Commit graph

3991 commits

Author SHA1 Message Date
Jouni Malinen
ce16c489d8 Rename sae_data to more generic auth_data
This makes it cleaner for the FILS implementation to use the same design
for setting Authentication frame elements as was already done with SAE.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-22 17:51:43 +03:00
Jouni Malinen
a2675b3232 wpa_cli: Mark number of char *cmd constant
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-10-16 12:30:32 +03:00
Mikael Kanstrup
c43cf332c0 wpa_cli: Add completion for ssid config commands
Add network id command completion support for identity, password,
new_password, pin, otp, passphrase, sim and bssid commands.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2016-10-16 12:29:39 +03:00
Mikael Kanstrup
624259d4b7 wpa_cli: Add completion for sta, deauthenticate and disassociate
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2016-10-16 12:28:42 +03:00
Mikael Kanstrup
4c43f44b29 cli: Add list_sta command
Add list_sta command to print addresses of all stations. Command
added to both wpa_cli and hostapd_cli.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2016-10-16 12:28:02 +03:00
Benjamin Richter
5d30f927ea wpa_supplicant: Restore permanent MAC address on reassociation
With mac_addr=0 and preassoc_mac_addr=1, the permanent MAC address
should be restored for association. Previously this did not happen when
reassociating to the same ESS.

Signed-off-by: Benjamin Richter <br@waldteufel.eu>
2016-10-16 11:44:34 +03:00
Avraham Stern
e3e2fe3a42 Always propagate scan results to all interfaces
Scan results were not propagated to all interfaces if scan results
started a new operation, in order to prevent concurrent operations. But
this can cause other interfaces to trigger a new scan when scan results
are already available. Instead, always notify other interfaces of the
scan results, but note that new operations are not allowed.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2016-10-15 19:13:30 +03:00
Joel Cunningham
33111c910b Check for NULL qsort() base pointers
There are a couple of places in wpa_supplicant/hostapd where qsort() can
be called with a NULL base pointer. This results in undefined behavior
according to the C standard and with some standard C libraries (ARM RVCT
2.2) results in a data abort/memory exception. Fix this by skipping such
calls since there is nothing needing to be sorted.

Signed-off-by: Joel Cunningham <joel.cunningham@me.com>
2016-10-15 18:58:27 +03:00
Jouni Malinen
4b5b8a53a1 WPS: Force BSSID for WPS provisioning step connection
This was already done for most driver cases, but it is possible that the
BSSID/frequency is not forced if the driver reports BSS selection
capability (e.g., NL80211_ATTR_ROAM_SUPPORT). That could potentially
result in the driver ignoring the BSSID/frequency hint and associating
with another (incorrect) AP for the WPS provisioning step if that
another AP in the same ESS is more preferred (e.g., better signal
strength) by the driver and only one of the APs (the not preferred one)
is in active WPS registrar state.

