python2 is deprecated so move script to python3.
While at it, make some minor adjustments.
Signed-off-by: Mordechay Goodstein <mordechay.goodstein@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
While checking for stale BSSes, the current time is used as a basis and
then based on age the stale check time is calculated, but if this is
done too early in the boot and if either BOOTTIME/MONOTONIC (the one
Zephyr uses by default) are used then the stale check time underflows
and goes to future causing active BSS entries in the scan to be treated
as stale and flushed.
Fix this by adding a check before calculating stale time and ignore this
check till the system reaches the BSS expiration time (this would never
happen with REALTIME clock).
Signed-off-by: Krishna T <krishna.t@nordicsemi.no>
Signed-off-by: Sridhar Nuvusetty <sridhar.nuvusetty@nordicsemi.no>
The RO variable is being assigned before the SSID is NULL checked, so,
any invalid configuration leads to a segmentation fault.
Fixes: d8d2b3a338 ("Implement read-only mode for SSIDs from the additional config (-I)")
Signed-off-by: Chaitanya Tata <chaitanya.tk17@gmail.com>
The previous implementation handles PMKSA cache attempts with AP MLD
address only for SME-in-wpa_supplicant cases since wpa_s->valid_links
wouldn't be set for SME-in-driver cases.
Fix SME-in-driver behavior by enabling PMKSA cache attempts with AP MLD
address when driver supports MLO and SME offload to driver.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Store PMKSA with AP MLD address while processing connect event for OWE
and FILS when the connection is MLO capable.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
It was possible to hit a case where the SAE PT had not yet been derived,
e.g., when using P2P group re-invocation. Update PT use at the time
authentication is started, if needed, to avoid this. While this is not
really ideal from the externally observable timing view point, this is
done only for the case where there is no other option available with a
dynamically changing network configuration for P2P. Similar design was
already in place for the SAE offload-from-driver (external auth) case.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Both P2P GO and client always save key_mgmt = WPA_KEY_MGMT_PSK in the
configuration when storing a persistent group. Next time, when a GO is
started as an autonomous GO on a 6 GHz channel, it will change key_mgmt
to SAE and use hash-to-element mechanism, but the P2P client doesn't
change the parameter even if the group it wants to join is operating on
a 6 GHz channel. The P2P connection will be failed due to reason 'reject
due to mismatch with WPA/WPA2'.
Enable SAE-H2E for P2P client in this case.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Commit 3a0edb2cd8 ("SAE: Enable H2E for 6 GHz BSS") started enabling
H2E automatically for SAE use on the 6 GHz band, but it did not update
these steps in verifying whether the STA has matching configuration for
a BSS that mandates use of H2E and whether to use PT for SAE in SME.
Update these to be aware of automatic H2E enabling.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
ssid->ocv is defined within CONFIG_OCV block, so the use for it needs to
match.
Fixes: dc7e330e0b ("Set OCV capability based on Association Request frame RSNE")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Currently, OCV self-capability is being set into the RSN supplicant
state machine only during the initial connection and never getting
updated. But for the driver-SME cases the driver may enable/disable OCV
in (Re)Association Request frame RSNE based on the AP chosen to roam.
This will lead to missing synchronization between wpa_supplicant and the
driver. Thus, update OCV self-capability in the wpa_supplicant RSN state
machine based on the (Re)Association Request frame RSNE indicated in the
connect response.
Signed-off-by: Aleti Nageshwar Reddy <quic_anageshw@quicinc.com>
The check for PBC overlap on a partner link should not be done unless
the current interface is actually in active PBC mode. Furthermore, the
wpa_s->wps_overlap variable needs to be cleared in additional places to
avoid leaving it set indefinitely.
This was found with the following test case sequence:
dbus_wps_pbc_overlap dbus_p2p_two_groups
Fixes: b43e19f3f3 ("WPS: Cross band overlap detection with multiple interfaces")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Commit ace0fbdb69 ("P2P: Fix segfault when PBC overlap is detected")
removed the external calls to this function, but did not mark it static.
Mark it static now to clarify expected uses through the
wpas_p2p_pbc_overlap_cb() timer handler.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
There was a race condition between the NFC handover requester and
selector role processing that ended up not sending out the alternative
proposal in some cases. Catch those at the end of
run_dpp_handover_client() processing (or immediately after returning
from that function without having sent out the alternative proposal).
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
IEEE Std 802.11ax-2021, 12.12.2 requires this, so force MFPR=1 when
associating on the 6 GHz band so that ieee80211w=1 (i.e., MFPC=1 MFPR=0)
configuration can be used to get MFPC=1 behavior on other bands and
MFPR=1 on the 6 GHz band.
Signed-off-by: Jouni Malinen <j@w1.fi>
Allow specifying preferred GO band in addition to frequency. If a band
is specified, the first two scans will be limited to only non-DFS
channels to shorten scan times, and the next two will scan the entire
band.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
Now that we check in PMKSA cache code whether the entry was created for
the same local address, it is fine to leave the old entries in the cache
even if we have changed addresses. This allows a valid PMKSA cache entry
to be used when restoring the same MAC address for the same ESS.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes the implementation more readable by sharing the same set of
enum values for all the parameters related to what kind of random MAC
addresses are used.
