Commit Graph

283 Commits

Author SHA1 Message Date
Purushottam Kushwaha
8179ae3a2a DPP: Support retrieving of configurator's private key
To retain configurator information across hostapd/wpa_supplicant
restart, private key need to be maintained to generate a valid pair of
authentication keys (connector, netaccess_key, csign) for new enrollees
in the network.

Add a DPP_CONFIGURATOR_GET_KEY control interface API through which the
private key of an existing configurator can be fetched.

Command format:
DPP_CONFIGURATOR_GET_KEY <configurator_id>

The output from this command can then be used with
"DPP_CONFIGURATOR_ADD key=<hexdump>" to create the same key again.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-16 20:55:32 +02:00
Danilo Ravotto
19e20c14fb Add ap_isolate configuration option for wpa_supplicant AP mode
Allow client isolation to be configured with ap_isolate inside
wpa_supplicant configuration file.

Signed-off-by: Danilo Ravotto <danilo.ravotto@zirak.it>
2018-02-17 17:48:31 +02:00
Simon Dinkin
c6096c6eef wpa_cli: Enable add/remove/get vendor elements without P2P
This functionality can be used regardless of P2P and should not be under
the ifdef of CONFIG_P2P.

Signed-off-by: Simon Dinkin <simon.dinkin@tandemg.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2018-02-03 12:44:20 +02:00
Jouni Malinen
66b9f3ca8a wpa_cli: Fix cred_fields[] declaration
This was supposed to be an array of const-pointers to const-char; not
something duplicating const for char and resulting in compiler warnings
with more recent gcc versions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-02-03 12:08:09 +02:00
Mikael Kanstrup
12bce14b10 wpa_cli: Add completion for get/set cred commands
Add command completion support for get_cred and set_cred commands.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sony.com>
2017-12-16 13:23:52 +02:00
Jouni Malinen
a0bf1b68c0 Remove all PeerKey functionality
This was originally added to allow the IEEE 802.11 protocol to be
tested, but there are no known fully functional implementations based on
this nor any known deployments of PeerKey functionality. Furthermore,
PeerKey design in the IEEE Std 802.11-2016 standard has already been
marked as obsolete for DLS and it is being considered for complete
removal in REVmd.

This implementation did not really work, so it could not have been used
in practice. For example, key configuration was using incorrect
algorithm values (WPA_CIPHER_* instead of WPA_ALG_*) which resulted in
mapping to an invalid WPA_ALG_* value for the actual driver operation.
As such, the derived key could not have been successfully set for the
link.

Since there are bugs in this implementation and there does not seem to
be any future for the PeerKey design with DLS (TDLS being the future for
DLS), the best approach is to simply delete all this code to simplify
the EAPOL-Key handling design and to get rid of any potential issues if
these code paths were accidentially reachable.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 02:03:47 +03:00
Sunil Dutt
63bc0ab0ed P2P: Allow GO to advertise Interworking element
This adds new wpa_supplicant configuration parameters (go_interworking,
go_access_network_type, go_internet, go_venue_group, go_venue_type) to
add a possibility of configuring the P2P GO to advertise Interworking
element.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-05 14:42:16 +03:00
Dmitry Shmidt
51143af7e7 wpa_cli: Fix global control interface for STA-FIRST/STA-NEXT
If global control interface is used and wlan doesn't support P2P,
   wpa_s->global->p2p == NULL, and log shows:
wpa_supplicant: Failed to create interface p2p-dev-wlan0: -5 (I/O error)
wpa_supplicant: nl80211: Failed to create a P2P Device interface p2p-dev-wlan0
wpa_supplicant: P2P: Failed to enable P2P Device interface

Then STA-FIRST/STA-NEXT is not going to redirect to any interface,
making update_stations(ctrl_conn) is stuck in never-ending loop:

sendto(3, "STA-FIRST", 9, 0, NULL, 0)   = 9
pselect6(4, [3], NULL, NULL, {10, 0}, NULL) = 1 (in [3], left {9, 999995000})
recvfrom(3, "UNKNOWN COMMAND\n", 4095, 0, NULL, NULL) = 16
sendto(3, "STA-NEXT UNKNOWN COMMAND", 24, 0, NULL, 0) = 24
pselect6(4, [3], NULL, NULL, {10, 0}, NULL) = 1 (in [3], left {9, 999995833})
recvfrom(3, "UNKNOWN COMMAND\n", 4095, 0, NULL, NULL) = 16
sendto(3, "STA-NEXT UNKNOWN COMMAND", 24, 0, NULL, 0) = 24
pselect6(4, [3], NULL, NULL, {10, 0}, NULL) = 1 (in [3], left {9, 999995000})
recvfrom(3, "UNKNOWN COMMAND\n", 4095, 0, NULL, NULL) = 16
sendto(3, "STA-NEXT UNKNOWN COMMAND", 24, 0, NULL, 0) = 24

