Commit graph

5124 commits

Author SHA1 Message Date
Matthew Wang
a2c1bebd43 Improve roaming logic
Currently, wpa_supplicant may roam too aggressively; the need_to_roam()
function will return early with a roaming decision if the difference in
signal level or throughput between the current and selected APs is
"sufficiently large." In particular, if the selected AP's estimated
throughput is more than 5k greater than the current AP's estimated
throughput, wpa_supplicant will decide to roam. Otherwise, if the
selected AP's signal level is less than the current AP's signal level,
or the selected AP's estimated throughput is at least 5k less than the
current AP's estimated throughput, wpa_supplicant will skip the roam.
These decisions are based only on one factor and can lead to poor
roaming choices (e.g., a roam should not happen if the selected AP's
estimated throughput meets the threshold but the current signal and
throughput are already good, whereas a roam should happen if the signal
is slightly worse but the estimated throughput is significantly better).

This change standardizes the roaming heuristic for signal strength
difference requirements and will hopefully improve user experience. The
change can be summarized as follows: based on the current signal level,
a certain roaming difficulty is assigned. Based on the selected AP's
estimated throughput relative to the current AP's estimated throughput,
the difficulty is adjusted up or down. If the difference in signal level
meets the threshold, a roam happens.

The hard-coded values were selected purely based on the previous version
of this function. They may eventually need to be fine-tuned for optimal
performance.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2020-01-01 17:33:51 +02:00
Jouni Malinen
9c8d550b77 Allow roam to lower signal level if throughput benefit is significant
Do not prevent roam to a different BSS based only on the signal level
with the current BSS being higher than with the selected BSS. If the
estimated throughput is significantly higher (> 20%), allow roaming if
the following conditions are met.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-01 17:09:18 +02:00
Jouni Malinen
9fafefb9e5 Skip roaming based on signal level difference if current SNR is good
If the current SNR with the associated BSS is sufficiently good (better
than GREAT_SNR = 25), there is limited benefit from moving to another
BSS even if that BSS were to have a higher signal level. As such, skip
roaming based on the signal level difference between the selected BSS
from scan results and the current BSS for such cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-01 16:56:40 +02:00
Jouni Malinen
f4f7600adf Use signal_poll noise information for roaming, if available
Using average signal strength from the driver and hardcoded noise floor
does not look like an ideal design since there can be significant
differences in the driver-reported noise floor values. Furthermore, even
though the current noise floor is a snapshot from the driver, it is
common for drivers to use a noise floor value from a longer calibration
step and that should not prevent the driver provided value from being
used. This makes the comparisons of the signal strengths between the
current AP (signal_poll) and other APs (scan) more accurate.

As an example, test runs in home environment showed 5 dB difference
between the driver reported noise floor and the hardcoded value and this
could result in significant differences in estimated throughput
calculation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-01 13:38:11 +02:00
Jouni Malinen
f97baef254 Clear SME auth_alg on FLUSH
This avoids a testing failure in the following test case sequence:
ap_ft_r1_key_expiration ap_open_external_assoc

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-01 12:33:57 +02:00
Jouni Malinen
0d1d1f0d21 Clear last Michael MIC error timer on FLUSH
TKIP countermeasures were already terminated on FLUSH, but the timer for
detecting two Michael MIC errors within 60 seconds was left behind. This
resulted in test case failures with following test sequence:
ap_cipher_tkip_countermeasures_sta ap_cipher_tkip_countermeasures_sta2

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-01 12:23:25 +02:00
Matthew Wang
69ccc557d8 wpa_supplicant: Fall back to avg_signal in roaming decision
Some drivers (e.g. Marvell WiFi) don't report avg_beacon_signal, but
it's still useful to poll for the signal again when a roaming decision
needs to be made. Use si.avg_signal when si.avg_beacon_signal is not
available.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2019-12-31 00:23:42 +02:00
Emmanuel Grumbach
7e7b23e229 Update throughput estimate for the current BSS based on signal poll
We saw that on certain platforms in certain places we keep switching
between two APs and eventually get the same RSSI. Debugging showed that
we have a very big difference between the two antennas.

Ant A can hear AP A very well (-60) but AP B very bad (-80)
Ant B can hear AP B very well (-60) but AP A very bad (-80)

When the device associates to AP A, it'll learn to use Ant A. If the
device uses one single antenna to receive the scan results, it may hear
the AP it is currently associated to on the second antenna and get bad
results. Because of that, the wpa_supplicant will roam to the other AP
and the same scenario will repeat itself:

Association to AP A (Ant A reports -60).
Scan on Ant A: AP A: -60, AP B: -80
Scan on Ant B: AP A: -80, AP A: -60 ==> ROAM.

Association to AP B (Ant B reports -60)
Scan on Ant A: AP A: -60, AP B: -80 ==> ROAM

Etc...

Improve this by querying the signal level of the current AP using
drv_signal_poll() instead of relying on the signal level that we get
from the scan results. Also update the throughput estimate based on the
likely more accurate values for the current association.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
2019-12-31 00:21:37 +02:00
Emmanuel Grumbach
ad06ac0b04 Move throughput estimation into a helper function
This is a step towards allowing this functionality to update the scan
result -based values with the values from a signal poll for the current
BSS.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
2019-12-31 00:17:04 +02:00
Emmanuel Grumbach
ef1a45f28a Move scan/roaming related defines to a header file
This is a step towards allowing these values to be used in both scan.c
and events.c.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
2019-12-31 00:04:33 +02:00
Emmanuel Grumbach
98ea9d5d51 Use local variables for current BSS signal strength in roaming
This is a step towards allowing these values to be determined based on
signal poll instead of scan results.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
2019-12-30 23:57:47 +02:00
Alfonso Sánchez-Beato
02c21c02d0 wpa_supplicant: Do not disconnect on deinit if WoWLAN is enabled
Do not disconnect on interface deinit when WoWLAN is enabled, so we can
boot the system with WoWLAN after S5 (poweroff).

Signed-off-by: Alfonso Sanchez-Beato <alfonso.sanchez-beato@canonical.com>
2019-12-30 18:51:06 +02:00
Bilal Hatipoglu
59536a33d8 wpa_cli: WPS-PIN-ACTIVE and WPS-CANCEL events for action scripts
These events were added in commit b1b62a1364 ("WPS: Add WPS-PIN-ACTIVE
and WPS-CANCEL events").

Signed-off-by: Bekir Celik <bekir.celik@airties.com>
Signed-off-by: Bilal Hatipoglu <bilal.hatipoglu@airties.com>
2019-12-30 18:36:57 +02:00
Andrei Otcheretianski
522450b7b1 AP: Determine Short SSID value for the BSS
This can be used in the future to implement support for RNR and scanning
extensions using a shorter field for the SSID.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2019-12-28 22:32:14 +02:00
Felix Fietkau
41b06b065e mesh: Fix race condition in mesh mpm new peer handling
When wpa_supplicant receives another new peer event before the first one
has been processed, it tries to add a station to the driver a second
time (which fails) and then tears down the station entry until another
event comes in.

Fix this by only adding a station to the driver if it didn't exist
already.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-12-28 20:56:03 +02:00
Lubomir Rintel
a383db0646 defconfig: Enable MACsec
Debian and Fedora enable it, NetworkManager uses it.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2019-12-28 18:28:10 +02:00
Jouni Malinen
53661e3a9a Allow debug log to be written to both syslog and file
If hostapd or wpa_supplicant is started with both -s and -f command line
arguments, debug log ended up being written only into syslog and the log
file was left empty. Change this so that the log entries will be written
to both places. Either -s or -f (or both) results in debug log to stdout
being disabled which was already the case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-28 18:28:10 +02:00
Jouni Malinen
68f9f480ef wpa_gui: Silence a compiler warning
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-28 00:17:55 +02:00
Victor Ananyev
eadfeb0e93 wpa_gui: Show entire list of networks
Use LAST_ID of LIST_NETWORKS to load all the network entries iteratively
if there is large enough number of networks to not fit in a single
response.

Signed-off-by: Victor Ananyev <vindex10@gmail.com>
2019-12-28 00:16:38 +02:00
Victor Ananyev
a3b59fa111 wpa_cli: Let LAST_ID argument to be used for LIST_NETWORKS
This allows starting point of the network list to be specified so that
the potentially long response can be fragmented into multiple fetch
operations.

Signed-off-by: Victor Ananyev <vindex10@gmail.com>
2019-12-27 23:56:02 +02:00
Sergey Matyukevich
078217a2d7 STA OBSS: Update secondary channel info after CSA
Field wpa_s->sme.ht_sec_chan keeps secondary channel for the 40 MHz
band. This field is used to prepare a list of channels for the STA OBSS
scan. Initially, the secondary channel is set to HT_SEC_CHAN_UNKNOWN.
Later on, in function wpa_obss_scan_freq_list() it is obtained from the
current BSS HT operation IE. However, the secondary channel information
is not updated after channel switch, which may lead to an incorrect list
of channels prepared for the STA OBSS scan.

Update ht_sec_chan according to the channel switch event data to fix
this.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
2019-12-27 21:04:57 +02:00
Sergey Matyukevich
3204795d7a STA OBSS: Add check for overlapping BSSs
In the previous implementation connected STA performs OBSS scan
according to requests from its 20/40 MHz AP. However STA checks only 40
MHz intolerance subfield from HT Capabilities element in scan results.
Meanwhile, as per IEEE Std 802.11-2016, 11.16.12, STA should check
overlapping BSSs as well.

Note that all the required code to check overlapping BSSs did already
exist for AP mode since AP does those checks properly before operating
as 20/40 MHz BSS in the 2.4 GHz band. Use that existing code by replace
existing 40 MHz intolerance check in sme_proc_obss_scan() with the new
shared helper function check_bss_coex_40mhz().

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
2019-12-26 11:41:01 +02:00
Ben Greear
bf3ab50f4f Change some RRM debug messages from wpa_printf() to wpa_dbg()
This gives us the network device name in logging messages, which can be
helpful when having one wpa_supplicant process handle multiple devices.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2019-12-26 09:41:58 +02:00
Jouni Malinen
9b391715cb mesh: Allow group management cipher to be configured
This allows BIP-GMAC-128, BIP-GMAC-256, or BIP-CMAC-256 to be used
instead of the previously hardcoded AES-128-CMAC as the group management
cipher when using mesh with PMF. For now, this can be configured by
setting a single group_mgmt value in the network block and doing that
consistently through all the STAs in the mesh.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-25 23:43:35 +02:00
Jouni Malinen
65d0b67c22 mesh: Increase plink action frame AMPY buffer length for max GTK/IGTK
The previous calculation of the buffer length did not take into account
the possibility of 32-octet GTK and IGTK values and it was also missing
something to cover the 16 octet keys that are supported now. Other
buffer elements were likely sufficient to cover all these cases, but
anyway, it is better to allocate sufficient size specifically for AMPE
to avoid issues in the future.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-25 23:35:40 +02:00
Bilal Hatipoglu
b1b62a1364 WPS: Add WPS-PIN-ACTIVE and WPS-CANCEL events
WPS_EVENT_CANCEL is added to indicate cancellation of a WPS operation
for any reason in hostapd/wpa_supplicant.

WPS_EVENT_PIN_ACTIVE is added to indicate when a PIN operation is
triggered in wpa_supplicant.

Signed-off-by: Veli Demirel <veli.demirel@airties.com>
Signed-off-by: Bilal Hatipoglu <bilal.hatipoglu@airties.com>
2019-12-25 20:58:52 +02:00
Bilal Hatipoglu
0b1839405e Add "reconnect" cmdline argument to hostapd_cli/wpa_cli
When the newly added "-r" parameter is used, both clis will try to
reconnect forever on connection lost until signalled (ctrl+c) or
terminated. This is useful only when used with -a to take action to
retrieve events or get status and the cli process stays even if
hostapd/wpa_supplicant daemons restart for some reason (e.g.,
configuration change).

Signed-off-by: Veli Demirel <veli.demirel@airties.com>
Signed-off-by: Bilal Hatipoglu <bilal.hatipoglu@airties.com>
2019-12-25 20:54:44 +02:00
Jouni Malinen
4318a635a9 DBus: Update dont_quote[] with new network profile parameters
This array had not been updated for years (since it was initially added)
and it was missing new network profile parameters that were not quoted
strings (but also not integers that could be set as integer types). Add
those missing non-quoted-strings to allow them to be set through the
DBus interface.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-25 12:45:44 +02:00
Jouni Malinen
26a00ba8bd DBus: Remove not existing network profile params from dont_quote[]
These parameters are global parameters, not network profile parameters,
and as such, do not below in dont_quote[] which is used to determine
whether a network profile parameter needs to be quoted.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-25 12:26:33 +02:00
Matthew Wang
23d87687c2 dbus: Move roam metrics to the correct interface
These properties were in the wpas_dbus_bss_properties array when they
should have been in the wpas_dbus_interface_properties array. Move them
to the right place. This is the logical location for these properties
and it matches both the other parts of the implementation (e.g., being
in enum wpas_dbus_prop, not in enum wpas_dbus_bss_prop) and what
was originally documented for the interface in dbus.doxygen.

Fixes: 2bbad1c7c9 ("dbus: Export roam time, roam complete, and session length")
Fixes: 80d06d0ca9 ("dbus: Export BSS Transition Management status")
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2019-12-24 21:16:23 +02:00
Sam Tygier
32289112c4 wpa_passphrase: Output errors to stderr
The stdout of wpa_passphrase is often piped directly into the
wpa_supplicant config file. In case of errors these will be written to
the file and possibly not noticed by the user.

Use fprintf to print errors to stderr.

Signed-off-by: Sam Tygier <samtygier@yahoo.co.uk>
2019-12-24 11:14:27 +02:00
Jouni Malinen
efaa6256e2 More detailed documentation on ieee80211w configuration parameter
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-23 10:48:09 +02:00
Alexander Wetzel
84877f253d wpa_supplicant: Do not try to detect PSK mismatch during PTK rekeying
When a PTK rekey fails it can't be caused by a PSK mismatch. Report a
possible PSK mismatch only during the initial 4-way handshake to avoid
incorrect reports.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2019-12-21 17:10:17 +02:00
Jouni Malinen
9be30ffc13 DPP: Abort ongoing scan if connection status needs to be sent
Ongoing scan could prevent the station Enrollee from sending out DPP
connection status after the 15 second timeout and that would result in
the Configurator timing out on the wait for the status report. Abort any
ongoing scan, if needed, to avoid this.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-20 16:51:59 +02:00
Vamsi Krishna
3f3876344e SAE: Enable NEED_DH_GROUPS_ALL for CONFIG_TESTING_OPTIONS=y builds
Enable all DH FFC groups for SAE in wpa_supplicant testing builds. These
are needed to allow more testing coverage for AP functionality.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-20 16:27:19 +02:00
Ankita Bajaj
5f9b4afdfa Use frequency in HT/VHT validation steps done before starting AP
Using the channel parameter for validating allowed channel combinations
is not scalable to add 6 GHz support in the future since channel numbers
are duplicated between 2.4 GHz / 5 GHz bands and 6 GHz band. Hence use
frequency field for all channel combination validation steps done before
starting AP.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-20 13:05:39 +02:00
Ahmad Masri
996662250d P2P: Add support for EDMG channels
This allows a P2P connection over P802.11ay EDMG channels to achieve the
highest link speed that the standard allows for channel bonding (CB) up
to CB4.

Let each P2P peer add its EDMG channels to the Supported Channels IE
advertised in P2P GO negotiation. Give EDMG channels priority when peers
negotiate for operating channel.

User may add 'edmg' parameter to p2p_connect, p2p_add_group, and
p2p_invite commands to prefer an EDMG channel for the P2P link. User may
also set p2p_go_edmg=1 in wpa_supplicant configuration file to prefer
EDMG.

When EDMG is used, P2P will try to find the highest channel bonding
supported channel that matches the frequency parameter, if the devices
do not support EDMG, the P2P connection will use a legacy (1-6) 60 GHz
channel.

Signed-off-by: Ahmad Masri <amasri@codeaurora.org>
2019-12-20 00:13:08 +02:00
Jouni Malinen
e3c476bd8c SAE H2E: Fix RSNXE override in EAPOL-Key msg 2/4 for testing purposes
The previous implementation missed the case where EAPOL-Key frame may be
reported as having been received before the association event is
processed. This would have resulted in not using the RSNXE override for
EAPOL-Key msg 2/4 when the pending EAPOL-Key frame gets processed
immediately after processing the association event. Fix this by moving
the override case to be handled before that.

