This commit is similar to the commit
783c2920cc ('P2P: Check if the pref_freq
reported by the driver supports P2P') but extends the check for
supported pref_freq to wpas_p2p_select_go_freq().
This avoids issues with P2P_GROUP_ADD ending up selecting an unexpected
channel when get_pref_freq_list() (i.e.,
QCA_NL80211_VENDOR_SUBCMD_GET_PREFERRED_FREQ_LIST) is used. Filter the
list by removing channels that do not allow P2P operation at all.
Previously, only the explicitly disallowed channels were removed and
that could have resulted in selecting an operating channel that is not
allowed for P2P and failing to complete the operation to start the
group.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add NULL checking for EAP name. If it is NULL, do not add the phase2
parameter autheap. This should not happen in practice due to earlier
checks for credential matching, but if there is a code path that would
allow this to be set, it is better to skip setting of the invalid value
and allow automatic selection of the Phase 2 parameters.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Change in any network configuration at runtime will cause flush to
PMKSA cache. For most of the network parameters if there is no change
in value, PMKSA flush is not performed except 'bssid' and 'priority'.
Add 'bssid_hint' to exemption list of avoiding PMKSA flush on change.
This is needed to complete change in commit
43a356b268 ('Provide option to configure
BSSID hint for a network').
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Current DFS domain information of the driver can be used in ap/dfs
to comply with DFS domain specific requirements like uniform spreading
for ETSI domain.
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qti.qualcomm.com>
This exposes user configurable option to set bssid_hint for a network.
bssid_hint indicates which BSS has been found a suitable candidate for
initial association for drivers that use driver/firmware-based BSS
selection. Unlike the bssid parameter, bssid_hint does not limit the
driver from selecting other BSSs in the ESS.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Addition of remove_ies() handled the CONFIG_IEEE80211R dependency, but
missed the caller being within CONFIG_FILS as well.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When reducing the configuration for MACsec/MKA to the bare minimum, so
no EAP authentication, just MACsec/MKA SA use with preshared key/name,
the EAPOL engine is still needed to run the protocol for MKA. Without
any EAP authentication options the IEEE8021X_EAPOL option is not set,
resulting in a non-working Key Agreement Entity.
Therefore the CONFIG_MACSEC block needs to move up and set the
IEEE8021X_EAPOL option.
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
In some practical cases, it is useful to suppress joining to node in the
distance. The new field mesh_rssi_threshold could be used as RSSI
threshold for joining.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This patch adds "TDLSCancelChannelSwitch" dbus method on
"fi.w1.wpa_supplicant1.Interface" interface to disable channel switching
with a TDLS peer.
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
This patch adds "TDLSChannelSwitch" dbus method on
"fi.w1.wpa_supplicant1.Interface" interface to enable channel switching
with a TDLS peer.
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
Derive PMK-R0 and the relevant key names when using FILS authentication
for initial FT mobility domain association. Fill in the FT IEs in
(Re)Association Request frame for this.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add support to set ignore assoc disallow to the driver so that the
driver ignores assoc disallowed bit set by APs while connecting. This is
used by drivers that handle BSS selection and roaming internally.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If the driver provides input on MBO transition candidate handling, the
target value in get_mbo_transition_candidate() can be NULL if the driver
provided BSSID is not found in the wpa_supplicant BSS table. And later
it would be dereferenced. Fix this by adding an explicit check before
dereferencing the pointer.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
wpa_supplicant build with MBO enabled failed in CONFIG_WNM=y was not
specified explicitly. Add the WNM dependency automatically to avoid
needing explicit addition in build configuration.
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit 34f2851902 ('MBO: Parse MBO
ANQP-element on STA') started using the type variable outside
CONFIG_HS20 block, but forgot to remove the ifdef from the variable
declaration.
