Ready: Paul Stewart <>
Tested-by: Paul Stewart <>
2 years agoCHROMIUMOS: wpa_supplicant: Don't leak scan frequencies factory-2460.B factory-2475.B factory-2569.B
Paul Stewart [Fri, 8 Jun 2012 00:50:36 +0000 (17:50 -0700)]
CHROMIUMOS: wpa_supplicant: Don't leak scan frequencies

Use a single buffer for storing the list of frequencies to use
for background scan (in the order they should be scanned).
Instead of allocating it once for each scan (then leaking it,
as the previous implementation did), create the buffer at
the start of the background scan method.


Change-Id: I743caecde13ffd973262d51b336c255af62835af
Reviewed-by: Gary Morain <>
Commit-Ready: Paul Stewart <>
Tested-by: Paul Stewart <>
2 years agoUPSTREAM: BSS: Fix use-after-realloc
Eliad Peller [Mon, 5 Mar 2012 15:09:55 +0000 (17:09 +0200)]
UPSTREAM: BSS: Fix use-after-realloc

After reallocation of the bss struct, current_bss wasn't updated and
could hold an invalid pointer (which might get dereferenced later).

Update current_bss if the pointer was changed.

Signed-hostap: Eliad Peller <>
intended-for: hostap-1
(cherry picked from commit eb37e085a4c17a7ebdf258d480c5f2c8a2ac7f08)


Change-Id: Ic0ddd3f501284caa9bc03b72d9947edea7cc87bf
Reviewed-by: mukesh agrawal <>
Commit-Ready: Paul Stewart <>
Tested-by: Paul Stewart <>
2 years agoCHROMIUMOS: wpa_supplicant: Fix a couple memory leaks
Paul Stewart [Thu, 7 Jun 2012 02:00:33 +0000 (19:00 -0700)]
CHROMIUMOS: wpa_supplicant: Fix a couple memory leaks

Found using valgrind.


Change-Id: I75b9e9fc5b96b0f14e245afd656d8961d55a8178
Commit-Ready: Paul Stewart <>
Reviewed-by: Paul Stewart <>
Tested-by: Paul Stewart <>
2 years agoUPSTREAM: wpa_supplicant: Report EAP connection progress to DBus
Paul Stewart [Mon, 4 Jun 2012 18:10:01 +0000 (21:10 +0300)]
UPSTREAM: wpa_supplicant: Report EAP connection progress to DBus

Send an "EAP" signal via the new DBus interface under various
conditions during EAP authentication:

  - During method selection (ACK and NAK)
  - During certificate verification
  - While sending and receiving TLS alert messages
  - EAP success and failure messages

This provides DBus callers a number of new tools:

  - The ability to probe an AP for available EAP methods
    (given an identity).
  - The ability to identify why the remote certificate was
    not verified.
  - The ability to identify why the remote peer refused
    a TLS connection.

Signed-hostap: Paul Stewart <>
(cherry picked from commit 926f66a307bf63ba163c99a97ce1577805f7f82c)

TEST=Manual: Various "dbus-monitor" traces under varying conditions:
  - Bad server certificate
  - Bad client certificate
  - Wrong EAP method
  - Successful connection

Change-Id: Ifc99b2f2e57850956fdeafbf7e1edc54864b41a0
Reviewed-by: mukesh agrawal <>
Tested-by: Paul Stewart <>
Commit-Ready: Paul Stewart <>

3 years agoCHROMIUMOS: wpa_supplicant: Don't remove a BSS that is in use factory-2338.B factory-2368.B factory-2394.B firmware-link-2348.B
Paul Stewart [Wed, 16 May 2012 00:30:56 +0000 (17:30 -0700)]
CHROMIUMOS: wpa_supplicant: Don't remove a BSS that is in use

When looking for a BSS to eject due to too many entries, never not pick one
that is in use.  Otherwise, we run the risk of having pointers to freed
data in fast-reconnect.

BUG=chromium-os:30050, chromium-os:30709
TEST=Run in-system with DEFAULT_BSS_MAX_COUNT set to 2 and 1.  Ensure
connected network remains in scan list.

Change-Id: Iaaf2a3a1a7d6a32c69d0a7f67bb0cf590946c2ed
Reviewed-by: mukesh agrawal <>
Tested-by: Paul Stewart <>
Commit-Ready: Paul Stewart <>

3 years agoCHROMIUM: wpa_supplicant: refactor immediate disconnect notification factory-2268.16.B factory-2305.B
Gary Morain [Tue, 17 Apr 2012 23:49:19 +0000 (16:49 -0700)]
CHROMIUM: wpa_supplicant: refactor immediate disconnect notification

The disconnect reason is sent immediately to the dbus by calling
wpa_dbus_flush_object_changed_properties.  This change moves the
call to this function to under the dbus directory in order to
avoid notify.c including a private header (dbus/dbus_common_i.h)
from the dbus directory.

Fix other style nits found while trying to upstream.

TEST=Manual.  Connect to WiFi network.  Run 'dbus-monitor --system'.
Disable WiFi.  Verify that dbus shows a DisconnectReason = -3.

