Commit Graph

695 Commits

Author SHA1 Message Date
Ilan Peer
0a42f1eded scan: Use normal scans after connection failure
In case of connection attempt failure, set 'normal_scans'
to zero, as otherwise it is possible that scheduled scan
would be used and not normal scan, which might delay the
next connection attempt.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2019-04-06 17:13:10 +03:00
Ilan Peer
0487967153 OWE: Fix a possible memory leak on error path
Properly handle the case where OWE IE is allocated, but
there is no space left to add it in the WPA IE buffer.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2019-04-06 17:02:13 +03:00
Ankita Bajaj
822c756e8c MBO: Update connect params with new MBO attributes to driver
MBO attributes Non-preferred channel list and Cellular capabilities are
updated using WNM-Notification Request frame to the current connected
BSS. These same attributes need to be added in the (Re)Association
Request frame sent by the station when roaming, including the case where
the driver/firmware takes care of SME/MLME operations during roaming, so
we need to update the MBO IE to the driver.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-05 20:56:03 +03:00
Jouni Malinen
9af1eea37a Prefer FT-SAE over FT-PSK if both are enabled
FT-SAE is considered stronger than FT-PSK, so prefer it over FT-PSK
similarly to how SAE is preferred over WPA-PSK.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-28 03:27:35 +02:00
Jouni Malinen
853bd19f22 Add more debug prints on suite selector selection
This makes it a bit easier to figure out why wpa_supplicant selects a
specific cipher/AKM for association.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-28 02:58:00 +02:00
Jouni Malinen
6d77014e71 Suite B: Prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192
If both of these AKMs are enabled in the wpa_supplicant network profile
and the target AP advertises support for both, prefer the FT version
over the non-FT version to allow FT to be used.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-28 01:57:10 +02:00
Jouni Malinen
76fd782abe SAE: Reorder SAE and FT-SAE AKM selection to prefer the FT option
If a network profile has both SAE and FT-SAE enabled, SAE was previously
picked (and used incorrectly as explained in the previous commit). This
is not ideal since use of FT protocol can speed up roaming within in
mobility domain. Reorder this checks so that FT-SAE is preferred over
SAE if both are enabled.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-26 22:50:17 +02:00
Jouni Malinen
87d8435cf9 DPP: Common configurator/bootstrapping data management
Merge the practically copy-pasted implementations in wpa_supplicant and
hostapd into a single shared implementation in dpp.c for managing
configurator and boostrapping information. This avoid unnecessary code
duplication and provides a convenient location for adding new global DPP
data.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-24 17:29:45 +02:00
Jouni Malinen
10ec6a5f38 DPP2: PFS for PTK derivation
Use Diffie-Hellman key exchange to derivate additional material for
PMK-to-PTK derivation to get PFS. The Diffie-Hellman Parameter element
(defined in OWE RFC 8110) is used in association frames to exchange the
DH public keys. For backwards compatibility, ignore missing
request/response DH parameter and fall back to no PFS in such cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-18 18:32:31 +02:00
Jouni Malinen
dd6c598007 DPP: Support DPP and SAE in the same network profile
Make both DPP and SAE code aware of the cases where the same network
profile is configured to enable both DPP and SAE. Prefer DPP over SAE in
such cases and start DPP/SAE exchanges based on what both the station
and the AP support.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-16 17:29:59 +02:00
Jouni Malinen
f5db775049 Remove pending connect and sme-connect radio works on disconnect
There was a race condition in a case where a new connection attempt was
scheduled as a pending radio work and that was followed by a DISCONNECT
command before the pending radio work is started. The pending radio work
would not have been deleted in that sequence and instead, it was
executed when the radio became available next. This could result in an
unexpected connection after an explicit request to disconnect.

Fix this by removing pending connect and sme-connect radio works on
disconnection request.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-15 13:03:31 +02:00
Jouni Malinen
c4fccfc7a5 UBSan: Avoid memcmp(ptr, NULL, 0)
Skip the memcmp() call if ssid_len == 0 and entry->ssid might be NULL to
avoid an UBSan warning.

wpa_supplicant.c:3956:9: runtime error: null pointer passed as argument 2, which is declared to never be null

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-25 19:48:49 +02:00
Lior David
2c129a1b71 Fix cipher suite selector default value in RSNE for DMG
According to IEEE Std 802.11-2016, 9.4.2.25 when fields of an RSNE are
not included, the default values are used. The cipher suite defaults
were hardcoded to CCMP in the previous implementation, but the default
is actually different for DMG: GCMP (per 9.4.2.25.2).

It is not possible to find out from the RSNE if the network is non-DMG
or DMG, so callers of wpa_parse_wpa_ie_rsn() need to handle this case
based on context, which can be different for each caller.

In order to fix this issue, add flags to the wpa_ie_data indicating
whether pairwise/group ciphers were included in the RSNE. Callers can
check these flags and fill in the appropriate ciphers. The
wpa_parse_wpa_ie_rsn() function still initializes the ciphers to CCMP by
default so existing callers will not break. This change also fixes some
callers which need to handle the DMG network case.

