Commit graph

712 commits

Author SHA1 Message Date
Purushottam Kushwaha
cf94626c50 OWE: Do not try to enable PMF for non-RSN associations
Explicitly set the PMF configuration to 0 (NO_MGMT_FRAME_PROTECTION) for
non-RSN associations. This specifically helps with OWE transition mode
when the network block is configured with PMF set to required, but the
BSS selected is in open mode. There is no point to try to enable PMF for
such an association.

This fixes issues with drivers that use the NL80211_ATTR_USE_MFP
attribute to set expectations for PMF use. The combination of non-RSN
connection with claimed requirement for PMF (NL80211_MFP_REQUIRED) could
cause such drivers to reject the connection in OWE transition mode.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-04 00:26:41 +03:00
Beni Lev
077232f603 OCE: Add OCE capability attribute only when associating to an OCE AP
Signed-off-by: Beni Lev <beni.lev@intel.com>
2018-09-02 18:16:30 +03:00
Ankita Bajaj
af835d75b7 FILS: Fix FILS connect failures after ERP key invalidation
If the RADIUS authentication server dropped the cached ERP keys for any
reason, FILS authentication attempts with ERP fails and the previous
wpa_supplicant implementation ended up trying to use the same keys for
all consecutive attempts as well. This did not allow recovery from state
mismatch between the ERP server and peer using full EAP authentication.

Address this by trying to use full (non-FILS) authentication when trying
to connect to an AP using the same ERP realm with FILS-enabled network
profile if the previous authentication attempt had failed. This allows
new ERP keys to be established and FILS authentication to be used again
for the consecutive connections.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-24 16:27:34 +03:00
Jouke Witteveen
1e1245bc8b Fix QoS Mapping ext capab bit setting
Fix the typo in using WPA_DRIVER_FLAGS_QOS_MAPPING to set the QoS Map
bit in Extended Capabilities. The previous implementation ended up
adding this bit even if the driver did not actually indicate support for
the capability.

Signed-off-by: Jouke Witteveen <j.witteveen@gmail.com>
2018-08-12 16:35:31 +03:00
Jouni Malinen
88bf44be42 FT: Fix potential NULL pointer dereference in MDE addition
The bss variable in this function might be NULL, so make the FT MDE
addition case conditional on a BSS entry being available.

Fixes: 3dc3afe298 ("FT: Add MDE to assoc request IEs in connect params")
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 20:16:37 +03:00
Jouni Malinen
8c2715b358 FT: Connection settings for SHA384-based AKM
Extend wpa_supplicant to allow SHA384-based FT AKM to be selected for a
connection.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 19:29:53 +03:00
Jouni Malinen
f5a602168f HS 2.0: Allow OSEN connection to be used in an RSN BSS
This allows a single BSS/SSID to be used for both data connection and
OSU. In wpa_supplicant configuration, the current proto=OSEN
key_mgmt=OSEN combination is now allowing both the old separate OSEN
BSS/IE and the new RSN-OSEN to be used.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-29 23:34:22 +03:00
Jouni Malinen
833bb2ab15 FT: Disable PMKSA caching with FT
PMKSA caching with FT is not fully functional, so disable the case for
now, so that wpa_supplicant does not end up trying to connect with a
PMKSA cache entry from another AKM. FT-EAP was already modified long
time ago to not add PMKSA cache entries itself.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-21 22:18:50 +03:00
Ahmad Masri
86c998d37a FT: Add FT auth algorithm to connect params when roaming
Add WPA FT auth to connect params in case of a re-connection to ESS
supporting FT when FT was used in the first connect.

Signed-off-by: Ahmad Masri <amasri@codeaurora.org>
2018-04-20 00:35:41 +03:00
Ahmad Masri
3dc3afe298 FT: Add MDE to assoc request IEs in connect params
Add MDE (mobility domain element) to Association Request frame IEs in
the driver assoc params. wpa_supplicant will add MDE only if the network
profile allows FT, the selected AP supports FT, and the mobility domain
ID matches.

Signed-off-by: Ahmad Masri <amasri@codeaurora.org>
2018-04-20 00:32:49 +03:00
Jouni Malinen
4204669c69 HS 2.0: Add Roaming Consortium Selection element into AssocReq
This makes wpa_supplicant add Hotspot 2.0 Roaming Consortium Selection
element into (Re)Association Request frames if the network profile
includes roaming_consortium_selection parameter.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-18 01:12:25 +03:00
Dmitry Lebed
37547ad63c wpa_supplicant: Increase authentication timeout if CAC is started
Timeout is increased by dfs_cac_ms from channel data, or by max CAC time
(10 minutes) if dfs_cac_ms is not defined. This is needed for some more
complex cases, e.g., when STA is acting as an active slave with DFS
offload enabled and decided to start CAC after receiving CONNECT
command, in such a case the 10 second timeout is too small and
wpa_supplicant need to wait for CAC completion or CAC timeout (up to 10
minutes).

Without such timeout modification wpa_supplicant will be unable to
connect to an AP on DFS channel, since the default authentication
timeout (10 s) is smaller than the minimum CAC time (60 s).

Tested with nl80211 DFS offload implementation.

Signed-off-by: Dmitry Lebed <dlebed@quantenna.com>
2018-04-15 22:20:49 +03:00
Jouni Malinen
852b2f2738 SAE: Only allow SAE AKMP for PMKSA caching attempts
Explicitly check the PMKSA cache entry to have matching SAE AKMP for the
case where determining whether to use PMKSA caching instead of new SAE
authentication. Previously, only the network context was checked, but a
single network configuration profile could be used with both WPA2-PSK
and SAE, so should check the AKMP as well.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-04-09 19:34:44 +03:00
Jouni Malinen
06b1a10434 SAE: Fix default PMK configuration for PMKSA caching case
The RSN supplicant state machine PMK was set based on WPA PSK even for
the cases where SAE would be used. If the AP allows PMKSA caching to be
used with SAE, but does not indicate the selected PMKID explicitly in
EAPOL-Key msg 1/4, this could result in trying to use the PSK instead of
SAE PMK. Fix this by not setting the WPA-PSK as default PMK for SAE
network profiles and instead, configuring the PMK explicitly from the
found PMKSA cache entry.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-04-09 13:10:08 +03:00
Jouni Malinen
66dbc8d9c3 Add more debug prints for wpa_sm_set_pmk() calls
Couple of these were not preceded by wpa_hexdump_key(PSK) which made it
more difficult to interpret the debug log.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-04-08 19:11:07 +03:00
Davide Caratti
d89edb6112 wpa_supplicant: Don't reply to EAPOL if pkt_type is PACKET_OTHERHOST
When wpa_supplicant is running on a Linux interface that is configured in
promiscuous mode, and it is not a member of a bridge, incoming EAPOL
packets are processed regardless of the Destination Address in the frame.
As a consequence, there are situations where wpa_supplicant replies to
EAPOL packets that are not destined for it.

This behavior seems undesired (see IEEE Std 802.1X-2010, 11.4.a), and can
be avoided by attaching a BPF filter that lets the kernel discard packets
having pkt_type equal to PACKET_OTHERHOST.

Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
2018-04-02 12:21:27 +03:00
Vasyl Vavrychuk
8fb2b35735 Clean up setting of iface->p2p_mgmt flag
Previously we set this flag to one in wpa_supplicant_init_iface() if
Wi-Fi controller does not have a dedicated P2P-interface.

This setting had effect only in scope of wpa_supplicant_init_iface() and
it contradicts with comment to struct wpa_interface::p2p_mgmt field.
This comment says that this flag is used only if Wi-Fi controller has
dedicated P2P-device interface.

