remove_on_tx_status needs to be set in this case even if
dpp_config_processing=2 is used since there will be no connection
attempt when receiving a Configurator backup instead of station config
object.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
For now, this is done only for the case where the NFC Device is not
usable and if writing a single tag fails.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Make the debug output easier to read when performing interactive NFC
operations on a device that has a terminal showing the log.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The change to checking DPP_LISTEN return value ended up overwriting the
actual URI information from wpas_get_nfc_uri().
Fixes: 288c0ffaaa ("dpp-nfc: Do not hardcode netrole for NFC Tag writing cases")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Allow netrole to be specified for NFC Tag writing cases. Previously,
this was hardcoded to use netrole=configurator when starting the listen
operation. Now the netrole parameter is not included by default, but any
netrole value can be specified with the new --netrole command line
argument.
In addition, fix the listening frequency for the case where a channel is
picked.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
When removing a mesh peer with control interface commands (ACCEPT_ACL
DEL_MAC/DENY_ACL ADD_MAC/MESH_PEER_REMOVE) the plink count was not
decreased from its last connection. This resulted in peer link count
leakage and wpa_supplicant rejecting the connections after reaching
max_peer_links (default: 99).
Fix this by decreasing the plink count when removing a mesh peer which
is in PLINK_ESTAB state.
Signed-off-by: Yu Wang <yyuwang@codeaurora.org>
wpa_s->dpp_auth did not get cleaner if dpp_config_processing=1 is used.
Clear this after having received TX status for Configuration Result to
avoid leaving behind the completed provisioning instance.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The pending authentication exchange will make us ignore Reconfig
Authentication Request, so do not allow reconfiguration to be started in
that state.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The use of the alternative channel list did not work properly for the
case were both ends were trying to initiate the negotiated connection
handover. Fix this by always starting a new connection handover client
thread for sending the alternative proposal and ignoring peer messages
(likely something from the first attempt) during this modified attempt.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
When a PMKSA cache entry is available and used for connection with FILS
key management suite, use FILS authentication algorithm for connection
even if ERP keys are not available. This scenario may happen when
applications using wpa_supplicant cache persistently only PMKSA but not
ERP keys and reconfigures wpa_supplicant with PMKSA cache after
restarting wpa_supplicant.
The previous implementation correctly handles SME-in-wpa_supplicant
cases. However, SME-in-driver cases, complete FILS authentication
without PMKSA caching is performed.
Fix SME-in-driver behavior by setting authentication algorithm to
WPA_AUTH_ALG_FILS when connecting to a FILS AP using PMKSA caching.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The channel numbering/center frequencies was changed in IEEE
P802.11ax/D6.1. The center frequencies of the channels were shifted by
10 MHz. Also, a new operating class 136 was defined with a single
channel 2. Add required support to change the channelization as per IEEE
P802.11ax/D6.1.
Signed-off-by: Wu Gao<wugao@codeaurora.org>
Signed-off-by: Vamsi Krishna <vamsin@codeaurora.org>
If the peer's channel list in negotiated handover does not have any
common channels and the local end is configured with an alternative
channel list, try to initiate another negotiation handover with the
alternative channels.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Be clearer about only a tag read being allowed when dpp-nfc is
configured to not allow connection handover.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This fixes an issue where the pending authentication might have held a
reference to auth->tmp_peer_bi and dpp_auth_deinit() would try to free
that bootstrapping entry. This needs to happen before the call to
dpp_global_clear() to avoid double-removal of the bootstrapping entry
from the list.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add events for within-ESS reassociation. This allows us to monitor roam
events, both skipped and allowed, in tests.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
Pull all the within-ESS roam code out of wpa_supplicant_need_to_roam()
and into its own function, wpa_supplicant_need_to_roam_within_ess().
This way, we avoid interleaving several #ifndef's in the original
function and wrap the new function in one big #ifndef. This also
modularizes the within-ESS roam code and makes it easier to test.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
This allows the DPP_CA_SET command to be targeting a specific DPP-CST
event in cases where the Configurator did not receive the bootstrapping
information for the peer.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
"DPP_CA_SET name=status value=<int>" can now be used to explicitly
indicate that CSR was rejected by CA/RA.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add initial Enrollee functionality for provisioning enterprise (EAP-TLS)
configuration object. This commit is handling only the most basic case
and a number of TODO items remains to handle more complete CSR
generation and config object processing.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Set the SAE-PK capability bit in RSNXE when sending out (Re)Association
Request frame for a network profile that allows use of SAE-PK.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Previously, PMF support was enabled in optional mode (ieee80211w=1) for
Hotspot 2.0 network blocks automatically. This did not consider the
global PMF parameter and unconditionally changed that value to optional.
Since the newly added network block had an explicit ieee80211w
parameter, this overrode the global parameter. To make this less
surprising, use the global pmf parameter value to select whether to add
network blocks for Hotspot 2.0 with PMF being optionally enabled (pmf=0
or pmf=1) or required (pmf=2).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Allow user to configure the TX queue parameters through the
wpa_supplicant configuration file similarly to the way these can be set
in hostapd.
Parse the tx_queue_* parameters in the wpa_supplicant configuration file
and update the TX queue configuration to the AP/P2P GO interface in the
function wpa_supplicant_create_ap().
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
It was possible to find a BSS to local network profile match for a BSS
entry that has no known SSID when going through some of the SSID
wildcard cases. At leas the OWE transition mode case without BSSID match
could result in hitting this. Zero-length SSID (i.e., wildcard SSID) is
not valid in (Re)Association Request frame, so such an association will
fail. Skip such a BSS to avoid known-to-be-failing association attempts.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
If there is an acceptable BSS with SAE-PK enabled in the same ESS,
select that over a BSS that does not enable SAE-PK when the network
profile uses automatic SAE-PK selection.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Move the BSS-against-SSID matching into a separate helper function to
make this overly long function a bit more readable and to allow that
helper function to be used for other purposes.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This replaces the previously used sae_pk_only configuration parameter
with a more generic sae_pk that can be used to specify how SAE-PK is
negotiated. The default behavior (sae_pk=0) is to automatically
negotiate SAE-PK whenever the AP supports it and the password is in
appropriate format. sae_pk=1 allows only SAE-PK to be used and sae_pk=2
disables SAE-PK completely.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The wpa_supplicant control interface returns maximum of 4 kB of response
data and, thus, limits maximum number of scan entries as part of
SCAN_RESULTS to approximately 60. Add a new all_bss command to use a
more robust iteration of the BSS table entries with the BSS command to
to get all scan entries and print them in the same format as the
scan_results command.
Signed-off-by: Purushottam Kushwaha <pkushwah@codeaurora.org>
wpa_supplicant disables PMKSA caching with FT-EAP by default due to
known interoperability issues with APs. This is allowed only if the
network profile is explicitly enabling caching with
ft_eap_pmksa_caching=1. However, the PMKID for such PMKSA cache entries
was still being configured to the driver and it was possible for the
driver to build an RSNE with the PMKID for SME-in-driver cases. This
could result in hitting the interop issue with some APs.
