Commit graph

645 commits

Author SHA1 Message Date
Bhagavathi Perumal S
d7f038ded2 wpa_supplicant: Add ieee80211ac information in STATUS
This allows user to get current operating mode of station.

Signed-off-by: Bhagavathi Perumal S <bperumal@codeaurora.org>
2018-05-04 20:18:55 +03:00
Bhagavathi Perumal S
b55c623e4c Make CENTER_FRQ1 available independently in SIGNAL_POLL
This allows user to get center frequency and find secondary channel
offset.

Signed-off-by: Bhagavathi Perumal S <bperumal@codeaurora.org>
2018-04-20 00:10:45 +03:00
Jouni Malinen
6a8a04d742 HS 2.0: Add fetching of Operator Icon Metadata ANQP-element
This extends wpa_supplicant Hotspot 2.0 ANQP routines to allow the
Operator Icon Metadata ANQP-element to be fetched with "ANQP_GET <bssid>
hs20:12". The result is available in the new hs20_operator_icon_metadata
entry in the "BSS <bssid>" output.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-17 16:40:42 +03:00
Masashi Honma
e480212765 dbus: Add FILS to global capabilities
If any of the interfaces supports FILS (and similarly for FILS-SK-PFS),
include the "fils" (and "fils_sk_pfs") capability in D-Bus information.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2018-04-02 11:56:06 +03:00
Purushottam Kushwaha
8179ae3a2a DPP: Support retrieving of configurator's private key
To retain configurator information across hostapd/wpa_supplicant
restart, private key need to be maintained to generate a valid pair of
authentication keys (connector, netaccess_key, csign) for new enrollees
in the network.

Add a DPP_CONFIGURATOR_GET_KEY control interface API through which the
private key of an existing configurator can be fetched.

Command format:
DPP_CONFIGURATOR_GET_KEY <configurator_id>

The output from this command can then be used with
"DPP_CONFIGURATOR_ADD key=<hexdump>" to create the same key again.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-16 20:55:32 +02:00
Jouni Malinen
4b07484c3d DPP: Do not include common/dpp.h without CONFIG_DPP=y
This header file pulls in an OpenSSL header file and as such, should not
be included without CONFIG_DPP=y to avoid bringing in an unnecessary
build dependency on OpenSSL header files.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-02-17 18:07:43 +02:00
vamsi krishna
d98038bb05 FILS: Driver configuration to disable/enable FILS features
The new disable_fils parameter can be used to disable FILS functionality
in the driver. This is currently removing the FILS Capability bit in
Extended Capabilities and providing a callback to the driver wrappers.
driver_nl80211.c implements this using a QCA vendor specific command for
now.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-15 20:52:17 +02:00
Jouni Malinen
055cd39788 tests: DPP P-256 test vectors
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-07 13:35:19 +02:00
Jouni Malinen
f55269753c DPP: Allow protocol key to be overridden for testing purposes
This can be used for various testing needs.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-05 23:53:08 +02:00
Ashok Ponnaiah
dc2f24f1b2 DPP: Fix compilation without CONFIG_TESTING_OPTIONS=y
Add CONFIG_TESTING_OPTIONS ifdef protection to couple of forgotten DPP
test parameters in wpa_supplicant ctrl_iface.