Fixes: 1325655397 ("SAE H2E: RSNXE override for testing purposes")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-13 03:08:27 +02:00
Jouni Malinen
5661ebd774 DPP: Configurator netRole for Enrollee
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-12 02:33:00 +02:00
Jouni Malinen
7404574458 DPP: Replace ap boolean with netRole enum in Configurator params
The netRole enum is more generic and can be extended to include new
roles (e.g., Configurator) more easily.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-12 02:33:00 +02:00
Jouni Malinen
1325655397 SAE H2E: RSNXE override for testing purposes
"SET rsnxe_override_{assoc,eapol} <hexdump>" can now be used to override
RSNXE in (Re)Association Request frames and EAPOL-Key msg 2/4 for
testing purposes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-07 12:54:54 +02:00
Jouni Malinen
c88e01e1b6 SAE H2E: Fix validation of rejected groups list
check_sae_rejected_groups() returns 1, not -1, in case an enabled group
is rejected. The previous check for < 0 could not have ever triggered.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-07 00:28:13 +02:00
Jouni Malinen
b834e97003 SAE H2E: Testing option to report extra rejected groups
"SET extra_sae_rejected_groups <groups>" can now be used to enable test
mode in which wpa_supplicant will report additional groups (configured
as space separated integers) when using SAE H2E.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-07 00:26:13 +02:00
Jouni Malinen
405946d76a SAE: Testing option to ignore H2E requirement mismatch
"SET ignore_sae_h2e_only 1" can now be used to configurate
wpa_supplicant to a test mode where it ignores AP's H2E-required
advertisement and try to connect with hunt-and-pecking loop instead.
This is used only for testing AP behavior with unexpected STA behavior.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-06 17:13:59 +02:00
Jouni Malinen
e780b4bf20 DPP: Bootstrapping via NFC URI Record
This extends hostapd and wpa_supplicant DPP implementation to allow the
bootstrapping URI to be generated for and parsed from an NFC Tag with an
NFC URI Record. This is similar to the way the bootstrapping URI is used
with QR Code for unidirectional authentication.

The DPP_BOOTSTRAP_GEN command uses "type=nfc-uri" to request the URI to
be assigned for NFC URI Record. In practice, the URI is generated
identically to the QR Code case, but the internal entry maintains the
NFC-URI type.

A new command "DPP_NFC_URI <uri>" can now be used to parse the URI read
from an NFC Tag with the NFC URI Record. This is similar to the
DPP_QR_CODE command.

Other commands (mainly, DPP_LISTEN and DPP_AUTH_INIT) are used for NFC
URI in the same way as they are used for QR Code.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-05 12:37:51 +02:00
Jouni Malinen
181bf93363 DPP2: Report received ssid_charset as DPP-CONFOBJ-SSID-CHARSET event
This provides the SSID character set, if specified, to upper layers on
station Enrollee.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-11-28 16:39:09 +02:00
Jouni Malinen
8e5e36a184 Clean up base64_{encode,decode} pointer types
Allow any pointer to be used as source for encoding and use char * as
the return value from encoding and input value for decoding to reduce
number of type casts needed in the callers.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-11-28 16:39:09 +02:00
Purushottam Kushwaha
783a99b73d HS2.0: Skip check for roaming_consortium for NAI realm query
Previously ANQP fetch considered NAI realm query only when cred block
did not specify roaming_consortium to optimize ANQP operations (NAI
realm list can have a very long value). In certain cases, both NAI realm
and roaming_consortium are configured in credential block and this
resulted in ANQP fetch for NAI realm not being initiated. That could
result in not being able to select the highest priority available
credential/network.

Remove roaming_consortium check for NAI realm query inclusion in ANQP
request so that we will request NAI realm information whenever it can
result in matching additional networks. This makes the ANQP queries more
costly in some cases, but the additional information is needed for
correct behavior in network selection.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-11-17 21:04:38 +02:00
Eric Caruso
9fde146070 Allow scans triggered by D-Bus to use MAC address randomization
wpas_dbus_handler_scan() constructs a set of 'params' each time, but it
doesn't acknowledge the existing randomization settings when doing so.
That means that any D-Bus initiated scans weren't going to follow the
configured settings.

Signed-off-by: Eric Caruso <ejcaruso@chromium.org>
2019-10-27 19:50:22 +02:00
Eric Caruso
10f8351d6e D-Bus: Add MAC address randomization endpoints
Add D-Bus property:
* MACAddressRandomizationMask: a{say}

which configure random MAC address functionality in the Wi-Fi
driver via netlink.

Signed-off-by: Eric Caruso <ejcaruso@chromium.org>
2019-10-27 19:50:22 +02:00
Eric Caruso
bb66d46758 Move ownership of MAC address randomization mask to scan params
This array can be freed either from the scan parameters or from
clearing the MAC address randomization parameters from the
wpa_supplicant struct. To make this ownership more clear, we have
each struct own its own copy of the parameters.

Signed-off-by: Eric Caruso <ejcaruso@chromium.org>
2019-10-27 19:50:22 +02:00
Jouni Malinen
6c2f70cc6a DPP: Mention ssid and pass parameters for DPP_AUTH_INIT in documentation
These parameter use hexdump values over the control interface, so
mention them in the DPP example documentation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-10-27 19:50:22 +02:00
Beniamino Galvani
7800725afb dbus: Export OWE capability and OWE BSS key_mgmt
Export a new 'owe' capability to indicate that wpa_supplicant was
built with OWE support and accepts 'key_mgmt=OWE'. Also, support 'owe'
in the array of BSS' available key managements.

Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
2019-10-27 15:44:34 +02:00
Davide Caratti
b2ad4e6b24 D-Bus: Fix P2P NULL dereference after interface removal
When the P2P management interface is deleted, P2P is then disabled and
global->p2p_init_wpa_s is set to NULL. After that, other interfaces can
still trigger P2P functions (like wpas_p2p_find()) using D-Bus. This
makes wpa_supplicant terminate with SIGSEGV, because it dereferences a
NULL pointer. Fix this by adding proper checks, like it's done with
wpa_cli.

CC: Beniamino Galvani <bgalvani@redhat.com>
CC: Benjamin Berg <benjamin@sipsolutions.net>
Reported-by: Vladimir Benes <vbenes@redhat.com>
Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
2019-10-27 15:40:15 +02:00
Jouni Malinen
1b5865a53f SAE: Ignore commit message when waiting for confirm in STA mode
Previously, an unexpected SAE commit message resulted in forcing
disconnection. While that allowed recovery by starting from scratch,
this is not really necessary. Ignore such unexpected SAE commit message
instead and allow SAE confirm message to be processed after this. This
is somewhat more robust way of handling the cases where SAE commit
message might be retransmitted either in STA->AP or AP->STA direction.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-10-27 14:35:04 +02:00
Jouni Malinen
50a2c8c906 Do not indicate possible PSK failure when using SAE
wpa_key_mgmt_wpa_psk() includes SAE AKMs. However, with SAE, there is no
way of reaching 4-way handshake without the password having already been
verified as part of SAE authentication. As such, a failure to complete
4-way handshake with SAE cannot indicate that the used password was
incorrect.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-10-27 12:54:40 +02:00
Jesus Fernandez Manzano
305369038b wpa_supplicant: Fix arithmetic on void pointer
When using void pointers in calculations, the behavior is undefined.
Arithmetic operations on 'void *' is a GNU C extension,
which defines the 'sizeof(void)' to be 1.

This change improves portability of the code.

Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.net>
2019-10-25 19:29:53 +03:00
Masashi Honma
b38c8c9cb2 dbus: Suppress to show NULL string
wpa_s->dbus_groupobj_path is always NULL so suppress to show it.
This was found by gcc 9.2.1 warning.

dbus/dbus_new.c: In function ‘wpas_dbus_unregister_p2p_group’:
dbus/dbus_new.c:4793:3: warning: ‘%s’ directive argument is null [-Wformat-overflow=]
 4793 |   wpa_printf(MSG_DEBUG,
      |   ^~~~~~~~~~~~~~~~~~~~~
 4794 |       "%s: Group object '%s' already unregistered",
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 4795 |       __func__, wpa_s->dbus_groupobj_path);
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-10-25 16:03:37 +03:00
Masashi Honma
6807eee9ca Interworking: Check NULL string to avoid compiler warning
Fix warning by gcc 9.2.1.

interworking.c: In function ‘interworking_home_sp_cred’:
interworking.c:2263:3: warning: ‘%s’ directive argument is null [-Wformat-overflow=]
 2263 |   wpa_msg(wpa_s, MSG_DEBUG,
      |   ^~~~~~~~~~~~~~~~~~~~~~~~~
 2264 |    "Interworking: Search for match with SIM/USIM domain %s",
      |    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 2265 |    realm);
      |    ~~~~~~

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-10-25 16:03:37 +03:00
Phil Wise
ec1c0d1548 Fix name of DBus interface in defconfig
Signed-off-by: Phil Wise <phil@phil-wise.com>
2019-10-25 16:03:37 +03:00
Jouni Malinen
d3516cad7a Store a copy of Association Request RSNXE in AP mode for later use
This is needed to be able to compare the received RSNXE to a protected
version in EAPOL-Key msg 2/4.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-18 00:20:29 +03:00
Jouni Malinen
6d6c887751 SAE: Add RSNXE in Association Request and EAPOL-Key msg 2/4
Add the new RSNXE into (Re)Association Request frames and EAPOL-Key msg
2/4 when using SAE with hash-to-element mechanism enabled. This allows
the AP to verify that there was no downgrade attack when both PWE
derivation mechanisms are enabled.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-17 16:54:05 +03:00
Dedy Lansky
cdb5774f42 FST: Update FST about MAC address change
Notify FST module upon MAC address change. FST module will update the
Multiband IE accordingly.

Signed-off-by: Dedy Lansky <dlansky@codeaurora.org>
2019-10-15 15:39:22 +03:00
Jouni Malinen
89450024a8 wpa_supplicant: Pass in operating class for channel validity checks
This is needed to allow the 6 GHz operating classes to be compared
against the driver support channels since the channel numbers are not
really unique identifiers of a channel even within a single band.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-15 15:39:22 +03:00
Jouni Malinen
444d76f74f SAE: Check that peer's rejected groups are not enabled
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-15 15:39:22 +03:00
Jouni Malinen
cfe1ea5c9c SAE: H2E version of SAE commit message handling for STA
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-15 15:39:22 +03:00
Jouni Malinen
447cd5f2df SAE: Collect list of rejected groups for H2E in STA
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-15 15:39:22 +03:00
Jouni Malinen
05a2fb0d11 SAE: Derive H2E PT in STA before connection
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-15 15:39:22 +03:00
Jouni Malinen
146889e3ca RSN: Verify RSNXE match between Beacon/ProbeResp and EAPOL-Key msg 3/4
If the AP advertises RSN Extension element, it has to be advertised
consistently in the unprotected (Beacon and Probe Response) and
protected (EAPOL-Key msg 3/4) frames. Verify that this is the case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-15 15:39:22 +03:00
Jouni Malinen
293a01f3b3 SAE: Handle BSS membership selector indication for H2E-only in STA mode
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-15 15:39:22 +03:00
Jouni Malinen
85e64e634d SAE: Add sae_pwe configuration parameter for wpa_supplicant
This parameter can be used to specify which PWE derivation mechanism(s)
is enabled. This commit is only introducing the new parameter; actual
use of it will be address in separate commits.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-15 15:39:22 +03:00
Jouni Malinen
86f6084862 SAE: Tell sae_parse_commit() whether H2E is used
This will be needed to help parsing the received SAE commit.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-14 19:38:41 +03:00
Jouni Malinen
d6a7de60c8 wpa_cli: Clean up unnecessarily complex CONFIG_MESH use
There is no need for #ifdef/#else/#endif construction in
network_fields[] to cover "mode" (which is completely independent of
CONFIG_MESH) or two separate conditional blocks for mesh related network
fields, so move these into a single conditionally included block.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-07 17:20:41 +03:00
Alexei Avshalom Lazar
8b426ab1e7 wpa_supplicant: Pass AP mode EDMG config to hostapd struct
Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
2019-10-07 17:20:41 +03:00
Alexei Avshalom Lazar
a82aee1f40 wpa_supplicant: Add support for EDMG channels
As part of a connection request, set EDMG parameters for the driver to
use in the association. The EDMG parameters are based on EDMG IE
received from the AP's Probe Response frames, the driver's EDMG
capability, and the EDMG configuration from the configuration.

As part of starting an AP, set EDMG parameters for the driver to use for
AP operation. The EDMG parameters are based on the driver's EDMG
capability and the EDMG configuration from the configuration.

This implementation is limited to CB2 (channel bonding of 2 channels)
and the bonded channels must be adjacent, i.e., the supported values for
edmg_channel are 9..13.

Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
2019-10-07 17:20:41 +03:00
Alexei Avshalom Lazar
35aed771f9 Indicate EDMG in scan results
Add [EDMG] flag to scan results.

Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
2019-10-07 17:20:41 +03:00
Alexei Avshalom Lazar
bebd91e9c4 Add EDMG parameters to set_freq functions
This updates the frequency parameter setting functions to include
argument for EDMG.

Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
2019-10-07 16:59:23 +03:00
Alexei Avshalom Lazar
e8ff22f471 wpa_supplicant: Add EDMG channel configuration parameters
Add two new configuration parameters for wpa_supplicant:
enable_edmg: Enable EDMG capability for STA/AP mode
edmg_channel: Configure channel bonding. In AP mode it defines the EDMG
channel to start the AP on. In STA mode it defines the EDMG channel to
use for connection.

Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
2019-10-07 16:50:06 +03:00
Ankita Bajaj
c349174035 MBO/OCE: Update disable_mbo_oce flag after association
After roaming to an AP, update disable_mbo_oce flag based on the current
BSS capabilities. This flag is used to check whether STA should support
MBO/OCE features and process BTM request received from the current
connected AP.

When a STA roams from a WPA2 MBO/OCE AP with PMF enabled to a
misbehaving WPA2 MBO/OCE AP without PMF, or if the driver chooses a BSS
in which PMF is not enabled for the initial connection, BTM requests
from such APs should not be processed by STA.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-01 16:45:15 +03:00
Jouni Malinen
52d469de11 DPP2: Support multiple Config Objects in Enrollee
Process all received DPP Configuration Object attributes from
Configuration Result in Enrollee STA case. If wpa_supplicant is
configured to add networks automatically, this results in one network
being added for each included Configuration Object.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-01 14:21:51 +03:00
Jouni Malinen
d0a4ed6a1b Allow SAE to be used in wpa_supplicant AP mode
SAE password configuration for AP mode requires additional steps
compared to PSK cases. Previous implementation allowed SAE to be
configured, but all authentication attempts would fail due to no
password being available. Now both psk and sae_password/sae_password_id
parameters are translated properly to the hostapd configuration
structures to fix this.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-21 16:30:35 +03:00
Roy Marples
7846e8d608 NetBSD: Fix compile
On NetBSD the ethernet header is net/if_ether.h

This also pulls in net/if.h which defines if_type, which in turn
conflicts with an enum in wpa_supplicant. As such we need to
include this at the bottom rather than at the top.

Signed-off-by: Roy Marples <roy@marples.name>
2019-09-21 13:38:32 +03:00
Vamsi Krishna
2e06cef80a MBO/OCE: Work around misbehaving MBO/OCE APs that use RSN without PMF
The MBO and OCE specification require the station to mandate use of PMF
when connecting to an MBO/OCE AP that uses WPA2. The earlier
implementation prevented such misbehaving APs from being selected for
connection completely. This looks like the safest approach to take, but
unfortunately, there are deployed APs that are not compliant with the
MBO/OCE requirements and this strict interpretation of the station
requirements results in interoperability issues by preventing the
association completely.

Relax the approach by allowing noncompliant MBO/OCE APs to be selected
for RSN connection without PMF to avoid the main impact of this
interoperability issue. However, disable MBO/OCE functionality when PMF
cannot be negotiated to try to be as compliant as practical with the
MBO/OCE tech spec requirements (i.e., stop being an MBO/OCE STA for the
duration of such workaround association). Also disable support for BTM
in this workaround state since MBO would expect all BTM frames to be
protected.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-21 00:58:33 +03:00
Jouni Malinen
8f8c423a51 DPP: Add bandSupport JSON array into config request
Indicate supported global operating classes when wpa_supplicant is
operating as an Enrollee.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-19 00:21:47 +03:00
Jouni Malinen
5a5639b068 DPP: Allow name and mudurl to be configured for Config Request
The new hostapd and wpa_supplicant configuration parameters dpp_name and
dpp_mud_url can now be used to set a specific name and MUD URL for the
Enrollee to use in the Configuration Request. dpp_name replaces the
previously hardcoded "Test" string (which is still the default if an
explicit configuration entry is not included). dpp_mud_url can
optionally be used to add a MUD URL to describe the Enrollee device.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-19 00:21:47 +03:00
Jouni Malinen
16ef233bf1 DPP2: Connection status result (Enrollee)
Add support for reporting connection status after provisioning if the
Configurator requests this.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-16 17:25:34 +03:00
Jouni Malinen
b10e01a795 DPP2: Connection status result (Configurator)
A new argument to the DPP_AUTH_INIT command (conn_status=1) can now be
used to set Configurator to request a station Enrollee to report
connection result after a successfully completed provisioning step. If
the peer supports this, the DPP-CONF-SENT event indicates this with a
new argument (wait_conn_status=1) and the Configurator remains waiting
for the connection result for up to 16 seconds.

