STA needs to check AP's information after receive reassociation
response. STA uses connected AP's Beacon/Probe Response frame to compare
with Reassociation Response frame of the target AP currently. However,
if one AP supports OCV and the other AP doesn't support OCV, STA will
fail to verify RSN capability, then disconnect. Update current_bss to
the target AP before check, so that STA can compare correct AP's RSN
information in Reassociation Response frame.
Signed-off-by: Xin Deng <quic_deng@quicinc.com>
Instead of depending on the TX-wait-response-time to be sufficient to
cover the full GAS exchange, start an ongoing listen operation on the
negotiation channel (if no such listen operation is already in place) to
allow the configuration exchange to take longer amount of time. This is
needed for cases where the conf=query is used to request Configurator
parameters from upper layers and that upper layer processing (e.g., user
interaction) takes significant amount of time.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This reverts commit 3204795d7a.
The commit adds an additional check that checks for overlapping BSSs in
addition to the existing 40 MHz intolerance subfield checks. The commit
cites IEEE Std 802.11-2016, 11.16.12, which defines the proper behavior
for a 20/40 MHz HT STA and AP, but the standard actually doesn't say
anything about overlapping BSSs. Specifically, the standard states that
the only BSSs that belong in the Intolerant channel report are those
that satisfy trigger event A, defined as channels with BSSs that don't
contain the HT capabilities element (which wpa_supplicant already did
before). Note that we also include channels with BSSs that have the 40
MHz intolerance bit set in the Intolerant channel report.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
After roaming to a new AP using driver-based SME and roaming trigger,
update proto type, AKMP suite, and pairwise cipher suite based on the
(Re)Association Request frame. Update PMF, group cipher, and group mgmt
cipher based on the AP's RSNE into wpa_sm. group_mgmt_cipher needs to be
updated based on PMF capabilities of STA and roamed AP.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
After roaming to a new AP using driver-based SME and roaming trigger,
AKMP and proto were not updated in wpa_sm. Hence, update AKMP and proto
used with roamed AP when association event received from the driver in
SME offloaded to the driver scenario to avoid incorrect AKMP details in
wpa_supplicant similarly to how the cipher suite updates were added in
commit 2b3e64a0fb ("Update ciphers to address GTK renewal failures
while roaming") .
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Commit b0f457b619 ("SAE: Do not expire the current PMKSA cache entry")
depends on sm->cur_pmksa to determine if it is the current PMKSA cache
entry, but sm->cur_pmksa was not always correct for SAE in the current
implementation.
Set sm->cur_pmksa in wpa_sm_set_pmk() (which is used with SAE), and skip
clearing of sm->cur_pmksa for SAE in wpa_find_assoc_pmkid(). This latter
case was added by commit c2080e8657 ("Clear current PMKSA cache
selection on association/roam") for driver-based roaming indication and
Suite B, so skipping it for SAE should be fine.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Update PMKSA cache when interface is disabled and then enabled based on
the new MAC address. If the new MAC address is same as the previous MAC
address, the PMKSA cache entries are valid and hence update the PMKSA
cache entries to the driver. If the new MAC address is not same as the
previous MAC address, the PMKSA cache entries will not be valid anymore
and hence delete the PMKSA cache entries.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
After roaming from WPA2-AP (group=CCMP) to WPA-AP (group=TKIP) using
driver-based SME and roaming trigger, GTK renewal failures are observed
for the currently associated WPA-AP because of group cipher mismatch,
resulting in deauthentication with the AP.
Update the group cipher and pairwise cipher values in wpa_sm from
association event received from the driver in case of SME offload to the
driver to address GTK renewal failures (and similar issues) that could
happen when the driver/firmware roams between APs with different
security profiles.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add support to parse WFA Capabilities element from the (Re)Association
Response frame. Also register a timeout for the station to wait before
sending a new DSCP query if requested by AP.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
Add support to parse received DSCP Policy Request frames and send the
request details as control interface events.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
Add support to receive and process SCS Response frames from the AP and
indicate the status to upper layers.
Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
wpa_supplicant generates both a PMKSA cache entry and ERP keys upon
successful FILS connection and uses FILS authentication algorithm for
subsequent connections when either ERP keys or a PMKSA cache entry is
available.
In some cases, like AP/RADIUS server restart, both ERP keys and PMKSA
becomes invalid. But currently when an AP rejects an association,
wpa_supplicant marks only ERP keys as failed but not clearing PMKSA.