Also it contradicts with usage of similiar p2p_mgmt field in struct
wpa_supplicant. Again struct wpa_supplicant::p2p_mgmt is set only for
dedicated P2P-device interface.

After this change wpa_interface become input argument to
wpa_supplicant_init_iface() that we are not modifying.

Signed-off-by: Vasyl Vavrychuk <vvavrychuk@gmail.com>
2018-04-02 12:13:59 +03:00
Masashi Honma
e480212765 dbus: Add FILS to global capabilities
If any of the interfaces supports FILS (and similarly for FILS-SK-PFS),
include the "fils" (and "fils_sk_pfs") capability in D-Bus information.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2018-04-02 11:56:06 +03:00
Jouni Malinen
6a252ece24 DPP: Fix GAS query removal race condition on DPP_STOP_LISTEN
If a DPP_STOP_LISTEN call happens to be received when there is a pending
gas-query radio work that has not yet been started, it was possible for
gas_query_stop() to go through gas_query_done() processing with
gas->work == NULL and that ended up with the pending GAS query getting
freed without removing the pending radio work that hold a reference to
the now freed memory. Fix this by removing the pending non-started radio
work for the GAS query in this specific corner case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-02-07 18:03:58 +02:00
Jouni Malinen
3bd35b6816 wpa_supplicant: Fix parsing errors on additional config file
If the -I<config> argument is used and the referenced configuration file
cannot be parsed, wpa_config_read() ended up freeing the main
configuration data structure and that resulted in use of freed memory in
such an error case. Fix this by not freeing the main config data and
handling the error case in the caller.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-02-04 12:20:13 +02:00
Jouni Malinen
9f8d459d4c OWE: Fix association IEs for transition mode open AP connection
The special case of returning from wpa_supplicant_set_suites() when OWE
transition mode profile is used for an open association did not clear
the wpa_ie buffer length properly. This resulted in trying to use
corrupted IEs in the association request and failed association
(cfg80211 rejects the request or if the request were to go out, the AP
would likely reject it).

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-02-04 11:55:01 +02:00
Sunil Dutt
5ff39c1380 SAE: Support external authentication offload for driver-SME cases
Extend the SME functionality to support the external authentication.
External authentication may be used by the drivers that do not define
separate commands for authentication and association
(~WPA_DRIVER_FLAGS_SME) but rely on wpa_supplicant's SME for the
authentication.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-02-02 21:17:55 +02:00
Jouni Malinen
c1790a5ff8 OWE: Allow station in transition mode to connect to an open BSS
If the OWE network profile matches an open network which does not
advertise OWE BSS, allow open connection. The new owe_only=1 network
profile parameter can be used to disable this transition mode and
enforce connection only with OWE networks.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-21 11:13:01 +02:00
Jouni Malinen
2cb40e9f40 OWE: Try all supported DH groups automatically on STA
If a specific DH group for OWE is not set with the owe_group parameter,
try all supported DH groups (currently 19, 20, 21) one by one if the AP
keeps rejecting groups with the status code 77.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-27 21:06:02 +02:00
vamsi krishna
d98038bb05 FILS: Driver configuration to disable/enable FILS features
The new disable_fils parameter can be used to disable FILS functionality
in the driver. This is currently removing the FILS Capability bit in
Extended Capabilities and providing a callback to the driver wrappers.
driver_nl80211.c implements this using a QCA vendor specific command for
now.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-15 20:52:17 +02:00
Jouni Malinen
5f30b69cde OWE: Allow DH Parameters element overriding with driver SME
Commit 265bda3444 ('OWE: Allow DH
Parameters element to be overridden for testing purposes') provided
means for using "VENDOR_ELEM_ADD 13 <IE>" in OWE protocol testing, but
that commit covered only the sme.c case (i.e., drivers that use
wpa_supplicant SME). Extend this to cover drivers that use internal SME
(e.g., use the nl80211 Connect command).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-11 13:59:55 +02:00
Jouni Malinen
7ed5337d8c Fix a typo in a debug message
This radio_work_free() message was missing the closing parenthesis.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-22 17:21:57 +03:00
Vidyullatha Kanchanapally
6338c99efa FILS: Send updated connection parameters to drivers if needed
After an initial connection wpa_supplicant derives ERP information which
can be used in doing eventual authentications in the same realm. This
information can be used by drivers with offloaded FILS support to do
driver/firmware initiated roamings. Add support to send this updated
information to such drivers.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 01:19:42 +03:00
Vidyullatha Kanchanapally
d2ba0d719e Move assoc param setting into a helper function
This is needed to be able to use the same implementation for updating
the connection parameters in the driver during an association.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 01:19:42 +03:00
Jouni Malinen
daa4096084 Allow last (Re)Association Request frame to be replayed for testing
The new wpa_supplicant RESEND_ASSOC command can be used to request the
last (Re)Association Request frame to be sent to the AP to test FT
protocol behavior.

This functionality is for testing purposes and included only in builds
with CONFIG_TESTING_OPTIONS=y.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 17:47:24 +03:00
Jouni Malinen
a0bf1b68c0 Remove all PeerKey functionality
This was originally added to allow the IEEE 802.11 protocol to be
tested, but there are no known fully functional implementations based on
this nor any known deployments of PeerKey functionality. Furthermore,
PeerKey design in the IEEE Std 802.11-2016 standard has already been
marked as obsolete for DLS and it is being considered for complete
removal in REVmd.

This implementation did not really work, so it could not have been used
in practice. For example, key configuration was using incorrect
algorithm values (WPA_CIPHER_* instead of WPA_ALG_*) which resulted in
mapping to an invalid WPA_ALG_* value for the actual driver operation.
As such, the derived key could not have been successfully set for the
link.

Since there are bugs in this implementation and there does not seem to
be any future for the PeerKey design with DLS (TDLS being the future for
DLS), the best approach is to simply delete all this code to simplify
the EAPOL-Key handling design and to get rid of any potential issues if
these code paths were accidentially reachable.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 02:03:47 +03:00
Jouni Malinen
a34ca59e4d SAE: Allow SAE password to be configured separately (STA)
The new sae_password network profile parameter can now be used to set
the SAE password instead of the previously used psk parameter. This
allows shorter than 8 characters and longer than 63 characters long
passwords to be used.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-11 23:24:19 +03:00
Jouni Malinen
109704657d OWE: Support station SME-in-driver case
Previously, only the SME-in-wpa_supplicant case was supported. This
extends that to cover the drivers that implement SME internally (e.g.,
through the cfg80211 Connect command).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-09 12:35:14 +03:00
Jouni Malinen
e8b9649012 OWE: Transition mode support on station side
Add support for using the OWE Transition Mode element to determine the
hidden SSID for an OWE BSS that is used in transition mode.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-08 17:12:35 +03:00
Jouni Malinen
675112df1b OWE: Set PMK length properly on supplicant side
sm->pmk_len was not set when deriving the PMK as part of OWE key
generation. This depending on wpa_sm_set_pmk_from_pmksa() call resetting
the value to the default. While this worked for many cases, this is not
correct and can have issues with network profile selection based on
association information. For example, the OWE transition mode cases
would hit an issue here.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-08 17:12:35 +03:00
Jouni Malinen
61a56c1480 Add group_mgmt network parameter for PMF cipher selection
The new wpa_supplicant network parameter group_mgmt can be used to
specify which group management ciphers (AES-128-CMAC, BIP-GMAC-128,
BIP-GMAC-256, BIP-CMAC-256) are allowed for the network. If not
specified, the current behavior is maintained (i.e., follow what the AP
advertises). The parameter can list multiple space separate ciphers.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-26 17:40:02 +03:00
Lior David
3c7863f812 wpa_supplicant: Support dynamic update of wowlan_triggers
Previously, wowlan_triggers were updated in kernel only during startup.
Also update it whenever it is set from the control interface.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-13 22:17:58 +03:00
Jouni Malinen
2efc672075 Fix RSN pre-authentication regression with pre-connection scan results
The introduction of radio works and a delayed callback to complete
association/connection requests ended up breaking RSN pre-authentication
candidate list generation for the case of pre-connection scan results.
Previously, wpa_supplicant_associate() set the RSN state machine
configuration before returning and the calls to
wpa_supplicant_rsn_preauth_scan_results() immediately after this
function call were working fine. However, with the radio work callback,
the RSN state machine configuration started to happen only in that
callback which would be called soon after this code path has completed.
This resulted in the RSN state machine not knowing the selected SSID and
as such, rejecting all pre-authentication candidates.