Fix this by skipping PMKID configuration to the driver fot FT-EAP AKM if
ft_eap_pmksa_caching=1 is not used in the network profile so that the
driver and wpa_supplicant behavior are in sync for this.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add support for missing driver AKM capability flags from the list of
RSN_AUTH_KEY_MGMT_* flags and make these available through the
'GET_CAPABILITY key_mgmt' control interface command.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This maintains knowledge of whether H2E or PK was used as part of the
SAE authentication beyond the removal of temporary state needed during
that authentication. This makes it easier to use information about which
kind of SAE authentication was used at higher layer functionality.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Some of the recently added wpa_supplicant network profile parameters
were not documented in wpa_supplicant.conf. Add these there based on the
documentation in config_ssid.h.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The new wpa_supplicant network profile parameter sae_pk_only=1 can now
be used to disable use of SAE authentication without SAE-PK.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This adds STA side functionality for SAE-PK. This version enables SAE-PK
automatically based on the configured SAE password value if the selected
AP advertises support for SAE-PK.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This adds core SAE functionality for a new mode of using SAE with a
specially constructed password that contains a fingerprint for an AP
public key and that public key being used to validate an additional
signature in SAE confirm from the AP.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Convert the previously used text log entries to use the more formal
OCV-FAILURE prefix and always send these as control interface events to
allow upper layers to get information about unexpected operating channel
mismatches.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Make reporting of OCV validation failure reasons more flexible by
removing the fixed prefix from ocv_verify_tx_params() output in
ocv_errorstr so that the caller can use whatever prefix or encapsulation
that is most appropriate for each case.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
To support the STA testbed role, the STA has to use specified channel
information in OCI element sent to the AP in EAPOL-Key msg 2/4, SA Query
Request, and SA Query Response frames. Add override parameters to use
the specified channel while populating OCI element in all these frames.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
It was possible for the RSN state machine to maintain old PMKSA cache
selection (sm->cur_pmksa) when roaming to another BSS based on
driver-based roaming indication. This could result in mismatching state
and unexpected behavior, e.g., with not generating a Suite B PMKSA cache
entry.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Some distros (e.g., Debian and Arch) already build wpa_supplicant with
support for TDLS, and Fedora is about to enable this feature as well.
Set CONFIG_TDLS=y in wpa_supplicant default build configuration.
Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
It was apparently possible to hit the 20000 octet limit in some cases,
so increase the limit to avoid process termination due to insufficient
room for preparing a response to Introspect calls.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is not really appropriate for any kind of cross compilations and is
not really needed in general since system specific values can be set in
.config.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is needed to be able to receive Public Action frames when hostapd
was initially started with start_disabled=1.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
If the local device becomes the handover selector, make the debug log
entries about client functionality not receiving the response clearer
since that is not really an error case.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Allow any channel to be used by not including a specific single channel
in the handover request without a need (for AP mode, use the current
operating channel). When sending out the handover select, pick a single
channel if no specific channel has been negotiated.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Wait up to 100 ms for own handover request transmission to succeed if
peer handover request is received, but own crn is not yet available.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Convert most print() calls to use the summary() helper so that the
printed information gets written into a log file as well. In addition,
start using a mutex lock to synchronize debug prints between threads to
avoid merging of messages from different contexts.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Address possible handover request collisions for cases where both
devices try to initiate handover simultaneously.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The previous version was trying to force the handover roles based on the
--init-on-touch parameter on both sides. That is fine for some test
scenarios, but not appropriate for more normal use cases. Change this
design to enable handover server in all cases and only control starting
of the handover client based on --init-on-touch.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Do not try to proceed with negotiated connection handover if
wpa_supplicant control interface is not available.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This was previously done only for the negotiated connection handover
case, but the same parameters are useful for the tag reading cases (URI
record and static handover).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Use key_mgmt_iftype instead of key_mgmt when the specific interface type
is known by the context of the operation.
Use per interface type AKM capabilities in capa.key_mgmt_iftype array
based on the wpa_supplicant context instead of using capa.key_mgmt to
determine the driver AKM capability.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
Add support to query per interface type AKM capabilities through the
control interface. For example, "GET_CAPABILITY key_mgmt
iftype=STATION".
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
This allows DPP_AUTH_INIT to be used with tcp_addr=<dst> argument and
Configurator parameters to perform Configurator initiated DPP
provisioning over TCP. Similarly, DPP_CONTROLLER_START can now be used
to specify Configurator/Enrollee roles and extend Controller to work in
Enrollee role.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add more parameters to dpp-nfc.py to allow it to be used with more
detailed control by the caller. This allows Enrollee/Configurator roles
to be selected and Configurator parameters to be specified on the
command line.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Extend Enrollee functionality to process Reconfig Authentication
Confirm message and start GAS client.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Extend Configurator functionality to sign a special Connector for
reconfiguration and reply with Reconfig Authentication Request frame
when Reconfig Announcement frame is received with a matching C-sign key
hash value.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Check if there is a matching Configurator and be ready to initiate
Reconfig Authentication (which itself is not included in this commit).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Extend DPP chirping mechanism to allow Reconfig Announcement frames to
be transmitted instead of the Presence Announcement frames. Add a new
wpa_supplicant control interface command "DPP_RECONFIG <network id>" to
initiate reconfiguration for a specific network profile.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This may be needed to optimize use of offchannel TX operations with
wait-for-response when near the end of a pending remain-on-channel
operation.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The recvfrom() calls were supposed to use the full allocated buffer size
(max+1) to match the res > max check.
Fixes: 96b6dd21a0 ("Increase wpa_supplicant control interface buffer size")
Signed-off-by: Jouni Malinen <j@w1.fi>
"SET dpp_version_override <ver>" can now be used to request
wpa_supplicant and hostapd to support a subset of DPP versions. In
practice, the only valid case for now is to fall back from DPP version 2
support to version 1 in builds that include CONFIG_DPP2=y.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Check AP's DPP Protocol Version during network introduction and mark the
PMKSA cache as suitable for PFS use with version 2 or newer. This avoids
unnecessary attempt of negotiating PFS with version 1 APs.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
It is simpler to assign wpa_s->current_ssid to a local pointer now that
there are numerous dereferences of current_ssid within sme_associate().
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This can be used to determine whether to try to negotiate PFS (only
available with version 2 or higher).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Increase the maximum command length from 4 kB to 8 kB mainly to allow
larger certificate blobs to be configured. Use heap memory to avoid
inconveniently large stack requirements. In addition, reject potentially
truncated commands instead of trying to process them.
The maximum length of the request can now be determined with
"GET max_command_len".
Signed-off-by: Jouni Malinen <j@w1.fi>
Randomize GAS dialog token field, instead of using an incremental
counter with predictable values. This change will make this field
unuseful for user fingerprinting.
Signed-off-by: Hai Shalom <haishalom@google.com>
Do not use a random MAC address for the GAS exchange that is used as
part of the DPP protocol exchange since that would break DPP.
Configurator expects the same MAC address to be used for DPP
Authentication exchange and DPP Configuration exchange (GAS).
Since the DPP Authentication exchange has already used the MAC address
configured on the interface, use of a random address for the GAS
exchange would not provide any additional privacy protection. If a
random MAC address needs to be used for this type of an exchange, that
random address would need to be first configured on the interface before
starting DPP exchange.
