Commit Graph

742 Commits

Author SHA1 Message Date
Mathy
79eadfbc39 fragattack: make TK available over control interface 2020-02-27 07:05:08 -05:00
Alexander Wetzel
1f90a49d02 STA: Allow PTK rekeying without Ext KeyID to be disabled as a workaround
Rekeying a pairwise key using only keyid 0 (PTK0 rekey) has many broken
implementations and should be avoided when using or interacting with
one. The effects can be triggered by either end of the connection and
range from hardly noticeable disconnects over long connection freezes up
to leaking clear text MPDUs.

To allow affected users to mitigate the issues, add a new configuration
option "wpa_deny_ptk0_rekey" to replace all PTK0 rekeys with fast
reconnects.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-02-23 13:05:19 +02:00
Jouni Malinen
e9ac44fcbc Make INTERWORKING_CONNECT more reliable in testing environment
Pick the most recently added BSS entry based on BSSID matching to avoid
issues in testing environment where the SSID of the AP may have changed
and both the old and new BSS is still present in the scan results.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-22 19:20:44 +02:00
Jouni Malinen
5e287724ee DPP: NFC negotiated connection handover
Add new control interface commands "DPP_NFC_HANDOVER_REQ own=<id>
uri=<URI>" and "DPP_NFC_HANDOVER_SEL own=<id> uri=<URI>" to support NFC
negotiated connection handover. These commands are used to report a DPP
URI received from a peer NFC Device in Handover Request and Handover
Select messages. The commands return peer bootstrapping information ID
or FAIL on failure. The returned ID is used similarly to any other
bootstrapping information to initiate DPP authentication.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-27 20:36:09 +02:00
Alexander Wetzel
a919a26035 Introduce and add key_flag
Add the new set_key() parameter "key_flag" to provide more specific
description of what type of a key is being configured. This is needed to
be able to add support for "Extended Key ID for Individually Addressed
Frames" from IEEE Std 802.11-2016. In addition, this may be used to
replace the set_tx boolean eventually once all the driver wrappers have
moved to using the new key_flag.

The following flag are defined:

  KEY_FLAG_MODIFY
    Set when an already installed key must be updated.
    So far the only use-case is changing RX/TX status of installed
    keys. Must not be set when deleting a key.

  KEY_FLAG_DEFAULT
    Set when the key is also a default key. Must not be set when
    deleting a key. (This is the replacement for set_tx.)

  KEY_FLAG_RX
    The key is valid for RX. Must not be set when deleting a key.

  KEY_FLAG_TX
    The key is valid for TX. Must not be set when deleting a key.

  KEY_FLAG_GROUP
    The key is a broadcast or group key.

  KEY_FLAG_PAIRWISE
    The key is a pairwise key.

  KEY_FLAG_PMK
    The key is a Pairwise Master Key (PMK).

Predefined and needed flag combinations so far are:

  KEY_FLAG_GROUP_RX_TX
    WEP key not used as default key (yet).

  KEY_FLAG_GROUP_RX_TX_DEFAULT
    Default WEP or WPA-NONE key.

  KEY_FLAG_GROUP_RX
    GTK key valid for RX only.

  KEY_FLAG_GROUP_TX_DEFAULT
    GTK key valid for TX only, immediately taking over TX.

  KEY_FLAG_PAIRWISE_RX_TX
    Pairwise key immediately becoming the active pairwise key.

  KEY_FLAG_PAIRWISE_RX
    Pairwise key not yet valid for TX. (Only usable with Extended Key ID
    support.)

  KEY_FLAG_PAIRWISE_RX_TX_MODIFY
    Enable TX for a pairwise key installed with KEY_FLAG_PAIRWISE_RX.

  KEY_FLAG_RX_TX
    Not a valid standalone key type and can only used in combination
    with other flags to mark a key for RX/TX.

This commit is not changing any functionality. It just adds the new
key_flag to all hostapd/wpa_supplicant set_key() functions without using
it, yet.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-01-09 12:38:36 +02:00
Jouni Malinen
6c57019376 Test functionality to override driver reported signal levels
"SET driver_signal_override <BSSID> [<si_signal< <si_avg_signal>
<si_avg_beacon_signal> <si_noise> <scan_level>]" command can now be used
to request wpa_supplicant to override driver reported signal levels for
signal_poll and scan results. This can be used to test roaming behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-02 20:34:39 +02:00
Roy Marples
a8b00423ea BSD: Use struct ip rather than struct iphdr
As we define __FAVOR_BSD use the BSD IP header.
Compile tested on NetBSD, DragonFlyBSD, and Linux.