Fix this by setting the RSN state machine configuration from
wpa_supplicant_associate() so that the existing callers of
wpa_supplicant_rsn_preauth_scan_results() can be used as-is to add
candidates for pre-authentication.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-12 16:47:02 +03:00
Adiel Aloni
2c66c7d115 wpa_supplicant: Check length when building ext_capability in assoc_cb
When building wpa_ie in wpas_start_assoc_cb() with ext_capab,
make sure that assignment does not exceed max_wpa_ie_len.

Signed-off-by: Adiel Aloni <adiel.aloni@intel.com>
2017-09-10 22:16:06 +03:00
Saurav Babu
a39b040b4c dbus: Add MeshGroupRemoved signal
This is similar to the control interface event MESH-GROUP-REMOVED.

Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
2017-09-09 14:12:33 +03:00
Saurav Babu
89e9cd25d2 dbus: Add MeshGroupStarted signal
This introduces a new interface for mesh and adds a signal that
is similar to the control interface event MESH-GROUP-STARTED.

Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
2017-09-09 14:01:14 +03:00
Ashwini Patil
332aadb8a2 STA: Add OCE capability indication attribute
Add OCE capability indication attribute in Probe Request and
(Re)Association Request frames.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-14 21:19:53 +03:00
Vidyullatha Kanchanapally
b377ec2585 FILS: Fix issuing FILS connect to a non-FILS AP in driver-FILS case
If an AP is not FILS capable and wpa_supplicant has a saved network
block for the network with FILS key management and a saved erp info,
wpa_supplicant might end up issuing a FILS connection to a non-FILS AP.
Fix this by looking for the presence of FILS AKMs in wpa_s->key_mgmt,
i.e., after deciding on the AKM suites to use for the current
connection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-14 21:11:35 +03:00
Ashwini Patil
b04854ceff nl80211/MBO: Set temporary disallowed BSSID list to driver
Set temporary disallowed BSSID list to the driver so that the driver
doesn't try to connect to any of the blacklisted BSSIDs during
driver-based roaming operation. This commit includes support only for
the nl80211 driver interface using a QCA vendor command for this.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-30 17:27:44 +03:00
Jouni Malinen
a0d5c56f8b DPP: Network Introduction protocol for wpa_supplicant
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 21:13:59 +03:00
Jouni Malinen
567da5bbd0 DPP: Add new AKM
This new AKM is used with DPP when using the signed Connector to derive
a PMK. Since the KCK, KEK, and MIC lengths are variable within a single
AKM, this needs number of additional changes to get the PMK length
delivered to places that need to figure out the lengths of the PTK
components.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 21:13:17 +03:00
Jouni Malinen
461d39af40 DPP: Configuration exchange
This adds support for DPP Configuration Protocol using GAS. Full
generation and processing of the configuration object is not included in
this commit.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 21:13:15 +03:00
Jouni Malinen
be27e185b7 DPP: Bootstrap information management
Add wpa_supplicant control interface commands for parsing the bootstrap
info URI from a QR Code (get peer public key) and to generate a new
bootstrap info with private key for local use. The optional
key=<hexdump> argument to the DPP_BOOTSTRAP_GEN command can be used to
specify the bootstrapping private key in OpenSSL ECPrivateKey DER
encoding format. This results in the local bootstrapping information
entry being created with the specified key instead of generating a new
random one.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 12:03:30 +03:00
Vidyullatha Kanchanapally
b5db6e5dc4 eap_proxy: Support multiple SIMs in get_imsi()
This allows the eap_proxy mechanism to be used with multiple SIMs by
following the configured sim_num to index which SIM to use for when
fetching the IMSI through eap_proxy.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-06 03:42:32 +03:00
Vasanthakumar Thiagarajan
aa56e36d66 driver: Make DFS domain information available to core
Current DFS domain information of the driver can be used in ap/dfs
to comply with DFS domain specific requirements like uniform spreading
for ETSI domain.

Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qti.qualcomm.com>
2017-05-13 20:01:44 +03:00
Purushottam Kushwaha
43a356b268 Provide option to configure BSSID hint for a network
This exposes user configurable option to set bssid_hint for a network.
bssid_hint indicates which BSS has been found a suitable candidate for
initial association for drivers that use driver/firmware-based BSS
selection. Unlike the bssid parameter, bssid_hint does not limit the
driver from selecting other BSSs in the ESS.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-05-12 00:20:59 +03:00
Sunil Dutt
0661163eff Do not blacklist the current AP on DISABLE_NETWORK
Disconnection due to DISABLE_NETWORK while being connected was resulting
in the AP getting blacklisted. Avoid this by setting own_disconnect_req
on a disconnect request due to DISABLE_NETWORK similarly to the
SELECT_NETWORK disconnection case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-29 17:46:36 +03:00
Vidyullatha Kanchanapally
da6a28ba60 FILS: Specify if FILS HLP was sent in connect
This adds a string "FILS_HLP_SENT" to connect event when HLP is sent
as part of ASSOC/CONNECT request.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-29 16:35:23 +03:00
Vidyullatha Kanchanapally
a38090b16d FILS: Add HLP to Connect IEs
Add FILS HLP elements to Connect IEs and fragment them if necessary.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-29 16:35:21 +03:00
Vidyullatha Kanchanapally
1e6780bda9 Allocate dynamic memory for connect IEs
This is needed to allow new elements (e.g., FILS HLP request) to be
added.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-29 16:34:48 +03:00
Vidyullatha Kanchanapally
5538fc9309 FILS: Track completion with FILS shared key authentication offload
Update the internal fils_completed state when offloading FILS shared key
authentication to the driver.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-07 18:46:13 +03:00
Vidyullatha Kanchanapally
8b0a6dba87 FILS: Connect request for offloaded FILS shared key authentication
Add FILS/ERP parameters into the driver connect command to support FILS
shared key authentication offload.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-07 18:46:13 +03:00
Vidyullatha Kanchanapally
79f3121bb4 FILS: Set cache identifier in current PMKSA entry for driver-SME case
This was already done in sme_send_authentication() for the case where
wpa_supplicant SME is used. Similar change is needed for driver-SME to
allow FILS authentication to be offloaded to the driver.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-07 18:46:13 +03:00
Jouni Malinen
a1ea1b4522 OWE: Define and parse OWE AKM selector
This adds a new RSN AKM "OWE".

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-12 19:24:11 +02:00
Jouni Malinen
88a447556e Fix SELECT_NETWORK freq parameter
This functionality was originally added in commit
204c9ac4ee ('Extend select_network command
with freq= to reduce scan time') re-using wpa_s->manual_scan_freqs and
MANUAL_SCAN_REQ. That got broken when commit
35d403096e ('Set NORMAL_SCAN_REQ on
SELECT_NETWORK/ENABLE_NETWORK') started overriding wpa_s->scan_req for
SELECT_NETWORK.