This does not change GAS query behavior for any other use case, i.e.,
the gas_rand_mac_addr configuration continues to apply to all the
Interworking/Hotspot 2.0 uses.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
If the driver supports control port for EAPOL RX, do not register
l2_packet for RX to minimize unnecessary operation load.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need for this to be outside the if block that is used to
check whether l2_packet is used for the interface.
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows wpa_supplicant to avoid the packet socket workaround for
cases where a bridge interface is used if the driver supports control
port for EAPOL frame TX and RX.
Signed-off-by: Jouni Malinen <j@w1.fi>
This case of accepting WPA/TKIP-only credential based on internal
registrar request to configure an AP to use TKIP was still remaining
while all the WPS cases were supposed to enable mixed mode
automatically. This is bit of a corner case since this is based on
explicit local request to configure TKIP, but anyway, convert this one
as well to allow WPA2/CCMP to be used.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add a build flag CONFIG_NO_TKIP=y to remove all TKIP functionality from
hostapd and wpa_supplicant builds. This disables use of TKIP as both the
pairwise and group cipher. The end result does not interoperate with a
WPA(v1)-only device or WPA+WPA2 mixed modes.
Signed-off-by: Disha Das <dishad@codeaurora.org>
Allow wpa_supplicant to be requested to override the RSNXE Used subfield
in FT reassociation case for testing purposes with "SET ft_rsnxe_used
<0/1/2>" where 0 = no override, 1 = override to 1, and 2 = override to
0.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Use global configuration parameters while invoking a persistent P2P
group after accepting P2P Invitation Request from a peer.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Mark own bootstrap information as having been used in NFC negotiated
connection handover and do not accept non-mutual authentication when
processing Authentication Response from the peer when such bootstrapping
information is used.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
If the Enrollee indicates support for DPP R2 or newer, add Connector and
C-sign-key in psk/sae credentials (i.e., cases where DPP AKM is not
enabled) for reconfiguration. Extend processing of such credentials in
wpa_supplicant network profile addition to handle this new case
correctly by not setting key_mgmt=DPP based on Connector being present,
but by looking at the actual akm value in the config object.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The chirping cases are not really targeting interactive operations, so
clear the requirement for mutual authentication when DPP_CHIRP command
is used. This avoids testing isues where an earlier DPP_LISTEN command
has used qr=mutual parameter and that seting not getting cleared before
the next DPP_CHIRP command is used.
This fixes a test case failure in the following test sequence:
dpp_auth_resp_status_failure dpp_controller_relay_chirp
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Define a driver interface event for Beacon frame protection failures.
Report such events over the control interface and send a
WNM-Notification Request frame to the AP as well.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add HE override support under the build parameter CONFIG_HE_OVERRIDES=y.
The disable_he=1 network profile parameter can be used to disable HE.
This requires a fallback to VHT on the 5 GHz band and to HT on the 2.4
GHz band.
There is no nl80211 support for configuring the driver to disable HE, so
for now, this applies only to IBSS and mesh cases.
Signed-off-by: P Praneesh <ppranees@codeaurora.org>
Drivers that trigger roaming need to know the lifetime and reauth
threshold time of configured PMKSA so that they can trigger full
authentication to avoid unnecessary disconnection. To support this, send
dot11RSNAConfigPMKLifetime and dot11RSNAConfigPMKReauthThreshold values
configured in wpa_supplicant to the driver while configuring a PMKSA.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
The new wpa_supplicant network profile parameter dpp_pfs can be used to
specify how PFS is applied to associations. The default behavior
(dpp_pfs=0) remains same as it was previously, i.e., try to use PFS if
the AP supports it. PFS use can now be required (dpp_pfs=1) or disabled
(dpp_pfs=2).
This is also working around an interoperability issue of DPP R2 STA with
certain hostapd builds that included both OWE and DPP functionality.
That issue was introduced by commit 09368515d1 ("OWE: Process
Diffie-Hellman Parameter element in AP mode") and removed by commit
16a4e931f0 ("OWE: Allow Diffie-Hellman Parameter element to be
included with DPP"). hostapd builds between those two commits would
reject DPP association attempt with PFS. The new wpa_supplicant default
(dpp_pfs=0) behavior is to automatically try to connect again with PFS
disabled if that happens.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Process received Presence Announcement frames and initiate
Authentication exchange if matching information is available on the
Configurator.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add a new wpa_supplicant control interface command "DPP_CHIRP own=<BI
ID> iter=<count>" to request chirping, i.e., sending of Presence
Announcement frames, to be started.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
"DPP_BOOTSTRAP_SET <ID> <configurator parameters..>" can now be used to
set peer specific configurator parameters which will override any global
parameters from dpp_configurator_params.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Set the global pointer and msg_ctx when allocating struct
dpp_authentication instead of needing to pass these to
dpp_set_configurator().
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
We have to delete PTK keys when either BIT(0) or BIT(15) are zero and
not only when both are zero.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
Allow AP mode network profile in wpa_supplicant to be configured to
advertise Transition Disable DKE.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Check whether the Transition Disable KDE is received from an
authenticated AP and if so, whether it contains valid indication for
disabling a transition mode. If that is the case, update the local
network profile by removing the less secure options.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
"GET last_tk_key_idx" can now be used in testing build to determine
which was the last configured Key ID for the pairwise key.
Signed-off-by: Jouni Malinen <j@w1.fi>
Support Extended Key ID in wpa_supplicant according to
IEEE Std 802.11-2016 for infrastructure (AP) associations.
Extended Key ID allows to rekey pairwise keys without the otherwise
unavoidable MPDU losses on a busy link. The standard is fully backward
compatible, allowing STAs to also connect to APs not supporting it.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
There is no real use case for the scan to be requested on more than 100
channels individually. To avoid excessively long lists with invalid
configuration, use 100 entry limit for the list before dropping to the
fallback scan-all-channels option.
Signed-off-by: Jouni Malinen <j@w1.fi>
These are theoretical cases with 32-bit integers, but cases that could
potentially hit an integer overflow with 16-bit int.
Signed-off-by: Jouni Malinen <j@w1.fi>
While int and unsigned int are not going overflow in practice as 32-bit
values, these could at least in theory hit an integer overflow with
16-bit int. Use size_t to avoid such potential issue cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
This avoids a theoretical unsigned integer overflow case with 32-bit
integers, but something that could potentially be hit with 16-bit int
(though, even that part looks pretty theoretical in this particular case
of number of BSSs in scan results).
Signed-off-by: Jouni Malinen <j@w1.fi>
Make max_*_rate() functions and rate calculation at the beginning of
wpas_get_est_tpt() more continuous. In wpa_supplicant_need_to_roam(), we
compare these values to make a roaming decision. However, at certain
SNRs, we see unrealistically large jumps in estimated throughput
according to these functions, leading us to make incorrect roaming
decisions. Perform linear interpolation where applicable to more
accurately reflect actual throughput.
Example:
wlan0: Current BSS: 88:3d:24:b4:95:d2 freq=2412 level=-69 snr=20 est_throughput=54000
wlan0: Selected BSS: 88:3d:24:b4:89:9e freq=2417 level=-67 snr=22 est_throughput=63500
wlan0: Using signal poll values for the current BSS: level=-69 snr=20 est_throughput=54000
wlan0: Allow reassociation - selected BSS has better estimated throughput
2 dB increase in RSSI likely isn't responsible for a 17% increase in
throughput.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
The new wpa_supplicant control interface SET parameter disable_sa_query
can now be used to disable SA Query on receiving unprotected
disconnection event.
