Add support for using the OWE Transition Mode element to determine the
hidden SSID for an OWE BSS that is used in transition mode.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
sm->pmk_len was not set when deriving the PMK as part of OWE key
generation. This depending on wpa_sm_set_pmk_from_pmksa() call resetting
the value to the default. While this worked for many cases, this is not
correct and can have issues with network profile selection based on
association information. For example, the OWE transition mode cases
would hit an issue here.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new wpa_supplicant network parameter group_mgmt can be used to
specify which group management ciphers (AES-128-CMAC, BIP-GMAC-128,
BIP-GMAC-256, BIP-CMAC-256) are allowed for the network. If not
specified, the current behavior is maintained (i.e., follow what the AP
advertises). The parameter can list multiple space separate ciphers.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, wowlan_triggers were updated in kernel only during startup.
Also update it whenever it is set from the control interface.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The introduction of radio works and a delayed callback to complete
association/connection requests ended up breaking RSN pre-authentication
candidate list generation for the case of pre-connection scan results.
Previously, wpa_supplicant_associate() set the RSN state machine
configuration before returning and the calls to
wpa_supplicant_rsn_preauth_scan_results() immediately after this
function call were working fine. However, with the radio work callback,
the RSN state machine configuration started to happen only in that
callback which would be called soon after this code path has completed.
This resulted in the RSN state machine not knowing the selected SSID and
as such, rejecting all pre-authentication candidates.
Fix this by setting the RSN state machine configuration from
wpa_supplicant_associate() so that the existing callers of
wpa_supplicant_rsn_preauth_scan_results() can be used as-is to add
candidates for pre-authentication.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When building wpa_ie in wpas_start_assoc_cb() with ext_capab,
make sure that assignment does not exceed max_wpa_ie_len.
Signed-off-by: Adiel Aloni <adiel.aloni@intel.com>
This introduces a new interface for mesh and adds a signal that
is similar to the control interface event MESH-GROUP-STARTED.
Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
If an AP is not FILS capable and wpa_supplicant has a saved network
block for the network with FILS key management and a saved erp info,
wpa_supplicant might end up issuing a FILS connection to a non-FILS AP.
Fix this by looking for the presence of FILS AKMs in wpa_s->key_mgmt,
i.e., after deciding on the AKM suites to use for the current
connection.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Set temporary disallowed BSSID list to the driver so that the driver
doesn't try to connect to any of the blacklisted BSSIDs during
driver-based roaming operation. This commit includes support only for
the nl80211 driver interface using a QCA vendor command for this.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This new AKM is used with DPP when using the signed Connector to derive
a PMK. Since the KCK, KEK, and MIC lengths are variable within a single
AKM, this needs number of additional changes to get the PMK length
delivered to places that need to figure out the lengths of the PTK
components.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds support for DPP Configuration Protocol using GAS. Full
generation and processing of the configuration object is not included in
this commit.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add wpa_supplicant control interface commands for parsing the bootstrap
info URI from a QR Code (get peer public key) and to generate a new
bootstrap info with private key for local use. The optional
key=<hexdump> argument to the DPP_BOOTSTRAP_GEN command can be used to
specify the bootstrapping private key in OpenSSL ECPrivateKey DER
encoding format. This results in the local bootstrapping information
entry being created with the specified key instead of generating a new
random one.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows the eap_proxy mechanism to be used with multiple SIMs by
following the configured sim_num to index which SIM to use for when
fetching the IMSI through eap_proxy.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Current DFS domain information of the driver can be used in ap/dfs
to comply with DFS domain specific requirements like uniform spreading
for ETSI domain.
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qti.qualcomm.com>
This exposes user configurable option to set bssid_hint for a network.
bssid_hint indicates which BSS has been found a suitable candidate for
initial association for drivers that use driver/firmware-based BSS
selection. Unlike the bssid parameter, bssid_hint does not limit the
driver from selecting other BSSs in the ESS.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Disconnection due to DISABLE_NETWORK while being connected was resulting
in the AP getting blacklisted. Avoid this by setting own_disconnect_req
on a disconnect request due to DISABLE_NETWORK similarly to the
SELECT_NETWORK disconnection case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds a string "FILS_HLP_SENT" to connect event when HLP is sent
as part of ASSOC/CONNECT request.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Update the internal fils_completed state when offloading FILS shared key
authentication to the driver.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add FILS/ERP parameters into the driver connect command to support FILS
shared key authentication offload.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This was already done in sme_send_authentication() for the case where
wpa_supplicant SME is used. Similar change is needed for driver-SME to
allow FILS authentication to be offloaded to the driver.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This functionality was originally added in commit
204c9ac4ee ('Extend select_network command
with freq= to reduce scan time') re-using wpa_s->manual_scan_freqs and
MANUAL_SCAN_REQ. That got broken when commit
35d403096e ('Set NORMAL_SCAN_REQ on
SELECT_NETWORK/ENABLE_NETWORK') started overriding wpa_s->scan_req for
SELECT_NETWORK.