Once the Enrollee reports the result, a new DPP-CONN-STATUS-RESULT event
is generated with arguments result, ssid, and channel_list indicating
what the Enrollee reported. result=0 means success while non-zero codes
are for various error cases as specified in the DPP tech spec. If no
report is received from the Enrollee, the event with "timeout" argument
is generated locally.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-16 17:13:46 +03:00
Sujay Patwardhan
21dc1627f6 wpa_supplicant: Don't return an error when successfully parsing WMM rules
The config file parser previously would fall through into an error if
CONFIG_AP is defined and it hit a wmm_ac_* rule with a valid value. Add
a return to prevent incorrectly printing an error message and returning
a non-zero exit code.

Signed-off-by: Sujay Patwardhan <sujay@eero.com>
2019-09-13 16:35:16 +03:00
Hu Wang
8214b45ba0 P2P: Use latest BSS entry if multiple P2P Device Addr matches found
If an AP (P2P GO) has changed its operating channel or SSID recently,
the BSS table may have multiple entries for the same BSSID.

Commit 702621e6dd ('WPS: Use latest updated BSS entry if multiple
BSSID matches found') fetches latest updated BSS entry based on
BSSID. Do the same when fetching an entry based on the P2P Device
Address.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-13 16:22:05 +03:00
Alexei Avshalom Lazar
dc6c3be4e2 wpa_supplicant: Add support for 60 GHz band channels 5 and 6
The previous support in the 60 GHz band was for channels 1-4.
Add support for channels 5 and 6.

Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
2019-09-13 16:14:17 +03:00
Mikael Kanstrup
8788a314d7 WPS: Update MAC address on address changes
The WPS component keeps a copy of the network interface MAC address.
When MAC address is changed the WPS copy was not updated so WPS M1
message contained the old address. Some devices check this field
and fail connection attempts.

Update the WPS MAC address on interface MAC address changes.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sony.com>
2019-09-09 16:49:34 +03:00
Jouni Malinen
a69742c2f8 wpa_cli: Do not pick p2p-dev-* interfaces by default
These are the driver-specific interface for the non-netdev P2P Device
interface and not something that useful for most use cases. Skip them to
allow the main netdev (e.g., wlan0 over p2p-dev-wlan0) to be selected.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-09 16:37:46 +03:00
Ankita Bajaj
a8bfc6fff2 FILS: Update connect params after sending connection notification
Update connect params will update auth_alg and fils_hlp_req in
wpa_supplicant structure before calling function
wpas_notify_state_changed(). This could have resulted in triggering
inconsistent state change events and messages in the Android framework.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-08 17:50:23 +03:00
Jouni Malinen
1eff2e7bf1 DPP2: Fix wpa_supplicant build dependencies for CONFIG_AP=y build
Fix CONFIG_DPP2=y with CONFIG_AP=y build for cases where the needed
dependencies were not pulled in by other optional build parameters.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-09-08 17:44:07 +03:00
Jouni Malinen
d2bae5763d DPP: Fix wpa_supplicant build dependencies for DPP-only build
Fix CONFIG_DPP=y build for cases where the needed dependencies were not
pulled in by other optional build parameters.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-09-08 17:39:43 +03:00
Jouni Malinen
7d2ed8bae8 Remove CONFIG_IEEE80211W build parameter
Hardcode this to be defined and remove the separate build options for
PMF since this functionality is needed with large number of newer
protocol extensions and is also something that should be enabled in all
WPA2/WPA3 networks.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-09-08 17:33:40 +03:00
Jouni Malinen
6816182461 EAP-TEAP peer: Add support for machine credentials using certificates
This allows EAP-TLS to be used within an EAP-TEAP tunnel when there is
an explicit request for machine credentials. The network profile
parameters are otherwise same as the Phase 1 parameters, but each one
uses a "machine_" prefix for the parameter name.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-09-01 17:19:43 +03:00
Jouni Malinen
ebee8232d3 Do not try to include net/ethernet.h in MinGW/Windows builds
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-09-01 17:19:43 +03:00
Jouni Malinen
bf15b15598 Fix Windows error code definition workaround
ENOTCONN, EOPNOTSUPP, and ECANCELED are defined in a newer version of
MinGW, so make this workaround conditional on what is defined in the
header files.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-09-01 17:19:43 +03:00
Jouni Malinen
043de65f1c EAP peer config: Move ocsp param to phase1/phase2
OCSP configuration is applicable to each instance of TLS-based
authentication and as such, the configuration might need to be different
for Phase 1 and Phase 2. Move ocsp into struct eap_peer_cert_config and
add a separate ocsp2 network profile parameter to set this for Phase 2.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-09-01 17:19:35 +03:00
Jouni Malinen
b99c4cadb7 EAP peer: Move certificate configuration params into shared struct
These parameters for certificate authentication are identical for the
Phase 1 (EAP-TLS alone) and Phase 2 (EAP-TLS inside a TLS tunnel).
Furthermore, yet another copy would be needed to support separate
machine credential in Phase 2. Clean this up by moving the shared
parameters into a separate data struct that can then be used for each
need without having to define separate struct members for each use.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-09-01 17:19:31 +03:00
Sven Eckelmann
6e711e7ab3 mesh: Do not enable HE on 5 GHz without VHT
The commit ad9a1bfe78 ("nl80211: Share VHT channel configuration for
HE") always enforced that VHT is enabled when HE was enabled. This broke
the mesh functionality on 2.4 GHz with HE because ibss_mesh_setup_freq()
isn't setting up the VHT parameters for 2.4 GHz.

This problem was resolved for 2.4 GHz by commit df4f959988 ("nl80211:
Don't force VHT channel definition with HE"), but it is still possible
to disable VHT during the mesh/IBSS freq setup on 5 GHz - which would
result in the same problem as seen on 2.4 GHz.

The code enabling HE for IBSS/mesh must now make sure that it doesn't
enable HE when VHT could be enforced by the nl80211 driver code but
disabled by the user.

Fixes: 3459c54ac7 ("mesh: Add support for HE mode")
Signed-off-by: Sven Eckelmann <seckelmann@datto.com>
2019-08-30 16:02:23 +03:00
Jouni Malinen
c724a0a16c EAP peer: Add a concept of a separate machine credential
This is an initial step in adding support for configuring separate user
and machine credentials. The new wpa_supplicant network profile
parameters machine_identity and machine_password are similar to the
existing identity and password, but explicitly assigned for the purpose
of machine authentication.

This commit alone does not change actual EAP peer method behavior as
separate commits are needed to determine when there is an explicit
request for machine authentication. Furthermore, this is only addressing
the username/password credential type, i.e., additional changes
following this design approach will be needed for certificate
credentials.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-20 13:24:14 +03:00
Jouni Malinen
52069c7eff Add TLS-PRF using HMAC with P_SHA384 for TEAP
This version of TLS PRF is needed when using TEAP with TLS ciphersuites
that are defined to use SHA384 instead of SHA256.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-16 21:16:37 +03:00
Jouni Malinen
a647a0ad75 Extend server certificate TOD policy reporting to include TOD-TOFU
The previously used single TOD policy was split into two policies:
TOD-STRICT and TOD-TOFU. Report these separately in the
CTRL-EVENT-EAP-PEER-CERT events (tod=1 for TOD-STRICT and tod=2 for
TOD-TOFU).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-16 16:40:31 +03:00
Sunil Dutt
346d10cf82 SAE: Conditionally set PMKID while notifying the external auth status
This is needed for the drivers implementing SME to include the PMKID in
the Association Request frame directly following SAE authentication.

This commit extends the commit d2b2083843 ("SAE: Allow PMKID to be
added into Association Request frame following SAE") for drivers with
internal SME that use the external authentication mechanism.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-16 15:37:36 +03:00
Sunil Dutt
b7cd64876d SAE: Use BSSID stored in ext_auth_bssid for set_pmk
pending_bssid is cleared in the connected state and thus is not valid if
SAE authentication is done to a new BSSID when in the connected state.
Hence use the BSSID from ext_auth_bssid while configuring the PMK for
the external authentication case. This is required for roaming to a new
BSSID with driver-based-SME while the SAE processing happens with
wpa_supplicant.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-16 15:32:55 +03:00
Sunil Dutt
e0b331d896 OWE: Update connect params with new DH attributes to the driver
A new DH public key is sent through this interface to the driver after
every successful connection/roam to a BSS. This helps to do OWE roaming
to a new BSS with drivers that implement SME/MLME operations during
roaming.

This updated DH IEs are added in the subsequent (Re)Association Request
frame sent by the station when roaming. The DH IE from the roamed AP is
given to wpa_supplicant in the roam result event. wpa_supplicant shall
further process these DH IEs to generate the PMK for the 4-way
handshake.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-16 15:31:10 +03:00
Jouni Malinen
ae05b6a215 RSN: Do not allow connection to proceed without MFPC=1 if PMF required
PMF capability check is done as part of BSS selection routines, but
those are not used when going through the enforced roaming operation
("ROAM <BSSID>" control interface command). While that mechanism is
mainly for testing purposes, extend it to do the same check for PMF to
prevent cases where forced roaming could end up disabling PMF against
the local profile requirement.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-16 13:48:16 +03:00
Ankita Bajaj
0028d627c8 OCE: Mandate PMF for WPA2 association with OCE AP
An OCE AP with WPA2 enabled shall require PMF negotiation when
associating with an OCE STA. An OCE STA-CFON may negotiate PMF with a
STA when it is operating as an AP. Don't select an OCE AP for connection
if PMF is not enabled.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-15 19:06:53 +03:00
Purushottam Kushwaha
84ebc759a0 HS 2.0: Match credentials based on required_roaming_consortium
When required_roaming_consortium is set in a credential, station
should match this against Roaming Consortium(s) for a BSS similar
to how it is matching for roaming_consortiums during Interworking
credentials availability check for roaming_consortium.

In the context of Hotspot 2.0 PPS MO, this means addressing matching
part in the same manner for HomeSP/HomeOIList/<X+>/HomeOI regardless of
how HomeSP/HomeOIList/<X+>/HomeOIRequired is set (i.e., the required
part is used as an independent check for the AP advertising the needed
information while the "credential can be used here and this is a home
network" part is shared).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-15 16:51:02 +03:00
Jouni Malinen
d2b2083843 SAE: Allow PMKID to be added into Association Request frame following SAE
IEEE Std 802.11-2016 does not require this behavior from a SAE STA, but
it is not disallowed either, so it is useful to have an option to
identify the derived PMKSA in the immediately following Association
Request frames. This is disabled by default (i.e., no change to previous
behavior) and can be enabled with a global wpa_supplicant configuration
parameter sae_pmkid_in_assoc=1.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-14 17:49:23 +03:00
Matthew Wang
dd0153fced Check for LEAP before doing FT
According to https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/80211r-ft/b-80211r-dg.html
Cisco does not support EAP-LEAP with Fast Transition. Here,
we check for LEAP before selecting FT 802.1X key management
suite.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2019-08-11 18:04:24 +03:00
Jouni Malinen
b0b25c5bbc Clear external eapSuccess setting in driver-authorized cases
The conditions for the eapol_sm_notify_eap_success(FALSE) calls did not
cover the case where eapol_sm_notify_eap_success(TRUE) had been called
based on offloaded 4-way handshake and driver notification of
authorization in wpa_supplicant_event_port_authorized(). This could
result in eapSuccess and altSuccess state machine variables being left
TRUE when roaming to another BSS and that results in EAP failure if the
following roaming case does not get fully authorized through the driver
offload.

Fix this by clearing eapSuccess/altSuccess when processing a new
association (including roaming) event and also when disconnecting from
the network.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-07 19:24:06 +03:00
Jouni Malinen
ca8c2bd28a Preparations for v2.8 release
Update the version number for the build and also add the ChangeLog
entries for both hostapd and wpa_supplicant to describe main changes
between v2.7 and v2.8.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-07 16:25:25 +03:00
Sunil Dutt
3263fca289 Set the default scan IEs on interface restart
Previously, these default scan IEs were set only when parameter values
changed and during the interface initialization, which can get lost in
the driver on an interface restart. Hence, also set these IEs on an
interface restart notification even when there has been no change in the
values since the last update to the driver.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-07 11:43:12 +03:00
Jouni Malinen
422e73d623 DPP: Indicate authentication success on ConfReqRX if needed
It is possible to receive the Configuration Request frame before having
seen TX status for the Authentication Confirm. In that sequence, the
DPP-AUTH-SUCCESS event would not be indicated before processing the
configuration step and that could confuse upper layers that follow the
details of the DPP exchange. As a workaround, indicate DPP-AUTH-SUCCESS
when receiving the Configuration Request since the Enrollee/Responser
has clearly receive the Authentication Confirm even if the TX status for
it has not been received.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-05 13:31:14 +03:00
Arend van Spriel
cb28bd52e1 nl80211: Use separate flag for 4-way handshake offload
Commit d896874f86 ("nl80211: Indicate 802.1X 4-way handshake offload
in connect") used the req_key_mgmt_offload flag to indicate to the
driver that it should offload the 802.1X handshake. However, this field
was existing and used for a different offload API. This causes
wpa_supplicant to send a connect request without the WANT_1X_HS flag and
the subsequent set-pmk is rejected causing the connection to fail. Fix
that by introducing a new flag req_handshake_offload so the offloads are
no longer entangled.

Fixes: d896874f86 ("nl80211: Indicate 802.1X 4-way handshake offload in connect")
Reported-by: Stefan Wahren <wahrenst@gmx.net>
Tested-by: Stefan Wahren <wahrenst@gmx.net>
Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
2019-08-01 15:52:48 +03:00
Brian Norris
cc2fd94258 D-Bus: Demote timeout/flush messages to MSG_MSGDUMP
We intentionally don't emit property-changed signals on every property
update -- for "less timing critical" messages we delay up to 5
milliseconds waiting to see if we can batch them together. When the
timer hits, we emit the signal anyway and (potentially) log this
message. This amounts to effectively tracing every property update,
which can be quite excessive.

Lower this to MSGDUMP, so MSG_DEBUG can remain slightly more sane.

Signed-off-by: Brian Norris <briannorris@chromium.org>
2019-07-31 22:06:33 +03:00
Yu Wang
0136864032 P2P: Pass HE flag to GO negotiation result
In order to set up P2P connection with HE capability,
the 'he' flag should be passed to GO negotiation result.

Signed-off-by: Yu Wang <yyuwang@codeaurora.org>
2019-07-29 11:48:09 +03:00
Disha Das
5a511924b1 wpa_cli: Add support to process DPP action events in action script
Signed-off-by: Disha Das <dishad@codeaurora.org>
2019-07-24 20:16:02 +03:00
Jouni Malinen
64e37be945 Avoid nested enum wpas_mode declaration to allow C++ compilation
Move enum wpas_mode declaration to the global scope to avoid issues with
the recently added inline function wpas_mode_to_ieee80211_mode() using
it as an argument. This fixes C++ compilation issues with cases that
include wpa_supplicant_i.h.

Fixes: 3459c54ac7 ("mesh: Add support for HE mode")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-24 19:49:24 +03:00
Jouni Malinen
0ed57c5ea8 EAP-TEAP server and peer implementation (RFC 7170)
This adds support for a new EAP method: EAP-TEAP (Tunnel Extensible
Authentication Protocol). This should be considered experimental since
RFC 7170 has number of conflicting statements and missing details to
allow unambiguous interpretation. As such, there may be interoperability
issues with other implementations and this version should not be
deployed for production purposes until those unclear areas are resolved.

This does not yet support use of NewSessionTicket message to deliver a
new PAC (either in the server or peer implementation). In other words,
only the in-tunnel distribution of PAC-Opaque is supported for now. Use
of the NewSessionTicket mechanism would require TLS library support to
allow arbitrary data to be specified as the contents of the message.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-07-09 16:56:02 +03:00
Jouni Malinen
d3a035169b Remove useless NULL comparison for an array
Now that the TLS peer_cert information is provided as a full struct to
handler functions, the altsubject pointer shows up as an array and
causes static analyzers to warn about unnecessary NULL comparison. Get
rid of that comparison now that it is clearly not needed anymore.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-07-07 10:00:49 +03:00
Eric Caruso
91b6eba773 Move MAC address randomization enable/disable to helper functions
This makes it easier to share this for D-Bus implementation.

Signed-off-by: Eric Caruso <ejcaruso@chromium.org>
2019-06-26 20:56:01 +03:00
Sven Eckelmann
3459c54ac7 mesh: Add support for HE mode
Mesh points can partially support HE features (when requiring no
controlling STA/AP) as long as hardware supports it. The kernel just
requires support for HE mesh and wpa_supplicant can forward the peer
capabilities to the kernel for further processing.

