Commit graph

5180 commits

Author SHA1 Message Date
Jouni Malinen
37df40845a DPP2: Copy received ppKey into wpa_supplicant network profile
Store the received privacy protection key from Connector into
wpa_supplicant network profile and indicate it through the control
interface similarly to C-sign-key.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-13 23:38:47 +03:00
Udhayakumar Mahendiran
6c41d43f1a mesh: Stop SAE auth timer when mesh node is removed
Not doing this could cause wpa_supplicant to crash.

Signed-off-by: Udhayakumar Mahendiran <udhayakumar@qubercomm.com>
2020-10-12 20:16:12 +03:00
Wystan Schmidt
e3b47cdf86 DPP2: Add DPP_CHIRP commands to hostapd_cli and wpa_cli
Add the DPP control interface chirp commands to the CLIs for greater
visibility and ease of use.

Signed-off-by: Wystan Schmidt <wystan.schmidt@charter.com>
2020-10-11 20:26:21 +03:00
Jimmy Chen
cb3b709367 P2P: Set ap_configured_cb during group reform process
We found that if REMOVE-AND-REFORM occurs before a group is started,
it would not send out GROUP-STARTED-EVENT after AP is enabled.

In the remove-and-reform process, ap_configured_cb is cleared. If a
group is not started, p2p_go_configured() will not be called after
completing AP setup. Fix this by preserving the callback parameters.

Signed-off-by: Jimmy Chen <jimmycmchen@google.com>
2020-10-11 20:08:37 +03:00
Jimmy Chen
0e9f62e514 P2P: Fallback to GO negotiation after running out of GO scan attempts
We found a problem that p2p_fallback_to_go_neg is not handled correctly
after running out of GO scan attempts. When autojoin is enabled and a
group is found in old scan results, supplicant would try to scan the
group several times. If the group is still not found, it reports group
formation failure while p2p_fallback_to_go_neg is enabled already.

If p2p_fallback_to_go_neg is enabled, it should fallback to GO
negotiation, but not report group formation failure after running out of
GO scan attempts.

Signed-off-by: Jimmy Chen <jimmycmchen@google.com>
2020-10-11 20:00:57 +03:00
Andrew Beltrano
7e4ed93d36 wpa_cli: Add dpp_bootstrap_set command
Expose DPP_BOOTSTRAP_SET through wpa_cli command dpp_bootstrap_set <id>
<configurator params..>

Signed-off-by: Andrew Beltrano <anbeltra@microsoft.com>
2020-10-11 19:47:08 +03:00
Johannes Berg
283eee8eed gitignore: Clean up a bit
Now that we no longer leave build artifacts outside the build folder, we
can clean up the gitignore a bit. Also move more things to per-folder
files that we mostly had already anyway.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-11 19:32:50 +03:00
Markus Theil
ae0b90dfa4 mesh: Allow channel switch command
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-10-11 11:24:14 +03:00
Brian Norris
4b96fafcd8 D-Bus: Share 'remove all networks' with CLI
The D-Bus implementation of RemoveAllNetworks differs wildly from the
CLI implementation. Let's share the implementations.

This resolves use-after-free bugs I noticed, where we continue to use
the 'wpa_s->current_ssid' wpa_ssid object after freeing it, because we
didn't bother to disconnect from (and set to NULL) current_ssid before
freeing it.

Signed-off-by: Brian Norris <briannorris@chromium.org>
2020-10-10 20:39:00 +03:00
Georg Müller
2818e9ca90 wpa_supplicant: Do not retry scan if operation is not supported
When using NetworkManager to set up an access point, there seems to be a
race condition which can lead to a new log message every second.

The following message appears in AP mode:

    CTRL-EVENT-SCAN-FAILED ret=-95 retry=1

Normally, this log message only appears once. But then (and only then)
the race is triggered and they appear every second, the following log
messages are also present:

    Reject scan trigger since one is already pending
    Failed to initiate AP scan

This patch just disables the retry for requests where the operation is
not supported anyway.

Signed-off-by: Georg Müller <georgmueller@gmx.net>
2020-10-10 20:26:18 +03:00
Benjamin Berg
c0b88d1291 P2P: Limit P2P_DEVICE name to appropriate ifname size
Otherwise the WPA_IF_P2P_DEVICE cannot be created if the base ifname is
long enough. As this is not a netdev device, it is acceptable if the
name is not completely unique. As such, simply insert a NUL byte at the
appropriate place.

Signed-off-by: Benjamin Berg <bberg@redhat.com>
2020-10-10 20:24:55 +03:00
Markus Theil
566ea1b7ce mesh: Set correct address for mesh default broadcast/multicast keys
wpa_drv_set_key() was called with a NULL address for IGTK and MGTK
before this patch. The nl80211 driver will then not add the
NL80211_KEY_DEFAULT_TYPE_MULTICAST flag for the key, which wrongly marks
this key also as a default unicast key in the Linux kernel.