Fix this by adding a new scan frequency list specifically for
SELECT_NETWORK so that this does not need to depend on any specific
wpa_s->scan_req value.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-26 12:05:40 +02:00
Jouni Malinen
869af30728 FILS: Use FILS Cache Identifier to extend PMKSA applicability
This allows PMKSA cache entries for FILS-enabled BSSs to be shared
within an ESS when the BSSs advertise the same FILS Cache Identifier
value.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-26 12:05:40 +02:00
Masashi Honma
025c6a47fb VHT: Remove a redundant check
This check is already done in ibss_mesh_setup_freq().

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-02-19 16:01:17 +02:00
Jouni Malinen
c6c41f6ea6 FT: Support addition of RIC elements into Reassociation Request frame
The new "SET ric_ies <hexdump>" control interface command can now be
used to request wpa_supplicant to add the specified RIC elements into
Reassociation Request frame when using FT protocol. This is mainly for
testing purposes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-18 21:39:01 +02:00
Jouni Malinen
c06fca04fd Add wpa_supplicant SET get_pref_freq_list_override
This can be used to override driver get_pref_freq_list() operation for
more convenient testing of preferred frequency list functionality.

Override string format:
<if_type1>:<freq1>,<freq2>,... <if_type2>:...

if_type: 0=STATION, 2=AP, 3=P2P_GO, 4=P2P_CLIENT, 8=TDLS, 9=IBSS

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-16 12:08:22 +02:00
Paul Stewart
ed9b1c16d5 EAP peer: Cache decrypted requests for EAP-SIM/AKA/AKA'
Add an internal flag which indicates to tunneled EAP methods (FAST,
PEAP, TTLS) that they should cache decrypted EAP-SIM/AKA/AKA' requests.
This allows EAP-SIM/AKA/AKA' to be tunneled within these outer methods
while using an external SIM authenticator over the control interface.

Signed-off-by: Paul Stewart <pstew@google.com>
2017-02-10 19:48:12 +02:00
Jouni Malinen
4c6f450cad Add radio_work_is_connect() helper
This avoids duplicated code to check for different types of connection
radio work items.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-07 23:58:56 +02:00
Sunil Dutt
85b6b6b6e1 Serialize scan/p2p-scan if already scheduled on the same interface
The current implementation of QCA vendor scan does not handle the
simultaneous scan/p2p-scan operations on the same interface due to
missing support for tracking multiple scan cookie values. Hence
serialize such operations on the same interface for now.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-07 23:58:55 +02:00
Jouni Malinen
9b170991ac mesh: Fix mesh interface removal fix
This wpa_drv_if_remove() call was previously modified to fix a different
issue, but that fix resulted in unconditional use of treed memory here
(wpa_supplicant_deinit_iface() frees wpa_s). Make a local copy of
wpa_s->parent to be able to use it after wpa_s is freed. The
mesh_if_created case has wpa_s->parent != wpa_s, so this should be
sufficient way of handling the wpa_drv_if_remove() call here.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-04 21:24:37 +02:00
Jouni Malinen
0da355235e FST: Remove WPA_ASSERT from wpas_fst_send_action_cb()
It was possible to hit this WPA_ASSERT when FST-MANAGER SESSION_REMOVE
command is exececuted when in not-associated state. In
CONFIG_EAPOL_TEST=y builds, this would result in the wpa_supplicant
process being terminated. Convert this WPA_ASSERT to a check that does
not terminate the process, but only rejects the command if wpa_s->bssid
does not match the da argument.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-29 19:22:14 +02:00
Johannes Berg
30eddf3529 Fix or supress various sparse warnings
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-01-29 18:33:10 +02:00
Jouni Malinen
b301f54e55 IBSS/mesh: Skip VHT channel setup with vht_disabled=1
If the VHT capability override vht_disabled=1 is used in the network
profile, skip VHT configuration of the local channel.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-29 18:31:54 +02:00
Masashi Honma
9eb5757a86 Define helper function set_disable_ht40()
This functionality can be used outside wpa_set_disable_ht40(), so move
the generic part to a helper function.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-01-29 18:04:21 +02:00
Saurav Babu
6b585f420a mesh: Fix crash on removing virtual mesh interface
If a virtual mesh interface has been created and is still operational
when the main interface is removed (e.g., Wi-Fi hardware ejected), the
following crash occurred with the below backtrace:

WPA_TRACE: eloop SIGSEGV - START
[1]: /usr/local/sbin/wpa_supplicant() [0x44ef7e]
     eloop_sigsegv_handler() home/saurav/hostap/wpa_supplicant/../src/utils/eloop.c:123
[2]: /lib/x86_64-linux-gnu/libc.so.6(+0x36d40) [0x7f4c395cfd40]
[3]: /usr/local/sbin/wpa_supplicant(wpa_supplicant_remove_iface+0xd0) [0x57f500]
     wpa_supplicant_remove_iface() home/saurav/hostap/wpa_supplicant/wpa_supplicant.c:5338
[4]: /usr/local/sbin/wpa_supplicant() [0x57fbef]
     wpa_supplicant_deinit_iface() home/saurav/hostap/wpa_supplicant/wpa_supplicant.c:5069
[5]: /usr/local/sbin/wpa_supplicant(wpa_supplicant_remove_iface+0xc5) [0x57f4f5]
     wpa_supplicant_remove_iface() home/saurav/hostap/wpa_supplicant/wpa_supplicant.c:5343
[6]: /usr/local/sbin/wpa_supplicant(wpas_dbus_handler_remove_interface+0x8d) [0x55baad]
     wpas_dbus_handler_remove_interface() home/saurav/hostap/wpa_supplicant/dbus/dbus_new_handlers.c:679
[7]: /usr/local/sbin/wpa_supplicant() [0x5560cb]
     msg_method_handler() home/saurav/hostap/wpa_supplicant/dbus/dbus_new_helpers.c:354
     message_handler() home/saurav/hostap/wpa_supplicant/dbus/dbus_new_helpers.c:410
[8]: /lib/x86_64-linux-gnu/libdbus-1.so.3(+0x1be86) [0x7f4c39979e86]
[9]: /lib/x86_64-linux-gnu/libdbus-1.so.3(dbus_connection_dispatch+0x381) [0x7f4c3996ca21]
[10]: /usr/local/sbin/wpa_supplicant() [0x567148]
     dispatch_data() home/saurav/hostap/wpa_supplicant/dbus/dbus_common.c:36
[11]: /usr/local/sbin/wpa_supplicant() [0x5674a7]
     process_watch() home/saurav/hostap/wpa_supplicant/dbus/dbus_common.c:75
     process_watch_read() home/saurav/hostap/wpa_supplicant/dbus/dbus_common.c:90
[12]: /usr/local/sbin/wpa_supplicant() [0x44f297]
     eloop_sock_table_dispatch() home/saurav/hostap/wpa_supplicant/../src/utils/eloop.c:598
[13]: /usr/local/sbin/wpa_supplicant(eloop_run+0x1fe) [0x44ff1e]
     eloop_run() home/saurav/hostap/wpa_supplicant/../src/utils/eloop.c:1219
[14]: /usr/local/sbin/wpa_supplicant(wpa_supplicant_run+0x77) [0x57fd87]
     wpa_supplicant_run() home/saurav/hostap/wpa_supplicant/wpa_supplicant.c:5608
[15]: /usr/local/sbin/wpa_supplicant(main+0x3a8) [0x43ba88]
     main() home/saurav/hostap/wpa_supplicant/main.c:392
WPA_TRACE: eloop SIGSEGV - END
Aborted (core dumped)

Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
2017-01-29 17:42:02 +02:00
Jouni Malinen
5732b770f4 FILS: Allow FILS HLP requests to be added
The new wpa_supplicant control interface commands FILS_HLP_REQ_FLUSH and
FILS_HLP_REQ_ADD can now be used to request FILS HLP requests to be
added to the (Re)Association Request frame whenever FILS authentication
is used.