Change-Id: I0d4f457363235828fb8f9621bc5c1774c6af37ec
Reviewed-by: Paul Stewart <>
Commit-Ready: Gary Morain <>
Tested-by: Gary Morain <>
3 years agoCHROMIUM: wpa_supplicant: export disconnect reason code to dbus
Gary Morain [Fri, 24 Feb 2012 19:10:16 +0000 (11:10 -0800)]
CHROMIUM: wpa_supplicant: export disconnect reason code to dbus

In the properties changed signal, added a new propery "DisconnectReason",
which carries the IEEE 802.11 reason code of the most recent
disassociation or deauthentication event.  The reason code is negative
if it is locally generated.  The property is sent to the DBUS
immediately so as to prevent it from being coalesced with other
disconnect events.

TEST=Manual testing.  Disabled WiFi interface and, using dbus-monitor, saw
DisconenctReason == -3, which means DEAUTH_LEAVING, locally generated.

Change-Id: Id1c3f2b63422546ead00f9649b24bd97a73696d1
Commit-Ready: Gary Morain <>
Reviewed-by: Gary Morain <>
Tested-by: Gary Morain <>
3 years agoCHROMIUMOS: Create DBus getter/setter for ScanInterval release-R19-2046.B
mukesh agrawal [Tue, 13 Mar 2012 18:52:54 +0000 (11:52 -0700)]
CHROMIUMOS: Create DBus getter/setter for ScanInterval

Enable control of wpa_s->scan_interval via D-Bus. This parameter
controls the delay between successive scans for a suitable AP.

Also, update dbus.doxygen with ScanInterval, and some other
parameters that were undocumented.

TEST=manual (see below)

Manual testing:
- wpa_debug excessive
- dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
    /fi/w1/wpa_supplicant1/Interfaces/0 \
    org.freedesktop.DBus.Properties.Set \
    string:fi.w1.wpa_supplicant1.Interface \
    string:ScanInterval variant:int32:10
- grep "Setting scan interval" /var/log/messages

Change-Id: I70876e4959b2bee69e704a33072d5341d42387e0
Commit-Ready: mukesh agrawal <>
Reviewed-by: mukesh agrawal <>
Tested-by: mukesh agrawal <>
3 years agoCHROMIUMOS: wpa_supplicant: fix tx aborting a scan
Gary Morain [Fri, 23 Mar 2012 18:37:35 +0000 (11:37 -0700)]
CHROMIUMOS: wpa_supplicant: fix tx aborting a scan

Setting tx_abort needs to occur in both wpa_driver_nl80211_scan
and wpa_driver_nl80211_sched_scan.

TEST=Manual.  Run "iw event -f" in the background; run
"ping -i .25 <host>"; wait for wpa_supplicant to issue a bgscan; note
that the scan is aborted due to the ping; issue "iw dev wlan0 scan"
and note the scan is not aborted and the ping packets are noticeably

Change-Id: I0d8a6e88aef5801613e57924875a39c1b9e773e9
Reviewed-by: Paul Stewart <>
Commit-Ready: Gary Morain <>
Tested-by: Gary Morain <>
3 years agoUnbreak wpa_supplicant for release images. factory-1987.B
Jorge Lucangeli Obes [Thu, 23 Feb 2012 17:48:24 +0000 (09:48 -0800)]
Unbreak wpa_supplicant for release images.

TEST=Connect to a wireless network using a non-test image.
TEST=Connect to the corp wireless network using a non-test image.

Change-Id: Iaa2e1ab1d4e45822d2af4ef633def95173facc51
Tested-by: Jorge Lucangeli Obes <>
Commit-Ready: Jorge Lucangeli Obes <>
Reviewed-by: Paul Stewart <>
3 years agoChange policy so that user "wpa" owns wpa_supplicant DBus interfaces.
Jorge Lucangeli Obes [Wed, 15 Feb 2012 00:54:50 +0000 (16:54 -0800)]
Change policy so that user "wpa" owns wpa_supplicant DBus interfaces.

TEST=build_image, connect to a wireless network.
TEST=Run WiFiMatFunc, WiFiSecMat and WiFiPerf on the WiFi testbed.

Change-Id: I3eca905e16cd2aec2108c435e5483169ec0a2406
Commit-Ready: Jorge Lucangeli Obes <>
Reviewed-by: Jorge Lucangeli Obes <>
Tested-by: Jorge Lucangeli Obes <>
3 years agoCHROMIUM: add DBus introspection XML
Elly Jones [Thu, 9 Feb 2012 20:22:49 +0000 (15:22 -0500)]
CHROMIUM: add DBus introspection XML

Build, then ls /build/$board/usr/share/dbus-1/interfaces

Change-Id: I2ebfc312177af2068f84db0f82996992cddcb3c9
Signed-off-by: Elly Jones <>
(cherry picked from commit bf021c847a0445eca5ad4f3f0c6d8ab6b52a9ba8)
Reviewed-by: Will Drewry <>
Reviewed-by: Sam Leffler <>
3 years agoCHROMIUMOS: wpa_debug: add syslog support for wpa_hexdump_ascii
Sam Leffler [Tue, 31 Jan 2012 19:03:31 +0000 (11:03 -0800)]
CHROMIUMOS: wpa_debug: add syslog support for wpa_hexdump_ascii

Add missing support for wpa_hexdump_ascii with syslog.  This
actually cheats and just uses wpa_hexdump since the ascii
formatting is painful and unlikely to be desired with syslog.

TEST=enable debuging and associate to Google-A; verify hexdumps are included in the log [tested with log to stdout and to syslog]

Change-Id: I47029c5660aa73141b905e3ce0e42355860d0941

3 years agoCHROMIUMOS: wpa_supplicant: notify bss signal changes
Sam Leffler [Thu, 29 Dec 2011 17:57:03 +0000 (09:57 -0800)]
CHROMIUMOS: wpa_supplicant: notify bss signal changes

Update the current bss's signal strength in response to
EVENT_SIGNAL_CHANGE and generate a dbus signal (as needed).  This allows
clients to more closely track the current signal maintained for the
current bss.