Fix this by adding a new scan frequency list specifically for
SELECT_NETWORK so that this does not need to depend on any specific
wpa_s->scan_req value.
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows PMKSA cache entries for FILS-enabled BSSs to be shared
within an ESS when the BSSs advertise the same FILS Cache Identifier
value.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new "SET ric_ies <hexdump>" control interface command can now be
used to request wpa_supplicant to add the specified RIC elements into
Reassociation Request frame when using FT protocol. This is mainly for
testing purposes.
Signed-off-by: Jouni Malinen <j@w1.fi>
This can be used to override driver get_pref_freq_list() operation for
more convenient testing of preferred frequency list functionality.
Override string format:
<if_type1>:<freq1>,<freq2>,... <if_type2>:...
if_type: 0=STATION, 2=AP, 3=P2P_GO, 4=P2P_CLIENT, 8=TDLS, 9=IBSS
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add an internal flag which indicates to tunneled EAP methods (FAST,
PEAP, TTLS) that they should cache decrypted EAP-SIM/AKA/AKA' requests.
This allows EAP-SIM/AKA/AKA' to be tunneled within these outer methods
while using an external SIM authenticator over the control interface.
Signed-off-by: Paul Stewart <pstew@google.com>
The current implementation of QCA vendor scan does not handle the
simultaneous scan/p2p-scan operations on the same interface due to
missing support for tracking multiple scan cookie values. Hence
serialize such operations on the same interface for now.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This wpa_drv_if_remove() call was previously modified to fix a different
issue, but that fix resulted in unconditional use of treed memory here
(wpa_supplicant_deinit_iface() frees wpa_s). Make a local copy of
wpa_s->parent to be able to use it after wpa_s is freed. The
mesh_if_created case has wpa_s->parent != wpa_s, so this should be
sufficient way of handling the wpa_drv_if_remove() call here.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible to hit this WPA_ASSERT when FST-MANAGER SESSION_REMOVE
command is exececuted when in not-associated state. In
CONFIG_EAPOL_TEST=y builds, this would result in the wpa_supplicant
process being terminated. Convert this WPA_ASSERT to a check that does
not terminate the process, but only rejects the command if wpa_s->bssid
does not match the da argument.
Signed-off-by: Jouni Malinen <j@w1.fi>
If the VHT capability override vht_disabled=1 is used in the network
profile, skip VHT configuration of the local channel.
Signed-off-by: Jouni Malinen <j@w1.fi>
This functionality can be used outside wpa_set_disable_ht40(), so move
the generic part to a helper function.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
The new wpa_supplicant control interface commands FILS_HLP_REQ_FLUSH and
FILS_HLP_REQ_ADD can now be used to request FILS HLP requests to be
added to the (Re)Association Request frame whenever FILS authentication
is used.
FILS_HLP_REQ_ADD parameters use the following format:
<destination MAC address> <hexdump of payload starting from ethertype>
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
These commnds are mesh version of PMKSA_GET/ADD commands. So the usage
and security risk is similar to them. Refer to
commit 3459381dd2 ('External persistent
storage for PMKSA cache entries') also.
The MESH_PMKSA_GET command requires peer MAC address or "any" as an
argument and outputs appropriate stored PMKSA cache. And the
MESH_PMKSA_ADD command receives an output of MESH_PMKSA_GET and re-store
the PMKSA cache into wpa_supplicant. By using re-stored PMKSA cache,
wpa_supplicant can skip commit message creation which can use
significant CPU resources.
The output of the MESH_PMKSA_GET command uses the following format:
<BSSID> <PMKID> <PMK> <expiration in seconds>
The example of MESH_PMKSA_ADD command is this.
MESH_PMKSA_ADD 02:00:00:00:03:00 231dc1c9fa2eed0354ea49e8ff2cc2dc cb0f6c9cab358a8146488566ca155421ab4f3ea4a6de2120050c149b797018fe 42930
MESH_PMKSA_ADD 02:00:00:00:04:00 d7e595916611640d3e4e8eac02909c3c eb414a33c74831275f25c2357b3c12e3d8bd2f2aab6cf781d6ade706be71321a 43180
This functionality is disabled by default and can be enabled with
CONFIG_PMKSA_CACHE_EXTERNAL=y build configuration option.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Beacon Report Radio Measurement is defined in IEEE Std 802.11-2016,
11.11.9.1. Beacon Report is implemented by triggering a scan on the
requested channels with the requested parameters.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
As support for new RRM measurements will be added, the RRM
implementation will become quite large, so move it to a dedicated file.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Commit 4a742011ab ('wpa_supplicant: Handle
LCI request') introduced LCI request parsing in a manner that
incremented the request pointer by four within
wpas_rrm_build_lci_report() without decrementing len correspondingly.