FILS_HLP_REQ_ADD parameters use the following format:
<destination MAC address> <hexdump of payload starting from ethertype>

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-01-29 14:32:17 +02:00
Masashi Honma
4d77d80edd mesh: Add MESH_PMKSA_GET/ADD commands
These commnds are mesh version of PMKSA_GET/ADD commands. So the usage
and security risk is similar to them. Refer to
commit 3459381dd2 ('External persistent
storage for PMKSA cache entries') also.

The MESH_PMKSA_GET command requires peer MAC address or "any" as an
argument and outputs appropriate stored PMKSA cache. And the
MESH_PMKSA_ADD command receives an output of MESH_PMKSA_GET and re-store
the PMKSA cache into wpa_supplicant. By using re-stored PMKSA cache,
wpa_supplicant can skip commit message creation which can use
significant CPU resources.

The output of the MESH_PMKSA_GET command uses the following format:
<BSSID> <PMKID> <PMK> <expiration in seconds>

The example of MESH_PMKSA_ADD command is this.
MESH_PMKSA_ADD 02:00:00:00:03:00 231dc1c9fa2eed0354ea49e8ff2cc2dc cb0f6c9cab358a8146488566ca155421ab4f3ea4a6de2120050c149b797018fe 42930
MESH_PMKSA_ADD 02:00:00:00:04:00 d7e595916611640d3e4e8eac02909c3c eb414a33c74831275f25c2357b3c12e3d8bd2f2aab6cf781d6ade706be71321a 43180

This functionality is disabled by default and can be enabled with
CONFIG_PMKSA_CACHE_EXTERNAL=y build configuration option.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-01-14 18:07:46 +02:00
Jouni Malinen
6774c6a9fe Update copyright notices for the new year 2017
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-03 15:18:30 +02:00
Avraham Stern
76196ddb2b wpa_supplicant: Add support for Beacon Report Radio Measurement
Beacon Report Radio Measurement is defined in IEEE Std 802.11-2016,
11.11.9.1. Beacon Report is implemented by triggering a scan on the
requested channels with the requested parameters.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2017-01-03 15:18:30 +02:00
Avraham Stern
ec493469f6 wpa_supplicant: Move RRM implementation to a dedicated file
As support for new RRM measurements will be added, the RRM
implementation will become quite large, so move it to a dedicated file.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2017-01-03 15:18:29 +02:00
Jouni Malinen
6a31440b86 Fix LCI request subelement processing
Commit 4a742011ab ('wpa_supplicant: Handle
LCI request') introduced LCI request parsing in a manner that
incremented the request pointer by four within
wpas_rrm_build_lci_report() without decrementing len correspondingly.
This could potentially result in get_ie() reading four octets beyond the
buffer if a corrupted request is received. This would be applicable only
if the LCI reporting was enabled explicitly ("SET LCI ..." control
interface command).

Fix this by updating the len variable to match the request pointer
changes.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-01-03 15:18:29 +02:00
vamsi krishna
065c029a55 Remove MBO dependency from Supported Operating Classes element
Supported Operating Classes element and its use is define in the IEEE
802.11 standard and can be sent even when MBO is disabled in the build.
As such, move this functionality out from the CONFIG_MBO=y only mbo.c.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-11 22:07:58 +02:00
Jouni Malinen
a1836de64b SME: Fix IBSS setup after shared key/FT/FILS association
wpa_s->sme.auth_alg could have been left to a previously value other
than WPA_AUTH_ALG_OPEN if IBSS network is used after an association that
used shared key, FT, or FILS authentication algorithm. This could result
in the IBSS setup failing due to incorrect authentication processing
steps.

Fix this by setting wpa_s->sme.auth_alg = WPA_AUTH_ALG_OPEN whenever
starting an IBSS (or mesh, for that matter) network.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-11 18:23:13 +02:00
Sabrina Dubroca
ad51731abf wpa_supplicant: Allow pre-shared (CAK,CKN) pair for MKA
This enables configuring key_mgmt=NONE + mka_ckn + mka_cak.
This allows wpa_supplicant to work in a peer-to-peer mode, where peers
are authenticated by the pre-shared (CAK,CKN) pair. In this mode, peers
can act as key server to distribute keys for the MACsec instances.

This is what some MACsec switches support, and even without HW
support, it's a convenient way to setup a network.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-11-20 00:35:08 +02:00
Jouni Malinen
81a10a9442 Do not try to start/join RSN IBSS without CONFIG_IBSS_RSN=y
Previously, a build without IBSS RSN support tried to start/join an IBSS
even if the profile was configured with RSN parameters. This does not
work and resulted in quite confusing debug log. Make this clearer by
explicitly checking for this case and reject the connection attempt with
a clearer debug log entry instead of trying something that is known to
fail.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-28 19:33:20 +03:00
Benjamin Richter
5d30f927ea wpa_supplicant: Restore permanent MAC address on reassociation
With mac_addr=0 and preassoc_mac_addr=1, the permanent MAC address
should be restored for association. Previously this did not happen when
reassociating to the same ESS.

Signed-off-by: Benjamin Richter <br@waldteufel.eu>
2016-10-16 11:44:34 +03:00
Jouni Malinen
4b5b8a53a1 WPS: Force BSSID for WPS provisioning step connection
This was already done for most driver cases, but it is possible that the
BSSID/frequency is not forced if the driver reports BSS selection
capability (e.g., NL80211_ATTR_ROAM_SUPPORT). That could potentially
result in the driver ignoring the BSSID/frequency hint and associating
with another (incorrect) AP for the WPS provisioning step if that
another AP in the same ESS is more preferred (e.g., better signal
strength) by the driver and only one of the APs (the not preferred one)
is in active WPS registrar state.

While most drivers follow the BSSID hint for the initial connection to
an ESS, not doing it here for the WPS provisioning would break the
protocol. Fix this by enforcing a single BSSID/frequency to disallow the
driver from selecting an incorrect AP for the WPS provisioning
association.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-11 00:25:20 +03:00
Jouni Malinen
b8ae56e4d0 FILS: Allow wpa_supplicant to select FILS AKM for connection
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:46 +03:00
Jouni Malinen
e4d2ce1b52 FILS: Set FILS Capability bit in management frames from station
If FILS is supported, indicate that in Probe Request and (Re)Association
Request frames in the Extended Capabilities element.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:46 +03:00
Max Stepanov
be7ebd892e wpa_supplicant: Cancel sched_scan on SELECT_NETWORK initiated scan
If a scheduled scan is running on select network command,
cancel and reset it before kicking off a regular scan request.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
2016-09-27 00:02:44 +03:00
Mikael Kanstrup
02adead53e Add ignore_auth_resp control interface debug parameter
Implement "SET ignore_auth_resp <0/1>" command to simulate auth/assoc
response loss and EAPOL RX packet loss by ignoring corresponding
incoming events.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2016-09-23 17:36:55 +03:00
Mikael Kanstrup
04e3d8156a Blacklist correct BSSID on authentication timeout
If authentication times out while reassociating to same ESS incorrect
BSSID may end up being blacklisted. Use pending_bssid field on
authentication timeout and deauthentication to ensure the correct AP
gets blacklisted. This is mainly to address cases related to Android
framework roaming behavior.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2016-09-23 17:36:55 +03:00
Lior David
d1723c5566 wpa_supplicant: Allow FTM functionality to be published
Add configuration options that control publishing of fine timing
measurement (FTM) responder and initiator functionality via bits 70, 71
of Extended Capabilities element. Typically, FTM functionality is
controlled by a location framework outside wpa_supplicant. When
framework is activated, it will use wpa_supplicant to configure the
STA/AP to publish the FTM functionality. See IEEE P802.11-REVmc/D7.0,
9.4.2.27.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-09-05 21:27:23 +03:00
Roshan Pius
d015bb05df Move network add/remove operations to a common function
All the 3 control interfaces: socket based, dbus & binder needs to
perform the same sequence of steps for network add/remove. So, move
these to a common utility method in |wpa_supplicant.c| instead of
duplicating the code everywhere.