Signed-off-by: Lior David <liord@codeaurora.org>
2019-02-21 12:42:24 +02:00
Jouni Malinen
bbdb501460 Note HT overrides in debug log only if set
This makes the debug log cleaner by removing the mostly confusing prints
about HT override parameters if they are not actually used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-10 01:43:50 +02:00
Arend van Spriel
d896874f86 nl80211: Indicate 802.1X 4-way handshake offload in connect
Upon issuing a connect request we need to indicate that we want the
driver to offload the 802.1X 4-way handshake for us. Indicate it if
the driver capability supports the offload.

Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
2019-01-08 01:12:02 +02:00
Arend van Spriel
436ee2fd93 drivers: Add separate driver flags for 802.1X and PSK 4-way HS offloads
Allow drivers to indicate support for offloading 4-way handshake for
either IEEE 802.1X (WPA2-Enterprise; EAP) and/or WPA/WPA2-PSK
(WPA2-Personal) by splitting the WPA_DRIVER_FLAGS_4WAY_HANDSHAKE flag
into two separate flags.

Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
2019-01-08 01:12:02 +02:00
Ben Greear
cb828507f5 Use disable_ht/vht to constrain supported operating class information
If user has disabled HT or VHT, those related operating classes
should not be advertised as supported.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2019-01-08 00:19:07 +02:00
Peter Oh
e5a9b1e8a3 mesh: Implement use of VHT20 config in mesh mode
Mesh in VHT mode is supposed to be able to use any bandwidth that VHT
supports, but there was no way to set VHT20 although there are
parameters that are supposed to be used. This commit along then previous
commit for VHT_CHANWIDTH_USE_HT makes mesh configuration available to
use any bandwidth with combinations of existing parameters like shown
below.

VHT80:
  default
  do not set any parameters
VHT40:
  max_oper_chwidth = 0
VHT20:
  max_oper_chwidth = 0
  disable_ht40 = 1
HT40:
  disable_vht = 1
HT20:
  disable_ht40 = 1
disable HT:
  disable_ht = 1

Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
2019-01-06 23:49:40 +02:00
Peter Oh
806db174fd mesh: Add VHT_CHANWIDTH_USE_HT to max_oper_chwidth
Channel width in VHT mode refers HT capability when the width goes down
to below 80 MHz, hence add checking HT channel width to its max
operation channel width. So that mesh has capability to select bandwidth
below 80 MHz.

Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
2019-01-06 23:43:40 +02:00
Ben Greear
fd83a80815 wpa_supplicant: Allow disabling VHT SGI capability
This provides similar features to what was already available for HT
overrides. Probe Request frames look correct, and VHT capabilities shown
in debugfs look as expected.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2019-01-06 20:59:36 +02:00
Matthew Wang
2bbad1c7c9 dbus: Export roam time, roam complete, and session length
Add new Interface properties "RoamTime", "RoamComplete", and
"SessionLength". "RoamTime" carries the roam time of the most recent
roam in milliseconds. "RoamComplete" carries True or False corresponding
to the success status of the most recent roam. "SessionLength" carries
the number of milliseconds corresponding to how long the connection to
the last AP was before a roam or disconnect happened.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2019-01-03 00:20:34 +02:00
Jouni Malinen
cc58a35735 Update copyright notices for the new year 2019
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-01 23:38:56 +02:00
Beni Lev
19677b77c3 OCE: Add RSSI based association rejection support (STA)
An AP might refuse to connect a STA if it has a low RSSI. In such case,
the AP informs the STA with the desired RSSI delta and a retry timeout.
Any subsequent association attempt with that AP (BSS) should be avoided,
unless the RSSI level improved by the desired delta or the timeout has
expired.

Defined in Wi-Fi Alliance Optimized Connectivity Experience technical
specification v1.0, section 3.14 (RSSI-based association rejection
information).

Signed-off-by: Beni Lev <beni.lev@intel.com>
2019-01-01 17:56:25 +02:00
Sergey Matyukevich
cdeea70f59 wpa_supplicant: Allow overriding HT STBC capabilities
Allow user to override STBC configuration for Rx and Tx spatial streams.
Add new configuration options to test for HT capability overrides.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
2018-12-23 17:25:11 +02:00
Jouni Malinen
2a93ecc8ca Expose Multi-BSS STA capability through wpa_supplicant control interface
Indicate whether the driver advertises support for Multi-BSS STA
functionality with "GET_CAPABILITY multibss" (returns "MULTIBSS-STA" if
supported).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-20 21:30:43 +02:00
Venkateswara Naralasetty
5abc7823bd wpa_supplicant: Add Multi-AP backhaul STA support
Advertise vendor specific Multi-AP IE in (Re)Association Request frames
and process Multi-AP IE from (Re)Association Response frames if the user
enables Multi-AP fuctionality. If the (Re)Association Response frame
does not contain the Multi-AP IE, disassociate.

