Commit graph

5111 commits

Author SHA1 Message Date
Jouni Malinen
6568e5d203 DPP2: Enterprise provisioning (Configurator)
Add Configurator functionality for provisioning enterprise (EAP-TLS)
configuration object.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-16 18:24:23 +03:00
Jouni Malinen
68ac45d53c GAS server: Support comeback delay from the request handler
Allow GAS request handler function to request comeback delay before
providing the response.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-15 23:56:06 +03:00
Jouni Malinen
518be614f1 SAE-PK: Advertise RSNXE capability bit in STA mode
Set the SAE-PK capability bit in RSNXE when sending out (Re)Association
Request frame for a network profile that allows use of SAE-PK.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-10 12:47:07 +03:00
Jouni Malinen
cc2d03601b HS 2.0: Use global pmf=2 for the created network block
Previously, PMF support was enabled in optional mode (ieee80211w=1) for
Hotspot 2.0 network blocks automatically. This did not consider the
global PMF parameter and unconditionally changed that value to optional.
Since the newly added network block had an explicit ieee80211w
parameter, this overrode the global parameter. To make this less
surprising, use the global pmf parameter value to select whether to add
network blocks for Hotspot 2.0 with PMF being optionally enabled (pmf=0
or pmf=1) or required (pmf=2).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-09 00:55:13 +03:00
Subrat Dash
790026c3da Allow TX queue parameters to be configured for wpa_supplicant AP/P2P GO
Allow user to configure the TX queue parameters through the
wpa_supplicant configuration file similarly to the way these can be set
in hostapd.

Parse the tx_queue_* parameters in the wpa_supplicant configuration file
and update the TX queue configuration to the AP/P2P GO interface in the
function wpa_supplicant_create_ap().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-09 00:29:42 +03:00
Jouni Malinen
fcef598ea2 Do not try to connect with zero-length SSID
It was possible to find a BSS to local network profile match for a BSS
entry that has no known SSID when going through some of the SSID
wildcard cases. At leas the OWE transition mode case without BSSID match
could result in hitting this. Zero-length SSID (i.e., wildcard SSID) is
not valid in (Re)Association Request frame, so such an association will
fail. Skip such a BSS to avoid known-to-be-failing association attempts.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-08 21:40:56 +03:00
Jouni Malinen
5f48d36b4a SAE-PK: Select SAE-PK network over SAE without PK
If there is an acceptable BSS with SAE-PK enabled in the same ESS,
select that over a BSS that does not enable SAE-PK when the network
profile uses automatic SAE-PK selection.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-07 16:49:07 +03:00
Jouni Malinen
d654ca24de Clean up wpa_scan_res_match()
Move the BSS-against-SSID matching into a separate helper function to
make this overly long function a bit more readable and to allow that
helper function to be used for other purposes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-07 16:30:32 +03:00
Jouni Malinen
9ad010c290 SAE-PK: Allow automatic SAE-PK to be disabled
This replaces the previously used sae_pk_only configuration parameter
with a more generic sae_pk that can be used to specify how SAE-PK is
negotiated. The default behavior (sae_pk=0) is to automatically
negotiate SAE-PK whenever the AP supports it and the password is in
appropriate format. sae_pk=1 allows only SAE-PK to be used and sae_pk=2
disables SAE-PK completely.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-07 11:55:16 +03:00
Purushottam Kushwaha
85ca13ebcf wpa_cli: Add all_bss command to print all scan results (BSS entries)
The wpa_supplicant control interface returns maximum of 4 kB of response
data and, thus, limits maximum number of scan entries as part of
SCAN_RESULTS to approximately 60. Add a new all_bss command to use a
more robust iteration of the BSS table entries with the BSS command to
to get all scan entries and print them in the same format as the
scan_results command.

Signed-off-by: Purushottam Kushwaha <pkushwah@codeaurora.org>
2020-06-06 17:07:24 +03:00
Jouni Malinen
215b4d8a72 FT: Do not add PMKID to the driver for FT-EAP if caching is disabled
wpa_supplicant disables PMKSA caching with FT-EAP by default due to
known interoperability issues with APs. This is allowed only if the
network profile is explicitly enabling caching with
ft_eap_pmksa_caching=1. However, the PMKID for such PMKSA cache entries
was still being configured to the driver and it was possible for the
driver to build an RSNE with the PMKID for SME-in-driver cases. This
could result in hitting the interop issue with some APs.