Signed-off-by: Jouni Malinen <j@w1.fi>
wpa_s->last_mac_addr_change.sec might be zero in the special case of UML
testing with time travel since it would be possible to complete the test
case steps within one second of the system start.
Signed-off-by: Jouni Malinen <j@w1.fi>
When MAC address randomization settings change we should use a new MAC
address even if we are associating to the same ESS.
For example, consider this scenario:
- hardware MAC is being used,
- we disconnect from the network,
- policy/style is changed via D-Bus to turn randomization on,
- we reconnect to the same network.
In the last step a randomized MAC address should be used.
Changes to the randomization settings include both changes to the
policy/style to be used and changes to the pregenerated MAC address
value in case of mac_addr==3.
Signed-off-by: Andrzej Ostruszka <amo@semihalf.com>
If the CreateInterface command was used to create a virtual AP
interface, deleting this interface using the RemoveInterface command was
also bringing down the primary interface.
wpa_supplicant never uses hostapd style multi-BSS setup with
type=WPA_IF_AP_BSS and setup_ap=1 to if_add() when creating an AP
interface in wpa_driver_nl80211_if_add(), so it should not go through
the multi-BSS tear down procedure in wpa_driver_nl80211_if_remove(). The
virtual AP resources init and deinit are well handled in
wpa_driver_nl80211_init() and wpa_driver_nl80211_deinit().
Collapse the interface type to WPA_IF_STATION for the D-Bus interface to
skip the multi-BSS cleanup procedure. This is inline with the control
interface design. Add comments before the code to avoid confusion.
Signed-off-by: Jintao Lin <jintaolin@chromium.org>
The driver is expected to translate the link addresses to MLD addresses
when processing an Authentication frame from a MLD AP. Thus, accept
Authentication frame when the peer matches the expected MLD address.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
In case both the local driver and the AP support MLD, request an MLD
association from the driver.
When processing the association event from the driver verify that the
multi link information in the (Re)Association Response frame ML element
matches the links on which the association was expected.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
In case both the local driver and the AP support MLD, request an MLD
authentication from the driver. When processing the authentication event
from the driver verify that the MLD address in the authentication data
matches that of the requested AP.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Authentication frames include several fixed body parts (see Table 9-68
(Authentication frame body) and Table 9-69 (Presence of fields and
elements in Authentication frames) in IEEE P802.11-REVme/D2.0).
To be able to parse the IE part, these fields need to be skipped. Since
SAE logic already implements this parsing, change SAE authentication
handling functions to return the offset to the IE part. This preparation
is needed for future MLD patches that need to parse out the ML related
elements in the Authentication frames.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
In case of drivers that offload the 4-way handshake to the driver, there
was no way of updating wpa_supplicant about the transition disable
bitmap received as a part of EAPOL-Key msg 3/4.
With latest provisions in cfg80211_port_authorized(), the TD bitmap can
be sent to the upper layer. Parse that as a part of the port authorized
event and set the transition disable information accordingly.
Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>
chromeOS uses random generated MAC address for AP interface so that the
device could remain anonymous and untrackable. Add an address parameter
for CreateInterface method to pass in OS managed MAC address.
Signed-off-by: Jintao Lin <jintaolin@chromium.org>
Fix a potential memory leak in CreateInterface method.
Fixes: 0ba266d86c ("dbus: Add virtual interface create/remove logic to be inline with ctrl_iface")
Signed-off-by: Jintao Lin <jintaolin@chromium.org>
RSNXE bits were modified, so update the relevant places accordingly.
Please note, WLAN_RSNX_CAPAB_PROT_RANGE_NEG was renamed to
WLAN_RSNX_CAPAB_URNM_MFPR and the bit position is changed to 15 instead
of 10, while BIT 10 is used for WLAN_RSNX_CAPAB_URNM_MFPR_X20 and is not
supported yet.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Check the HE membership selector and don't use the BSS
if required but not supported by HW.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add support to handle external authentication request with a different
SAE AKM suite compared to the current connection AKM suite. This is
needed to support cross AKM roaming between SAE and SAE-EXT-KEY AKM
suites.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
PASN deauthentication event is sent by the underlying driver to delete
the keys in wpa_supplicant PTKSA cache. So don't send clear secure
context command to the driver again as it is already aware of it.
Fixes: 74d894a2 ("PASN: Offload handshake for multiple peers from the driver")
Signed-off-by: Vinay Gannevaram <quic_vganneva@quicinc.com>
Though not explicitely forced by IEEE 802.11be draft yet, it makes sense
to apply the same logic for MLD as for 6 GHz BSSs. Change
wpa_supplicant_ssid_bss_match() accordingly.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
MAX_NUM_MLD_LINKS is 15, thus u8 isn't enough for the bitmap. Fix it.
While at it, clean MLO information better.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add the required ML and RNR definitions and report the information in
BSS command.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Allows informing the connection manager of additional information on CQM
events. Allows the connection manager to request the same information
on demand by using the existing "SignalPoll" method.
* Add new property "SignalChange"
* Add storage for wpa_signal_info into wpa_supplicant context
object
* Copy memory from event to context object on CQM Event
* Write a common conversion method to be used by both "SignalPoll" and
this property
Signed-off-by: David Ruth <druth@chromium.org>
Facilitate emitting more station information over D-Bus for use by the
connection manager.