With SAE this is no real problem in practice, as a pairwise key will be
negotiated in mesh mode, before the first data frame gets send. When
using IEEE 802.1X in a mesh network in the future, this gets a problem,
as Linux now will encrypt EAPOL frames with the default key, which is
also marked for unicast usage without this patch.

Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-10-10 20:19:09 +03:00
Brian Norris
17d6ba4c9e DBus: Add "Roam" command support
Add D-Bus interface for ROAM command, imitating the existing wpa_cli
command.

Chromium OS has been carrying a form of this patch for a very long time.
I've cleaned it up a bit and documented it.

Signed-off-by: Brian Norris <briannorris@chromium.org>
2020-10-10 19:59:17 +03:00
Jouni Malinen
6e757bba8a Use consistent spelling of "homogeneous"
The 'H' in HESSID was originally spelled "homogenous" in IEEE Std
802.11-2016 abbreviations and acronyms list, but that was changed in
REVmd to the significantly more common spelling "homonegeneous". Update
this older version to match the new spelling to be consistent throughout
the repository.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-10-10 18:34:59 +03:00
Kevin Lund
cff545720e wpa_supplicant: Clear blacklist when SSID configs change
If the stored configurations for an SSID have changed, we can no longer
trust the current blacklist state of that SSID, since the updated
configs could change the behavior of the network. E.g., the BSS could be
blacklisted due to a bad password, and the config could be updated to
store the correct password. In this case, keeping the BSS in the
blacklist will prevent the user from connecting to the BSS after the
correct password has been updated.

Add the value was_changed_recently to the wpa_ssid struct. Update this
value every time a config is changed through wpa_set_config(). Check
this value in wpa_blacklist_get() to clear the blacklist whenever the
configs of current_ssid have changed.

This solution was chosen over simply clearing the blacklist whenever
configs change because the user should be able to change configs on an
inactive SSID without affecting the blacklist for the currently active
SSID. This way, the blacklist won't be cleared until the user attempts
to connect to the inactive network again. Furthermore, the blacklist is
stored per-BSSID while configs are stored per-SSID, so we don't have the
option to just clear out certain blacklist entries that would be
affected by the configs.

Finally, the function wpa_supplicant_reload_configuration() causes the
configs to be reloaded from scratch, so after a call to this function
all bets are off as to the relevance of our current blacklist state.
Thus, we clear the entire blacklist within this function.

Signed-off-by: Kevin Lund <kglund@google.com>
Signed-off-by: Brian Norris <briannorris@chromium.org>
2020-10-10 18:34:59 +03:00
Kevin Lund
bbbb3c04ef wpa_supplicant: Add new blacklist tests
This change adds some barebones tests for new blacklisting functionality
to wpas_module_tests.c. The tests ensure some basic functionality for
the functions wpa_blacklist_is_blacklisted() and wpa_blacklist_update().

Signed-off-by: Kevin Lund <kglund@google.com>
Signed-off-by: Brian Norris <briannorris@chromium.org>
2020-10-10 18:34:59 +03:00
Kevin Lund
164b8dd8e4 wpa_supplicant: Add wpa_blacklist_update()
This change adds the function wpa_blacklist_update(), which goes through
all blacklist entries and deletes them if their blacklist expired over
an hour ago. The purpose of this is to remove stale entries from the
blacklist which likely do not reflect the current condition of device's
network surroundings. This function is called whenever the blacklist is
polled, meaning that the caller always gets an up-to-date reflection of
the blacklist.

Another solution to clearing the blacklist that was considered was
to slowly reduce the counts of blacklist entries over time, and delete
them if the counts dropped below 0. We decided to go with the current
solution instead because an AP's "problematic" status is really a binary
thing: either the AP is no longer problematic, or it's still causing us
problems. So if we see any more problems within a reasonable amount of
time, it makes sense to just keep the blacklist where it was since the
AP is likely still undergoing the same issue. If we go a significant
amount of time (semi-arbitrarily chosen as 1 hour) without any issues
with an AP, it's reasonable to behave as if the AP is no longer
undergoing the same issue. If we see more problems at a later time, we
can start the blacklisting process fresh again, treating this as a brand
new issue.

Signed-off-by: Kevin Lund <kglund@google.com>
Signed-off-by: Brian Norris <briannorris@chromium.org>
2020-10-10 18:34:59 +03:00
Kevin Lund
d530110028 wpa_supplicant: Implement time-based blacklisting
wpa_supplicant keeps a blacklist of BSSs in order to prevent repeated
associations to problematic APs*. Currently, this blacklist is
completely cleared whenever we successfully connect to any AP. This
causes problematic behavior when in the presence of both a bad AP and
a good AP. The device can repeatedly attempt to roam to the bad AP
because it is clearing the blacklist every time it connects to the good
AP. This results in the connection constantly ping-ponging between the
APs, leaving the user stuck without connection.