Signed-off-by: Sven Eckelmann <seckelmann@datto.com>
2019-06-23 18:03:51 +03:00
Sven Eckelmann
f74618cb92 wpa_supplicant: Fix type for ssid->mode comparisons
The ssid->mode is from type enum wpas_mode and all its constants start
with WPAS_MODE_*. Still some of the code sections used the
IEEE80211_MODE_* defines instead of WPAS_MODE_*.

This should have no impact on the actual code because the constants for
INFRA, IBSS, AP and MESH had the same values.

Signed-off-by: Sven Eckelmann <seckelmann@datto.com>
2019-06-23 18:03:51 +03:00
Amit Khatri
30bbff142d DPP: Fix documentation to include operating class for URI
As per code dpp_parse_uri_chan_list() function checks "/" as separator
for operating class and operating channel. Update readme accordingly.

Signed-off-by: Amit Khatri <amit7861234@gmail.com>
2019-06-22 20:39:39 +03:00
Purushottam Kushwaha
dcc31e7957 HS 2.0: Skip credential without EAP method for roaming consortium match
EAP method is required for a credential that matches configured
roaming_consortium with an Interworking AP. Hence skip credentials which
do not have EAP method specified for this match. This fixes an issue
where a credential that cannot work without EAP method from NAI Realms
information is selected first based on roaming consortium.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-14 23:10:51 +03:00
Ankita Bajaj
ef59f98729 WNM: Provide option to disable/enable BTM support in STA
Add support to disable/enable BTM support using configuration and
wpa_cli command. This is useful mainly for testing purposes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-14 23:10:51 +03:00
Jouni Malinen
21f1a1e66c Report TOD policy in peer certificate events
Add tod=1 to CTRL-EVENT-EAP-PEER-CERT events if the peer certificate
includes the TOD policy in the X.509v3 Certificate Policies extension.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-14 23:10:50 +03:00
Jouni Malinen
bc0634da4a Pass full struct to peer certificate callbacks
This makes it easier to add new information to the callbacks without
having to modify each callback function type in EAPOL and EAP code every
time.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-14 23:10:50 +03:00
Jouni Malinen
7deb0450bc Interworking: Print HESSID in debug messages
This makes it easier to understand ANQP queries needed during
Interworking network selection.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-05 21:09:57 +03:00
leiwei
a93b369c17 macsec: Support IEEE 802.1X(EAP)/PSK MACsec Key Agreement in hostapd
Signed-off-by: leiwei <leiwei@codeaurora.org>
2019-06-03 20:27:44 +03:00
Srinivas Dasari
fb6ebd1ced SAE: Send external auth failure status to driver
wpa_supplicant prepares auth commit request as part of the external
authentication (first SAE authentication frame), but it fails to get
prepared when wpa_supplicant is started without mentioning the SAE
password in configuration. Send this failure status to the driver to
make it aware that the external authentication has been aborted by
wpa_supplicant.

Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
2019-05-31 16:52:15 +03:00
Sunil Dutt
cbfd0a263d P2P: Force p2p-send-action as the next radio work to execute
This increases the priority of the p2p-send-action radio work, i.e., the
radio work used for transmitting potentially offchannel P2P Action
frames by marking it as the next radio work to execute. This is to avoid
the delay in transmissions due to already queued offchannel radio work
items in the queue. In particular, this means not having to wait for a
pending p2p-scan radio work to be executed before the new P2P Action
frame can be transmitted. This helps in avoiding timeouts on the peer
device when a P2P Action frames is received during other activity on the
device.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-31 16:52:15 +03:00
Sunil Dutt
2e3bff5919 P2P: Reject p2p-send-action work while other one is pending
The previous implementation rejects the p2p-send-action work while there
is already one in progress (wpas_send_action_cb() has already been
called for it to start operation). Enhance the same to also consider any
p2p-send-action works pending in the radio work (i.e., waiting for that
wpas_send_action_cb() call).

This is considering the current behaviour of P2P to handle the state
corresponding to respective Action frame transmission:
pending_action_state. If a new P2P Action frame transmission is queued
while there is another one already in the queue, the transmit status of
the first frame is wrongly intepreted by the P2P state machine which has
already scheduled/queued another frame for transmission.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-31 16:52:15 +03:00
Ankita Bajaj
a8391db7cf OCE: Use RSSI of actual BSS which rejected association
If an AP rejects association due to low RSSI, then RSSI of the BSS from
which association reject is received shall be used for calculating RSSI
threshold at which STA can try connecting back to that BSS later. In
case of SME offload, the current_bss might not have been set before
receiving association completion, so fetch the BSS entry based on the
BSSID provided in the driver event.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-31 16:52:10 +03:00
Pradeep Kumar Chitrapu
7ace4328c0 wpa_supplicant: Add support to probe mesh link to given peer
Inject an Ethernet frame to a given peer bypassing next_hop lookup in
mpath table. Optional payload is expected to be hexdump without 0x.

usage:
wpa_cli -i <dev> mesh_link_probe <peer MAC> [payload=<hexdump of payload>]

example:
wpa_cli -i wlan0 mesh_link_probe aa:bb:cc:dd:ee:ff payload=aabb
wpa_cli -i wlan0 mesh_link_probe aa:bb:cc:dd:ee:ff

Signed-off-by: Pradeep Kumar chitrapu <pradeepc@codeaurora.org>
2019-05-28 14:38:30 +03:00
John Crispin
88005ee98d HE: Pass in HE information into hostapd_set_freq_params()
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:33:59 +03:00
John Crispin
464dcfd030 HE: Remove VHT_ prefix from CHANWITDH_* define
The bandwidth values are shared between VHT and HE mode so remove the
VHT specific prefix.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:27:49 +03:00
Jouni Malinen
0de46d8a66 mesh: Fix RSN initialization failure handling
The driver was left in mesh mode (joined to the group) if RSN
authenticator initialization failed. This could result in next
operations failing due to unexpected driver state.

This was found with the following hwsim test case sequence:
mesh_wpa_auth_init_oom dpp_config_no_discovery

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-25 21:48:45 +03:00
Mohit Sethi
2f6700c9c6 defconfig: Add config parameter for SIM simulator for EAP-SIM
Allow compilation of internal GSM-Milenage implementation for EAP-SIM
testing with eapol_test.

Signed-off-by: Mohit Sethi <mohit.sethi@aalto.fi>
2019-05-25 16:26:44 +03:00
Jouni Malinen
e8ebef87cb WNM: Fix BSS Termination Duration subelement length validation
The length check for the BSS Termination Duration subelement was
accidentally removed and this could result in reading up to 10 bytes
beyond the end of a received frame. The actual read bytes would be
stored locally, but they were not used for anything, so other than
reading beyond the end of an allocated heap memory buffer, this did not
result in any behavior difference or exposure of the bytes.

Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14922
Fixes: 093226783d ("WNM: Simplify how candidate subelements are stored")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-25 01:19:33 +03:00
Jouni Malinen
a96c783645 dbus: Fix some memory leaks on error paths
wpa_dbus_dict_close_write() was not called if
fill_dict_with_properties() fails and that could result in leaking
memory. Fix this in two cases. There might be other missing calls to
jouni@codeaurora.org() on error paths, but those will need to be handled
separately with more complex changes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 22:06:46 +03:00
Jouni Malinen
d42df8d6ce Fix a regression in storing of external_auth SSID/BSSID
An earlier change in drivers_ops API for struct external_auth broke the
way SSID and BSSID for an external authentication request were stored.
The implementation depended on the memory array being available in the
API struct with a use of memcpy() to copy the full structure even though
when only SSID and BSSID was needed. Fix this by replacing that
easy-to-break storing mechanism with explicit arrays for the exact set
of needed information.

Fixes: dd1a8cef4c ("Remove unnecessary copying of SSID and BSSID for external_auth")
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-28 16:24:32 +03:00
Jouni Malinen
9083ef1355 FT: Allow PMKSA caching to be enabled with FT-EAP
The new wpa_supplicant network profile configuration parameter
ft_eap_pmksa_caching=1 can be used to enable use of PMKSA caching with
FT-EAP for FT initial mobility domain association. This is still
disabled by default (i.e., maintaining previous behavior) to avoid
likely interoperability issues.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-28 16:01:45 +03:00
Jouni Malinen
2b84ca4dd9 Share common SAE and EAP-pwd functionality: suitable groups
Start sharing common SAE and EAP-pwd functionality by adding a new
source code file that can be included into both. This first step is
bringing in a shared function to check whether a group is suitable.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 23:49:49 +03:00
Omer Dagan
fa335929b7 wpa_cli: Make CTRL-EVENT-CHANNEL-SWITCH available to action scripts
Signed-off-by: Omer Dagan <omer.dagan@tandemg.com>
2019-04-22 22:08:07 +03:00
Omer Dagan
95f556f3c7 Make channel switch started event available over control interface
This makes it easier to upper layer components to manage operating
channels in cases where the same radio is shared for both station and AP
mode virtual interfaces.

Signed-off-by: Omer Dagan <omer.dagan@tandemg.com>
2019-04-22 22:08:07 +03:00
Jouni Malinen
4be17ffbd9 Replace int status/reason_code with u16 variable
These cases are for the IEEE 802.11 Status Code and Reason Code and
those fields are unsigned 16 bit values, so use the more appropriate
type consistently. This is mainly to document the uses and to make the
source code easier to understand.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-22 22:08:07 +03:00
Alex Khouderchah
cfde99a84b Add 802.11 reason code strings into wpa_supplicant messages
Logs involving IEEE 802.11 Reason Codes output the Reason Code value,
but do not provide any explanation of what the value means. This change
provides a terse explanation of each Reason Code using the latter part
of the reason code #define names.

Signed-off-by: Alex Khouderchah <akhouderchah@chromium.org>
2019-04-22 22:08:05 +03:00
Jouni Malinen
2a5a068086 DPP2: wpa_supplicant as TCP initiator
A DPP TCP connection can now be initiated directly from wpa_supplicant
with the new new tcp_port and tcp_addr parameters to the DPP_AUTH_INIT
control interface command. This initiates DPP Authentication exchange
over TCP with the specified Controller instead of using DPP Public
Action frames over WLAN.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-22 21:08:59 +03:00
Jouni Malinen
c02dd10d76 DPP2: wpa_supplicant as Controller over TCP
New wpa_supplicant control interface commands "DPP_CONTROLLER_START
[tcp_port=<port>]" and "DPP_CONTROLLER_STOP" can be used to start and
stop listening to DPP requests over TCP in the Responder role. The TCP
connections are processed similarly to the ones that would have been
received over DPP Public Action frames.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-22 21:08:59 +03:00
Jouni Malinen
2ed2b52ff5 DPP: Add configuration structure to dpp_global_init()
This can be used to provide configurable parameter to the global DPP
context. This initial commit introduces the msg_ctx context pointer for
wpa_msg().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-21 21:35:32 +03:00
Jouni Malinen
6396282430 Preparations for v2.8 release
Update the version number for the build and also add the ChangeLog
entries for both hostapd and wpa_supplicant to describe main changes
between v2.7 and v2.8.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-21 10:10:22 +03:00
Wiktor Drewniak
bce3d4f70e autoscan: Disable when we move above WPA_SCANNING state
In case of drivers that don't use wpa_supplicant as SME, autoscan
feature was never disabled.

Signed-off-by: Wiktor Drewniak <wiktor.drewniak@gmail.com>
2019-04-16 01:53:21 +03:00
Sergey Matyukevich
eb3234c07b SAE: Use open authentication to reassociate for PMKSA caching
For reassociation with the same AP wpa_supplicant attempts to use cached
PMKSA. For this purpose PMKID is passed in RSNE in (Re)Association
Request frame. In the case of SAE AP, open authentication shall be used
during reassociation. Otherwise cached PMKID becomes invalid after full
SAE authentication.

The previous implementation correctly handles SME-in-wpa_supplicant
cases. However SME-in-driver cases, complete SAE authentication is
performed. As a result, first reassociation attempt fails.

Fix SME-in-driver behavior by reseting authentication algorithm to
WPA_AUTH_ALG_OPEN when reassociating with SAE AP with an existing PMKSA
cache entry.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
2019-04-16 01:53:21 +03:00
Avraham Stern
fe01cd0067 Fix FILS ERP association event with 4-way HS offload drivers
When FILS authentication is used with ERP, no EAPOL frames are expected
after association. However, for drivers that set the
WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X capability flag, the EAP state
machine was not configured correctly and was waiting for EAPOL frames,
which leads to disconnection.

Fix this by reordering the if branches to set the EAPOL/EAP state
machines to success when FILS authentication was already completed.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2019-04-16 01:53:21 +03:00
Andrei Otcheretianski
31cf52bf2e Do not clear FT IEs twice in sme_deinit()
Remove FT IEs clearing from sme_deinit() as it is done twice. The
sme_clear_on_disassoc() call to sme_update_ft_ies() takes care of this.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2019-04-16 00:48:27 +03:00
Andrei Otcheretianski
01ac337b32 Stop SA Query on disconnection
SA Query wasn't stopped after disconnection, which could potentially
result in an unexpected SA timeout firing later when already connected
to another AP. Fix that by stopping SA Query when an association is
terminated.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2019-04-16 00:48:27 +03:00
Jouni Malinen
7a206c504f Add debug print on stopping SA Query procedure
This makes it easier to debug SA Query behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-16 00:42:58 +03:00
Andrei Otcheretianski
710c692381 P2PS: Cleanup pending_p2ps_group flag
pending_p2ps_group flag is not always cleaned, which may later result
in an unexpected GO bring up, after PD response is transmitted in
wpas_prov_disc_resp_cb().
This can be seen when running the following hwsim tests together:
 - p2ps_channel_sta_connected_disallow_freq_mcc
 - p2ps_channel_active_go_and_station_different_mcc
Fix this by clearing pending_p2ps_group flag also when processing new
PD requests. In addition, set this flag only when really needed.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2019-04-16 00:19:03 +03:00
Jouni Malinen
984d5b7e1f mesh: Fix random llid generation in an error case
If os_get_random() fails, llid must not be read/used since it could be
uninitialized. Handle that special case by clearing llid explicitly to 0
to continue iteration.

Fixes: 5f92659d88 ("mesh: Add mesh peering manager")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-15 22:26:07 +03:00
Jouni Malinen
e6ac47b47d Fix debug print in GET_PREF_FREQ_LIST handler
Do not use the buf argument to wpas_ctrl_iface_get_pref_freq_list() in
the debug print since it points to the response buffer ("OK\n" without
null termination). This was supposed to print the cmd argument instead.
The previous version ended up using uninitialized heap memory from the
response buffer.

Fixes: 983422088f ("nl80211: Add means to query preferred channels")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-15 20:54:12 +03:00
Jouni Malinen
2e70e807c8 D-Bus: Fix P2P GroupStarted signal not to use uninitialized IP buffer
wpas_p2p_completed() used wpa_sm_get_p2p_ip_addr() return value properly
for filling in the ip_addr[] string only if the IP addresses got
assigned, but the raw ip[] array was passed to
wpas_dbus_signal_p2p_group_started() regardless of whether the IP
addresses were assigned. This could result in using uninitialized stack
memory for constructing the GroupStarted signal values. Fix this by
filling those in only if the IP addressed are actually available.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-15 20:27:52 +03:00
Avraham Stern
56ac1f9dfe RRM: Set last beacon report indication in the last element only
The last beacon report indication was set in all the beacon report
elements in the last frame of the beacon report, while it should be
set only in the last beacon report element of the last frame.