* Add storage for more NL80211_STA_INFO_* fields to data structures, and
move them through the system.
* Reorder NL80211_STA_INFO_* fields in driver_nl80211.c to match the
ordering in nl80211.h.
* Convert signal field to an integer to support holding WPA_INVALID_NOISE
and avoid changing logging.
* Add fields to hostap_sta_driver_data to capture more information
* fcs_error_count
* beacon_loss_count
* expected_throughput
* rx_drop_misc
* rx_mpdus
* rx_hemcs
* tx_hemcs
* rx_he_nss
* tx_he_nss
* avg_signal
* avg_beacon_signal
* avg_ack_signal
* Add struct hostap_sta_driver_data to struct wpa_signal_info and remove
redundant fields and redundant attribute parsing
* Change logging when printing txrate to handle unsigned long
value
Signed-off-by: David Ruth <druth@chromium.org>
Since wpa_supplicant can change MAC address of the interface on its own
(with randomization enabled) it makes sense to introduce MACAddress as a
property of the interface and send notifications about its change.
This allows other applications to just use D-Bus instead of both
communicating over D-Bus with wpa_supplicant and listening to Netlink
notifications for MAC changes.
Signed-off-by: Andrzej Ostruszka <amo@semihalf.com>
Add support to consider EHT rates while calculating the estimated
throughput for scan results.
- The estimated EHT throughput uses the HE 0.8 usec GI rates from the
relevant EHT-MCS tables from IEEE P802.11be/D2.0, 36.5.
- The minimum SNR values for EHT rates (4096-QAM) are derived by adding
the existing minimum SNR values of 1024-QAM rates from HE tables and
the difference between the values of minimum sensitivity levels of
1024-QAM rates and 4096-QAM rates defined in Table 36-67 (Receiver
minimum input level sensitivity) in IEEE P802.11be/D2.0.
Signed-off-by: Ayala Beker <ayala.beker@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
There are several cases where memory allocations are not
checked for success. Add conditions and error messages, as some
analyzers complain about that.
Signed-off-by: Micha Hashkes <micha.hashkes@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Even if the use of H2E isn't strictly mandatory when using SAE on 6 GHz,
WPA3-Personal pushes it on 6 GHz, so enable H2E automatically when
connecting to a BSS on the 6 GHz band if it was not enabled in the
configuration.
Signed-off-by: Jimmy Chen <jimmycmchen@google.com>
When WPS is running simultaneously on multiple per-band radios (e.g., a
separate 2.4 GHz and 5 GHz band radios in an AP device), handle
synchronization of scan results, detect PBC session overlap, and cancel
WPS for enrollees on both interface, if the UUID of the registrars on
different bands differ.
Signed-off-by: Sai Pratyusha Magam <quic_smagam@quicinc.com>
Just like with WPA-PSK and keyids it may be desired to identify
connecting clients to provide additional network filtering.
This does:
- extend DPP_EVENT_AUTH_SUCCESS to expose public
key hash of the peer so the system can pick it
up and use for identification later
- store public key hash in PMKSA from DPP Network
Intro for later use
- extend sta mib to print out the dpp_pkhash
from PMKSA if present
- extend AP_STA_CONNECTED to include the
dpp_pkhash from PMKSA if present
Signed-off-by: Michal Kazior <michal@plume.com>
This event is generated in a couple of places. It'll be easier to extend
the event with additional metadata if it's generated in a single place.
Signed-off-by: Michal Kazior <michal@plume.com>
On NixOS[1] - a Linux distribution which allows to configure a full OS
declaratively - it's possible to configure SSIDs for `wpa_supplicant`
like this:
networking.wireless.networks = {
myssid = {
pskRaw = "<redacted>";
};
};
It's also possible to add networks "imperatively" using `wpa_gui` or
`wpa_cli`. However it's not possible to do both because if the first
option is used, NixOS creates a read-only symlink at
`/etc/wpa_supplicant.conf` and then it's not possible for
`wpa_supplicant` anymore to write to it.
This patch aims to help us changing this: while "declarative" SSID
configuration can be quite useful, it's a bad idea for e.g. sensitive
stuff like a WPA2 enterprise network.
The original idea was to use `-I`[2] for immutable configs (including
"declarative" networks) on NixOS and `-c /etc/wpa_supplicant.conf` for
anything "imperative".
However this doesn't really work out because if a wifi network from a
config file specified with `-I` is changed by e.g. `wpa_gui`, it's
silently overwritten in `/etc/wpa_supplicant.conf` (specified with
`-c`) which is IMHO unintuitive (in our case at least). This patch
basically declares each network defined in a config file passed via `-I`
to `wpa_supplicant` as "read-only" and doesn't write these "read-only"
networks to `/etc/wpa_supplicant.conf`.
A bit more context can be found on GitHub in the PR where I implemented
this[3].
[1] https://nixos.org/
[2] Added in e6304cad47
[3] https://github.com/NixOS/nixpkgs/pull/113716
Signed-off-by: Maximilian Bosch <maximilian@mbosch.me>
Add new 'mac_addr' policy (3) with which supplicant expects to also
obtain 'mac_value' with pregenerated value of MAC address to be used for
given SSID.