Signed-off-by: Jouni Malinen <j@w1.fi>
The previous design for adding RSNXE into FT was not backwards
compatible. Move to a new design based on 20/332r3 to avoid that issue
by not include RSNXE in the FT protocol Reassociation Request frame so
that an AP not supporting RSNXE can still validate the FTE MIC
correctly.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is needed to avoid leaving external components (through control
interface or D-Bus) timing out while waiting for the scan completion
events. This was already taken care of for the scan-only case
("TYPE=only"), but the scan-and-allow-roaming case did not report the
scan completion event when operating in AP mode.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new wpa_supplicant control interface parameter rsne_override_eapol
can be used similarly to the earlier rsnxe_override_eapol to override
the RSNE value added into EAPOL-Key msg 2/4.
Signed-off-by: Jouni Malinen <j@w1.fi>
Driver capabilities may end up masking out some WPA_KEY_MGMT_* bits, so
debug print the outcome only after having performed all these steps.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Split multi_ap_process_assoc_resp() to set 4-address mode after network
selection. Previously, wpa_s->current_ssid might have been NULL in some
cases and that would have resulted in 4-address mode not getting enabled
properly.
Signed-off-by: Gurumoorthi Gnanasambandhan <gguru@codeaurora.org>
The previous implementation was assuming a fixed 20 MHz channel
bandwidth when determining which operating class value to indicate as
the Current Operating Class in the Supported Operating Classes element.
This is not accurate for many HT/VHT cases.
Fix this by determining the current operating class (i.e., the operating
class used for the requested association) based on the HT/VHT operation
elements from scan results.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Commit e5a9b1e8a3 ("mesh: Implement use of VHT20 config in mesh mode")
introduced the possibility to check the disable_vht param. However, this
entry is only available when CONFIG_VHT_OVERRIDES is enabled and as
such, this broke the build for some cases.
Fix this by encapsulating VHT property with the proper CONFIG entry.
Fixes: e5a9b1e8a3 ("mesh: Implement use of VHT20 config in mesh mode")
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
When wps_cred_add_sae=1 is used, WPS_AUTH_WPA2PSK credential gets
converted to enabling both PSK and SAE AKMs. However, this case was
still hardcoded auth_alg=OPEN which is not really correct for SAE. While
the SME-in-wpa_supplicant case can handle that, the SME-in-driver case
might not. Remove the unnecessary auth_alg=OPEN configuration to get the
normal PSK+SAE configuration enabled for the network profile.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Check whether an error is reported from any of the functions that could
in theory fail and if so, do not proceed with the partially filled SAE
commit buffer.
Signed-off-by: Jouni Malinen <j@w1.fi>
According to the systemd documentation "WantedBy=foo.service in a
service bar.service is mostly equivalent to
Alias=foo.service.wants/bar.service in the same file." However,
this is not really the intended purpose of install Aliases.
Signed-off-by: Joshua DeWeese <jdeweese@hennypenny.com>
Similarly to the wpa_supplicant_select_config() case,
wpa_get_beacon_ie() needs to handle the special case for OWE transition
mode where the SSID in the network profile does not match the SSID of
the OWE BSS (that has a hidden, random SSID). Accept such a BSS in case
the current scan results needs to be fetched for verifying EAPOL-Key msg
3/4 IEs.
Signed-off-by: Jouni Malinen <j@w1.fi>
It is possible for the hidden OWE BSS to be found based on SSID-specific
scan (e.g., from the special OWE scan mechanism). In that sequence, the
previously used learning of OWE BSS was skipped since the SSID was
already present in the BSS entry. This could result in not being able to
find a matching BSS entry for the OWE BSS in transition mode.
Fix this by adding the BSS flag for transition mode based on SSID
matching against currently enabled OWE network profiles in addition to
the previous mechanism.
Signed-off-by: Jouni Malinen <j@w1.fi>
The "unexpected" change of SSID between the current network profile
(which uses the SSID from the open BSS in OWE transition mode) and the
association with the OWE BSS (which uses a random, hidden SSID) resulted
in wpa_supplicant incorrectly determining that this was a
driver-initiated BSS selection ("Driver-initiated BSS selection changed
the SSID to <the random SSID from OWE BSS>" in debug log).
This ended up with updating security parameters based on the network
profile inwpa_supplicant_set_suites() instead of using the already
discovered information from scan results. In particular, this cleared
the RSN supplicant state machine information of AP RSNE and resulted in
having to fetch the scan results for the current BSS when processing
EAPOL-Key msg 3/4.
Fix this by recognizing the special case for OWE transition mode where
the SSID for the associated AP does not actually match the SSID in the
network profile.
Signed-off-by: Jouni Malinen <j@w1.fi>
When wpa_supplicant interface is added without a configuration file, the
SAVE_CONFIG command causes a segmentation fault due to referencing a
NULL pointer if the update_config parameter is first explicitly enabled.
Fix the issue by checking the confname for NULL before saving
configuration.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Specific BSSID scan was replacing wildcard SSID with the known SSID if
any BSS with the specified BSSID is available in the known BSSes list.
Add control interface support to force use of a wildcard SSID in a
specific BSSID scan by user with the new "wildcard_ssid=1" argument to
the SCAN command.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
Incorrect he_enabled parameter was being passed to
hostapd_set_freq_params() in mesh which caused HE to be not fully
enabled on the 5 GHz band. Fix this by setting freq->he_enabled instead
of vht_freq.he_enabled so that the hostapd_set_freq_params() uses the
correct he_enabled value (and then ends up copying this to
vht_freq.he_enabled in the success case).
Fixes: 6e711e7ab3 ("mesh: Do not enable HE on 5 GHz without VHT")
Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
The commit a34ca59e (SAE: Allow SAE password to be configured separately
(STA)) added sae_password configuration option. We should also consider
sae_password in the wpa_config_write() function which stores the valid
network block details to an external database.
Fixes: a34ca59e4d ("SAE: Allow SAE password to be configured separately (STA)")
Signed-off-by: Sachin Shelke <sachin.shelke@nxp.com>
Signed-off-by: Cathy Luo <xiaohua.luo@nxp.com>
Signed-off-by: Ganapathi Bhat <ganapathi.bhat@nxp.com>
wep_keys_set was not used in wpas_start_assoc_cb() without
IEEE8021X_EAPOL, so need to make this local variable conditional on
build options.
Signed-off-by: Jouni Malinen <j@w1.fi>
PASN authentication can be performed while a station interface is
connected to an AP. To allow sending PASN frames while connected, extend
the send_mlme() driver callback to also allow a wait option. Update the
relevant drivers and wpa_supplicant accordingly.
hostapd calls for send_mlme() are left unchanged, since the wait option
is not required there.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
This will be present when the driver supports SAE and it's included in
the wpa_supplicant build.
Signed-off-by: Brian Norris <briannorris@chromium.org>
WEP should not be used for anything anymore. As a step towards removing
it completely, move all WEP related functionality to be within
CONFIG_WEP blocks. This will be included in builds only if CONFIG_WEP=y
is explicitly set in build configuration.