Signed-off-by: Jouni Malinen <j@w1.fi>
Disconnection due to DISABLE_NETWORK while being connected was resulting
in the AP getting blacklisted. Avoid this by setting own_disconnect_req
on a disconnect request due to DISABLE_NETWORK similarly to the
SELECT_NETWORK disconnection case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds a string "FILS_HLP_SENT" to connect event when HLP is sent
as part of ASSOC/CONNECT request.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If the uuid configuration parameter is not set, wpa_supplicant generates
an UUID automatically to allow WPS operations to proceed. This was
previously always using an UUID generated from the MAC address. This
commit adds an option to use a random UUID instead. The type of the
automatically generated UUID is set with the auto_uuid parameter: 0 =
based on MAC address (default; old behavior), 1 = random UUID.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add a new PMKSA cache entry within wpa_supplicant if a driver event from
offloaded FILS shared key authentication indicates a new PMKSA entry was
created.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This keeps the internal ERP information within wpa_supplicant in sync
with the driver when offloading FILS shared key authentication.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Update the internal fils_completed state when offloading FILS shared key
authentication to the driver.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add FILS/ERP parameters into the driver connect command to support FILS
shared key authentication offload.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This was already done in sme_send_authentication() for the case where
wpa_supplicant SME is used. Similar change is needed for driver-SME to
allow FILS authentication to be offloaded to the driver.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add support for setting and deleting PMKSA cache entries based on FILS Cache
Identifer. Also additionally add support for sending PMK as part of
SET_PMKSA to enable driver to derive keys in case of FILS shared key
offload using PMKSA caching.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When using FILS for FT initial mobility domain association, add MDE to
the Authentication frame from the STA to indicate this special case for
FILS authentication.
Signed-off-by: Jouni Malinen <j@w1.fi>
PMKSA_ADD and MESH_PMKSA_ADD command arguments include keying material,
so show it in debug log only if requested to do with the command line -K
argument.
Signed-off-by: Jouni Malinen <j@w1.fi>
In ap_scan=2 mode, wpa_supplicant_assoc_try() did not check whether the
SSID is temporarily disabled before trying to associate and this may
result in an infinite connect/disconnect loop. If the association
succeeds while the SSID is temporarily disabled, wpa_supplicant will
request to deauthenticate and that in turn will cause the SSID to be
temporarily disabled again. Fix that by postponing the association until
the SSID is no longer temporarily disabled.
Signed-off-by: Shaul Triebitz <shaul.triebitz@intel.com>
Without CONFIG_P2P config, the following warning occurs if CONFIG_AP is
enabled for the build:
ap.c: In function ‘wpas_conf_ap_vht’:
ap.c:54:5: warning: unused variable ‘channel’ [-Wunused-variable]
u8 channel = conf->channel;
^
ap.c:53:5: warning: unused variable ‘center_chan’ [-Wunused-variable]
u8 center_chan = 0;
^
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This change fixes the following compilation warnings:
wnm_sta.c:1007:4: warning: implicit conversion from enumeration type
'enum mbo_transition_reason' to different enumeration type
'enum mbo_transition_reject_reason' [-Wenum-conversion]
The actual value of both MBO_TRANSITION_REASON_UNSPECIFIED and
MBO_TRANSITION_REJECT_REASON_UNSPECIFIED is 0, so this does not result
in any change in the contents of the frames.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, only the success and failure (to TX) cases were handled. It
is also possible for the driver to transmit the frame, but not receive
an ACK from the recipient. Address that by waiting for a short period of
time for a response. This fixes cases where OSU provider icon fetching
could get stuck if no ACK frame is received.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Do not try to use FILS authentication unless the AP indicates support
for the type the local network profile enforces.
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds an option to configure wpa_supplicant to use the perfect
forward secrecy option in FILS shared key authentication. A new build
option CONFIG_FILS_SK_PFS=y can be used to include this functionality. A
new runtime network profile parameter fils_dh_group is used to enable
this by specifying which DH group to use. For example, fils_dh_group=19
would use FILS SK PFS with a 256-bit random ECP group.
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds STA side addition of OWE Diffie-Hellman Parameter element into
(Re)Association Request frame and processing it in (Re)Association
Response frame.
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds AP side processing for OWE Diffie-Hellman Parameter element in
(Re)Association Request frame and adding it in (Re)Association Response
frame.
Signed-off-by: Jouni Malinen <j@w1.fi>
Since VHT can be toggled explicitly, also expose being able to disable
HT explicitly, without requiring HT overrides. Continue making it
default to enabled though.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Instead of deducing the wide (HT, VHT) channel configuration only
automatically in P2P mode, allow it to be configured in the network
in non-P2P mode.
Also allow all of these parameters to be configured through the control
interface or the configuration file.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