While most drivers follow the BSSID hint for the initial connection to
an ESS, not doing it here for the WPS provisioning would break the
protocol. Fix this by enforcing a single BSSID/frequency to disallow the
driver from selecting an incorrect AP for the WPS provisioning
association.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-11 00:25:20 +03:00
Jouni Malinen
2022f1d08d FILS: Use AEAD cipher to protect EAPOL-Key frames (STA)
This modifies wpa_eapol_key_send() to use AEAD cipher (AES-SIV for FILS
AKMs) to provide both integrity protection for the EAPOL-Key frame and
encryption for the Key Data field. It should be noted that this starts
encrypting the Key Data field in EAPOL-Key message 2/4 while it remains
unencrypted (but integrity protected) in non-FILS cases. Similarly, the
empty Key Data field in EAPOL-Key message 4/4 gets encrypted for AEAD
cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:47 +03:00
Jouni Malinen
b8ae56e4d0 FILS: Allow wpa_supplicant to select FILS AKM for connection
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:46 +03:00
Jouni Malinen
7147a834df FILS: Add FILS flags into wpa_supplicant BSS command output
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:46 +03:00
Jouni Malinen
379e2b4d04 FILS: Add 'GET_CAPABILITY fils' for runtime check
This can be used to check whether the running wpa_supplicant version was
built with CONFIG_FILS=y.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:46 +03:00
Jouni Malinen
e4d2ce1b52 FILS: Set FILS Capability bit in management frames from station
If FILS is supported, indicate that in Probe Request and (Re)Association
Request frames in the Extended Capabilities element.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:46 +03:00
Jouni Malinen
9b7a2b836a FILS: Add wpa_supplicant configuration options
This adds CONFIG_FILS=y build configuration option and new key
management options for FILS authentication.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:44 +03:00
Jouni Malinen
325a85be36 Extend AES-SIV implementation to support different key lengths
The previous implementation was hardcoded to use 128-bit AES key
(AEAD_AES_SIV_CMAC_256). Extend this by allowing AEAD_AES_SIV_CMAC_384
and AEAD_AES_SIV_CMAC_512 with 192-bit and 256-bit AES keys.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 19:40:59 +03:00
Sabrina Dubroca
a25e4efc9e mka: Add driver op to get macsec capabilities
This also implements the macsec_get_capability for the macsec_qca
driver to maintain the existing behavior.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-10-09 11:30:48 +03:00
Sabrina Dubroca
5f5ca28414 mka: Pass full structures down to macsec drivers' receive SC ops
Clean up the driver interface by passing pointers to struct receive_sc
down the stack to the {create,delete}_recevie_sc() ops, instead of
passing the individual properties of the SC.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-10-08 00:45:19 +03:00
Sabrina Dubroca
8ebfc7c2ba mka: Pass full structures down to macsec drivers' transmit SC ops
Clean up the driver interface by passing pointers to struct transmit_sc
down the stack to the {create,delete}_transmit_sc() ops, instead of
passing the individual arguments.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-10-08 00:45:03 +03:00
Sabrina Dubroca
cecdecdbe8 mka: Pass full structures down to macsec drivers' receive SA ops
Clean up the driver interface by passing pointers to struct receive_sa
down the stack to the {create,enable,disable}_receive_sa() ops, instead
of passing the individual properties of the SA.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-10-03 13:26:26 +03:00
Sabrina Dubroca
909c1b9835 mka: Pass full structures down to macsec drivers' transmit SA ops
Clean up the driver interface by passing pointers to struct transmit_sa
down the stack to the {create,enable,disable}_transmit_sa ops, instead
of passing the individual properties of the SA.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-10-03 13:17:21 +03:00
Sabrina Dubroca
7fa5eff8ab mka: Pass full structures down to macsec drivers' packet number ops
Clean up the driver interface by passing pointers to structs transmit_sa
and receive_sa down the stack to get_receive_lowest_pn(),
get_transmit_next_pn(), and set_transmit_next_pn() ops, instead of
passing the individual arguments.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-10-03 12:54:08 +03:00
Jouni Malinen
9d3f4a74b6 autoscan: Add more debug prints for cases where autoscan is not used
This makes it easier to figure out why autoscan is not used even when
being configured through the control interface.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-03 11:34:35 +03:00
Jouni Malinen
2462f347bc Change version number to v2.6 for the release
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-10-02 21:51:11 +03:00
Avraham Stern
5ac8f8623d Fix PNO restart flow
PNO is sometimes restarted due to changes in scan parameters
(e.g., selected network changed or MAC randomization being
 enabled/disabled). Restart is done by stopping PNO and immediately
starting it again. This may result in the SCHED_SCAN_STOPPED event being
received after the request for new PNO, which will make wpa_supplicant
believe PNO is not active although it is actually is. As a result, the
next request to start PNO will fail because PNO is active and should be
stopped first.

Fix this by deferring the request to start PNO until the
SCHED_SCAN_STOPPED event is received in case sched_scan is being
stopped.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-10-02 19:49:42 +03:00
Avraham Stern
14f34a7303 Continue scanning if sched_scan stops unexpectedly
When scheduled scan stops without the interface request (for example,
driver stopped it unexpectedly), start a regular scan to continue
scanning for networks and avoid being left with no scan at all.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-10-02 19:38:57 +03:00
David Spinadel
1ac388633a Remove disconnected APs from BSS table if likely out-of-range
In some cases, after a sudden AP disappearing and reconnection to
another AP in the same ESS, if another scan occurs, wpa_supplicant might
try to roam to the old AP (if it was better ranked than the new one)
because it is still saved in BSS list and the blacklist entry was
cleared in previous reconnect. This attempt is going to fail if the AP
is not present anymore and it'll cause long disconnections.