Signed-off-by: Ashok Ponnaiah <aponnaia@qti.qualcomm.com>
2017-11-27 17:30:03 +02:00
Jouni Malinen
acc555f9e6 DPP: Allow PKEX x/X and y/Y keypairs to be overridden
This is for testing purposes to allow a test vector with specific values
to be generated.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-24 01:41:50 +02:00
Jouni Malinen
2bdc47a945 DPP: Allow PKEX own/peer MAC addresses to be overridden
This is for testing purposes to allow a test vector with specific values
to be generated.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-23 23:47:52 +02:00
Jouni Malinen
95b0104a34 DPP: Retransmit DPP Authentication Response frame if it is not ACKed
This extends wpa_supplicant DPP implementation to retransmit DPP
Authentication Response frame every 10 seconds up to 5 times if the peer
does not reply with DPP Authentication Confirm frame.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 12:35:26 +02:00
Jouni Malinen
c1d3773967 DPP: Stop authentication exchange of DPP_STOP_LISTEN
Previously, this command stopped listen operation immediately, but if
there was an ongoing authentication exchange, a new listen operation was
started. This is not really expected behavior, so stop the
authentication exchange first with this command to avoid restarting
listen operation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 12:35:26 +02:00
Jouni Malinen
f97ace34cb DPP: Support multiple channels for initiating DPP Authentication
This extends wpa_supplicant to iterate over all available channels from
the intersection of what the peer indicates and the local device
supports when initiating DPP Authentication. In addition, retry DPP
Authentication Request frame up to five times if no response is
received.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 11:45:05 +02:00
Sunil Dutt
37ed3254de P2P: ACS offload for the autonomous GO
This commit introduces the ACS functionality for the autonomous GO. The
optional parameter <freq> in p2p_group_add is enhanced to carry a value
"acs" with the intention to select the channels among any supported
band. freq = 2 / 5 carry the need to select the channels only in the
respective bands 2.4 / 5 GHz. This functionality is on top of the host
driver's capability to offload ACS, which is advertized through
WPA_DRIVER_FLAGS_ACS_OFFLOAD.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 21:47:32 +02:00
Jouni Malinen
b7dddab7be DPP: Allow testing override values to be cleared
This allows wpa_supplicant dpp_config_obj_override,
dpp_discovery_override, and dpp_groups_override parameters to be cleared
by setting them to a zero-length value.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 12:23:34 +02:00
Jouni Malinen
60239f60a6 DPP: Protocol testing framework
Add a generic mechanism for configuring the DPP implementation to behave
in particular different (mostly incorrect) ways for protocol testing
purposes. The new dpp_test parameter can be set to a non-zero integer to
indicate a specific behavior. This is only available in
CONFIG_TESTING_OPTIONS=y builds.

This commit include cases for an extra attribute being added after the
Wrapped Data attribute and Initiator/Responder capabilities having an
unexpected zero capability.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 17:21:57 +03:00
Jouni Malinen
daa4096084 Allow last (Re)Association Request frame to be replayed for testing
The new wpa_supplicant RESEND_ASSOC command can be used to request the
last (Re)Association Request frame to be sent to the AP to test FT
protocol behavior.

This functionality is for testing purposes and included only in builds
with CONFIG_TESTING_OPTIONS=y.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 17:47:24 +03:00
Jouni Malinen
751f5b2933 Allow EAPOL-Key Request to be sent through control interface
The new wpa_supplicant "KEY_REQUEST <error=0/1> <pairwise=0/1>" command
can be used to request an EAPOL-Key Request frame to be sent to the AP.

This functionality is for testing purposes and included only in builds
with CONFIG_TESTING_OPTIONS=y.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 17:47:24 +03:00
Jouni Malinen
bb06748f45 Make last received ANonce available through control interface
This makes it easier to debug 4-way handshake implementation issues
without having to use a sniffer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 17:47:24 +03:00
Jouni Malinen
16579769ff Add testing functionality for resetting PN/IPN for configured keys
This can be used to test replay protection. The "RESET_PN" command in
wpa_supplicant and "RESET_PN <addr>" command in hostapd resets the local
counters to zero for the last configured key. For hostapd, the address
parameter specifies which STA this operation is for or selects GTK
("ff:ff:ff:ff:ff:ff") or IGTK ("ff:ff:ff:ff:ff:ff IGTK").

This functionality is for testing purposes and included only in builds
with CONFIG_TESTING_OPTIONS=y.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 17:43:10 +03:00
Jouni Malinen
a0bf1b68c0 Remove all PeerKey functionality
This was originally added to allow the IEEE 802.11 protocol to be
tested, but there are no known fully functional implementations based on
this nor any known deployments of PeerKey functionality. Furthermore,
PeerKey design in the IEEE Std 802.11-2016 standard has already been
marked as obsolete for DLS and it is being considered for complete
removal in REVmd.

