Commit 483dd6a5e0 ('Include peer
certificate always in EAP events') added this wpa_supplicant global
configuration parameter, but forgot to add the actual parsing of it, so
there was no way of setting the value.
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds a new wpa_supplicant network profile parameter
mka_priority=0..255 to set the priority of the MKA Actor.
Signed-off-by: Badrish Adiga H R <badrish.adigahr@gmail.com>
Previously, wpa_supplicant only supported hardcoded port == 1 in the
SCI, but users may want to choose a different port.
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
So that the user can turn encryption on (MACsec provides
confidentiality+integrity) or off (MACsec provides integrity only). This
commit adds the configuration parameter while the actual behavior change
to disable encryption in the driver is handled in the following commit.
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
This enables configuring key_mgmt=NONE + mka_ckn + mka_cak.
This allows wpa_supplicant to work in a peer-to-peer mode, where peers
are authenticated by the pre-shared (CAK,CKN) pair. In this mode, peers
can act as key server to distribute keys for the MACsec instances.
This is what some MACsec switches support, and even without HW
support, it's a convenient way to setup a network.
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
This adds CONFIG_FILS=y build configuration option and new key
management options for FILS authentication.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add configuration options that control publishing of fine timing
measurement (FTM) responder and initiator functionality via bits 70, 71
of Extended Capabilities element. Typically, FTM functionality is
controlled by a location framework outside wpa_supplicant. When
framework is activated, it will use wpa_supplicant to configure the
STA/AP to publish the FTM functionality. See IEEE P802.11-REVmc/D7.0,
9.4.2.27.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
The new network profile parameter group_rekey can now be used to specify
the group rekeying internal in seconds for IBSS.
Signed-off-by: Jouni Malinen <j@w1.fi>
The previous version did not really work at all and it ended up crashing
if the os_strdup(field->name) call failed.
Signed-off-by: Jouni Malinen <j@w1.fi>
IEEE Std 802.11-2012, 10.19 (Public Action frame addressing) specifies
that the wildcard BSSID value is used in Public Action frames that are
transmitted to a STA that is not a member of the same BSS.
wpa_supplicant used to use the actual BSSID value for all such frames
regardless of whether the destination STA is a member of the BSS.
P2P does not follow this rule, so P2P Public Action frame construction
must not be changed. However, the cases using GAS/ANQP for non-P2P
purposes should follow the standard requirements.
Unfortunately, there are deployed AP implementations that do not reply
to a GAS request sent using the wildcard BSSID value. The previously
used behavior (Address3 = AP BSSID even when not associated) continues
to be the default, but the IEEE 802.11 standard compliant addressing
behavior can now be configured with gas_address3=1.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add a new parameter wps_disabled to network block (wpa_ssid). This
parameter allows WPS functionality to be disabled in AP mode.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
Many of the global configuration parameters are written as strings
without filtering and if there is an embedded newline character in the
value, unexpected configuration file data might be written.
This fixes an issue where wpa_supplicant could have updated the
configuration file global parameter with arbitrary data from the control
interface or D-Bus interface. While those interfaces are supposed to be
accessible only for trusted users/applications, it may be possible that
an untrusted user has access to a management software component that
does not validate the value of a parameter before passing it to
wpa_supplicant.
This could allow such an untrusted user to inject almost arbitrary data
into the configuration file. Such configuration file could result in
wpa_supplicant trying to load a library (e.g., opensc_engine_path,
pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user
controlled location when starting again. This would allow code from that
library to be executed under the wpa_supplicant process privileges.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Most of the cred block parameters are written as strings without
filtering and if there is an embedded newline character in the value,
unexpected configuration file data might be written.
This fixes an issue where wpa_supplicant could have updated the
configuration file cred parameter with arbitrary data from the control
interface or D-Bus interface. While those interfaces are supposed to be
accessible only for trusted users/applications, it may be possible that
an untrusted user has access to a management software component that
does not validate the credential value before passing it to
wpa_supplicant.
