Commit Graph

534 Commits

Author SHA1 Message Date
Jouni Malinen
6a31440b86 Fix LCI request subelement processing
Commit 4a742011ab ('wpa_supplicant: Handle
LCI request') introduced LCI request parsing in a manner that
incremented the request pointer by four within
wpas_rrm_build_lci_report() without decrementing len correspondingly.
This could potentially result in get_ie() reading four octets beyond the
buffer if a corrupted request is received. This would be applicable only
if the LCI reporting was enabled explicitly ("SET LCI ..." control
interface command).

Fix this by updating the len variable to match the request pointer
changes.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-01-03 15:18:29 +02:00
vamsi krishna
065c029a55 Remove MBO dependency from Supported Operating Classes element
Supported Operating Classes element and its use is define in the IEEE
802.11 standard and can be sent even when MBO is disabled in the build.
As such, move this functionality out from the CONFIG_MBO=y only mbo.c.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-11 22:07:58 +02:00
Jouni Malinen
a1836de64b SME: Fix IBSS setup after shared key/FT/FILS association
wpa_s->sme.auth_alg could have been left to a previously value other
than WPA_AUTH_ALG_OPEN if IBSS network is used after an association that
used shared key, FT, or FILS authentication algorithm. This could result
in the IBSS setup failing due to incorrect authentication processing
steps.

Fix this by setting wpa_s->sme.auth_alg = WPA_AUTH_ALG_OPEN whenever
starting an IBSS (or mesh, for that matter) network.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-11 18:23:13 +02:00
Sabrina Dubroca
ad51731abf wpa_supplicant: Allow pre-shared (CAK,CKN) pair for MKA
This enables configuring key_mgmt=NONE + mka_ckn + mka_cak.
This allows wpa_supplicant to work in a peer-to-peer mode, where peers
are authenticated by the pre-shared (CAK,CKN) pair. In this mode, peers
can act as key server to distribute keys for the MACsec instances.

This is what some MACsec switches support, and even without HW
support, it's a convenient way to setup a network.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-11-20 00:35:08 +02:00
Jouni Malinen
81a10a9442 Do not try to start/join RSN IBSS without CONFIG_IBSS_RSN=y
Previously, a build without IBSS RSN support tried to start/join an IBSS
even if the profile was configured with RSN parameters. This does not
work and resulted in quite confusing debug log. Make this clearer by
explicitly checking for this case and reject the connection attempt with
a clearer debug log entry instead of trying something that is known to
fail.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-28 19:33:20 +03:00
Benjamin Richter
5d30f927ea wpa_supplicant: Restore permanent MAC address on reassociation
With mac_addr=0 and preassoc_mac_addr=1, the permanent MAC address
should be restored for association. Previously this did not happen when
reassociating to the same ESS.

Signed-off-by: Benjamin Richter <br@waldteufel.eu>
2016-10-16 11:44:34 +03:00
Jouni Malinen
4b5b8a53a1 WPS: Force BSSID for WPS provisioning step connection
This was already done for most driver cases, but it is possible that the
BSSID/frequency is not forced if the driver reports BSS selection
capability (e.g., NL80211_ATTR_ROAM_SUPPORT). That could potentially
result in the driver ignoring the BSSID/frequency hint and associating
with another (incorrect) AP for the WPS provisioning step if that
another AP in the same ESS is more preferred (e.g., better signal
strength) by the driver and only one of the APs (the not preferred one)
is in active WPS registrar state.

