Commit graph

4166 commits

Author SHA1 Message Date
Hu Wang
57d3c5913a Clear scan_res_handler on no-retry failure
Previously it was possible for wpa_s->scan_res_handler to remain set to
its old value in case wpa_drv_scan() failed and no retry for the scan
trigger was scheduled (i.e., when last_scan_req == MANUAL_SCAN_REQ).
This could result in getting stuck with the next connection attempt
after a failed "SCAN TYPE=ONLY" operation when wpa_s->scan_res_handler
was set to scan_only_handler().

Fix this by clearing wpa_s->scan_res_handler if wpa_drv_scan() fails and
no retry is scheduled.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-01 16:39:30 +02:00
Amarnath Hullur Subramanyam
e9518ae749 WFD: Add WFD R2 Subelements
Define and add support for WFD R2 Subelements.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-01 11:59:57 +02:00
Jouni Malinen
206516e8c2 af_alg: Crypto wrappers for Linux kernel crypto (AF_ALG)
CONFIG_TLS=linux can now be used to select the crypto implementation
that uses the user space socket interface (AF_ALG) for the Linux kernel
crypto implementation. This commit includes some of the cipher, hash,
and HMAC functions. The functions that are not available through AF_ALG
(e.g., the actual TLS implementation) use the internal implementation
(CONFIG_TLS=internal).

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-28 11:24:15 +02:00
Ashwini Patil
dca4b503f1 MBO: Fix minimum length check on non_pref_chan configuration
The reason detail field in non_pref_chan attribute was removed
from MBO draft v0.0_r25. Also oper_class can be 1 character for
few country codes (e.g., country code-UK, channel number-1). So the
shortest channel configuration is 7 characters.

This was missed in the earlier commit
4a83d4b686 ('MBO: Do not add reason_detail
in non_pref_chan attr (STA)') that took care of other changes related to
removal of the reason detail.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-26 12:26:22 +02:00
Jouni Malinen
c4bb39707f Fix AES-SIV build dependencies
aes-siv.c needs functions from aes-ctr.c and aes-omac1.c, so set
NEED_AES_CTR=y and NEED_AES_OMAC1=y if NEED_AES_SIV is defined. This
fixes some build configuration combinations where either of those
dependencies were not pulled in through other parameters. For example,
some CONFIG_FILS=y cases were impacted.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-26 12:05:40 +02:00
Jouni Malinen
694a3a0d64 mesh: Fix CONFIG_MESH=y build without CONFIG_IEEE80211W=y
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-26 12:05:40 +02:00
Jouni Malinen
88a447556e Fix SELECT_NETWORK freq parameter
This functionality was originally added in commit
204c9ac4ee ('Extend select_network command
with freq= to reduce scan time') re-using wpa_s->manual_scan_freqs and
MANUAL_SCAN_REQ. That got broken when commit
35d403096e ('Set NORMAL_SCAN_REQ on
SELECT_NETWORK/ENABLE_NETWORK') started overriding wpa_s->scan_req for
SELECT_NETWORK.