TEST=disable bgscan and then do a walk-around test to verify CQM events generate dbus PropertyChange signals

Change-Id: Ifa1c582f40e37d309ffb71a655b336bbd78c64a7

3 years agoCHROMIUMOS: wpa_supplicant: improve roaming when noise floor available
Sam Leffler [Wed, 26 Oct 2011 21:41:55 +0000 (14:41 -0700)]
CHROMIUMOS: wpa_supplicant: improve roaming when noise floor available

When the noise floor is available we can do a better job deciding when
to roam by using SNR instead of the signal level.  In addition roam only
if the current AP's snr is below a threshold.  For situations where the
noise floor is not available we fall back to the previous algorithm.
New config parameters roam_threshold and roam_min hold the values used
by the roaming algorithm. These can also be set through the control

TEST=WiFiRoaming suite + walk-around tests + ATEN roaming tests

Change-Id: I1aae8c492618d01242462c2ee76b76fd8a9df0a3
Commit-Ready: Sam Leffler <>
Reviewed-by: Sam Leffler <>
Tested-by: Sam Leffler <>
3 years agoCHROMIUMOS: wpa_supplicant: make bgscan_simple scan all channels
Sam Leffler [Tue, 22 Nov 2011 23:48:59 +0000 (15:48 -0800)]
CHROMIUMOS: wpa_supplicant: make bgscan_simple scan all channels

Correct the logic to form the frequency list for scan requests so that
it includes all supported channels.  We were wrongly copying the zero
sentinel to the front of the frequenty list causing the scan request
to be discarded.

BUG=none (possibly many but nothing specific)
TEST=manual:wpa_debug debug and ping the next hop gw so scans are aborted; walk around to trigger scanning and roaming and verify the scan list is always complete

Change-Id: I91c5b214e8a09635dcde49daa26fdbd14045f304
Reviewed-by: Paul Stewart <>
Commit-Ready: Sam Leffler <>
Tested-by: Sam Leffler <>
3 years agoCHROMIUMOS: wpa_supplicant: Refinements to fast-scan backoff
Paul Stewart [Fri, 7 Oct 2011 00:33:00 +0000 (17:33 -0700)]
CHROMIUMOS: wpa_supplicant: Refinements to fast-scan backoff

These changes account for situations where the CQM threshold
might be approximately the same as the currently received signal,
and thus CQM events are triggered often due to measurement
error/small fluctuations.  This results in scanning occurring
too frequently.

Firstly, inhibit the immediate scan when the short-scan count
is at the maximum.  This keeps bursts of CQM toggling from
causing a torrent of back-to-back scans.  This does not inhibit
immediate scans if the CQM triggers a second time (if the signal
falls lower past the hysteresis).  This reduces the scan rate in
the worst case (fast-rate toggling high/low CQM events) to the
short scan interval.

Secondly, change the behavior of the short scan count so it acts like
a "leaky bucket".  As we perform short-scans, the bucket fills until
it reaches a maximal short-scan count, at which we back-off and
revert to a long scan interval.  The short scan count decreases by
one (emptying the bucket) every time we complete a long scan interval
without a low-RSSI CQM event.

This reduces the impact of medium-rate toggling of high/low CQM
events, reducing the number of short-interval scans that occur before
returning to a long-interval if the system was recently doing
short scans.

TEST=Manual -- set threshold and experiment with crossing backwards
and forwards across CQM boundary.  To do this, observe the current
signal and noise values ("wpa_debug msgdump", then wait for "Signal"
and "Noise" messages in /var/log/messages).  You should then set your
threshold to "-95 + Signal - Noise", using the command:
   /usr/local/lib/flimflam/test/set-bgscan BgscanSignalThreshold=<threshold>
At this point, simply moving closer or futher from your AP should
cause CQM events.

Change-Id: I6bf38d6aad4be99fbe8ca6964631b53ccfbd8c92
Reviewed-by: Sam Leffler <>
Tested-by: Paul Stewart <>
3 years agoCHROMIUMOS: wpa_supplicant: add support for tx aborting a scan
Sam Leffler [Tue, 19 Jul 2011 22:27:11 +0000 (15:27 -0700)]
CHROMIUMOS: wpa_supplicant: add support for tx aborting a scan

Add support to mark a scan request so that outbound traffic will abort the
operation and report whether a completed scan was aborted.  This mechanism
is implemented for nl80211 by setting NL80211_SCAN_FLAG_TX_ABORT in a
new NL80211_ATTR_SCAN_FLAGS property.

TEST=manual:depends on other changes

Change-Id: I348943800428dc8db1ca0c07996421cb20a7f5e3
Reviewed-by: Gary Morain <>
Reviewed-by: Paul Stewart <>
Tested-by: Sam Leffler <>
Commit-Ready: Sam Leffler <>

3 years agoCHROMIUMOS: wpa_supplicant: do not expire bss entries when a scan is aborted
Sam Leffler [Tue, 19 Jul 2011 22:34:48 +0000 (15:34 -0700)]
CHROMIUMOS: wpa_supplicant: do not expire bss entries when a scan is aborted

If a scan request completes prematurely do not run the normal bss expire
logic as it removes entries that have not been seen for N complete scans.
This should only slightly delay expiring old entries as the only aborted
scans are/will be background scans.