The main difference between this policy and policy 1 is the ability to
control persistence of the MAC address used. For example if there is
a requirement to always use the same (but random) MAC address for given
SSID (even if user removes/forgets the network) this could be handled
outside of the wpa_supplicant by using some SSID based hashing scheme to
generate MAC (or by just storing the randomly generated one) and
providing it to wpa_supplicant together with mac_addr=3 policy.
Signed-off-by: Andrzej Ostruszka <amo@semihalf.com>
IEEE Std 802.11ax-2021, 12.12 explicitly disallows use of Open System
authentication without encryption on the 6 GHz band.
Signed-off-by: Sharadanand Karanjkar <skaranjkar@datto.com>
As P2P GOs are not expected to be collocated, i.e., they are not
expected to be announced in the RNR element of other APs, they can
operate only on preferred scanning channels (PSCs).
When performing a full scan for P2P discovery, include only the 6 GHz
PSCs (if supported) to avoid scanning channels on which P2P GOs are not
expected to reside.
While at it also fix couple of places that missed including 60 GHz
channels in P2P full scan.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Add a callback handler to notify details of a PMKSA cache entry when it
is added to the PMKSA cache. This can be used to provide external
components more convenient access to the PMKSA cache contents.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
For WPA2/WPA3 authentication mode, wpa_supplicant needs to notify
CurrentAuthMode property change when wpa_s->key_mgmt changes, so
NetworkManager can judge whether it needs to request a password based on
this.
Call wpas_notify_auth_changed() when starting a new connection item,
i.e., after having updated wpa_s->key_mgmt.
Signed-off-by: xinpeng wang <wangxinpeng@uniontech.com>
SSID may include unprintable characters. This change converts
unprintable characters into printable form before printing SSID in the
function wpas_send_ctrl_req(). The conversion is based on the function
wpa_ssid_txt().
Signed-off-by: Kaidong Wang <kaidong@chromium.org>
In case of drivers supporting 4-way handshake offload, mark port
authorized and state completion only if the driver advertizes authorized
state in the connect event. Otherwise there are fair chances of the
driver port authorization API getting called while 4-way handshake is in
progress at the lower layer.
In order to avoid this possible race condition always update port
authorization and supplicant state WPA_COMPLETED setting from
EVENT_PORT_AUTHORIZED context when the driver is done with the 4-way
handshake.
Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>
Add the support of multiple domains for interworking credentials in
D-Bus API AddCred() using an array of strings.
Signed-off-by: Damien Dejean <damiendejean@chromium.org>
Fix compilation issue when using the following build parameter:
CONFIG_CTRL_IFACE=udp-remote
Fixes: 0aae045af0 ("ctrl: Print the source address of the received commands")
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Until now Hotspot 2.0 credentials were only supporting one home OI (with
roaming_consortium option) and one required home OI (with
required_roaming_consortium option). To improve the compliance with
Passpoint specification, add the support for multiple home and required
OIs.
The lists of OIs are provided using two new configuration options
home_ois and required_home_ois that expect a list of OIs formatted as
the roaming_consortiums list. It allows to keep the old options to avoid
breaking currently running configurations and better fits the vocabulary
used in the spec.
The OI match algorithm is updated to implement the behavior described in
Passpoint specification v3.2 section 9.1.2 (Home OIs nodes description
PerProviderSubscription/<X+>/HomeSP/HomeOIList/<X+>).
Signed-off-by: Damien Dejean <damiendejean@chromium.org>
There is no way to create or remove a virtual interface with
wpa_supplicant dbus methods. The platform has to use out-of-band methods
to manage the virtual interfaces.
This change adds virtual interface create/remove logic to the dbus
methods CreateInterface and RemoveInterface to achieve similar
functionalities as wpa_cli commands interface_add and interface_remove.
Signed-off-by: Jintao Lin <jintaolin@chromium.org>
Need to copy own address and peer address locally and pass them to
pasn_deauthenticate(), because this pointer data will be flushed from
the PTKSA cache before sending the Deauthentication frame and these
pointers to then-freed memory would be dereferenced.
Fixes: 24929543 ("PASN: Deauthenticate on PTKSA cache entry expiration")
Signed-off-by: Vinay Gannevaram <quic_vganneva@quicinc.com>
Map to correct control interface commands for PASN start and stop.
Fixes: ad338cfe58 ("ctrl_iface: Add support for PASN authentication")
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
wpa_supplicant used the WPS IE from a Probe Response frame, if one was
received, even if there might have been a more recent Beacon frame with
an updated WPS IE. This could result in using stale information about
active WPS registrar, e.g., when operating on the 6 GHz band.
Prefer WPS IE from a Beacon frame over the default selection of Probe
Response frame (if one has been received) in cases where the Beacon
frame is received more recently than the Probe Response frame and active
WPS Registrar information is being checked. Skip this for the case where
UUID-E is needed since that is not available in the Beacon frame.