This could allow such an untrusted user to inject almost arbitrary data
into the configuration file. Such configuration file could result in
wpa_supplicant trying to load a library (e.g., opensc_engine_path,
pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user
controlled location when starting again. This would allow code from that
library to be executed under the wpa_supplicant process privileges.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Spurious newlines output while writing the config file can corrupt the
wpa_supplicant configuration. Avoid writing these for the network block
parameters. This is a generic filter that cover cases that may not have
been explicitly addressed with a more specific commit to avoid control
characters in the psk parameter.
Signed-off-by: Paul Stewart <pstew@google.com>
WPA/WPA2-Personal passphrase is not allowed to include control
characters. Reject a passphrase configuration attempt if that passphrase
includes an invalid passphrase.
This fixes an issue where wpa_supplicant could have updated the
configuration file psk parameter with arbitrary data from the control
interface or D-Bus interface. While those interfaces are supposed to be
accessible only for trusted users/applications, it may be possible that
an untrusted user has access to a management software component that
does not validate the passphrase value before passing it to
wpa_supplicant.
This could allow such an untrusted user to inject up to 63 characters of
almost arbitrary data into the configuration file. Such configuration
file could result in wpa_supplicant trying to load a library (e.g.,
opensc_engine_path, pkcs11_engine_path, pkcs11_module_path,
load_dynamic_eap) from user controlled location when starting again.
This would allow code from that library to be executed under the
wpa_supplicant process privileges.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Make the function available as part of the wpabuf API.
Use this renamed function where possible.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Add a new value 2 to the pbss parameter of wpa_ssid structure, which
means "don't care". This value is used in infrastructure mode to request
connection to either AP or PCP, whichever is available in the scan
results. The value is also used in regular WPS (not P2P group formation)
to make WPS work with devices running as either AP or PCP.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
This avoids unnecessary flushing of the PMKSA cache entry and EAP
session data when processing SET_NETWORK commands that set a network
profile parameter to the same value that the parameter already has.
Introduce a new wpa_config_set() and wpa_config_set_quoted() return
value (==1) signifying that the new value being set for the
corresponding field equals to the already configured one so that the
caller can determine that nothing changed in the profile.
For now, this does not cover all the network profile parameters, but
number of the most commonly used parameters are included to cover the
Android use cases where the framework may have issued SET_NETWORK
commands that would have unnecessarily prevented use of PMKSA caching or
EAP fast reauthentication.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add cellular capability attribute to MBO IE and add MBO IE with cellular
capabilities to Probe Request frames. By default, cellular capability
value is set to Not Cellular capable (3).
Signed-off-by: David Spinadel <david.spinadel@intel.com>
PBSS (Personal Basic Service Set) is a new BSS type for DMG
networks. It is similar to infrastructure BSS, having an AP-like
entity called PCP (PBSS Control Point), but it has few differences.
PBSS support is mandatory for IEEE 802.11ad devices.
Add a new "pbss" argument to network block. The argument is used
in the following scenarios:
1. When network has mode=2 (AP), when pbss flag is set will start
as a PCP instead of an AP.
2. When network has mode=0 (station), when pbss flag is set will
connect to PCP instead of AP.
The function wpa_scan_res_match() was modified to match BSS according to
the pbss flag in the network block (wpa_ssid structure). When pbss flag
is set it will match only PCPs, and when it is clear it will match only
APs.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
Since hostapd supports ACS now, let's enable its support in
wpa_supplicant as well when starting AP mode.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
[u.oelmann@pengutronix.de: rebased series from hostap_2_1~944 to master]
[u.oelmann@pengutronix.de: adjusted added text in defconfig]
Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
This allows the control interface SET command to be used to update the
sched_scan_plans parameter at runtime. In addition, an empty string can
be used to clear the previously configured plan.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add the option to configure scheduled scan plans in the config file.