Signed-off-by: Roy Marples <roy@marples.name>
2020-01-02 19:17:10 +02:00
Jouni Malinen
f97baef254 Clear SME auth_alg on FLUSH
This avoids a testing failure in the following test case sequence:
ap_ft_r1_key_expiration ap_open_external_assoc

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-01 12:33:57 +02:00
Jouni Malinen
0d1d1f0d21 Clear last Michael MIC error timer on FLUSH
TKIP countermeasures were already terminated on FLUSH, but the timer for
detecting two Michael MIC errors within 60 seconds was left behind. This
resulted in test case failures with following test sequence:
ap_cipher_tkip_countermeasures_sta ap_cipher_tkip_countermeasures_sta2

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-01 12:23:25 +02:00
Ben Greear
bf3ab50f4f Change some RRM debug messages from wpa_printf() to wpa_dbg()
This gives us the network device name in logging messages, which can be
helpful when having one wpa_supplicant process handle multiple devices.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2019-12-26 09:41:58 +02:00
Ahmad Masri
996662250d P2P: Add support for EDMG channels
This allows a P2P connection over P802.11ay EDMG channels to achieve the
highest link speed that the standard allows for channel bonding (CB) up
to CB4.

Let each P2P peer add its EDMG channels to the Supported Channels IE
advertised in P2P GO negotiation. Give EDMG channels priority when peers
negotiate for operating channel.

User may add 'edmg' parameter to p2p_connect, p2p_add_group, and
p2p_invite commands to prefer an EDMG channel for the P2P link. User may
also set p2p_go_edmg=1 in wpa_supplicant configuration file to prefer
EDMG.

When EDMG is used, P2P will try to find the highest channel bonding
supported channel that matches the frequency parameter, if the devices
do not support EDMG, the P2P connection will use a legacy (1-6) 60 GHz
channel.

Signed-off-by: Ahmad Masri <amasri@codeaurora.org>
2019-12-20 00:13:08 +02:00
Jouni Malinen
1325655397 SAE H2E: RSNXE override for testing purposes
"SET rsnxe_override_{assoc,eapol} <hexdump>" can now be used to override
RSNXE in (Re)Association Request frames and EAPOL-Key msg 2/4 for
testing purposes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-07 12:54:54 +02:00
Jouni Malinen
b834e97003 SAE H2E: Testing option to report extra rejected groups
"SET extra_sae_rejected_groups <groups>" can now be used to enable test
mode in which wpa_supplicant will report additional groups (configured
as space separated integers) when using SAE H2E.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-07 00:26:13 +02:00
Jouni Malinen
405946d76a SAE: Testing option to ignore H2E requirement mismatch
"SET ignore_sae_h2e_only 1" can now be used to configurate
wpa_supplicant to a test mode where it ignores AP's H2E-required
advertisement and try to connect with hunt-and-pecking loop instead.
This is used only for testing AP behavior with unexpected STA behavior.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-06 17:13:59 +02:00
Jouni Malinen
e780b4bf20 DPP: Bootstrapping via NFC URI Record
This extends hostapd and wpa_supplicant DPP implementation to allow the
bootstrapping URI to be generated for and parsed from an NFC Tag with an
NFC URI Record. This is similar to the way the bootstrapping URI is used
with QR Code for unidirectional authentication.

The DPP_BOOTSTRAP_GEN command uses "type=nfc-uri" to request the URI to
be assigned for NFC URI Record. In practice, the URI is generated
identically to the QR Code case, but the internal entry maintains the
NFC-URI type.

A new command "DPP_NFC_URI <uri>" can now be used to parse the URI read
from an NFC Tag with the NFC URI Record. This is similar to the
DPP_QR_CODE command.

Other commands (mainly, DPP_LISTEN and DPP_AUTH_INIT) are used for NFC
URI in the same way as they are used for QR Code.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-05 12:37:51 +02:00
Alexei Avshalom Lazar
35aed771f9 Indicate EDMG in scan results
Add [EDMG] flag to scan results.

Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
2019-10-07 17:20:41 +03:00
Roy Marples
7846e8d608 NetBSD: Fix compile
On NetBSD the ethernet header is net/if_ether.h

This also pulls in net/if.h which defines if_type, which in turn
conflicts with an enum in wpa_supplicant. As such we need to
include this at the bottom rather than at the top.

Signed-off-by: Roy Marples <roy@marples.name>
2019-09-21 13:38:32 +03:00
Jouni Malinen
7d2ed8bae8 Remove CONFIG_IEEE80211W build parameter
Hardcode this to be defined and remove the separate build options for
PMF since this functionality is needed with large number of newer
protocol extensions and is also something that should be enabled in all
WPA2/WPA3 networks.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-09-08 17:33:40 +03:00
Jouni Malinen
ebee8232d3 Do not try to include net/ethernet.h in MinGW/Windows builds
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-09-01 17:19:43 +03:00
Eric Caruso
91b6eba773 Move MAC address randomization enable/disable to helper functions
This makes it easier to share this for D-Bus implementation.