TEST=manual:depends on other changes

Change-Id: I4dae4b7fa81f967d400d6630aa8df01f544fc37a
Reviewed-by: Gary Morain <>
Reviewed-by: Paul Stewart <>
Tested-by: Sam Leffler <>
Commit-Ready: Sam Leffler <>

3 years agoCHROMIUMOS: bgscan_simple: mark scans so that tx will abort
Sam Leffler [Tue, 19 Jul 2011 22:38:39 +0000 (15:38 -0700)]
CHROMIUMOS: bgscan_simple: mark scans so that tx will abort

Reduce latency of outbound traffic by marking background scans to be
aborted.  To ensure we eventually visit all channels without a foreground
scan explicitly specify the list of frequencies to scan and order it based
on channels known to have been visited during recent aborted bg scans.

TEST=manual:run ping -i .25 <host> and do a walk-around test; observe bg scan's are preempted using iw and the RTT's are never increased by more than the time to return to the BSS channel

Change-Id: I2e42708b7a5334e6b9972a79f1df924c9771ef07
Reviewed-by: Gary Morain <>
Reviewed-by: Paul Stewart <>
Tested-by: Sam Leffler <>
Commit-Ready: Sam Leffler <>

3 years agoCHROMIUMOS: wpa_supplicant: Create presubmit config for wpa_supplicant
Paul Stewart [Thu, 15 Sep 2011 21:25:10 +0000 (14:25 -0700)]
CHROMIUMOS: wpa_supplicant: Create presubmit config for wpa_supplicant

supplicant is third-party code with a different license and
style ruleset than internal.  Relax a few things in test.

TEST=Submitted without overriding

Change-Id: Ia2467edba38ff5c82be63e4a01771643c914d2b2
Reviewed-by: Sam Leffler <>
Tested-by: Paul Stewart <>
3 years agoCHROMIUMOS: wpa_supplicant: change dbus access policy
Sam Leffler [Mon, 22 Aug 2011 22:12:29 +0000 (15:12 -0700)]
CHROMIUMOS: wpa_supplicant: change dbus access policy

Give the chronos user dbus access to the Properties interface instead
of depending on being "at_console".  The latter stopped working when
the policykit went away (breaking wpa_debug unless you were root).

TEST=run wpa_debug from crosh and note it works

Change-Id: Id11452b52fe22b4a7f933d6942417c13790e112f
Reviewed-by: Chris Masone <>
Tested-by: Sam Leffler <>
3 years agoCHROMIUMOS: wpa_supplicant: Accept raw PMK in new DBus API
Sam Leffler [Fri, 1 Apr 2011 00:39:06 +0000 (17:39 -0700)]
CHROMIUMOS: wpa_supplicant: Accept raw PMK in new DBus API

"psk" field, in set_network_properties(), was always getting quoted even when
containing a raw key (64 characters length representing the hexadecimal value
of the raw key).

Signed-off-by: Tomasz Bursztyka <>
(pulled from upstream patch)


Review URL:

Change-Id: I1f9f5215b02a8cc0e532ca105f68a8828736ce21

3 years agoCHROMIUMOS: bgscan: Add centralized signal_monitor
Paul Stewart [Mon, 28 Mar 2011 20:34:59 +0000 (13:34 -0700)]
CHROMIUMOS: bgscan: Add centralized signal_monitor

The signal strength number tells only half of the picture with
respect to signal quality.  The other half is the prevailing
noise on the channel.  The two together indicate how easily the
interface is able to pull data out of the background noise.

This change takes noise into account, by caclulating a CQM
threshold based both on the RSSI and noise.  This noise value is
available in the CQM events as well as polled data.  Since most
background scan algorithms will probably want to do this the same
way, I have added this as routines in bgscan.c that can be
utilized by individual background scan mechanisms.

Additionally, I've modified bgscan_simple to use this mechanism,
and scheduled noise floor updates to happen at the same rate as
background scans (the noisefloor should be a slowly changing

TEST=Manual -- observe nl80211 messages within supplicant indicating
actual CQM thresholds, as well as timing between these and bgscan
messages indicating updates.

Change-Id: If5f8a54a5b028796874c924999adf01668866d35

3 years agoCHROMIUMOS: Setup code review inheritance
Anush Elangovan [Sat, 5 Jun 2010 20:12:31 +0000 (13:12 -0700)]
CHROMIUMOS: Setup code review inheritance

Change-Id: I04a7ed7113d78bcea9e5748f3d5eb2f316862c6f

3 years agoCHROMIUMOS: Adds a link from . to hostap.git
Ryan Cairns [Tue, 29 Jun 2010 16:39:29 +0000 (09:39 -0700)]
CHROMIUMOS: Adds a link from . to hostap.git

Review URL:

Change-Id: Icc733329f879889aca6b2fecca347cd98d368e05

3 years agoCHROMIUMOS: wpa_supplicant: remove d-bus specification for the old api
Sam Leffler [Mon, 4 Oct 2010 18:03:20 +0000 (11:03 -0700)]
CHROMIUMOS: wpa_supplicant: remove d-bus specification for the old api

The old api is being jettisoned.  Remove the d-bus spec so if anyone
tries to use it we'll get meaningul log msgs (more than cannot connect
to the service).