Signed-off-by: Jouni Malinen <j@w1.fi>
While the WSC specification requires the Enrollee to stop PBC
provisioning if the scan sees multiple APs in active PBC mode, this is
problematic due to some deployed devices continuing to advertise PBC
mode for extended duration (or even permanently). Such an environment
will still need to prevent wildcard AP selection with PBC since an
incorrect device could be selected. However, if the Enrollee device has
been explicitly requested to connect to a specific AP based on its
BSSID, the other APs in scan results can be ignored without affecting
which AP would be selected (only the one matching the specified BSSID is
acceptable).
Start filtering scan results for PBC session overlap check based on the
locally specified constraint on the BSSID, if one is set. This allows
PBC to be used with "WPS_PBC <BSSID>" command in environment where
another AP device is claiming to be in active PBC mode while "WPS_PBC"
command will still continue to reject provisioning since the correct AP
cannot be selected.
This will also cover the P2P cases where P2P_CONNECT is used to start or
authorize GO Negotiation and joining-a-GO with a specific P2P GO
Interface Address (BSSID).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
There does not seem to be a good reason for using the different IFACE=
prefix on the UDP control interface. This got added when the UDP
interface in wpa_supplicant was extended in commit f0e5d3b5c6
("wpa_supplicant: Share attach/detach/send UDP ctrl_iface functions")
and that was then extended to hostapd in commit e920805685 ("hostapd:
Extend global control interface notifications").
Replace the IFACE= prefix in UDP case with IFNAME= to be consistent with
the UNIX domain socket based control interface.
This fixes a problem when at least one test case fail (hapd_ctrl_sta)
when remote/udp used. This also fixes test_connectivity().
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Rekeying a pairwise key using only keyid 0 (PTK0 rekey) has many broken
implementations and should be avoided when using or interacting with
one. The effects can be triggered by either end of the connection and
range from hardly noticeable disconnects over long connection freezes up
to leaking clear text MPDUs.
To allow affected users to mitigate the issues, add a new configuration
option "wpa_deny_ptk0_rekey" to replace all PTK0 rekeys with fast
reconnects.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
Pick the most recently added BSS entry based on BSSID matching to avoid
issues in testing environment where the SSID of the AP may have changed
and both the old and new BSS is still present in the scan results.
Signed-off-by: Jouni Malinen <j@w1.fi>
Hardcoded CONFIG_IEEE80211N to be included to clean up implementation.
More or less all new devices support IEEE 802.11n (HT) and there is not
much need for being able to remove that functionality from the build.
Included this unconditionally to get rid of one more build options and
to keep things simpler.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add a new wpa_supplicant network profile configuration parameter
beacon_prot=<0/1> to allow Beacon protection to be enabled.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Do not use VERSION_STR directly as the format string to printf() since
it is possible for that string to contain '%'.
Signed-off-by: Didier Raboud <odyx@debian.org>
SM Power Save was described in somewhat unclear manner in IEEE Std
802.11n-2009 as far the use of it locally in an AP to save power. That
was clarified in IEEE Std 802.11-2016 to allow only a non-AP STA to use
SMPS while the AP is required to support an associated STA doing so. The
AP itself cannot use SMPS locally and the HT Capability advertisement
for this is not appropriate.
Remove the parts of SMPS support that involve the AP using it locally.
In practice, this reverts the following commits:
04ee647d58 ("HT: Let the driver advertise its supported SMPS modes for AP mode")
8f461b50cf ("HT: Pass the smps_mode in AP parameters")
da1080d721 ("nl80211: Advertise and configure SMPS modes")
Signed-off-by: Jouni Malinen <j@w1.fi>
Avoid adding more than P2P_MAX_REG_CLASSES operating classes or
P2P_MAX_REG_CLASS_CHANNELS channels while populating P2P channels. The
current limits on the operating classes or channels per operating class
could be hit in some case (mainly, with 6 GHz, but in theory, with a
2.4/5/60 GHz capable device as well).
If the local driver advertised a larger number of supported operarting
classes or channels per operating class, the construction of the struct
p2p_reg_class instances could have resulted in writing beyond the end of
the buffer and ending up corrupting memory around the struct p2p_config.
This could result in unexpected behavior in some other operations that
used corrupted memory, e.g., generation of a P2P Channel List failing
(with validation code stopping the process to avoid writing beyond the
end of the message buffer) due to not having sufficient buffer space for
the corrupted data.
This issue is triggered only based on information from the local driver
(mainly based on addition of support for 6 GHz band operating classes),
so the issue cannot be triggered based on received frames or any other
remote information.
The issue was introduced by commit d7c2c5c98c ("AP: Add initial
support for 6 GHz band") which added the operating class 131 which has
sufficiently large number of channels to go beyond the
P2P_MAX_REG_CLASS_CHANNELS limit.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Previously it was possible for the PKEX/DPP exchange to terminate with
an error and the ongoing Action frame TX/RX offchannel operation not
getting terminated. This could leave the driver waiting on offchannel
until timeout and failing following operations before that timeout
happens. Fix this by explicitly stopping the Action frame sequence in
the driver in the previously missed cases.
This fixes a case that was showing up with the following test sequence
every now and then:
dpp_qr_code_chan_list_unicast dpp_pkex_test_fail dpp_enrollee_reject_config
dpp_pkex_test_fail was adding a large number of pending offchannel
operations and dpp_enrollee_reject_config could fail if those pending
operations were blocking new remain-on-channel or offchannel TX
operation for a sufficiently long time.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Previously DPP_AUTH_INIT command update wpa_s->dpp_netrole only if the
netrole parameter was included. This could leave AP or configurator
network in place for the next DPP_AUTH_INIT command. This would be
unexpected behavior, so reset wpa_s->dpp_netrole back to the
DPP_NETROLE_STA default if no explicit netrole parameter is included.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
connection_vht flag was set to true when both Association Request and
Response frame IEs have VHT capability. Thus all devices that have
support for the vendor specific partial VHT support in the 2.4 GHz band
were also being reported as VHT capable. However, IEEE Std 802.11ac-2013
defines VHT STA to operate in frequency bands below 6 GHz excluding the
2.4 GHz band.
Do not set connection_vht when the operating band is 2.4 GHz. This
avoids reporting wifi_generation 5 on the 2.4 GHz band and reserves the
generation value 5 for full VHT as defined in the IEEE 802.11 standard.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
A driver supports FT if it either supports SME or the
NL80211_CMD_UPDATE_FT_IES command. When selecting AKM suites,
wpa_supplicant currently doesn't take into account whether or not either
of those conditions are met. This can cause association failures, e.g.,
when an AP supports both WPA-EAP and FT-EAP but the driver doesn't
support FT (wpa_supplicant will decide to do FT-EAP since it is unaware
the driver doesn't support it). This change allows an FT suite to be
selected only when the driver also supports FT.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
Reviewed-by: Brian Norris <briannorris@chromium.org>
The new sae_pwe=3 mode can be used to test non-compliant behavior with
SAE Password Identifiers. This can be used to force use of
hunting-and-pecking loop for PWE derivation when Password Identifier is
used. This is not allowed by the standard and as such, this
functionality is aimed at compliance testing.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Previous version accepted both 0 and 126 values in SAE commit message
from the AP. Explicitly check that the value the AP uses matches what
the STA started with to avoid unexpected cases.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The new dpp-nfc.py command line argument --chan can be used to replace
the local channel list default (81/1).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Local variable should be used. This fixes an issue where IEs are
available only from a Beacon frame.
