Commit graph

4247 commits

Author SHA1 Message Date
Jouni Malinen
3c0daa13d5 Make wpa_config_read_blob() easier for static analyzers
While encoded == NULL could happen in the case of an empty blob, that
will result in encoded_len == 0 and base64_decode() not derefencing the
src argument. That seems to be too difficult for some static analyzers,
so to avoid false warnings, explicitly reject the encoded == NULL case
without even trying to base64 decode it. (CID 164709)

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 21:30:45 +03:00
Jouni Malinen
a0d5c56f8b DPP: Network Introduction protocol for wpa_supplicant
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 21:13:59 +03:00
Jouni Malinen
b979caae57 DPP: Network profile parameters for DPP AKM
Extend wpa_supplicant network profile to include parameters needed for
the DPP AKM: dpp_connector, dpp_netaccesskey, dpp_netaccesskey_expiry,
dpp_csign, dpp_csign_expiry.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 21:13:17 +03:00
Jouni Malinen
567da5bbd0 DPP: Add new AKM
This new AKM is used with DPP when using the signed Connector to derive
a PMK. Since the KCK, KEK, and MIC lengths are variable within a single
AKM, this needs number of additional changes to get the PMK length
delivered to places that need to figure out the lengths of the PTK
components.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 21:13:17 +03:00
Jouni Malinen
9c2b8204e6 DPP: Integration for hostapd
This adds DPP bootstrapping, authentication, and configuration into
hostapd similarly to how the design was integrated in wpa_supplicant.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 21:13:17 +03:00
Jouni Malinen
9beb2892de DPP: Add wpa_cli commands for DPP operations
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 21:13:17 +03:00
Jouni Malinen
461d39af40 DPP: Configuration exchange
This adds support for DPP Configuration Protocol using GAS. Full
generation and processing of the configuration object is not included in
this commit.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 21:13:15 +03:00
Jouni Malinen
30d27b048e DPP: Authentication exchange
Add wpa_supplicant control interface commands for managing DPP
Authentication exchange.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 21:12:30 +03:00
Jouni Malinen
be27e185b7 DPP: Bootstrap information management
Add wpa_supplicant control interface commands for parsing the bootstrap
info URI from a QR Code (get peer public key) and to generate a new
bootstrap info with private key for local use. The optional
key=<hexdump> argument to the DPP_BOOTSTRAP_GEN command can be used to
specify the bootstrapping private key in OpenSSL ECPrivateKey DER
encoding format. This results in the local bootstrapping information
entry being created with the specified key instead of generating a new
random one.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 12:03:30 +03:00
Jouni Malinen
d4d76d9835 Fix offchannel TX done handling for sequence of TX frames
There could be multiple pending TX operations and if the earlier ones
have used wait_time, but the last one did not, the driver call for
canceling pending wait was not done. This could result in the driver
getting stuck waiting for the previously scheduled wait time and not
being able to do new operations until that. Fix this by canceling the
wait if any of the past offchannel_send_action() calls since the last
offchannel_send_action_done() used non-zero wait_time.

This was showing up as issues in certain DPP Public Action frame
sequences when the same offchannel operation is used with multiple
frames and the last frame in the sequence does not need wait_time.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-17 18:04:54 +03:00
Jouni Malinen
005be3daa9 Add JavaScript Object Notation (JSON) parser (RFC7159)
This is needed for DPP configuration attributes/objects.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-17 18:04:51 +03:00
Jouni Malinen
77f273c82c Extend SHA-384 and SHA-512 support to match SHA-256
The additional SHA-384 and SHA-512 functionality is needed to support
DPP with various ECC curves.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-17 18:04:12 +03:00
Jouni Malinen
2c9d924975 P2P: Debug print P2P_FIND rejection reason
This can be helpful in figuring out what happened if P2P_FIND operation
is unexpectedly rejected.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-13 14:50:51 +03:00
Wu Gao
618aa22900 P2P: Fix p2p_in_provisioning clearing in failure case
wpa_s->p2p_in_provisioning needs to be cleared when group formation
fully completes. The change to postpone GO side handling to the first
data connection in commit 41f853235f
('P2P: Extend group formation timeout on GO to first data connection')
resulted in making this not happen in one P2P Client side case: EAP-WSC
timeout in PBC case. While that is quite special case since it requires
30 second timeout without receiving new EAPOL frames and not getting
disassociation, it can apparently happen in some cases in practice. This
would result in new P2P operations (e.g., P2P_FIND) getting rejected
until wpa_supplicant is restarted.