Change-Id: I6b2932a5205e30c9ab723951bc248bc12d3eaa6b

TEST=manual:boot w/ this change and old api support removed from the build and verify wifi works as expected

Review URL:

3 years agoCHROMIUMOS: wpa_supplicant: Permit the at_console user access
Nathan Williams [Wed, 10 Nov 2010 22:22:10 +0000 (17:22 -0500)]
CHROMIUMOS: wpa_supplicant: Permit the at_console user access

Permit the at_console user access to the root properties of
wpa_supplicant, so that they can set the debug variables. The properties
at this node are three debug variables

TEST=Remove sudo from wpa_debug (separate CL) and run as chronos
user. Check for error, as opposed to a valid response.

Change-Id: I46479510b2b32be7eaa98ae860bdd8c4f91521e5

Review URL:

3 years agoInterworking: Fix EAP-TTLS/MSCHAP configuration
Jouni Malinen [Tue, 31 Jan 2012 14:20:43 +0000 (16:20 +0200)]
Interworking: Fix EAP-TTLS/MSCHAP configuration

Copy-paste error ended up using CHAP when MSCHAP was supposed to be

Signed-hostap: Jouni Malinen <>

3 years agoWPS: Disable AP PIN after 10 consecutive failures
Jouni Malinen [Mon, 30 Jan 2012 15:31:06 +0000 (17:31 +0200)]
WPS: Disable AP PIN after 10 consecutive failures

While the exponential increase in the lockout period provides an
efficient mitigation mechanism against brute force attacks, this
additional trigger to enter indefinite lockout period (cleared by
restarting hostapd) will limit attacks even further by giving maximum of
10 attempts (without authorized user action) even in a very long term

Signed-hostap: Jouni Malinen <>

3 years agoSupport HT capability overrides
Ben Greear [Sun, 29 Jan 2012 19:01:31 +0000 (21:01 +0200)]
Support HT capability overrides

This allows HT capabilities overrides on kernels that
support these features.

MCS Rates can be disabled to force to slower speeds when using HT.
Rates cannot be forced higher.

HT can be disabled, forcing an 802.11a/b/g/n station to act like
an 802.11a/b/g station.

HT40 can be disabled.

MAX A-MSDU can be disabled.
A-MPDU Factor and A-MPDU Density can be modified.

Please note that these are suggestions to the kernel. Only mac80211
drivers will work at all. The A-MPDU Factor can only be decreased and
the A-MPDU Density can only be increased currently.

Signed-hostap: Ben Greear <>

3 years agoRemove duplicated TERMINATING event
Jouni Malinen [Sun, 29 Jan 2012 18:23:07 +0000 (20:23 +0200)]
Remove duplicated TERMINATING event

Now that CTRL-EVENT-TERMINATING even is sent at the end of interface
removal in case wpa_supplicant process is going to terminate, there
is no need for this duplicated event in the signal handler.

Signed-hostap: Jouni Malinen <>

3 years agoMove ctrl_iface deinit into the end of interface deinit
Dmitry Shmidt [Sun, 29 Jan 2012 18:21:07 +0000 (20:21 +0200)]
Move ctrl_iface deinit into the end of interface deinit

This allows TERMINATING ctrl_iface event to be sent at the end of the
deinit sequence to avoid race conditions with new operations that this
event may trigger while wpa_supplicant would still be running through
the deinitialization path.

Signed-off-by: Dmitry Shmidt <>
3 years agoDeinit driver before notifying interface has been removed
Dmitry Shmidt [Sun, 29 Jan 2012 18:18:48 +0000 (20:18 +0200)]
Deinit driver before notifying interface has been removed

This avoids issues with some external program starting to use the
interface based on the interface removal event before wpa_supplicant
has completed deinitialization of the driver interface.

Signed-off-by: Dmitry Shmidt <>
3 years agoLet wpa_supplicant_deinit_iface() know that process is terminating
Dmitry Shmidt [Sun, 29 Jan 2012 18:15:48 +0000 (20:15 +0200)]
Let wpa_supplicant_deinit_iface() know that process is terminating

This will be needed to be able to move ctrl_iface TERMINATING event to
the end of interface removal.

Signed-off-by: Dmitry Shmidt <>
3 years agonl80211: Sync with linux/nl80211.h in wireless-testing.git
Jouni Malinen [Sun, 29 Jan 2012 17:53:34 +0000 (19:53 +0200)]
nl80211: Sync with linux/nl80211.h in wireless-testing.git

Signed-hostap: Jouni Malinen <>

3 years agowpa_auth: Fix race in rejecting 4-way handshake for entropy
Nicolas Cavallari [Sun, 29 Jan 2012 16:11:43 +0000 (18:11 +0200)]
wpa_auth: Fix race in rejecting 4-way handshake for entropy

When there is not enough entropy and there are two station associating
at the same time, one of the stations will be rejected, but during
that rejection, the "reject_4way_hs_for_entropy" flag gets cleared. This
may allow the second station to avoid rejection and complete a 4-Way
Handshake with a GTK that will be cleared as soon as more entropy is
available and another station connects.

This reworks the logic to ban all 4-way handshakes until enough entropy
is available.

Signed-hostap: Nicolas Cavallari <>

3 years agoSME: Fix processing of Authentication timeout and failure
Eyal Shapira [Sun, 29 Jan 2012 15:44:31 +0000 (17:44 +0200)]
SME: Fix processing of Authentication timeout and failure

current_bss and pending_bssid weren't cleaned up so BSS
kept appearing in the scan results even when it was actually gone.
Use wpa_supplicant_mark_disassoc() to cleanup the wpa_s context
instead of just dropping wpa_state back to DISCONNECTED.