Fixes: ad06ac0b0 ("Move throughput estimation into a helper function")
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
This Python script is an example on how nfcpy can be used to drive an
NFC Device to perform DPP bootstrapping operations over DPP (tag with
NFC URI and negotiated connection handover).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add new control interface commands "DPP_NFC_HANDOVER_REQ own=<id>
uri=<URI>" and "DPP_NFC_HANDOVER_SEL own=<id> uri=<URI>" to support NFC
negotiated connection handover. These commands are used to report a DPP
URI received from a peer NFC Device in Handover Request and Handover
Select messages. The commands return peer bootstrapping information ID
or FAIL on failure. The returned ID is used similarly to any other
bootstrapping information to initiate DPP authentication.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Initial OWE implementation used SHA256 when deriving the PTK for all OWE
groups. This was supposed to change to SHA384 for group 20 and SHA512
for group 21. The new owe_ptk_workaround=1 network parameter can be used
to enable older behavior mainly for testing purposes. There is no impact
to group 19 behavior, but if enabled, this will make group 20 and 21
cases use SHA256-based PTK derivation which will not work with the
updated OWE implementation on the AP side.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The 5 GHz channels are stored in one hw_features set with mode
HOSTAPD_MODE_IEEE80211A while the 6 GHz channels will need to be stored
in a separate hw_features set (but with same mode
HOSTAPD_MODE_IEEE80211A) due to possibility of different HT/VHT/HE
capabilities being available between the 5 GHz and 6 GHz bands.
Iterate through all hw_features sets and check and match the band of
channel supported by the hw_features set while getting the hw_features
set in get_mode(). This allows both the 5 GHz and 6 GHz channels to be
found and correct capabilities to be used in cases where the driver
reports different capability values between 5 and 6 GHz channels.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Users might be tempted to try ap_scan=0 for offloading scan,
ap_selection and, WPA to driver. Update the text to reflect that this is
deprecated.
Jouni confirmed deprecation in
https://www.spinics.net/lists/hostap/msg06482.html
Signed-off-by: Chaitanya Tata <chaitanya.tata@bluwireless.com>
IEEE P802.11-REVmd was modified to use a container IE for anti-clogging
token whenver H2E is used so that parsing of the SAE Authentication
frames can be simplified.
See this document for more details of the approved changes:
https://mentor.ieee.org/802.11/dcn/19/11-19-2154-02-000m-sae-anti-clogging-token.docx
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This BSS membership selector has impact only for SAE functionality, so
ignore it when configured not to use SAE. This allows WPA-PSK connection
to and AP that advertises WPA-PSK and SAE while requiring H2E for SAE.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add the new set_key() parameter "key_flag" to provide more specific
description of what type of a key is being configured. This is needed to
be able to add support for "Extended Key ID for Individually Addressed
Frames" from IEEE Std 802.11-2016. In addition, this may be used to
replace the set_tx boolean eventually once all the driver wrappers have
moved to using the new key_flag.
The following flag are defined:
KEY_FLAG_MODIFY
Set when an already installed key must be updated.
So far the only use-case is changing RX/TX status of installed
keys. Must not be set when deleting a key.
KEY_FLAG_DEFAULT
Set when the key is also a default key. Must not be set when
deleting a key. (This is the replacement for set_tx.)
KEY_FLAG_RX
The key is valid for RX. Must not be set when deleting a key.
KEY_FLAG_TX
The key is valid for TX. Must not be set when deleting a key.
KEY_FLAG_GROUP
The key is a broadcast or group key.
KEY_FLAG_PAIRWISE
The key is a pairwise key.
KEY_FLAG_PMK
The key is a Pairwise Master Key (PMK).
Predefined and needed flag combinations so far are:
KEY_FLAG_GROUP_RX_TX
WEP key not used as default key (yet).
KEY_FLAG_GROUP_RX_TX_DEFAULT
Default WEP or WPA-NONE key.
KEY_FLAG_GROUP_RX
GTK key valid for RX only.
KEY_FLAG_GROUP_TX_DEFAULT
GTK key valid for TX only, immediately taking over TX.
KEY_FLAG_PAIRWISE_RX_TX
Pairwise key immediately becoming the active pairwise key.
KEY_FLAG_PAIRWISE_RX
Pairwise key not yet valid for TX. (Only usable with Extended Key ID
support.)
KEY_FLAG_PAIRWISE_RX_TX_MODIFY
Enable TX for a pairwise key installed with KEY_FLAG_PAIRWISE_RX.
KEY_FLAG_RX_TX
Not a valid standalone key type and can only used in combination
with other flags to mark a key for RX/TX.
This commit is not changing any functionality. It just adds the new
key_flag to all hostapd/wpa_supplicant set_key() functions without using
it, yet.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
This makes it more convenient to add, remove, and modify the parameters
without always having to update every single driver_*.c implementation
of this callback function.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
If a channel list changed event is received after a scan and before
selecting a BSS for connection, a BSS found on a now disabled channel
may get selected for connection. The connect request issued with the BSS
found on a disabled channel is rejected by cfg80211. Filter out the BSSs
found on disabled channels and select from the other BSSs found on
enabled channels to avoid unnecessary connection attempts that are bound
to fail.
The channel list information will be updated by the driver in cases like
country code update, disabling/enabling specific bands, etc. which can
occur between the scan and connection attempt.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This was previously done only in supplicant role, but a similar change
is needed for the authenticator role.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
In order to correctly encrypt rekeying frames, wpa_supplicant now checks
if a PTK is currently installed and sets the corresponding encrypt
option for tx_control_port().
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Linux kernel v4.17 added the ability to request sending control port
frames via nl80211 instead of a normal network socket. Doing this
provides the device driver with ordering information between the
control port frames and the installation of keys. This empowers it to
avoid race conditions between, for example, PTK replacement and the
sending of frame 4 of the 4-way rekeying handshake in an RSNA. The
key difference between a TX_CONTROL_PORT and normal socket send is
that the device driver will certainly get any EAPOL frames comprising
a 4-way handshake before it gets the key installation call
for the derived key. By flushing its TX buffers it can then ensure
that no pending EAPOL frames are inadvertently encrypted with a key
that the peer will not yet have installed.
Update the RSN supplicant system to use this new operation for sending
EAPOL-Key frames when the driver reports that this capability is
available; otherwise, fall back to a normal Ethernet TX.
I have tested this on DMG (11ad/ay) devices with an out-of-tree Linux
driver that does not use mac80211. Without this patch I consistently see
PTK rekeying fail if message 4/4 shares a stream with other in-flight
traffic. With this patch, and the driver updated to flush the relevant TX
queue before overwriting a PTK (knowing, now, that if there was a message
4/4 related to the key installation, it has already entered the driver
queue), rekeying is reliable.
There is still data loss surrounding key installation - this problem is
alluded to in IEEE Std 802.11-2016, 12.6.21, where extended Key ID
support is described as the eventual solution. This patch aims to at
least prevent rekeying from totally breaking the association, in a way
that works on kernels as far back as 4.17 (as per Alexander Wetzel
extended Key ID support should be possible on 5.2).