Fix this by adding a new scan frequency list specifically for
SELECT_NETWORK so that this does not need to depend on any specific
wpa_s->scan_req value.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-26 12:05:40 +02:00
Saurav Babu
d02989f2e4 D-Bus: Notify mesh capability if driver supports it
Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
2017-02-26 12:05:40 +02:00
Jouni Malinen
b7286c1b5d FILS: External management of PMKSA cache entry with Cache Identifier
The PMKSA_GET and PMKSA_ADD commands can now use an optional extra
parameter to fetch and add PMKSA cache entries with the FILS Cache
Identifier.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-26 12:05:40 +02:00
Jouni Malinen
869af30728 FILS: Use FILS Cache Identifier to extend PMKSA applicability
This allows PMKSA cache entries for FILS-enabled BSSs to be shared
within an ESS when the BSSs advertise the same FILS Cache Identifier
value.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-26 12:05:40 +02:00
Jouni Malinen
6aea02e579 SME: Clear portValid on starting authentication to fix FILS
The ft_completed for FILS authentication case in
wpa_supplicant_event_assoc() depends on something having cleared
portValid so that setting it TRUE ends up authorizing the port. This
clearing part did not happen when using FILS authentication during a
reassociation within an ESS. Fix this by clearing portValid in
sme_send_authentication() just before the keys are cleared (i.e., the
old connection would not be usable anyway).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-21 12:51:48 +02:00
Jouni Malinen
ba9774bd76 FILS: Fix BSSID in reassociation case
The RSN supplicant implementation needs to be updated to use the new
BSSID whenever doing FILS authentication. Previously, this was only done
when notifying association and that was too late for the case of
reassociation. Fix this by providing the new BSSID when calling
fils_process_auth(). This makes PTK derivation use the correct BSSID.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-21 12:26:57 +02:00
Saurav Babu
213eb18851 dbus: Set mode to mesh in bss properties when mesh is supported
Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
2017-02-20 22:14:19 +02:00
Purushottam Kushwaha
3f23260da8 nl80211: Notify reason for connection timeout failure
This adds reason for timeout in event CTRL-EVENT-ASSOC-REJECT whenever
connection failure happens because of timeout. This extends the
"timeout" parameter in the event to include the reason, if available:
timeout=scan, timeout=auth, timeout=assoc.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-20 10:47:08 +02:00
Peng Xu
d512f406fc hostapd: Add IEEE 802.11ax HE IEs into Beacon/Probe Response frames
IEEE 802.11ax HE changes to include HE IEs in Beacon and Probe Response
frames. These elements are using vendor specific forms for now since the
IEEE 802.11ax draft is not yet finalized and the element contents is
subject to change.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-19 17:37:55 +02:00
Peng Xu
94380cb40a hostapd: Initial IEEE 802.11ax (HE) definitions
Add IEEE 802.11ax definitions for config, IEEE structures, and
constants. These are still subject to change in the IEEE process.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-19 17:37:52 +02:00
Masashi Honma
84ea61cffe mesh: Use correct rate in HT and legacy mixed environment
Let mesh STA A be a STA which has config disable_ht=1.
Let mesh STA B be a STA which has config disable_ht=0.
The mesh STA A and B was connected.

Previously, the mesh STA A sent frame with HT rate even though its HT
was disabled. This commit fixes the issue by checking the local BSS HT
configuration.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-02-19 16:01:17 +02:00
Masashi Honma
025c6a47fb VHT: Remove a redundant check
This check is already done in ibss_mesh_setup_freq().

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-02-19 16:01:17 +02:00
Jouni Malinen
c6c41f6ea6 FT: Support addition of RIC elements into Reassociation Request frame
The new "SET ric_ies <hexdump>" control interface command can now be
used to request wpa_supplicant to add the specified RIC elements into
Reassociation Request frame when using FT protocol. This is mainly for
testing purposes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-18 21:39:01 +02:00
Jouni Malinen
62944f7d2c Add HMAC-SHA384 with internal crypto
This is a copy of the internal HMAC-SHA256 implementation with the hash
block size and output length updated to match SHA384 parameters.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-16 22:15:29 +02:00
Jouni Malinen
3a7819f0ad P2P: Add P2P_SET override_pref_op_chan to allow overriding preference
This new P2P_SET parameter uses <op_class>:<channel> format and is used
mainly for testing purposes to allow overriding the value of the GO
Negotiation Response frame Operating Channel attribute.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-16 12:08:22 +02:00
Jouni Malinen
c06fca04fd Add wpa_supplicant SET get_pref_freq_list_override
This can be used to override driver get_pref_freq_list() operation for
more convenient testing of preferred frequency list functionality.

Override string format:
<if_type1>:<freq1>,<freq2>,... <if_type2>:...

if_type: 0=STATION, 2=AP, 3=P2P_GO, 4=P2P_CLIENT, 8=TDLS, 9=IBSS

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-16 12:08:22 +02:00
Jouni Malinen
b4d56efb1a Use throughput estimate-based BSS selection with larger SNR difference
Previously, the est_throughput comparison was done only when SNR
difference was less than 5 dB. Since the throughput estimation take into
account SNR, this can be done in more cases. For now, add a conservative
2 dB more to the difference so that any SNR difference below 7 dB
results in BSS selection based on throughput estimates.

