Commit graph

766 commits

Author SHA1 Message Date
Veerendranath Jakkam
6f634b0032 PMKSA: Make sure reauth time is not greater than expiration time
While creating a cloned PMKSA entry for OKC both expiration and
reauth_time values are set to maximum values, but later only the
expiration time is copied from the old PMKSA entry to the new PMKSA
entry. Due to this there is a possibility of reauth_time becoming
greater than expiration time in some cloned entries. To avoid this copy
reauth_time also to the cloned entry.

Also, add check to reject control interface commands with reauth time
greater than expiration time.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2021-10-15 19:16:37 +03:00
Arowa Suliman
3955d2af73 Replace "dummy" with "stub" in wps_testing_dummy_cred
Replace the word "dummy" with the inclusive word "stub".

Signed-off-by: Arowa Suliman <arowa@chromium.org>
2021-10-11 20:52:21 +03:00
Arowa Suliman
7b50f2f04c Replace "sanity" with "validity"
Replaced the word "sanity" with the inclusive word "validity". The
comment in acs_survey_interference_factor() was referring a function
that does not exist, so remove it instead of trying rename the function.

Signed-off-by: Arowa Suliman <arowa@chromium.org>
2021-10-11 20:25:21 +03:00
Chaoli Zhou
9651deba52 Support vendor element configuration for AP mode from wpa_supplicant
Support adding/deleting vendor elements dynamically for AP mode while it
is started by wpa_supplicant instead of hostapd which already supported
this. This adds ap_assocresp_elements global parameter and UPDATE_BEACON
control interface command to take the changed values into effect.

Usage in wpa_cli:
Add vendor IE for (Re)Association Response frames
> set ap_assocresp_elements=xxxx
Add vendor IE for Beacon/Probe Response frames
> set ap_vendor_elements=xxxx

Delete vendor IE from (Re)Association Response frames
> set ap_assocresp_elements
Delete vendor IE from Beacon/Probe Response frames
> set ap_vendor_elements

To make vendor IE changes take effect
> update_beacon

Signed-off-by: Chaoli Zhou <zchaoli@codeaurora.org>
2021-09-30 18:16:11 +03:00
Veerendranath Jakkam
d144b7f34c DSCP: Add support to send DSCP Policy Query frame
Add support to send DSCP Policy Query frame using a new control
interface command DSCP_QUERY. This includes support for a wildcard DSCP
query and a DSCP query with a single Domain Name attribute.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2021-09-30 16:56:56 +03:00
Veerendranath Jakkam
d57456c1ff DSCP: Allow DSCP Policy Response Action frame to be sent
Add support to prepare and send DSCP response action frame to the
connected AP in response to a new control interface command DSCP_RESP.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2021-09-29 17:01:34 +03:00
Veerendranath Jakkam
fe2a44485e DSCP: DSCP policy capability configuration
The DSCP policy capability is disabled by default. The user frameworks
which have support for handling DSCP policy request messages need to
enable this capability explicitly to allow wpa_supplicant to advertise
the capability to the AP and allow the related frames to be processed.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2021-09-28 11:07:21 +03:00
Hu Wang
ce267f4da9 P2P: DFS offload for the autonomous GO
Enhance the P2P_GROUP_ADD command to support DFS channel with 80 and 160
MHz bandwidth to be used for autonomous GO when using offloaded DFS.

For example, 'P2P_GROUP_ADD freq=5500 max_oper_chwidth=80 ht40 vht'

- Previous behavior: AP fallback to channel 100 using 20 MHz with
  "No VHT higher bandwidth support for the selected channel 100"
- Enhanced behavior: AP starts on channel 100 using 80 MHz with
  "VHT center channel 106 for 80 or 80+80 MHz bandwidth"

This functionality is on top of the driver's capability to offload DFS,
which is advertized through WPA_DRIVER_FLAGS_DFS_OFFLOAD.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-09-07 17:40:25 +03:00
Sreeramya Soratkal
e5173e8b12 P2P: Enable multiple channel widths for P2P in 6 GHz band
Enable support for P2P connection in 6 GHz with the channel width of 40
MHz, 80 MHz, and 160 MHz. The flag max_oper_chwidth is used to configure
the maximum channel width for P2P connection in 6 GHz with the commands
P2P_CONNECT, P2P_INVITE, and P2P_GROUP_ADD.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2021-09-02 18:41:12 +03:00
Vinita S. Maloo
e433d06dd5 Allow MSCS support to be disabled for testing purposes
"SET disable_mscs_support 1" can be used to disable indication of MSCS
support in the Extended Capabilities element for testing purposes. This
is also disabling addition of the MSCS element even if valid
configuration parameters had been configured.

Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
2021-08-12 18:28:07 +03:00
Vinita S. Maloo
025f8ab52e SCS: Processing of SCS Response frames
Add support to receive and process SCS Response frames from the AP and
indicate the status to upper layers.

Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
2021-08-12 18:28:07 +03:00
Vinita S. Maloo
b4e01ae929 Allow SCS supported to be disabled for testing purposes
"SET disable_scs_support 1" can be used to disable indication of SCS
support in the Extended Capabilities element for testing purposes.

Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
2021-08-12 18:28:07 +03:00
Vinita S. Maloo
c005283c48 SCS: Sending of SCS Request frames
Add support to parse SCS control interface command and form the SCS
Request frame to be sent to SCS enabled AP.

Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
2021-08-12 18:28:07 +03:00
Veerendranath Jakkam
b4f7506ff0 FILS: Flush external-PMKSA when connection fails without ERP keys
External applications can store PMKSA entries persistently and
reconfigure them to wpa_supplicant after restart. This can result in
wpa_supplicant having a PMKSA for FILS authentication without having
matching ERP keys for it which would prevent the previously added
mechanism for dropping FILS PMKSA entries to recover from rejected
association attempts.

Fix this by clearing PMKSA entries configured by external applications
upon FILS connection failure even when ERP keys are not available.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2021-07-14 21:35:24 +03:00
Sreeramya Soratkal
b36142a740 P2P: Add allow_6ghz parameter to control interface
Introduce a new allow_6ghz parameter with P2P_CONNECT, P2P_GROUP_ADD,
and P2P_INVITE commands for P2P connection on the 6 GHz channels when
Wi-Fi Display is enabled on both the devices. This commit is only adding
the interface change without changing any actual P2P functionality.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2021-06-14 20:24:37 +03:00
Sreeramya Soratkal
6423c23e3d P2P: Allow 6 GHz channels to be included in the P2P_FIND operation
Previously, the 6 GHz channels were disabled for P2P operations.
Introduce a new include_6ghz parameter for the P2P_FIND command to
configure P2P discovery on the 6 GHz channels.

However, the p2p_6ghz_disable parameter in the configuration takes a
higher priority. If the p2p_6ghz_disable parameter is not set in the
configuration, include_6ghz parameter can be used to enable or disable
the discovery operation in the 6 GHz channels for the P2P_FIND command.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2021-06-14 20:24:37 +03:00
Jouni Malinen
1c5aa2579d Add EAPOL_TX command to extend ext_eapol_frame_io possibilities
This makes it convenient for an external test script to use
ext_eapol_frame_io=1 to delay and/or modify transmission of EAPOL-Key
msg 1/4 without having to use separate frame injection mechanisms.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-05-11 21:13:56 +03:00
Jouni Malinen
d675d3b15b Add helper functions for parsing RSNXE capabilities
Simplify the implementation by using shared functions for parsing the
capabilities instead of using various similar but not exactly identical
checks throughout the implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-04-10 12:43:38 +03:00
Jouni Malinen
2445e18b6f tests: assoc+auth driver event
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-28 13:33:40 +03:00
Jouni Malinen
00bec7b5be tests: IEEE 802.1X and FORCE_UNAUTH state
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-28 12:36:18 +03:00
Ilan Peer
67014b3f74 PASN: Add support for comeback flow to wpa_supplicant
Process the received comeback cookie and retry automatically if the AP
allows this. Otherwise, provide the cookie to upper layers to allow a
later attempt with the cookie.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-21 18:28:34 +02:00
Ilan Peer
eaeec4da2d PASN: Add support for deauthentication flow in station
The new wpa_supplicant control interface command "PASN_DEAUTH
bssid=<BSSID>" can now be used to flush the local PTKSA cache for the
specified BSS and to notify the AP to request it to drop its PTKSA as
well.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 22:49:28 +02:00
Ben Greear
a746393dcf TWT: Allow specifying Control field value in TWT Request
See IEEE P802.11ax/D8.0, Figure 9-687 (Control field format) for
details.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2021-03-12 10:53:02 +02:00
Ben Greear
7fd2f24962 TWT: Support sending TWT Setup and Teardown Action frames
This adds new control interface commands TWT_SETUP and TWT_TEARDOWN. For
now, these are only for testing purposes to be able to trigger
transmission of the TWT Action frames without configuring any local
behavior for TWT in the driver.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2021-03-07 22:07:37 +02:00
Matthew Wang
5ac977758d Reject authentication start during explicit roam requests
The roam D-Bus and ROAM control itnerface commands flip the reassociate
bit before calling wpa_supplicant_connect(). wpa_supplicant connect
eventually aborts ongoing scans (if any), which causes scan results to
be reported. Since the reassociate bit is set, this will trigger a
connection attempt based on the aborted scan's scan results and cancel
the initial connetion request. This often causes wpa_supplicant to
reassociate to the same AP it is currently associated to instead of the
explicitly requested roaming target.