See http://lists.infradead.org/pipermail/hostap/2019-May/040089.html for
a little more context.
Signed-off-by: Brendan Jackman <brendan.jackman@bluwireless.co.uk>
Linux kernel v4.17 added the ability to request sending controlled port
frames (e.g., IEEE 802.1X controlled port EAPOL frames) via nl80211
instead of a normal network socket. Doing this provides the device
driver with ordering information between the control port frames and the
installation of keys. This empowers it to avoid race conditions between,
for example, PTK replacement and the sending of frame 4 of the 4-way
rekeying handshake in an RSNA. The key difference between the specific
control port and normal socket send is that the device driver will
certainly get any EAPOL frames comprising a 4-way handshake before it
gets the key installation call for the derived key. By flushing its TX
buffers it can then ensure that no pending EAPOL frames are
inadvertently encrypted with a key that the peer will not yet have
installed.
Add a CONTROL_PORT flag to the hostap driver API to report driver
capability for using a separate control port for EAPOL frames. This
operation is exactly like an Ethernet send except for the extra ordering
information it provides for device drivers. The nl80211 driver is
updated to support this operation when the device reports support for
NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211. Also add a driver op
tx_control_port() for request a frame to be sent over the controlled
port.
Signed-off-by: Brendan Jackman <brendan.jackman@bluwireless.co.uk>
This variable is not specific to any P2P group interface and since it
was already used through global->p2p_init_wpa_s, it is cleaner to simply
move this to the global structure so that there is a single variable
instead of per-interface variables and need to pick the correct
interface.
Signed-off-by: Jouni Malinen <j@w1.fi>
The p2p_long_listen value was set on the control wpa_s struct while in a
lot of cases it operated on the p2p struct. Explicitly use the global
p2p_init_wpa_s struct in cases where we might not be operating on it
already.
Without this, simply starting a p2p_listen operation (e.g., using
wpa_cli) will not work properly. As the p2p_long_listen is set on the
controlling interface and wpas_p2p_cancel_remain_on_channel_cb() uses
p2p_init_wpa_s, it would not actually work. This results in
wpa_supplicant stopping listening after the maximum remain-on-channel
time passes when using a separate P2P Device interface.
Signed-off-by: Benjamin Berg <bberg@redhat.com>
sme_send_authentication() could fail before actually requesting the
driver to authenticate with a new AP. This could happen after
wpa_s->bssid got cleared even though in such a case, the old association
is maintained and still valid. This can result in unexpected behavior
since wpa_s->bssid would not match the current BSSID anymore.
Fix this by postponing clearing of wpa_s->bssid until the IE preparation
has been completed successfully.
Signed-off-by: Jouni Malinen <j@w1.fi>
send_frame() is documented to be used for "testing use only" and as
such, it should not have used here for a normal production
functionality. Replace this with use of send_mlme() which is already
used for sending Authentication frames in number of other cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
"SET driver_signal_override <BSSID> [<si_signal< <si_avg_signal>
<si_avg_beacon_signal> <si_noise> <scan_level>]" command can now be used
to request wpa_supplicant to override driver reported signal levels for
signal_poll and scan results. This can be used to test roaming behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
Fix a rebasing issue in the signal difference calculation. The older
patch was not updated to use the new cur_level local variable to get the
possibly updated signal level for the current BSS.
Fixes: a2c1bebd43 ("Improve roaming logic")
Signed-off-by: Jouni Malinen <j@w1.fi>
This is targeting the case of MAC address change for an association
which may require the interface to be set down for a short moment.
Previously, this ended up flushing the BSS table that wpa_supplicant
maintained and that resulted in having to scan again if the MAC address
was changed between the previous scan and the connection attempt. This
is unnecessary extra latency, so maintain the BSS entries for 5 seconds
(i.e., the same time that the old scan results are consider valid for a
new connection attempt) after an interface goes down.
Signed-off-by: Jouni Malinen <j@w1.fi>
Currently, wpa_supplicant may roam too aggressively; the need_to_roam()
function will return early with a roaming decision if the difference in
signal level or throughput between the current and selected APs is
"sufficiently large." In particular, if the selected AP's estimated
throughput is more than 5k greater than the current AP's estimated
throughput, wpa_supplicant will decide to roam. Otherwise, if the
selected AP's signal level is less than the current AP's signal level,
or the selected AP's estimated throughput is at least 5k less than the
current AP's estimated throughput, wpa_supplicant will skip the roam.
These decisions are based only on one factor and can lead to poor
roaming choices (e.g., a roam should not happen if the selected AP's
estimated throughput meets the threshold but the current signal and
throughput are already good, whereas a roam should happen if the signal
is slightly worse but the estimated throughput is significantly better).
This change standardizes the roaming heuristic for signal strength
difference requirements and will hopefully improve user experience. The
change can be summarized as follows: based on the current signal level,
a certain roaming difficulty is assigned. Based on the selected AP's
estimated throughput relative to the current AP's estimated throughput,
the difficulty is adjusted up or down. If the difference in signal level
meets the threshold, a roam happens.
The hard-coded values were selected purely based on the previous version
of this function. They may eventually need to be fine-tuned for optimal
performance.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
Do not prevent roam to a different BSS based only on the signal level
with the current BSS being higher than with the selected BSS. If the
estimated throughput is significantly higher (> 20%), allow roaming if
the following conditions are met.
Signed-off-by: Jouni Malinen <j@w1.fi>
If the current SNR with the associated BSS is sufficiently good (better
than GREAT_SNR = 25), there is limited benefit from moving to another
BSS even if that BSS were to have a higher signal level. As such, skip
roaming based on the signal level difference between the selected BSS
from scan results and the current BSS for such cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
Using average signal strength from the driver and hardcoded noise floor
does not look like an ideal design since there can be significant
differences in the driver-reported noise floor values. Furthermore, even
though the current noise floor is a snapshot from the driver, it is
common for drivers to use a noise floor value from a longer calibration
step and that should not prevent the driver provided value from being
used. This makes the comparisons of the signal strengths between the
current AP (signal_poll) and other APs (scan) more accurate.
As an example, test runs in home environment showed 5 dB difference
between the driver reported noise floor and the hardcoded value and this
could result in significant differences in estimated throughput
calculation.
Signed-off-by: Jouni Malinen <j@w1.fi>
This avoids a testing failure in the following test case sequence:
ap_ft_r1_key_expiration ap_open_external_assoc
Signed-off-by: Jouni Malinen <j@w1.fi>
TKIP countermeasures were already terminated on FLUSH, but the timer for
detecting two Michael MIC errors within 60 seconds was left behind. This
resulted in test case failures with following test sequence:
ap_cipher_tkip_countermeasures_sta ap_cipher_tkip_countermeasures_sta2
Signed-off-by: Jouni Malinen <j@w1.fi>
Some drivers (e.g. Marvell WiFi) don't report avg_beacon_signal, but
it's still useful to poll for the signal again when a roaming decision
needs to be made. Use si.avg_signal when si.avg_beacon_signal is not
available.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
We saw that on certain platforms in certain places we keep switching
between two APs and eventually get the same RSSI. Debugging showed that
we have a very big difference between the two antennas.