Reported-by: Vishal Mahaveer <>
Signed-hostap: Eyal Shapira <>

3 years agoInterleave wildcard and specific SSID scans when max_ssids=1
Eyal Shapira [Sun, 29 Jan 2012 15:39:08 +0000 (17:39 +0200)]
Interleave wildcard and specific SSID scans when max_ssids=1

For drivers limited to scan a single SSID at a time, this prevents
waiting too long for a wildcard scan in case there are several
scan_ssid networks in the configuration.

Signed-hostap: Eyal Shapira <>

3 years agoInstall only the binaries into BINDIR
Jouni Malinen [Sun, 29 Jan 2012 12:20:41 +0000 (14:20 +0200)]
Install only the binaries into BINDIR

There is no point in installing *.service files into BINDIR.

Signed-hostap: Jouni Malinen <>

3 years agobuild: Fix install target parent directory prerequisites
Grant Erickson [Sun, 29 Jan 2012 12:18:22 +0000 (14:18 +0200)]
build: Fix install target parent directory prerequisites

This changes the install target such that parent directories of
installed paths area created and each path is only installed
on a dependency basis.

Signed-off-by: Grant Erickson <>
3 years agodbus: Remove unused D-Bus version defines
Jouni Malinen [Sun, 29 Jan 2012 10:53:12 +0000 (12:53 +0200)]
dbus: Remove unused D-Bus version defines

These have not been used since commit

Signed-hostap: Jouni Malinen <>

3 years agonl80211: Subscribe management frames for WPA_IF_AP_BSS types
Yogesh Ashok Powar [Sun, 29 Jan 2012 10:33:05 +0000 (12:33 +0200)]
nl80211: Subscribe management frames for WPA_IF_AP_BSS types

In multiple BSSes scenario for the drivers that do not use
monitor interface and do not implement AP SME, RX MGMT
frame subscription happens only for the default bss (first_bss).

Subscribe for RX MGMT frames for such BSSes.

Signed-off-by: Yogesh Ashok Powar <>
3 years agonl80211: Derive frequency for BSSes other than the first
Yogesh Ashok Powar [Sun, 29 Jan 2012 10:28:35 +0000 (12:28 +0200)]
nl80211: Derive frequency for BSSes other than the first

Commit e4fb21676972952b5434e8c2a049e239d457abe6 moved frequency
storage from driver struct to bss struct and is assigned in
wpa_driver_nl80211_set_freq. As this wpa_driver_nl80211_set_freq is
triggered only on the first_bss, bss->freq for other BSSes is never
being set to the correct value. This sends MLME frames on frequency zero
(initialized value of freq) for BSSes other than the first.

To fix this derive frequency value from first_bss.

Signed-off-by: Yogesh Ashok Powar <>
3 years agoIBSS RSN: Provide ibss_rsn_get_peer() helper function
Antonio Quartulli [Sun, 29 Jan 2012 10:23:27 +0000 (12:23 +0200)]
IBSS RSN: Provide ibss_rsn_get_peer() helper function

This is a useful function that simplifies some code and can eventually
be used somewhere else in future.

Signed-hostap: Antonio Quartulli <>

3 years agowpa_debug: Support outputting hexdumps into syslog
Nicolas Cavallari [Sun, 29 Jan 2012 10:13:43 +0000 (12:13 +0200)]
wpa_debug: Support outputting hexdumps into syslog

This patch allows to log hexdumps into syslog.

This is useful when testing, as syslog's network logging
helps to collect debug outputs from several machines.

Signed-hostapd: Nicolas Cavallari <>

3 years agoEAP-AKA peer: Append realm when learning the pseudonym
Simon Baatz [Sat, 28 Jan 2012 17:41:19 +0000 (19:41 +0200)]
EAP-AKA peer: Append realm when learning the pseudonym

The pseudonym identity should use a realm in environments where a realm is
used. Thus, the realm of the permanent identity is added to the pseudonym
username sent by the server.

Signed-hostap: Simon Baatz <>

3 years agoEAP-SIM peer: Append realm when learning the pseudonym
Simon Baatz [Sat, 28 Jan 2012 17:38:46 +0000 (19:38 +0200)]
EAP-SIM peer: Append realm when learning the pseudonym

The pseudonym identity should use a realm in environments where a realm is
used. Thus, the realm of the permanent identity is added to the pseudonym
username sent by the server.

Signed-hostap: Simon Baatz <>

3 years agodbus: Fix endianness bug in Frequency and Signal properties
Sylvestre Gallon [Sat, 28 Jan 2012 15:57:48 +0000 (17:57 +0200)]
dbus: Fix endianness bug in Frequency and Signal properties

These properties did not work on big endian PowerPC (always 100% for
Signal and 0 for Frequency) due to endianness problem (u32 to u16 data

Signed-off-by: Sylvestre Gallon <>
3 years agoRename systemd template files to avoid @ in the file name
Jouni Malinen [Sat, 28 Jan 2012 15:12:30 +0000 (17:12 +0200)]
Rename systemd template files to avoid @ in the file name

Perforce does not like @ in the file name and since these template files
do not really need to have that in the name, make the files in
repository friendlier to Perforce. The generated *.service file will
maintain their old names.