Since PMKSA is not cleared, consecutive connection attempts are still
happening with FILS authentication algorithm and connection attempts are
failing with the same association rejection again instead of trying to
recover from the state mismatch by deriving a new ERP key hierarchy.
Clear PMKSA entries as well on association rejection from an AP to allow
the following connection attempt to go with open authentication to
re-establish a valid ERP key hierarchy. Also, since clearing PMKSA
entries on unprotected (Re)Association Response frames could allow DoS
attack (reduce usability of PMKSA caching), clear PMKSA entries only
when ERP keys exists.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
Add checks for features supported by the specific hardware mode of the
local device that has the channel for which the throughput is being
estimated instead of assuming the local device supports all optional
features. This is more accurate for cases where the local capabilities
might differ based on the band. In addition, this is in preparation for
extending rate estimates to cover optional VHT and HE features.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Simplify the implementation by using shared functions for parsing the
capabilities instead of using various similar but not exactly identical
checks throughout the implementation.
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit 3ab35a6603 ("Extend EAPOL frames processing workaround for
roaming cases") added a work around to address the issue of EAPOL frame
reception after reassociation replied to with an incorrect destination
address (the BSSID of the old AP). This is due to association events and
EAPOL RX events being reordered for the roaming cases with drivers that
perform BSS selection internally.
This mechanism relies on the fact that the driver always forwards the
EAPOL handshake to wpa_supplicant after the roaming (sets
last_eapol_matches_bssid during the EAPOL processing and resets on the
assoc/reassoc indication).
The above approach does not address the case where the driver does the
EAPOL handshake on the roam, indicating the authorized status to
wpa_supplicant but also forwards the EAPOL handshake to wpa_supplicant
for few other roam attempts. This is because the flag
last_eapol_matches_bssid is not set with the roam+authorized event from
the driver. Thus, the next reorder of roam and EAPOL RX events would
miss this workaround.
Address this by setting last_eapol_matches_bssid=1 on a roam+authorized
event from the driver.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
These frames are used for verifying that a specific SA and protected
link is in functional state between two devices. The IEEE 802.11
standard defines only a case that uses individual MAC address as the
destination. While there is no explicit rule on the receiver to ignore
other cases, it seems safer to make sure group-addressed frames do not
end up resulting in undesired behavior. As such, drop such frames
instead of interpreting them as valid SA Query Request/Response.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Rename the network profile parameters bssid_blacklist and
bssid_whitelist to bssid_ignore and bssid_accept to use more specific
names for the configuration of which BSSs are ignored/accepted during
BSS selection. The old parameter names are maintained as aliases for the
new names to avoid breaking compatibility with previously used
configurations.
Signed-off-by: Jouni Malinen <j@w1.fi>
For Android the default value of 5 seconds is usually too short for
scan results from last scan initiated from settings app to be
considered for fast-associate. Make the fast-associate timer value
configurable so that a suitable value can be set based on a systems
regular scan interval.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sony.com>
wpa_supplicant does not send a D-Bus notification of the BSS frequency
change when a CSA happens. Sending a PropertyChanged signal with the
updated frequency will notify the network manager quickly, instead of
waiting for the next scan results.
Signed-off-by: Arowa Suliman <arowa@chromium.org>
Reviewed-by: Brian Norris <briannorris@chromium.org>
Currently, the external_scan_running flag is not reset when an interface
is removed. Thus, if a connection attempt is made on another iface, it
will fail due to wpa_supplicant incorrectly assuming the radio is still
busy due to the ongoing scan.
To fix this, convert external_scan_running to a pointer to the interface
that started the scan. If this interface is removed, also reset the
pointer to NULL so that other operations may continue on this radio.
Test:
1. Start scan on wlan0
2. Remove wlan0
3. Can connect to a network on wlan1
Signed-off-by: David Su <dysu@google.com>
Add PASN implementation to wpa_supplicant
1. Add functions to initialize and clear PASN data.
2. Add functions to construct PASN Authentication frames.
3. Add function to process PASN Authentication frame.
4. Add function to handle PASN frame TX status.
5. Implement the station side flow processing for PASN.
The implementation is missing support for wrapped data and PMKSA
establishment for base AKMs, and only supports PASN authentication or
base AKM with PMKSA caching.
The missing parts will be added in later patches.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
PASN requires to store the PTK derived during PASN authentication
so it can later be used for secure LTF etc. This is also true
for a PTK derived during regular connection.