Fixes: ecef0687dc ("RRM: Support for Last Beacon Report Indication subelement")
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2019-04-13 11:51:05 +03:00
Ben Greear
6f484978fb Document BSS expiration configurables
Help the user be aware of the options to configure when
wpa_supplicant will remove a BSS due to expiration.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2019-04-13 11:41:51 +03:00
Jouni Malinen
dd1a8cef4c Remove unnecessary copying of SSID and BSSID for external_auth
The external authentication command and event does not need to copy the
BSSID/SSID values into struct external_auth since those values are used
before returning from the call. Simplify this by using const u8 * to
external data instead of the array with a copy of the external data.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-12 20:43:26 +03:00
Jouni Malinen
242e857285 Extend domain_match and domain_suffix_match to allow list of values
These wpa_supplicant network profile parameters could be used to specify
a single match string that would be used against the dNSName items in
subjectAltName or CN. There may be use cases where more than one
alternative match string would be useful, so extend these to allow a
semicolon delimited list of values to be used (e.g.,
"example.org;example.com"). If any of the specified values matches any
of the dNSName/CN values in the server certificate, consider the
certificate as meeting this requirement.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-09 16:24:38 +03:00
Ilan Peer
0a42f1eded scan: Use normal scans after connection failure
In case of connection attempt failure, set 'normal_scans'
to zero, as otherwise it is possible that scheduled scan
would be used and not normal scan, which might delay the
next connection attempt.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2019-04-06 17:13:10 +03:00
Ilan Peer
0487967153 OWE: Fix a possible memory leak on error path
Properly handle the case where OWE IE is allocated, but
there is no space left to add it in the WPA IE buffer.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2019-04-06 17:02:13 +03:00
Peng Xu
edcaf16f9e P2P: Enable HE for both 2G and 5G bands
Previously HE was only enabled for a 2G P2P GO. This change enables HE
for both 2G and 5G P2P GO.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-05 20:59:48 +03:00
Ankita Bajaj
822c756e8c MBO: Update connect params with new MBO attributes to driver
MBO attributes Non-preferred channel list and Cellular capabilities are
updated using WNM-Notification Request frame to the current connected
BSS. These same attributes need to be added in the (Re)Association
Request frame sent by the station when roaming, including the case where
the driver/firmware takes care of SME/MLME operations during roaming, so
we need to update the MBO IE to the driver.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-05 20:56:03 +03:00
Ankita Bajaj
74f8e768f2 MBO: Always include Non-preferred Channel Report attribute in AssocReq
Include the Non-preferred Channel Report attribute in (Re)Association
Request frames even when the MBO STA has no non-preferred channels in
any operating classes. In case of no non-preferred channels the
attribute length field shall be set to zero and the Operating Class,
Channel List, Preference and Reason Code fields shall not be included.
This indicates to the MBO AP that the MBO STA has no non-preferred
channels access all supported operating classes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-05 20:43:59 +03:00
Jouni Malinen
bd23daa8e6 DPP: Move GAS encapsulation into dpp_build_conf_req()
Avoid duplicated code in each user of dpp_build_conf_req() by moving the
common encapsulation case into this helper function.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-03 19:10:47 +03:00
Jouni Malinen
be609c6fc6 SAE: Fix commit message override with external authentication
Do not add duplicate Transaction Sequence and Status Code fields when
using test functionality to override SAE commit message.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-01 13:28:26 +03:00
Jouni Malinen
9af1eea37a Prefer FT-SAE over FT-PSK if both are enabled
FT-SAE is considered stronger than FT-PSK, so prefer it over FT-PSK
similarly to how SAE is preferred over WPA-PSK.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-28 03:27:35 +02:00
Jouni Malinen
853bd19f22 Add more debug prints on suite selector selection
This makes it a bit easier to figure out why wpa_supplicant selects a
specific cipher/AKM for association.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-28 02:58:00 +02:00
Jouni Malinen
6d77014e71 Suite B: Prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192
If both of these AKMs are enabled in the wpa_supplicant network profile
and the target AP advertises support for both, prefer the FT version
over the non-FT version to allow FT to be used.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-28 01:57:10 +02:00
Jouni Malinen
ab3aebcce5 SAE: Fix PMKSA cache entry search for FT-SAE case
Previously, PMKSA cache entries were search for AKM=SAE and that did not
find an entry that was created with FT-SAE when trying to use FT-SAE
again. That resulted in having to use full SAE authentication instead of
the faster PMKSA caching alternative.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-27 04:03:12 +02:00
vamsi krishna
bcf1900058 FT-SAE: Enable external auth support for FT-SAE also
Extend the external authentication support to FT-SAE mode connections
also in addition to SAE mode connections.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-27 03:18:13 +02:00
Jouni Malinen
76fd782abe SAE: Reorder SAE and FT-SAE AKM selection to prefer the FT option
If a network profile has both SAE and FT-SAE enabled, SAE was previously
picked (and used incorrectly as explained in the previous commit). This
is not ideal since use of FT protocol can speed up roaming within in
mobility domain. Reorder this checks so that FT-SAE is preferred over
SAE if both are enabled.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-26 22:50:17 +02:00
Jouni Malinen
322d328e71 FT: Fix SAE + FT-SAE behavior in association parameter selection
Do not try to initialize FT reassociation if the selected AKM is for SAE
instead of FT-SAE when both of these are enabled in a network profile.
This fixes an issue with MDE being included in an (Re)Association
Request frame even when using a non-FT AKM (which is something that
results in hostapd rejecting the association).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-26 22:50:17 +02:00
Jouni Malinen
87d8435cf9 DPP: Common configurator/bootstrapping data management
Merge the practically copy-pasted implementations in wpa_supplicant and
hostapd into a single shared implementation in dpp.c for managing
configurator and boostrapping information. This avoid unnecessary code
duplication and provides a convenient location for adding new global DPP
data.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-24 17:29:45 +02:00
Jouni Malinen
10ec6a5f38 DPP2: PFS for PTK derivation
Use Diffie-Hellman key exchange to derivate additional material for
PMK-to-PTK derivation to get PFS. The Diffie-Hellman Parameter element
(defined in OWE RFC 8110) is used in association frames to exchange the
DH public keys. For backwards compatibility, ignore missing
request/response DH parameter and fall back to no PFS in such cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-18 18:32:31 +02:00
Jouni Malinen
18015fc8a4 DPP2: Support new legacy+DPP config object credentials
This allows devices supporting DPP protocol version 2 or newer to
provision networks that enable both the legacy (PSK/SAE) and DPP
credentials.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-16 18:52:06 +02:00
Jouni Malinen
dd6c598007 DPP: Support DPP and SAE in the same network profile
Make both DPP and SAE code aware of the cases where the same network
profile is configured to enable both DPP and SAE. Prefer DPP over SAE in
such cases and start DPP/SAE exchanges based on what both the station
and the AP support.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-16 17:29:59 +02:00
Jouni Malinen
9305c2332b DPP: Clean up configuration parsing
Share a single parsing implementation for both hostapd and
wpa_supplicant to avoid code duplication. In addition, clean up the
implementation to be more easily extensible.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-16 17:29:59 +02:00
Jouni Malinen
f5db775049 Remove pending connect and sme-connect radio works on disconnect
There was a race condition in a case where a new connection attempt was
scheduled as a pending radio work and that was followed by a DISCONNECT
command before the pending radio work is started. The pending radio work
would not have been deleted in that sequence and instead, it was
executed when the radio became available next. This could result in an
unexpected connection after an explicit request to disconnect.

Fix this by removing pending connect and sme-connect radio works on
disconnection request.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-15 13:03:31 +02:00
Jouni Malinen
67b3bcc954 DPP2: Testing option for Config Object rejction
Add a new testing option to force Enrollee to reject the receive Config
Object.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-15 00:31:09 +02:00
Jouni Malinen
22f90b32f1 DPP2: Configuration Result message generation and processing
Use this new message from Enrollee to Configurator to indicate result of
the config object provisioning if both devices support protocol version
2 or newer.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-15 00:31:09 +02:00
Jouni Malinen
c98617b48d DPP2: Make DPP version number support available over control interface
"GET_CAPABILITY dpp" can now be used to determine which version number
of DPP is supported in the build.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-15 00:31:09 +02:00
Jayachandran Sreekumaran
2b7fa03559 P2P: Fix ACS offloading behavior with p2p_no_group_iface=1
wpa_s->p2p_go_do_acs was not cleared during P2P group deletion and that
resulted in the case of no separate group interface continuing to assume
ACS was to be used for consecutive GO starts even if they tried to
specify a frequency. Fix this by explicitly clearing
wpa_s->p2p_go_do_acs during P2P group deletion and also clear this when
processing the P2P_GROUP_ADD if the parameters do not request ACS to be
used.

Fixes: 37ed3254de ("P2P: ACS offload for the autonomous GO")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-13 13:22:40 +02:00
Jouni Malinen
ce7effd08f DPP2: Build configuration flags for DPP version 2 support
The new CONFIG_DPP2=y build option for hostapd and wpa_supplicant is
used to control whether new functionality defined after the DPP
specification v1.0 is included. All such functionality are considered
experimental and subject to change without notice and as such, not
suitable for production use.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-13 12:00:09 +02:00
Jared Bents
841205a1ce OpenSSL: Add 'check_cert_subject' support for TLS server
This patch added 'check_cert_subject' support to match the value of
every field against the DN of the subject in the client certificate. If
the values do not match, the certificate verification will fail and will
reject the user.

This option allows hostapd to match every individual field in the right
order, also allow '*' character as a wildcard (e.g OU=Development*).

Note: hostapd will match string up to 'wildcard' against the DN of the
subject in the client certificate for every individual field.

Signed-off-by: Paresh Chaudhary <paresh.chaudhary@rockwellcollins.com>
Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-11 14:09:45 +02:00
Jouni Malinen
9571f945c6 mesh: Check that SAE state initialization succeeded for PMKID check
mesh_rsn_auth_sae_sta() might fail, so verify that sta->sae got
allocated before dereferencing it for a PMKID check.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-09 18:55:58 +02:00
Lubomir Rintel
fafad85274 defconfig: Enable DBus
Acquire the new name, along with introspection. This is generally useful
for other daemons to integrate with wpa_supplicant, notably
NetworkManager.

Debian and Fedora (and likely any other distro that configured wireless
via NetworkManager) enable this.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2019-03-09 18:35:49 +02:00
Lubomir Rintel
6a8dee76d4 wpa_supplicant: Drop the old D-Bus interface support
This drops support for the fi.epitest.hostap.WPASupplicant D-Bus name
along with the associated CONFIG_CTRL_IFACE_DBUS option. Nothing should
really be using this since 2010.

This is a just a straightforward removal. Perhaps the dbus_common.c and
dbus_new.c can be merged now. Also, the "_NEW" suffix of the config
option seems to make even less sense than it used to.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2019-03-09 18:33:26 +02:00
Jouni Malinen
954c535a50 DPP: Update wpa_supplicant configuration file after provisioning
WPS was already doing this if update_config=1 was set and DPP should be
consistent with that behavior. Update the configuration file if
update_config=1 and dpp_config_processing is set to 1 or 2.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-09 16:21:54 +02:00
Jouni Malinen
339dc8bd6b WPS: Allow SAE configuration to be added automatically for PSK
The new wpa_supplicant configuration parameter wps_cred_add_sae=1 can be
used to request wpa_supplicant to add SAE configuration whenever WPS is
used to provision WPA2-PSK credentials and the credential includes a
passphrase (instead of PSK). This can be used to enable WPA3-Personal
transition mode with both SAE and PSK enabled and also with PMF enabled.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-06 21:52:49 +02:00
Jouni Malinen
fd83089120 SAE: Reuse previously generated PWE on a retry with the same AP
Do not start SAE authentication from scratch when the AP requests
anti-clogging token to be used. Instead, use the previously generated
PWE as-is if the retry is for the same AP and the same group. This saves
unnecessary processing on the station side in case the AP is under heavy
SAE authentiation load.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-06 13:07:11 +02:00
Jouni Malinen
a9fe13035e SAE: Enable only groups 19, 20, and 21 in station mode
Remove groups 25 (192-bit Random ECP Group) and 26 (224-bit Random ECP
Group) from the default SAE groups in station mode since those groups
are not as strong as the mandatory group 19 (NIST P-256).

In addition, add a warning about MODP groups 1, 2, 5, 22, 23, and 24
based on "MUST NOT" or "SHOULD NOT" categorization in RFC 8247. All the
MODP groups were already disabled by default and would have needed
explicit configuration to be allowed.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-05 17:23:58 +02:00
Lubomir Rintel
611308365e defconfig: Enable IEEE 802.11w management frame protection (wpa_supplicant)
NetworkManager can use these if available and the distros generally
enable this already.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2019-02-25 19:48:50 +02:00
Lubomir Rintel
9515fa9250 defconfig: enable IEEE 802.11r fast BSS transition (wpa_supplicant)
Generally useful. Linux distros already enable these, upcoming
NetworkManager will support it too.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2019-02-25 19:48:50 +02:00
Lubomir Rintel
6b7a0da75b defconfig: Enable IEEE 802.11n and 802.11ac (wpa_supplicant)
I guess there's no reason anyone with capable hardware wouldn't want to
enable these. Debian and Fedora aleady do.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2019-02-25 19:48:50 +02:00
Lubomir Rintel
467004d632 defconfig: Enable Hotspot 2.0 (wpa_supplicant)
Generally useful, Debian enables this. Other distros should too.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2019-02-25 19:48:50 +02:00
Lubomir Rintel
ec52faa2b2 defconfig: Enable RSN on IBSS networks (wpa_supplicant)
Fedora and Debian enable this. NetworkManager actually rejects such
configurations citing kernel bugs, but that actually might not be the
right thing to do anymore.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2019-02-25 19:48:50 +02:00
Jouni Malinen
67d99d2e07 defconfig: Remove obsolete notes about OpenSSL requirements for EAP-FAST
OpenSSL 0.9.8 reached its end-of-life long time ago, so remove these old
notes about need of a newer OpenSSL version for EAP-FAST since all
current OpenSSL versions include the needed functionality.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-25 19:48:50 +02:00
Lubomir Rintel
eafc5fec22 defconfig: Enable a handful of EAP methods (wpa_supplicant)
Fedora uses AKA, FAST, GPSK_SHA256, GPSK, IKEV2, PAX, SAKE and TNC. I
don't know why these in particular. AKA wouldn't work, because
CONFIG_PCSC is off anyways; let's enable all the other ones, and also
PWD (openSUSE enabled it because users demanded it).

Debian enables all of the above uses, but also PWD, AKA_PRIME, SIM, PSK
and EKE.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2019-02-25 19:48:50 +02:00
Lubomir Rintel
f64050da02 defconfig: Enable logging to file and syslog (wpa_supplicant)
Debian and Fedora enable both and log to syslog. openSUSE seems to log
to a flat file instead.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2019-02-25 19:48:50 +02:00
Lubomir Rintel
ae5240db86 defconfig: Enable simple bgscan module (wpa_supplicant)
Generally useful. Linux distros enable this and also utilize it via
NetworkManager.

Debian also enables the learn module. I'm leaving it off as it's marked
experimental.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2019-02-25 19:48:49 +02:00
Lubomir Rintel
2d6d47219e defconfig: Enable AP (wpa_supplicant)
Generally useful. Debian and Fedora enable this and support creating
access points via NetworkManager too.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2019-02-25 19:48:49 +02:00
Lubomir Rintel
f87450a73f defconfig: Enable WPS (wpa_supplicant)
WPS is generally useful with consumer hardware, and exposed to desktop
users via NetworkManager.

The Linux distros, including Debian, Fedora, and openSUSE enable it.
Debian also enables external registar support and NFC.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2019-02-25 19:48:49 +02:00
Jouni Malinen
d989e67d07 defconfig: Fix typos in Wi-Fi Display description
These were supposed to be talking about Wi-Fi Display, not Wi-Fi Direct.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-25 19:48:49 +02:00
Lubomir Rintel
c4eafad091 defconfig: Enable P2P and Wi-Fi Display (wpa_supplicant)
Generally useful. Debian and Fedora enable this, upcoming NetworkManager
provide some level of support too.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2019-02-25 19:48:49 +02:00
Lubomir Rintel
bf46c6fca1 defconfig: Add SAE (wpa_supplicant)
Generally useful and the distros (Debian, Fedora) enable this already to
support WPA3-Personal and protected 802.11s mesh BSSs.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2019-02-25 19:48:49 +02:00
Lubomir Rintel
ca098ee454 defconfig: Add DPP (wpa_supplicant)
Generally useful, already enabled in Debian and Fedora.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2019-02-25 19:48:49 +02:00
Jouni Malinen
2f7bc06816 UBSan: Avoid a warning on unsigned integer overflow
wpa_non_pref_chan_cmp() needs to use explicit typecasts to avoid UBSan
warnings for unsigned integer overflows.

mbo.c:298:26: runtime error: unsigned integer overflow: 1 - 2 cannot be represented in type 'unsigned int'

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-25 19:48:49 +02:00
Jouni Malinen
cc4cdefc7f UBSan: Avoid unnecessary warning
elems->mic might be NULL here, so do not try to decrement it by 2 even
if the result is not used anywhere due to a latter check for elems->mic
being NULL.

mesh_rsn.c:646:20: runtime error: pointer index expression with base 0x000000000000 overflowed to 0xfffffffffffffffe

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-25 19:48:49 +02:00
Jouni Malinen
c4fccfc7a5 UBSan: Avoid memcmp(ptr, NULL, 0)
Skip the memcmp() call if ssid_len == 0 and entry->ssid might be NULL to
avoid an UBSan warning.

wpa_supplicant.c:3956:9: runtime error: null pointer passed as argument 2, which is declared to never be null

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-25 19:48:49 +02:00
Jouni Malinen
e3b5bd81bd UBSan: Fix RRM beacon processing attempt without scan_info
Some driver interfaces (e.g., wext) might not include the
data->scan_info information and data could be NULL here. Do not try to
call the RRM handler in this case since that would dereference the NULL
pointer when determining where scan_info is located and could
potentially result in trying to read from unexpected location if RRM is
enabled with a driver interface that does not support it.

events.c:1907:59: runtime error: member access within null pointer of type 'union wpa_event_data'

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-25 19:43:11 +02:00
Jouni Malinen
01d01a311c UBSan: Avoid size_t variable overflow in control interface
The loop "if (i-- == 0) break" style construction works in practice fine
since the check against 0 is done before decrementation. However, this
hits an UBSan warning, so split that decrementation to happen as a
separate step after the check and break from the loop.

ctrl_iface.c:5086:9: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'size_t' (aka 'unsigned long')

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-25 19:42:50 +02:00
Jouni Malinen
ec2e7c4cfa UBSan: Avoid unsigned integer overflow is throughput estimation
wpa_scan_result_compar() would return wb->est_throughput -
wa->est_throughput in case the comparison is done based on the
throughput estimates. While the return value from this function is a
signed integer, these est_throughput values are unsigned integers and
need to be explicitly typecast to avoid an UBSan warning.

scan.c:1996:30: runtime error: unsigned integer overflow: 54000 - 135000 cannot be represented in type 'unsigned int'

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-25 19:42:48 +02:00
Lior David
2c129a1b71 Fix cipher suite selector default value in RSNE for DMG
According to IEEE Std 802.11-2016, 9.4.2.25 when fields of an RSNE are
not included, the default values are used. The cipher suite defaults
were hardcoded to CCMP in the previous implementation, but the default
is actually different for DMG: GCMP (per 9.4.2.25.2).