In addition, the throughput estimates require SNR values to be
available, so separate this from the 5 GHz preference that can be done
based on either SNR or qual values.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-16 12:05:10 +02:00
Jouni Malinen
1420414878 Drop GREAT_SNR definition from 30 to 25 dB
This allows throughput estimates and 5 GHz preference over 2.4 GHz band
to be used in more cases. The previously used value of 30 was
significantly more conservative than the SNR limits used for the highest
rate in scan_est_throughput() and this resulted in cases where 5 GHz AP
was ignored while SNR with it would have been close to reaching the
maximum TX rate.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-16 11:15:13 +02:00
Jouni Malinen
b5562a1a6e FILS: Remove CRC32 dependency from build
The published P802.11ai version does not use CRC32 anymore, so remove
inclusion of crc32.o into wpa_supplicant and hostapd builds based on
CONFIG_FILS=y.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-13 23:17:31 +02:00
Jouni Malinen
577e794eba Sync android.config with wpa_supplicant defconfig changes
This adds new edits from defconfig to android.config. No new build
options are enabled, i.e., this is only bringing in comment updates and
new parameters in commented out form.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-11 10:21:56 +02:00
Jouni Malinen
784710b7ff Add bgscan options to wpa_supplicant defconfig
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-11 10:21:24 +02:00
Jouni Malinen
212a8f487f Fix wpa_supplicant defconfig copy-paste description
This is obviously for the wpa_supplicant binary, not hostapd.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-11 10:12:16 +02:00
vamsi krishna
57c3a605ce Add support to sched scan to report relatively better BSSs
Add support to set sched scan relative RSSI parameters so that the
drivers can report BSSs after relative comparision with the current
connected BSS. This feature is applicable only when in connected mode.

The below commands can be used to configure relative RSSI parameters
SET relative_rssi <disable|rssi_value>
	disable - to disable the feature
	rssi_value - amount of relative RSSI in dB
SET relative_band_adjust <band:adjust_value>
	band - "2G" or "5G" for 2.4 GHz or 5 GHz respectively
	adjust_value - amount of RSSI to be adjusted in dB

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-10 19:48:12 +02:00
Paul Stewart
ed9b1c16d5 EAP peer: Cache decrypted requests for EAP-SIM/AKA/AKA'
Add an internal flag which indicates to tunneled EAP methods (FAST,
PEAP, TTLS) that they should cache decrypted EAP-SIM/AKA/AKA' requests.
This allows EAP-SIM/AKA/AKA' to be tunneled within these outer methods
while using an external SIM authenticator over the control interface.

Signed-off-by: Paul Stewart <pstew@google.com>
2017-02-10 19:48:12 +02:00
Jouni Malinen
5f11880f6a SME: Remove null ie param from CTRL-EVENT-AUTH-REJECT
Clean up the event message by removing the ie=<value> parameter when the
IEs are not available instead of printing out "ie=(null)".

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-10 19:48:12 +02:00
Jouni Malinen
4d70b2a4e5 RRM: Fix a memory leak in beacon request handling
Free the pending frequency list if a second beacon request is received
before the scan for the previous one has been completed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-10 19:48:04 +02:00
vamsi krishna
b4fd1f0ed7 Allow PNO scan also in connection completed state
Sched scan is supported by the kernel also in the connected state, so
allow PNO scan to be issued in the connected state from wpa_supplicant
as well.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-08 15:55:35 +02:00
Jouni Malinen
4c6f450cad Add radio_work_is_connect() helper
This avoids duplicated code to check for different types of connection
radio work items.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-07 23:58:56 +02:00
Sunil Dutt
85b6b6b6e1 Serialize scan/p2p-scan if already scheduled on the same interface
The current implementation of QCA vendor scan does not handle the
simultaneous scan/p2p-scan operations on the same interface due to
missing support for tracking multiple scan cookie values. Hence
serialize such operations on the same interface for now.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-07 23:58:55 +02:00
Jouni Malinen
fcb303a57f P2P: Clear driver scan cache after BSS_FLUSH
The only_new_results=1 scan parameter was previously set on other scan
cases, but not on the two P2P specific scan triggers. Set this also for
those P2P cases to get consistent behavior after BSS_FLUSH.