While most drivers follow the BSSID hint for the initial connection to
an ESS, not doing it here for the WPS provisioning would break the
protocol. Fix this by enforcing a single BSSID/frequency to disallow the
driver from selecting an incorrect AP for the WPS provisioning
association.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-11 00:25:20 +03:00
Jouni Malinen
b8ae56e4d0 FILS: Allow wpa_supplicant to select FILS AKM for connection
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:46 +03:00
Jouni Malinen
e4d2ce1b52 FILS: Set FILS Capability bit in management frames from station
If FILS is supported, indicate that in Probe Request and (Re)Association
Request frames in the Extended Capabilities element.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:46 +03:00
Max Stepanov
be7ebd892e wpa_supplicant: Cancel sched_scan on SELECT_NETWORK initiated scan
If a scheduled scan is running on select network command,
cancel and reset it before kicking off a regular scan request.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
2016-09-27 00:02:44 +03:00
Mikael Kanstrup
02adead53e Add ignore_auth_resp control interface debug parameter
Implement "SET ignore_auth_resp <0/1>" command to simulate auth/assoc
response loss and EAPOL RX packet loss by ignoring corresponding
incoming events.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2016-09-23 17:36:55 +03:00
Mikael Kanstrup
04e3d8156a Blacklist correct BSSID on authentication timeout
If authentication times out while reassociating to same ESS incorrect
BSSID may end up being blacklisted. Use pending_bssid field on
authentication timeout and deauthentication to ensure the correct AP
gets blacklisted. This is mainly to address cases related to Android
framework roaming behavior.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2016-09-23 17:36:55 +03:00
Lior David
d1723c5566 wpa_supplicant: Allow FTM functionality to be published
Add configuration options that control publishing of fine timing
measurement (FTM) responder and initiator functionality via bits 70, 71
of Extended Capabilities element. Typically, FTM functionality is
controlled by a location framework outside wpa_supplicant. When
framework is activated, it will use wpa_supplicant to configure the
STA/AP to publish the FTM functionality. See IEEE P802.11-REVmc/D7.0,
9.4.2.27.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-09-05 21:27:23 +03:00
Roshan Pius
d015bb05df Move network add/remove operations to a common function
All the 3 control interfaces: socket based, dbus & binder needs to
perform the same sequence of steps for network add/remove. So, move
these to a common utility method in |wpa_supplicant.c| instead of
duplicating the code everywhere.

Signed-off-by: Roshan Pius <rpius@google.com>
2016-08-18 20:46:18 +03:00
Masashi Honma
ecba4509d9 mesh: Simplify HT40 check code
The ht40 variable can only have values -1 or 1 here, so need to try to
address ht40 == 0 case.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-08-18 10:46:39 +03:00
Masashi Honma
05aed438cd mesh: Set correct secondary channel offset if HT40 is disabled
Previously, secondary channel offset could be non zero even though
disable_ht40=1. This patch fixes it.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-08-18 10:43:19 +03:00
Roshan Pius
5f040be4ff Move disconnect command handling to a common place
Move out the disconnect command handling from |ctrl_iface.c| to
|wpa_supplicant.c| so that it can be reused across the different
control interfaces (socket, dbus & binder).

Signed-off-by: Roshan Pius <rpius@google.com>
2016-08-13 21:11:04 +03:00
vamsi krishna
cc9985d1b1 Set default scan IEs to the driver (QCA vendor extension)
This makes wpa_supplicant set default scan IEs to the driver (if the
vendor command is supported). The driver can use these IEs in the scan
requests initiated by the driver itself. Also the driver can merge these
IEs into further scan requests that it receives, in case if the scan
request doesn't carry any of the IEs sent in this command.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-08-02 21:21:52 +03:00
Masashi Honma
3388e7b96f mesh: Remove HT IEs if HT is disabled
Previously, HT capability IE and HT information IE were included in
Beacon and Mesh Peering Open/Confirm frames even if HT is disabled with
disable_ht=1. This patch removes these.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-07-23 22:04:16 +03:00
Jouni Malinen
4d8d710f0b Fix byte order for CONFIG_VHT_OVERRIDES parameters
The VHT parameters were not swapped properly on big endian systems.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-23 13:41:18 +03:00
Jouni Malinen
39cdd3a0f9 FST: Mark wpa_supplicant callback functions get_peer_{first,next} static
These are used only through function pointers, so no need to keep the
functions non-static.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-23 13:32:29 +03:00
Jouni Malinen
331f07742f mesh: Allow 160 MHz channel to be configured
This allows minimal testing with 160 MHz channel with country code ZA
that happens to be the only one with a non-DFS 160 MHz frequency. DFS
with mesh is not yet supported.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-04 21:30:51 +03:00
Kanchanapally, Vidyullatha
cc9a2575ca nl80211: Use extended capabilities per interface type
This adds the necessary changes to support extraction and use of the
extended capabilities specified per interface type (a recent
cfg80211/nl80211 extension). If that information is available,
per-interface values will be used to override the global per-radio
value.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-31 21:35:54 +03:00
Jouni Malinen
22950049e4 Ignore pmf=1/2 parameter for non-RSN networks
PMF is available only with RSN and pmf=2 could have prevented open
network connections. Change the global wpa_supplicant pmf parameter to
be interpreted as applying only to RSN cases to allow it to be used with
open networks.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-05 21:09:08 +03:00
David Spinadel
4a742011ab wpa_supplicant: Handle LCI request
Handle radio measurement request that contains LCI request. Send
measurement report based on a configurable LCI report element. The LCI
report element is configured over the control interface with