It is not possible to find out from the RSNE if the network is non-DMG
or DMG, so callers of wpa_parse_wpa_ie_rsn() need to handle this case
based on context, which can be different for each caller.

In order to fix this issue, add flags to the wpa_ie_data indicating
whether pairwise/group ciphers were included in the RSNE. Callers can
check these flags and fill in the appropriate ciphers. The
wpa_parse_wpa_ie_rsn() function still initializes the ciphers to CCMP by
default so existing callers will not break. This change also fixes some
callers which need to handle the DMG network case.

Signed-off-by: Lior David <liord@codeaurora.org>
2019-02-21 12:42:24 +02:00
Davina Lu
83ebf55865 wpa_supplicant: Support Multi-AP backhaul STA onboarding with WPS
The Wi-Fi Alliance Multi-AP Specification v1.0 allows onboarding of a
backhaul STA through WPS. To enable this, the backhaul STA needs to add
a Multi-AP IE to the WFA vendor extension element in the WSC M1 message
that indicates it supports the Multi-AP backhaul STA role. The Registrar
(if it support Multi-AP onboarding) will respond to that with a WSC M8
message that also contains the Multi-AP IE, and that contains the
credentials for the backhaul SSID (which may be different from the SSID
on which WPS is performed).

Introduce a new parameter to wpas_wps_start_pbc() and allow it to be
set via control interface's new multi_ap=1 parameter of WPS_PBC call.
multi_ap_backhaul_sta is set to 1 in the automatically created SSID.
Thus, if the AP does not support Multi-AP, association will fail and
WPS will be terminated.

Only wps_pbc is supported.

This commit adds the multi_ap argument only to the control socket
interface, not to the D-Bus interface.

Since WPS associates with the fronthaul BSS instead of the backhaul BSS,
we should not drop association if the AP announces fronthaul-only BSS.
Still, we should only do that in the specific case of WPS. Therefore,
add a check to multi_ap_process_assoc_resp() to allow association with a
fronthaul-only BSS if and only if key_mgmt contains WPS.

Signed-off-by: Davina Lu <ylu@quantenna.com>
Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Cc: Marianna Carrera <marianna.carrera.so@quantenna.com>
2019-02-18 22:35:41 +02:00
Jouni Malinen
0f9632ceb8 mesh: More consistent checking of wpa_s->ifmsh in completion handler
It does not look like wpa_s->ifmsg could be NULL here, but better be
more consistent anyway to keep static analyzers happier by avoiding
dereference of wpa_s->ifmsh in the function before the NULL check for
it.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-18 18:46:40 +02:00
Jouni Malinen
947b5a1532 P2P: Stop listen state if Action frame TX is needed on another channel
This speeds up P2P responses to frames received on an operating channel
in case there is an ongoing P2P listen operation on another channel.
This is applicable to drivers that support multiple channels in
concurrently.

This addresses an issue showing up in the
p2ps_channel_active_go_and_station_different_mcc test case where the
Provision Discovery Request frame can be received on the operating
channel of a group instead of the Listen channel. The response was
delayed until the listen operation timed out and this took too long time
for the peer to receive the response.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-17 16:53:03 +02:00
Jouni Malinen
3f8ceff54c Indicate wifi_generation in wpa_supplicant STATUS output
This adds a wifi_generation=4/5/6 line to the STATUS output if the
driver reports (Re)Association Request frame and (Re)Association
Response frame information elements in the association or connection
event. Only the generations 4 (HT = 802.11n), 5 (VHT = 802.11ac), and 6
(HE = 802.11ax) are reported.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-15 02:09:41 +02:00
Jouni Malinen
dbfa691df4 VLAN assignment based on used WPA/WPA2 passphrase/PSK
Extend wpa_psk_file to allow an optional VLAN ID to be specified with
"vlanid=<VLAN ID>" prefix on the line. If VLAN ID is specified and the
particular wpa_psk_file entry is used for a station, that station is
bound to the specified VLAN. This can be used to operate a single
WPA2-Personal BSS with multiple VLANs based on the used passphrase/PSK.
This is similar to the WPA2-Enterprise case where the RADIUS server can
assign stations to different VLANs.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-14 13:36:54 +02:00
Jouni Malinen
bbdb501460 Note HT overrides in debug log only if set
This makes the debug log cleaner by removing the mostly confusing prints
about HT override parameters if they are not actually used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-10 01:43:50 +02:00
Masashi Honma
73f285dad2 Add FT-PSK to GET_CAPABILITY key_mgmt
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-02-05 23:37:55 +02:00
Jouni Malinen
8f99a3c26a Clear config item writing buffer before freeing it
This buffer may be used to store items like passwords, so better clean
it explicitly to avoid possibility of leaving such items in heap memory
unnecessarily.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-05 20:26:22 +02:00
Jouni Malinen
a68e9b6980 D-Bus: Fix P2P DeleteService dict iteration
The previous implementation assumed the first entry coming out from the
dict is always service_type. That may not be the case, so properly
iterate over all dict entries in one loop instead of assuming what the
first entry is.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-04 17:13:54 +02:00
Jouni Malinen
0607346f12 D-Bus: Fix a memory leak in DeleteService handler
If the service_type string entry is not included, the dict entry was not
cleared.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-04 12:26:35 +02:00
Jouni Malinen
d8c20ec591 DPP: Clear dpp_listen_freq on remain-on-channel failure
If the DPP_LISTEN command failed due to the driver rejecting the
remain-on-channel request, wpa_s->dpp_listen_freq was left set to the
requested listen frequency and this resulted in the next DPP_LISTEN for
the same frequency reporting "DPP: Already listening on .." even when
the driver was not really listening on that frequency. Fix this by
clearing wpa_s->dpp_listen_freq in the error case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-01-30 12:28:43 +02:00
Purushottam Kushwaha
59fa205388 P2P: Allow the avoid channels for P2P discovery/negotiation
The avoid channels are notified through
QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY allow minimal traffic, so
enhance the P2P behavior accordingly by considering these avoid
frequencies for P2P discovery/negotiation as long as they are not in
disallowed frequencies list.

Additionally, do not return failure when none of social channels are
available as operation channel, rather, mark the op_channel/op_reg_class
to 0 as this would anyway get selected during the group formation in
p2p_prepare_channel.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-01-30 12:15:19 +02:00
Masashi Honma
89896c0008 tests: Use python3 compatible print statement
This patch is made by using 2to3 command.

$ find . -name *.py | xargs 2to3 -f print -w -n

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-01-26 12:37:25 +02:00
Masashi Honma
bab493b904 tests: Use python3 compatible "except" statement
This patch is made by using 2to3 command.

$ find . -name *.py | xargs 2to3 -f except -w -n

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-01-26 12:11:35 +02:00
Daniel Golle
0dab477335 Write multi_ap_backhaul_sta to wpa_supplicant config
The network configration option multi_ap_backhaul_sta was added without
adding it to wpa_config_write_network(). Hence the value of this option
was not included when writing the configuration file. Fix this by
including it in wpa_config_write_network().

Fixes: 5abc7823b ("wpa_supplicant: Add Multi-AP backhaul STA support")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-01-24 00:27:12 +02:00
Lubomir Rintel
98251c6f21 dbus: Document more possible BSS/RSA/KeyMgmt values
This is probably not ideal, since it would be better if it ended up
being autogenerated somehow, but at least it's somewhat of an
improvement.

Also added a comment that encourages keeping the docs in sync.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2019-01-24 00:24:09 +02:00
Lior David
1e591df063 Check supported types in wpas_mac_addr_rand_scan_set()
When setting scan with randomized MAC, check the requested scan type
against supported types, to ensure callers will not set an unsupported
type, since this can cause scan/connect failures later. It is better to
do this in wpas_mac_addr_rand_scan_set() instead of control interface
specific code to apply the constraint on all possible interfaces using
this setting.

Signed-off-by: Lior David <liord@codeaurora.org>
2019-01-24 00:21:34 +02:00
Lior David
c85249aa15 Fix test compilation error related to sme_event_unprot_disconnect()
sme_event_unprot_disconnect() is only defined with CONFIG_IEEE80211W, so
the CONFIG_TESTING_OPTIONS command UNPROT_DEAUTH can be defined only
with builds that enable IEEE 802.11w support.

Signed-off-by: Lior David <liord@codeaurora.org>
2019-01-24 00:21:28 +02:00
Jouni Malinen
13a200a92a FILS: Remove notes about experimental implementation
The standard amendment has been published and there has been sufficient
amount of interoperability testing for FILS to expect the protocol not
to be changed anymore, so remove the notes claiming this to be
experimental and not suitable for production use.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-22 13:33:48 +02:00
Lubomir Rintel
86d4e05374 dbus: Expose support of SAE key management in BSS properties
This is going to be useful for NetworkManager and likely others.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2019-01-22 13:26:12 +02:00
Masashi Honma
3e949655cc Revert "mesh: Apply channel attributes before setup interface"
This reverts commit 2564184440.

Commit 2564184440 ("mesh: Apply channel attributes before setup
interface") triggers some channel configurations to result in leaking
memory. This seems to be caused by hapd->started not getting set when
going through a callback to start hostapd operation (e.g., when using
HT40 coex scan) due to hostapd_setup_bss() not getting called. This
results in hostapd_free_hapd_data() not clearing allocated
hapd->wpa_auth. This can be reproduced with the hwsim test case
mesh_secure_ocv_mix_legacy.

A more complete cleanup of the pending mesh patch for DFS support seems
to be needed to fix this properly, so the best approach for now is to
revert this patch and bring it back once rest of the mesh changes are
ready to be applied.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-01-21 23:43:12 +02:00
Amit Khatri
cc0f24196b D-Bus: Fix P2P Flush method to clear pending Action frames
If we call p2p_flush from ctrl_iface, before calling p2p_flush() it
calls wpas_p2p_stop_find(). Add the same call to the matching D-Bus
method to clear all pending operations.

Signed-off-by: Amit Khatri <amit7861234@gmail.com>
2019-01-21 12:30:17 +02:00
Jimmy Chen
a95906f938 P2P: support random interface address
To enhance privacy, generate a random interface for each group.

There are two configurations are introduced:
* p2p_interface_random_mac_addr
  enable interface random MAC address feature, default disable.

Signed-off-by: Jimmy Chen <jimmycmchen@google.com>
2019-01-12 17:58:30 +02:00
Jimmy Chen
9359cc8483 P2P: Support random device address
To enhance privacy, generate a random device address for P2P interface.
If there is no saved persistent group, it generate a new random MAC
address on bringing up p2p0. If there is saved persistent group, it will
use last MAC address to avoid breaking group reinvoke behavior.

There are two configurations are introduced:
* p2p_device_random_mac_addr
  enable device random MAC address feature, default disable.
* p2p_device_persistent_mac_addr
  store last used random MAC address.

Signed-off-by: Jimmy Chen <jimmycmchen@google.com>
2019-01-12 17:55:42 +02:00
Peng Xu
5a3319ab1b P2P: Add 802.11ax support for P2P GO
An optional parameter "he" is added to p2p_connect, p2p_group_add, and
p2p_invite to enable 11ax HE support. The new p2p_go_he=1 configuration
parameter can be used to request this to be enabled by default.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-01-12 13:09:39 +02:00
Martin Stanislav
cfb01f58a6 eapol_test: Start the identifier at an initial random value
Start the (EAP request) identifier at an initial random value
as recommended by RFC 3748 in section 4.1 Request and Response
on page 21.

Signed-off-by: Martin Stanislav <ms@uakom.sk>
2019-01-08 13:40:33 +02:00
Arend van Spriel
d896874f86 nl80211: Indicate 802.1X 4-way handshake offload in connect
Upon issuing a connect request we need to indicate that we want the
driver to offload the 802.1X 4-way handshake for us. Indicate it if
the driver capability supports the offload.

Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
2019-01-08 01:12:02 +02:00
Arend van Spriel
436ee2fd93 drivers: Add separate driver flags for 802.1X and PSK 4-way HS offloads
Allow drivers to indicate support for offloading 4-way handshake for
either IEEE 802.1X (WPA2-Enterprise; EAP) and/or WPA/WPA2-PSK
(WPA2-Personal) by splitting the WPA_DRIVER_FLAGS_4WAY_HANDSHAKE flag
into two separate flags.

Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
2019-01-08 01:12:02 +02:00
Ben Greear
b06d60a902 Use freq_list to constrain supported operating class information
If a station is configured to allow only a subset of frequencies for an
association, the supported operating classes may need to be more limited
than what the hardware supports.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2019-01-08 00:20:04 +02:00
Ben Greear
cb828507f5 Use disable_ht/vht to constrain supported operating class information
If user has disabled HT or VHT, those related operating classes
should not be advertised as supported.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2019-01-08 00:19:07 +02:00
Peter Oh
e5a9b1e8a3 mesh: Implement use of VHT20 config in mesh mode
Mesh in VHT mode is supposed to be able to use any bandwidth that VHT
supports, but there was no way to set VHT20 although there are
parameters that are supposed to be used. This commit along then previous
commit for VHT_CHANWIDTH_USE_HT makes mesh configuration available to
use any bandwidth with combinations of existing parameters like shown
below.

VHT80:
  default
  do not set any parameters
VHT40:
  max_oper_chwidth = 0
VHT20:
  max_oper_chwidth = 0
  disable_ht40 = 1
HT40:
  disable_vht = 1
HT20:
  disable_ht40 = 1
disable HT:
  disable_ht = 1

Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
2019-01-06 23:49:40 +02:00
Peter Oh
806db174fd mesh: Add VHT_CHANWIDTH_USE_HT to max_oper_chwidth
Channel width in VHT mode refers HT capability when the width goes down
to below 80 MHz, hence add checking HT channel width to its max
operation channel width. So that mesh has capability to select bandwidth
below 80 MHz.

Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
2019-01-06 23:43:40 +02:00
Ben Greear
fd83a80815 wpa_supplicant: Allow disabling VHT SGI capability
This provides similar features to what was already available for HT
overrides. Probe Request frames look correct, and VHT capabilities shown
in debugfs look as expected.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2019-01-06 20:59:36 +02:00
Jouni Malinen
02f52ab6f5 Use lchown() instead of chown() for self-created files
There is no need to allow symlink dereferencing in these cases where a
file (including directories and sockets) are created by the same
process, so use the safer lchown() variant to avoid leaving potential
windows for something external to replace the file before the chown()
call. The particular locations used here should not have write
permissions enabled for processes with less privileges, so this may not
be needed, but anyway, it is better to make these more restrictive
should there be cases where directory permissions are not as expected
for a good deployment.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-06 20:28:04 +02:00
Jouni Malinen
441ba1a3e3 dbus: Fix build without CONFIG_WNM=y
wpa_s->bss_tm_status is within #ifdef CONFIG_WNM, so need to access it
through matching condition.

Fixes: 80d06d0ca9 ("dbus: Export BSS Transition Management status")
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-05 18:44:17 +02:00
Jouni Malinen
cc9c4feccc OpenSSL: Allow systemwide policies to be overridden
Some distributions (e.g., Debian) have started introducting systemwide
OpenSSL policies to disable older protocol versions and ciphers
throughout all programs using OpenSSL. This can result in significant
number of interoperability issues with deployed EAP implementations.