Fix this by clearing wpa_s->p2p_in_provisioning whenever processing a
group formation failure case. For group formation success,
wpa_s->p2p_in_provisioning is left set to non-zero value to avoid
breaking the earlier limits on the GO side.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-13 14:49:36 +03:00
Vidyullatha Kanchanapally
b5db6e5dc4 eap_proxy: Support multiple SIMs in get_imsi()
This allows the eap_proxy mechanism to be used with multiple SIMs by
following the configured sim_num to index which SIM to use for when
fetching the IMSI through eap_proxy.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-06 03:42:32 +03:00
Sunil Dutt
3c2bd55f03 P2P: wpas_p2p_select_go_freq() to check for supported pref_freq
This commit is similar to the commit
783c2920cc ('P2P: Check if the pref_freq
reported by the driver supports P2P') but extends the check for
supported pref_freq to wpas_p2p_select_go_freq().

This avoids issues with P2P_GROUP_ADD ending up selecting an unexpected
channel when get_pref_freq_list() (i.e.,
QCA_NL80211_VENDOR_SUBCMD_GET_PREFERRED_FREQ_LIST) is used. Filter the
list by removing channels that do not allow P2P operation at all.
Previously, only the explicitly disallowed channels were removed and
that could have resulted in selecting an operating channel that is not
allowed for P2P and failing to complete the operation to start the
group.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-05-27 11:41:02 +03:00
Peng Xu
8d968351a0 Interworking: Add NULL checking for EAP name in phase2/autheap parameter
Add NULL checking for EAP name. If it is NULL, do not add the phase2
parameter autheap. This should not happen in practice due to earlier
checks for credential matching, but if there is a code path that would
allow this to be set, it is better to skip setting of the invalid value
and allow automatic selection of the Phase 2 parameters.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-05-26 13:20:52 +03:00
Purushottam Kushwaha
34ee12c559 Do not flush PMKSA on bssid_hint change
Change in any network configuration at runtime will cause flush to
PMKSA cache. For most of the network parameters if there is no change
in value, PMKSA flush is not performed except 'bssid' and 'priority'.

Add 'bssid_hint' to exemption list of avoiding PMKSA flush on change.
This is needed to complete change in commit
43a356b268 ('Provide option to configure
BSSID hint for a network').

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-05-22 13:25:49 +03:00
Vasanthakumar Thiagarajan
aa56e36d66 driver: Make DFS domain information available to core
Current DFS domain information of the driver can be used in ap/dfs
to comply with DFS domain specific requirements like uniform spreading
for ETSI domain.

Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qti.qualcomm.com>
2017-05-13 20:01:44 +03:00
Purushottam Kushwaha
43a356b268 Provide option to configure BSSID hint for a network
This exposes user configurable option to set bssid_hint for a network.
bssid_hint indicates which BSS has been found a suitable candidate for
initial association for drivers that use driver/firmware-based BSS
selection. Unlike the bssid parameter, bssid_hint does not limit the
driver from selecting other BSSs in the ESS.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-05-12 00:20:59 +03:00
Jouni Malinen
95818ec174 Fix compiler warning with CONFIG_IEEE80211R no-CONFIG_FILS build
Addition of remove_ies() handled the CONFIG_IEEE80211R dependency, but
missed the caller being within CONFIG_FILS as well.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-05-09 23:36:36 +03:00
Jaap Keuter
6136394545 Make CONFIG_MACSEC depend on IEEE8021X_EAPOL
When reducing the configuration for MACsec/MKA to the bare minimum, so
no EAP authentication, just MACsec/MKA SA use with preshared key/name,
the EAPOL engine is still needed to run the protocol for MKA. Without
any EAP authentication options the IEEE8021X_EAPOL option is not set,
resulting in a non-working Key Agreement Entity.