Signed-hostap: Jouni Malinen <>

3 years agonl80211: Add IBSS BSSID fixing support
Nicolas Cavallari [Sat, 28 Jan 2012 09:35:32 +0000 (11:35 +0200)]
nl80211: Add IBSS BSSID fixing support

If a BSSID and fixed-bssid are requested, fix the BSSID, so
the driver does not attempt to merge.

Signed-hostap: Nicolas Cavallari <>

3 years agoSupport fixing the BSSID in IBSS mode
Nicolas Cavallari [Sat, 28 Jan 2012 09:33:47 +0000 (11:33 +0200)]
Support fixing the BSSID in IBSS mode

When the "bssid=" option is set for an IBSS network and ap_scan = 2,
ask the driver to fix this BSSID, if possible.

Previously, any "bssid=" option were ignored in IBSS mode when ap_scan=2.

Signed-hostap: Nicolas Cavallari <>

3 years agodbus: Create DBus getter/setter for FastReauth
Paul Stewart [Sat, 28 Jan 2012 09:21:37 +0000 (11:21 +0200)]
dbus: Create DBus getter/setter for FastReauth

Provide a means over DBus to set the conf->fast_reauth
property, which controls whether TLS session resumption
should be attempted for EAP-TLS 802.1X networks.

Signed-off-by: Paul Stewart <>
3 years agoWPS: Fix an interoperability issue with mixed mode and AP Settings
Jouni Malinen [Fri, 27 Jan 2012 20:32:15 +0000 (22:32 +0200)]
WPS: Fix an interoperability issue with mixed mode and AP Settings

It looks like Windows 7 WPS implementation does not like multiple
Authentication/Encryption Type bits to be set in M7 AP Settings
attributes, i.e., it refused to add a network profile if the AP
was configured for WPA/WPA2 mixed mode and AP PIN was used to
enroll the network.

Leave only a single bit set in the Authentication/Encryption Type
attributes in M7 when the AP is acting as an Enrollee to avoid this

Signed-hostap: Jouni Malinen <>

3 years agoP2P: Fix WSC IE inclusion for P2P disabled case
Jouni Malinen [Fri, 27 Jan 2012 19:09:34 +0000 (21:09 +0200)]
P2P: Fix WSC IE inclusion for P2P disabled case

wpas_wps_in_use() was forcing WPS to be enabled unconditionally if P2P
support was included in the build. This is not really the correct
behavior for the case when P2P has been disabled at runtime. Change the
code here to verify runtime configuration of P2P before forcing WPS to
be enabled. This allows WSC IE to be left out from Probe Request frames
when scanning for APs without P2P or WPS being in use.

Signed-hostap: Jouni Malinen <>

3 years agonl80211: Fix send_action on off-channel in P2P GO role
Jouni Malinen [Thu, 26 Jan 2012 15:44:11 +0000 (17:44 +0200)]
nl80211: Fix send_action on off-channel in P2P GO role

A P2P Action frame may need to be sent on another channel than the GO's
operating channel. This information was lost in
wpa_driver_nl80211_send_action() in the case the interface was in AP
mode. Pass the frequence and related parameters to send_mlme mechanism
to allow the correct frequence to be used with the send frame command in
AP (P2P GO) mode.

Signed-hostap: Jouni Malinen <>

3 years agoFix ap_sta_disconnect() to clear EAPOL/WPA authenticator state
Jouni Malinen [Wed, 25 Jan 2012 20:32:58 +0000 (22:32 +0200)]
Fix ap_sta_disconnect() to clear EAPOL/WPA authenticator state

Number of places in hostapd use ap_sta_disconnect() instead of
ap_sta_disassociate() or ap_sta_deauthenticate(). There are some
differences between these functions, e.g., in the area how quickly
the EAPOL state machines get deinitialized. This can result in
somewhat unexpected events since the EAPOL/WPA authenticator
state machines could remain running after deauthentication.

Address this by forcing EAPOL/WPA authenticator state machines
to disabled state whenever ap_sta_disconnect() is called instead
of waiting for the deauthentication callback or other timeout
to clear the STA.

Signed-hostap: Jouni Malinen <>

3 years agopcsc: Fix compiler warning on signed vs. unsigned comparison
Jouni Malinen [Wed, 25 Jan 2012 15:41:59 +0000 (17:41 +0200)]
pcsc: Fix compiler warning on signed vs. unsigned comparison

Signed-hostap: Jouni Malinen <>

3 years agoP2P: Do not expire peer entry if we are connected to the peer
Jouni Malinen [Wed, 25 Jan 2012 15:27:47 +0000 (17:27 +0200)]
P2P: Do not expire peer entry if we are connected to the peer

Even though we may not update P2P peer entry while connected to the
peer as a P2P client, we should not be expiring a P2P peer entry while
that peer is the GO in a group where we are connected as a P2P client.

Signed-hostap: Jouni Malinen <>

3 years agoP2P: Do not expire peer entry if peer is connected as a client
Jouni Malinen [Wed, 25 Jan 2012 15:00:59 +0000 (17:00 +0200)]
P2P: Do not expire peer entry if peer is connected as a client

Even though we may not receive a Probe Response from the peer during
the connection, we should not be expiring a P2P peer entry while that
peer is connected to a group where we are the GO.

Signed-hostap: Jouni Malinen <>

3 years agonl80211: P2P: Pass cookie parameter in send action frame
Deepthi Gowri [Mon, 23 Jan 2012 18:12:06 +0000 (20:12 +0200)]
nl80211: P2P: Pass cookie parameter in send action frame

The cookie value needs to be fetched in GO mode, too, to be able to
indicate TX status callbacks with drivers that handle AP mode SME
functionality internally. This fixes issues with client discoverability
where TX status callback for GO Discoverability Request is needed to
trigger the GO to send Device Discoverability Response.