Signed-off-by: Roshan Pius <rpius@google.com>
2016-08-18 20:46:18 +03:00
Masashi Honma
ecba4509d9 mesh: Simplify HT40 check code
The ht40 variable can only have values -1 or 1 here, so need to try to
address ht40 == 0 case.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-08-18 10:46:39 +03:00
Masashi Honma
05aed438cd mesh: Set correct secondary channel offset if HT40 is disabled
Previously, secondary channel offset could be non zero even though
disable_ht40=1. This patch fixes it.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-08-18 10:43:19 +03:00
Roshan Pius
5f040be4ff Move disconnect command handling to a common place
Move out the disconnect command handling from |ctrl_iface.c| to
|wpa_supplicant.c| so that it can be reused across the different
control interfaces (socket, dbus & binder).

Signed-off-by: Roshan Pius <rpius@google.com>
2016-08-13 21:11:04 +03:00
vamsi krishna
cc9985d1b1 Set default scan IEs to the driver (QCA vendor extension)
This makes wpa_supplicant set default scan IEs to the driver (if the
vendor command is supported). The driver can use these IEs in the scan
requests initiated by the driver itself. Also the driver can merge these
IEs into further scan requests that it receives, in case if the scan
request doesn't carry any of the IEs sent in this command.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-08-02 21:21:52 +03:00
Masashi Honma
3388e7b96f mesh: Remove HT IEs if HT is disabled
Previously, HT capability IE and HT information IE were included in
Beacon and Mesh Peering Open/Confirm frames even if HT is disabled with
disable_ht=1. This patch removes these.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-07-23 22:04:16 +03:00
Jouni Malinen
4d8d710f0b Fix byte order for CONFIG_VHT_OVERRIDES parameters
The VHT parameters were not swapped properly on big endian systems.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-23 13:41:18 +03:00
Jouni Malinen
39cdd3a0f9 FST: Mark wpa_supplicant callback functions get_peer_{first,next} static
These are used only through function pointers, so no need to keep the
functions non-static.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-23 13:32:29 +03:00
Jouni Malinen
331f07742f mesh: Allow 160 MHz channel to be configured
This allows minimal testing with 160 MHz channel with country code ZA
that happens to be the only one with a non-DFS 160 MHz frequency. DFS
with mesh is not yet supported.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-04 21:30:51 +03:00
Kanchanapally, Vidyullatha
cc9a2575ca nl80211: Use extended capabilities per interface type
This adds the necessary changes to support extraction and use of the
extended capabilities specified per interface type (a recent
cfg80211/nl80211 extension). If that information is available,
per-interface values will be used to override the global per-radio
value.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-31 21:35:54 +03:00
Jouni Malinen
22950049e4 Ignore pmf=1/2 parameter for non-RSN networks
PMF is available only with RSN and pmf=2 could have prevented open
network connections. Change the global wpa_supplicant pmf parameter to
be interpreted as applying only to RSN cases to allow it to be used with
open networks.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-05 21:09:08 +03:00
David Spinadel
4a742011ab wpa_supplicant: Handle LCI request
Handle radio measurement request that contains LCI request. Send
measurement report based on a configurable LCI report element. The LCI
report element is configured over the control interface with

SET lci <hexdump of the element>

and cleared with

SET lci ""

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-17 12:29:12 +03:00
David Spinadel
d41a5352fe wpa_supplicant: Add LCI and civic request to Neighbor Report Request
Add an option to request LCI and Location Civic Measurement in Neighbor
Report Request frame, as described in IEEE P802.11-REVmc/D5.0, 9.6.7.6.

Note: This changes the encoding format of the NEIGHBOR_REP_REQUEST
ssid=<val> parameter. This used to be parsed as raw SSID data which is
problematic for accepting additional parameters. The new encoding allows
either a string within double-quotation marks or a hexdump of the raw
SSID.

Thew new format:
NEIGHBOR_REP_REQUEST [ssid=<SSID>] [lci] [civic]

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-16 21:05:39 +03:00
Matti Gottlieb
ece4ac5f4e HS 2.0: Add support for configuring frame filters
When a station starts an association to a Hotspot 2.0 network, request
the driver to do the following, based on the BSS capabilities:

1. Enable gratuitous ARP filtering
2. Enable unsolicited Neighbor Advertisement filtering
3. Enable unicast IP packet encrypted with GTK filtering if
   DGAF disabled bit is zero

Clear the filter configuration when the station interface is
disassociated.

Signed-off-by: Matti Gottlieb <matti.gottlieb@intel.com>
2016-04-08 15:21:18 +03:00
Lior David
90f14962ec wpa_supplicant: "don't care" value for pbss in ssid structure
Add a new value 2 to the pbss parameter of wpa_ssid structure, which
means "don't care". This value is used in infrastructure mode to request
connection to either AP or PCP, whichever is available in the scan
results. The value is also used in regular WPS (not P2P group formation)
to make WPS work with devices running as either AP or PCP.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-04-08 12:56:34 +03:00
Jouni Malinen
6a5ee810a3 Include previous BSSID in connection request to indicate reassociation
This allows the SME-in-the-driver case to get similar information about
reassociation that was already available for the SME-in-wpa_supplicant
case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-24 22:35:10 +02:00
Roy Marples
2e997eece5 Add interface matching support with -M, guarded by CONFIG_MATCH_IFACE
The new wpa_supplicant command line argument -M can be used to describe
matching rules with a wildcard interface name (e.g., "wlan*").

This is very useful for systems without udev (Linux) or devd (FreeBSD).

Signed-off-by: Roy Marples <roy@marples.name>
2016-03-22 17:41:37 +02:00
Roy Marples
45e3fc72c6 Find correct driver for interface additions/removals
Interface additions/removals are not guaranteed to be for the driver
listening to the kernel events. As such, send the events to
wpa_supplicant_event_global() which can then pick the correct interface
registered with wpa_supplicant to send the event to.

Signed-off-by: Roy Marples <roy@marples.name>
2016-03-22 17:41:37 +02:00
Lior David
2b6e9f91df wpa_supplicant: Expose wpas_get_bands() and related API
Expose the functions wpas_get_bands() and wpas_freq_to_band() and the
enum wpa_radio_work_band, since they will be needed outside
wpa_supplicant.c.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-03-03 15:10:50 +02:00
Lior David
96a26ab744 P2P: Support dedicated P2P_DEVICE without separate group interface
Add support for drivers with dedicated P2P_DEVICE interface, but without
group interface concurrency (only a single netdev is used). With such
devices, wpa_supplicant tried to use the p2p_dev interface instead of
the group interface and most P2P operations failed. Extend
wpa_supplicant to use the primary interface instead of a separate group
interface in such cases.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-02-27 19:37:19 +02:00
Lior David
ba307f8528 P2P: Add a separate pointer to the P2P Device instance
In many places in the code there was a reference to wpa_s->parent to get
from group interface to p2p_dev interface. These places can break if
P2P_DEVICE interface would need to be used with the primary interface as
the group interface, since the parent of the primary interface points to
itself and not the p2p_dev interface.