This adds a new configuration parameter 'multi_ap_backhaul_sta' to
enable/disable Multi-AP functionality.

Enable 4-address mode after association (if the Association Response
frame contains the Multi-AP IE). Also enable the bridge in that case.
This is necessary because wpa_supplicant only enables the bridge in
wpa_drv_if_add(), which only gets called when an interface is added
through the control interface, not when it is configured from the
command line.

Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org>
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2018-12-20 12:10:31 +02:00
Mathy Vanhoef
55c12f5d37 OCV: Advertise OCV capability in RSN capabilities (STA)
Set the OCV bit in RSN capabilities (RSNE) based on station mode
configuration.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 20:49:27 +02:00
Jouni Malinen
ec2cf403b8 HS 2.0: As a STA, do not indicate release number greater than the AP
Hotspot 2.0 tech spec mandates mobile device to not indicate a release
number that is greater than the release number advertised by the AP. Add
this constraint to the HS 2.0 Indication element when adding this into
(Re)Association Request frame. The element in the Probe Request frame
continues to show the station's latest supported release number.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-08 14:06:58 +02:00
Jouni Malinen
c2c6c01bb8 Update version to v2.7 and copyright years to include 2018
Also add the ChangeLog entries for both hostapd and wpa_supplicant to
describe main changes between v2.6 and v2.7.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-02 21:34:59 +02:00
Ashok Kumar
698c9e2021 OWE: Try another group only on association rejection with status 77
Do not change the OWE group if association is rejected for any other
reason than WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED to avoid
unnecessary latency in cases where the APs reject association, e.g., for
load balancing reasons.

Signed-off-by: Ashok Kumar <aponnaia@codeaurora.org>
2018-12-02 20:42:09 +02:00
Jouni Malinen
dc673aec46 HS 2.0: Generate AssocReq OSEN IE based on AP advertisement
Parse the OSEN IE from the AP to determine values used in the AssocReq
instead of using hardcoded cipher suites. This is needed to be able to
set the group cipher based on AP advertisement now that two possible
options exists for this (GTK_NOT_USED in separate OSEN BSS; CCMP or
GTK_NOT_USED in shared BSS case). Furthermore, this is a step towards
allowing other ciphers than CCMP to be used with OSEN.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-09 18:07:16 +02:00
Jouni Malinen
d514b50265 WNM: Collocated Interference Reporting
Add support for negotiating WNM Collocated Interference Reporting. This
allows hostapd to request associated STAs to report their collocated
interference information and wpa_supplicant to process such request and
reporting. The actual values (Collocated Interference Report Elements)
are out of scope of hostapd and wpa_supplicant, i.e., external
components are expected to generated and process these.

For hostapd/AP, this mechanism is enabled by setting
coloc_intf_reporting=1 in configuration. STAs are requested to perform
reporting with "COLOC_INTF_REQ <addr> <Automatic Report Enabled> <Report
Timeout>" control interface command. The received reports are indicated
as control interface events "COLOC-INTF-REPORT <addr> <dialog token>
<hexdump of report elements>".

For wpa_supplicant/STA, this mechanism is enabled by setting
coloc_intf_reporting=1 in configuration and setting Collocated
Interference Report Elements as a hexdump with "SET coloc_intf_elems
<hexdump>" control interface command. The hexdump can contain one or
more Collocated Interference Report Elements (each including the
information element header). For additional testing purposes, received
requests are reported with "COLOC-INTF-REQ <dialog token> <automatic
report enabled> <report timeout>" control interface events and
unsolicited reports can be sent with "COLOC_INTF_REPORT <hexdump>".

This commit adds support for reporting changes in the collocated
interference (Automatic Report Enabled == 1 and partial 3), but not for
periodic reports (2 and other part of 3).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-30 14:07:51 +02:00
Sunil Dutt
91073ccaaa OWE: Attempt more scans for OWE transition SSID if expected BSS not seen
This commit introduces a threshold for OWE transition BSS selection,
which signifies the maximum number of selection attempts (scans) done
for finding OWE BSS.

This aims to do more scan attempts for OWE BSS and eventually select the
open BSS if the selection/scan attempts for OWE BSS exceed the
configured threshold.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-12 19:59:26 +03:00
Purushottam Kushwaha
cf94626c50 OWE: Do not try to enable PMF for non-RSN associations
Explicitly set the PMF configuration to 0 (NO_MGMT_FRAME_PROTECTION) for
non-RSN associations. This specifically helps with OWE transition mode
when the network block is configured with PMF set to required, but the
BSS selected is in open mode. There is no point to try to enable PMF for
such an association.