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2017-07-17 14:54:42 +03:00
Jouni Malinen
623f95685d DPP: Allow wpa_cli DPP_CONFIGURATOR_ADD without arguments
All the arguments to this command are optional, so do not mandate at
least one to be included in wpa_cli.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-04 15:38:52 +03:00
Jouni Malinen
500ed7f006 DPP: PKEX bootstrapping
This implements genric PKEX functionality in src/common/dpp.c and glue
code to use this in wpa_supplicant (i.e, hostapd DPP implementation does
not yet support PKEX).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 09:35:00 +03:00
Jouni Malinen
6a7182a9c3 DPP: Add DPP_BOOTSTRAP_INFO command
This can be used to fetch parsed details on bootstrapping information.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-22 14:51:21 +03:00
Jouni Malinen
9beb2892de DPP: Add wpa_cli commands for DPP operations
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 21:13:17 +03:00
Masashi Honma
31a856a127 mesh: Make NL80211_MESHCONF_RSSI_THRESHOLD configurable
In some practical cases, it is useful to suppress joining to node in the
distance. The new field mesh_rssi_threshold could be used as RSSI
threshold for joining.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-05-08 16:23:02 +03:00
Johannes Berg
b07ff9cb04 wpa_supplicant: Allow disabling HT in AP mode without HT overrides
Since VHT can be toggled explicitly, also expose being able to disable
HT explicitly, without requiring HT overrides. Continue making it
default to enabled though.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-03-11 11:11:55 +02:00
Johannes Berg
2124a615e3 wpa_supplicant: Allow explicit wide channel configuration for AP mode
Instead of deducing the wide (HT, VHT) channel configuration only
automatically in P2P mode, allow it to be configured in the network
in non-P2P mode.

Also allow all of these parameters to be configured through the control
interface or the configuration file.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-03-11 10:59:51 +02:00
Jörg Krause
57ee04dc7d wpa_cli: Execute action file in case of WPS_EVENT_TIMEOUT
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
2017-03-11 10:58:28 +02:00
Jörg Krause
6252b981d9 wpa_cli: Execute action file in case of WPS_EVENT_ACTIVE
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
2017-03-11 10:58:10 +02:00
Avraham Stern
e97d15b733 wpa_cli: Update wnm_bss_query auto complete message
It is now possible to add neighbor configuration to wnm_bss_query.
Update the auto complete message to reflect that.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2017-03-11 10:49:08 +02:00
Purushottam Kushwaha
d0330d57f3 nl80211: Add option to delay start of schedule scan plans
The userspace may want to delay the the first scheduled scan.
This enhances sched_scan to add initial delay (in seconds) before
starting first scan cycle. The driver may optionally choose to
ignore this parameter and start immediately (or at any other time).

This uses NL80211_ATTR_SCHED_SCAN_DELAY to add this via user
global configurable option: sched_scan_start_delay.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-09 15:44:26 +02:00
vamsi krishna
57c3a605ce Add support to sched scan to report relatively better BSSs
Add support to set sched scan relative RSSI parameters so that the
drivers can report BSSs after relative comparision with the current
connected BSS. This feature is applicable only when in connected mode.

The below commands can be used to configure relative RSSI parameters
SET relative_rssi <disable|rssi_value>
	disable - to disable the feature
	rssi_value - amount of relative RSSI in dB
SET relative_band_adjust <band:adjust_value>
	band - "2G" or "5G" for 2.4 GHz or 5 GHz respectively
	adjust_value - amount of RSSI to be adjusted in dB

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-10 19:48:12 +02:00
Masashi Honma
4d77d80edd mesh: Add MESH_PMKSA_GET/ADD commands
These commnds are mesh version of PMKSA_GET/ADD commands. So the usage
and security risk is similar to them. Refer to
commit 3459381dd2 ('External persistent
storage for PMKSA cache entries') also.

The MESH_PMKSA_GET command requires peer MAC address or "any" as an
argument and outputs appropriate stored PMKSA cache. And the
MESH_PMKSA_ADD command receives an output of MESH_PMKSA_GET and re-store
the PMKSA cache into wpa_supplicant. By using re-stored PMKSA cache,
wpa_supplicant can skip commit message creation which can use
significant CPU resources.