Fix this by skipping PMKID configuration to the driver fot FT-EAP AKM if
ft_eap_pmksa_caching=1 is not used in the network profile so that the
driver and wpa_supplicant behavior are in sync for this.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-06 16:48:57 +03:00
Tanmay Garg
63653307df Add support for indicating missing driver AKM capability flags
Add support for missing driver AKM capability flags from the list of
RSN_AUTH_KEY_MGMT_* flags and make these available through the
'GET_CAPABILITY key_mgmt' control interface command.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-06 15:18:13 +03:00
Jouni Malinen
8d1cbaaff7 SAE-PK: Transition mode disabled indication processing
Allow AP to disable transition mode for SAE-PK (i.e., prevent SAE
authentication without SAE-PK).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-06 15:18:13 +03:00
Jouni Malinen
a752695290 SAE: Add sae_h2e and sae_pk to wpa_supplicant STATUS command
This provides additional information on which options were used during
SAE authentication.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-06 15:18:13 +03:00
Jouni Malinen
cc22fb1b86 SAE: Move H2E and PK flags to main sae_data
This maintains knowledge of whether H2E or PK was used as part of the
SAE authentication beyond the removal of temporary state needed during
that authentication. This makes it easier to use information about which
kind of SAE authentication was used at higher layer functionality.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-06 15:18:13 +03:00
Jouni Malinen
bc908daace Document more network profile parameters
Some of the recently added wpa_supplicant network profile parameters
were not documented in wpa_supplicant.conf. Add these there based on the
documentation in config_ssid.h.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-06 15:18:13 +03:00
Jouni Malinen
1c846d647e SAE-PK: Allow SAE authentication without PK to be disabled
The new wpa_supplicant network profile parameter sae_pk_only=1 can now
be used to disable use of SAE authentication without SAE-PK.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-06 15:18:13 +03:00
Jouni Malinen
b6bcd74e53 Show SAE capabilities in control interface
Indicate local support for SAE H2E and SAE-PK.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-02 23:25:22 +03:00
Jouni Malinen
9bf576870e Show SAE flags in scan results
Indicate AP support for SAE H2E and SAE-PK in scan results.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-02 23:25:22 +03:00
Jouni Malinen
e7aeb6d8ac SAE-PK: STA functionality
This adds STA side functionality for SAE-PK. This version enables SAE-PK
automatically based on the configured SAE password value if the selected
AP advertises support for SAE-PK.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-02 23:25:22 +03:00
Jouni Malinen
6b9e99e571 SAE-PK: Extend SAE functionality for AP validation
This adds core SAE functionality for a new mode of using SAE with a
specially constructed password that contains a fingerprint for an AP
public key and that public key being used to validate an additional
signature in SAE confirm from the AP.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-02 23:25:22 +03:00
Jouni Malinen
8c1f61e820 OCV: Report OCI validation failures with OCV-FAILURE messages (STA)
Convert the previously used text log entries to use the more formal
OCV-FAILURE prefix and always send these as control interface events to
allow upper layers to get information about unexpected operating channel
mismatches.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-30 00:24:15 +03:00
Jouni Malinen
52579be860 OCV: Move "OCV failed" prefix to callers
Make reporting of OCV validation failure reasons more flexible by
removing the fixed prefix from ocv_verify_tx_params() output in
ocv_errorstr so that the caller can use whatever prefix or encapsulation
that is most appropriate for each case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-25 18:34:59 +03:00
Vamsi Krishna
2d118f557a OCV: Add support to override channel info OCI element (STA)
To support the STA testbed role, the STA has to use specified channel
information in OCI element sent to the AP in EAPOL-Key msg 2/4, SA Query
Request, and SA Query Response frames. Add override parameters to use
the specified channel while populating OCI element in all these frames.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-25 18:01:44 +03:00
Jouni Malinen
c2080e8657 Clear current PMKSA cache selection on association/roam
It was possible for the RSN state machine to maintain old PMKSA cache
selection (sm->cur_pmksa) when roaming to another BSS based on
driver-based roaming indication. This could result in mismatching state
and unexpected behavior, e.g., with not generating a Suite B PMKSA cache
entry.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-25 16:25:50 +03:00
Davide Caratti
39f29f250a defconfig: Enable TDLS
Some distros (e.g., Debian and Arch) already build wpa_supplicant with
support for TDLS, and Fedora is about to enable this feature as well.
Set CONFIG_TDLS=y in wpa_supplicant default build configuration.

Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
2020-05-17 16:10:03 +03:00
Jouni Malinen
4294d221d3 D-Bus: Increase introspection buffer size
It was apparently possible to hit the 20000 octet limit in some cases,
so increase the limit to avoid process termination due to insufficient
room for preparing a response to Introspect calls.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-16 21:46:24 +03:00
Jouni Malinen
79488da576 wolfssl: Do not hardcode include directory in wpa_supplicant build
This is not really appropriate for any kind of cross compilations and is
not really needed in general since system specific values can be set in
.config.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-16 21:07:45 +03:00
Jan Tojnar
0388992905 wpa_gui: Fix build with Inkscape 1.0
Inkscape 1.0 revamped their CLI flags, breaking the icon build.

https://wiki.inkscape.org/wiki/index.php?title=Using_the_Command_Line#Background

Signed-off-by: Jan Tojnar <jtojnar@gmail.com>
2020-05-16 16:13:33 +03:00
Jouni Malinen
7adea21d2f dpp-nfc: Enable hostapd beaconing for listen state
This is needed to be able to receive Public Action frames when hostapd
was initially started with start_disabled=1.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-15 14:46:41 +03:00
Jouni Malinen
134ad50b0e dpp-nfc: Clean up debug prints when handover select is received
If the local device becomes the handover selector, make the debug log
entries about client functionality not receiving the response clearer
since that is not really an error case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-15 14:20:26 +03:00
Jouni Malinen
5d49c1bf7c dpp-nfc: Do not indicate a single channel 1 by default
Allow any channel to be used by not including a specific single channel
in the handover request without a need (for AP mode, use the current
operating channel). When sending out the handover select, pick a single
channel if no specific channel has been negotiated.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-15 14:17:40 +03:00
Jouni Malinen
d0e2d8091f dpp-nfc: Make handover request collision detection more robust
Wait up to 100 ms for own handover request transmission to succeed if
peer handover request is received, but own crn is not yet available.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-15 12:10:59 +03:00
Jouni Malinen
8791e7461c dpp-nfc: Write debug info to summary log
Convert most print() calls to use the summary() helper so that the
printed information gets written into a log file as well. In addition,
start using a mutex lock to synchronize debug prints between threads to
avoid merging of messages from different contexts.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-15 12:03:53 +03:00
Jouni Malinen
1e0bc897ab dpp-nfc: Collision detection for handover request
Address possible handover request collisions for cases where both
devices try to initiate handover simultaneously.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-15 02:26:01 +03:00
Jouni Malinen
9ad3fe9343 dpp-nfc: Start handover server regardless of init-on-touch setting
The previous version was trying to force the handover roles based on the
--init-on-touch parameter on both sides. That is fine for some test
scenarios, but not appropriate for more normal use cases. Change this
design to enable handover server in all cases and only control starting
of the handover client based on --init-on-touch.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-15 01:21:01 +03:00
Jouni Malinen
24efcdf74d dpp-nfc: Own MAC address fetching from hostapd
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-15 00:44:27 +03:00
Jouni Malinen
8f96f2c3b1 dpp-nfc: Be more graceful when wpa_supplicant is not available
Do not try to proceed with negotiated connection handover if
wpa_supplicant control interface is not available.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-15 00:31:32 +03:00
Jouni Malinen
0b04d3c578 dpp-nfc: Allow wpa_supplicant control interface directory to be set
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-14 21:52:09 +03:00
Jouni Malinen
69dfbe6a93 dpp-nfc: Use Configurator/Enrollee parameters with tag reading
This was previously done only for the negotiated connection handover
case, but the same parameters are useful for the tag reading cases (URI
record and static handover).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-14 21:46:50 +03:00
Jouni Malinen
f85fb349fd dpp-nfc: More robust determination of the script directory
Make it more robust to import wpaspy regardless of how dpp-nfc.py is
being executed.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-14 21:29:25 +03:00
Jouni Malinen
44f7866784 Clean up GET_CAPABILITY handling of 'strict' argument
There is no need to maintain a pointer to the substring "strict"; use a
bool instead.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-12 17:33:54 +03:00
Veerendranath Jakkam
3790f3a6ee Use per-interface type driver key_mgmt capabilities when possible
Use key_mgmt_iftype instead of key_mgmt when the specific interface type
is known by the context of the operation.