This fixes issues with drivers that use the NL80211_ATTR_USE_MFP
attribute to set expectations for PMF use. The combination of non-RSN
connection with claimed requirement for PMF (NL80211_MFP_REQUIRED) could
cause such drivers to reject the connection in OWE transition mode.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-04 00:26:41 +03:00
Beni Lev
077232f603 OCE: Add OCE capability attribute only when associating to an OCE AP
Signed-off-by: Beni Lev <beni.lev@intel.com>
2018-09-02 18:16:30 +03:00
Ankita Bajaj
af835d75b7 FILS: Fix FILS connect failures after ERP key invalidation
If the RADIUS authentication server dropped the cached ERP keys for any
reason, FILS authentication attempts with ERP fails and the previous
wpa_supplicant implementation ended up trying to use the same keys for
all consecutive attempts as well. This did not allow recovery from state
mismatch between the ERP server and peer using full EAP authentication.

Address this by trying to use full (non-FILS) authentication when trying
to connect to an AP using the same ERP realm with FILS-enabled network
profile if the previous authentication attempt had failed. This allows
new ERP keys to be established and FILS authentication to be used again
for the consecutive connections.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-24 16:27:34 +03:00
Jouke Witteveen
1e1245bc8b Fix QoS Mapping ext capab bit setting
Fix the typo in using WPA_DRIVER_FLAGS_QOS_MAPPING to set the QoS Map
bit in Extended Capabilities. The previous implementation ended up
adding this bit even if the driver did not actually indicate support for
the capability.

Signed-off-by: Jouke Witteveen <j.witteveen@gmail.com>
2018-08-12 16:35:31 +03:00
Jouni Malinen
88bf44be42 FT: Fix potential NULL pointer dereference in MDE addition
The bss variable in this function might be NULL, so make the FT MDE
addition case conditional on a BSS entry being available.

Fixes: 3dc3afe298 ("FT: Add MDE to assoc request IEs in connect params")
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 20:16:37 +03:00
Jouni Malinen
8c2715b358 FT: Connection settings for SHA384-based AKM
Extend wpa_supplicant to allow SHA384-based FT AKM to be selected for a
connection.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 19:29:53 +03:00
Jouni Malinen
f5a602168f HS 2.0: Allow OSEN connection to be used in an RSN BSS
This allows a single BSS/SSID to be used for both data connection and
OSU. In wpa_supplicant configuration, the current proto=OSEN
key_mgmt=OSEN combination is now allowing both the old separate OSEN
BSS/IE and the new RSN-OSEN to be used.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-29 23:34:22 +03:00
Jouni Malinen
833bb2ab15 FT: Disable PMKSA caching with FT
PMKSA caching with FT is not fully functional, so disable the case for
now, so that wpa_supplicant does not end up trying to connect with a
PMKSA cache entry from another AKM. FT-EAP was already modified long
time ago to not add PMKSA cache entries itself.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-21 22:18:50 +03:00
Ahmad Masri
86c998d37a FT: Add FT auth algorithm to connect params when roaming
Add WPA FT auth to connect params in case of a re-connection to ESS
supporting FT when FT was used in the first connect.

Signed-off-by: Ahmad Masri <amasri@codeaurora.org>
2018-04-20 00:35:41 +03:00
Ahmad Masri
3dc3afe298 FT: Add MDE to assoc request IEs in connect params
Add MDE (mobility domain element) to Association Request frame IEs in
the driver assoc params. wpa_supplicant will add MDE only if the network
profile allows FT, the selected AP supports FT, and the mobility domain
ID matches.

Signed-off-by: Ahmad Masri <amasri@codeaurora.org>
2018-04-20 00:32:49 +03:00
Jouni Malinen
4204669c69 HS 2.0: Add Roaming Consortium Selection element into AssocReq
This makes wpa_supplicant add Hotspot 2.0 Roaming Consortium Selection
element into (Re)Association Request frames if the network profile
includes roaming_consortium_selection parameter.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-18 01:12:25 +03:00
Dmitry Lebed
37547ad63c wpa_supplicant: Increase authentication timeout if CAC is started
Timeout is increased by dfs_cac_ms from channel data, or by max CAC time
(10 minutes) if dfs_cac_ms is not defined. This is needed for some more
complex cases, e.g., when STA is acting as an active slave with DFS
offload enabled and decided to start CAC after receiving CONNECT
command, in such a case the 10 second timeout is too small and
wpa_supplicant need to wait for CAC completion or CAC timeout (up to 10
minutes).

Without such timeout modification wpa_supplicant will be unable to
connect to an AP on DFS channel, since the default authentication
timeout (10 s) is smaller than the minimum CAC time (60 s).

Tested with nl80211 DFS offload implementation.