This could potentially result in get_ie() reading four octets beyond the
buffer if a corrupted request is received. This would be applicable only
if the LCI reporting was enabled explicitly ("SET LCI ..." control
interface command).
Fix this by updating the len variable to match the request pointer
changes.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Supported Operating Classes element and its use is define in the IEEE
802.11 standard and can be sent even when MBO is disabled in the build.
As such, move this functionality out from the CONFIG_MBO=y only mbo.c.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
wpa_s->sme.auth_alg could have been left to a previously value other
than WPA_AUTH_ALG_OPEN if IBSS network is used after an association that
used shared key, FT, or FILS authentication algorithm. This could result
in the IBSS setup failing due to incorrect authentication processing
steps.
Fix this by setting wpa_s->sme.auth_alg = WPA_AUTH_ALG_OPEN whenever
starting an IBSS (or mesh, for that matter) network.
Signed-off-by: Jouni Malinen <j@w1.fi>
This enables configuring key_mgmt=NONE + mka_ckn + mka_cak.
This allows wpa_supplicant to work in a peer-to-peer mode, where peers
are authenticated by the pre-shared (CAK,CKN) pair. In this mode, peers
can act as key server to distribute keys for the MACsec instances.
This is what some MACsec switches support, and even without HW
support, it's a convenient way to setup a network.
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Previously, a build without IBSS RSN support tried to start/join an IBSS
even if the profile was configured with RSN parameters. This does not
work and resulted in quite confusing debug log. Make this clearer by
explicitly checking for this case and reject the connection attempt with
a clearer debug log entry instead of trying something that is known to
fail.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
With mac_addr=0 and preassoc_mac_addr=1, the permanent MAC address
should be restored for association. Previously this did not happen when
reassociating to the same ESS.
Signed-off-by: Benjamin Richter <br@waldteufel.eu>
This was already done for most driver cases, but it is possible that the
BSSID/frequency is not forced if the driver reports BSS selection
capability (e.g., NL80211_ATTR_ROAM_SUPPORT). That could potentially
result in the driver ignoring the BSSID/frequency hint and associating
with another (incorrect) AP for the WPS provisioning step if that
another AP in the same ESS is more preferred (e.g., better signal
strength) by the driver and only one of the APs (the not preferred one)
is in active WPS registrar state.
While most drivers follow the BSSID hint for the initial connection to
an ESS, not doing it here for the WPS provisioning would break the
protocol. Fix this by enforcing a single BSSID/frequency to disallow the
driver from selecting an incorrect AP for the WPS provisioning
association.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If FILS is supported, indicate that in Probe Request and (Re)Association
Request frames in the Extended Capabilities element.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If a scheduled scan is running on select network command,
cancel and reset it before kicking off a regular scan request.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Implement "SET ignore_auth_resp <0/1>" command to simulate auth/assoc
response loss and EAPOL RX packet loss by ignoring corresponding
incoming events.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
If authentication times out while reassociating to same ESS incorrect
BSSID may end up being blacklisted. Use pending_bssid field on
authentication timeout and deauthentication to ensure the correct AP
gets blacklisted. This is mainly to address cases related to Android
framework roaming behavior.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Add configuration options that control publishing of fine timing
measurement (FTM) responder and initiator functionality via bits 70, 71
of Extended Capabilities element. Typically, FTM functionality is
controlled by a location framework outside wpa_supplicant. When
framework is activated, it will use wpa_supplicant to configure the
STA/AP to publish the FTM functionality. See IEEE P802.11-REVmc/D7.0,
9.4.2.27.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
All the 3 control interfaces: socket based, dbus & binder needs to
perform the same sequence of steps for network add/remove. So, move
these to a common utility method in |wpa_supplicant.c| instead of
duplicating the code everywhere.
Signed-off-by: Roshan Pius <rpius@google.com>
Previously, secondary channel offset could be non zero even though
disable_ht40=1. This patch fixes it.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Move out the disconnect command handling from |ctrl_iface.c| to
|wpa_supplicant.c| so that it can be reused across the different
control interfaces (socket, dbus & binder).
Signed-off-by: Roshan Pius <rpius@google.com>
This makes wpa_supplicant set default scan IEs to the driver (if the
vendor command is supported). The driver can use these IEs in the scan
requests initiated by the driver itself. Also the driver can merge these
IEs into further scan requests that it receives, in case if the scan
request doesn't carry any of the IEs sent in this command.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, HT capability IE and HT information IE were included in
Beacon and Mesh Peering Open/Confirm frames even if HT is disabled with
disable_ht=1. This patch removes these.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This allows minimal testing with 160 MHz channel with country code ZA
that happens to be the only one with a non-DFS 160 MHz frequency. DFS
with mesh is not yet supported.