Allow explicit wpa_supplicant (EAP peer) and hostapd (EAP server)
parameters to be used to request systemwide policies to be overridden if
older versions are needed to be able to interoperate with devices that
cannot be updated to support the newer protocol versions or keys. The
default behavior is not changed here, i.e., the systemwide policies will
be followed if no explicit override configuration is used. The overrides
should be used only if really needed since they can result in reduced
security.

In wpa_supplicant, tls_disable_tlsv1_?=0 value in the phase1 network
profile parameter can be used to explicitly enable TLS versions that are
disabled in the systemwide configuration. For example,
phase1="tls_disable_tlsv1_0=0 tls_disable_tlsv1_1=0" would request TLS
v1.0 and TLS v1.1 to be enabled even if the systemwide policy enforces
TLS v1.2 as the minimum version. Similarly, openssl_ciphers parameter
can be used to override systemwide policy, e.g., with
openssl_ciphers="DEFAULT@SECLEVEL=1" to drop from security level 2 to 1
in Debian to allow shorter keys to be used.

In hostapd, tls_flags parameter can be used to configure similar
options. E.g., tls_flags=[ENABLE-TLSv1.0][ENABLE-TLSv1.1]

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-05 17:14:26 +02:00
Jouni Malinen
f808bd59e8 FT: Do not try to use FT-over-air if reassociation cannot be used
There is no point in going through FT authentication if the next step
would have to use association exchange which will be rejected by the AP
for FT, so only allow FT-over-air if previous BSSID is set, i.e., if
reassociation can be used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-04 23:22:46 +02:00
Jouni Malinen
19c3a9a88d P2PS: Notify D-Bus about removal of a stale/empty persistent group
During P2PS PD Request processing wpa_supplicant removes stale and empty
persistent groups, but it did not notify D-Bus to unregister object. Fix
this by adding the missing notifications.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-04 13:19:20 +02:00
Amit Khatri
69dc9cabcc P2PS: Notify D-Bus about removal of a stale persistent group
During P2PS PD Request processing wpa_supplicant removes stale
persistent groups, but it did not notify D-Bus to unregister object.
This can result in leaving behind objects pointing to freed memory and
memory leaks. Sometime it can cause a crash in wpa_config_get_all()
function and DBUS_ERROR_OBJECT_PATH_IN_USE errors.

Fix this by adding the missed notification to D-Bus code to unregister
the object.

Signed-off-by: Amit Khatri <amit7861234@gmail.com>
2019-01-04 13:19:12 +02:00
Peter Oh
0332c27e32 mesh: Consider mesh interface on DFS event handler
Once mesh starts supporting DFS channels, it has to handle DFS related
events from drivers, hence add mesh interface to the check list.

Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-01-03 13:31:55 +02:00
Peter Oh
fed51174d6 mesh: Reflect country setting to mesh configuration for DFS
wpa_supplicant configuration has country parameter that is supposed to
be used in AP mode to indicate supporting IEEE 802.11h and 802.11d.
Reflect this configuration to Mesh also since Mesh is required to
support 802.11h and 802.11d to use DFS channels.

Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
2019-01-03 13:26:47 +02:00
Peter Oh
2564184440 mesh: Apply channel attributes before setup interface
This helps mesh interface initialization with correct channel
parameters.

Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
2019-01-03 13:13:07 +02:00
Peter Oh
3ba4a25e5d mesh: Set interface type to mesh before setting interface
Correct interface type is required to start DFS CAC that can be
triggered during interface setup.

Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
2019-01-03 13:02:56 +02:00
Peter Oh
c95619c211 mesh: Set mesh VHT center frequency
VHT center frequency value is required to compose the correct channel
info.

Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
2019-01-03 12:59:25 +02:00
Peter Oh
4b5453cedd mesh: Relocate RSN initialization
RSN initialization should work together with mesh join when it's used.
Since mesh join could be called at a different stage if DFS channel is
used, relocate the RSN initialization call to mesh join. It is still the
same call flow of mesh join before this if non-DFS channels are used,
hence no significant side effect will occur.

Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
2019-01-03 12:36:34 +02:00
Peter Oh
0daa7b75fa mesh: Factor out mesh join function
Mesh join function consists of two parts which are preparing
configurations and sending join event to the driver. Since physical mesh
join event could happen either right after mesh configuration is done or
after CAC is done in case of DFS channel is used, factor out the
function into two parts to reduce redundant calls.

Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
2019-01-03 12:35:56 +02:00
Peter Oh
1877842904 mesh: Factor out RSN initialization
RSN initialization can be used in different phases if mesh
initialization and mesh join don't happen in sequence such as DFS CAC is
done in between, hence factor it out to help convering the case. This
can also get rid of unnecessary indentation by handling the
mconf->security != MESH_CONF_SEC_NONE functionality in a helper
function.

Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
2019-01-03 12:04:23 +02:00
Hagai Moshe
b9eb717f85 wpa_cli: Add command for setting PSK_PASSPHRASE
Setting mem_only_psk=1 in the wpa_supplicant configuration prevents the
passphrase from being stored in the configuration file. wpa_supplicant
will request the PSK passphrase over the control interface in such case
and this new wpa_cli command can be used to set the psk_passphrase.

usage:
psk_passphrase <network id> <psk_passphrase>

Signed-off-by: Hagai Moshe <hagai.moshe@tandemg.com>
Signed-off-by: Simon Dinkin <simon.dinkin@tandemg.com>
2019-01-03 00:52:51 +02:00
Alex Khouderchah
38b405c8f0 dbus: Expose authentication status to D-Bus
wpa_supplicant currently logs CTRL-EVENT-AUTH-FAILED errors when
authentication fails, but doesn't expose any property to the D-Bus
interface related to this.

This change adds the "AuthStatusCode" property to the interface, which
contains the IEEE 802.11 status code of the last authentication.

Signed-off-by: Alex Khouderchah <akhouderchah@chromium.org>
2019-01-03 00:39:12 +02:00
Matthew Wang
80d06d0ca9 dbus: Export BSS Transition Management status
Add new Interface properties "BSSTMStatus", which carries the status of
the most recent BSS Transition Management request. This property will be
logged in UMA to measure 802.11v success.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2019-01-03 00:27:01 +02:00
Matthew Wang
2bbad1c7c9 dbus: Export roam time, roam complete, and session length
Add new Interface properties "RoamTime", "RoamComplete", and
"SessionLength". "RoamTime" carries the roam time of the most recent
roam in milliseconds. "RoamComplete" carries True or False corresponding
to the success status of the most recent roam. "SessionLength" carries
the number of milliseconds corresponding to how long the connection to
the last AP was before a roam or disconnect happened.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2019-01-03 00:20:34 +02:00
Jouni Malinen
ed87f6a80e Use a helper function for checking Extended Capabilities field
The new ieee802_11_ext_capab() and wpa_bss_ext_capab() functions can be
used to check whether a specific extended capability bit is set instead
of having to implement bit parsing separately for each need.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-02 18:13:19 +02:00
Jouni Malinen
e6b0898da3 Add [FST] and [UTF-8] flags to BSS command output
These flags were used in SCAN_RESULTS command output, but not BSS. Make
these consistent by adding the flags to BSS as well.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-02 17:58:31 +02:00
Jouke Witteveen
1f2c42cc7f Show [UTF-8] flag if the SSID is reported as UTF-8
Signed-off-by: Jouke Witteveen <j.witteveen@gmail.com>
2019-01-02 17:58:05 +02:00
Avraham Stern
ecef0687dc RRM: Support for Last Beacon Report Indication subelement
IEEE P802.11-REVmd/D2.0, 9.4.2.20.7 (Beacon request) and 9.4.2.21.7
(Beacon report) add the Last Beacon Report Indication subelement to
Beacon Request and Beacon Report elements.

Add the Last Beacon Report Indication subelement to all Beacon Report
elements if the Beacon Request indicated that this subelement is
requested.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2019-01-02 16:26:11 +02:00
Avraham Stern
3ec118780a RRM: Add support for beacon report fragmentation
When the frame body subelement would cause the measurement report
element to exceed the maximum element size, the frame body subelement
used to be truncated. In addition, some elements were always truncated
in order to keep the reported frame body short (e.g. RSN IE).

Alternatively, IEEE P802.11-REVmd/D2.0, 9.4.2.21.7 extension to Beacon
reporting can be used: The frame body subelement is fragmented across
multiple beacon report elements, and the reported frame body fragment ID
subelement is added.

Use beacon report fragmentation instead of truncating the frame body
as this method gives the AP a more complete information about the
reported APs.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2019-01-02 15:54:55 +02:00
Nishant Chaprana
46efa3dae0 dbus: Add vendor specific information element in peer properties
Make vendor specific information elements (VSIE) available in peer
properties, so that VSIE of a specific peer can be retrieved using
peer's object path.

Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
2019-01-02 13:00:57 +02:00
Lubomir Rintel
89a7cdd690 crypto: Add option to use getrandom()
According to random(4) manual, /dev/random is essentially deprecated on
Linux for quite some time:

"The /dev/random interface is considered a legacy interface, and
/dev/urandom is preferred and sufficient in all use cases, with the
exception of applications which require randomness during early boot
time; for these applications, getrandom(2) must be used instead, because
it will block until the entropy pool is initialized."

An attempt to use it would cause unnecessary blocking on machines
without a good hwrng even when it shouldn't be needed. Since Linux 3.17,
a getrandom(2) call is available that will block only until the
randomness pool has been seeded.

It is probably not a good default yet as it requires a fairly recent
kernel and glibc (3.17 and 2.25 respectively).

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2019-01-02 01:24:18 +02:00
Jouni Malinen
cc58a35735 Update copyright notices for the new year 2019
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-01 23:38:56 +02:00
Beni Lev
19677b77c3 OCE: Add RSSI based association rejection support (STA)
An AP might refuse to connect a STA if it has a low RSSI. In such case,
the AP informs the STA with the desired RSSI delta and a retry timeout.
Any subsequent association attempt with that AP (BSS) should be avoided,
unless the RSSI level improved by the desired delta or the timeout has
expired.

Defined in Wi-Fi Alliance Optimized Connectivity Experience technical
specification v1.0, section 3.14 (RSSI-based association rejection
information).

Signed-off-by: Beni Lev <beni.lev@intel.com>
2019-01-01 17:56:25 +02:00
Aloni, Adiel
dc9b7d217c P2P: Set global->p2p_group_formation in wpas_p2p_join_start() for p2pdev
When a dedicated P2P device interface is used, the
global->p2p_group_formation was not set in wpas_p2p_join_start() if no
separate group interface is used. This would cause that in case of a
failure in group formation, the cleaning of p2p_in_provisioning is done
on the wrong interface. Furthermore, P2P_CANCEL command could not be
used to stop such a group-join operation. Fix this by setting the
global->p2p_group_formation correctly in case that the group interface
is reusing wpa_s->parent.

Signed-off-by: Adiel Aloni <adiel.aloni@intel.com>
2019-01-01 16:56:22 +02:00
Jouni Malinen
32bb47faa1 Update wpa_supplicant channel list on FLUSH
Try to make sure the driver channel list state is synchronized with
wpa_supplicant whenever explicitly clearing state (e.g., between hwsim
test cases).

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-01 15:58:46 +02:00
Ben Greear
3518e3623f wpa_cli: Allow reconnect to global interface
Old code would just re-connect to a particular interface, even if user
had started wpa_cli with the '-g' option. Refactor global control
interface connection routine to allow it to be used in
wpa_cli_reconnect().

Signed-off-by: Ben Greear <greearb@candelatech.com>
2018-12-31 12:32:14 +02:00
Michal Privoznik
1b8ed2cac1 wpa_supplicant: Fix build with !CONFIG_AP and CONFIG_CTRL_IFACE_DBUS_NEW
If the CONFIG_CTRL_IFACE_DBUS_NEW is enabled but CONFIG_AP is
disabled the build fails. This is because dbus getters try to
access ap_iface member of wpa_supplicant struct which is defined
if and only if CONFIG_AP is enabled.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2018-12-31 11:41:26 +02:00
Jouni Malinen
948ba8c294 mka: MIB information
Provide MKA information through the wpa_supplicant control interface MIB
command.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-29 16:52:31 +02:00
Asbjørn Sloth Tønnesen
594b7fbdde wpa_supplicant: Document nl80211 driver in the man page
Signed-off-by: Asbjørn Sloth Tønnesen <hostap@asbjorn.st>
2018-12-27 16:03:46 +02:00
Jouni Malinen
7251f0badc mka: Extend CAK/CKN-from-EAP-MSK API to pass in MSK length
This can be used to allow 256-bit key hierarchy to be derived from
EAP-based authentication. For now, the MSK length is hardcoded to 128
bits, so the previous behavior is maintained.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-26 16:44:58 +02:00
Jouni Malinen
871439b5d5 mka: Allow 256-bit CAK to be configured for PSK mode
This allows 256-bit CAK to be used as the root key in the MKA key
hierarchy.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-26 16:44:58 +02:00
Andrey Kartashev
e49b78c0d5 mka: Allow configuration of MACsec replay protection
Add new configuration parameters macsec_replay_protect and
macsec_replay_window to allow user to set up MACsec replay protection
feature. Note that according to IEEE Std 802.1X-2010 replay protection
and delay protection are different features: replay protection is
related only to SecY and does not appear on MKA level while delay
protection is something that KaY can use to manage SecY state.

Signed-off-by: Andrey Kartashev <andrey.kartashev@afconsult.com>
2018-12-26 16:42:25 +02:00
Mike Siedzik
2fc0675683 mka: Fix lowest acceptable Packet Number (LPN) calculation and use
The purpose of the Lowest Acceptable PN (lpn) parameters in the MACsec
SAK Use parameter set is to enforce delay protection. Per IEEE Std
802.1X-2010, Clause 9, "Each SecY uses MKA to communicate the lowest PN
used for transmission with the SAK within the last two seconds, allowing
receivers to bound transmission delays."

When encoding the SAK Use parameter set the KaY should set llpn and olpn
to the lowest PN transmitted by the latest SAK and oldest SAK (if
active) within the last two seconds. Because MKPDUs are transmitted
every 2 seconds (MKA_HELLO_TIME), the solution implemented here
calculates lpn based on the txsc->next_pn read during the previous MKPDU
transmit.

Upon receiving and decoding a SAK Use parameter set with delay
protection enabled, the KaY will update the SecY's lpn if the delay
protect lpn is greater than the SecY's current lpn (which is a product
of last PN received and replay protection and window size).

Signed-off-by: Michael Siedzik <msiedzik@extremenetworks.com>
2018-12-26 16:42:25 +02:00
michael-dev
b678ed1efc macsec: Make pre-shared CKN variable length
IEEE Std 802.1X-2010, 9.3.1 defines following restrictions for CKN:

"MKA places no restriction on the format of the CKN, save that it comprise
an integral number of octets, between 1 and 32 (inclusive), and that all
potential members of the CA use the same CKN. No further constraints are
placed on the CKNs used with PSKs, ..."

Hence do not require a 32 octet long CKN but instead allow a shorter CKN
to be configured.

This fixes interoperability with some Aruba switches, that do not accept
a 32 octet long CKN (only support shorter ones).

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2018-12-25 17:29:15 +02:00
Jouni Malinen
93701b4afe tests: Allow TX/RX data test to use different frame length
This is needed for MACsec test cases with a bit shorter MTU.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-24 23:56:25 +02:00
Jouni Malinen
e422a819d0 Check snprintf result to avoid compiler warnings
These do not really get truncated in practice, but it looks like some
newer compilers warn about the prints, so silence those by checking the
result and do something a bit more useful if the output would actually
get truncated.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-24 11:09:22 +02:00
Damodaran, Rohit (Contractor)
ee98dd631a Readme for DPP
Addi a readme file for users for on-boarding devices with Device
Provisioning Protocol (DPP).

Signed-off-by: Rohit Damodaran <Rohit_Damodaran@comcast.com>
2018-12-23 17:25:11 +02:00
Andrej Shadura
c3f23ad6c7 dbus: Expose connected stations on D-Bus
Make it possible to list connected stations in AP mode over D-Bus, along
with some of their properties: rx/tx packets, bytes, capabilities, etc.

Signed-off-by: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>

Rebased by Julian Andres Klode <juliank@ubuntu.com> and updated to use
the new getter API.

Further modified by Andrej Shadura to not error out when not in AP mode
and to send separate StationAdded/StationRemoved signals instead of
changing signatures of existing StaAuthorized/StaDeauthorized signals.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
2018-12-23 17:25:11 +02:00
Andrej Shadura
f5f4c11aa1 dbus: Use dbus_bool_t, not int for boolean function arguments
Properties argument specifies whether to add object's properties
or not, hence it doesn't need to be int.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
2018-12-23 17:25:11 +02:00
Sergey Matyukevich
cdeea70f59 wpa_supplicant: Allow overriding HT STBC capabilities
Allow user to override STBC configuration for Rx and Tx spatial streams.
Add new configuration options to test for HT capability overrides.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
2018-12-23 17:25:11 +02:00
Jouni Malinen
0fb292c08e Add SAE to GET_CAPABILITY key_mgmt
Provide information about SAE AKM support in "GET_CAPABILITY key_mgmt"
for completeness. The "GET_CAPABILITY auth_alg" case is already
providing information about SAE support through user space SME.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-21 21:49:02 +02:00
Prasad, Jagadeesh (Contractor)
d2b5138116 DPP: Add self configuration command in hostapd_cli and wpa_cli
The back-end support for DPP self configuration was already present in
hostapd and wpa_supplicant. However, the command to invoke DPP self
configuration was not available in hostapd_cli and wpa_cli. Add the
command "dpp_configurator_sign" in them.