Add an instance of a PTKSA cache for each wpa_supplicant
interface when PASN is enabled in build configuration.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Add a handler to notify failures to fetch the scan results and provide
an option to override default behavior of requesting a new scan in one
second in such an error condition. Use this new handler mechanism to
continue the p2p_find operation (by invoking p2p_scan_res_handled) for
an interim scenario where the p2p_scan attempt fails to get the scan
results from the driver which can happen, e.g., if there are parallel
updates to the cfg80211 scan results.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
If there is a disconnect command from wpa_supplicant immediately after
the driver sends a connection event to userspace but before that event
is received and processed by wpa_supplicant, wpa_supplicant processes
the disconnect command and a self-generated disconnected event first
followed by the connected event received from the driver. As a result
wpa_supplicant moves to the WPA_COMPLETED state. Whereas the driver
processes the disconnect command received from wpa_supplicant after it
sends the connected event and moves to the disconnected state. Due to
this race between the disconnect command from wpa_supplicant and the
connected event from the driver, wpa_supplicant is moving to the
connected state though the driver is moving to the disconnected state
which results in abnormal functionality.
Ignore the connection event coming from the driver when wpa_supplicant
is not trying to connect after a disconnect command is issued but before
the next connect command is issued to fix the above mentioned race
condition.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This makes it easier to change the internal struct wpa_bss design for
storing the variable length IE buffers.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add support to report a vendor specific connect fail reason code fetched
from the driver to users by adding the reason code to the event
CTRL-EVENT-ASSOC-REJECT. Fetch the connect fail reason code when the
driver sends a failure connection result and append the reason code, if
available, to assoc reject event.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
wpa_supplicant keeps a blacklist of BSSs in order to prevent repeated
associations to problematic APs*. Currently, this blacklist is
completely cleared whenever we successfully connect to any AP. This
causes problematic behavior when in the presence of both a bad AP and
a good AP. The device can repeatedly attempt to roam to the bad AP
because it is clearing the blacklist every time it connects to the good
AP. This results in the connection constantly ping-ponging between the
APs, leaving the user stuck without connection.
Instead of clearing the blacklist, implement timeout functionality which
allows association attempts to blacklisted APs after some time has
passed. Each time a BSS would be added to the blacklist, increase the
duration of this timeout exponentially, up to a cap of 1800 seconds.
This means that the device will no longer be able to immediately attempt
to roam back to a bad AP whenever it successfully connects to any other
AP.
Other details:
The algorithm for building up the blacklist count and timeout duration
on a given AP has been designed to be minimally obtrusive. Starting with
a fresh blacklist, the device may attempt to connect to a problematic AP
no more than 6 times in any ~45 minute period. Once an AP has reached a
blacklist count >= 6, the device may attempt to connect to it no more
than once every 30 minutes. The goal of these limits is to find an
ideal balance between minimizing connection attempts to bad APs while
still trying them out occasionally to see if the problems have stopped.
The only exception to the above limits is that the blacklist is still
completely cleared whenever there are no APs available in a scan. This
means that if all nearby APs have been blacklisted, all APs will be
completely exonerated regardless of their blacklist counts or how close
their blacklist entries are to expiring. When all nearby APs have been
blacklisted we know that every nearby AP is in some way problematic.
Once we know that every AP is causing problems, it doesn't really make
sense to sort them beyond that because the blacklist count and timeout
duration don't necessarily reflect the degree to which an AP is
problematic (i.e. they can be manipulated by external factors such as
the user physically moving around). Instead, its best to restart the
blacklist and let the normal roaming algorithm take over to maximize
our chance of getting the best possible connection quality.
As stated above, the time-based blacklisting algorithm is designed to
be minimally obtrusive to user experience, so occasionally restarting
the process is not too impactful on the user.
*problematic AP: rejects new clients, frequently de-auths clients, very
poor connection quality, etc.
Signed-off-by: Kevin Lund <kglund@google.com>
Signed-off-by: Brian Norris <briannorris@chromium.org>
If there is no matching interface given, but interface matching is
enabled, all interfaces on the system will try to be initialized. Non
wireless interfaces will fail and the loopback device will be one of
these, so just log a diagnostic rather than an error.
Signed-off-by: Roy Marples <roy@marples.name>
Previously this fallback from PFS enabled to disabled (and back to
enabled) was used only if the local network profile used key_mgmt=DPP,
i.e., did not enable another other AKM. That leaves out some valid cases
since the local network profile could actually enable both DPP and SAE.
Extend this check to accept cases DPP AKM is enabled and it was selected
for the connection even if there other enabled AKMs.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add support to parse the (Re)Association Response frames to check if the
AP has accepted/declined the MSCS request in response to the
corresponding (Re)Association Request frame. AP indicates the result by
setting it in the optional MSCS Status subelement of MSCS Descriptor
element in (Re)Association Response frame.