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds the necessary changes to support extraction and use of the
extended capabilities specified per interface type (a recent
cfg80211/nl80211 extension). If that information is available,
per-interface values will be used to override the global per-radio
value.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
PMF is available only with RSN and pmf=2 could have prevented open
network connections. Change the global wpa_supplicant pmf parameter to
be interpreted as applying only to RSN cases to allow it to be used with
open networks.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Handle radio measurement request that contains LCI request. Send
measurement report based on a configurable LCI report element. The LCI
report element is configured over the control interface with
SET lci <hexdump of the element>
and cleared with
SET lci ""
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Add an option to request LCI and Location Civic Measurement in Neighbor
Report Request frame, as described in IEEE P802.11-REVmc/D5.0, 9.6.7.6.
Note: This changes the encoding format of the NEIGHBOR_REP_REQUEST
ssid=<val> parameter. This used to be parsed as raw SSID data which is
problematic for accepting additional parameters. The new encoding allows
either a string within double-quotation marks or a hexdump of the raw
SSID.
Thew new format:
NEIGHBOR_REP_REQUEST [ssid=<SSID>] [lci] [civic]
Signed-off-by: David Spinadel <david.spinadel@intel.com>
When a station starts an association to a Hotspot 2.0 network, request
the driver to do the following, based on the BSS capabilities:
1. Enable gratuitous ARP filtering
2. Enable unsolicited Neighbor Advertisement filtering
3. Enable unicast IP packet encrypted with GTK filtering if
DGAF disabled bit is zero
Clear the filter configuration when the station interface is
disassociated.
Signed-off-by: Matti Gottlieb <matti.gottlieb@intel.com>
Add a new value 2 to the pbss parameter of wpa_ssid structure, which
means "don't care". This value is used in infrastructure mode to request
connection to either AP or PCP, whichever is available in the scan
results. The value is also used in regular WPS (not P2P group formation)
to make WPS work with devices running as either AP or PCP.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
This allows the SME-in-the-driver case to get similar information about
reassociation that was already available for the SME-in-wpa_supplicant
case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new wpa_supplicant command line argument -M can be used to describe
matching rules with a wildcard interface name (e.g., "wlan*").
This is very useful for systems without udev (Linux) or devd (FreeBSD).
Signed-off-by: Roy Marples <roy@marples.name>
Interface additions/removals are not guaranteed to be for the driver
listening to the kernel events. As such, send the events to
wpa_supplicant_event_global() which can then pick the correct interface
registered with wpa_supplicant to send the event to.
Signed-off-by: Roy Marples <roy@marples.name>
Expose the functions wpas_get_bands() and wpas_freq_to_band() and the
enum wpa_radio_work_band, since they will be needed outside
wpa_supplicant.c.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
Add support for drivers with dedicated P2P_DEVICE interface, but without
group interface concurrency (only a single netdev is used). With such
devices, wpa_supplicant tried to use the p2p_dev interface instead of
the group interface and most P2P operations failed. Extend
wpa_supplicant to use the primary interface instead of a separate group
interface in such cases.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
In many places in the code there was a reference to wpa_s->parent to get
from group interface to p2p_dev interface. These places can break if
P2P_DEVICE interface would need to be used with the primary interface as
the group interface, since the parent of the primary interface points to
itself and not the p2p_dev interface.
Fix this by adding a separate "p2pdev" pointer to wpa_supplicant,
it will be the same as parent pointer in most cases but whenever
the primary interface is used as a group interface, change it to
point to the correct p2p_dev interface.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
This makes wpa_is_bss_tmp_disallowed() expire old entries from the
bss_tmp_disallowed list even if they do not match the BSSID that is
being searched for. This allows the list to be kept at shorter length to
speed up operations and minimize memory use in cases where the
previously disabled BSS is not in radio range anymore.
Signed-off-by: Jouni Malinen <j@w1.fi>
According to IEEE Std 802.11-2012, Table 8-22, vendor specific elements
must follow all other elements, so Hotspot 2.0 element which is actually
a vendor specific element must come after all other elements.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Add parsing of MBO IE in BSS Transition Management Request frames. If
the MBO IE includes the association retry delay attribute, do not try to
reconnect to the current BSS until the delay time is over.
If the MBO IE includes the cellular data connection preference attribute
or the transition rejection reason attribute, send a message to upper
layers with the data.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
The SAE PMKID is calculated with IEEE Std 802.11-2012 11.3.5.4, but the
PMKID was re-calculated with 11.6.1.3 and saved into PMKSA cache. Fix
this to save the PMKID calculated with 11.3.5.4 into the PMKSA cache.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
PBSS (Personal Basic Service Set) is a new BSS type for DMG
networks. It is similar to infrastructure BSS, having an AP-like
entity called PCP (PBSS Control Point), but it has few differences.