Use per interface type AKM capabilities in capa.key_mgmt_iftype array
based on the wpa_supplicant context instead of using capa.key_mgmt to
determine the driver AKM capability.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-05-12 17:33:54 +03:00
Veerendranath Jakkam
8d7502809c Allow per interface type AKM capabilities to be fetched
Add support to query per interface type AKM capabilities through the
control interface. For example, "GET_CAPABILITY key_mgmt
iftype=STATION".

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-05-12 17:33:54 +03:00
Jouni Malinen
db59827a3c DPP2: Extend TCP encapsulation case to support Configurator as Initiator
This allows DPP_AUTH_INIT to be used with tcp_addr=<dst> argument and
Configurator parameters to perform Configurator initiated DPP
provisioning over TCP. Similarly, DPP_CONTROLLER_START can now be used
to specify Configurator/Enrollee roles and extend Controller to work in
Enrollee role.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-12 14:48:49 +03:00
Jouni Malinen
0086c14528 DPP: Extend NFC bootstrapping script for more control by caller
Add more parameters to dpp-nfc.py to allow it to be used with more
detailed control by the caller. This allows Enrollee/Configurator roles
to be selected and Configurator parameters to be specified on the
command line.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-12 00:57:44 +03:00
Jouni Malinen
670e153377 DPP2: Fix DPP_CHIRP listen parameter value validation
Check the correct variable.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 17:28:09 +03:00
Jouni Malinen
3aaf269f67 DPP: Move TCP encapsulation into a separate source code file
This continues splitting dpp.c into smaller pieces.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 17:26:11 +03:00
Jouni Malinen
21c612017b DPP: Move configurator backup into a separate source code file
This continues splitting dpp.c into smaller pieces.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 17:26:11 +03:00
Jouni Malinen
fdbbb74064 DPP: Move authentication functionality into a separate source code file
This continues splitting dpp.c into smaller pieces.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 17:26:11 +03:00
Jouni Malinen
182f6ae905 DPP2: Remove reconfigured network
Do not leave behind the old network profile when reconfiguration is
completed successfully.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 17:26:11 +03:00
Jouni Malinen
3e48c5d4b4 DPP2: Reconfig Authentication Confirm processing
Extend Enrollee functionality to process Reconfig Authentication
Confirm message and start GAS client.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 17:26:11 +03:00
Jouni Malinen
24b01c706b DPP2: Reconfig Authentication Response processing and Confirm generation
Extend Configurator functionality to process Reconfig Authentication
Response message, derive the needed keys, and generate Reconfig
Authentication Confirm message.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 17:26:09 +03:00
Jouni Malinen
65e94351dc DPP2: Reconfig Authentication Request processing and Response generation
Extend Enrollee functionality to process Reconfig Authentication Request
message, derive the needed keys, and generate Reconfig Authentication
Response message.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 16:41:33 +03:00
Jouni Malinen
3774b6bd03 DPP2: Reconfig Authentication Request generation and transmission
Extend Configurator functionality to sign a special Connector for
reconfiguration and reply with Reconfig Authentication Request frame
when Reconfig Announcement frame is received with a matching C-sign key
hash value.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 16:41:33 +03:00
Jouni Malinen
66ac616cdb DPP2: Process received Reconfig Announcement frame
Check if there is a matching Configurator and be ready to initiate
Reconfig Authentication (which itself is not included in this commit).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 16:41:33 +03:00
Jouni Malinen
0c043d9de7 DPP2: Reconfig Announcement transmission
Extend DPP chirping mechanism to allow Reconfig Announcement frames to
be transmitted instead of the Presence Announcement frames. Add a new
wpa_supplicant control interface command "DPP_RECONFIG <network id>" to
initiate reconfiguration for a specific network profile.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 16:41:33 +03:00
Jouni Malinen
d4ae12355a DPP: Move PKEX functionality into a separate source code file
This continues splitting dpp.c into smaller pieces.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 16:41:33 +03:00
Jouni Malinen
87b6572616 DPP: Move crypto routines into a separate source code file
This is an initial step in splitting the overly long dpp.c into smaller
pieces.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 12:09:24 +03:00
Jouni Malinen
0a488ef35c DPP: Track ending time for remain-on-channel operations
This may be needed to optimize use of offchannel TX operations with
wait-for-response when near the end of a pending remain-on-channel
operation.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-09 17:32:26 +03:00
Jouni Malinen
cbafc8ef4b Fix truncated control interface command detection
The recvfrom() calls were supposed to use the full allocated buffer size
(max+1) to match the res > max check.

Fixes: 96b6dd21a0 ("Increase wpa_supplicant control interface buffer size")
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-05 00:18:29 +03:00
Jouni Malinen
12c8eacf73 DPP: Allow version number to be overridden for testing purposes
"SET dpp_version_override <ver>" can now be used to request
wpa_supplicant and hostapd to support a subset of DPP versions. In
practice, the only valid case for now is to fall back from DPP version 2
support to version 1 in builds that include CONFIG_DPP2=y.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 00:37:45 +03:00
Jouni Malinen
143e3d8bc5 DPP2: Add DPP KDE into EAPOL-Key msg 2/4 when using DPP AKM
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 00:37:44 +03:00
Jouni Malinen
1f5f000086 DPP2: Try to negotiate PFS only if AP supports version 2 or newer
Check AP's DPP Protocol Version during network introduction and mark the
PMKSA cache as suitable for PFS use with version 2 or newer. This avoids
unnecessary attempt of negotiating PFS with version 1 APs.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 00:37:44 +03:00
Jouni Malinen
f6c22dcdea Use a local pointer to simply current_ssid accesses in sme_associate()
It is simpler to assign wpa_s->current_ssid to a local pointer now that
there are numerous dereferences of current_ssid within sme_associate().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 00:37:44 +03:00
Jouni Malinen
42acf1292d DPP2: Add Protocol Version attribute to network introduction messages
This can be used to determine whether to try to negotiate PFS (only
available with version 2 or higher).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 00:37:44 +03:00
Jouni Malinen
96b6dd21a0 Increase wpa_supplicant control interface buffer size
Increase the maximum command length from 4 kB to 8 kB mainly to allow
larger certificate blobs to be configured. Use heap memory to avoid
inconveniently large stack requirements. In addition, reject potentially
truncated commands instead of trying to process them.

The maximum length of the request can now be determined with
"GET max_command_len".

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-03 12:16:29 +03:00
Hai Shalom
c54a5e96b5 Randomize GAS dialog token
Randomize GAS dialog token field, instead of using an incremental
counter with predictable values. This change will make this field
unuseful for user fingerprinting.