Each scan plan specifies the interval between scans and the number
of scan iterations. The last plan will run infinitely and thus
specifies only the interval between scan iterations.
usage:
sched_scan_plans=<interval:iterations> <interval2:iterations2> ... <interval>
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
A new network profile configuration parameter max_oper_chwidth=3 can be
used to specify preference to enable 80+80 MHz VHT channel for IBSS. If
that is set, the first 80 MHz segment is specified based on the
frequency parameter in the network profile and the second segment is
selected automatically (which will practically be limited to a single
possibility due to DFS requirements in most countries).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Number of places were calling functions that are not included in
CONFIG_NO_WPA=y build anymore. Comment out such calls. In addition, pull
in SHA1 and MD5 for config_internal.c, if needed.
Signed-off-by: Jouni Malinen <j@w1.fi>
Some APs may send RSC octets in EAPOL-Key message 3 of 4-Way Handshake
or in EAPOL-Key message 1 of Group Key Handshake in the opposite byte
order (or by some other corrupted way). Thus, after a successful
EAPOL-Key exchange the TSC values of received multicast packets, such as
DHCP, don't match the RSC one and as a result these packets are dropped
on replay attack TSC verification. An example of such AP is Sapido
RB-1732.
Work around this by setting RSC octets to 0 on GTK installation if the
AP RSC value is identified as a potentially having the byte order issue.
This may open a short window during which older (but valid)
group-addressed frames could be replayed. However, the local receive
counter will be updated on the first received group-addressed frame and
the workaround is enabled only if the common invalid cases are detected,
so this workaround is acceptable as not decreasing security
significantly. The wpa_rsc_relaxation global configuration property
allows the GTK RSC workaround to be disabled if it's not needed.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
All interface globals are now exposed as D-Bus properties of type
string, and parsed via the normal interface global parsing functions.
Signed-off-by: Dan Williams <dcbw@redhat.com>
Upon any change in the currently used channels evaluate if a GO should
move to a different operating frequency, where the possible scenarios:
1. The frequency that the GO is currently using is no longer valid,
due to regulatory reasons, and thus the GO must be moved to some
other frequency.
2. Due to Multi Concurrent Channel (MCC) policy considerations, it would
be preferable, based on configuration settings, to prefer Same
Channel Mode (SCM) over concurrent operation in multiple channels.
The supported policies:
- prefer SCM: prefer moving the GO to a frequency used by some other
interface.
- prefer SCM if Peer supports: prefer moving the GO to a frequency
used by some other station interface iff the other station
interface is using a frequency that is common between the local and
the peer device (based on the GO Negotiation/Invitation signaling).
- Stay on the current frequency.
Currently, the GO transition to another frequency is handled by a
complete tear down and re-setup of the GO. Still need to add CSA flow to
the considerations.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
The mesh SAE auth often fails with master branch. By bisect I found
commit eb5fee0bf5 ('SAE: Add side-channel
protection to PWE derivation with ECC') causes this issue. This does not
mean the commit has a bug. This is just a CPU resource issue.
After the commit, sae_derive_pwe_ecc() spends 101(msec) on my PC (Intel
Atom N270 1.6GHz). But dot11RSNASAERetransPeriod is 40(msec). So
auth_sae_retransmit_timer() is always called and it can causes
continuous frame exchanges. Before the commit, it was 23(msec).
On the IEEE 802.11 spec, the default value of dot11RSNASAERetransPeriod
is defined as 40(msec). But it looks short because generally mesh
functionality will be used on low spec devices. Indeed Raspberry Pi B+
(ARM ARM1176JZF-S 700MHz) requires 287(msec) for new
sae_derive_pwe_ecc().
So this patch makes the default to 1000(msec) and makes it configurable.
This issue does not occur on infrastructure SAE because the
dot11RSNASAERetransPeriod is not used on it.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Allow proper update for listen_reg_class and listen_channel with
changed_parameters [CFG_CHANGED_P2P_LISTEN_CHANNEL] configuration for
command received through ctrl_interface. Without this, "set
p2p_listen_channel" and "set p2p_listen_reg_class" do not update the
listen channel. The D-Bus version was already setting these flags.
Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com>
As far as IEEE 802.11 standard is concerned, WEP is deprecated, but at
least in theory, allowed as a group cipher. This option is unlikely to
be deployed anywhere and to clean up the implementation, we might as
well remove all support for this combination.
Signed-off-by: Jouni Malinen <j@w1.fi>
1. Add global p2p_cli_probe property to enable/disable Probe Request
frame RX reporting for connected P2P Clients. The property can be set to
0 - disable or 1 - enable. The default value is 0.
2. Enable Probe Request frame RX reporting for P2P Client on
WPA_COMPLETED state if p2p_cli_probe property is set to 1. Disable it
when an interface state is changing to any other state.
3. Don't cancel Probe Request frame RX reporting on wpa_stop_listen for
a connected P2P Client handling Probe Request frames.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
This commit adds a configurable parameter (wps_priority) to specify the
priority for the networks derived through WPS connection.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This makes source code more consistent. The use within Android driver
interface is left as-is to avoid changes in the old PNO interface
definition.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new network profile parameter mem_only_psk=1 can be used to specify
that the PSK/passphrase for that network is requested over the control
interface (ctrl_iface or D-Bus) similarly to the EAP network parameter
requests. The PSK/passphrase can then be configured temporarily in a way
that prevents it from getting stored to the configuration file.
For example:
Event:
CTRL-REQ-PSK_PASSPHRASE-0:PSK or passphrase needed for SSID test-wpa2-psk
Response:
CTRL-RSP-PSK_PASSPHRASE-0:"qwertyuiop"
Note: The response value uses the same encoding as the psk network
profile parameter, i.e., passphrase is within double quotation marks.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add support to retrieve IPv4 config variables with the "get" control
interface command. This allows the ip_addr_* parameters for P2P+NFC
IP address assignment to be fetched from the GO.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Read p2p_go_ctwindow (0-127 TUs) from the config file, and pass it to
the driver on GO start.
Use p2p_go_ctwindow=0 (no CTWindow) by default.
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
Add fixed_freq=<0/1> network block parameter and pass it to the driver
when starting or joining an IBSS. If this flag is set, IBSS should not
try to look for other IBSS networks to merge with on different channels.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
The new reassoc_same_bss_optim=1 configuration parameter can now be used
to request wpa_supplicant to bypass the unnecessary Authentication frame
exchange when reassociating back to the same BSS with which the device
is already associated. This functionality is disabled by default since
it may cause undesired interoperability issues with some APs.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new "DUMP" and "SET <variable>" control interface commands can be
used to fetch global wpa_supplicant configuration parameters.
Signed-off-by: Ola Olsson <ola.olsson@sonymobile.com>
This new wpa_supplicant configuration parameter can be used to force
passive scanning to be used for most scanning cases at the cost of
increased latency and less reliably scans. This may be of use for both
testing purposes and somewhat increased privacy due to no Probe Request
frames with fixed MAC address being sent out.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Current mesh code uses ap_max_inactivity as inactivity timer. This patch
makes it configurable.
There is another mesh inactivity timer in mac80211. The timer works even
if user_mpm=1. So this patch sets the max value to the timer for
workaround.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This is similar with domain_suffix_match, but required a full match of
the domain name rather than allowing suffix match (subdomains) or
wildcard certificates.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes it easier for upper layer applications to get information
regarding the server certificate without having to use a special
certificate probing connection. This provides both the SHA256 hash of
the certificate (to be used with ca_cert="hash://server/sha256/<hash>",
if desired) and the full DER encoded X.509 certificate so that upper
layer applications can parse and display the certificate easily or
extract fields from it for purposes like configuring an altsubject_match
or domain_suffix_match.
The old behavior can be configured by adding cert_in_cb=0 to
wpa_supplicant configuration file.
Signed-off-by: Jouni Malinen <j@w1.fi>