PBSS support is mandatory for IEEE 802.11ad devices.
Add a new "pbss" argument to network block. The argument is used
in the following scenarios:
1. When network has mode=2 (AP), when pbss flag is set will start
as a PCP instead of an AP.
2. When network has mode=0 (station), when pbss flag is set will
connect to PCP instead of AP.
The function wpa_scan_res_match() was modified to match BSS according to
the pbss flag in the network block (wpa_ssid structure). When pbss flag
is set it will match only PCPs, and when it is clear it will match only
APs.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
This function can be used to re-build eloop socket tables after forking
for eloop implementations that need this.
Signed-off-by: Roy Marples <roy@marples.name>
The messages were sent out with wpa_msg_ctrl() so they were not visible
in the debug log. However, these would be quite helpful strings to
search for in the debug log, so change these messages to use wpa_msg().
Signed-off-by: Jouni Malinen <j@w1.fi>
External programs are not aware of the creation of a
dedicated P2P Device interface, so it does not make sense
to wait for a monitor to connect on such an interface.
Fix this by not waiting on a dedicated P2P Device interface
for monitor to attach.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Such a pending frame cannot be valid anymore, so drop it instead of
risking of using an unexpected EAPOL frame after association if a
previous association received one at the end and the new association can
happen within 100 ms.
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds support for optional functionality to validate server
certificate chain in TLS-based EAP methods in an external program.
wpa_supplicant control interface is used to indicate when such
validation is needed and what the result of the external validation is.
This external validation can extend or replace the internal validation.
When ca_cert or ca_path parameter is set, the internal validation is
used. If these parameters are omitted, only the external validation is
used. It needs to be understood that leaving those parameters out will
disable most of the validation steps done with the TLS library and that
configuration is not really recommend.
By default, the external validation is not used. It can be enabled by
addingtls_ext_cert_check=1 into the network profile phase1 parameter.
When enabled, external validation is required through the CTRL-REQ/RSP
mechanism similarly to other EAP authentication parameters through the
control interface.
The request to perform external validation is indicated by the following
event:
CTRL-REQ-EXT_CERT_CHECK-<id>:External server certificate validation needed for SSID <ssid>
Before that event, the server certificate chain is provided with the
CTRL-EVENT-EAP-PEER-CERT events that include the cert=<hexdump>
parameter. depth=# indicates which certificate is in question (0 for the
server certificate, 1 for its issues, and so on).
The result of the external validation is provided with the following
command:
CTRL-RSP-EXT_CERT_CHECK-<id>:<good|bad>
It should be noted that this is currently enabled only for OpenSSL (and
BoringSSL/LibreSSL). Due to the constraints in the library API, the
validation result from external processing cannot be reported cleanly
with TLS alert. In other words, if the external validation reject the
server certificate chain, the pending TLS handshake is terminated
without sending more messages to the server.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new methods are
1. VendorElemAdd "i" "ay" i=integer ay=array of bytes
2. VendorElemGet "i" i=integer (output array of bytes)
3. VendorElemRem "i" "ay" i=integer ay=array of bytes
These provide functionality similar to the control interface commands
VENDOR_ELEM_ADD, VENDOR_ELEM_GET, and VENDOR_ELEM_REMOVE.
Signed-off-by: Avichal Agarwal <avichal.a@samsung.com>
Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com>
Signed-off-by: Kyeong-Chae Lim <kcya.lim@samsung.com>
Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
Signed-off-by: Dilshad Ahmad <dilshad.a@samsung.com>
[VendorElemGet to return array of bytes instead of string; cleanup]
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows the control interface SET command to be used to update the
sched_scan_plans parameter at runtime. In addition, an empty string can
be used to clear the previously configured plan.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add the option to configure scheduled scan plans in the config file.
Each scan plan specifies the interval between scans and the number
of scan iterations. The last plan will run infinitely and thus
specifies only the interval between scan iterations.
usage:
sched_scan_plans=<interval:iterations> <interval2:iterations2> ... <interval>
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Connect radio work is sometimes delayed for a considerable duration if
there is an ongoing scan radio work. To avoid these delays abort the
ongoing scan on that interface before queuing a connect request. Upon a
scan done indication from the driver, connect radio work will be
scheduled.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
A new network profile configuration parameter max_oper_chwidth=3 can be
used to specify preference to enable 80+80 MHz VHT channel for IBSS. If
that is set, the first 80 MHz segment is specified based on the
frequency parameter in the network profile and the second segment is
selected automatically (which will practically be limited to a single
possibility due to DFS requirements in most countries).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Number of places were calling functions that are not included in
CONFIG_NO_WPA=y build anymore. Comment out such calls. In addition, pull
in SHA1 and MD5 for config_internal.c, if needed.