Remove an AP that is probably out of range from the BSS list to avoid
such disconnections. In particular mac80211-based drivers use the
WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY reason code in locally generated
disconnection events for cases where the AP does not reply anymore.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-10-01 11:14:02 +03:00
Arik Nemtsov
ebf59eb549 Restart PNO/sched_scan on channel list update
As the scan channels might need to change when the channel list has been
updated by the kernel. Use the simulated sched_scan timeout
(wpas_scan_restart_sched_scan()) to handle a possible race where an
ongoing sched_scan has stopped asynchronously while trying to restart a
new sched_scan.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2016-09-30 22:45:03 +03:00
Nishant Chaprana
746e5c2565 Fix spelling mistakes in number of comments
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
2016-09-30 22:45:03 +03:00
vamsi krishna
8f47917493 MBO: Add support to send ANQP request to get cellular preference
This extends ANQP_GET command to support querying MBO cellular
preference also. The cellular preference can be requested along with
neigbor report by appending mbo:1 to the command arguments.

For example:
ANQP_GET <bssid> 272,mbo:1

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-09-30 22:45:03 +03:00
Jouni Malinen
5bb7327a69 Share a common helper function for restarting sched_scan
This code sequence was already used at two different places (and an
additional one has been proposed), so add a common helper function to
avoid having to copy-paste this functionality in multiple locations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-09-27 00:09:33 +03:00
Max Stepanov
be7ebd892e wpa_supplicant: Cancel sched_scan on SELECT_NETWORK initiated scan
If a scheduled scan is running on select network command,
cancel and reset it before kicking off a regular scan request.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
2016-09-27 00:02:44 +03:00
Jouni Malinen
61bcc85398 Update ChangeLog files for v2.6
This adds a summary of new changes since the last update.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-09-25 21:12:11 +03:00
vamsi krishna
4a83d4b686 MBO: Do not add reason_detail in non_pref_chan attr (STA)
The reason detail field in non_pref_chan attribute was removed from MBO
draft v0.0_r25, so the STA should not include this field to be compliant
with the latest draft.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-09-25 17:31:26 +03:00
vamsi krishna
a483c6f1e2 WNM: Add testing option to reject BSS Transition Management Request
For testing purposes, it is useful to have an option to be able to
reject BTM Request sent by AP in order to verify the AP behavior upon
BTM Request rejection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-09-25 17:31:26 +03:00
vamsi krishna
6ad37d73ca MBO: Add support to ignore association disallowed set by AP
Add a testing mechanism to allow association disallowed set by AP to be
ignored. This can be used to verify AP behavior for disallowing a
specific association.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-09-25 17:31:26 +03:00
Mikael Kanstrup
02adead53e Add ignore_auth_resp control interface debug parameter
Implement "SET ignore_auth_resp <0/1>" command to simulate auth/assoc
response loss and EAPOL RX packet loss by ignoring corresponding
incoming events.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2016-09-23 17:36:55 +03:00
Mikael Kanstrup
04e3d8156a Blacklist correct BSSID on authentication timeout
If authentication times out while reassociating to same ESS incorrect
BSSID may end up being blacklisted. Use pending_bssid field on
authentication timeout and deauthentication to ensure the correct AP
gets blacklisted. This is mainly to address cases related to Android
framework roaming behavior.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2016-09-23 17:36:55 +03:00
Max Stepanov
5cdd729e26 P2P: Fix compilation warning in p2p_supplicant.c
On some architectures unsigned int differs from size_t, and
some compilers warn about it.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
2016-09-22 23:33:44 +03:00
Moshe Benji
14220fe64c Flush the BSS (scan) entries when an interface becomes disabled
When an interface becomes disabled (e.g., when RF-kill becomes blocked)
we should clear the stored scan results to avoid maintaining stale
information.