SET lci <hexdump of the element>

and cleared with

SET lci ""

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-17 12:29:12 +03:00
David Spinadel
d41a5352fe wpa_supplicant: Add LCI and civic request to Neighbor Report Request
Add an option to request LCI and Location Civic Measurement in Neighbor
Report Request frame, as described in IEEE P802.11-REVmc/D5.0, 9.6.7.6.

Note: This changes the encoding format of the NEIGHBOR_REP_REQUEST
ssid=<val> parameter. This used to be parsed as raw SSID data which is
problematic for accepting additional parameters. The new encoding allows
either a string within double-quotation marks or a hexdump of the raw
SSID.

Thew new format:
NEIGHBOR_REP_REQUEST [ssid=<SSID>] [lci] [civic]

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-16 21:05:39 +03:00
Matti Gottlieb
ece4ac5f4e HS 2.0: Add support for configuring frame filters
When a station starts an association to a Hotspot 2.0 network, request
the driver to do the following, based on the BSS capabilities:

1. Enable gratuitous ARP filtering
2. Enable unsolicited Neighbor Advertisement filtering
3. Enable unicast IP packet encrypted with GTK filtering if
   DGAF disabled bit is zero

Clear the filter configuration when the station interface is
disassociated.

Signed-off-by: Matti Gottlieb <matti.gottlieb@intel.com>
2016-04-08 15:21:18 +03:00
Lior David
90f14962ec wpa_supplicant: "don't care" value for pbss in ssid structure
Add a new value 2 to the pbss parameter of wpa_ssid structure, which
means "don't care". This value is used in infrastructure mode to request
connection to either AP or PCP, whichever is available in the scan
results. The value is also used in regular WPS (not P2P group formation)
to make WPS work with devices running as either AP or PCP.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-04-08 12:56:34 +03:00
Jouni Malinen
6a5ee810a3 Include previous BSSID in connection request to indicate reassociation
This allows the SME-in-the-driver case to get similar information about
reassociation that was already available for the SME-in-wpa_supplicant
case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-24 22:35:10 +02:00
Roy Marples
2e997eece5 Add interface matching support with -M, guarded by CONFIG_MATCH_IFACE
The new wpa_supplicant command line argument -M can be used to describe
matching rules with a wildcard interface name (e.g., "wlan*").

This is very useful for systems without udev (Linux) or devd (FreeBSD).

Signed-off-by: Roy Marples <roy@marples.name>
2016-03-22 17:41:37 +02:00
Roy Marples
45e3fc72c6 Find correct driver for interface additions/removals
Interface additions/removals are not guaranteed to be for the driver
listening to the kernel events. As such, send the events to
wpa_supplicant_event_global() which can then pick the correct interface
registered with wpa_supplicant to send the event to.