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit 2a6f78fbbe ('Do not re-associate on
SELECT_NETWORK to current network') started skipping all SELECT_NETWORK
connection steps if the selected network had already been selected
previously. This happened regardless of whether the connection was
already established. This is not necessarily desirable for all cases
where there is no immediate action to even try to connect (e.g., long
wait for the next scan).
Speed this up by allowing the SELECT_NETWORK operation to get started if
there is no connection or ongoing connection attempt with the selected
network.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Mesh Points themselves have capability to support VHT as long as
hardware supports it. However, supporting VHT in mesh mode was disabled
because no one had clearly tested and confirmed its functionality. Since
VHT80 has now been verified to work with ath10k QCA988X driver and
mac80211_hwsim, enable VHT support in mesh mode.
Signed-off-by: Peter Oh <poh@qca.qualcomm.com>
This is useful for logrotate to be able to rotate the file even if the
control interface is not enabled (e.g., when using DBus).
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
It was possible for wpa_s->own_disconnect_req to be left set to 1 from a
disconnection attempt from a prior connection. This could then prevent
proper connection failure processing with the new connection in
wpas_connection_failed(). This was triggered by the following hwsim test
case sequence: wpas_mesh_secure sae_no_ffc_by_default. In this sequence,
the SAE failure due to unsupported group did not result in proper
wpas_connection_failed() processing and retry.
Fix this by clearing wpa_s->own_disconnect_req in
wpa_supplicant_associate() before starting a new connection.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit contains the necessary changes to parallelize
distinct radio work operations which are different in type and
the band used, only when the underlying driver is capable of
supporting such simultaneous offchannel operations.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Fix an iteration bug in get_shared_radio_freqs_data when building
freqs_data array. Only the last used-by flag was maintained instead of
making this a bitfield of all found uses.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This was already the case for most command sequences, but it was
possible for wpa_s->reassociate to be set to 1 when CTRL-RSP-* commands
were used to set identity, password, or passphrase for EAP
authentication. In such cases, ENABLE_NETWORK issued after the
connection was completed could result in a new connection attempt
(likely reconnection back to the same BSS).
Fix this by checking whether an actual connection is already present
even if wpa_s->reassociate is set when processing the ENABLE_NETWORK
command.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add more details into configuration comments and a runtime info message
if ap_scan=2 is used with the nl80211 driver interface.
Signed-off-by: Jouni Malinen <j@w1.fi>
wpa_s->scan_req needs to be set in these cases to get correct scanning
behavior. This is mainly needed for starting of AP mode operation
immediately in ap_scan=2 case.
This fixes an issue that was found with mac80211_hwsim test cases in the
following sequence: dbus_autoscan dbus_ap_scan_2_ap_mode_scan
Signed-off-by: Jouni Malinen <j@w1.fi>
PNO was stopped by the wpa_supplicant during the connection attempts or
while handling disassociation indication. External entities, mainly, the
Android Wi-Fi framework, does not expects PNO to be stopped by other
modules. Hence, do not stop the sched_scan in these scenarios if it is
triggered externally for PNO.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
With the radio work design, it is possible for a network entry to get
disabled (e.g., DISABLE_NETWORK <id>) during the time the connect or
sme-connect radio work waits to start. Previously, only the validity of
the BSS entry and BSSID/SSID was verified when starting the actual
connection step. Add call to wpas_network_disabled() to those checks to
catch the case where the network profile is disabled.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This buffer is owned by the FST module, so mark it const in the
set_ies() callback to make it clearer which component is responsible for
modifying and freeing this.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The P2P configuration file is wrongly set as STA configuration file,
even though a separate configuration file is mentioned with '-m' option.
Add initialization and deallocation of global.params->conf_p2p_dev to
fix this.
Signed-off-by: Gautam <gautams@broadcom.com>
This new mechanism can be used to combine multiple periodic AP
(including P2P GO) task into a single eloop timeout to minimize number
of wakeups for the process. hostapd gets its own periodic caller and
wpa_supplicant uses the previously added timer to trigger these calls.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, one timeout per process (by default every 30 seconds) was
used P2P peer expiration and another per-interface timeout (every 10
seconds) was used to expire BSS entries. Merge these to a single
per-process timeout that triggers every 10 seconds to minimize number of
process wakeups due to periodic operations.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The caller is not expected to free or modify the value since this is
returning a reference to a buffer maintained by the upper layer.
Signed-off-by: Jouni Malinen <j@w1.fi>
In case of a network interface removal, check if the interface
was also the parent interface of the P2P Device dedicated interface.