Signed-off-by: Hai Shalom <haishalom@google.com>
2020-04-29 13:15:34 +03:00
Jouni Malinen
3d58e8286f FILS: Convert Boolean to C99 bool
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-24 17:06:50 +03:00
Jouni Malinen
86ea761e93 mesh: Convert Boolean to C99 bool
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-24 17:06:50 +03:00
Jouni Malinen
5e5eb5a312 MACsec: Convert Boolean to C99 bool
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-24 17:06:50 +03:00
Jouni Malinen
da8478a1ab EAPOL supp: Convert Boolean to C99 bool
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-24 17:06:50 +03:00
Jouni Malinen
37e3501bf7 FST: Convert Boolean to C99 bool
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-24 17:06:50 +03:00
Jouni Malinen
0c5edededa DPP: Fix config exchange with gas_rand_mac_addr
Do not use a random MAC address for the GAS exchange that is used as
part of the DPP protocol exchange since that would break DPP.
Configurator expects the same MAC address to be used for DPP
Authentication exchange and DPP Configuration exchange (GAS).

Since the DPP Authentication exchange has already used the MAC address
configured on the interface, use of a random address for the GAS
exchange would not provide any additional privacy protection. If a
random MAC address needs to be used for this type of an exchange, that
random address would need to be first configured on the interface before
starting DPP exchange.

This does not change GAS query behavior for any other use case, i.e.,
the gas_rand_mac_addr configuration continues to apply to all the
Interworking/Hotspot 2.0 uses.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-22 17:09:01 +03:00
Jouni Malinen
4d2ec436e3 DPP: Add driver operation for enabling/disabling listen mode
This can be used to configure RX filter to be able to receive broadcast
DPP Public Action frames.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-20 23:52:04 +03:00
Jouni Malinen
2c70b7d0b4 Do not open l2_packet(EAPOL) for receive unnecessarily
If the driver supports control port for EAPOL RX, do not register
l2_packet for RX to minimize unnecessary operation load.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-19 17:42:41 +03:00
Jouni Malinen
c3bb8865a0 Clean up l2_packet_get_own_addr() call
There is no need for this to be outside the if block that is used to
check whether l2_packet is used for the interface.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-19 16:50:56 +03:00
Jouni Malinen
9d6334e811 Do not open l2_packet bridge workaround socket if control port is used
This allows wpa_supplicant to avoid the packet socket workaround for
cases where a bridge interface is used if the driver supports control
port for EAPOL frame TX and RX.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-19 16:50:56 +03:00
Jouni Malinen
bb9e3935dd driver: Add second driver capability flags bitmap
All 64 bits of the capability flags bitmap are used, so add a new
variable to hold future capability bits.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-19 15:53:02 +03:00
Jouni Malinen
6255a8ac1f WPS: Convert WPA/TKIP-only to WPA+WPA2 mixed mode credential
This case of accepting WPA/TKIP-only credential based on internal
registrar request to configure an AP to use TKIP was still remaining
while all the WPS cases were supposed to enable mixed mode
automatically. This is bit of a corner case since this is based on
explicit local request to configure TKIP, but anyway, convert this one
as well to allow WPA2/CCMP to be used.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-17 23:51:58 +03:00
Disha Das
6b1c590ebb Allow TKIP support to be removed from build
Add a build flag CONFIG_NO_TKIP=y to remove all TKIP functionality from
hostapd and wpa_supplicant builds. This disables use of TKIP as both the
pairwise and group cipher. The end result does not interoperate with a
WPA(v1)-only device or WPA+WPA2 mixed modes.

Signed-off-by: Disha Das <dishad@codeaurora.org>
2020-04-17 23:51:58 +03:00
Jouni Malinen
b2d8dc59f4 FT: Testing override for RSNXE Used subfield in FTE
Allow wpa_supplicant to be requested to override the RSNXE Used subfield
in FT reassociation case for testing purposes with "SET ft_rsnxe_used
<0/1/2>" where 0 = no override, 1 = override to 1, and 2 = override to
0.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-14 16:37:35 +03:00
Jouni Malinen
97beccc838 SAE: Fix build without DPP/OWE/ERP
SAE needs sha256-kdf.c to be included in the build.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-04 18:11:11 +03:00
Vamsi Krishna
c7a9a5745b P2P: Start group with user configured params after accepting invitation
Use global configuration parameters while invoking a persistent P2P
group after accepting P2P Invitation Request from a peer.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-03 20:32:37 +03:00
Jouni Malinen
512b6c02e0 DPP: Mandate mutual auth with NFC negotiated connection handover
Mark own bootstrap information as having been used in NFC negotiated
connection handover and do not accept non-mutual authentication when
processing Authentication Response from the peer when such bootstrapping
information is used.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-03 16:27:52 +03:00
Jouni Malinen
e4eb009d98 DPP2: Add Connector and C-sign-key in psk/sae credentials for reconfig
If the Enrollee indicates support for DPP R2 or newer, add Connector and
C-sign-key in psk/sae credentials (i.e., cases where DPP AKM is not
enabled) for reconfiguration. Extend processing of such credentials in
wpa_supplicant network profile addition to handle this new case
correctly by not setting key_mgmt=DPP based on Connector being present,
but by looking at the actual akm value in the config object.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-02 21:34:49 +03:00
Jouni Malinen
1dcfbab254 DPP2: Clear requirement for QR Code mutual authentication for chirping
The chirping cases are not really targeting interactive operations, so
clear the requirement for mutual authentication when DPP_CHIRP command
is used. This avoids testing isues where an earlier DPP_LISTEN command
has used qr=mutual parameter and that seting not getting cleared before
the next DPP_CHIRP command is used.

This fixes a test case failure in the following test sequence:
dpp_auth_resp_status_failure dpp_controller_relay_chirp

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-01 17:19:10 +03:00
Jouni Malinen
0e794989e5 Beacon frame protection event for incorrect protection
Define a driver interface event for Beacon frame protection failures.
Report such events over the control interface and send a
WNM-Notification Request frame to the AP as well.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-01 16:22:48 +03:00
P Praneesh
7c8f540ee0 wpa_supplicant: Add HE override support
Add HE override support under the build parameter CONFIG_HE_OVERRIDES=y.
The disable_he=1 network profile parameter can be used to disable HE.
This requires a fallback to VHT on the 5 GHz band and to HT on the 2.4
GHz band.