Add a roam_in_progress flag to indicate that we're currently attempting
to roam via an explicitly request to a specific BSS so that we don't
initiate another connection attempt based on the possibly received scan
results from a scan that was in progress at the time the roam command
was received.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2021-03-06 10:59:05 +02:00
Jouni Malinen
f03580e319 Restore permanent MAC address on the FLUSH command
Clear previously used random MAC address on the FLUSH command if
mac_addr setting has been disabled.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-02-21 17:22:37 +02:00
Jouni Malinen
1ba8a315cd Avoid use of C++ keyword in a header file
Don't use 'protected' as the name of the variable in bss.h since this
might be used in control interfaces that use C++.

Fixes: 1c77f3d3f9 ("Indicate whether additional ANQP elements were protected")
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-02-21 12:48:13 +02:00
Veerendranath Jakkam
8f204f69ac Show OCV and beacon protection capabilities in control interface
Indicate local support for Operating Channel Validation (OCV) and beacon
protection.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2021-02-16 00:47:43 +02:00
Jouni Malinen
48cfb52b7e Rename blacklist.[ch] to bssid_ignore.[ch]
This completes renaming of this functionality for a list of temporarily
ignored BSSIDs.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-02-07 17:28:45 +02:00
Jouni Malinen
626fc0dcd0 Rename wpa_blacklist to wpa_bssid_ignore
This is more accurate name for this functionality of temporarily
ignoring BSSIDs.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-02-07 17:28:45 +02:00
Jouni Malinen
72cd4293fb Rename the control interface BLACKLIST command to BSSID_IGNORE
Use a more specific name for the control interface command used for
managing the list of BSSIDs that are temporarily ignored.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-02-07 16:29:53 +02:00
Ilan Peer
a93ec28d10 PASN: Support PASN with SAE key derivation
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 20:27:14 +02:00
Ilan Peer
ad338cfe58 ctrl_iface: Add support for PASN authentication
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 19:15:47 +02:00
Ilan Peer
363768c8ac PASN: Add support for PASN processing to wpa_supplicant
Add PASN implementation to wpa_supplicant

1. Add functions to initialize and clear PASN data.
2. Add functions to construct PASN Authentication frames.
3. Add function to process PASN Authentication frame.
4. Add function to handle PASN frame TX status.
5. Implement the station side flow processing for PASN.

The implementation is missing support for wrapped data and PMKSA
establishment for base AKMs, and only supports PASN authentication or
base AKM with PMKSA caching.

The missing parts will be added in later patches.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 19:15:44 +02:00
Ilan Peer
d70060f966 WPA: Add PTKSA cache to wpa_supplicant for PASN
PASN requires to store the PTK derived during PASN authentication
so it can later be used for secure LTF etc. This is also true
for a PTK derived during regular connection.

Add an instance of a PTKSA cache for each wpa_supplicant
interface when PASN is enabled in build configuration.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 18:36:40 +02:00
Vinita S. Maloo
ea77568d8f Add user configured vendor IEs to default scan IEs
Add user configured vendor IEs for Probe Request frames to default scan
IEs so that these IEs will be included in the Probe Request frames for
the scans issued also by components other than wpa_supplicant.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-01-15 11:45:13 +02:00
Veerendranath Jakkam
7131fede34 Extend the setband support for 6 GHz and band combinations
Support possible band combinations of 2.4 GHz, 5 GHz, and 6 GHz with
QCA_WLAN_VENDOR_ATTR_SETBAND_MASK attribute. Ensure backwards
compatibility with old drivers that are using
QCA_WLAN_VENDOR_ATTR_SETBAND_VALUE attribute and supporting only 2.4 GHz
and 5 GHz bands.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-12-11 19:56:14 +02:00
Jouni Malinen
1c77f3d3f9 Indicate whether additional ANQP elements were protected
Store information on whether extra ANQP elements were received using the
protection alternative (protected GAS during an association using PMF)
and make this available through the control interface BSS command.

For example:
anqp[277]=<hexdump>
protected-anqp-info[277]=1

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-23 20:32:26 +02:00
Jouni Malinen
be7ee264f6 BSS: Use wrapper function for getting a pointer to the IE buffer
This makes it easier to change the internal struct wpa_bss design for
storing the variable length IE buffers.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-16 16:21:56 +02:00
Jouni Malinen
95edd81441 BSS: Add wpa_bss_get_ie_ext() wrapper
This removes need from the callers to know the struct wpa_bss details
for the location of the memory area for storing the IEs.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-16 16:00:21 +02:00
Vinita S. Maloo
c2c4686228 Set NLA_F_NESTED flag with NL80211_ATTR_VENDOR_DATA conditionally
The newer kernel versions enforce strict netlink attribute policy
validation and will cause cfg80211 to reject vendor commands with
NL80211_ATTR_VENDOR_DATA if NLA_F_NESTED attribute is not set but
if the vendor command is expecting nested data within
NL80211_ATTR_VENDOR_DATA attribute.