Signed-off-by: Sai Pratyusha Magam <quic_smagam@quicinc.com>
OCV cannot be used without PMF and such a configuration were to be used
with wpa_supplicant, the AP would reject the association. hostapd is
already enabling PMF automatically whenever OCV is being enabled, so do
the same with wpa_supplicant.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
If a higher priority BSS has invalid security parameters, e.g., an
invalid SAE password, and a lower priority BSS is discovered only after
the local network profile has been temporarily disabled, the BSSID
ignoring mechanism is not sufficient to allow the lower priority BSS to
be tried and all consecutive attempts will continue to use the higher
priority BSS. This might prevent connection in some unexpected cases
with invalid network configuration.
Extend BSSID ignoring mechanism to work in this type of a case by
ignoring the BSSID that resulted in disabling the SSID temporarily
during the first connection attempt after having re-enabled the SSID.
This allows a lower priority BSS, if any is available in scan results,
to be tried next to see if it might have working security parameters.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Fix memory leak of intro.peer_key in wpas_dpp_rx_peer_disc_resp(). The
other code paths were updated to use dpp_peer_intro_deinit(), but this
non-privacy-protection version of the station implementation was missed.
Fixes: 148de3e0dc ("DPP3: Private Peer Introduction protocol")
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
This is needed to avoid trying the subsequent connections with the old
PMKID that the AP claims not to hold and continues connection failures.
This was already handled for the SME-in-the-driver case in commit commit
50b77f50e8 ("DPP: Flush PMKSA if an assoc reject without timeout is
received"), but the wpa_supplicant SME case did not have matching
processing.
Add the needed check to avoid recover from cases where the AP has
dropped its PMKSA cache entry. Do this only based on the specific status
code value (53 = invalid PMKID) and only for the PMKSA entry that
triggered this failure to minimize actions taken based on an unprotected
(Re)Association Response frame.
Signed-off-by: Jouni Malinen <j@w1.fi>
This prevents attempts of trying to use PMKSA caching when the existing
entry was created using a different MAC address than the one that is
currently being used. This avoids exposing the longer term PMKID value
when using random MAC addresses for connections.
In practice, similar restriction was already done by flushing the PMKSA
cache entries whenever wpas_update_random_addr() changed the local
address or when the interface was marked down (e.g., for an external
operation to change the MAC address).
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is needed to be able to determine whether a PMKSA cache entry is
valid when using changing MAC addresses. This could also be used to
implement a mechanism to restore a previously used MAC address instead
of a new random MAC address.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Using separate variables for BSSID and peer address is needed to support
Wi-Fi Aware (NAN) use cases where the group address is used as the BSSID
and that could be different from any other peer address. The
infrastructure BSS cases will continue to use the AP's BSSID as both the
peer address and BSSID for the PASN exchanges.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Rename struct pasn_data::bssid to peer_addr to be better aligned with
different use cases of PASN and its extensions. This is a step towards
having option to use different peer address and BSSID values for NAN use
cases.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
wpa_supplicant has support for only a single FT key hierarchy and as
such, cannot use more than a single mobility domain at a time. Do not
allow FT protocol to be started if there is a request to reassociate to
a different BSS within the same ESS if that BSS is in a different
mobility domain. This results in the initial mobility domain association
being used whenever moving to another mobility domain.
While it would be possible to add support for multiple FT key hierachies
and multiple mobility domains in theory, there does not yet seem to be
sufficient justification to add the complexity needed for that due to
limited, if any, deployment of such networks. As such, it is simplest to
just prevent these attempts for now and start with a clean initial
mobility domain association.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
During cross SSID roaming wpa_supplicant ended up using the default
RSNE/RSNXE in EAPOL-Key msg 2/4 though the driver indicated
(Re)Association Request frame elements without RSNE/RSNXE. This causes
RSNE/RSNXE mismatch between (Re)Association Request frame and EAPOL-Key
msg 2/4.
To avoid this skip copying the default RSNE/RSNXE if the driver
indicates the actually used (Re)Association Request frame elements in
the association event.
Signed-off-by: Utkarsh Soni <quic_usoni@quicinc.com>
Passphrases/PSKs from external password databases were ignored if 4-way
handshake offloading was supported by the driver. Split the PSK loading
functionality into a separate function and calls if to get the PSK for
handshake offloading.
I tested connecting to a WPA2-PSK network with both inline and external
passphrases, using the iwlwifi and brcmfmac drivers.
Signed-off-by: Ben Wolsieffer <benwolsieffer@gmail.com>
In a system with multiple interfaces, the boot messages as well as the
status information provided by `systemctl` can be confusing without
an immediate way to differentiate between the different interfaces.
Fix this by adding the interface name to the unit description.
Signed-off-by: Gioele Barabucci <gioele@svario.it>
The received frame buffer was already verified to be long enough to
include the Advertisement Protocol element and that element was verified
to have a valid length value, but use of adv_proto[1] in another
function may have been too difficult to figure out for analyzers.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add support to specify a Link ID for set key operation for MLO
connection. This does not change the existing uses and only provides the
mechanism for extension in following commits.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Update the following MLO connection information to wpa_sm:
- AP MLD address and link ID of the (re)association link.
- Bitmap of requested links and accepted links
- Own link address for each requested link
- AP link address, RSNE and RSNXE for each requested link
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Currently, PMK parameters in the WPA state machine are set from
configuration only when the interface is initialized. If those
parameters are changed later via D-Bus, the new values don't have any
effect.