Signed-off-by: Eric Caruso <ejcaruso@chromium.org>
2019-06-26 20:56:01 +03:00
Pradeep Kumar Chitrapu
7ace4328c0 wpa_supplicant: Add support to probe mesh link to given peer
Inject an Ethernet frame to a given peer bypassing next_hop lookup in
mpath table. Optional payload is expected to be hexdump without 0x.

usage:
wpa_cli -i <dev> mesh_link_probe <peer MAC> [payload=<hexdump of payload>]

example:
wpa_cli -i wlan0 mesh_link_probe aa:bb:cc:dd:ee:ff payload=aabb
wpa_cli -i wlan0 mesh_link_probe aa:bb:cc:dd:ee:ff

Signed-off-by: Pradeep Kumar chitrapu <pradeepc@codeaurora.org>
2019-05-28 14:38:30 +03:00
John Crispin
464dcfd030 HE: Remove VHT_ prefix from CHANWITDH_* define
The bandwidth values are shared between VHT and HE mode so remove the
VHT specific prefix.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:27:49 +03:00
Jouni Malinen
c02dd10d76 DPP2: wpa_supplicant as Controller over TCP
New wpa_supplicant control interface commands "DPP_CONTROLLER_START
[tcp_port=<port>]" and "DPP_CONTROLLER_STOP" can be used to start and
stop listening to DPP requests over TCP in the Responder role. The TCP
connections are processed similarly to the ones that would have been
received over DPP Public Action frames.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-22 21:08:59 +03:00
Jouni Malinen
e6ac47b47d Fix debug print in GET_PREF_FREQ_LIST handler
Do not use the buf argument to wpas_ctrl_iface_get_pref_freq_list() in
the debug print since it points to the response buffer ("OK\n" without
null termination). This was supposed to print the cmd argument instead.
The previous version ended up using uninitialized heap memory from the
response buffer.

Fixes: 983422088f ("nl80211: Add means to query preferred channels")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-15 20:54:12 +03:00
Jouni Malinen
87d8435cf9 DPP: Common configurator/bootstrapping data management
Merge the practically copy-pasted implementations in wpa_supplicant and
hostapd into a single shared implementation in dpp.c for managing
configurator and boostrapping information. This avoid unnecessary code
duplication and provides a convenient location for adding new global DPP
data.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-24 17:29:45 +02:00
Jouni Malinen
c98617b48d DPP2: Make DPP version number support available over control interface
"GET_CAPABILITY dpp" can now be used to determine which version number
of DPP is supported in the build.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-15 00:31:09 +02:00
Jayachandran Sreekumaran
2b7fa03559 P2P: Fix ACS offloading behavior with p2p_no_group_iface=1
wpa_s->p2p_go_do_acs was not cleared during P2P group deletion and that
resulted in the case of no separate group interface continuing to assume
ACS was to be used for consecutive GO starts even if they tried to
specify a frequency. Fix this by explicitly clearing
wpa_s->p2p_go_do_acs during P2P group deletion and also clear this when
processing the P2P_GROUP_ADD if the parameters do not request ACS to be
used.

Fixes: 37ed3254de ("P2P: ACS offload for the autonomous GO")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-13 13:22:40 +02:00
Jouni Malinen
01d01a311c UBSan: Avoid size_t variable overflow in control interface
The loop "if (i-- == 0) break" style construction works in practice fine
since the check against 0 is done before decrementation. However, this
hits an UBSan warning, so split that decrementation to happen as a
separate step after the check and break from the loop.

ctrl_iface.c:5086:9: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'size_t' (aka 'unsigned long')

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-25 19:42:50 +02:00
Davina Lu
83ebf55865 wpa_supplicant: Support Multi-AP backhaul STA onboarding with WPS
The Wi-Fi Alliance Multi-AP Specification v1.0 allows onboarding of a
backhaul STA through WPS. To enable this, the backhaul STA needs to add
a Multi-AP IE to the WFA vendor extension element in the WSC M1 message
that indicates it supports the Multi-AP backhaul STA role. The Registrar
(if it support Multi-AP onboarding) will respond to that with a WSC M8
message that also contains the Multi-AP IE, and that contains the
credentials for the backhaul SSID (which may be different from the SSID
on which WPS is performed).

Introduce a new parameter to wpas_wps_start_pbc() and allow it to be
set via control interface's new multi_ap=1 parameter of WPS_PBC call.
multi_ap_backhaul_sta is set to 1 in the automatically created SSID.
Thus, if the AP does not support Multi-AP, association will fail and
WPS will be terminated.

Only wps_pbc is supported.

This commit adds the multi_ap argument only to the control socket
interface, not to the D-Bus interface.

Since WPS associates with the fronthaul BSS instead of the backhaul BSS,
we should not drop association if the AP announces fronthaul-only BSS.
Still, we should only do that in the specific case of WPS. Therefore,
add a check to multi_ap_process_assoc_resp() to allow association with a
fronthaul-only BSS if and only if key_mgmt contains WPS.