Most of the earlier instances were addressed by adding NLA_F_NESTED
flag in nla_nest_start(). This commit addresses the remaining
instance in which NL80211_ATTR_VENDOR_DATA is populated using data
set by user through the control interface.

Enhance the control interface VENDOR command to indicate whether the
vendor subcommand uses nested attributes within NL80211_ATTR_VENDOR_DATA
attribute or not.

Set NLA_F_NESTED flag for existing QCA vendor commands which use nested
attributes within the NL80211_ATTR_VENDOR_DATA attributes so that the
old frameworks implementations for already existing commands work
without any issues.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-10 23:48:00 +02:00
Yegor Yefremov
b439b21a2f wpa_supplicant: Fix typos
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
2020-10-20 00:37:01 +03:00
Jouni Malinen
0747432efd Fix spelling of "unexpected" in messages
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-16 12:45:26 +03:00
Brian Norris
4b96fafcd8 D-Bus: Share 'remove all networks' with CLI
The D-Bus implementation of RemoveAllNetworks differs wildly from the
CLI implementation. Let's share the implementations.

This resolves use-after-free bugs I noticed, where we continue to use
the 'wpa_s->current_ssid' wpa_ssid object after freeing it, because we
didn't bother to disconnect from (and set to NULL) current_ssid before
freeing it.

Signed-off-by: Brian Norris <briannorris@chromium.org>
2020-10-10 20:39:00 +03:00
Kevin Lund
2fd35d9857 wpa_supplicant: Track consecutive connection failures
Within wpas_connection_failed(), the 'count' value of wpa_blacklist is
erroneously used as a tally of the number times the device has failed
to associate to a given BSSID without making a successful connection.
This is not accurate because there are a variety of ways a BSS can be
added to the blacklist beyond failed association such as interference
or deauthentication. This 'count' is lost whenever the blacklist is
cleared, so the wpa_supplicant stores an additional value
'extra_blacklist_count' which helps persist the 'count' through clears.
These count values are used to determine how long to wait to rescan
after a failed connection attempt.

While this logic was already slightly wrong, it would have been
completely broken by the upcoming change which adds time-based
blacklisting functionality. With the upcoming change, 'count' values
are not cleared on association, and thus do not necessarily even
approximate the "consecutive connection failures" which they were being
used for.

This change seeks to remove this unnecessary overloading of the
blacklist 'count' by directly tracking consecutive connection failures
within the wpa_supplicant struct, independent of the blacklist. This new
'consecutive_conn_failures' is iterated with every connection failure
and cleared when any successful connection is made. This change also
removes the now unused 'extra_blacklist_count' value.

Signed-off-by: Kevin Lund <kglund@google.com>
Signed-off-by: Brian Norris <briannorris@chromium.org>
2020-10-10 18:34:59 +03:00
Matthew Wang
4756ecabcf Allow bgscan parameters to be reconfigured
Teach wpa_supplicant to {de,}initialize bgscans when bgscan parameters
are set after initial connection.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2020-10-09 16:50:36 +03:00
Matthew Wang
922fa09972 Global parser functions to return 1 when property unchanged
Currently, wpa_config_set(), the function that sets wpa_supplicant
per-network properties, returns 1 when a property it attempts to set is
unchanged. Its global parallel, wpa_config_process_global(), doesn't do
this even though much of the code is very similar. Change this, and
several of the parser functions, to resemble the per-network parser and
setter functions.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2020-10-09 16:50:36 +03:00
Vinita S. Maloo
a118047245 MSCS: Add support to send MSCS Request frames
Add support to send MSCS add/change/remove types of Action frames
to the connected AP.

Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
2020-08-14 11:53:35 +03:00
Veerendranath Jakkam
170775232d ANQP: Add support to specify frequency in ANQP_GET command
Previously, wpa_supplicant fetched BSS channel info from scan results to
send ANQP Query frames. If the scan results for the specified BSS are
not available, the ANQP_GET command request was getting rejected.

Add support to send ANQP Query frame on the specified frequency without
requiring the scan results to be available.

The control interface command format:
- ANQP_GET <dst_addr> [freq=<freq in MHz>] <Query ID1>[,<Query ID2>,..]

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-08-13 17:51:00 +03:00
Jouni Malinen
6d0217119e DPP2: Allow iteration count to be configured for DPP_RECONFIG
Add an optional iter=# parameter to DPP_RECONFIG similarly to the way
this was handled with DPP_CHIRP.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-08-07 23:22:31 +03:00