This implementation did not really work, so it could not have been used
in practice. For example, key configuration was using incorrect
algorithm values (WPA_CIPHER_* instead of WPA_ALG_*) which resulted in
mapping to an invalid WPA_ALG_* value for the actual driver operation.
As such, the derived key could not have been successfully set for the
link.

Since there are bugs in this implementation and there does not seem to
be any future for the PeerKey design with DLS (TDLS being the future for
DLS), the best approach is to simply delete all this code to simplify
the EAPOL-Key handling design and to get rid of any potential issues if
these code paths were accidentially reachable.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 02:03:47 +03:00
Jouni Malinen
e8b9649012 OWE: Transition mode support on station side
Add support for using the OWE Transition Mode element to determine the
hidden SSID for an OWE BSS that is used in transition mode.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-08 17:12:35 +03:00
vamsi krishna
e37cea308e OCE: Update default scan IEs when OCE is enabled/disabled
Update the default scan IEs when OCE is enabled/disabled to the
driver/firmware, so that the correct IEs will be sent out by the
driver/firmware in Probe Request frames.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-01 18:47:02 +03:00
Jouni Malinen
a0f19e9c74 SAE: Allow commit fields to be overridden for testing purposes (STA)
The new "SET sae_commit_override <hexdump>" control interface command
can be used to force wpa_supplicant to override SAE commit message
fields for testing purposes. This is included only in
CONFIG_TESTING_OPTIONS=y builds.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-04 13:32:03 +03:00
Jouni Malinen
a4bf007877 DPP: Remove devices object from the connector
This was removed from the draft DPP tech spec, so remove it from the
implementation as well.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-08-22 23:46:27 +03:00
Ashwini Patil
332aadb8a2 STA: Add OCE capability indication attribute
Add OCE capability indication attribute in Probe Request and
(Re)Association Request frames.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-14 21:19:53 +03:00
Andrei Otcheretianski
d02e4c8ac8 P2P: Clear get_pref_freq_list_override on P2P Device
Clear the get_pref_freq_list_override in p2p_ctrl_flush(). This fixes
the case when a dedicated P2P device interface is used.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2017-07-08 16:06:28 +03:00
Vidyullatha Kanchanapally
fe3e0bac1f FILS: Advertize FILS capability based on driver capability
Add changes to control interface command get_capability to advertize
FILS capability, FILS AKMs suites, and FILS Authentication algorithms
based on the driver capabilities.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-07 13:39:05 +03:00
Ashwini Patil
267fc0dd33 Add wpa_supplicant ctrl iface support to scan for a specific BSSID
Add support to scan for a specific BSSID through the wpa_supplicant
control interface.

Usage: wpa_cli scan bssid=ab:bc:cd🇩🇪ef:12

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-05 02:02:32 +03:00
Jouni Malinen
f522bb2377 DPP: Add DPP_CONFIGURATOR_SIGN to generate own connector
The DPP Configurator can use this new command to generate its own signed
connector for the network that it manages.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-04 17:48:44 +03:00
Jouni Malinen
b65b22d60a DPP: Configurator parameters in responder role
This allows wpa_supplicant to be configured to act as the configurator
in the case where a peer device initiates DPP Authentication.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-03 13:03:34 +03:00
Jouni Malinen
500ed7f006 DPP: PKEX bootstrapping
This implements genric PKEX functionality in src/common/dpp.c and glue
code to use this in wpa_supplicant (i.e, hostapd DPP implementation does
not yet support PKEX).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 09:35:00 +03:00
Jouni Malinen
6a7182a9c3 DPP: Add DPP_BOOTSTRAP_INFO command
This can be used to fetch parsed details on bootstrapping information.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-22 14:51:21 +03:00
Jouni Malinen
567da5bbd0 DPP: Add new AKM
This new AKM is used with DPP when using the signed Connector to derive
a PMK. Since the KCK, KEK, and MIC lengths are variable within a single
AKM, this needs number of additional changes to get the PMK length
delivered to places that need to figure out the lengths of the PTK
components.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 21:13:17 +03:00
Jouni Malinen
461d39af40 DPP: Configuration exchange
This adds support for DPP Configuration Protocol using GAS. Full
generation and processing of the configuration object is not included in
this commit.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 21:13:15 +03:00
Jouni Malinen
30d27b048e DPP: Authentication exchange
Add wpa_supplicant control interface commands for managing DPP
Authentication exchange.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 21:12:30 +03:00
Jouni Malinen
be27e185b7 DPP: Bootstrap information management
Add wpa_supplicant control interface commands for parsing the bootstrap
info URI from a QR Code (get peer public key) and to generate a new
bootstrap info with private key for local use. The optional
key=<hexdump> argument to the DPP_BOOTSTRAP_GEN command can be used to
specify the bootstrapping private key in OpenSSL ECPrivateKey DER
encoding format. This results in the local bootstrapping information
entry being created with the specified key instead of generating a new
random one.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 12:03:30 +03:00
Purushottam Kushwaha
34ee12c559 Do not flush PMKSA on bssid_hint change
Change in any network configuration at runtime will cause flush to
PMKSA cache. For most of the network parameters if there is no change
in value, PMKSA flush is not performed except 'bssid' and 'priority'.