Instead of clearing the blacklist, implement timeout functionality which
allows association attempts to blacklisted APs after some time has
passed. Each time a BSS would be added to the blacklist, increase the
duration of this timeout exponentially, up to a cap of 1800 seconds.
This means that the device will no longer be able to immediately attempt
to roam back to a bad AP whenever it successfully connects to any other
AP.

Other details:
The algorithm for building up the blacklist count and timeout duration
on a given AP has been designed to be minimally obtrusive. Starting with
a fresh blacklist, the device may attempt to connect to a problematic AP
no more than 6 times in any ~45 minute period. Once an AP has reached a
blacklist count >= 6, the device may attempt to connect to it no more
than once every 30 minutes. The goal of these limits is to find an
ideal balance between minimizing connection attempts to bad APs while
still trying them out occasionally to see if the problems have stopped.

The only exception to the above limits is that the blacklist is still
completely cleared whenever there are no APs available in a scan. This
means that if all nearby APs have been blacklisted, all APs will be
completely exonerated regardless of their blacklist counts or how close
their blacklist entries are to expiring. When all nearby APs have been
blacklisted we know that every nearby AP is in some way problematic.
Once we know that every AP is causing problems, it doesn't really make
sense to sort them beyond that because the blacklist count and timeout
duration don't necessarily reflect the degree to which an AP is
problematic (i.e. they can be manipulated by external factors such as
the user physically moving around). Instead, its best to restart the
blacklist and let the normal roaming algorithm take over to maximize
our chance of getting the best possible connection quality.

As stated above, the time-based blacklisting algorithm is designed to
be minimally obtrusive to user experience, so occasionally restarting
the process is not too impactful on the user.

*problematic AP: rejects new clients, frequently de-auths clients, very
poor connection quality, etc.

Signed-off-by: Kevin Lund <kglund@google.com>
Signed-off-by: Brian Norris <briannorris@chromium.org>
2020-10-10 18:34:59 +03:00
Kevin Lund
2fd35d9857 wpa_supplicant: Track consecutive connection failures
Within wpas_connection_failed(), the 'count' value of wpa_blacklist is
erroneously used as a tally of the number times the device has failed
to associate to a given BSSID without making a successful connection.
This is not accurate because there are a variety of ways a BSS can be
added to the blacklist beyond failed association such as interference
or deauthentication. This 'count' is lost whenever the blacklist is
cleared, so the wpa_supplicant stores an additional value
'extra_blacklist_count' which helps persist the 'count' through clears.
These count values are used to determine how long to wait to rescan
after a failed connection attempt.

While this logic was already slightly wrong, it would have been
completely broken by the upcoming change which adds time-based
blacklisting functionality. With the upcoming change, 'count' values
are not cleared on association, and thus do not necessarily even
approximate the "consecutive connection failures" which they were being
used for.

This change seeks to remove this unnecessary overloading of the
blacklist 'count' by directly tracking consecutive connection failures
within the wpa_supplicant struct, independent of the blacklist. This new
'consecutive_conn_failures' is iterated with every connection failure
and cleared when any successful connection is made. This change also
removes the now unused 'extra_blacklist_count' value.

Signed-off-by: Kevin Lund <kglund@google.com>
Signed-off-by: Brian Norris <briannorris@chromium.org>
2020-10-10 18:34:59 +03:00
Yogesh Kulkarni
6d6310701b Fix STA mode default TXOP Limit values for AC_VI and AC_VO
commit f4e3860f ("Fix AP mode default TXOP Limit values for AC_VI
and AC_VO") corrects the default values of txop_limit from 93/46
to 94/47 for AP. STA would also need the same change.

Signed-off-by: Yogesh Kulkarni <yogesh.kulkarni@nxp.com>
Signed-off-by: Cathy Luo <xiaohua.luo@nxp.com>
Signed-off-by: Ganapathi Bhat <ganapathi.bhat@nxp.com>
2020-10-10 17:04:27 +03:00
Johannes Berg
dcc5288e5b gitignore: Add various things
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-10 13:06:53 +03:00
Johannes Berg
ad6e4a5c59 build: Remove hostapd vs. wpa_supplicant build checks
These are no longer needed now. Note that this was never actually
sufficient since src/drivers/ isn't the only thing shared, and thus a
cross-build detection didn't work in all cases.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-10 12:53:38 +03:00
Johannes Berg
6acda53222 build: Add .config file to dependencies
If the .config file changes, basically everything needs to be
rebuilt since we don't try to detect which symbols changed or
such. Now that the .config file handling is in the common
build system, make everything depend on it if there's one.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-10 12:52:58 +03:00
Johannes Berg
722138cd25 build: Put object files into build/ folder
Instead of building in the source tree, put most object
files into the build/ folder at the root, and put each
thing that's being built into a separate folder.

This then allows us to build hostapd and wpa_supplicant
(or other combinations) without "make clean" inbetween.