Fix this by adding a separate "p2pdev" pointer to wpa_supplicant,
it will be the same as parent pointer in most cases but whenever
the primary interface is used as a group interface, change it to
point to the correct p2p_dev interface.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-02-27 19:37:19 +02:00
Jouni Malinen
d010048cf7 MBO: Expire non-matching bss_tmp_disallowed entries as part of check
This makes wpa_is_bss_tmp_disallowed() expire old entries from the
bss_tmp_disallowed list even if they do not match the BSSID that is
being searched for. This allows the list to be kept at shorter length to
speed up operations and minimize memory use in cases where the
previously disabled BSS is not in radio range anymore.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-22 19:53:04 +02:00
Avraham Stern
c484b19882 Move Hotspot 2.0 element in (Re)Association Request frames
According to IEEE Std 802.11-2012, Table 8-22, vendor specific elements
must follow all other elements, so Hotspot 2.0 element which is actually
a vendor specific element must come after all other elements.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-02-22 19:53:04 +02:00
Avraham Stern
dd5999084e MBO: Parse MBO IE in BSS Transition Management Request frames
Add parsing of MBO IE in BSS Transition Management Request frames. If
the MBO IE includes the association retry delay attribute, do not try to
reconnect to the current BSS until the delay time is over.

If the MBO IE includes the cellular data connection preference attribute
or the transition rejection reason attribute, send a message to upper
layers with the data.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-02-22 19:53:04 +02:00
Avraham Stern
5e57ba2505 MBO: Add Supported Operating Classes element to Association Request
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-02-22 19:53:04 +02:00
David Spinadel
92c6e2e3a9 MBO: Implement MBO non-preferred channel report in Association Request
Add MBO IE with non-preferred channels to (Re)Association Request
frames.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-02-22 19:53:04 +02:00
Avraham Stern
ea69d9737c wpa_supplicant: Share a single get_mode() implementation
There is no need to duplicate this helper function in multiple files.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-02-21 17:14:51 +02:00
Masashi Honma
70c93963ed SAE: Fix PMKID calculation for PMKSA cache
The SAE PMKID is calculated with IEEE Std 802.11-2012 11.3.5.4, but the
PMKID was re-calculated with 11.6.1.3 and saved into PMKSA cache. Fix
this to save the PMKID calculated with 11.3.5.4 into the PMKSA cache.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-02-18 21:07:47 +02:00
Lior David
b907491281 wpa_supplicant: Basic support for PBSS/PCP
PBSS (Personal Basic Service Set) is a new BSS type for DMG
networks. It is similar to infrastructure BSS, having an AP-like
entity called PCP (PBSS Control Point), but it has few differences.
PBSS support is mandatory for IEEE 802.11ad devices.

Add a new "pbss" argument to network block. The argument is used
in the following scenarios:
1. When network has mode=2 (AP), when pbss flag is set will start
as a PCP instead of an AP.
2. When network has mode=0 (station), when pbss flag is set will
connect to PCP instead of AP.

The function wpa_scan_res_match() was modified to match BSS according to
the pbss flag in the network block (wpa_ssid structure). When pbss flag
is set it will match only PCPs, and when it is clear it will match only
APs.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-02-08 22:23:56 +02:00
Roy Marples
2e69bdd16a eloop: Add eloop_sock_requeue()
This function can be used to re-build eloop socket tables after forking
for eloop implementations that need this.

Signed-off-by: Roy Marples <roy@marples.name>
2016-02-07 12:38:04 +02:00
Jouni Malinen
6174de663c mesh: Connection and group started/removed events into debug log
The messages were sent out with wpa_msg_ctrl() so they were not visible
in the debug log. However, these would be quite helpful strings to
search for in the debug log, so change these messages to use wpa_msg().

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-06 13:13:13 +02:00
Jouni Malinen
15c5606758 Update copyright notices for the new year 2016
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-01 13:42:04 +02:00
Ilan Peer
ede7770180 wpa_supplicant: Do not wait for monitor on P2P Device interface
External programs are not aware of the creation of a
dedicated P2P Device interface, so it does not make sense
to wait for a monitor to connect on such an interface.

Fix this by not waiting on a dedicated P2P Device interface
for monitor to attach.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-12-28 17:21:08 +02:00
Jouni Malinen
e7160bd8fe Drop any pending EAPOL RX frame when starting a new connection
Such a pending frame cannot be valid anymore, so drop it instead of
risking of using an unexpected EAPOL frame after association if a
previous association received one at the end and the new association can
happen within 100 ms.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 17:25:41 +02:00
Jouni Malinen
ca9968a012 HS 2.0: Convert icon storage to use dl_list
This simplifies the list operations quite a bit.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-19 18:49:57 +02:00
Jouni Malinen
3c108b7573 EAP peer: External server certificate chain validation
This adds support for optional functionality to validate server
certificate chain in TLS-based EAP methods in an external program.
wpa_supplicant control interface is used to indicate when such
validation is needed and what the result of the external validation is.

This external validation can extend or replace the internal validation.
When ca_cert or ca_path parameter is set, the internal validation is
used. If these parameters are omitted, only the external validation is
used. It needs to be understood that leaving those parameters out will
disable most of the validation steps done with the TLS library and that
configuration is not really recommend.

By default, the external validation is not used. It can be enabled by
addingtls_ext_cert_check=1 into the network profile phase1 parameter.
When enabled, external validation is required through the CTRL-REQ/RSP
mechanism similarly to other EAP authentication parameters through the
control interface.

The request to perform external validation is indicated by the following
event:
CTRL-REQ-EXT_CERT_CHECK-<id>:External server certificate validation needed for SSID <ssid>

Before that event, the server certificate chain is provided with the
CTRL-EVENT-EAP-PEER-CERT events that include the cert=<hexdump>
parameter. depth=# indicates which certificate is in question (0 for the
server certificate, 1 for its issues, and so on).

The result of the external validation is provided with the following
command:
CTRL-RSP-EXT_CERT_CHECK-<id>:<good|bad>

It should be noted that this is currently enabled only for OpenSSL (and
BoringSSL/LibreSSL). Due to the constraints in the library API, the
validation result from external processing cannot be reported cleanly
with TLS alert. In other words, if the external validation reject the
server certificate chain, the pending TLS handshake is terminated
without sending more messages to the server.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-12 18:24:27 +02:00
Avichal Agarwal
af041f997d dbus: Add support for vendor specific elements
The new methods are
1. VendorElemAdd "i" "ay" i=integer ay=array of bytes
2. VendorElemGet "i" i=integer (output array of bytes)
3. VendorElemRem "i" "ay" i=integer ay=array of bytes

These provide functionality similar to the control interface commands
VENDOR_ELEM_ADD, VENDOR_ELEM_GET, and VENDOR_ELEM_REMOVE.