Call wpa_sm_set_param() when PMK-related D-Bus properties are changed
to immediately apply the new value; the control interface also does
something similar.
Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
Add the `sae_check_mfp` global option to limit SAE when PMF will
not be selected for the connection.
With this option SAE is avoided when the hardware is not capable
of PMF due to missing ciphers.
With this option SAE is avoided on capable hardware when the AP
does not enable PMF.
Allows falling back to PSK on drivers with the
WPA_DRIVER_FLAGS_SAE capability but do not support the BIP cipher
necessary for PMF. This enables configurations that can fall back
to WPA-PSK and avoid problems associating with APs configured
with `sae_require_mfp=1`.
Useful when `pmf=1` and `sae_check_mfp=1` are enabled and networks
are configured with ieee80211w=3 (default) and key_mgmt="WPA-PSK SAE".
In this configuration if the device is unable to use PMF due to
lacking BIP group ciphers it will avoid SAE and fallback to
WPA-PSK for that connection.
Signed-off-by: Jeffery Miller <jefferymiller@google.com>
Stop listen mode if there is not sufficient time remaining to complete
the Authentication exchange within the current remain-on-channel
operation. This speeds up the operation and avoids some timeouts that
could prevent the provisioning step from completing. This addresses an
issue that was found in the following test case sequence:
dpp_controller_relay_discover dpp_chirp_ap_5g
Similar mechanism was already used for Reconfig Announcement frames, so
reuse that for this case with Presence Announcement frames.
Signed-off-by: Jouni Malinen <j@w1.fi>
When scanning for a new connection, we currently optimize by scanning
all frequencies only when our MCC capabilities will allow an additional
operating frequency, and scan only the existing operating frequencies
otherwise. This is problematic when there the current operating
frequency singularly accounts for one of the shared radio frequencies
because we should be able to switch operating frequencies without adding
to the channel count. Fix this.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
Connection attempt could have been intermittently drop when reconnecting
to the same ESS due the current BSS entry getting removed immediately
after the disconnection for the purpose of reconnecting to the same ESS.
Avoid this by not removing a BSS entry for the same ESS when in this
special state of trying to reconnect to the same ESS.
Signed-off-by : WooYong Kim <wykim@newratek.com>
Scans are allowed on the current interface for group formation only when
in the P2P_SEARCH, P2P_IDLE, or P2P_PROVISIONING state. But Extended
Listen timeout being enabled moves to the P2P_LISTEN_ONLY state. Due to
this P2P connection fails if the GO is not found with scans triggerred
before Extended Listen timeout. To avoid this skip Extended Listen
timeout to allow scans during group formation on the current interface.
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
Clone sae_pwe configuration value when creating a new P2P group
interface. This is needed to avoid P2P connection failure at the P2P
Client side due to SAE H2E being disabled in the 6 GHz band operation
when a new group interface is created for the connection.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
For the 6 GHz opclass 132, ch for loop only allows non-PSC channels { 1,
9, 17, 25, 33, 41, 49,... } to be used. This does not match the IEEE Std
802.11ax-2021 expectation of a 6 GHz-only AP "should set up the BSS with
a primary 20 MHz channel that coincides with a preferred scanning
channel".
Increase ch by 4 to allow PSC channel to be used for 6 GHz BW40.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
struct wpas_pasn is common to both initiator and responder, so rename it
to pasn_data to avoid the "wpas_" prefix that could be seen as a
reference to wpa_supplicant (PASN initiator).
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The wpa_s and hapd context are isolated from the PASN initiator and
responder code and this functionality is now in the separate src/pasn
directory. Add option to build libpasn.so with this functionality. This
library can be used by a Wi-Fi Aware component to support NAN pairing
with other devices.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
PASN responder validates auth 1 frame and sends auth 2 frame to the
initiator. It analyses the auth 3 frame and verifies successful
authentication. Wi-Fi Aware modules can reuse this functionality through
a shared library libpasn.so generated from this code. Move the PASN
functionality that is now decoupled from the hapd context into a
separate file in a common directory to make it easier to build such a
library.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
PASN initiator functionality builds auth 1 and auth 3 frames, and
processes auth 2 frame received from the responder. Wi-Fi Aware modules
can reuse this functionality through a shared library libpasn.so
generated from this code. Move the PASN functionality that is now
decoupled from the wpa_s context into a separate file in a common
directory to make it easier to build such a library.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is helpful in being able to get the functionality needed for SAE
into a separate library (libpasn.so) without needing all of the
ieee802_11.c functionality.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Wi-Fi Aware R4 specification defines Beacon RSNE/RSNXE to be same as
RSNE/RSNXE present in Auth2 frame. So, MIC validation should be done
with the RSNE and RSNXE received in Auth2 frame.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Wi-Fi Aware R4 specification introduces a custom PMKID derived from
Nonce and TAG. This custom PMKID is included in PASN Authentication
frames during pairing verification. So, allow use of a custom PMKID in
PASN frames and validate it using a function handler. Wi-Fi Aware
component that uses libpasn.so should take care of validating the custom
PMKID.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
PTK is stored in the PTKSA cache following a successful PASN handshake,
however AKMP is removed upon a WPA PASN reset. The PASN handshake is
used in the Wi-Fi Aware R4 specification to define the pairing setup
process. KDK is used to generate a new set of keys, while AKMP is
required for key derivation for pairing. So, keep AKMP in the PTKSA
cache.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This makes hostapd use the struct defines from pasn_common.h so that the
same struct is shared with wpa_supplicant.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is a step towards decoupling the PASN initiator and responder
implemenentation is decoupled from the wpa_s and hapd contexts and
moving to a common folder for better abstraction. Move the struct
wpas_pasn definition to a common file for initiator and responder. The
idea is to provide a library libpasn.so from PASN common code. Include
C++ compatibilty wrapper to extend libpasn.so support for modules using
cpp code base.