For the tests keep the objects in place for now (and to
do that, add the build rule) so that we don't have to
rewrite all of that with $(call BUILDOBJS,...) which is
just noise there.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-10 12:51:39 +03:00
Johannes Berg
0464d5d5d6 build: Move config file handling into build.rules
This will make it easier to split out the handling in
a proper way, and handle common cflags/dependencies.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-10 12:49:31 +03:00
Johannes Berg
0430bc8267 build: Add a common-clean target
Clean up in a more common fashion as well, initially for ../src/.

Also add $(Q) to the clean target in src/

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-10 12:48:41 +03:00
Johannes Berg
a41a29192e build: Pull common fragments into a build.rules file
Some things are used by most of the binaries, pull them
into a common rule fragment that we can use properly.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-10 12:47:29 +03:00
Roy Marples
e8b85c078e iface match: Unspecified matched interfaces should not log driver fails
If there is no matching interface given, but interface matching is
enabled, all interfaces on the system will try to be initialized. Non
wireless interfaces will fail and the loopback device will be one of
these, so just log a diagnostic rather than an error.

Signed-off-by: Roy Marples <roy@marples.name>
2020-10-09 16:50:36 +03:00
Roy Marples
83fa0a1004 op_classes: Don't report an error when there are none to add
Instead, log a diagnostic so that noise to the user is reduced. This is
expected behavior with driver interfaces that do not report supported
operating modes/classes.

Signed-off-by: Roy Marples <roy@marples.name>
2020-10-09 16:50:36 +03:00
Matthew Wang
41d20df7f3 D-Bus: Allow empty string in dbus network properties
This is needed for clearing previously set parameters in a similar
manner that was already available through the control interface
SET_NETWORK command.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2020-10-09 16:50:36 +03:00
Matthew Wang
4756ecabcf Allow bgscan parameters to be reconfigured
Teach wpa_supplicant to {de,}initialize bgscans when bgscan parameters
are set after initial connection.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2020-10-09 16:50:36 +03:00
Matthew Wang
922fa09972 Global parser functions to return 1 when property unchanged
Currently, wpa_config_set(), the function that sets wpa_supplicant
per-network properties, returns 1 when a property it attempts to set is
unchanged. Its global parallel, wpa_config_process_global(), doesn't do
this even though much of the code is very similar. Change this, and
several of the parser functions, to resemble the per-network parser and
setter functions.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2020-10-09 16:50:36 +03:00
Matthew Wang
a87173b1d1 D-Bus: Skip property update actions when wpa_config_set() returns 1
When network properties are updated via dbus, wpa_config_set() is used
to update the property in the wpa_ssid struct. If it returns 1, the
property was not changed and there's no need to perform any of the
update actions.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2020-10-09 15:31:05 +03:00
Beniamino Galvani
1c58317f56 D-Bus: Allow changing an interface bridge via D-Bus
D-Bus clients can call CreateInterface() once and use the resulting
Interface object to connect multiple times to different networks.

However, if the network interface gets added to a bridge, clients
currently have to remove the Interface object and create a new one.

Improve this by supporting the change of the BridgeIfname property of
an existing Interface object.

Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
2020-10-09 15:18:10 +03:00
Sreeramya Soratkal
14318ccff5 P2P: Add configuration support to disable P2P in 6 GHz band
Add a new configuration parameter p2p_6ghz_disable=1 to disable P2P
operation in the 6 GHz band. This avoids additional delays caused by
scanning 6 GHz channels in p2p_find and p2p_join operations in the cases
where user doesn't want P2P connection in the 6 GHz band.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2020-10-08 23:29:22 +03:00
Andrew Beltrano
0e8d569d47 DPP2: Presence Announcement notification in STA
Generate a control interface event upon receipt of DPP Presence
Announcement frames. This allows external programs to instrument
wpa_supplicant with bootstrapping information on-demand.

Signed-off-by: Andrew Beltrano <anbeltra@microsoft.com>
2020-10-07 21:23:05 +03:00
Yegor Yefremov
a8f304228d Document the missing ignore_broadcast_ssid network profile parameter
Copy parameter description from hostapd.conf.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
2020-10-07 20:53:20 +03:00
Yegor Yefremov
aa704020a3 DBus: Update dont_quote[] with ignore_broadcast_ssid parameter
ignore_broadcast_ssid is supported when using with the config
file. But it generates an error if you try to set it via the
DBus interface.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
2020-10-07 20:51:22 +03:00
Disha Das
8e5739c3ac DPP2: Check channel 6 validity before adding it to chirp channel list
Check if the 2.4 GHz channel 6 is in the list of available channels
advertised by the driver before adding in to the chirping frequency
list. This fixes issues, e.g., with a 5 GHz only interface.