There is no nl80211 support for configuring the driver to disable HE, so
for now, this applies only to IBSS and mesh cases.

Signed-off-by: P Praneesh <ppranees@codeaurora.org>
2020-03-30 12:55:01 +03:00
Jouni Malinen
d4f5d1f0c7 DPP: Add some more details on how to use DPP
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-29 23:24:45 +03:00
Jouni Malinen
66e20bb1a7 Fix the dpp_configurator_sign example command
The mandatory ssid parameter was forgotten from this command when it was
added to the dpp_auth_init examples.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-29 23:07:42 +03:00
Veerendranath Jakkam
bbf94a0958 nl80211: Configure PMKSA lifetime and reauth threshold timer to driver
Drivers that trigger roaming need to know the lifetime and reauth
threshold time of configured PMKSA so that they can trigger full
authentication to avoid unnecessary disconnection. To support this, send
dot11RSNAConfigPMKLifetime and dot11RSNAConfigPMKReauthThreshold values
configured in wpa_supplicant to the driver while configuring a PMKSA.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-03-28 17:27:42 +02:00
Jouni Malinen
5058f771d9 DPP2: Allow station to require or not allow PFS
The new wpa_supplicant network profile parameter dpp_pfs can be used to
specify how PFS is applied to associations. The default behavior
(dpp_pfs=0) remains same as it was previously, i.e., try to use PFS if
the AP supports it. PFS use can now be required (dpp_pfs=1) or disabled
(dpp_pfs=2).

This is also working around an interoperability issue of DPP R2 STA with
certain hostapd builds that included both OWE and DPP functionality.
That issue was introduced by commit 09368515d1 ("OWE: Process
Diffie-Hellman Parameter element in AP mode") and removed by commit
16a4e931f0 ("OWE: Allow Diffie-Hellman Parameter element to be
included with DPP"). hostapd builds between those two commits would
reject DPP association attempt with PFS. The new wpa_supplicant default
(dpp_pfs=0) behavior is to automatically try to connect again with PFS
disabled if that happens.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-28 17:23:22 +02:00
Jouni Malinen
06dd32903d DPP2: Presence Announcement processing at Configurator
Process received Presence Announcement frames and initiate
Authentication exchange if matching information is available on the
Configurator.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-27 20:05:25 +02:00
Jouni Malinen
562f77144c DPP2: Chirping in wpa_supplicant Enrollee
Add a new wpa_supplicant control interface command "DPP_CHIRP own=<BI
ID> iter=<count>" to request chirping, i.e., sending of Presence
Announcement frames, to be started.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-27 20:05:25 +02:00
Jouni Malinen
547dc7eaa3 DPP: Add DPP_BOOTSTRAP_SET command
"DPP_BOOTSTRAP_SET <ID> <configurator parameters..>" can now be used to
set peer specific configurator parameters which will override any global
parameters from dpp_configurator_params.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-27 17:44:06 +02:00
Jouni Malinen
514cc49ba5 DPP: Store global pointers in struct dpp_authentication
Set the global pointer and msg_ctx when allocating struct
dpp_authentication instead of needing to pass these to
dpp_set_configurator().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-27 17:44:06 +02:00
Jouni Malinen
bc95d58330 Fix a typo in function documentation
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-27 12:43:28 +02:00
Alexander Wetzel
8ca6f924d6 STA: Fix wpa_clear_keys() PTK key deletion logic
We have to delete PTK keys when either BIT(0) or BIT(15) are zero and
not only when both are zero.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-26 00:33:17 +02:00
Jouni Malinen
96686e637c wpa_supplicant AP mode configuration for Transition Disable KDE
Allow AP mode network profile in wpa_supplicant to be configured to
advertise Transition Disable DKE.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-26 00:18:06 +02:00
Jouni Malinen
9d1857cf35 Process Transition Disable KDE in station mode
Check whether the Transition Disable KDE is received from an
authenticated AP and if so, whether it contains valid indication for
disabling a transition mode. If that is the case, update the local
network profile by removing the less secure options.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-26 00:13:14 +02:00
Jouni Malinen
41c3f0cd5b Allow last configured Key ID for TK to be fetched from wpa_supplicant
"GET last_tk_key_idx" can now be used in testing build to determine
which was the last configured Key ID for the pairwise key.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-23 11:47:31 +02:00
Alexander Wetzel
b17b7a8e53 STA: Support Extended Key ID
Support Extended Key ID in wpa_supplicant according to
IEEE Std 802.11-2016 for infrastructure (AP) associations.

Extended Key ID allows to rekey pairwise keys without the otherwise
unavoidable MPDU losses on a busy link. The standard is fully backward
compatible, allowing STAs to also connect to APs not supporting it.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-23 11:47:31 +02:00
Jouni Malinen
b967b5e859 Limit scan frequency list to 100 entries
There is no real use case for the scan to be requested on more than 100
channels individually. To avoid excessively long lists with invalid
configuration, use 100 entry limit for the list before dropping to the
fallback scan-all-channels option.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-22 18:51:41 +02:00
Jouni Malinen
a2c23195ad D-Bus: Use size_t for values theoretically larger than 16-bit int
These are theoretical cases with 32-bit integers, but cases that could
potentially hit an integer overflow with 16-bit int.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-22 18:50:04 +02:00
Jouni Malinen
d2d16e3100 Use size_t instead of int or unsigned int for configuration items
While int and unsigned int are not going overflow in practice as 32-bit
values, these could at least in theory hit an integer overflow with
16-bit int. Use size_t to avoid such potential issue cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-22 18:50:04 +02:00
Jouni Malinen
4391ddd639 Use size_t instead of unsigned_int for last_scan_res
This avoids a theoretical unsigned integer overflow case with 32-bit
integers, but something that could potentially be hit with 16-bit int
(though, even that part looks pretty theoretical in this particular case
of number of BSSs in scan results).

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-22 18:50:04 +02:00
Matthew Wang
22f0318dbd Interpolate rate calculation functions
Make max_*_rate() functions and rate calculation at the beginning of
wpas_get_est_tpt() more continuous. In wpa_supplicant_need_to_roam(), we
compare these values to make a roaming decision. However, at certain
SNRs, we see unrealistically large jumps in estimated throughput
according to these functions, leading us to make incorrect roaming
decisions. Perform linear interpolation where applicable to more
accurately reflect actual throughput.