Signed-off-by: Davina Lu <ylu@quantenna.com>
Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Cc: Marianna Carrera <marianna.carrera.so@quantenna.com>
2019-02-18 22:35:41 +02:00
Jouni Malinen
3f8ceff54c Indicate wifi_generation in wpa_supplicant STATUS output
This adds a wifi_generation=4/5/6 line to the STATUS output if the
driver reports (Re)Association Request frame and (Re)Association
Response frame information elements in the association or connection
event. Only the generations 4 (HT = 802.11n), 5 (VHT = 802.11ac), and 6
(HE = 802.11ax) are reported.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-15 02:09:41 +02:00
Masashi Honma
73f285dad2 Add FT-PSK to GET_CAPABILITY key_mgmt
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-02-05 23:37:55 +02:00
Lior David
1e591df063 Check supported types in wpas_mac_addr_rand_scan_set()
When setting scan with randomized MAC, check the requested scan type
against supported types, to ensure callers will not set an unsupported
type, since this can cause scan/connect failures later. It is better to
do this in wpas_mac_addr_rand_scan_set() instead of control interface
specific code to apply the constraint on all possible interfaces using
this setting.

Signed-off-by: Lior David <liord@codeaurora.org>
2019-01-24 00:21:34 +02:00
Lior David
c85249aa15 Fix test compilation error related to sme_event_unprot_disconnect()
sme_event_unprot_disconnect() is only defined with CONFIG_IEEE80211W, so
the CONFIG_TESTING_OPTIONS command UNPROT_DEAUTH can be defined only
with builds that enable IEEE 802.11w support.

Signed-off-by: Lior David <liord@codeaurora.org>
2019-01-24 00:21:28 +02:00
Peng Xu
5a3319ab1b P2P: Add 802.11ax support for P2P GO
An optional parameter "he" is added to p2p_connect, p2p_group_add, and
p2p_invite to enable 11ax HE support. The new p2p_go_he=1 configuration
parameter can be used to request this to be enabled by default.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-01-12 13:09:39 +02:00
Jouni Malinen
ed87f6a80e Use a helper function for checking Extended Capabilities field
The new ieee802_11_ext_capab() and wpa_bss_ext_capab() functions can be
used to check whether a specific extended capability bit is set instead
of having to implement bit parsing separately for each need.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-02 18:13:19 +02:00
Jouni Malinen
e6b0898da3 Add [FST] and [UTF-8] flags to BSS command output
These flags were used in SCAN_RESULTS command output, but not BSS. Make
these consistent by adding the flags to BSS as well.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-02 17:58:31 +02:00
Jouke Witteveen
1f2c42cc7f Show [UTF-8] flag if the SSID is reported as UTF-8
Signed-off-by: Jouke Witteveen <j.witteveen@gmail.com>
2019-01-02 17:58:05 +02:00
Beni Lev
19677b77c3 OCE: Add RSSI based association rejection support (STA)
An AP might refuse to connect a STA if it has a low RSSI. In such case,
the AP informs the STA with the desired RSSI delta and a retry timeout.
Any subsequent association attempt with that AP (BSS) should be avoided,
unless the RSSI level improved by the desired delta or the timeout has
expired.

Defined in Wi-Fi Alliance Optimized Connectivity Experience technical
specification v1.0, section 3.14 (RSSI-based association rejection
information).

Signed-off-by: Beni Lev <beni.lev@intel.com>
2019-01-01 17:56:25 +02:00
Jouni Malinen
32bb47faa1 Update wpa_supplicant channel list on FLUSH
Try to make sure the driver channel list state is synchronized with
wpa_supplicant whenever explicitly clearing state (e.g., between hwsim
test cases).

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-01 15:58:46 +02:00
Jouni Malinen
948ba8c294 mka: MIB information
Provide MKA information through the wpa_supplicant control interface MIB
command.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-29 16:52:31 +02:00
Jouni Malinen
93701b4afe tests: Allow TX/RX data test to use different frame length
This is needed for MACsec test cases with a bit shorter MTU.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-24 23:56:25 +02:00
Jouni Malinen
0fb292c08e Add SAE to GET_CAPABILITY key_mgmt
Provide information about SAE AKM support in "GET_CAPABILITY key_mgmt"
for completeness. The "GET_CAPABILITY auth_alg" case is already
providing information about SAE support through user space SME.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-21 21:49:02 +02:00
Jouni Malinen
53d5de6f1d DPP: Accept DPP_CONFIGURATION_SIGN without double space before parameters
Make this command more convenient to use by not requiring two space
characters between the command and the first parameter.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-21 12:02:57 +02:00
Jouni Malinen
2a93ecc8ca Expose Multi-BSS STA capability through wpa_supplicant control interface
Indicate whether the driver advertises support for Multi-BSS STA
functionality with "GET_CAPABILITY multibss" (returns "MULTIBSS-STA" if
supported).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-20 21:30:43 +02:00
Mathy Vanhoef
5c7d35ba07 Add UNPROT_DEAUTH command for testing OCV
This new wpa_supplicant control interface command can be used to
simplify testing SA Query with OCV.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 15:50:12 +02:00
Jouni Malinen
d514b50265 WNM: Collocated Interference Reporting
Add support for negotiating WNM Collocated Interference Reporting. This
allows hostapd to request associated STAs to report their collocated
interference information and wpa_supplicant to process such request and
reporting. The actual values (Collocated Interference Report Elements)
are out of scope of hostapd and wpa_supplicant, i.e., external
components are expected to generated and process these.