Signed-off-by: Disha Das <dishad@codeaurora.org>
2020-10-06 23:44:06 +03:00
Jouni Malinen
43ef227e90 P2P: Make use wpas_p2p_reconsider_moving_go timeout gets canceled
The per-interface P2P data freeing function did not cover this eloop
timeout that could potentially have been registered. Explicitly cancel
this timeout to make sure no references to freed memory can remain in
such a case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-01 15:48:05 +03:00
Veerendranath Jakkam
57536a5678 P2P: Fix P2P interface remuval through wpa_supplicant_remove_iface()
wpa_supplicant_remove_iface() removes the P2P management interface from
the global interfaces list before calling wpa_supplicant_deinit_iface().
When wpas_p2p_group_remove() is called from
wpa_supplicant_deinit_iface(), the P2P group created on the calling
wpa_s was not getting cleared as the calling wpa_s is not in the list of
global->ifaces. This results in the P2P management interface being
removed without disconnecting the p2p_group created on it. This could
result in an illegal access of freed memory, e.g., when a pending eloop
task wpas_p2p_reconsider_moving_go() was triggered with the leftover ctx
pointer to the removed P2P interface instance.

Fix this by disconnecting the P2P group created on interface to be
deinitialized before deinitializing the interface.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-10-01 15:48:05 +03:00
Sreeramya Soratkal
760d10cdea P2P: Include channels 149 to 161 for operating classes 128 and 130
With the configuration defined in the global_op_class array, the
channels starting from 149 in the operating classes 128 and 130 were not
considered for P2P channel setup due to the non-continuous
incrementation of channel indexes. The other channels in these operating
classes were considered. Handle the channels from 149 to 161 in the
operating classes 128 and 130 for P2P channel setup by handling this
jump in the channel number incrementation.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2020-10-01 15:47:56 +03:00
Jouni Malinen
e8a1e6a4a1 P2P: Fix a typo in a comment
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-09-30 10:14:33 +03:00
Jouni Malinen
90e478aa0a DPP2: Use the PFS fallback if multiple key_mgmt values are enabled
Previously this fallback from PFS enabled to disabled (and back to
enabled) was used only if the local network profile used key_mgmt=DPP,
i.e., did not enable another other AKM. That leaves out some valid cases
since the local network profile could actually enable both DPP and SAE.
Extend this check to accept cases DPP AKM is enabled and it was selected
for the connection even if there other enabled AKMs.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-09-23 23:06:55 +03:00
Veerendranath Jakkam
5ecb45a41c OCV: Use more granular error codes for OCI validation failures
Enhance the return values of ocv_verify_tx_params with enum to indicate
different OCI verification failures to caller.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-09-11 15:23:28 +03:00
Veerendranath Jakkam
93a73ce028 MSCS: Fix issues due to incorrect usage of wpa_hexdump_buf()
Previously wpabuf_head() of the buffer is passed to wpa_hexdump_buf()
instead of the wpabuf struct itself and it was causing wpa_supplicant to
crash. Fix this by using the correct pointer in the debug prints.

Fixes: a118047245 ("MSCS: Add support to send MSCS Request frames")
Fixes: c504ff5398 ("MSCS: Add support to populate MSCS Descriptor IE in (Re)AssocReq")
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-09-08 19:38:35 +03:00
Jouni Malinen
c043b1e000 DPP: Remove unnecessary dpp_global_config parameters
These were not really used anymore since the AP/Relay case did not set
msg_ctx or process_conf_obj in the global DPP context. Get the
appropriate pointers more directly from the more specific data
structures instead and remove these global values.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-08-25 16:02:29 +03:00
Jouni Malinen
4ecb6dd16b DPP2: Controller support in hostapd
Extend hostapd support for DPP Controller to cover the DPP_CONTROLLER_*
cases that were previously implemented only in wpa_supplicant. This
allows hostapd/AP to be provisioned using DPP over TCP.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-08-25 15:53:08 +03:00
Jouni Malinen
ba3081f1dc dpp-nfc: Start listen operation more completely for NFC Tag write cases
Share the same setup steps from the negotiated connection handover to
fix issues with NFC Tag write cases in AP mode. This addresses issues in
the AP mode DPP listen operation not actually receiving anything when
the write-a-tag code path was used.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-08-24 23:41:13 +03:00
Jouni Malinen
9bc8811538 DPP2: Fix build without IEEE8021X_EAPOL
The local network profile parameters for EAP are not available without
IEEE8021X_EAPOL, so do not try to set these in builds that do not
include any EAP support.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-08-22 12:49:05 +03:00
Jouni Malinen
55a366d7a8 dpp-nfc: Fix recv_octets() regression
The updated socket.poll() loop did not terminate properly in cases where
no response is available. Fix that to check for both False and None.