The output of the MESH_PMKSA_GET command uses the following format:
<BSSID> <PMKID> <PMK> <expiration in seconds>

The example of MESH_PMKSA_ADD command is this.
MESH_PMKSA_ADD 02:00:00:00:03:00 231dc1c9fa2eed0354ea49e8ff2cc2dc cb0f6c9cab358a8146488566ca155421ab4f3ea4a6de2120050c149b797018fe 42930
MESH_PMKSA_ADD 02:00:00:00:04:00 d7e595916611640d3e4e8eac02909c3c eb414a33c74831275f25c2357b3c12e3d8bd2f2aab6cf781d6ade706be71321a 43180

This functionality is disabled by default and can be enabled with
CONFIG_PMKSA_CACHE_EXTERNAL=y build configuration option.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-01-14 18:07:46 +02:00
Jouni Malinen
6774c6a9fe Update copyright notices for the new year 2017
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-03 15:18:30 +02:00
Masashi Honma
67129ab9ec wpa_cli: Add commands to use PMKSA_GET/ADD
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-12-30 23:59:34 +02:00
Badrish Adiga H R
65dfa87286 mka: Make MKA actor priority configurable
This adds a new wpa_supplicant network profile parameter
mka_priority=0..255 to set the priority of the MKA Actor.

Signed-off-by: Badrish Adiga H R <badrish.adigahr@gmail.com>
2016-12-25 11:41:46 +02:00
Sabrina Dubroca
e0d9fd344d wpa_supplicant: Allow configuring the MACsec port for MKA
Previously, wpa_supplicant only supported hardcoded port == 1 in the
SCI, but users may want to choose a different port.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-11-20 00:35:31 +02:00
Sabrina Dubroca
7b4d546e3d wpa_supplicant: Add macsec_integ_only setting for MKA
So that the user can turn encryption on (MACsec provides
confidentiality+integrity) or off (MACsec provides integrity only). This
commit adds the configuration parameter while the actual behavior change
to disable encryption in the driver is handled in the following commit.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-11-20 00:35:16 +02:00
Jouni Malinen
a2675b3232 wpa_cli: Mark number of char *cmd constant
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-10-16 12:30:32 +03:00
Mikael Kanstrup
c43cf332c0 wpa_cli: Add completion for ssid config commands
Add network id command completion support for identity, password,
new_password, pin, otp, passphrase, sim and bssid commands.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2016-10-16 12:29:39 +03:00
Mikael Kanstrup
624259d4b7 wpa_cli: Add completion for sta, deauthenticate and disassociate
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2016-10-16 12:28:42 +03:00
Mikael Kanstrup
4c43f44b29 cli: Add list_sta command
Add list_sta command to print addresses of all stations. Command
added to both wpa_cli and hostapd_cli.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2016-10-16 12:28:02 +03:00
Mikael Kanstrup
02adead53e Add ignore_auth_resp control interface debug parameter
Implement "SET ignore_auth_resp <0/1>" command to simulate auth/assoc
response loss and EAPOL RX packet loss by ignoring corresponding
incoming events.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2016-09-23 17:36:55 +03:00
Jouni Malinen
ac81b3948b cli: Share a common tokenize_cmd() implementation
wpa_cli and hostapd_cli had identical copies of this function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-08-06 12:46:39 +03:00
Jouni Malinen
a6d56a3965 wpa_cli: Replace str_match() with common str_starts()
str_match() was identical in behavior to str_starts().

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-08-06 12:44:51 +03:00
Jouni Malinen
980afcce53 cli: Share a common write_cmd() implementation
wpa_cli and hostapd_cli had identical copies of this function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-08-06 12:41:56 +03:00
Jouni Malinen
fcc84b48b2 cli: Share a common get_cmd_arg_num() implementation
wpa_cli and hostapd_cli had identical copies of this function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-08-06 12:39:56 +03:00
Jouni Malinen
e55df99ee6 Share a single str_starts() implementation
No need to define this as a static function in multiple files.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-08-06 12:38:21 +03:00
Mikael Kanstrup
23c130e9b7 Use a common license string for hostapd_cli and wpa_cli
Move the license strings for hostapd_cli and wpa_cli to common.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2016-08-06 12:34:25 +03:00
Mikael Kanstrup
977c0796f9 Move parts of wpa_cli to a new common file
In preparation for adding further command completion support
to hostapd_cli move some cli related utility functions out of
wpa_cli into a new common cli file.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2016-08-06 12:25:58 +03:00
Mikael Kanstrup
003fe581a3 wpa_cli: Implement completion routine for get_capability
Add command completion routine for get_capability command.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2016-08-06 11:18:04 +03:00
Erik Ljungberg
4d7aab78bd Make driver flags available through control interface
This shows the current set of driver flags in wpa_cli and hostapd_cli.