Therefore the CONFIG_MACSEC block needs to move up and set the
IEEE8021X_EAPOL option.

Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
2017-05-08 16:28:27 +03:00
Masashi Honma
31a856a127 mesh: Make NL80211_MESHCONF_RSSI_THRESHOLD configurable
In some practical cases, it is useful to suppress joining to node in the
distance. The new field mesh_rssi_threshold could be used as RSSI
threshold for joining.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-05-08 16:23:02 +03:00
Nishant Chaprana
9f49474669 dbus: Add method to disable channel switching with a TDLS peer
This patch adds "TDLSCancelChannelSwitch" dbus method on
"fi.w1.wpa_supplicant1.Interface" interface to disable channel switching
with a TDLS peer.

Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
2017-05-07 22:08:43 +03:00
Nishant Chaprana
2a57b4b821 dbus: Add method to enable channel switching with a TDLS peer
This patch adds "TDLSChannelSwitch" dbus method on
"fi.w1.wpa_supplicant1.Interface" interface to enable channel switching
with a TDLS peer.

Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
2017-05-07 22:08:43 +03:00
Saurav Babu
1939505419 dbus: Add AbortScan method to abort ongoing scan
Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
2017-05-07 22:08:43 +03:00
Jouni Malinen
7d440a3bc4 FILS: Derive FT key hierarchy on supplicant side for FILS+FT
Derive PMK-R0 and the relevant key names when using FILS authentication
for initial FT mobility domain association. Fill in the FT IEs in
(Re)Association Request frame for this.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-05-07 22:08:41 +03:00
Dmitry Shmidt
be1ece46f5 wpa_supplicant: Add GET_CAPABILITY for P2P redirection
It will give capability to check channel list before P2P group is
created.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2017-05-05 00:43:23 +03:00
Vamsi Krishna
35bb8a9a57 Android: Define CONFIG_TESTING_OPTIONS if enabled in config
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-05-05 00:26:06 +03:00
Vamsi Krishna
178553b709 MBO: Add support to set ignore assoc disallow to driver
Add support to set ignore assoc disallow to the driver so that the
driver ignores assoc disallowed bit set by APs while connecting. This is
used by drivers that handle BSS selection and roaming internally.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-05-05 00:26:05 +03:00
Pradeep Reddy Potteti
f2a04874cf MBO: Fix possible NULL pointer dereference on candidate handling
If the driver provides input on MBO transition candidate handling, the
target value in get_mbo_transition_candidate() can be NULL if the driver
provided BSSID is not found in the wpa_supplicant BSS table. And later
it would be dereferenced. Fix this by adding an explicit check before
dereferencing the pointer.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-05-03 18:30:31 +03:00
Jouni Malinen
470f08b4f6 Enable CONFIG_WNM=y automatically for CONFIG_MBO=y builds
wpa_supplicant build with MBO enabled failed in CONFIG_WNM=y was not
specified explicitly. Add the WNM dependency automatically to avoid
needing explicit addition in build configuration.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-05-01 17:39:14 +03:00
Jouni Malinen
8b49b530b3 Fix CONFIG_INTERWORKING=y build without CONFIG_HS20=y
Commit 34f2851902 ('MBO: Parse MBO
ANQP-element on STA') started using the type variable outside
CONFIG_HS20 block, but forgot to remove the ifdef from the variable
declaration.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-05-01 17:39:14 +03:00
Sunil Dutt
0661163eff Do not blacklist the current AP on DISABLE_NETWORK
Disconnection due to DISABLE_NETWORK while being connected was resulting
in the AP getting blacklisted. Avoid this by setting own_disconnect_req
on a disconnect request due to DISABLE_NETWORK similarly to the
SELECT_NETWORK disconnection case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-29 17:46:36 +03:00
Vidyullatha Kanchanapally
da6a28ba60 FILS: Specify if FILS HLP was sent in connect
This adds a string "FILS_HLP_SENT" to connect event when HLP is sent
as part of ASSOC/CONNECT request.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-29 16:35:23 +03:00
Vidyullatha Kanchanapally
a38090b16d FILS: Add HLP to Connect IEs
Add FILS HLP elements to Connect IEs and fragment them if necessary.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-29 16:35:21 +03:00