Signed-off-by: Avichal Agarwal <avichal.a@samsung.com>
Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com>
Signed-off-by: Kyeong-Chae Lim <kcya.lim@samsung.com>
Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
Signed-off-by: Dilshad Ahmad <dilshad.a@samsung.com>
[VendorElemGet to return array of bytes instead of string; cleanup]
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-06 12:50:13 +02:00
Jouni Malinen
bea48f7784 Allow sched_scan_plans to be updated at runtime
This allows the control interface SET command to be used to update the
sched_scan_plans parameter at runtime. In addition, an empty string can
be used to clear the previously configured plan.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-30 14:03:28 +02:00
Avraham Stern
32c02261dd Add support for configuring scheduled scan plans
Add the option to configure scheduled scan plans in the config file.
Each scan plan specifies the interval between scans and the number
of scan iterations. The last plan will run infinitely and thus
specifies only the interval between scan iterations.

usage:
sched_scan_plans=<interval:iterations> <interval2:iterations2> ... <interval>

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2015-11-30 14:03:28 +02:00
Kanchanapally, Vidyullatha
4ead7cfd5d Abort an ongoing scan before connect
Connect radio work is sometimes delayed for a considerable duration if
there is an ongoing scan radio work. To avoid these delays abort the
ongoing scan on that interface before queuing a connect request. Upon a
scan done indication from the driver, connect radio work will be
scheduled.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-26 19:44:14 +02:00
Ahmad Kholaif
0f29bc68d1 IBSS/mesh: Add support for VHT80P80 configuration
A new network profile configuration parameter max_oper_chwidth=3 can be
used to specify preference to enable 80+80 MHz VHT channel for IBSS. If
that is set, the first 80 MHz segment is specified based on the
frequency parameter in the network profile and the second segment is
selected automatically (which will practically be limited to a single
possibility due to DFS requirements in most countries).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-26 17:47:15 +02:00
Jouni Malinen
9e68742ef1 Fix CONFIG_NO_WPA=y build
Number of places were calling functions that are not included in
CONFIG_NO_WPA=y build anymore. Comment out such calls. In addition, pull
in SHA1 and MD5 for config_internal.c, if needed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-23 23:34:52 +02:00
Jouni Malinen
d38c7be0f0 Skip SELECT_NETWORK steps only if already connected or connecting
Commit 2a6f78fbbe ('Do not re-associate on
SELECT_NETWORK to current network') started skipping all SELECT_NETWORK
connection steps if the selected network had already been selected
previously. This happened regardless of whether the connection was
already established. This is not necessarily desirable for all cases
where there is no immediate action to even try to connect (e.g., long
wait for the next scan).

Speed this up by allowing the SELECT_NETWORK operation to get started if
there is no connection or ongoing connection attempt with the selected
network.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-20 00:45:40 +02:00
Peter Oh
a65efbfb24 Add VHT support for Mesh
Mesh Points themselves have capability to support VHT as long as
hardware supports it. However, supporting VHT in mesh mode was disabled
because no one had clearly tested and confirmed its functionality. Since
VHT80 has now been verified to work with ath10k QCA988X driver and
mac80211_hwsim, enable VHT support in mesh mode.

Signed-off-by: Peter Oh <poh@qca.qualcomm.com>
2015-11-19 11:37:41 +02:00
Lubomir Rintel
1248e58492 wpa_supplicant: Reopen debug log file upon receipt of SIGHUP signal
This is useful for logrotate to be able to rotate the file even if the
control interface is not enabled (e.g., when using DBus).

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2015-10-25 20:45:02 +02:00
Jouni Malinen
a8412ec9d0 Clear own_disconnect_req on new connection attempt
It was possible for wpa_s->own_disconnect_req to be left set to 1 from a
disconnection attempt from a prior connection. This could then prevent
proper connection failure processing with the new connection in
wpas_connection_failed(). This was triggered by the following hwsim test
case sequence: wpas_mesh_secure sae_no_ffc_by_default. In this sequence,
the SAE failure due to unsupported group did not result in proper
wpas_connection_failed() processing and retry.

Fix this by clearing wpa_s->own_disconnect_req in
wpa_supplicant_associate() before starting a new connection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-12 14:24:06 +03:00
Kanchanapally, Vidyullatha
e903d32d41 Parallelize distinct radio work operations
This commit contains the necessary changes to parallelize
distinct radio work operations which are different in type and
the band used, only when the underlying driver is capable of
supporting such simultaneous offchannel operations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-01 01:41:46 +03:00
Andrei Otcheretianski
22264b3c61 Fix get_shared_radio_freqs_data() used-by flags setting
Fix an iteration bug in get_shared_radio_freqs_data when building
freqs_data array. Only the last used-by flag was maintained instead of
making this a bitfield of all found uses.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2015-09-25 21:02:55 +03:00
Masashi Honma
241c33335b mesh: Add support for scanning only the current frequency
This patch enables scan_cur_freq=1 on VIF based mesh network.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2015-09-25 20:59:32 +03:00
Jouni Malinen
5a1d9d1a8e Avoid reconnection on ENABLE_NETWORK if already connected
This was already the case for most command sequences, but it was
possible for wpa_s->reassociate to be set to 1 when CTRL-RSP-* commands
were used to set identity, password, or passphrase for EAP
authentication. In such cases, ENABLE_NETWORK issued after the
connection was completed could result in a new connection attempt
(likely reconnection back to the same BSS).

Fix this by checking whether an actual connection is already present
even if wpa_s->reassociate is set when processing the ENABLE_NETWORK
command.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-09-22 11:55:54 +03:00
Jouni Malinen
8406cd3515 Make it clearer that ap_scan=2 mode should not be used with nl80211
Add more details into configuration comments and a runtime info message
if ap_scan=2 is used with the nl80211 driver interface.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-05 01:04:29 +03:00
Jouni Malinen
35d403096e Set NORMAL_SCAN_REQ on SELECT_NETWORK/ENABLE_NETWORK
wpa_s->scan_req needs to be set in these cases to get correct scanning
behavior. This is mainly needed for starting of AP mode operation
immediately in ap_scan=2 case.

This fixes an issue that was found with mac80211_hwsim test cases in the
following sequence: dbus_autoscan dbus_ap_scan_2_ap_mode_scan

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-17 00:18:32 +03:00
Mahesh A Saptasagar
0d0f7ecbb1 Do not stop ongoing PNO sched_scan on association/disconnection
PNO was stopped by the wpa_supplicant during the connection attempts or
while handling disassociation indication. External entities, mainly, the
Android Wi-Fi framework, does not expects PNO to be stopped by other
modules. Hence, do not stop the sched_scan in these scenarios if it is
triggered externally for PNO.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-13 21:10:16 +03:00
Hu Wang
6108536d7d Drop connection attempt if network is disabled before radio work starts
With the radio work design, it is possible for a network entry to get
disabled (e.g., DISABLE_NETWORK <id>) during the time the connect or
sme-connect radio work waits to start. Previously, only the validity of
the BSS entry and BSSID/SSID was verified when starting the actual
connection step. Add call to wpas_network_disabled() to those checks to
catch the case where the network profile is disabled.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-10 22:16:19 +03:00
Jouni Malinen
84bcb4e7a9 FST: Mark fst_ies buffer const
This buffer is owned by the FST module, so mark it const in the
set_ies() callback to make it clearer which component is responsible for
modifying and freeing this.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-03 17:40:30 +03:00
Gautam
d4e597959c P2P: Fix P2P configuration file name
The P2P configuration file is wrongly set as STA configuration file,
even though a separate configuration file is mentioned with '-m' option.
Add initialization and deallocation of global.params->conf_p2p_dev to
fix this.

Signed-off-by: Gautam <gautams@broadcom.com>
2015-08-02 21:37:09 +03:00
Jouni Malinen
3188aabaf1 Add shared periodic cleanup function for AP mode
This new mechanism can be used to combine multiple periodic AP
(including P2P GO) task into a single eloop timeout to minimize number
of wakeups for the process. hostapd gets its own periodic caller and
wpa_supplicant uses the previously added timer to trigger these calls.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-20 13:33:30 +03:00
Jouni Malinen
8c0d0ff22e Use a single cleanup timer per wpa_supplicant process
Previously, one timeout per process (by default every 30 seconds) was
used P2P peer expiration and another per-interface timeout (every 10
seconds) was used to expire BSS entries. Merge these to a single
per-process timeout that triggers every 10 seconds to minimize number of
process wakeups due to periodic operations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-20 13:28:12 +03:00
Jouni Malinen
a0f04da517 FST: Mark get_mb_ie() return value const
The caller is not expected to free or modify the value since this is
returning a reference to a buffer maintained by the upper layer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-18 17:23:55 +03:00