Add 'bssid_hint' to exemption list of avoiding PMKSA flush on change.
This is needed to complete change in commit
43a356b268 ('Provide option to configure
BSSID hint for a network').

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-05-22 13:25:49 +03:00
Dmitry Shmidt
be1ece46f5 wpa_supplicant: Add GET_CAPABILITY for P2P redirection
It will give capability to check channel list before P2P group is
created.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2017-05-05 00:43:23 +03:00
Vamsi Krishna
178553b709 MBO: Add support to set ignore assoc disallow to driver
Add support to set ignore assoc disallow to the driver so that the
driver ignores assoc disallowed bit set by APs while connecting. This is
used by drivers that handle BSS selection and roaming internally.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-05-05 00:26:05 +03:00
Ashwini Patil
9a72bfe9a4 Add control interface command to enable/disable roaming
The new "SET roaming <0/1>" command can now be used to control
driver-based roaming.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-24 11:10:44 +03:00
Jouni Malinen
c10e0ccc9e Hide *PMKSA_ADD parameters from debug log
PMKSA_ADD and MESH_PMKSA_ADD command arguments include keying material,
so show it in debug log only if requested to do with the command line -K
argument.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-04-02 12:37:33 +03:00
Jouni Malinen
31e130f82c FILS: Add FILS-SK-PFS capability into "GET_CAPABILITY fils" command
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-13 11:46:30 +02:00
Jouni Malinen
f9561868ec OWE: Add driver capability flag for OWE AKM
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-12 19:24:11 +02:00
Jouni Malinen
a1ea1b4522 OWE: Define and parse OWE AKM selector
This adds a new RSN AKM "OWE".

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-12 19:24:11 +02:00
Avraham Stern
15ab61eda0 WNM: Add option to configure candidates for BTM query candidate list
Add a mechanism to configure the candidates for BTM query candidate list
manually. This can be used to verify AP behavior for various candidates
preferences.

usage:
wnm_bss_query <reason> [neighbor=<BSSID>,<BSSID information>,
	                <operating class>,<channel number>,
			<PHY type>[,<hexdump of optional subelements>]]

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2017-03-11 10:47:28 +02:00
Jouni Malinen
8ecf2231fd ANQP: Extend ANQP_GET command to request without IEEE 802.11 elements
Previously, ANQP_GET required at least one IEEE 802.11 ANQP-element to
be requested. This is not really necessary, so allow a case where
num_ids == 0 as long as the request includes at least one Hotspot 2.0 or
MBO ANQP-element.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-10 17:02:22 +02:00
Avraham Stern
2316cb358c MBO: Add option to add MBO query list to ANQP query
MBO techspec v0.0_r27 changed the MBO ANQP-element format. The MBO
element in ANQP query should now include an MBO Query List element that
contains a list of MBO elements to query.

Add API to add the MBO Query List to an ANQP query.

Format:
ANQP_GET <addr> <info_id>[,<info_id>]...[,mbo:<subtype>...]

Example for querying neighbor report with MBO cellular data
connection preference:
ANQP_GET <bssid> 272,mbo:2

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2017-03-10 16:53:10 +02:00