This was showing up with number of hwsim P2P test cases maintaining
unexpected scan results from previous test cases due to the flush
operation not really working correctly since the cfg80211 BSS table was
not explicitly cleared.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-07 22:48:20 +02:00
Vamsi Krishna
1d9d21f376 GAS: Add support to randomize transmitter address
Add support to send GAS requests with a randomized transmitter address
if supported by the driver. The following control interface commands
(and matching configuration file parameters) can be used to configure
different types of randomization:

"SET gas_rand_mac_addr 0" to disable randomizing TX MAC address,
"SET gas_rand_mac_addr 1" to randomize the complete TX MAC address,
"SET gas_rand_mac_addr 2" to randomize the TX MAC address except for OUI.

A new random MAC address will be generated for every
gas_rand_addr_lifetime seconds and this can be configured with
"SET gas_rand_addr_lifetime <timeout>".

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-07 19:41:32 +02:00
Masashi Honma
f3e1570576 VHT: Fill VHT capability with hardware capability
Previously, VHT capability was default value (=0x0000). This makes
VHT Capabilities Info in VHT Capabilities IE in mesh peering
open/confirm frame 0x0000. This patch fills it with hardware capability.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-02-07 11:14:55 +02:00
Günther Kelleter
41f140d386 Add hostapd options wpa_group_update_count and wpa_pairwise_update_count
wpa_group_update_count and wpa_pairwise_update_count can now be used to
set the GTK and PTK rekey retry limits (dot11RSNAConfigGroupUpdateCount
and dot11RSNAConfigPairwiseUpdateCount). Defaults set to current
hardcoded value (4).

Some stations may suffer from frequent deauthentications due to GTK
rekey failures: EAPOL 1/2 frame is not answered during the total timeout
period of currently ~3.5 seconds. For example, a Galaxy S6 with Android
6.0.1 appears to go into power save mode for up to 5 seconds. Increasing
wpa_group_update_count to 6 fixed this issue.

Signed-off-by: Günther Kelleter <guenther.kelleter@devolo.de>
2017-02-07 00:25:36 +02:00
Sunil Dutt
f47f936170 P2P: Override P2P_PEER group_capab with 0 if no matching BSS entry found
Relying on the group_capab from the P2P peer information can result in
improper information on whether the peer is currently operating as a GO.
However, there is a known implementation in Android that does this.

To reduce issues from this misuse in upper layer to try to determine
whether a specific peer is operationg a group, override the group_capab
value in P2P_PEER output with 0 if there are no BSS entries with the
peer P2P Device as a GO. This is not a perfect information since there
may not have been a recent scan on all channels, but this results in
less issues than trying to decide between new group formation and
joining an existing group based on stale or incorrect information.

Since no upper layer application is really supposed to use the
group_capab field value in P2P_PEER command, this change should not
cause any impact for properly design components and the possibility of
regressions is limited to cases that are already known to work
incorrectly in number of identifiable cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-06 12:17:12 +02:00
Jouni Malinen
bcf66493cf Fix estimated throughput based skip-roam case
Commit 8d1e693186 ('Use estimated
throughput to avoid signal based roaming decision') added a check for
the current BSS estimated throughput being significantly higher than the
selected BSS estimated throughput. However, this case for skipping a
roam used "return 1" which actually allows the roam. Fix this by
returning 0 in this case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-05 21:52:26 +02:00
Jouni Malinen
1fb4437c80 tests: Validate hwaddr/hexstr input to DRIVER_EVENT SCAN_RES
To be more consistent with existing hwaddr_aton() and hexstr2bin()
callers, check the return values in this test command.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-05 16:31:03 +02:00
Jouni Malinen
db5e53cb06 mesh: Fix struct hostapd_data initialization
The local custom version of allocating and initializing struct
hostapd_data within wpa_supplicant_mesh_init() is problematic. This has
already missed couple of initialization steps that are required. Instead
of trying to remember to keep this up to date, use
hostapd_alloc_bss_data() so that there is only one place for this
initialization.