Vidyullatha Kanchanapally
1e6780bda9 Allocate dynamic memory for connect IEs
This is needed to allow new elements (e.g., FILS HLP request) to be
added.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-29 16:34:48 +03:00
Ashwini Patil
9a72bfe9a4 Add control interface command to enable/disable roaming
The new "SET roaming <0/1>" command can now be used to control
driver-based roaming.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-24 11:10:44 +03:00
Jouni Malinen
183d3924cf WPS: Add option for using random UUID
If the uuid configuration parameter is not set, wpa_supplicant generates
an UUID automatically to allow WPS operations to proceed. This was
previously always using an UUID generated from the MAC address. This
commit adds an option to use a random UUID instead. The type of the
automatically generated UUID is set with the auto_uuid parameter: 0 =
based on MAC address (default; old behavior), 1 = random UUID.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-13 17:38:55 +03:00
Vidyullatha Kanchanapally
bbe7969d63 FILS: Update cache identifier on association
This is needed when offloading FILS shared key to the drivers.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-07 18:59:12 +03:00
Vidyullatha Kanchanapally
f705f41b7f FILS: Update PMKSA cache with FILS shared key offload
Add a new PMKSA cache entry within wpa_supplicant if a driver event from
offloaded FILS shared key authentication indicates a new PMKSA entry was
created.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-07 18:46:13 +03:00
Vidyullatha Kanchanapally
01ef320f19 FILS: Update ERP next sequence number with driver offload
This keeps the internal ERP information within wpa_supplicant in sync
with the driver when offloading FILS shared key authentication.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-07 18:46:13 +03:00
Vidyullatha Kanchanapally
5538fc9309 FILS: Track completion with FILS shared key authentication offload
Update the internal fils_completed state when offloading FILS shared key
authentication to the driver.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-07 18:46:13 +03:00
Vidyullatha Kanchanapally
8b0a6dba87 FILS: Connect request for offloaded FILS shared key authentication
Add FILS/ERP parameters into the driver connect command to support FILS
shared key authentication offload.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-07 18:46:13 +03:00
Vidyullatha Kanchanapally
79f3121bb4 FILS: Set cache identifier in current PMKSA entry for driver-SME case
This was already done in sme_send_authentication() for the case where
wpa_supplicant SME is used. Similar change is needed for driver-SME to
allow FILS authentication to be offloaded to the driver.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-07 18:46:13 +03:00
Vidyullatha Kanchanapally
42e69bda2a FILS: Add support for Cache Identifier in add/remove PMKSA
Add support for setting and deleting PMKSA cache entries based on FILS Cache
Identifer. Also additionally add support for sending PMK as part of
SET_PMKSA to enable driver to derive keys in case of FILS shared key
offload using PMKSA caching.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-07 18:46:13 +03:00
Vidyullatha Kanchanapally
6fbb54140b driver: Move add_pmkid() and remove_pmkid() arguments into a struct
This makes it easier to add more arguments to these wpa_driver_ops
functions.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-07 17:03:35 +03:00
vamsi krishna
199eb3a4e6 FILS: Add support to write FILS key_mgmt values in network blocks
Add support to write FILS related key_mgmt values also while saving a
network block.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-07 16:12:41 +03:00
Jouni Malinen
af3e362fa7 FILS: Add MDE into Authentication frame for FILS+FT
When using FILS for FT initial mobility domain association, add MDE to
the Authentication frame from the STA to indicate this special case for
FILS authentication.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-04-02 13:23:34 +03:00
Jouni Malinen
c10e0ccc9e Hide *PMKSA_ADD parameters from debug log
PMKSA_ADD and MESH_PMKSA_ADD command arguments include keying material,
so show it in debug log only if requested to do with the command line -K
argument.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-04-02 12:37:33 +03:00