Commit graph

4514 commits

Author SHA1 Message Date
Mathy Vanhoef
5c7d35ba07 Add UNPROT_DEAUTH command for testing OCV
This new wpa_supplicant control interface command can be used to
simplify testing SA Query with OCV.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 15:50:12 +02:00
Mathy Vanhoef
f91e68e903 OCV: Perform an SA Query after a channel switch
After the network changed to a new channel, perform an SA Query with the
AP after a random delay if OCV was negotiated for the association. This
is used to confirm that we are still operating on the real operating
channel of the network. This commit is adding only the station side
functionality for this, i.e., the AP behavior is not changed to
disconnect stations with OCV that do not go through SA Query.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 15:50:12 +02:00
Mathy Vanhoef
f9da7505bf OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.

On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.

Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.

As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 15:42:23 +02:00
Mathy Vanhoef
6ab73efa72 OCV: Add utility functions to insert OCI elements
This commit adds utility functions to insert various encoding of the OCI
element.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 00:02:14 +02:00
Mathy Vanhoef
55c12f5d37 OCV: Advertise OCV capability in RSN capabilities (STA)
Set the OCV bit in RSN capabilities (RSNE) based on station mode
configuration.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 20:49:27 +02:00
Mathy Vanhoef
875ab60d73 OCV: Advertise OCV capability in RSN capabilities (AP)
Set the OCV bit in RSN capabilities (RSNE) based on AP mode
configuration. Do the same for OSEN since it follows the RSNE field
definitions.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 20:48:48 +02:00
Mathy Vanhoef
ce6829c284 OCV: Add wpa_supplicant config parameter
Add wpa_supplicant network profile parameter ocv to disable or enable
Operating Channel Verification (OCV) support.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 20:31:21 +02:00
Mathy Vanhoef
138205d600 OCV: Add build configuration for channel validation support
Add compilation flags for Operating Channel Verification (OCV) support.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 20:31:21 +02:00
Mathy Vanhoef
ad20a1367f Store the VHT Operation element of an associated STA
APs and mesh peers use the VHT Operation element to advertise certain
channel properties (e.g., the bandwidth of the channel). Save this
information element so we can later access this information.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 18:35:30 +02:00
Mathy Vanhoef
4b62b52e5e Make channel_info available to the supplicant state machine
This adds the necessary functions and callbacks to make the channel_info
driver API available to the supplicant state machine that implements the
4-way and group key handshake. This is needed for OCV.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 18:35:30 +02:00
Mathy Vanhoef
7f00dc6e15 Add driver API to get current channel parameters
This adds driver API functions to get the current operating channel
parameters. This encompasses the center frequency, channel bandwidth,
frequency segment 1 index (for 80+80 channels), and so on.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 18:35:30 +02:00
Jouni Malinen
fb2dc898d6 WMM AC: Fix a typo in a comment
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-08 16:50:42 +02:00
Jouni Malinen
22d8bb04d9 WMM AC: Do not write ERROR level log entries when WMM AC is not in use
These two wpa_printf() calls with MSG_ERROR level could be reached when
connecting without (Re)Association Response frame elements being
available. That would be the case for wired connections and IBSS. Those
cases are not supposed to use WMM AC in the first place, so do not
confuse logs with ERROR messages in them for normal conditions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-08 16:48:33 +02:00
Jouni Malinen
06c00e6d93 OWE: Fix OWE network profile saving
key_mgmt=OWE did not have a config parameter writer and wpa_supplicant
was unable to save such a network profile correctly. Fix this by adding
the needed parameter writer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-08 16:27:26 +02:00
Damodaran, Rohit (Contractor)
ad6a92472d DPP: Support DPP key_mgmt saving to wpa_supplicant configuration
In the existing code, there was no "DPP" string available to the DPP key
management type for configuration parser of wpa supplicant. When the
configuration is saved, the key management string was left out from the
config file. Fix this by adding support for writing key_mgmt=DPP option.

Signed-off-by: Rohit Damodaran <Rohit_Damodaran@comcast.com>
2018-12-08 16:17:48 +02:00
Jouni Malinen
3ce48c440e HS 2.0: Fix PMF-in-use check for ANQP Venue URL processing
The previous implementation did not check that we are associated with
the sender of the GAS response before checking for PMF status. This
could have accepted Venue URL when not in associated state. Fix this by
explicitly checking for association with the responder first.