Fixes: 1733e356e4 ("dpp-nfc: Fix handover client wait for receiving handover select")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-08-15 00:26:21 +03:00
Jouni Malinen
c6a760b9c4 DPP: Add process_conf_obj into TCP connection data struct
This is needed to avoid issues with hostapd not having set this function
pointer in dpp_global.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-08-14 17:31:51 +03:00
Jouni Malinen
7f366fcbdc DPP: Add msg_ctx into TCP connection data struct
This is needed to avoid issues with hostapd not having set msg_ctx in
dpp_global.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-08-14 17:26:32 +03:00
Jouni Malinen
6aa7aa8089 DPP2: hostapd/AP as Enrollee/Initiator over TCP
Extend DPP support in hostapd to allow AP Enrollee role when initiating
the exchange using TCP.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-08-14 16:44:38 +03:00
Vinita S. Maloo
d21dde9dac MSCS: Send MSCS change/remove frames only if MSCS setup exists
Allow MSCS change/remove request to be sent only after an initial setup,
i.e., after an add request has been accepted.

Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
2020-08-14 11:53:37 +03:00
Vinita S. Maloo
af8ab3208d MSCS: Parse result of MSCS setup in (Re)Association Response frames
Add support to parse the (Re)Association Response frames to check if the
AP has accepted/declined the MSCS request in response to the
corresponding (Re)Association Request frame. AP indicates the result by
setting it in the optional MSCS Status subelement of MSCS Descriptor
element in (Re)Association Response frame.

This MSCS Status subelement is defined in the process of being added
into P802.11-REVmd/D4.0 (11-20-0516-17-000m-cr-mscs-and-cid4158).

Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
2020-08-14 11:53:37 +03:00
Vinita S. Maloo
c504ff5398 MSCS: Add support to populate MSCS Descriptor IE in (Re)AssocReq
Include the MSCS Descriptor IE in the (Re)Association Request frames to
setup MSCS between the AP and the STA during association.

Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
2020-08-14 11:53:37 +03:00
Vinita S. Maloo
bbd3178af4 MSCS: Add support to process MSCS Response frames
Add support to receive and process MSCS Response frames from the AP and
indicate the status to upper layers.

Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
2020-08-14 11:53:37 +03:00
Vinita S. Maloo
a118047245 MSCS: Add support to send MSCS Request frames
Add support to send MSCS add/change/remove types of Action frames
to the connected AP.

Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
2020-08-14 11:53:35 +03:00
Jouni Malinen
1733e356e4 dpp-nfc: Fix handover client wait for receiving handover select
This was supposed to wait for up to 3.0 seconds for the handover select,
but the incorrect loop terminated ended up limiting this to a single
iteration of 0.1 second wait. This was too fast for some cases like the
AP mode operation where it may take significant time to enable the radio
for listening to DPP authentication messages.

Fix the loop to allow that full three second wait for the response to be
used. In addition, report the amount of time it takes to receive the
response.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-08-14 00:11:44 +03:00
Veerendranath Jakkam
596d99567a SME: Process channel switch event in SME only when supplicant's SME is used
Do not process channel switch event in wpa_supplicant's SME when SME is
offloaded to the driver/firmware to avoid SA Query initiation from both
wpa_supplicant and the driver/firmware for the OCV case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-08-13 21:39:49 +03:00
Veerendranath Jakkam
170775232d ANQP: Add support to specify frequency in ANQP_GET command
Previously, wpa_supplicant fetched BSS channel info from scan results to
send ANQP Query frames. If the scan results for the specified BSS are
not available, the ANQP_GET command request was getting rejected.

Add support to send ANQP Query frame on the specified frequency without
requiring the scan results to be available.

The control interface command format:
- ANQP_GET <dst_addr> [freq=<freq in MHz>] <Query ID1>[,<Query ID2>,..]