Signed-off-by: Dmitry Lebed <dlebed@quantenna.com>
2018-04-15 22:20:49 +03:00
Jouni Malinen
852b2f2738 SAE: Only allow SAE AKMP for PMKSA caching attempts
Explicitly check the PMKSA cache entry to have matching SAE AKMP for the
case where determining whether to use PMKSA caching instead of new SAE
authentication. Previously, only the network context was checked, but a
single network configuration profile could be used with both WPA2-PSK
and SAE, so should check the AKMP as well.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-04-09 19:34:44 +03:00
Jouni Malinen
06b1a10434 SAE: Fix default PMK configuration for PMKSA caching case
The RSN supplicant state machine PMK was set based on WPA PSK even for
the cases where SAE would be used. If the AP allows PMKSA caching to be
used with SAE, but does not indicate the selected PMKID explicitly in
EAPOL-Key msg 1/4, this could result in trying to use the PSK instead of
SAE PMK. Fix this by not setting the WPA-PSK as default PMK for SAE
network profiles and instead, configuring the PMK explicitly from the
found PMKSA cache entry.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-04-09 13:10:08 +03:00
Jouni Malinen
66dbc8d9c3 Add more debug prints for wpa_sm_set_pmk() calls
Couple of these were not preceded by wpa_hexdump_key(PSK) which made it
more difficult to interpret the debug log.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-04-08 19:11:07 +03:00
Davide Caratti
d89edb6112 wpa_supplicant: Don't reply to EAPOL if pkt_type is PACKET_OTHERHOST
When wpa_supplicant is running on a Linux interface that is configured in
promiscuous mode, and it is not a member of a bridge, incoming EAPOL
packets are processed regardless of the Destination Address in the frame.
As a consequence, there are situations where wpa_supplicant replies to
EAPOL packets that are not destined for it.

This behavior seems undesired (see IEEE Std 802.1X-2010, 11.4.a), and can
be avoided by attaching a BPF filter that lets the kernel discard packets
having pkt_type equal to PACKET_OTHERHOST.

Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
2018-04-02 12:21:27 +03:00
Vasyl Vavrychuk
8fb2b35735 Clean up setting of iface->p2p_mgmt flag
Previously we set this flag to one in wpa_supplicant_init_iface() if
Wi-Fi controller does not have a dedicated P2P-interface.

This setting had effect only in scope of wpa_supplicant_init_iface() and
it contradicts with comment to struct wpa_interface::p2p_mgmt field.
This comment says that this flag is used only if Wi-Fi controller has
dedicated P2P-device interface.

Also it contradicts with usage of similiar p2p_mgmt field in struct
wpa_supplicant. Again struct wpa_supplicant::p2p_mgmt is set only for
dedicated P2P-device interface.

After this change wpa_interface become input argument to
wpa_supplicant_init_iface() that we are not modifying.

Signed-off-by: Vasyl Vavrychuk <vvavrychuk@gmail.com>
2018-04-02 12:13:59 +03:00
Masashi Honma
e480212765 dbus: Add FILS to global capabilities
If any of the interfaces supports FILS (and similarly for FILS-SK-PFS),
include the "fils" (and "fils_sk_pfs") capability in D-Bus information.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2018-04-02 11:56:06 +03:00
Jouni Malinen
6a252ece24 DPP: Fix GAS query removal race condition on DPP_STOP_LISTEN
If a DPP_STOP_LISTEN call happens to be received when there is a pending
gas-query radio work that has not yet been started, it was possible for
gas_query_stop() to go through gas_query_done() processing with
gas->work == NULL and that ended up with the pending GAS query getting
freed without removing the pending radio work that hold a reference to
the now freed memory. Fix this by removing the pending non-started radio
work for the GAS query in this specific corner case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-02-07 18:03:58 +02:00
Jouni Malinen
3bd35b6816 wpa_supplicant: Fix parsing errors on additional config file
If the -I<config> argument is used and the referenced configuration file
cannot be parsed, wpa_config_read() ended up freeing the main
configuration data structure and that resulted in use of freed memory in
such an error case. Fix this by not freeing the main config data and
handling the error case in the caller.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-02-04 12:20:13 +02:00
Jouni Malinen
9f8d459d4c OWE: Fix association IEs for transition mode open AP connection
The special case of returning from wpa_supplicant_set_suites() when OWE
transition mode profile is used for an open association did not clear
the wpa_ie buffer length properly. This resulted in trying to use
corrupted IEs in the association request and failed association
(cfg80211 rejects the request or if the request were to go out, the AP
would likely reject it).