If this is the case, then stop the P2P Device functionality, and
remove the P2P Device dedicated interface.
In case that the interface is added again and P2P Device
functionality can be enabled again, add a new P2P Device dedicated
interface and allow further P2P Device functionality.
In case that the P2P Device dedicated interface is re-created, the
original P2P Device configuration file is needed, so store it in
the global params (instead in the wpa_interface configuration).
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
1. Add global p2p_cli_probe property to enable/disable Probe Request
frame RX reporting for connected P2P Clients. The property can be set to
0 - disable or 1 - enable. The default value is 0.
2. Enable Probe Request frame RX reporting for P2P Client on
WPA_COMPLETED state if p2p_cli_probe property is set to 1. Disable it
when an interface state is changing to any other state.
3. Don't cancel Probe Request frame RX reporting on wpa_stop_listen for
a connected P2P Client handling Probe Request frames.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Remove all gas-query radio works before calling gas_query_deinit()
as gas_query_deinit() flow frees the query context, which might
be later be accessed from the radio work callback (and result
with unexpected behavior, e.g., segmentation fault).
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
This fixes some issues where a disconnection event may get ignored if an
earlier operation to remove or disable a network resulted in an attempt
to disconnect event though no connection was in place.
wpa_s->current_ssid != NULL alone is not sufficient to determine that
there will be a driver event notifying completion of such disconnection
request. Set own_disconnect_req to 1 only if wpa_s->wpa_state is also
indicating that there is a connection or an attempt to complete one.
This showed up in a failure, e.g., when running the hwsim test case
scan_int followed by ap_vlan_wpa2_psk_radius_required where the latter
ended up not processing a connection failure event and getting stuck not
trying to run a new scan and connection attempt.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Support a request to scan specific SSIDs given by user with the SCAN
command. The SSID list can be suffixed to the scan command as follows.
For example, if SSIDs "ABC" and "abc123" need to be specifically
scanned, the command should be "SCAN ssid 414243 ssid 616263313233". The
value of the SSID is passed in hexadecimal representation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
In the case of driver-based BSS selection, a bssid_hint in the connect
request might not result in to the selection of the same BSS. Thus,
postpone the updation of the wpa_s->current_bss till the association
event is received unless the BSSID is forced. This fixes issues where
wpa_s->current_bss may end up being updated to point to the BSS that
wpa_supplicant provided as a hint for a roaming case, but then not
restored if the driver decides to "return" to the current BSS instead.
This could result in some operations (e.g., WNM BSS TM response) not
working properly due to incorrect BSS being identified in
wpa_s->current_bss.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 5add410162 ('WPS: Use shorter
authentication timeout during no-SelReg iteration') broke the build with
WPS disabled.
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit 5add410162 ('WPS: Use shorter
authentication timeout during no-SelReg iteration') added a new
condition on reducing the authentication timeout for the WPS AP
iteration process. However, due it ended up copy-pasting an incorrect
condition for this. This was supposed to apply for PIN-based config
method advertisement, not PBC.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
By analysing objdump output some read only structures were found in
.data section. To help compiler further optimize code declare these
as const.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
When iterating through WPS APs that do not advertise Selected Registrar
TRUE, limit the authentication timeout to 10 seconds instead of the full
70 second value used with IEEE 802.1X/EAP/WPS in general. This helps
speed up AP iteration for cases where a selected AP misbehaves and does
not reply to EAP exchanges. This should not really be needed, but there
seems to be deployed APs that do not implement WPS correctly and with
such APs in the radio range, this extra timeout can speed up the
iteration to allow the correct AP to be found before the WPS operation
times out.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Do not add the dedicated P2P Device interface in case P2P is disabled in
the configuration file or globally.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
This makes source code more consistent. The use within Android driver
interface is left as-is to avoid changes in the old PNO interface
definition.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It has been noticed that the band steering/load balancing of some
multi-AP networks will lead to an ever-growing list of blacklisted
BSSIDs. This eventually leads to a connection drop when the connection
is pushed to a distant AP.
Fix this issue by clearing the blacklist upon successful connect.
Signed-off-by: Jason Abele <jason@aether.com>
The new network profile parameter mem_only_psk=1 can be used to specify
that the PSK/passphrase for that network is requested over the control
interface (ctrl_iface or D-Bus) similarly to the EAP network parameter
requests. The PSK/passphrase can then be configured temporarily in a way
that prevents it from getting stored to the configuration file.
For example:
Event:
CTRL-REQ-PSK_PASSPHRASE-0:PSK or passphrase needed for SSID test-wpa2-psk
Response:
CTRL-RSP-PSK_PASSPHRASE-0:"qwertyuiop"
Note: The response value uses the same encoding as the psk network
profile parameter, i.e., passphrase is within double quotation marks.