Example:
wlan0: Current BSS: 88:3d:24:b4:95:d2 freq=2412 level=-69 snr=20 est_throughput=54000
wlan0: Selected BSS: 88:3d:24:b4:89:9e freq=2417 level=-67 snr=22 est_throughput=63500
wlan0: Using signal poll values for the current BSS: level=-69 snr=20 est_throughput=54000
wlan0: Allow reassociation - selected BSS has better estimated throughput

2 dB increase in RSSI likely isn't responsible for a 17% increase in
throughput.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2020-03-21 19:00:44 +02:00
Matthew Wang
3a25897ef7 Adjust max bitrate SNR floors
These values were defined in commit a1b790eb9d ("Select AP based on
estimated maximum throughput") with no justification. Other sources
[0,1,2] give a different (consistent) set of SNR floors per MCS index.
Adjust the values accordingly.

[0] http://www.revolutionwifi.net/revolutionwifi/2014/09/wi-fi-snr-to-mcs-data-rate-mapping.html
[1] https://higher-frequency.blogspot.com/2016/10/80211n-80211ac-data-rates-and-snr.html
[2] https://www.wlanpros.com/resources/mcs-index-802-11ac-vht-chart/

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2020-03-21 18:17:44 +02:00
Jouni Malinen
eb26a6997d Allow SA Query to be disabled for testing purposes
The new wpa_supplicant control interface SET parameter disable_sa_query
can now be used to disable SA Query on receiving unprotected
disconnection event.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-21 18:12:02 +02:00
Jouni Malinen
6140cca819 FT: Omit RSNXE from FT protocol Reassociation Request when needed
The previous design for adding RSNXE into FT was not backwards
compatible. Move to a new design based on 20/332r3 to avoid that issue
by not include RSNXE in the FT protocol Reassociation Request frame so
that an AP not supporting RSNXE can still validate the FTE MIC
correctly.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-21 00:01:47 +02:00
Jouni Malinen
fab94f16e6 Indicate scan completion in active AP mode even when ignoring results
This is needed to avoid leaving external components (through control
interface or D-Bus) timing out while waiting for the scan completion
events. This was already taken care of for the scan-only case
("TYPE=only"), but the scan-and-allow-roaming case did not report the
scan completion event when operating in AP mode.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-15 21:18:16 +02:00
Jouni Malinen
f21fbfb977 Allow RSNE in EAPOL-Key msg 2/4 to be overridden for testing purposes
The new wpa_supplicant control interface parameter rsne_override_eapol
can be used similarly to the earlier rsnxe_override_eapol to override
the RSNE value added into EAPOL-Key msg 2/4.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-15 11:11:38 +02:00
Jouni Malinen
e861fa1f6b Move the "WPA: AP key_mgmt" debug print to be after final changes
Driver capabilities may end up masking out some WPA_KEY_MGMT_* bits, so
debug print the outcome only after having performed all these steps.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-13 20:01:53 +02:00
Gurumoorthi Gnanasambandhan
1d9cff86bd Multi-AP: Set 4-address mode after network selection
Split multi_ap_process_assoc_resp() to set 4-address mode after network
selection. Previously, wpa_s->current_ssid might have been NULL in some
cases and that would have resulted in 4-address mode not getting enabled
properly.

Signed-off-by: Gurumoorthi Gnanasambandhan <gguru@codeaurora.org>
2020-03-13 17:00:19 +02:00
Ananya Barat
2b9713d616 Fill the current opclass in (Re)AssocRequest depending on HT/VHT IEs
The previous implementation was assuming a fixed 20 MHz channel
bandwidth when determining which operating class value to indicate as
the Current Operating Class in the Supported Operating Classes element.
This is not accurate for many HT/VHT cases.

Fix this by determining the current operating class (i.e., the operating
class used for the requested association) based on the HT/VHT operation
elements from scan results.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-11 18:30:31 +02:00
Arturo Buzarra
1f13c1393c mesh: Fix CONFIG_HT_OVERRIDES build without CONFIG_VHT_OVERRIDES
Commit e5a9b1e8a3 ("mesh: Implement use of VHT20 config in mesh mode")
introduced the possibility to check the disable_vht param. However, this
entry is only available when CONFIG_VHT_OVERRIDES is enabled and as
such, this broke the build for some cases.

Fix this by encapsulating VHT property with the proper CONFIG entry.

Fixes: e5a9b1e8a3 ("mesh: Implement use of VHT20 config in mesh mode")
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
2020-03-10 22:55:16 +02:00
Jouni Malinen
52efde2aaa WPS: Do not set auth_alg=OPEN for PSK+SAE case
When wps_cred_add_sae=1 is used, WPS_AUTH_WPA2PSK credential gets
converted to enabling both PSK and SAE AKMs. However, this case was
still hardcoded auth_alg=OPEN which is not really correct for SAE. While
the SME-in-wpa_supplicant case can handle that, the SME-in-driver case
might not. Remove the unnecessary auth_alg=OPEN configuration to get the
normal PSK+SAE configuration enabled for the network profile.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-10 20:48:15 +02:00
Jouni Malinen
10223b501b SAE: Expose sae_write_commit() error cases to callers
Check whether an error is reported from any of the functions that could
in theory fail and if so, do not proceed with the partially filled SAE
commit buffer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-08 16:59:42 +02:00
Joshua DeWeese
fe0429a589 Replace systemd install Alias with WantedBy
According to the systemd documentation "WantedBy=foo.service in a
service bar.service is mostly equivalent to
Alias=foo.service.wants/bar.service in the same file." However,
this is not really the intended purpose of install Aliases.

Signed-off-by: Joshua DeWeese <jdeweese@hennypenny.com>
2020-03-08 16:16:11 +02:00
Jouni Malinen
f4bf6a5d44 OWE: Allow BSS entry with different SSID to be used in transition mode
Similarly to the wpa_supplicant_select_config() case,
wpa_get_beacon_ie() needs to handle the special case for OWE transition
mode where the SSID in the network profile does not match the SSID of
the OWE BSS (that has a hidden, random SSID). Accept such a BSS in case
the current scan results needs to be fetched for verifying EAPOL-Key msg
3/4 IEs.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-08 16:16:11 +02:00
Jouni Malinen
3c73811507 OWE: Mark BSS for transition mode based on active OWE network profiles
It is possible for the hidden OWE BSS to be found based on SSID-specific
scan (e.g., from the special OWE scan mechanism). In that sequence, the
previously used learning of OWE BSS was skipped since the SSID was
already present in the BSS entry. This could result in not being able to
find a matching BSS entry for the OWE BSS in transition mode.