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-02-04 11:55:01 +02:00
Sunil Dutt
5ff39c1380 SAE: Support external authentication offload for driver-SME cases
Extend the SME functionality to support the external authentication.
External authentication may be used by the drivers that do not define
separate commands for authentication and association
(~WPA_DRIVER_FLAGS_SME) but rely on wpa_supplicant's SME for the
authentication.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-02-02 21:17:55 +02:00
Jouni Malinen
c1790a5ff8 OWE: Allow station in transition mode to connect to an open BSS
If the OWE network profile matches an open network which does not
advertise OWE BSS, allow open connection. The new owe_only=1 network
profile parameter can be used to disable this transition mode and
enforce connection only with OWE networks.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-21 11:13:01 +02:00
Jouni Malinen
2cb40e9f40 OWE: Try all supported DH groups automatically on STA
If a specific DH group for OWE is not set with the owe_group parameter,
try all supported DH groups (currently 19, 20, 21) one by one if the AP
keeps rejecting groups with the status code 77.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-27 21:06:02 +02:00
vamsi krishna
d98038bb05 FILS: Driver configuration to disable/enable FILS features
The new disable_fils parameter can be used to disable FILS functionality
in the driver. This is currently removing the FILS Capability bit in
Extended Capabilities and providing a callback to the driver wrappers.
driver_nl80211.c implements this using a QCA vendor specific command for
now.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-15 20:52:17 +02:00
Jouni Malinen
5f30b69cde OWE: Allow DH Parameters element overriding with driver SME
Commit 265bda3444 ('OWE: Allow DH
Parameters element to be overridden for testing purposes') provided
means for using "VENDOR_ELEM_ADD 13 <IE>" in OWE protocol testing, but
that commit covered only the sme.c case (i.e., drivers that use
wpa_supplicant SME). Extend this to cover drivers that use internal SME
(e.g., use the nl80211 Connect command).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-11 13:59:55 +02:00
Jouni Malinen
7ed5337d8c Fix a typo in a debug message
This radio_work_free() message was missing the closing parenthesis.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-22 17:21:57 +03:00
Vidyullatha Kanchanapally
6338c99efa FILS: Send updated connection parameters to drivers if needed
After an initial connection wpa_supplicant derives ERP information which
can be used in doing eventual authentications in the same realm. This
information can be used by drivers with offloaded FILS support to do
driver/firmware initiated roamings. Add support to send this updated
information to such drivers.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 01:19:42 +03:00
Vidyullatha Kanchanapally
d2ba0d719e Move assoc param setting into a helper function
This is needed to be able to use the same implementation for updating
the connection parameters in the driver during an association.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 01:19:42 +03:00
Jouni Malinen
daa4096084 Allow last (Re)Association Request frame to be replayed for testing
The new wpa_supplicant RESEND_ASSOC command can be used to request the
last (Re)Association Request frame to be sent to the AP to test FT
protocol behavior.

This functionality is for testing purposes and included only in builds
with CONFIG_TESTING_OPTIONS=y.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 17:47:24 +03:00
Jouni Malinen
a0bf1b68c0 Remove all PeerKey functionality
This was originally added to allow the IEEE 802.11 protocol to be
tested, but there are no known fully functional implementations based on
this nor any known deployments of PeerKey functionality. Furthermore,
PeerKey design in the IEEE Std 802.11-2016 standard has already been
marked as obsolete for DLS and it is being considered for complete
removal in REVmd.

This implementation did not really work, so it could not have been used
in practice. For example, key configuration was using incorrect
algorithm values (WPA_CIPHER_* instead of WPA_ALG_*) which resulted in
mapping to an invalid WPA_ALG_* value for the actual driver operation.
As such, the derived key could not have been successfully set for the
link.

Since there are bugs in this implementation and there does not seem to
be any future for the PeerKey design with DLS (TDLS being the future for
DLS), the best approach is to simply delete all this code to simplify
the EAPOL-Key handling design and to get rid of any potential issues if
these code paths were accidentially reachable.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 02:03:47 +03:00
Jouni Malinen
a34ca59e4d SAE: Allow SAE password to be configured separately (STA)
The new sae_password network profile parameter can now be used to set
the SAE password instead of the previously used psk parameter. This
allows shorter than 8 characters and longer than 63 characters long
passwords to be used.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-11 23:24:19 +03:00
Jouni Malinen
109704657d OWE: Support station SME-in-driver case
Previously, only the SME-in-wpa_supplicant case was supported. This
extends that to cover the drivers that implement SME internally (e.g.,
through the cfg80211 Connect command).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-09 12:35:14 +03:00
Jouni Malinen
e8b9649012 OWE: Transition mode support on station side
Add support for using the OWE Transition Mode element to determine the
hidden SSID for an OWE BSS that is used in transition mode.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-08 17:12:35 +03:00
Jouni Malinen
675112df1b OWE: Set PMK length properly on supplicant side
sm->pmk_len was not set when deriving the PMK as part of OWE key
generation. This depending on wpa_sm_set_pmk_from_pmksa() call resetting
the value to the default. While this worked for many cases, this is not
correct and can have issues with network profile selection based on
association information. For example, the OWE transition mode cases
would hit an issue here.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-08 17:12:35 +03:00
Jouni Malinen
61a56c1480 Add group_mgmt network parameter for PMF cipher selection
The new wpa_supplicant network parameter group_mgmt can be used to
specify which group management ciphers (AES-128-CMAC, BIP-GMAC-128,
BIP-GMAC-256, BIP-CMAC-256) are allowed for the network. If not
specified, the current behavior is maintained (i.e., follow what the AP
advertises). The parameter can list multiple space separate ciphers.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-26 17:40:02 +03:00
Lior David
3c7863f812 wpa_supplicant: Support dynamic update of wowlan_triggers
Previously, wowlan_triggers were updated in kernel only during startup.
Also update it whenever it is set from the control interface.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-13 22:17:58 +03:00
Jouni Malinen
2efc672075 Fix RSN pre-authentication regression with pre-connection scan results
The introduction of radio works and a delayed callback to complete
association/connection requests ended up breaking RSN pre-authentication
candidate list generation for the case of pre-connection scan results.
Previously, wpa_supplicant_associate() set the RSN state machine
configuration before returning and the calls to
wpa_supplicant_rsn_preauth_scan_results() immediately after this
function call were working fine. However, with the radio work callback,
the RSN state machine configuration started to happen only in that
callback which would be called soon after this code path has completed.
This resulted in the RSN state machine not knowing the selected SSID and
as such, rejecting all pre-authentication candidates.