For hostapd/AP, this mechanism is enabled by setting
coloc_intf_reporting=1 in configuration. STAs are requested to perform
reporting with "COLOC_INTF_REQ <addr> <Automatic Report Enabled> <Report
Timeout>" control interface command. The received reports are indicated
as control interface events "COLOC-INTF-REPORT <addr> <dialog token>
<hexdump of report elements>".

For wpa_supplicant/STA, this mechanism is enabled by setting
coloc_intf_reporting=1 in configuration and setting Collocated
Interference Report Elements as a hexdump with "SET coloc_intf_elems
<hexdump>" control interface command. The hexdump can contain one or
more Collocated Interference Report Elements (each including the
information element header). For additional testing purposes, received
requests are reported with "COLOC-INTF-REQ <dialog token> <automatic
report enabled> <report timeout>" control interface events and
unsolicited reports can be sent with "COLOC_INTF_REPORT <hexdump>".

This commit adds support for reporting changes in the collocated
interference (Automatic Report Enabled == 1 and partial 3), but not for
periodic reports (2 and other part of 3).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-30 14:07:51 +02:00
Jouni Malinen
baf4c86379 HS 2.0: Request and process OSU Providers NAI List ANQP-element
Extend wpa_supplicant to use a separate OSU_NAI information from OSU
Providers NAI List ANQP-element instead of the OSU_NAI information from
OSU Providers list ANQP-element when connecting to the shared BSS
(Single SSID) for OSU.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-05 20:51:51 +03:00
Bhagavathi Perumal S
d7f038ded2 wpa_supplicant: Add ieee80211ac information in STATUS
This allows user to get current operating mode of station.

Signed-off-by: Bhagavathi Perumal S <bperumal@codeaurora.org>
2018-05-04 20:18:55 +03:00
Bhagavathi Perumal S
b55c623e4c Make CENTER_FRQ1 available independently in SIGNAL_POLL
This allows user to get center frequency and find secondary channel
offset.

Signed-off-by: Bhagavathi Perumal S <bperumal@codeaurora.org>
2018-04-20 00:10:45 +03:00
Jouni Malinen
6a8a04d742 HS 2.0: Add fetching of Operator Icon Metadata ANQP-element
This extends wpa_supplicant Hotspot 2.0 ANQP routines to allow the
Operator Icon Metadata ANQP-element to be fetched with "ANQP_GET <bssid>
hs20:12". The result is available in the new hs20_operator_icon_metadata
entry in the "BSS <bssid>" output.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-17 16:40:42 +03:00
Masashi Honma
e480212765 dbus: Add FILS to global capabilities
If any of the interfaces supports FILS (and similarly for FILS-SK-PFS),
include the "fils" (and "fils_sk_pfs") capability in D-Bus information.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2018-04-02 11:56:06 +03:00
Purushottam Kushwaha
8179ae3a2a DPP: Support retrieving of configurator's private key
To retain configurator information across hostapd/wpa_supplicant
restart, private key need to be maintained to generate a valid pair of
authentication keys (connector, netaccess_key, csign) for new enrollees
in the network.

Add a DPP_CONFIGURATOR_GET_KEY control interface API through which the
private key of an existing configurator can be fetched.

Command format:
DPP_CONFIGURATOR_GET_KEY <configurator_id>

The output from this command can then be used with
"DPP_CONFIGURATOR_ADD key=<hexdump>" to create the same key again.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-16 20:55:32 +02:00
Jouni Malinen
4b07484c3d DPP: Do not include common/dpp.h without CONFIG_DPP=y
This header file pulls in an OpenSSL header file and as such, should not
be included without CONFIG_DPP=y to avoid bringing in an unnecessary
build dependency on OpenSSL header files.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-02-17 18:07:43 +02:00
vamsi krishna
d98038bb05 FILS: Driver configuration to disable/enable FILS features
The new disable_fils parameter can be used to disable FILS functionality
in the driver. This is currently removing the FILS Capability bit in
Extended Capabilities and providing a callback to the driver wrappers.
driver_nl80211.c implements this using a QCA vendor specific command for
now.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-15 20:52:17 +02:00
Jouni Malinen
055cd39788 tests: DPP P-256 test vectors
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-07 13:35:19 +02:00
Jouni Malinen
f55269753c DPP: Allow protocol key to be overridden for testing purposes
This can be used for various testing needs.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-05 23:53:08 +02:00
Ashok Ponnaiah
dc2f24f1b2 DPP: Fix compilation without CONFIG_TESTING_OPTIONS=y
Add CONFIG_TESTING_OPTIONS ifdef protection to couple of forgotten DPP
test parameters in wpa_supplicant ctrl_iface.