Fix this by adding the BSS flag for transition mode based on SSID
matching against currently enabled OWE network profiles in addition to
the previous mechanism.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-08 16:16:11 +02:00
Jouni Malinen
ecb5219d8c OWE: Avoid incorrect profile update in transition mode
The "unexpected" change of SSID between the current network profile
(which uses the SSID from the open BSS in OWE transition mode) and the
association with the OWE BSS (which uses a random, hidden SSID) resulted
in wpa_supplicant incorrectly determining that this was a
driver-initiated BSS selection ("Driver-initiated BSS selection changed
the SSID to <the random SSID from OWE BSS>" in debug log).

This ended up with updating security parameters based on the network
profile inwpa_supplicant_set_suites() instead of using the already
discovered information from scan results. In particular, this cleared
the RSN supplicant state machine information of AP RSNE and resulted in
having to fetch the scan results for the current BSS when processing
EAPOL-Key msg 3/4.

Fix this by recognizing the special case for OWE transition mode where
the SSID for the associated AP does not actually match the SSID in the
network profile.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-07 18:03:32 +02:00
Alexander Wetzel
be15f33d07 Replace WPA_ALG_PMK with KEY_FLAG_PMK
Drop the no longer needed internal alg WPA_ALG_PMK and use KEY_FLAG_PMK
as replacement.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-06 21:44:31 +02:00
Andrew Siplas
2dd72315d9 wpa_cli: Add missing quote around interface name
There was only an open quote present.

Signed-off-by: Andrew Siplas <andrew@asiplas.net>
2020-03-06 21:44:31 +02:00
Zhaoyang Liu
87775e32f6 Fix segmentation fault for NULL confname in SAVE_CONFIG
When wpa_supplicant interface is added without a configuration file, the
SAVE_CONFIG command causes a segmentation fault due to referencing a
NULL pointer if the update_config parameter is first explicitly enabled.

Fix the issue by checking the confname for NULL before saving
configuration.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-06 11:21:58 +02:00
Veerendranath Jakkam
5fdacce465 Allow wildcard SSID to be enforced for a specific BSSID scan
Specific BSSID scan was replacing wildcard SSID with the known SSID if
any BSS with the specified BSSID is available in the known BSSes list.

Add control interface support to force use of a wildcard SSID in a
specific BSSID scan by user with the new "wildcard_ssid=1" argument to
the SCAN command.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-03-02 20:33:52 +02:00
Pradeep Kumar Chitrapu
43282f7329 mesh: Fix HE enablement on 5 GHz with VHT
Incorrect he_enabled parameter was being passed to
hostapd_set_freq_params() in mesh which caused HE to be not fully
enabled on the 5 GHz band. Fix this by setting freq->he_enabled instead
of vht_freq.he_enabled so that the hostapd_set_freq_params() uses the
correct he_enabled value (and then ends up copying this to
vht_freq.he_enabled in the success case).

Fixes: 6e711e7ab3 ("mesh: Do not enable HE on 5 GHz without VHT")
Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
2020-03-02 19:54:35 +02:00
Sachin Shelke
21f835e640 SAE: Allow SAE-only network profile with sae_password to be written
The commit a34ca59e (SAE: Allow SAE password to be configured separately
(STA)) added sae_password configuration option. We should also consider
sae_password in the wpa_config_write() function which stores the valid
network block details to an external database.

Fixes: a34ca59e4d ("SAE: Allow SAE password to be configured separately (STA)")
Signed-off-by: Sachin Shelke <sachin.shelke@nxp.com>
Signed-off-by: Cathy Luo <xiaohua.luo@nxp.com>
Signed-off-by: Ganapathi Bhat <ganapathi.bhat@nxp.com>
2020-03-02 11:49:19 +02:00
Alexander Wetzel
c1a6b1e47e privsep: Add key_flag to set_key()
Pass through the new key_flag to wpa_priv.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-01 21:11:07 +02:00
Jouni Malinen
852d370f65 Silence a compiler warning in no-WEP and no-EAP builds
wep_keys_set was not used in wpas_start_assoc_cb() without
IEEE8021X_EAPOL, so need to make this local variable conditional on
build options.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-01 20:57:14 +02:00
Ilan Peer
c4988e73c0 driver: Extend send_mlme() with wait option
PASN authentication can be performed while a station interface is
connected to an AP. To allow sending PASN frames while connected, extend
the send_mlme() driver callback to also allow a wait option. Update the
relevant drivers and wpa_supplicant accordingly.

hostapd calls for send_mlme() are left unchanged, since the wait option
is not required there.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2020-02-29 23:03:20 +02:00
Brian Norris
7a9c367225 DBus: Add "sae" to interface key_mgmt capabilities
This will be present when the driver supports SAE and it's included in
the wpa_supplicant build.

Signed-off-by: Brian Norris <briannorris@chromium.org>
2020-02-29 18:01:23 +02:00
Jouni Malinen
200c7693c9 Make WEP functionality an optional build parameter
WEP should not be used for anything anymore. As a step towards removing
it completely, move all WEP related functionality to be within
CONFIG_WEP blocks. This will be included in builds only if CONFIG_WEP=y
is explicitly set in build configuration.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-29 17:45:25 +02:00
Jouni Malinen
3fadb1dcc0 WPS: Ignore other APs if PBC is used with a specific BSSID
While the WSC specification requires the Enrollee to stop PBC
provisioning if the scan sees multiple APs in active PBC mode, this is
problematic due to some deployed devices continuing to advertise PBC
mode for extended duration (or even permanently). Such an environment
will still need to prevent wildcard AP selection with PBC since an
incorrect device could be selected. However, if the Enrollee device has
been explicitly requested to connect to a specific AP based on its
BSSID, the other APs in scan results can be ignored without affecting
which AP would be selected (only the one matching the specified BSSID is
acceptable).

Start filtering scan results for PBC session overlap check based on the
locally specified constraint on the BSSID, if one is set. This allows
PBC to be used with "WPS_PBC <BSSID>" command in environment where
another AP device is claiming to be in active PBC mode while "WPS_PBC"
command will still continue to reject provisioning since the correct AP
cannot be selected.

This will also cover the P2P cases where P2P_CONNECT is used to start or
authorize GO Negotiation and joining-a-GO with a specific P2P GO
Interface Address (BSSID).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-24 19:53:49 +02:00
Jouni Malinen
0f84a93f65 Fix a type in wpa_supplicant defconfig
ap_mode=1 explanation in CONFIG_NO_SCAN_PROCESSING=y was really supposed
to be talking about ap_scan=1.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-24 00:05:20 +02:00
Alexander Wetzel
0e05e8781a Simplify wpa_deny_ptk0_rekey documentation
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-02-23 23:59:58 +02:00
Janusz Dziedzic
12fb9698ab Use IFNAME= prefix for global UDP control interface events
There does not seem to be a good reason for using the different IFACE=
prefix on the UDP control interface. This got added when the UDP
interface in wpa_supplicant was extended in commit f0e5d3b5c6
("wpa_supplicant: Share attach/detach/send UDP ctrl_iface functions")
and that was then extended to hostapd in commit e920805685 ("hostapd:
Extend global control interface notifications").