Ant A can hear AP A very well (-60) but AP B very bad (-80)
Ant B can hear AP B very well (-60) but AP A very bad (-80)
When the device associates to AP A, it'll learn to use Ant A. If the
device uses one single antenna to receive the scan results, it may hear
the AP it is currently associated to on the second antenna and get bad
results. Because of that, the wpa_supplicant will roam to the other AP
and the same scenario will repeat itself:
Association to AP A (Ant A reports -60).
Scan on Ant A: AP A: -60, AP B: -80
Scan on Ant B: AP A: -80, AP A: -60 ==> ROAM.
Association to AP B (Ant B reports -60)
Scan on Ant A: AP A: -60, AP B: -80 ==> ROAM
Etc...
Improve this by querying the signal level of the current AP using
drv_signal_poll() instead of relying on the signal level that we get
from the scan results. Also update the throughput estimate based on the
likely more accurate values for the current association.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
This is a step towards allowing this functionality to update the scan
result -based values with the values from a signal poll for the current
BSS.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
This is a step towards allowing these values to be determined based on
signal poll instead of scan results.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Do not disconnect on interface deinit when WoWLAN is enabled, so we can
boot the system with WoWLAN after S5 (poweroff).
Signed-off-by: Alfonso Sanchez-Beato <alfonso.sanchez-beato@canonical.com>
This can be used in the future to implement support for RNR and scanning
extensions using a shorter field for the SSID.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
When wpa_supplicant receives another new peer event before the first one
has been processed, it tries to add a station to the driver a second
time (which fails) and then tears down the station entry until another
event comes in.
Fix this by only adding a station to the driver if it didn't exist
already.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
If hostapd or wpa_supplicant is started with both -s and -f command line
arguments, debug log ended up being written only into syslog and the log
file was left empty. Change this so that the log entries will be written
to both places. Either -s or -f (or both) results in debug log to stdout
being disabled which was already the case.
Signed-off-by: Jouni Malinen <j@w1.fi>
Use LAST_ID of LIST_NETWORKS to load all the network entries iteratively
if there is large enough number of networks to not fit in a single
response.
Signed-off-by: Victor Ananyev <vindex10@gmail.com>
This allows starting point of the network list to be specified so that
the potentially long response can be fragmented into multiple fetch
operations.
Signed-off-by: Victor Ananyev <vindex10@gmail.com>
Field wpa_s->sme.ht_sec_chan keeps secondary channel for the 40 MHz
band. This field is used to prepare a list of channels for the STA OBSS
scan. Initially, the secondary channel is set to HT_SEC_CHAN_UNKNOWN.
Later on, in function wpa_obss_scan_freq_list() it is obtained from the
current BSS HT operation IE. However, the secondary channel information
is not updated after channel switch, which may lead to an incorrect list
of channels prepared for the STA OBSS scan.
Update ht_sec_chan according to the channel switch event data to fix
this.
Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
In the previous implementation connected STA performs OBSS scan
according to requests from its 20/40 MHz AP. However STA checks only 40
MHz intolerance subfield from HT Capabilities element in scan results.
Meanwhile, as per IEEE Std 802.11-2016, 11.16.12, STA should check
overlapping BSSs as well.
Note that all the required code to check overlapping BSSs did already
exist for AP mode since AP does those checks properly before operating
as 20/40 MHz BSS in the 2.4 GHz band. Use that existing code by replace
existing 40 MHz intolerance check in sme_proc_obss_scan() with the new
shared helper function check_bss_coex_40mhz().
Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
This gives us the network device name in logging messages, which can be
helpful when having one wpa_supplicant process handle multiple devices.
Signed-off-by: Ben Greear <greearb@candelatech.com>
This allows BIP-GMAC-128, BIP-GMAC-256, or BIP-CMAC-256 to be used
instead of the previously hardcoded AES-128-CMAC as the group management
cipher when using mesh with PMF. For now, this can be configured by
setting a single group_mgmt value in the network block and doing that
consistently through all the STAs in the mesh.
Signed-off-by: Jouni Malinen <j@w1.fi>
The previous calculation of the buffer length did not take into account
the possibility of 32-octet GTK and IGTK values and it was also missing
something to cover the 16 octet keys that are supported now. Other
buffer elements were likely sufficient to cover all these cases, but
anyway, it is better to allocate sufficient size specifically for AMPE
to avoid issues in the future.
Signed-off-by: Jouni Malinen <j@w1.fi>
WPS_EVENT_CANCEL is added to indicate cancellation of a WPS operation
for any reason in hostapd/wpa_supplicant.
WPS_EVENT_PIN_ACTIVE is added to indicate when a PIN operation is
triggered in wpa_supplicant.
Signed-off-by: Veli Demirel <veli.demirel@airties.com>
Signed-off-by: Bilal Hatipoglu <bilal.hatipoglu@airties.com>
When the newly added "-r" parameter is used, both clis will try to
reconnect forever on connection lost until signalled (ctrl+c) or
terminated. This is useful only when used with -a to take action to
retrieve events or get status and the cli process stays even if
hostapd/wpa_supplicant daemons restart for some reason (e.g.,
configuration change).
Signed-off-by: Veli Demirel <veli.demirel@airties.com>
Signed-off-by: Bilal Hatipoglu <bilal.hatipoglu@airties.com>
This array had not been updated for years (since it was initially added)
and it was missing new network profile parameters that were not quoted
strings (but also not integers that could be set as integer types). Add
those missing non-quoted-strings to allow them to be set through the
DBus interface.
Signed-off-by: Jouni Malinen <j@w1.fi>
These parameters are global parameters, not network profile parameters,
and as such, do not below in dont_quote[] which is used to determine
whether a network profile parameter needs to be quoted.
Signed-off-by: Jouni Malinen <j@w1.fi>
These properties were in the wpas_dbus_bss_properties array when they
should have been in the wpas_dbus_interface_properties array. Move them
to the right place. This is the logical location for these properties
and it matches both the other parts of the implementation (e.g., being
in enum wpas_dbus_prop, not in enum wpas_dbus_bss_prop) and what
was originally documented for the interface in dbus.doxygen.
Fixes: 2bbad1c7c9 ("dbus: Export roam time, roam complete, and session length")
Fixes: 80d06d0ca9 ("dbus: Export BSS Transition Management status")
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
The stdout of wpa_passphrase is often piped directly into the
wpa_supplicant config file. In case of errors these will be written to
the file and possibly not noticed by the user.
Use fprintf to print errors to stderr.
Signed-off-by: Sam Tygier <samtygier@yahoo.co.uk>
When a PTK rekey fails it can't be caused by a PSK mismatch. Report a
possible PSK mismatch only during the initial 4-way handshake to avoid
incorrect reports.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
Ongoing scan could prevent the station Enrollee from sending out DPP
connection status after the 15 second timeout and that would result in
the Configurator timing out on the wait for the status report. Abort any
ongoing scan, if needed, to avoid this.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Enable all DH FFC groups for SAE in wpa_supplicant testing builds. These
are needed to allow more testing coverage for AP functionality.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Using the channel parameter for validating allowed channel combinations
is not scalable to add 6 GHz support in the future since channel numbers
are duplicated between 2.4 GHz / 5 GHz bands and 6 GHz band. Hence use
frequency field for all channel combination validation steps done before
starting AP.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>