Fix this by setting the RSN state machine configuration from
wpa_supplicant_associate() so that the existing callers of
wpa_supplicant_rsn_preauth_scan_results() can be used as-is to add
candidates for pre-authentication.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-12 16:47:02 +03:00
Adiel Aloni
2c66c7d115 wpa_supplicant: Check length when building ext_capability in assoc_cb
When building wpa_ie in wpas_start_assoc_cb() with ext_capab,
make sure that assignment does not exceed max_wpa_ie_len.

Signed-off-by: Adiel Aloni <adiel.aloni@intel.com>
2017-09-10 22:16:06 +03:00
Saurav Babu
a39b040b4c dbus: Add MeshGroupRemoved signal
This is similar to the control interface event MESH-GROUP-REMOVED.

Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
2017-09-09 14:12:33 +03:00
Saurav Babu
89e9cd25d2 dbus: Add MeshGroupStarted signal
This introduces a new interface for mesh and adds a signal that
is similar to the control interface event MESH-GROUP-STARTED.

Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
2017-09-09 14:01:14 +03:00
Ashwini Patil
332aadb8a2 STA: Add OCE capability indication attribute
Add OCE capability indication attribute in Probe Request and
(Re)Association Request frames.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-14 21:19:53 +03:00
Vidyullatha Kanchanapally
b377ec2585 FILS: Fix issuing FILS connect to a non-FILS AP in driver-FILS case
If an AP is not FILS capable and wpa_supplicant has a saved network
block for the network with FILS key management and a saved erp info,
wpa_supplicant might end up issuing a FILS connection to a non-FILS AP.
Fix this by looking for the presence of FILS AKMs in wpa_s->key_mgmt,
i.e., after deciding on the AKM suites to use for the current
connection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-14 21:11:35 +03:00
Ashwini Patil
b04854ceff nl80211/MBO: Set temporary disallowed BSSID list to driver
Set temporary disallowed BSSID list to the driver so that the driver
doesn't try to connect to any of the blacklisted BSSIDs during
driver-based roaming operation. This commit includes support only for
the nl80211 driver interface using a QCA vendor command for this.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-30 17:27:44 +03:00
Jouni Malinen
a0d5c56f8b DPP: Network Introduction protocol for wpa_supplicant
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 21:13:59 +03:00
Jouni Malinen
567da5bbd0 DPP: Add new AKM
This new AKM is used with DPP when using the signed Connector to derive
a PMK. Since the KCK, KEK, and MIC lengths are variable within a single
AKM, this needs number of additional changes to get the PMK length
delivered to places that need to figure out the lengths of the PTK
components.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 21:13:17 +03:00
Jouni Malinen
461d39af40 DPP: Configuration exchange
This adds support for DPP Configuration Protocol using GAS. Full
generation and processing of the configuration object is not included in
this commit.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 21:13:15 +03:00
Jouni Malinen
be27e185b7 DPP: Bootstrap information management
Add wpa_supplicant control interface commands for parsing the bootstrap
info URI from a QR Code (get peer public key) and to generate a new
bootstrap info with private key for local use. The optional
key=<hexdump> argument to the DPP_BOOTSTRAP_GEN command can be used to
specify the bootstrapping private key in OpenSSL ECPrivateKey DER
encoding format. This results in the local bootstrapping information
entry being created with the specified key instead of generating a new
random one.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 12:03:30 +03:00
Vidyullatha Kanchanapally
b5db6e5dc4 eap_proxy: Support multiple SIMs in get_imsi()
This allows the eap_proxy mechanism to be used with multiple SIMs by
following the configured sim_num to index which SIM to use for when
fetching the IMSI through eap_proxy.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-06 03:42:32 +03:00
Vasanthakumar Thiagarajan
aa56e36d66 driver: Make DFS domain information available to core
Current DFS domain information of the driver can be used in ap/dfs
to comply with DFS domain specific requirements like uniform spreading
for ETSI domain.

Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qti.qualcomm.com>
2017-05-13 20:01:44 +03:00
Purushottam Kushwaha
43a356b268 Provide option to configure BSSID hint for a network
This exposes user configurable option to set bssid_hint for a network.
bssid_hint indicates which BSS has been found a suitable candidate for
initial association for drivers that use driver/firmware-based BSS
selection. Unlike the bssid parameter, bssid_hint does not limit the
driver from selecting other BSSs in the ESS.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-05-12 00:20:59 +03:00
Sunil Dutt
0661163eff Do not blacklist the current AP on DISABLE_NETWORK
Disconnection due to DISABLE_NETWORK while being connected was resulting
in the AP getting blacklisted. Avoid this by setting own_disconnect_req
on a disconnect request due to DISABLE_NETWORK similarly to the
SELECT_NETWORK disconnection case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-29 17:46:36 +03:00
Vidyullatha Kanchanapally
da6a28ba60 FILS: Specify if FILS HLP was sent in connect
This adds a string "FILS_HLP_SENT" to connect event when HLP is sent
as part of ASSOC/CONNECT request.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-29 16:35:23 +03:00
Vidyullatha Kanchanapally
a38090b16d FILS: Add HLP to Connect IEs
Add FILS HLP elements to Connect IEs and fragment them if necessary.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-29 16:35:21 +03:00
Vidyullatha Kanchanapally
1e6780bda9 Allocate dynamic memory for connect IEs
This is needed to allow new elements (e.g., FILS HLP request) to be
added.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-29 16:34:48 +03:00
Vidyullatha Kanchanapally
5538fc9309 FILS: Track completion with FILS shared key authentication offload
Update the internal fils_completed state when offloading FILS shared key
authentication to the driver.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-07 18:46:13 +03:00
Vidyullatha Kanchanapally
8b0a6dba87 FILS: Connect request for offloaded FILS shared key authentication
Add FILS/ERP parameters into the driver connect command to support FILS
shared key authentication offload.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-07 18:46:13 +03:00
Vidyullatha Kanchanapally
79f3121bb4 FILS: Set cache identifier in current PMKSA entry for driver-SME case
This was already done in sme_send_authentication() for the case where
wpa_supplicant SME is used. Similar change is needed for driver-SME to
allow FILS authentication to be offloaded to the driver.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-07 18:46:13 +03:00
Jouni Malinen
a1ea1b4522 OWE: Define and parse OWE AKM selector
This adds a new RSN AKM "OWE".

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-12 19:24:11 +02:00
Jouni Malinen
88a447556e Fix SELECT_NETWORK freq parameter
This functionality was originally added in commit
204c9ac4ee ('Extend select_network command
with freq= to reduce scan time') re-using wpa_s->manual_scan_freqs and
MANUAL_SCAN_REQ. That got broken when commit
35d403096e ('Set NORMAL_SCAN_REQ on
SELECT_NETWORK/ENABLE_NETWORK') started overriding wpa_s->scan_req for
SELECT_NETWORK.

Fix this by adding a new scan frequency list specifically for
SELECT_NETWORK so that this does not need to depend on any specific
wpa_s->scan_req value.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-26 12:05:40 +02:00
Jouni Malinen
869af30728 FILS: Use FILS Cache Identifier to extend PMKSA applicability
This allows PMKSA cache entries for FILS-enabled BSSs to be shared
within an ESS when the BSSs advertise the same FILS Cache Identifier
value.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-26 12:05:40 +02:00
Masashi Honma
025c6a47fb VHT: Remove a redundant check
This check is already done in ibss_mesh_setup_freq().

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-02-19 16:01:17 +02:00
Jouni Malinen
c6c41f6ea6 FT: Support addition of RIC elements into Reassociation Request frame
The new "SET ric_ies <hexdump>" control interface command can now be
used to request wpa_supplicant to add the specified RIC elements into
Reassociation Request frame when using FT protocol. This is mainly for
testing purposes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-18 21:39:01 +02:00
Jouni Malinen
c06fca04fd Add wpa_supplicant SET get_pref_freq_list_override
This can be used to override driver get_pref_freq_list() operation for
more convenient testing of preferred frequency list functionality.

Override string format:
<if_type1>:<freq1>,<freq2>,... <if_type2>:...

if_type: 0=STATION, 2=AP, 3=P2P_GO, 4=P2P_CLIENT, 8=TDLS, 9=IBSS

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-16 12:08:22 +02:00
Paul Stewart
ed9b1c16d5 EAP peer: Cache decrypted requests for EAP-SIM/AKA/AKA'
Add an internal flag which indicates to tunneled EAP methods (FAST,
PEAP, TTLS) that they should cache decrypted EAP-SIM/AKA/AKA' requests.
This allows EAP-SIM/AKA/AKA' to be tunneled within these outer methods
while using an external SIM authenticator over the control interface.

Signed-off-by: Paul Stewart <pstew@google.com>
2017-02-10 19:48:12 +02:00
Jouni Malinen
4c6f450cad Add radio_work_is_connect() helper
This avoids duplicated code to check for different types of connection
radio work items.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-07 23:58:56 +02:00
Sunil Dutt
85b6b6b6e1 Serialize scan/p2p-scan if already scheduled on the same interface
The current implementation of QCA vendor scan does not handle the
simultaneous scan/p2p-scan operations on the same interface due to
missing support for tracking multiple scan cookie values. Hence
serialize such operations on the same interface for now.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-07 23:58:55 +02:00