This is fixing a recent issue where FILS HLP started using
hapd->dhcp_server and expected that to be initialized to -1. For the
mesh case, that did not happen and when removing the interface, the FILS
HLP implementation ended up unregistering eloop socket for
hapd->dhcp_server (= 0). This could result in missing socket callbacks
for an arbitrary socket.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-04 22:17:54 +02:00
Jouni Malinen
9b170991ac mesh: Fix mesh interface removal fix
This wpa_drv_if_remove() call was previously modified to fix a different
issue, but that fix resulted in unconditional use of treed memory here
(wpa_supplicant_deinit_iface() frees wpa_s). Make a local copy of
wpa_s->parent to be able to use it after wpa_s is freed. The
mesh_if_created case has wpa_s->parent != wpa_s, so this should be
sufficient way of handling the wpa_drv_if_remove() call here.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-04 21:24:37 +02:00
Jouni Malinen
124ddfa19e FILS: Parse and report received FILS HLP Containers from response
The new FILS-HLP-RX control interface event is now used to report
received FILS HLP responses from (Re)Association Response frame as a
response to the HLP requests configured with FILS_HLP_REQ_ADD.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-01 18:17:39 +02:00
Jouni Malinen
54b04d6f39 FILS: Move HLP request handling into a separate file
This is independent functionality from the core IEEE 802.11 management
handling and will increase significantly in size, so it is cleaner to
maintain this in a separate source code file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-01-31 17:46:13 +02:00
Dmitry Shmidt
f2bc344808 wpa_supplicant: Fix global control interface for STA/STA-FIRST/STA-NEXT
update_stations(ctrl_conn) is stuck in never-ending loop:

sendto(3, "STA-FIRST", 9, 0, NULL, 0)   = 9
pselect6(4, [3], NULL, NULL, {10, 0}, NULL) = 1 (in [3], left {9, 999995000})
recvfrom(3, "UNKNOWN COMMAND\n", 4095, 0, NULL, NULL) = 16
sendto(3, "STA-NEXT UNKNOWN COMMAND", 24, 0, NULL, 0) = 24
pselect6(4, [3], NULL, NULL, {10, 0}, NULL) = 1 (in [3], left {9, 999995833})
recvfrom(3, "UNKNOWN COMMAND\n", 4095, 0, NULL, NULL) = 16
sendto(3, "STA-NEXT UNKNOWN COMMAND", 24, 0, NULL, 0) = 24
pselect6(4, [3], NULL, NULL, {10, 0}, NULL) = 1 (in [3], left {9, 999995000})
recvfrom(3, "UNKNOWN COMMAND\n", 4095, 0, NULL, NULL) = 16
sendto(3, "STA-NEXT UNKNOWN COMMAND", 24, 0, NULL, 0) = 24

Direct STA, STA-FIRST, and STA-NEXT commands from the global control
interface to a per-interface control interface to avoid this.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2017-01-30 01:54:22 +02:00
Jouni Malinen
0da355235e FST: Remove WPA_ASSERT from wpas_fst_send_action_cb()
It was possible to hit this WPA_ASSERT when FST-MANAGER SESSION_REMOVE
command is exececuted when in not-associated state. In
CONFIG_EAPOL_TEST=y builds, this would result in the wpa_supplicant
process being terminated. Convert this WPA_ASSERT to a check that does
not terminate the process, but only rejects the command if wpa_s->bssid
does not match the da argument.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-29 19:22:14 +02:00
Andrejs Cainikovs
6a5425fd60 Increase delayed EAPOL RX frame timeout
Increase the EAPOL RX frame timeout from 100 to 200 ms. This fixes lack
of optimization (i.e., first EAPOL frame dropped) in occasional roaming
and authentication cases on EAP networks if the kernel events can be
reordered and delayed a bit longer.

Signed-off-by: Tomoharu Hatano <tomoharu.hatano@sonymobile.com>
2017-01-29 18:41:29 +02:00
Johannes Berg
cef8fac04b wpa_auth: Make struct wpa_auth_callbacks const
Instead of copying the struct wpa_auth_callbacks, just keep a pointer to
it, keep the context pointer separate, and let the user just provide a
static const structure. This reduces the attack surface of heap
overwrites, since the function pointers move elsewhere.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-01-29 18:41:26 +02:00