Signed-off-by: Jouni Malinen <j@w1.fi>
If all networks are temporarily disabled, delay AP selection until at
least one network is enabled. Running AP selection when all networks are
disabled is useless as wpa_supplicant will not try to connect. In
addition, it will result in needless scan iterations that may delay the
connection when it is needed.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
When disconnecting from a BSS, the next scan is optimized to scan only
the channels used by the connected ESS. But when disconnecting because a
new network was selected, this optimization is wrong because
wpa_supplicant is now trying to connect to another ESS. Fix this by not
optimizing the scan frequencies in case the selected network has
changed.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Static analyzers may warn about dereference before NULL check in
wpas_network_disabled() due to the new code added to check
wpa_s->p2p_mgmt. wpa_s cannot be NULL here, so remove the unneeded check
for it later in the function. (CID 106124)
Signed-off-by: Jouni Malinen <j@w1.fi>
wpa_supplicant_deinit_iface() ends up removing all P2P groups if the
removed interface is the parent interface. This is correct behavior in
general, but this resulted in issues in the new group interface
initialization error path since wpa_s->parent was not assigned before
hitting this check. Fix this by assigning wpa_s->parent as part of
wpa_supplicant_add_iface().
Signed-off-by: Jouni Malinen <j@w1.fi>
There are number of cases where wpa_supplicant requests the current
connection to be disconnected before starting a new operation. Such
cases do not really indicate that there was an error in connecting or a
disconnection initiated by the AP, so do not add a temporary blacklist
entry in such sequences.
Signed-off-by: Jouni Malinen <j@w1.fi>
The dedicated P2P management instance (wpas->p2p_mgmt == 1) using
cfg80211 P2P Device cannot be used for non-P2P uses or connection (there
is no netdev). Reject or ignore such operations to avoid unexpected
operations if enabled network blocks are configured in the
wpa_supplicant instance used to control this interface.
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit 563ee1832b ('IBSS: Add support for
VHT80 configuration') got merged in incorrectly with one i/j swap
missed.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
This modifies the BSS selection routines to calculate SNR and estimated
throughput for each scan result and then use the estimated throughput as
a criteria for sorting the results. This extends the earlier design by
taking into account higher throughput rates if both the AP and local
device supports HT20, HT40, or VHT80. In addition, the maximum rate is
restricted based on SNR.
In practice, this gives significantly higher probability of selecting
HT/VHT APs when there are multiple BSSes in the same ESS and SNR is not
low enough to prevent higher MCS use.
Signed-off-by: Jouni Malinen <j@w1.fi>
If a matching IBSS is found in scan results, change requested frequency
to match and disable OBSS scan.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Add fixed_freq=<0/1> network block parameter and pass it to the driver
when starting or joining an IBSS. If this flag is set, IBSS should not
try to look for other IBSS networks to merge with on different channels.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
We should not enable HT if WEP or TKIP is configured.
Without the patch and WEP configuration we will get message:
Association request to the driver failed
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Linux kernel commit 576eb62598f10c8c7fd75703fe89010cdcfff596 ('bridge:
respect RFC2863 operational state') from 2012 introduced a regression
for using wpa_supplicant with EAPOL frames and a station interface in a
bridge. Since it does not look like this regression is going to get
fixed any time soon (it is already two years from that commit and over
1.5 from a discussion pointing out the regression), add a workaround in
wpa_supplicant to avoid this issue.
The wpa_supplicant workaround uses a secondary packet socket to capture
all frames (ETH_P_ALL) from the netdev that is in a bridge. This is
needed to avoid the kernel regression. However, this comes at the price
of more CPU load. Some of this is avoided with use of Linux socket
filter, but still, this is less efficient than a packet socket bound to
the specific EAPOL ethertype. The workaround gets disabled
automatically, if the main packet socket interface on the bridge
interface turns out to be working for RX (e.g., due to an old kernel
version being used or a new kernel version having a fix for the
regression). In addition, this workaround is only taken into use for the
special case of running wpa_supplicant with an interface in a bridge.
Signed-off-by: Jouni Malinen <j@w1.fi>
Drop the unneeded 'attempt' argument. This was originally used for
indicating an aborted PMKID caching attempt, but a fix in 2006 removed
the only such user and since that time, only attempt == 1 has been used.
Signed-off-by: Jouni Malinen <j@w1.fi>
Connection with a PMF enabled AP will fail if we try to negotiate PMF
while the local driver does not support this. Since pmf=1 does not
require PMF for a successful connection, it can be ignored in such a
case to avoid connectivity issues with invalid configuration. This makes
it somewhat easier to allow upper layer programs to use pmf=1 default
regardless of driver capabilities.
Signed-off-by: Jouni Malinen <j@w1.fi>