Replace the IFACE= prefix in UDP case with IFNAME= to be consistent with
the UNIX domain socket based control interface.

This fixes a problem when at least one test case fail (hapd_ctrl_sta)
when remote/udp used. This also fixes test_connectivity().

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
2020-02-23 15:40:58 +02:00
Alexander Wetzel
293631f177 IBSS RSN: Coding style cleanup
Use consistent style for pointers.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-02-23 13:12:28 +02:00
Alexander Wetzel
1f90a49d02 STA: Allow PTK rekeying without Ext KeyID to be disabled as a workaround
Rekeying a pairwise key using only keyid 0 (PTK0 rekey) has many broken
implementations and should be avoided when using or interacting with
one. The effects can be triggered by either end of the connection and
range from hardly noticeable disconnects over long connection freezes up
to leaking clear text MPDUs.

To allow affected users to mitigate the issues, add a new configuration
option "wpa_deny_ptk0_rekey" to replace all PTK0 rekeys with fast
reconnects.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-02-23 13:05:19 +02:00
Jouni Malinen
e9ac44fcbc Make INTERWORKING_CONNECT more reliable in testing environment
Pick the most recently added BSS entry based on BSSID matching to avoid
issues in testing environment where the SSID of the AP may have changed
and both the old and new BSS is still present in the scan results.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-22 19:20:44 +02:00
Jouni Malinen
f3bcd69603 Remove CONFIG_IEEE80211N build option
Hardcoded CONFIG_IEEE80211N to be included to clean up implementation.
More or less all new devices support IEEE 802.11n (HT) and there is not
much need for being able to remove that functionality from the build.
Included this unconditionally to get rid of one more build options and
to keep things simpler.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-22 19:20:44 +02:00
Jouni Malinen
2d4c78aef7 Configure received BIGTK on station/supplicant side
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-18 00:18:47 +02:00
Jouni Malinen
ecbf59e693 wpa_supplicant configuration for Beacon protection
Add a new wpa_supplicant network profile configuration parameter
beacon_prot=<0/1> to allow Beacon protection to be enabled.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-18 00:18:47 +02:00
Didier Raboud
8155b36fae Fix VERSION_STR printf() calls in case the postfix strings include %
Do not use VERSION_STR directly as the format string to printf() since
it is possible for that string to contain '%'.

Signed-off-by: Didier Raboud <odyx@debian.org>
2020-02-17 19:17:10 +02:00
Jouni Malinen
466e48dcd7 HT: Remove SMPS in AP mode
SM Power Save was described in somewhat unclear manner in IEEE Std
802.11n-2009 as far the use of it locally in an AP to save power. That
was clarified in IEEE Std 802.11-2016 to allow only a non-AP STA to use
SMPS while the AP is required to support an associated STA doing so. The
AP itself cannot use SMPS locally and the HT Capability advertisement
for this is not appropriate.

Remove the parts of SMPS support that involve the AP using it locally.
In practice, this reverts the following commits:
04ee647d58 ("HT: Let the driver advertise its supported SMPS modes for AP mode")
8f461b50cf ("HT: Pass the smps_mode in AP parameters")
da1080d721 ("nl80211: Advertise and configure SMPS modes")

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-16 13:58:54 +02:00
Jouni Malinen
b056275111 Fix exception checking in a wpa_supplicant P2P example script
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-15 18:36:29 +02:00
Vamsi Krishna
75d0ec4702 P2P: Fix a possible buffer overflow in struct p2p_reg_class
Avoid adding more than P2P_MAX_REG_CLASSES operating classes or
P2P_MAX_REG_CLASS_CHANNELS channels while populating P2P channels. The
current limits on the operating classes or channels per operating class
could be hit in some case (mainly, with 6 GHz, but in theory, with a
2.4/5/60 GHz capable device as well).

If the local driver advertised a larger number of supported operarting
classes or channels per operating class, the construction of the struct
p2p_reg_class instances could have resulted in writing beyond the end of
the buffer and ending up corrupting memory around the struct p2p_config.
This could result in unexpected behavior in some other operations that
used corrupted memory, e.g., generation of a P2P Channel List failing
(with validation code stopping the process to avoid writing beyond the
end of the message buffer) due to not having sufficient buffer space for
the corrupted data.

This issue is triggered only based on information from the local driver
(mainly based on addition of support for 6 GHz band operating classes),
so the issue cannot be triggered based on received frames or any other
remote information.

The issue was introduced by commit d7c2c5c98c ("AP: Add initial
support for 6 GHz band") which added the operating class 131 which has
sufficiently large number of channels to go beyond the
P2P_MAX_REG_CLASS_CHANNELS limit.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-12 23:17:24 +02:00
Jouni Malinen
c304bddcf9 DPP: Stop Action frame sequence on DPP_STOP_LISTEN and PKEX failure
Previously it was possible for the PKEX/DPP exchange to terminate with
an error and the ongoing Action frame TX/RX offchannel operation not
getting terminated. This could leave the driver waiting on offchannel
until timeout and failing following operations before that timeout
happens. Fix this by explicitly stopping the Action frame sequence in
the driver in the previously missed cases.

This fixes a case that was showing up with the following test sequence
every now and then:
dpp_qr_code_chan_list_unicast dpp_pkex_test_fail dpp_enrollee_reject_config

dpp_pkex_test_fail was adding a large number of pending offchannel
operations and dpp_enrollee_reject_config could fail if those pending
operations were blocking new remain-on-channel or offchannel TX
operation for a sufficiently long time.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-11 07:09:47 +02:00
Jouni Malinen
c7cc80fbc8 DPP: Reset DPP_AUTH_INIT netrole back to STA by default
Previously DPP_AUTH_INIT command update wpa_s->dpp_netrole only if the
netrole parameter was included. This could leave AP or configurator
network in place for the next DPP_AUTH_INIT command. This would be
unexpected behavior, so reset wpa_s->dpp_netrole back to the
DPP_NETROLE_STA default if no explicit netrole parameter is included.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-11 06:33:24 +02:00