This MSCS Status subelement is defined in the process of being added
into P802.11-REVmd/D4.0 (11-20-0516-17-000m-cr-mscs-and-cid4158).
Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
Add support to receive and process MSCS Response frames from the AP and
indicate the status to upper layers.
Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
Do not process channel switch event in wpa_supplicant's SME when SME is
offloaded to the driver/firmware to avoid SA Query initiation from both
wpa_supplicant and the driver/firmware for the OCV case.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
SAE-PK password can be set using psk parameter also in case of mixed
SAE+PSK networks, so look for acceptable SAE-PK BSS when SAE password
not set and psk parameter meets SAE-PK password criteria.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
Add events for within-ESS reassociation. This allows us to monitor roam
events, both skipped and allowed, in tests.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
Pull all the within-ESS roam code out of wpa_supplicant_need_to_roam()
and into its own function, wpa_supplicant_need_to_roam_within_ess().
This way, we avoid interleaving several #ifndef's in the original
function and wrap the new function in one big #ifndef. This also
modularizes the within-ESS roam code and makes it easier to test.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
It was possible to find a BSS to local network profile match for a BSS
entry that has no known SSID when going through some of the SSID
wildcard cases. At leas the OWE transition mode case without BSSID match
could result in hitting this. Zero-length SSID (i.e., wildcard SSID) is
not valid in (Re)Association Request frame, so such an association will
fail. Skip such a BSS to avoid known-to-be-failing association attempts.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
If there is an acceptable BSS with SAE-PK enabled in the same ESS,
select that over a BSS that does not enable SAE-PK when the network
profile uses automatic SAE-PK selection.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Move the BSS-against-SSID matching into a separate helper function to
make this overly long function a bit more readable and to allow that
helper function to be used for other purposes.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This replaces the previously used sae_pk_only configuration parameter
with a more generic sae_pk that can be used to specify how SAE-PK is
negotiated. The default behavior (sae_pk=0) is to automatically
negotiate SAE-PK whenever the AP supports it and the password is in
appropriate format. sae_pk=1 allows only SAE-PK to be used and sae_pk=2
disables SAE-PK completely.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The new wpa_supplicant network profile parameter sae_pk_only=1 can now
be used to disable use of SAE authentication without SAE-PK.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
It was possible for the RSN state machine to maintain old PMKSA cache
selection (sm->cur_pmksa) when roaming to another BSS based on
driver-based roaming indication. This could result in mismatching state
and unexpected behavior, e.g., with not generating a Suite B PMKSA cache
entry.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This may be needed to optimize use of offchannel TX operations with
wait-for-response when near the end of a pending remain-on-channel
operation.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
"SET dpp_version_override <ver>" can now be used to request
wpa_supplicant and hostapd to support a subset of DPP versions. In
practice, the only valid case for now is to fall back from DPP version 2
support to version 1 in builds that include CONFIG_DPP2=y.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Define a driver interface event for Beacon frame protection failures.
Report such events over the control interface and send a
WNM-Notification Request frame to the AP as well.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The new wpa_supplicant network profile parameter dpp_pfs can be used to
specify how PFS is applied to associations. The default behavior
(dpp_pfs=0) remains same as it was previously, i.e., try to use PFS if
the AP supports it. PFS use can now be required (dpp_pfs=1) or disabled
(dpp_pfs=2).
This is also working around an interoperability issue of DPP R2 STA with
certain hostapd builds that included both OWE and DPP functionality.
That issue was introduced by commit 09368515d1 ("OWE: Process
Diffie-Hellman Parameter element in AP mode") and removed by commit
16a4e931f0 ("OWE: Allow Diffie-Hellman Parameter element to be
included with DPP"). hostapd builds between those two commits would
reject DPP association attempt with PFS. The new wpa_supplicant default
(dpp_pfs=0) behavior is to automatically try to connect again with PFS
disabled if that happens.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
While int and unsigned int are not going overflow in practice as 32-bit
values, these could at least in theory hit an integer overflow with
16-bit int. Use size_t to avoid such potential issue cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is needed to avoid leaving external components (through control
interface or D-Bus) timing out while waiting for the scan completion
events. This was already taken care of for the scan-only case
("TYPE=only"), but the scan-and-allow-roaming case did not report the
scan completion event when operating in AP mode.
Signed-off-by: Jouni Malinen <j@w1.fi>