This fixes an issue that was detected, e.g., with these hwsim test case
sequences:
gas_anqp_venue_url_pmf gas_anqp_venue_url
gas_prot_vs_not_prot gas_anqp_venue_url

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-08 14:06:58 +02:00
Jouni Malinen
f44d760cf0 HS 2.0: Enable PMF automatically for Hotspot 2.0 network profiles
Hotspot 2.0 Release 2 requires PMF to be negotiated, so enable this by
default in the network profiles created from cred blocks.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-08 14:06:58 +02:00
Jouni Malinen
9ce2015a97 HS 2.0: Allocate enough buffer for HS 2.0 Indication element for scan
The HS 2.0 Indication element can be up to 9 octets in length, so add
two more octets to the minimum extra_ie buffer size for scanning.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-08 14:06:58 +02:00
Jouni Malinen
ec2cf403b8 HS 2.0: As a STA, do not indicate release number greater than the AP
Hotspot 2.0 tech spec mandates mobile device to not indicate a release
number that is greater than the release number advertised by the AP. Add
this constraint to the HS 2.0 Indication element when adding this into
(Re)Association Request frame. The element in the Probe Request frame
continues to show the station's latest supported release number.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-08 14:06:58 +02:00
Jouni Malinen
f2973fa39d FT: Fix CONFIG_IEEE80211X=y build without CONFIG_FILS=y
remove_ie() was defined within an ifdef CONFIG_FILS block while it is
now needed even without CONFIG_FILS=y. Remove the CONFIG_FILS condition
there.

Fixes 8c41734e5d ("FT: Fix Reassociation Request IEs during FT protocol")
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-03 12:00:26 +02:00
Jouni Malinen
c2c6c01bb8 Update version to v2.7 and copyright years to include 2018
Also add the ChangeLog entries for both hostapd and wpa_supplicant to
describe main changes between v2.6 and v2.7.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-02 21:34:59 +02:00
Jouni Malinen
55570efe35 Uncomment CONFIG_LIBNL32=y in defconfig
libnl 3.2 release is much more likely to be used nowadays than the
versions using the older API, so uncomment this in wpa_supplicant and
hostapd defconfig.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-02 21:34:59 +02:00
Ashok Kumar
698c9e2021 OWE: Try another group only on association rejection with status 77
Do not change the OWE group if association is rejected for any other
reason than WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED to avoid
unnecessary latency in cases where the APs reject association, e.g., for
load balancing reasons.

Signed-off-by: Ashok Kumar <aponnaia@codeaurora.org>
2018-12-02 20:42:09 +02:00
Jouni Malinen
117f586b05 DPP: Remove unused wpas_dpp_remain_on_channel_cb()
This function was apparently never used at all.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-02 18:40:06 +02:00
Jouni Malinen
e22c23382f DPP: Apply testing configuration option to signing of own config
Previous implementation had missed this case of setting configurator
parameters.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-02 00:26:21 +02:00
Jouni Malinen
8c41734e5d FT: Fix Reassociation Request IEs during FT protocol
The previous implementation ended up replacing all pending IEs prepared
for Association Request frame with the FT specific IEs (RSNE, MDE, FTE)
when going through FT protocol reassociation with the wpa_supplicant
SME. This resulted in dropping all other IEs that might have been
prepared for the association (e.g., Extended Capabilities, RM Enabled
Capabilities, Supported Operating Classes, vendor specific additions).

Fix this by replacing only the known FT specific IEs with the
appropriate values for FT protocol while maintaining other already
prepared elements.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-01 22:02:55 +02:00
Jouni Malinen
3d1d469195 Fix indentation level
This gets rid of smatch warnings about inconsistent indenting.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-30 21:28:19 +02:00
Ashok Ponnaiah
fcb3f11e4d SAE: Fix external authentication on big endian platforms
Need to handle the little endian 16-bit fields properly when building
and parsing Authentication frames.