Signed-off-by: Ashok Ponnaiah <aponnaia@qti.qualcomm.com>
2017-11-27 17:30:03 +02:00
Jouni Malinen
acc555f9e6 DPP: Allow PKEX x/X and y/Y keypairs to be overridden
This is for testing purposes to allow a test vector with specific values
to be generated.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-24 01:41:50 +02:00
Jouni Malinen
2bdc47a945 DPP: Allow PKEX own/peer MAC addresses to be overridden
This is for testing purposes to allow a test vector with specific values
to be generated.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-23 23:47:52 +02:00
Jouni Malinen
95b0104a34 DPP: Retransmit DPP Authentication Response frame if it is not ACKed
This extends wpa_supplicant DPP implementation to retransmit DPP
Authentication Response frame every 10 seconds up to 5 times if the peer
does not reply with DPP Authentication Confirm frame.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 12:35:26 +02:00
Jouni Malinen
c1d3773967 DPP: Stop authentication exchange of DPP_STOP_LISTEN
Previously, this command stopped listen operation immediately, but if
there was an ongoing authentication exchange, a new listen operation was
started. This is not really expected behavior, so stop the
authentication exchange first with this command to avoid restarting
listen operation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 12:35:26 +02:00
Jouni Malinen
f97ace34cb DPP: Support multiple channels for initiating DPP Authentication
This extends wpa_supplicant to iterate over all available channels from
the intersection of what the peer indicates and the local device
supports when initiating DPP Authentication. In addition, retry DPP
Authentication Request frame up to five times if no response is
received.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 11:45:05 +02:00
Sunil Dutt
37ed3254de P2P: ACS offload for the autonomous GO
This commit introduces the ACS functionality for the autonomous GO. The
optional parameter <freq> in p2p_group_add is enhanced to carry a value
"acs" with the intention to select the channels among any supported
band. freq = 2 / 5 carry the need to select the channels only in the
respective bands 2.4 / 5 GHz. This functionality is on top of the host
driver's capability to offload ACS, which is advertized through
WPA_DRIVER_FLAGS_ACS_OFFLOAD.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 21:47:32 +02:00
Jouni Malinen
b7dddab7be DPP: Allow testing override values to be cleared
This allows wpa_supplicant dpp_config_obj_override,
dpp_discovery_override, and dpp_groups_override parameters to be cleared
by setting them to a zero-length value.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 12:23:34 +02:00
Jouni Malinen
60239f60a6 DPP: Protocol testing framework
Add a generic mechanism for configuring the DPP implementation to behave
in particular different (mostly incorrect) ways for protocol testing
purposes. The new dpp_test parameter can be set to a non-zero integer to
indicate a specific behavior. This is only available in
CONFIG_TESTING_OPTIONS=y builds.

This commit include cases for an extra attribute being added after the
Wrapped Data attribute and Initiator/Responder capabilities having an
unexpected zero capability.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 17:21:57 +03:00
Jouni Malinen
daa4096084 Allow last (Re)Association Request frame to be replayed for testing
The new wpa_supplicant RESEND_ASSOC command can be used to request the
last (Re)Association Request frame to be sent to the AP to test FT
protocol behavior.

This functionality is for testing purposes and included only in builds
with CONFIG_TESTING_OPTIONS=y.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 17:47:24 +03:00
Jouni Malinen
751f5b2933 Allow EAPOL-Key Request to be sent through control interface
The new wpa_supplicant "KEY_REQUEST <error=0/1> <pairwise=0/1>" command
can be used to request an EAPOL-Key Request frame to be sent to the AP.

This functionality is for testing purposes and included only in builds
with CONFIG_TESTING_OPTIONS=y.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 17:47:24 +03:00
Jouni Malinen
bb06748f45 Make last received ANonce available through control interface
This makes it easier to debug 4-way handshake implementation issues
without having to use a sniffer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 17:47:24 +03:00
Jouni Malinen
16579769ff Add testing functionality for resetting PN/IPN for configured keys
This can be used to test replay protection. The "RESET_PN" command in
wpa_supplicant and "RESET_PN <addr>" command in hostapd resets the local
counters to zero for the last configured key. For hostapd, the address
parameter specifies which STA this operation is for or selects GTK
("ff:ff:ff:ff:ff:ff") or IGTK ("ff:ff:ff:ff:ff:ff IGTK").

This functionality is for testing purposes and included only in builds
with CONFIG_TESTING_OPTIONS=y.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 17:43:10 +03:00
Jouni Malinen
a0bf1b68c0 Remove all PeerKey functionality
This was originally added to allow the IEEE 802.11 protocol to be
tested, but there are no known fully functional implementations based on
this nor any known deployments of PeerKey functionality. Furthermore,
PeerKey design in the IEEE Std 802.11-2016 standard has already been
marked as obsolete for DLS and it is being considered for complete
removal in REVmd.