This library can be used in applications implementing protocols based on
the PASN handshake.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Introduce a function handler to transmit PASN Authentication frames to
the driver. This removes the wpa_s dependency from PASN functionality
for sending the frames.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Get ssid and derive required information for SAE and FILS tunneled PASN
authentication to remove struct wpa_ssid dependency for PASN initiator.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Before invoking wpas_pasn_start(), derive KDK and secure LTF flags.
Instead of using network id for pasn_start(), use a pointer to the
struct wpa_ssid.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Obtain RSNXE capabilities from the driver flags as well and save them in
the wpas_pasn structure.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Remove wpa_s dependency for processing PASN M2 frame and preparing M3
frame. To hold the context of wpa_s when transmitting M3 frame, add cb
ctx.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is a step towards allowing the PASN implementation to be used
outside the context of wpa_supplicant.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Store PMKSA cache entry in wpas_pasn and remove wpa_sm dependency to add
an entry to PMKSA cache. This is a step towards allowing the PASN
implementation to be used outside the context of wpa_supplicant.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Use struct wpas_pasn (i.e., &wpa_s->pasn) as the function argument for
the SAE functionality that does not need the full struct wpa_supplicant
context. This is a step towards allowing PASN to be used outside the
context of wpa_supplicant.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Split wpas_pasn_reset() so that the main reset steps can be used without
an instance of struct wpa_supplicant. This is needed to allow PASN
implementation to be used for additional purposes outside the context of
wpa_supplicant.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
For wpa_supplicant_get_new_bss(), wpa_s->current_ssid can be NULL in
some cases. Add a NULL check before accessing it to avoid NULL pointer
dereference errors.
Fixes: 7784964cbe ("MLD STA: Fetch MLO connection info into core wpa_supplicant")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The initial wpa_drv_get_mlo_info() implementation cleared only the
valid_links information within struct driver_sta_mlo_info before trying
to fetch the information from the driver. While this is likely going to
work fine in practice, this can result in static analyzer warnings on
use of uninitialized memory (e.g., mlo.assoc_link_id could have been
read if wpa_s->valid_links was set to a nonzero value). In any case, it
is better to avoid such unnecessary warnings by clearing the full data
structure before using it.
Fixes: 7784964cbe ("MLD STA: Fetch MLO connection info into core wpa_supplicant")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The Linux kernel expects to use the AP MLD address as destination and
BSSID addresses for non-Public Action frames when the current
association is MLO capable. Use the MLD addresses to support this.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
EAPOL-Key msg 1/4 indication can be received before association
indication from the driver. For MLO connection, the source address check
of such frames should be against the AP MLD address instead of the
associated link BSSID.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Fetch the MLO association Link ID info from the driver to the
wpa_supplicant instance of the corresponding MLD STA interface. This
info is needed when setting the MLO connection info to wpa_sm.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Use a full list of AKM suite selectors that can use SAE authentication
when checking for authentication trigger from the driver.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This allows the P2P client to fast associate if the GO is already in the
scan cache without doing a full scan.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
AKM suite selector check was initially implemented with incorrect byte
swapping of the value from the driver (nl80211). Fix this and leave a
workaround option for any potentially deployed device where the driver
might be using the swapped byte order.
Fixes: 5ff39c1380 ("SAE: Support external authentication offload for driver-SME cases")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This can be helpful in trying to figure out unexpected behavior even
though we do not currently really do anything with the inner method
type.
Signed-off-by: Chaoli Zhou <quic_zchaoli@quicinc.com>
Move from this type of constructions:
switch (val) {
case 1:
something;
break;
}
default-action;
into following:
switch (val) {
case 1:
something;
break;
default:
default-action;
break
}
for cases where the switch statement is not expected to contain a full
set of enum values and as such, does not lose value from not having the
default target.
This makes the intent of default behavior clearer for static analyzers like
gcc with -Wswitch-default.
Signed-off-by: Chaoli Zhou <quic_zchaoli@quicinc.com>
Since NetworkManager doesn't support setting ieee80211w to
wpa_supplicant and only support pmf, so override ieee80211w from pmf for
AP mode if ieee80211w not configurated. Do not change behavior for the
P2P GO cases.
Signed-off-by: Chaoli Zhou <quic_zchaoli@quicinc.com>
While the IEEE 802.11 standard does not require MFPR=1, WPA3-Personal
requires PMF to be used with SAE. Use the stronger MFPR=1 configuration
for SAE-without-PSK case, i.e., interpret that as "WPA3-Personal only"
configuration.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Do not try to use variables that are not defined without
CONFIG_IEEE80211R=y and add the forgotten "inline" for the function
wrapper.
