DPP supports provisioning of SAE password identifiers to uniquely
identify a password if the enrollee indicates support for them. Indicate
Enrollee support for that and add the received value into the network
profile.
I put everything under defines for CONFIG_DPP3 as this is a bleeding
edge feature in DPP.
This was tested against my DPP reference implementation acting as the
Configurator.
Signed-off-by: Dan Harkins <dharkins@lounge.org>
This separates the control interface specific generation of a text event
message away from the main implementation of USD and makes it more
convenient to add support for other control interface mechanisms like
dbus.
Signed-off-by: Lo,Chin-Ran <chin-ran.lo@nxp.com>
Add support for P2P2 bootstrapping with comeback mechanism using
Provision Discovery frames. Extend the control interface command
P2P_CONNECT to allow P2P2 bootstrapping handshake.
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
Process the Element Container attribute from NAN SDF frames and check if
P2P attributes are present. Add a P2P peer device entry if the NAN SDF
frame has matching service and P2P capabilities.
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
Add frequency list to active NAN USD Subscriber to search for a
Publisher on multiple channels. This is the publish channel list used by
the Subscriber to periodically search for a service on these channels.
publishChannelList was already supported in the Publisher and this
commit extends that to the Subscriber.
This is needed for a P2P2 seeker that is an active subscriber looking
for an advertiser on a list of publish channels.
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
Generate a random device identity key and save it to the config file.
Use the same identity key from config to derive DIRA for NAN SDF frames.
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
This was missing a newline at the end of the line.
Fixes: 8fa52a7974 ("FT: Allow wpa_supplicant to be configured to prepend PMKR1Name")
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
Extend the NAN Subscribe and Publish methods to allow p2p=1 to be
specified to include P2P attributes in a P2P IE to be added into the NAN
Element Container attribute. In addition, use the P2P Device Address for
the NAN SDFs for the P2P cases.
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
Support implementation architecture where the NAN discovery engine is
located in the driver/firmware instead of wpa_supplicant.
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
The restriction of the passphrase length to 8..63 characters is only
applicable for WPA2-Personal (PSK). Remove this constraint when
processing a configuration object that includes SAE without PSK.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Always set SNonce cookie and enable RSN Override elements validation
irrespective of the RSN Selection element usage in (Re)Association
Request frame when RSN overriding supported.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Modify wpa_supplicant code based on the updated driver interface for RSN
overriding capability indication.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Store the full set of AP's RSNE/RSNXE variants to wpa_sm while
processing association event. Commit 521374b978 did this for the cases
that were needed for SME-in-wpa_supplicant cases, but forgot to update
the cases needed for SME-in-driver. Convert those to the updated
protocol design as well.
Fixes: 521374b978 ("RSNO: Include all RSNE/RSNXE variants in EAPOL-Key message 3/4")
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Some APs do not advertise operating classes correctly for BSS Transition
Management. Try to determine the most likely operating frequency based
on the channel number (1..14 --> 2.4 GHz; 36..177 --> 5 GHz) if invalid
op_class == 255 is received in a BSS Transition Management Request. This
speeds up the following operating by avoiding a full scan due to an
unknown channel.
This extends the workaround that was added in commit 80ce804e88 ("WNM:
Workaround for broken AP operating class behavior") for invalid
operating class 0 to cover another observed case with invalid operating
class 255.
Signed-off-by: Yu Zhang(Yuriy) <quic_yuzha@quicinc.com>
If a scan triggers a regdom update into a 6 GHz-allowed regdom, and an
RNR element in one of the legacy band scan results points to a 6 GHz
scan result with a short SSID matching the current_ssid, delay
connection in favor of a 6 GHz-only scan. This will optimize the case in
which we first connect to a 5 GHz AP, then later roam to a 6 GHz one by
directly connecting to the 6 GHz one.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
wpas_trigger_6ghz_scan() returns 1 on success and 0 on failure to
trigger the scan. Checking the return value to be less than zero is not
correct. This was supposed to check for success, i.e., greater than
zero.
Fixes: 42add3c27b ("Scan 6 GHz channels after change to 6 GHz-allowed regdom")
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
In P2P_GROUP_ADD command and GroupAdd dbus method, frequency is passed
in as a parameter when restarting a persistent group. This is the group
operating frequency determined out of band. Use this pre-determined
frequency in P2P client as well to expedite the P2P scan.
Signed-off-by: Jintao Lin <jintaolin@chromium.org>
Expose whether a 6 GHz scan is in progress with the ScanInProgress6GHz
property and flush properties as soon as the property is updated, so
that platforms can choose not to disconnect while a 6 GHz scan is in
progress. Once the 6 GHz scan has completed and scan results have been
received, the ScanInProgress6GHz property is reset to false.