Fixes: 5ff39c1380 ("SAE: Support external authentication offload for driver-SME cases")
Signed-off-by: Ashok Ponnaiah <aponnaia@codeaurora.org>
2018-11-30 17:26:26 +02:00
Jouni Malinen
a00d65e79f DPP: Reject invalid no-psk/pass legacy configurator parameters
Instead of going through the configuration exchange, reject invalid
legacy configurator parameters explicitly. Previously, configuring
legacy (psk/sae) parameters without psk/pass resulted in a config object
that used a zero length passphrase. With this change, that config object
is not sent and instead, either the initialization attempts is rejected
or the incoming initialization attempt is ignored.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-30 17:14:49 +02:00
Cedric Izoard
18a0508a41 external-auth: Check key_mgmt when selecting SSID
When selecting SSID to start external authentication procedure also
check the key_mgmt field as several network configuration may be defined
for the same SSID/BSSID pair. The external authentication mechanism is
only available for SAE.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2018-11-26 19:09:25 +02:00
Jouni Malinen
931f7ff656 DPP: Fix GAS client error case handling
The GAS client processing of the response callback for DPP did not
properly check for GAS query success. This could result in trying to
check the Advertisement Protocol information in failure cases where that
information is not available and that would have resulted in
dereferencing a NULL pointer. Fix this by checking the GAS query result
before processing with processing of the response.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-11-25 13:33:39 +02:00
Lubomir Rintel
d7591aab85 dbus: Expose availability of SHA384 on D-Bus
This lets us know whether we can attempt to use FT-EAP-SHA384.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2018-11-24 18:18:25 +02:00
Lubomir Rintel
eb7e747931 dbus: Expose availability of FT on D-Bus
This lets us know whether we can attempt to use FT-PSK, FT-EAP,
FT-EAP-SHA384, FT-FILS-SHA256 or FT-FILS-SHA384.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2018-11-24 18:18:25 +02:00
Lubomir Rintel
59d59eb0e0 Revert "D-Bus: Implement Pmf property"
This reverts commit adf8f45f8a.

It is basically all wrong. The Pmf property did exist, with a signature of
"s" as documented in doc/dbus.doxygen. It was synthesized from
global_fields[].

The patch added a duplicate one, with a signature of "u", in violation
of D-Bus specification and to bemusement of tools that are careful
enough:

  $ busctl introspect fi.w1.wpa_supplicant1 /fi/w1/wpa_supplicant1/Interfaces/666
  Duplicate property

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2018-11-24 18:03:55 +02:00
Jouni Malinen
4929d556cc mesh: Add Category and Action field to maximum buffer length
Make the buf_len calculation match more closely with the following
wpa_buf*() operations. The extra room from the existing elements was
apparently sufficiently large to cover this, but better add the two
octet header explicitly.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-11-24 13:36:54 +02:00
Bob Copeland
25778502d5 mesh: Fix off-by-one in buf length calculation
The maximum size of a Mesh Peering Management element in the case
of an AMPE close frame is actually 24 bytes, not 23 bytes, plus the
two bytes of the IE header (IEEE Std 802.11-2016, 9.4.2.102). Found by
inspection.

The other buffer components seem to use large enough extra room in their
allocations to avoid hitting issues with the full buffer size even
without this fix.

Signed-off-by: Bob Copeland <bobcopeland@fb.com>
2018-11-24 13:30:28 +02:00
Davide Caratti
2b7f46f1c7 examples: Fix shellcheck warnings in wps-ap-cli
use 'printf' instead of 'echo -n', to suppress the following warning:

In POSIX sh, echo flags are undefined. [SC2039]

Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
2018-11-22 15:53:30 +02:00
Jouni Malinen
dc673aec46 HS 2.0: Generate AssocReq OSEN IE based on AP advertisement
Parse the OSEN IE from the AP to determine values used in the AssocReq
instead of using hardcoded cipher suites. This is needed to be able to
set the group cipher based on AP advertisement now that two possible
options exists for this (GTK_NOT_USED in separate OSEN BSS; CCMP or
GTK_NOT_USED in shared BSS case). Furthermore, this is a step towards
allowing other ciphers than CCMP to be used with OSEN.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-09 18:07:16 +02:00
Jouni Malinen
d514b50265 WNM: Collocated Interference Reporting
Add support for negotiating WNM Collocated Interference Reporting. This
allows hostapd to request associated STAs to report their collocated
interference information and wpa_supplicant to process such request and
reporting. The actual values (Collocated Interference Report Elements)
are out of scope of hostapd and wpa_supplicant, i.e., external
components are expected to generated and process these.

For hostapd/AP, this mechanism is enabled by setting
coloc_intf_reporting=1 in configuration. STAs are requested to perform
reporting with "COLOC_INTF_REQ <addr> <Automatic Report Enabled> <Report
Timeout>" control interface command. The received reports are indicated
as control interface events "COLOC-INTF-REPORT <addr> <dialog token>
<hexdump of report elements>".

For wpa_supplicant/STA, this mechanism is enabled by setting
coloc_intf_reporting=1 in configuration and setting Collocated
Interference Report Elements as a hexdump with "SET coloc_intf_elems
<hexdump>" control interface command. The hexdump can contain one or
more Collocated Interference Report Elements (each including the
information element header). For additional testing purposes, received
requests are reported with "COLOC-INTF-REQ <dialog token> <automatic
report enabled> <report timeout>" control interface events and
unsolicited reports can be sent with "COLOC_INTF_REPORT <hexdump>".