Signed-off-by: Roy Marples <roy@marples.name>
2016-03-22 17:41:37 +02:00
Lior David
2b6e9f91df wpa_supplicant: Expose wpas_get_bands() and related API
Expose the functions wpas_get_bands() and wpas_freq_to_band() and the
enum wpa_radio_work_band, since they will be needed outside
wpa_supplicant.c.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-03-03 15:10:50 +02:00
Lior David
96a26ab744 P2P: Support dedicated P2P_DEVICE without separate group interface
Add support for drivers with dedicated P2P_DEVICE interface, but without
group interface concurrency (only a single netdev is used). With such
devices, wpa_supplicant tried to use the p2p_dev interface instead of
the group interface and most P2P operations failed. Extend
wpa_supplicant to use the primary interface instead of a separate group
interface in such cases.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-02-27 19:37:19 +02:00
Lior David
ba307f8528 P2P: Add a separate pointer to the P2P Device instance
In many places in the code there was a reference to wpa_s->parent to get
from group interface to p2p_dev interface. These places can break if
P2P_DEVICE interface would need to be used with the primary interface as
the group interface, since the parent of the primary interface points to
itself and not the p2p_dev interface.

Fix this by adding a separate "p2pdev" pointer to wpa_supplicant,
it will be the same as parent pointer in most cases but whenever
the primary interface is used as a group interface, change it to
point to the correct p2p_dev interface.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-02-27 19:37:19 +02:00
Jouni Malinen
d010048cf7 MBO: Expire non-matching bss_tmp_disallowed entries as part of check
This makes wpa_is_bss_tmp_disallowed() expire old entries from the
bss_tmp_disallowed list even if they do not match the BSSID that is
being searched for. This allows the list to be kept at shorter length to
speed up operations and minimize memory use in cases where the
previously disabled BSS is not in radio range anymore.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-22 19:53:04 +02:00
Avraham Stern
c484b19882 Move Hotspot 2.0 element in (Re)Association Request frames
According to IEEE Std 802.11-2012, Table 8-22, vendor specific elements
must follow all other elements, so Hotspot 2.0 element which is actually
a vendor specific element must come after all other elements.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-02-22 19:53:04 +02:00
Avraham Stern
dd5999084e MBO: Parse MBO IE in BSS Transition Management Request frames
Add parsing of MBO IE in BSS Transition Management Request frames. If
the MBO IE includes the association retry delay attribute, do not try to
reconnect to the current BSS until the delay time is over.

If the MBO IE includes the cellular data connection preference attribute
or the transition rejection reason attribute, send a message to upper
layers with the data.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-02-22 19:53:04 +02:00
Avraham Stern
5e57ba2505 MBO: Add Supported Operating Classes element to Association Request
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-02-22 19:53:04 +02:00
David Spinadel
92c6e2e3a9 MBO: Implement MBO non-preferred channel report in Association Request
Add MBO IE with non-preferred channels to (Re)Association Request
frames.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-02-22 19:53:04 +02:00
Avraham Stern
ea69d9737c wpa_supplicant: Share a single get_mode() implementation
There is no need to duplicate this helper function in multiple files.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-02-21 17:14:51 +02:00
Masashi Honma
70c93963ed SAE: Fix PMKID calculation for PMKSA cache
The SAE PMKID is calculated with IEEE Std 802.11-2012 11.3.5.4, but the
PMKID was re-calculated with 11.6.1.3 and saved into PMKSA cache. Fix
this to save the PMKID calculated with 11.3.5.4 into the PMKSA cache.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-02-18 21:07:47 +02:00
Lior David
b907491281 wpa_supplicant: Basic support for PBSS/PCP
PBSS (Personal Basic Service Set) is a new BSS type for DMG
networks. It is similar to infrastructure BSS, having an AP-like
entity called PCP (PBSS Control Point), but it has few differences.
PBSS support is mandatory for IEEE 802.11ad devices.

Add a new "pbss" argument to network block. The argument is used
in the following scenarios:
1. When network has mode=2 (AP), when pbss flag is set will start
as a PCP instead of an AP.
2. When network has mode=0 (station), when pbss flag is set will
connect to PCP instead of AP.

The function wpa_scan_res_match() was modified to match BSS according to
the pbss flag in the network block (wpa_ssid structure). When pbss flag
is set it will match only PCPs, and when it is clear it will match only
APs.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-02-08 22:23:56 +02:00
Roy Marples
2e69bdd16a eloop: Add eloop_sock_requeue()
This function can be used to re-build eloop socket tables after forking
for eloop implementations that need this.