Signed-off-by: Prasad, Jagadeesh <Jagadeesh_Prasad@comcast.com>
2018-12-21 12:02:57 +02:00
Jouni Malinen
53d5de6f1d DPP: Accept DPP_CONFIGURATION_SIGN without double space before parameters
Make this command more convenient to use by not requiring two space
characters between the command and the first parameter.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-21 12:02:57 +02:00
Jouni Malinen
2a93ecc8ca Expose Multi-BSS STA capability through wpa_supplicant control interface
Indicate whether the driver advertises support for Multi-BSS STA
functionality with "GET_CAPABILITY multibss" (returns "MULTIBSS-STA" if
supported).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-20 21:30:43 +02:00
Venkateswara Naralasetty
5abc7823bd wpa_supplicant: Add Multi-AP backhaul STA support
Advertise vendor specific Multi-AP IE in (Re)Association Request frames
and process Multi-AP IE from (Re)Association Response frames if the user
enables Multi-AP fuctionality. If the (Re)Association Response frame
does not contain the Multi-AP IE, disassociate.

This adds a new configuration parameter 'multi_ap_backhaul_sta' to
enable/disable Multi-AP functionality.

Enable 4-address mode after association (if the Association Response
frame contains the Multi-AP IE). Also enable the bridge in that case.
This is necessary because wpa_supplicant only enables the bridge in
wpa_drv_if_add(), which only gets called when an interface is added
through the control interface, not when it is configured from the
command line.

Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org>
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2018-12-20 12:10:31 +02:00
Mathy Vanhoef
fa97981265 OCV: Include and verify OCI in WNM-Sleep Exit frames
Include and verify the OCI element in WNM-Sleep Exit Request and
Response frames. In case verification fails, the frame is silently
ignored.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 15:50:12 +02:00
Mathy Vanhoef
034388ac9c OCV: Include and verify OCI in the AMPE handshake
Include and verify the OCI element in AMPE Open and Confirm frames. Note
that the OCI element is included even if the other STA didn't advertise
support of OCV. The OCI element is only required and verified if both
peers support OCV.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 15:50:12 +02:00
Mathy Vanhoef
716ed96e8d OCV: Pass ocv parameter to mesh configuration
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 15:50:12 +02:00
Mathy Vanhoef
5c7d35ba07 Add UNPROT_DEAUTH command for testing OCV
This new wpa_supplicant control interface command can be used to
simplify testing SA Query with OCV.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 15:50:12 +02:00
Mathy Vanhoef
f91e68e903 OCV: Perform an SA Query after a channel switch
After the network changed to a new channel, perform an SA Query with the
AP after a random delay if OCV was negotiated for the association. This
is used to confirm that we are still operating on the real operating
channel of the network. This commit is adding only the station side
functionality for this, i.e., the AP behavior is not changed to
disconnect stations with OCV that do not go through SA Query.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 15:50:12 +02:00
Mathy Vanhoef
f9da7505bf OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.

On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.

Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.

As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 15:42:23 +02:00
Mathy Vanhoef
6ab73efa72 OCV: Add utility functions to insert OCI elements
This commit adds utility functions to insert various encoding of the OCI
element.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 00:02:14 +02:00
Mathy Vanhoef
55c12f5d37 OCV: Advertise OCV capability in RSN capabilities (STA)
Set the OCV bit in RSN capabilities (RSNE) based on station mode
configuration.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 20:49:27 +02:00
Mathy Vanhoef
875ab60d73 OCV: Advertise OCV capability in RSN capabilities (AP)
Set the OCV bit in RSN capabilities (RSNE) based on AP mode
configuration. Do the same for OSEN since it follows the RSNE field
definitions.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 20:48:48 +02:00
Mathy Vanhoef
ce6829c284 OCV: Add wpa_supplicant config parameter
Add wpa_supplicant network profile parameter ocv to disable or enable
Operating Channel Verification (OCV) support.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 20:31:21 +02:00
Mathy Vanhoef
138205d600 OCV: Add build configuration for channel validation support
Add compilation flags for Operating Channel Verification (OCV) support.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 20:31:21 +02:00
Mathy Vanhoef
ad20a1367f Store the VHT Operation element of an associated STA
APs and mesh peers use the VHT Operation element to advertise certain
channel properties (e.g., the bandwidth of the channel). Save this
information element so we can later access this information.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 18:35:30 +02:00
Mathy Vanhoef
4b62b52e5e Make channel_info available to the supplicant state machine
This adds the necessary functions and callbacks to make the channel_info
driver API available to the supplicant state machine that implements the
4-way and group key handshake. This is needed for OCV.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 18:35:30 +02:00
Mathy Vanhoef
7f00dc6e15 Add driver API to get current channel parameters
This adds driver API functions to get the current operating channel
parameters. This encompasses the center frequency, channel bandwidth,
frequency segment 1 index (for 80+80 channels), and so on.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 18:35:30 +02:00
Jouni Malinen
fb2dc898d6 WMM AC: Fix a typo in a comment
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-08 16:50:42 +02:00
Jouni Malinen
22d8bb04d9 WMM AC: Do not write ERROR level log entries when WMM AC is not in use
These two wpa_printf() calls with MSG_ERROR level could be reached when
connecting without (Re)Association Response frame elements being
available. That would be the case for wired connections and IBSS. Those
cases are not supposed to use WMM AC in the first place, so do not
confuse logs with ERROR messages in them for normal conditions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-08 16:48:33 +02:00
Jouni Malinen
06c00e6d93 OWE: Fix OWE network profile saving
key_mgmt=OWE did not have a config parameter writer and wpa_supplicant
was unable to save such a network profile correctly. Fix this by adding
the needed parameter writer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-08 16:27:26 +02:00
Damodaran, Rohit (Contractor)
ad6a92472d DPP: Support DPP key_mgmt saving to wpa_supplicant configuration
In the existing code, there was no "DPP" string available to the DPP key
management type for configuration parser of wpa supplicant. When the
configuration is saved, the key management string was left out from the
config file. Fix this by adding support for writing key_mgmt=DPP option.

Signed-off-by: Rohit Damodaran <Rohit_Damodaran@comcast.com>
2018-12-08 16:17:48 +02:00
Jouni Malinen
3ce48c440e HS 2.0: Fix PMF-in-use check for ANQP Venue URL processing
The previous implementation did not check that we are associated with
the sender of the GAS response before checking for PMF status. This
could have accepted Venue URL when not in associated state. Fix this by
explicitly checking for association with the responder first.

This fixes an issue that was detected, e.g., with these hwsim test case
sequences:
gas_anqp_venue_url_pmf gas_anqp_venue_url
gas_prot_vs_not_prot gas_anqp_venue_url

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-08 14:06:58 +02:00
Jouni Malinen
f44d760cf0 HS 2.0: Enable PMF automatically for Hotspot 2.0 network profiles
Hotspot 2.0 Release 2 requires PMF to be negotiated, so enable this by
default in the network profiles created from cred blocks.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-08 14:06:58 +02:00
Jouni Malinen
9ce2015a97 HS 2.0: Allocate enough buffer for HS 2.0 Indication element for scan
The HS 2.0 Indication element can be up to 9 octets in length, so add
two more octets to the minimum extra_ie buffer size for scanning.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-08 14:06:58 +02:00
Jouni Malinen
ec2cf403b8 HS 2.0: As a STA, do not indicate release number greater than the AP
Hotspot 2.0 tech spec mandates mobile device to not indicate a release
number that is greater than the release number advertised by the AP. Add
this constraint to the HS 2.0 Indication element when adding this into
(Re)Association Request frame. The element in the Probe Request frame
continues to show the station's latest supported release number.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-08 14:06:58 +02:00
Jouni Malinen
f2973fa39d FT: Fix CONFIG_IEEE80211X=y build without CONFIG_FILS=y
remove_ie() was defined within an ifdef CONFIG_FILS block while it is
now needed even without CONFIG_FILS=y. Remove the CONFIG_FILS condition
there.

Fixes 8c41734e5d ("FT: Fix Reassociation Request IEs during FT protocol")
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-03 12:00:26 +02:00
Jouni Malinen
c2c6c01bb8 Update version to v2.7 and copyright years to include 2018
Also add the ChangeLog entries for both hostapd and wpa_supplicant to
describe main changes between v2.6 and v2.7.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-02 21:34:59 +02:00
Jouni Malinen
55570efe35 Uncomment CONFIG_LIBNL32=y in defconfig
libnl 3.2 release is much more likely to be used nowadays than the
versions using the older API, so uncomment this in wpa_supplicant and
hostapd defconfig.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-02 21:34:59 +02:00
Ashok Kumar
698c9e2021 OWE: Try another group only on association rejection with status 77
Do not change the OWE group if association is rejected for any other
reason than WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED to avoid
unnecessary latency in cases where the APs reject association, e.g., for
load balancing reasons.

Signed-off-by: Ashok Kumar <aponnaia@codeaurora.org>
2018-12-02 20:42:09 +02:00
Jouni Malinen
117f586b05 DPP: Remove unused wpas_dpp_remain_on_channel_cb()
This function was apparently never used at all.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-02 18:40:06 +02:00
Jouni Malinen
e22c23382f DPP: Apply testing configuration option to signing of own config
Previous implementation had missed this case of setting configurator
parameters.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-02 00:26:21 +02:00
Jouni Malinen
8c41734e5d FT: Fix Reassociation Request IEs during FT protocol
The previous implementation ended up replacing all pending IEs prepared
for Association Request frame with the FT specific IEs (RSNE, MDE, FTE)
when going through FT protocol reassociation with the wpa_supplicant
SME. This resulted in dropping all other IEs that might have been
prepared for the association (e.g., Extended Capabilities, RM Enabled
Capabilities, Supported Operating Classes, vendor specific additions).

Fix this by replacing only the known FT specific IEs with the
appropriate values for FT protocol while maintaining other already
prepared elements.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-01 22:02:55 +02:00
Jouni Malinen
3d1d469195 Fix indentation level
This gets rid of smatch warnings about inconsistent indenting.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-30 21:28:19 +02:00
Ashok Ponnaiah
fcb3f11e4d SAE: Fix external authentication on big endian platforms
Need to handle the little endian 16-bit fields properly when building
and parsing Authentication frames.

Fixes: 5ff39c1380 ("SAE: Support external authentication offload for driver-SME cases")
Signed-off-by: Ashok Ponnaiah <aponnaia@codeaurora.org>
2018-11-30 17:26:26 +02:00
Jouni Malinen
a00d65e79f DPP: Reject invalid no-psk/pass legacy configurator parameters
Instead of going through the configuration exchange, reject invalid
legacy configurator parameters explicitly. Previously, configuring
legacy (psk/sae) parameters without psk/pass resulted in a config object
that used a zero length passphrase. With this change, that config object
is not sent and instead, either the initialization attempts is rejected
or the incoming initialization attempt is ignored.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-30 17:14:49 +02:00
Cedric Izoard
18a0508a41 external-auth: Check key_mgmt when selecting SSID
When selecting SSID to start external authentication procedure also
check the key_mgmt field as several network configuration may be defined
for the same SSID/BSSID pair. The external authentication mechanism is
only available for SAE.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2018-11-26 19:09:25 +02:00
Jouni Malinen
931f7ff656 DPP: Fix GAS client error case handling
The GAS client processing of the response callback for DPP did not
properly check for GAS query success. This could result in trying to
check the Advertisement Protocol information in failure cases where that
information is not available and that would have resulted in
dereferencing a NULL pointer. Fix this by checking the GAS query result
before processing with processing of the response.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-11-25 13:33:39 +02:00
Lubomir Rintel
d7591aab85 dbus: Expose availability of SHA384 on D-Bus
This lets us know whether we can attempt to use FT-EAP-SHA384.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2018-11-24 18:18:25 +02:00
Lubomir Rintel
eb7e747931 dbus: Expose availability of FT on D-Bus
This lets us know whether we can attempt to use FT-PSK, FT-EAP,
FT-EAP-SHA384, FT-FILS-SHA256 or FT-FILS-SHA384.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2018-11-24 18:18:25 +02:00
Lubomir Rintel
59d59eb0e0 Revert "D-Bus: Implement Pmf property"
This reverts commit adf8f45f8a.

It is basically all wrong. The Pmf property did exist, with a signature of
"s" as documented in doc/dbus.doxygen. It was synthesized from
global_fields[].

The patch added a duplicate one, with a signature of "u", in violation
of D-Bus specification and to bemusement of tools that are careful
enough:

  $ busctl introspect fi.w1.wpa_supplicant1 /fi/w1/wpa_supplicant1/Interfaces/666
  Duplicate property

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2018-11-24 18:03:55 +02:00
Jouni Malinen
4929d556cc mesh: Add Category and Action field to maximum buffer length
Make the buf_len calculation match more closely with the following
wpa_buf*() operations. The extra room from the existing elements was
apparently sufficiently large to cover this, but better add the two
octet header explicitly.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-11-24 13:36:54 +02:00
Bob Copeland
25778502d5 mesh: Fix off-by-one in buf length calculation
The maximum size of a Mesh Peering Management element in the case
of an AMPE close frame is actually 24 bytes, not 23 bytes, plus the
two bytes of the IE header (IEEE Std 802.11-2016, 9.4.2.102). Found by
inspection.

The other buffer components seem to use large enough extra room in their
allocations to avoid hitting issues with the full buffer size even
without this fix.

Signed-off-by: Bob Copeland <bobcopeland@fb.com>
2018-11-24 13:30:28 +02:00
Davide Caratti
2b7f46f1c7 examples: Fix shellcheck warnings in wps-ap-cli
use 'printf' instead of 'echo -n', to suppress the following warning:

In POSIX sh, echo flags are undefined. [SC2039]

Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
2018-11-22 15:53:30 +02:00
Jouni Malinen
dc673aec46 HS 2.0: Generate AssocReq OSEN IE based on AP advertisement
Parse the OSEN IE from the AP to determine values used in the AssocReq
instead of using hardcoded cipher suites. This is needed to be able to
set the group cipher based on AP advertisement now that two possible
options exists for this (GTK_NOT_USED in separate OSEN BSS; CCMP or
GTK_NOT_USED in shared BSS case). Furthermore, this is a step towards
allowing other ciphers than CCMP to be used with OSEN.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-09 18:07:16 +02:00
Jouni Malinen
d514b50265 WNM: Collocated Interference Reporting
Add support for negotiating WNM Collocated Interference Reporting. This
allows hostapd to request associated STAs to report their collocated
interference information and wpa_supplicant to process such request and
reporting. The actual values (Collocated Interference Report Elements)
are out of scope of hostapd and wpa_supplicant, i.e., external
components are expected to generated and process these.

For hostapd/AP, this mechanism is enabled by setting
coloc_intf_reporting=1 in configuration. STAs are requested to perform
reporting with "COLOC_INTF_REQ <addr> <Automatic Report Enabled> <Report
Timeout>" control interface command. The received reports are indicated
as control interface events "COLOC-INTF-REPORT <addr> <dialog token>
<hexdump of report elements>".

For wpa_supplicant/STA, this mechanism is enabled by setting
coloc_intf_reporting=1 in configuration and setting Collocated
Interference Report Elements as a hexdump with "SET coloc_intf_elems
<hexdump>" control interface command. The hexdump can contain one or
more Collocated Interference Report Elements (each including the
information element header). For additional testing purposes, received
requests are reported with "COLOC-INTF-REQ <dialog token> <automatic
report enabled> <report timeout>" control interface events and
unsolicited reports can be sent with "COLOC_INTF_REPORT <hexdump>".

This commit adds support for reporting changes in the collocated
interference (Automatic Report Enabled == 1 and partial 3), but not for
periodic reports (2 and other part of 3).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-30 14:07:51 +02:00
Ilan Peer
170244a1cd SME: Fix order of WPA IE in association request
In case that the protocol used for association is WPA the WPA IE was
inserted before other (non vendor specific) IEs. This is not in
accordance to the standard that states that vendor IEs should be placed
after all the non vendor IEs are placed. In addition, this would cause
the low layers to fail to properly order information elements.

To fix this, if the protocol used is WPA, store the WPA IE and reinsert
it after all the non vendor specific IEs were placed.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2018-10-20 11:26:13 +03:00