This commit adds support for reporting changes in the collocated
interference (Automatic Report Enabled == 1 and partial 3), but not for
periodic reports (2 and other part of 3).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-30 14:07:51 +02:00
Ilan Peer
170244a1cd SME: Fix order of WPA IE in association request
In case that the protocol used for association is WPA the WPA IE was
inserted before other (non vendor specific) IEs. This is not in
accordance to the standard that states that vendor IEs should be placed
after all the non vendor IEs are placed. In addition, this would cause
the low layers to fail to properly order information elements.

To fix this, if the protocol used is WPA, store the WPA IE and reinsert
it after all the non vendor specific IEs were placed.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2018-10-20 11:26:13 +03:00
Andrei Otcheretianski
ac0ac1ddfd wpa_supplicant: Fix buffer overflow in roaming_consortiums
When configuring more than 36 roaming consortiums with SET_CRED, the
stack is smashed. Fix that by correctly verifying the
num_roaming_consortiums.

Fixes: 909a948b ("HS 2.0: Add a new cred block parameter roaming_consortiums")
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2018-10-14 20:47:35 +03:00
Ilan Peer
c04562e67e OWE: Improve discovery of OWE transition mode AP
An OWE AP device that supports transition mode does not transmit the
SSID of the OWE AP in its Beacon frames and in addition the OWE AP does
not reply to broadcast Probe Request frames. Thus, the scan results
matching relies only on Beacon frames from the OWE open AP which can be
missed in case the AP's frequency is actively scanned.

To improve the discovery of transition mode APs, include their SSID in
the scan command to perform an active scan for the SSIDs learned from
the open mode BSSs.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2018-10-12 19:59:26 +03:00
Jouni Malinen
a5e6270f25 OWE: Use shorter scan interval during transition mode search
Start scans more quickly if an open BSS advertising OWE transition mode
is found, but the matching OWE BSS has not yet been seen.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-12 19:59:26 +03:00
Sunil Dutt
91073ccaaa OWE: Attempt more scans for OWE transition SSID if expected BSS not seen
This commit introduces a threshold for OWE transition BSS selection,
which signifies the maximum number of selection attempts (scans) done
for finding OWE BSS.

This aims to do more scan attempts for OWE BSS and eventually select the
open BSS if the selection/scan attempts for OWE BSS exceed the
configured threshold.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-12 19:59:26 +03:00
Jouni Malinen
baf4c86379 HS 2.0: Request and process OSU Providers NAI List ANQP-element
Extend wpa_supplicant to use a separate OSU_NAI information from OSU
Providers NAI List ANQP-element instead of the OSU_NAI information from
OSU Providers list ANQP-element when connecting to the shared BSS
(Single SSID) for OSU.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-05 20:51:51 +03:00
Purushottam Kushwaha
cf94626c50 OWE: Do not try to enable PMF for non-RSN associations
Explicitly set the PMF configuration to 0 (NO_MGMT_FRAME_PROTECTION) for
non-RSN associations. This specifically helps with OWE transition mode
when the network block is configured with PMF set to required, but the
BSS selected is in open mode. There is no point to try to enable PMF for
such an association.

This fixes issues with drivers that use the NL80211_ATTR_USE_MFP
attribute to set expectations for PMF use. The combination of non-RSN
connection with claimed requirement for PMF (NL80211_MFP_REQUIRED) could
cause such drivers to reject the connection in OWE transition mode.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-04 00:26:41 +03:00
Srinivas Dasari
50b77f50e8 DPP: Flush PMKSA if an assoc reject without timeout is received
Flush the PMKSA upon receiving assoc reject event without timeout
in the event data, to avoid trying the subsequent connections
with the old PMKID. Do not flush PMKSA if assoc reject is
received with timeout as it is generated internally from the
driver without reaching the AP.

This extends commit d109aa6cac ("SAE:
Flush PMKSA if an assoc reject without timeout is received") to handle
also the DPP AKM.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-09-18 13:15:20 +03:00
Jouni Malinen
3ecb8a5203 ANQP: Parse and report Venue URL information
Parse the Venue URL ANQP-element payload and report it with the new
RX-VENUE-URL event messages if the query was done using PMF.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-09-15 05:17:49 +03:00
Jouni Malinen
075926ec71 HS 2.0: Add alternative OSU_SSID into providers info file
This adds the second SSID (the one used by the shared BSS) for OSU
connection when generating osu-providers.txt. External tools can use
that to configure multiple network profiles for OSU to cover the cases
where transition mode is used.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-09-12 02:52:50 +03:00
Beni Lev
077232f603 OCE: Add OCE capability attribute only when associating to an OCE AP
Signed-off-by: Beni Lev <beni.lev@intel.com>
2018-09-02 18:16:30 +03:00