Fixes: 5c65ad6c0b ("PASN: Support PASN with FT key derivation")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Compiler throws a warning for using bitwise operation in
wpa_s_setup_sae_pt() function instead of logical AND operation on two
boolean values.
Fixes: e81ec0962d ("SAE: Use H2E unconditionally with the new AKM suites")
Signed-off-by: Sunil Ravi <sunilravi@google.com>
IEEE Std 802.11-2020, 11.8.8 (Selecting and advertising a new channel)
doesn't restrict switching to a channel which is not in the same band as
the current band. But at the same time, there are some issues in
switching between the 2.4/5 GHz bands and the 6 GHz band. So limit the
check to consider the critical use case of switching from a 5 GHz channel
to a 2.4 GHz channel.
Signed-off-by: Sunil Ravi <sunilravi@google.com>
While setting up the P2P GO interface, wpa_supplicant sets the operating
channel width to CHANWIDTH_USE_HT in cases where it fails to set 80 MHz
bandwidth. In the same flow, update the operating class, too, according
to the channel width. This is to avoid setting up the operational
channel width back to 80 MHz from hostapd interface setup.
Signed-off-by: Sunil <sunilravi@google.com>
wpas_p2p_optimize_listen_channel() checks for the state and current ssid
of the interface calling this function. This check prevents the function
from setting the optimized listen channel. Since the listen channel is
stored in global P2P configuration data, do not check the state and
current interface of the caller.
Signed-off-by: Sunil Ravi <sunilravi@google.com>
If wpa_supplicant was build without CONFIG_IEEE80211R, the
exposed key-management capabilities should not include one of the
FT protocols. If someone would use a FT protocol in such situation,
it would fail anyway.
Signed-off-by: Clemens Famulla-Conrad <cfamullaconrad@suse.de>
It is possible to specify -t or -K multiple times. With this the
value isn't boolean anymore and we hit a assert in libdbus
function `dbus_message_iter_append_basic()`, which expect 0 or 1
for DBUS_TYPE_BOOLEAN.
Signed-off-by: Clemens Famulla-Conrad <cfamullaconrad@suse.de>
Parse link id info from channel switch events and indicate the info to
control interface using new per link channel switch events. If channel
switch happens on the link which used during association both legacy
and new per-link channel switch events will be reported.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Add support to fetch and indicate per-link MLO signal poll information
via a new control interface command MLO_SIGNAL_POLL.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Append the AP MLD address to CTRL-EVENT-CONNECTED when the current
connection uses MLO.
Signed-off-by: Aleti Nageshwar Reddy <quic_anageshw@quicinc.com>
Parse Multi-Link element received in scan result to get AP MLD address
and cache it in the wpa_bss structure.
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Add a helper function to get Multi-Link element of a specified type from
scan result Probe Response frame or Beacon frame elements.
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
Add support to fetch MLO connection info from the driver to the
wpa_supplicant instance of corresponding MLD STA interface. In addition,
return true for BSSs associated with MLO links from wpa_bss_in_use() to
avoid getting them cleared from scan results.
Co-authored-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
P2P connections in the 6 GHz band should be limited to preferred
scanning channels since AP/GO discovery cannot depend on 2.4/5 GHz
discovery.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Previously, wpa_supplicant was using the current SSID for building the
SAE authentication commit frame for retries during external
authentication. But the external authentication SSID can be different
from the current SSID. Fix this by using the correct SSID profile.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
The driver's SME may choose a BSS of a different ESS (SSID) compared to
the current SSID and trigger external authentication. If the chosen SSID
is not associated/selected before by wpa_supplicant it won't have the
H2E PT derived. Make sure to derive PT for SSID indicated in the
external authentication request.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Commit e3bd6e9dc0 ("P2P: Use another interface operating channel as
listen channel") allows P2P listen channel to be selected based on
another interface operating channel if it is one of social channels
(i.e., 2.4 GHz 1, 6, 11).
This optimization is disabled by default due to the technical
specification expectations, but since this can be quite helpful for
optimized behavior, enable it by adding p2p_optimize_listen_chan=1 to
the default Android configuration template.
After the secure association and PTK derivation are completed, if the
device supports LTF keyseed, generate the LTF keyseed using KDK and set
the ranging context to the driver by using the command
QCA_NL80211_VENDOR_SUBCMD_SECURE_RANGING_CONTEXT.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Set secure ranging context to the driver for a valid PTKSA entry in the
PTKSA cache, if available. When the driver requests for PASN keys,
wpa_supplicant configures the keys from its cache if the keys for the
peer derived with the same own MAC address are available in the cache
instead of doing the full PASN handshake again.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add an option for an alternative processing of PTKSA life time expiry.
Register a callback in wpa_supplicant to handle the life time expiry of
the keys in PTKSA cache. Send PASN deauthentication when a PTKSA cache
entry expires.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This brings in the functionality to hold multiple peers and perform PASN
authentication with each peer at a time and send the PASN response to
the driver. PASN parameters such as AKMP and cipher suite are obtained
from the BSS information of the cached scan results. Also add
functionality to trigger deauthentication to the peer for which PASN
request with action PASN_ACTION_DELETE_SECURE_RANGING_CONTEXT is
received.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>