Signed-off-by: Erik Ljungberg <erik.ljungberg@sonymobile.com>
2016-07-23 20:46:20 +03:00
Peng Xu
a6f5b1937a P2P: Allow P2P listen being offloaded to the driver/firmware
This allows P2P Listen to be offloaded to device to enhance power
saving.

To start P2P listen offload, from wpa_cli interface, issue the command:
	p2p_lo_start <freq> <period> <interval> <count>

To stop P2P listen offload, issue the command:
	p2p_lo_stop

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-07-03 22:36:58 +03:00
Jörg Krause
8960afa4bf wpa_cli: Run action file in case of an AP event
Run the action script in case of AP events "AP-ENABLED" and
"AP-DISABLED".

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
2016-05-23 21:22:36 +03:00
Lior David
b6317b417f wpa_supplicant: Add wps_disabled parameter to network block
Add a new parameter wps_disabled to network block (wpa_ssid). This
parameter allows WPS functionality to be disabled in AP mode.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-05-14 19:43:30 +03:00
Purushottam Kushwaha
57b38882e5 P2P: Add P2P_GROUP_MEMBER command to fetch client interface address
This allows local GO to fetch the P2P Interface Address of a P2P Client
in the group based on the P2P Device Address for the client. This
command should be sent only on a group interface (the same peer may be
in multiple concurrent groups).

Usage:
P2P_GROUP_MEMBER <P2P Device Address>

Output:
<P2P Interface Address>

Signed-off-by: Purushottam Kushwaha <pkushwah@qti.qualcomm.com>
2016-04-19 00:41:16 +03:00
David Spinadel
d41a5352fe wpa_supplicant: Add LCI and civic request to Neighbor Report Request
Add an option to request LCI and Location Civic Measurement in Neighbor
Report Request frame, as described in IEEE P802.11-REVmc/D5.0, 9.6.7.6.

Note: This changes the encoding format of the NEIGHBOR_REP_REQUEST
ssid=<val> parameter. This used to be parsed as raw SSID data which is
problematic for accepting additional parameters. The new encoding allows
either a string within double-quotation marks or a hexdump of the raw
SSID.

Thew new format:
NEIGHBOR_REP_REQUEST [ssid=<SSID>] [lci] [civic]

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-16 21:05:39 +03:00
Masashi Honma
9f2cf23e2e mesh: Add support for PMKSA caching
This patch add functionality of mesh SAE PMKSA caching. If the local STA
already has peer's PMKSA entry in the cache, skip SAE authentication and
start AMPE with the cached value.

If the peer does not support PMKSA caching or does not have the local
STA's PMKSA entry in the cache, AMPE will fail and the PMKSA cache entry
of the peer will be removed. Then STA retries with ordinary SAE
authentication.

If the peer does not support PMKSA caching and the local STA uses
no_auto_peer=1, the local STA can not retry SAE authentication because
NEW_PEER_CANDIDATE event cannot start SAE authentication when
no_auto_peer=1. So this patch extends MESH_PEER_ADD command to use
duration(sec). Throughout the duration, the local STA can start SAE
authentication triggered by NEW_PEER_CANDIDATE even though
no_auto_peer=1.

This commit requires commit 70c93963ed
('SAE: Fix PMKID calculation for PMKSA cache'). Without that commit,
chosen PMK comparison will fail.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-03-20 17:56:38 +02:00
Masashi Honma
2604edbfbd mesh: Add MESH_PEER_ADD command
This allows a mesh peer connection to be initiated manually in
no_auto_peer mesh networks.

Signed-off-by: Natsuki Itaya <Natsuki.Itaya@jp.sony.com>
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-03-20 17:37:53 +02:00
Masashi Honma
e174ef341b mesh: Add MESH_PEER_REMOVE command
This command allows the specified mesh peer to be disconnected.

Signed-off-by: Natsuki Itaya <Natsuki.Itaya@jp.sony.com>
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-03-20 17:37:53 +02:00
Ilan Peer
3c58df7ae7 wpa_cli: Support running action script on global control interface
In case wpa_cli is started with an option to execute an action script,
but no interface is specified, wpa_cli might crash in wpa_cli_exec() if
arg1 == NULL. Fix this be setting arg1 = "global".

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2016-03-03 16:30:28 +02:00
Avraham Stern
9a493fab73 WNM: Add candidate list to BSS transition query
Add an option to configure a candidate list to BSS transition query
("list" as the second argument to WNM_BSS_QUERY). The candidate list is
built from the available scan results. If no updated scan results (< 10
sec) are available, the command fails.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-02-22 19:53:04 +02:00