Signed-off-by: Roy Marples <roy@marples.name>
2016-02-07 12:38:04 +02:00
Jouni Malinen
6174de663c mesh: Connection and group started/removed events into debug log
The messages were sent out with wpa_msg_ctrl() so they were not visible
in the debug log. However, these would be quite helpful strings to
search for in the debug log, so change these messages to use wpa_msg().

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-06 13:13:13 +02:00
Jouni Malinen
15c5606758 Update copyright notices for the new year 2016
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-01 13:42:04 +02:00
Ilan Peer
ede7770180 wpa_supplicant: Do not wait for monitor on P2P Device interface
External programs are not aware of the creation of a
dedicated P2P Device interface, so it does not make sense
to wait for a monitor to connect on such an interface.

Fix this by not waiting on a dedicated P2P Device interface
for monitor to attach.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-12-28 17:21:08 +02:00
Jouni Malinen
e7160bd8fe Drop any pending EAPOL RX frame when starting a new connection
Such a pending frame cannot be valid anymore, so drop it instead of
risking of using an unexpected EAPOL frame after association if a
previous association received one at the end and the new association can
happen within 100 ms.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 17:25:41 +02:00
Jouni Malinen
ca9968a012 HS 2.0: Convert icon storage to use dl_list
This simplifies the list operations quite a bit.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-19 18:49:57 +02:00
Jouni Malinen
3c108b7573 EAP peer: External server certificate chain validation
This adds support for optional functionality to validate server
certificate chain in TLS-based EAP methods in an external program.
wpa_supplicant control interface is used to indicate when such
validation is needed and what the result of the external validation is.

This external validation can extend or replace the internal validation.
When ca_cert or ca_path parameter is set, the internal validation is
used. If these parameters are omitted, only the external validation is
used. It needs to be understood that leaving those parameters out will
disable most of the validation steps done with the TLS library and that
configuration is not really recommend.

By default, the external validation is not used. It can be enabled by
addingtls_ext_cert_check=1 into the network profile phase1 parameter.
When enabled, external validation is required through the CTRL-REQ/RSP
mechanism similarly to other EAP authentication parameters through the
control interface.

The request to perform external validation is indicated by the following
event:
CTRL-REQ-EXT_CERT_CHECK-<id>:External server certificate validation needed for SSID <ssid>

Before that event, the server certificate chain is provided with the
CTRL-EVENT-EAP-PEER-CERT events that include the cert=<hexdump>
parameter. depth=# indicates which certificate is in question (0 for the
server certificate, 1 for its issues, and so on).

The result of the external validation is provided with the following
command:
CTRL-RSP-EXT_CERT_CHECK-<id>:<good|bad>

It should be noted that this is currently enabled only for OpenSSL (and
BoringSSL/LibreSSL). Due to the constraints in the library API, the
validation result from external processing cannot be reported cleanly
with TLS alert. In other words, if the external validation reject the
server certificate chain, the pending TLS handshake is terminated
without sending more messages to the server.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-12 18:24:27 +02:00
Avichal Agarwal
af041f997d dbus: Add support for vendor specific elements
The new methods are
1. VendorElemAdd "i" "ay" i=integer ay=array of bytes
2. VendorElemGet "i" i=integer (output array of bytes)
3. VendorElemRem "i" "ay" i=integer ay=array of bytes

These provide functionality similar to the control interface commands
VENDOR_ELEM_ADD, VENDOR_ELEM_GET, and VENDOR_ELEM_REMOVE.

Signed-off-by: Avichal Agarwal <avichal.a@samsung.com>
Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com>
Signed-off-by: Kyeong-Chae Lim <kcya.lim@samsung.com>
Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
Signed-off-by: Dilshad Ahmad <dilshad.a@samsung.com>
[VendorElemGet to return array of bytes instead of string; cleanup]
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-06 12:50:13 +02:00