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-08-13 17:51:00 +03:00
Veerendranath Jakkam
43106e122b GAS: Update source MAC address on preassoc_mac_addr randomization
The GAS query source MAC address was not getting updated correctly when
preassoc_mac_addr is enabled. Fix this by copying the current MAC
address to the GAS query source address.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-08-13 17:34:43 +03:00
Veerendranath Jakkam
1289ecf4cc GAS: Ignore preassoc_mac_addr when gas_rand_mac_addr enabled
Skip unnecessary random MAC generation due to preassoc_mac_addr
parameter when gas_rand_mac_addr parameter is enabled.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-08-13 17:33:27 +03:00
Veerendranath Jakkam
dbe485a35a SAE-PK: Check psk param also to look for SAE-PK acceptable BSS
SAE-PK password can be set using psk parameter also in case of mixed
SAE+PSK networks, so look for acceptable SAE-PK BSS when SAE password
not set and psk parameter meets SAE-PK password criteria.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-08-13 17:31:38 +03:00
Jouni Malinen
3adc1c623e DPP2: Disconnect before starting reconfiguration
The offchannel operations (scan, Public Action frame TX/RX) have
significantly more latency when performed while connected, so disconnect
when requested to initiate DPP reconfiguration to avoid this. The old
network profile (i.e., likely the current connection) is going to be
replaced in practice and as such, there is no need to try continue that
association any further.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-08-13 17:05:49 +03:00
Jouni Malinen
fc3efe0834 DPP2: Support mutual auth with QR in scan-during-auth-exchange case
Extend DPP authentication session search for the DPP_QR_CODE command to
cover the ongoing exchanges in Controller/Responder.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-08-12 12:04:25 +03:00
Jouni Malinen
e4e95aabbf DPP2: Allow Controller to be configured to require QR mutual auth
Extend the DPP_CONTROLLER_START command to accept the optional qr=mutual
parameter similarly to the DPP_LISTEN case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-08-12 11:41:52 +03:00
Jouni Malinen
86fd6755cb dpp-nfc: Use --altchan value in handover server
Use the alternative channel list in the handover server role when
processing an alternative proposal. This was previously done only in the
handover client role, but with the updated design, both roles act in a
similar manner for the case where the alternative channel list is
specified.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-08-11 23:44:48 +03:00
Jouni Malinen
315422196a dpp-nfc: Update listen channel based on channel list when writing a tag
Do not use the hardcoded channel 1 (2412 MHz) with DPP_LISTEN if a
channel list is specified when writing an NFC Tag. Instead, pick the
first channel from that list as the listen channel.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-08-10 23:52:11 +03:00
Jouni Malinen
9304d1b3c3 DPP2: Regenerate Reconfig Announcement for each transmission
This is needed to generate a new unique A-NONCE and E'-id values.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-08-08 00:14:00 +03:00
Jouni Malinen
6d0217119e DPP2: Allow iteration count to be configured for DPP_RECONFIG
Add an optional iter=# parameter to DPP_RECONFIG similarly to the way
this was handled with DPP_CHIRP.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-08-07 23:22:31 +03:00
Jouni Malinen
c6d0e5a93d DPP2: Add E-id in Reconfig Announcement
Add an encrypted Enrollee identifier into Reconfig Announcement frames
and decrypt that on the Configurator side. The actual E-id value is
currently not used for anything, but it can be used in the future to
provide better control over reconfiguration.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-08-07 22:54:53 +03:00
Jouni Malinen
e5be6e68c8 DPP2: Add Enrollee netAccessKey group into Reconfig Announcement
This was added to the protocol design to support cases where the
C-sign-key uses a different group than the netAccessKey. The Enrollee
now indicates its netAccessKey group in Reconfig Announcement and the
Configurator builds it own reconfig Connector using that group instead
of the group used for the C-sign-key.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-08-07 15:25:10 +03:00
Jouni Malinen
2a58968d39 SAE-PK: Allow SAE-PK password to be set using the psk parameter
Only the sae_password parameter was previously accepted for SAE-PK use.
That is not sufficient for covering mixed SAE+PSK cases. Extend this by
allowing the psk parameter to be used as well just like it can be used
for SAE without SAE-PK.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-08-07 00:49:00 +03:00
Veerendranath Jakkam
b28b9dfcbf OCV: OCI channel override support for testing (STA)
Add override parameters to use the specified channel while populating
OCI element in EAPOL-Key group msg 2/2, FT reassoc request, FILS assoc
request and WNM sleep request frames.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-08-03 11:02:13 +03:00
Jouni Malinen
38ef655eb5 dpp-nfc: Report negotiated connection handover result
Print out a summary of the result in yellow text.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-31 01:23:39 +03:00
Jouni Malinen
4d54618424 dpp-nfc: Stop only_one run after failed handover attempt
Do not require connection handover to succeed before stopping the loop
in the only_one case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-31 01:09:31 +03:00
Jouni Malinen
f7b5a1d347 dpp-nfc: Do not indicate no initial HS as failure if alt HR will be sent
Do not use red color for the "No response receive" message in case
another HR will be sent after this.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-31 01:00:11 +03:00
Jouni Malinen
475b34665c dpp-nfc: Improved version of HandoverServer::serve()
Fix processing of the case where no handover select is sent out and add
automatic (delayed) termination of the link on completing the handover
successfully.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-31 01:00:11 +03:00
Jouni Malinen
dc0795e4ff dpp-nfc: Stop process after successful handover client completion
terminate_now was not being set in the only_one case with connection
handover. Set it for that case as well as the tag cases to automatically
close down the link once it is not needed anymore.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-31 00:44:49 +03:00
Jouni Malinen
b00bbbfe54 dpp-nfc: Optimize HandoverClient message receiving for alternative HR case
Use a shorter polling interval in recv_octets() to be able to send out
the alternative HR more quickly when using a single thread and handover
client. In addition, fix recv_records() to handle normal exception cases
like not receiving anything.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-31 00:44:47 +03:00
Jouni Malinen
bbfb7b9feb dpp-nfc: Use a single handover client thread
Avoid extra complexity from use a separate thread to send out the
alternative proposal.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-31 00:44:12 +03:00
Jouni Malinen
aaa8638ed2 dpp-nfc: Add a class for maintaining connection handover state
This cleans up the shared state between the handover server and client.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-30 21:34:37 +03:00
Jouni Malinen
66d74626ba dpp-nfc: Reuse the same handover client for alternative URI
Postpone closing of the handover client to allow the same client to be
used for sending both handover request messages if an alternative URI
needs to be tried.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-30 20:43:26 +03:00
Jouni Malinen
6e904441c8 dpp-nfc: Add peer URI into the HS in testing mode
This makes it easier to confirm that the correct pair of the HR and the
HS were used.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-30 20:43:26 +03:00
Jouni Malinen
3021b14c49 dpp-nfc: Enable more verbose nfcpy debugging
Set logging level to various upper layer nfcpy modules to enable more
detailed debugging of the actual NFC operations when requested (-d on
the command line).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-30 16:49:40 +03:00
Jouni Malinen
1d3e16d0b0 dpp-nfc: Skip P2P management interfaces
Do not try to perform DPP operations on the P2P management interface
when no specific interface has been identified.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-30 12:51:56 +03:00
Jouni Malinen
e9c192ffc7 dpp-nfc: Ignore (no) response to initial handover request
If an alternative proposal (second handover request) is sent, the
response (or lack of it) to the initial handover request should be
ignored.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-24 12:46:20 +03:00
Jouni Malinen
7d27bcb8e7 dpp-nfc: Do not allow more than one alternative channel proposal
This avoids potential loops of endless alternative URI exchanges over
NFC negotiated connection handover. Only allow one such alternative
proposal and declarare the handover as a failure if another alternative
were needed.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-24 12:27:06 +03:00
Jouni Malinen
6eaee933d7 dpp-nfc: Add test mode for negotiated connection handover
Allow all actual DPP processing steps in wpa_supplicant to be skipped by
specifying hardcoded URI values. Also allow a hardcoded crn to be
specified to force specific handover requestor/selector roles.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-24 12:27:06 +03:00
Jouni Malinen
f4877083ec Rename driver op for temporarily disallowed BSSIDs
Use the "tmp_disallow" name more consistently so that both the core
wpa_supplicant functionality (struct wpa_bss_tmp_disallowed) and the
wpa_driver_ops callback have more similar names.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-24 12:26:09 +03:00
Jouni Malinen
15018d4f4a DPP2: Fix auth termination after receiving Configurator backup
remove_on_tx_status needs to be set in this case even if
dpp_config_processing=2 is used since there will be no connection
attempt when receiving a Configurator backup instead of station config
object.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-23 18:01:55 +03:00
Jouni Malinen
74cd38ac69 dpp-nfc: Return failure status if operation fails
For now, this is done only for the case where the NFC Device is not
usable and if writing a single tag fails.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-23 12:26:46 +03:00
Jouni Malinen
7e2edfbc1a dpp-nfc: Add color and details for interactive operations
Make the debug output easier to read when performing interactive NFC
operations on a device that has a terminal showing the log.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-23 12:10:26 +03:00
Jouni Malinen
09c22bb782 dpp-nfc: Fix regression in NFC Tag writing
The change to checking DPP_LISTEN return value ended up overwriting the
actual URI information from wpas_get_nfc_uri().