This implementation did not really work, so it could not have been used
in practice. For example, key configuration was using incorrect
algorithm values (WPA_CIPHER_* instead of WPA_ALG_*) which resulted in
mapping to an invalid WPA_ALG_* value for the actual driver operation.
As such, the derived key could not have been successfully set for the
link.

Since there are bugs in this implementation and there does not seem to
be any future for the PeerKey design with DLS (TDLS being the future for
DLS), the best approach is to simply delete all this code to simplify
the EAPOL-Key handling design and to get rid of any potential issues if
these code paths were accidentially reachable.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 02:03:47 +03:00
Jouni Malinen
e8b9649012 OWE: Transition mode support on station side
Add support for using the OWE Transition Mode element to determine the
hidden SSID for an OWE BSS that is used in transition mode.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-08 17:12:35 +03:00
vamsi krishna
e37cea308e OCE: Update default scan IEs when OCE is enabled/disabled
Update the default scan IEs when OCE is enabled/disabled to the
driver/firmware, so that the correct IEs will be sent out by the
driver/firmware in Probe Request frames.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-01 18:47:02 +03:00
Jouni Malinen
a0f19e9c74 SAE: Allow commit fields to be overridden for testing purposes (STA)
The new "SET sae_commit_override <hexdump>" control interface command
can be used to force wpa_supplicant to override SAE commit message
fields for testing purposes. This is included only in
CONFIG_TESTING_OPTIONS=y builds.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-04 13:32:03 +03:00
Jouni Malinen
a4bf007877 DPP: Remove devices object from the connector
This was removed from the draft DPP tech spec, so remove it from the
implementation as well.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-08-22 23:46:27 +03:00
Ashwini Patil
332aadb8a2 STA: Add OCE capability indication attribute
Add OCE capability indication attribute in Probe Request and
(Re)Association Request frames.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-14 21:19:53 +03:00
Andrei Otcheretianski
d02e4c8ac8 P2P: Clear get_pref_freq_list_override on P2P Device
Clear the get_pref_freq_list_override in p2p_ctrl_flush(). This fixes
the case when a dedicated P2P device interface is used.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2017-07-08 16:06:28 +03:00
Vidyullatha Kanchanapally
fe3e0bac1f FILS: Advertize FILS capability based on driver capability
Add changes to control interface command get_capability to advertize
FILS capability, FILS AKMs suites, and FILS Authentication algorithms
based on the driver capabilities.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-07 13:39:05 +03:00
Ashwini Patil
267fc0dd33 Add wpa_supplicant ctrl iface support to scan for a specific BSSID
Add support to scan for a specific BSSID through the wpa_supplicant
control interface.

Usage: wpa_cli scan bssid=ab:bc:cd🇩🇪ef:12

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-05 02:02:32 +03:00
Jouni Malinen
f522bb2377 DPP: Add DPP_CONFIGURATOR_SIGN to generate own connector
The DPP Configurator can use this new command to generate its own signed
connector for the network that it manages.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-04 17:48:44 +03:00
Jouni Malinen
b65b22d60a DPP: Configurator parameters in responder role
This allows wpa_supplicant to be configured to act as the configurator
in the case where a peer device initiates DPP Authentication.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-03 13:03:34 +03:00
Jouni Malinen
500ed7f006 DPP: PKEX bootstrapping
This implements genric PKEX functionality in src/common/dpp.c and glue
code to use this in wpa_supplicant (i.e, hostapd DPP implementation does
not yet support PKEX).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 09:35:00 +03:00
Jouni Malinen
6a7182a9c3 DPP: Add DPP_BOOTSTRAP_INFO command
This can be used to fetch parsed details on bootstrapping information.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-22 14:51:21 +03:00
Jouni Malinen
567da5bbd0 DPP: Add new AKM
This new AKM is used with DPP when using the signed Connector to derive
a PMK. Since the KCK, KEK, and MIC lengths are variable within a single
AKM, this needs number of additional changes to get the PMK length
delivered to places that need to figure out the lengths of the PTK
components.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 21:13:17 +03:00
Jouni Malinen
461d39af40 DPP: Configuration exchange
This adds support for DPP Configuration Protocol using GAS. Full
generation and processing of the configuration object is not included in
this commit.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 21:13:15 +03:00
Jouni Malinen
30d27b048e DPP: Authentication exchange
Add wpa_supplicant control interface commands for managing DPP
Authentication exchange.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 21:12:30 +03:00
Jouni Malinen
be27e185b7 DPP: Bootstrap information management
Add wpa_supplicant control interface commands for parsing the bootstrap
info URI from a QR Code (get peer public key) and to generate a new
bootstrap info with private key for local use. The optional
key=<hexdump> argument to the DPP_BOOTSTRAP_GEN command can be used to
specify the bootstrapping private key in OpenSSL ECPrivateKey DER
encoding format. This results in the local bootstrapping information
entry being created with the specified key instead of generating a new
random one.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 12:03:30 +03:00
Purushottam Kushwaha
34ee12c559 Do not flush PMKSA on bssid_hint change
Change in any network configuration at runtime will cause flush to
PMKSA cache. For most of the network parameters if there is no change
in value, PMKSA flush is not performed except 'bssid' and 'priority'.