Fix this by flushing the BSS entries when an interface becomes
disabled.

Signed-off-by: Moshe Benji <moshe.benji@intel.com>
2016-09-22 23:31:19 +03:00
Reiner Herrmann
b223b55345 doc: Remove duplicate description for -t
Signed-off-by: Reiner Herrmann <reiner@reiner-h.de>
2016-09-22 23:22:36 +03:00
Saurav Babu
cee0be7343 Show mode=mesh in STATUS command
Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
2016-09-22 23:19:17 +03:00
Jouni Malinen
5e993390f6 Initialize iface->sta_seen on allocation
Previously, struct hostapd_iface sta_seen list head was initialized only
when completing interface setup. This left a window for operation that
could potentially iterate through the list before the list head has been
initialized. While the existing code checked iface->num_sta_seen to
avoid this case, it is much cleaner to initialize the list when struct
hostapd_iface is allocated to avoid any accidental missing of the extra
checks before list iteration.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-09-22 00:45:24 +03:00
Jouni Malinen
4424aa5d7d P2P: Fix D-Bus persistent parameter in group started event on GO
When starting a P2P GO, the struct p2p_go_neg_results may use
persistent_group == 2 to indicate use of persistent reconnect. Setting
ssid->p2p_persistent_group based on this did not take into account this
special case and that ended up in D-Bus code trying to encode 2 as a
DBUS_TYPE_BOOLEAN value which results in an assert from the library. Fix
this by setting ssid->p2p_persistent_group to 0 or 1 instead of raw
params->persistent_group value without any filtering.

This is similar to an earlier fix in commit
112fdee738 ('P2P: Fix D-Bus persistent
parameter in group started event') that addressed another code path in
sending out this D-Bus signal.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-09-22 00:34:19 +03:00
Jouni Malinen
205d2d1ff5 Fix typos in wpa_supplicant configuration parameter documentation
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-09-10 21:09:52 +03:00
Lior David
d1723c5566 wpa_supplicant: Allow FTM functionality to be published
Add configuration options that control publishing of fine timing
measurement (FTM) responder and initiator functionality via bits 70, 71
of Extended Capabilities element. Typically, FTM functionality is
controlled by a location framework outside wpa_supplicant. When
framework is activated, it will use wpa_supplicant to configure the
STA/AP to publish the FTM functionality. See IEEE P802.11-REVmc/D7.0,
9.4.2.27.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-09-05 21:27:23 +03:00
Tamizh chelvam
fc72a48a63 hostapd: Use stations nsts capability in (Re)Association Response frame
Some deployed stations incorrectly consider nsts capability in
(Re)Association Response frame as required capability instead of maximum
capability and if it is greater than station's capability then beamform
will not happen in uplink traffic.

This commit adds support for an optional workaround to use station's
nsts capability in (Re)Association Response frame if the station's nsts
is less than AP by using the use_sta_nsts=1 configuration parameter.
This configuration is introduced in this commit and it is disabled by
default.

Signed-off-by: Tamizh chelvam <c_traja@qti.qualcomm.com>
2016-09-05 21:14:40 +03:00
Jose Blanquicet
b44d9c760f D-Bus: Add ConfigFile parameter into the interface properties
This patch aims to expose the configuration file path as an interface
property, like is done with the driver and the bridge name. Doing so,
higher layer programs become responsible to recreate interfaces with the
correct configuration file path when programs need to remove them.

Signed-off-by: Jose Blanquicet <blanquicet@gmail.com>
2016-08-29 11:43:53 +03:00
Sabrina Dubroca
07a6bfe1d2 mka: Store cipher suite ID in a u64 instead of u8 pointer
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-28 21:55:54 +03:00
Sabrina Dubroca
ec958aee32 mka: Remove cs_len argument from the set_current_cipher_suite functions
This is a known constant value (CS_ID_LEN, i.e., the length of the EUI64
identifier) and does not need to be provided separately in these
function calls.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-28 20:55:34 +03:00