3 years agoStop sched_scan in number of cases where it should not be running
Jouni Malinen [Mon, 23 Jan 2012 16:26:09 +0000 (18:26 +0200)]
Stop sched_scan in number of cases where it should not be running

When a P2P group is removed, we better not leave possibly started
sched_scan running. This could happen when a separate group interface
was not used.

In addition, it looks safer to explicitly stop sched_scan before
starting P2P Listen or Find operations to make sure the offloaded
scanning is not running when doing similar P2P operations.

Signed-hostap: Jouni Malinen <>

3 years agoUpdate WPA/RSN IE properly for driver based BSS selection
Sujith Manoharan [Mon, 23 Jan 2012 15:34:39 +0000 (17:34 +0200)]
Update WPA/RSN IE properly for driver based BSS selection

This patch fixes an issue with roaming for drivers that set
WPA_DRIVER_FLAGS_BSS_SELECTION (currently ath6kl). On moving to an AP
with a different BSSID, an EVENT_ASSOC is received and the subsequent
4-way handshake may fail because of a mismatch between the RSN IE in
message 3/4 and in Beacon/Probe Response. This happens only when the APs
use different RSN IE contents and ap_scan is set to 1, since
wpa_supplicant fails to update its cached IEs.

Initial association may fail, too, in case of multiple APs with
the same SSID, since BSSID selection is done by the driver and again
a mismatch could be seen.

Fix these two issues by clearing and updating the cached IEs on
receiving an Association event from the driver. Also, retrieve the
scan results when the new BSS information is not present locally.

Signed-off-by: Sujith Manoharan <>
3 years agoAdd preliminary MNC length determination based on IMSI
Jouni Malinen [Sun, 22 Jan 2012 19:33:57 +0000 (21:33 +0200)]
Add preliminary MNC length determination based on IMSI

Some SIM cards do not include MNC length with in EF_AD. Try to figure
out the MNC length based on the MCC/MNC values in the beginning of the
IMSI. This covers a prepaid Elisa/Kolumbus card that would have ended
up using incorrect MNC length based on the 3-digit default.

Signed-hostap: Jouni Malinen <>

3 years agoAvoid unnecessary memory allocation in building of SIM realm
Jouni Malinen [Sun, 22 Jan 2012 19:29:35 +0000 (21:29 +0200)]
Avoid unnecessary memory allocation in building of SIM realm

The temporary IMSI buffer can be used for this without needing the
extra memory allocation. In addition, the implementation is easier
to understand when the extra identity prefix value for EAP-SIM/AKA
is not included while fetching MCC/MNC from the IMSI.

Signed-hostap: Jouni Malinen <>

3 years agoEAP-SIM/EAP-AKA peer: Support realms according to 3GPP TS 23.003
Simon Baatz [Sun, 22 Jan 2012 19:11:24 +0000 (21:11 +0200)]
EAP-SIM/EAP-AKA peer: Support realms according to 3GPP TS 23.003

If the identity is derived from the SIM, use a realm according
to 3GPP TS 23.003.

Signed-hostap: Simon Baatz <>

3 years agoReject too short IMSI in EAP-SIM/AKA identity generation
Jouni Malinen [Sun, 22 Jan 2012 19:12:51 +0000 (21:12 +0200)]
Reject too short IMSI in EAP-SIM/AKA identity generation

Signed-hostap: Jouni Malinen <>

3 years agoeapol_test: Show MNC length in debug output
Jouni Malinen [Sun, 22 Jan 2012 18:59:00 +0000 (20:59 +0200)]
eapol_test: Show MNC length in debug output

Signed-hostap: Jouni Malinen <>

3 years agoSIM/USIM: Add function to get the MNC length from the SIM/USIM
Simon Baatz [Sun, 22 Jan 2012 17:28:24 +0000 (19:28 +0200)]
SIM/USIM: Add function to get the MNC length from the SIM/USIM

The EF-AD (administrative data) file may contain information about the
length of the MNC (2 or 3 digits) in the IMSI. This can be used to
construct the realm according to 3GPP TS 23.003 during EAP-SIM or
EAP-AKA authentication.

Signed-hostap: Simon Baatz <>

3 years agoP2P: Notify upper framework on stopping the p2p_find(SEARCH)
Jithu Jance [Sun, 22 Jan 2012 15:20:53 +0000 (17:20 +0200)]
P2P: Notify upper framework on stopping the p2p_find(SEARCH)

This patch notifies the upper framework that an on-going discovery has
been stopped. This is useful in cases where a p2p_find with a timeout
value initiated by the upper framework has been finished or when the
framework initiated "p2p_find" is stopped by a "p2p_connect".

Signed-hostap: Jithu Jance <>

3 years agoWork around interop issue with WPA type EAPOL-Key 4/4 in WPA2 mode
Jouni Malinen [Sun, 22 Jan 2012 10:23:28 +0000 (12:23 +0200)]
Work around interop issue with WPA type EAPOL-Key 4/4 in WPA2 mode

Some deployed station implementations seem to send msg 4/4 with
incorrect type value in WPA2 mode. Add a workaround to ignore that issue
so that such stations can interoperate with hostapd authenticator. The
validation checks were added in commit

Signed-hostap: Jouni Malinen <>