Add 'bssid_hint' to exemption list of avoiding PMKSA flush on change.
This is needed to complete change in commit
43a356b268 ('Provide option to configure
BSSID hint for a network').

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-05-22 13:25:49 +03:00
Dmitry Shmidt
be1ece46f5 wpa_supplicant: Add GET_CAPABILITY for P2P redirection
It will give capability to check channel list before P2P group is
created.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2017-05-05 00:43:23 +03:00
Vamsi Krishna
178553b709 MBO: Add support to set ignore assoc disallow to driver
Add support to set ignore assoc disallow to the driver so that the
driver ignores assoc disallowed bit set by APs while connecting. This is
used by drivers that handle BSS selection and roaming internally.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-05-05 00:26:05 +03:00
Ashwini Patil
9a72bfe9a4 Add control interface command to enable/disable roaming
The new "SET roaming <0/1>" command can now be used to control
driver-based roaming.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-24 11:10:44 +03:00
Jouni Malinen
c10e0ccc9e Hide *PMKSA_ADD parameters from debug log
PMKSA_ADD and MESH_PMKSA_ADD command arguments include keying material,
so show it in debug log only if requested to do with the command line -K
argument.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-04-02 12:37:33 +03:00
Jouni Malinen
31e130f82c FILS: Add FILS-SK-PFS capability into "GET_CAPABILITY fils" command
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-13 11:46:30 +02:00
Jouni Malinen
f9561868ec OWE: Add driver capability flag for OWE AKM
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-12 19:24:11 +02:00
Jouni Malinen
a1ea1b4522 OWE: Define and parse OWE AKM selector
This adds a new RSN AKM "OWE".

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-12 19:24:11 +02:00
Avraham Stern
15ab61eda0 WNM: Add option to configure candidates for BTM query candidate list
Add a mechanism to configure the candidates for BTM query candidate list
manually. This can be used to verify AP behavior for various candidates
preferences.

usage:
wnm_bss_query <reason> [neighbor=<BSSID>,<BSSID information>,
	                <operating class>,<channel number>,
			<PHY type>[,<hexdump of optional subelements>]]

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2017-03-11 10:47:28 +02:00
Jouni Malinen
8ecf2231fd ANQP: Extend ANQP_GET command to request without IEEE 802.11 elements
Previously, ANQP_GET required at least one IEEE 802.11 ANQP-element to
be requested. This is not really necessary, so allow a case where
num_ids == 0 as long as the request includes at least one Hotspot 2.0 or
MBO ANQP-element.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-10 17:02:22 +02:00
Avraham Stern
2316cb358c MBO: Add option to add MBO query list to ANQP query
MBO techspec v0.0_r27 changed the MBO ANQP-element format. The MBO
element in ANQP query should now include an MBO Query List element that
contains a list of MBO elements to query.

Add API to add the MBO Query List to an ANQP query.

Format:
ANQP_GET <addr> <info_id>[,<info_id>]...[,mbo:<subtype>...]

Example for querying neighbor report with MBO cellular data
connection preference:
ANQP_GET <bssid> 272,mbo:2

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2017-03-10 16:53:10 +02:00
Jouni Malinen
88a447556e Fix SELECT_NETWORK freq parameter
This functionality was originally added in commit
204c9ac4ee ('Extend select_network command
with freq= to reduce scan time') re-using wpa_s->manual_scan_freqs and
MANUAL_SCAN_REQ. That got broken when commit
35d403096e ('Set NORMAL_SCAN_REQ on
SELECT_NETWORK/ENABLE_NETWORK') started overriding wpa_s->scan_req for
SELECT_NETWORK.

Fix this by adding a new scan frequency list specifically for
SELECT_NETWORK so that this does not need to depend on any specific
wpa_s->scan_req value.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-26 12:05:40 +02:00
Jouni Malinen
b7286c1b5d FILS: External management of PMKSA cache entry with Cache Identifier
The PMKSA_GET and PMKSA_ADD commands can now use an optional extra
parameter to fetch and add PMKSA cache entries with the FILS Cache
Identifier.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-26 12:05:40 +02:00
Jouni Malinen
c6c41f6ea6 FT: Support addition of RIC elements into Reassociation Request frame
The new "SET ric_ies <hexdump>" control interface command can now be
used to request wpa_supplicant to add the specified RIC elements into
Reassociation Request frame when using FT protocol. This is mainly for
testing purposes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-18 21:39:01 +02:00