Fixes: 288c0ffaaa ("dpp-nfc: Do not hardcode netrole for NFC Tag writing cases")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-23 11:32:21 +03:00
Jouni Malinen
1e4a42c745 dpp-nfc: Detect a non-NDEF tag when trying to write
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-23 11:27:27 +03:00
Jouni Malinen
288c0ffaaa dpp-nfc: Do not hardcode netrole for NFC Tag writing cases
Allow netrole to be specified for NFC Tag writing cases. Previously,
this was hardcoded to use netrole=configurator when starting the listen
operation. Now the netrole parameter is not included by default, but any
netrole value can be specified with the new --netrole command line
argument.

In addition, fix the listening frequency for the case where a channel is
picked.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-23 01:30:30 +03:00
Yu Wang
885097125c mesh: Fix peer link counting when removing a mesh peer
When removing a mesh peer with control interface commands (ACCEPT_ACL
DEL_MAC/DENY_ACL ADD_MAC/MESH_PEER_REMOVE) the plink count was not
decreased from its last connection. This resulted in peer link count
leakage and wpa_supplicant rejecting the connections after reaching
max_peer_links (default: 99).

Fix this by decreasing the plink count when removing a mesh peer which
is in PLINK_ESTAB state.

Signed-off-by: Yu Wang <yyuwang@codeaurora.org>
2020-07-15 12:00:35 +03:00
Jouni Malinen
8632dea4ae DPP2: Make sure dpp_auth gets cleared with external config processing
wpa_s->dpp_auth did not get cleaner if dpp_config_processing=1 is used.
Clear this after having received TX status for Configuration Result to
avoid leaving behind the completed provisioning instance.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-26 20:50:23 +03:00