Signed-off-by: Ruth Mekonnen <rmekonnen@chromium.org>
When non_coloc_6ghz = false, the STA is expected to scan for colocated
APs. However, if the colocated AP is on a non-PSC channel, it will not
be detected during the 6 GHz-only scan because the frequency list is
limited to PSC channels. Even when the NL80211_SCAN_FLAG_COLOCATED_6GHZ
is set, the cfg80211 only scans a subset of the channels in the original
6 GHz scan request. Therefore, this patch adds non-PSC channels to the
original 6 GHz scan request.
Signed-off-by: Ruth Mekonnen <rmekonnen@chromium.org>
The test to scan for a single BSSID assumed that there is only a single
neighbor in the candidate list. Also do this optimization if there are
multiple neighbors but only one of them is valid.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
The preferred candidate list included bit just makes parsing the list
mandatory. The AP may still include a candidate list which we should use
to be able to optimize scanning. As such, always parse out the list but
still verify that if the list is not empty if the bit is set.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
There was an ancient code path to trigger a scan that was apparently
forgotten when the code was extended over time. It does not make any
sense to trigger a scan twice, so remove the earlier scan.
The earlier scan call was avoiding to trigger a new scan if a fixed
BSSID is configured. This seems like a reasonable restriction to do, so
add this check before starting a scan.
Consolidate everything so that scanning happens at the end of the
functions unless we bail out before. Add a "reset" label for all other
cases to ensure that we don't leave things in the a bad state.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
The dialog token must be non-zero. We are using this fact internally to
track the state in some cases, so ensure that the assumption is valid.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
According to Multiband Operation specification (r17, section 3.5.2),
a BSS Transition Management Request with the disassociation imminent
bit set should always be accepted.
This is enforced in case the request did not include a candidate list.
However, in case a candidate list was included but none of the APs in
the candidate list was found in the scan results, the request is
rejected.
Fix that by always accepting a request with the disassociation imminent
bit set even if no roaming candidate was found.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Having it in wnm_is_bss_excluded() is more generic as it works for other
locations (e.g., MLD link selection). So move the test and add a check
for the abridged bit while at it. Note that without the abridged bit
check another check would be needed (e.g., checking wnm_dialog_token) to
ensure that there isn't a rejection unless a BTM is in progress.
compare_scan_neighbor_results() calls wpa_scan_res_match() which calls
wnm_is_bss_excluded() so the previous behavior is maintained for WNM
scan result processing.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Following commits will move more checks into wnm_is_bss_excluded().
Prepare for that by changing the logical flow so that further checks can
be inserted.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
compare_scan_neighbor_results() was taking an age parameter to check
whether the BSS has been seen recently. This was used historically in a
codepath when no new scan was done. However, the logic was changed in
commit 20ed289a78 ("WNM: Clean up old scan data processing") and the
parameter is not used at all anymore as it is replaced by a different
logic. Remove it.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
ieee802_11_rx_bss_trans_mgmt_req() is already dealing with a lot of
things including the decisions on how to act on the frame. Split out
candidate list parsing to make it easier to work with the function.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Commit 17a2aa822c ("WNM: Follow BTM procedure if the last link is
dropped") added code to store either the MLD MAC address or BSSID when
being disassociated. However, it did not save which one was stored
making the tests later on awkward.
Store whether it was an MLD MAC address or not and then do the test
accordingly.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Commit e508c070c4 ("WNM: Keep BTM information until connection
completes") changed the logic so that much of the information about a
transition management request will be kept around for longer. However,
doing this also implies that the scan logic can be called multiple times
with wnm_dialog_token being set.
Add a guard to bail out if the scan was not done for a BTM request. But,
add it after the transition candidate validity check so that we reset
the state when a new scan invalidated it.
However, invalidation does not make sense for any scan, primarily an ML
probe request during a connection attempt should not trigger
invalidation. So move the call to wnm_scan_process() further down in the
list to avoid issues.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
For MLO association, specify the destination address as the AP MLD MAC
address for sending EAPOL frames. Previously, this was set to the BSSID
in all cases (and hoped for the driver to map it to MLD MAC address when
needed).
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Add transition mode SSIDs to the SSID scan-list for bgscan. This is
currently missing and bgscan fails to scan for SSIDs on the OWE
transition network if one is currently used.
Signed-off-by: David Bauer <mail@david-bauer.net>
This allows to use the ROAM control interface command to force roaming
on a transition network. Previously, this was not possible, as the open
SSID is stored for the connection profile. Add a new function to also
return OWE transition networks if the profile SSID is set as the
transition-ssid for the OWE RSN network.
Signed-off-by: David Bauer <mail@david-bauer.net>
Use the RSN Override Link KDE to include the override variants of the
RSNE/RSNXE for each link so that all variants are verifies when
processing the protected EAPOL-Key message 3/4.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This allows all variants to be verified based on a protected frame to
achieve robust downgrade protection.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This replaces the use of the RSNE Override and RSNE Override 2 elements
with empty payload to indicate which RSNE variant was used.
In addition, this adds stricter validation of the RSNE in
(Re)Association Request frame to allow only the pairwise cipher suites
and AKMs listed in the indicated RSNE variant to be used.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
wpa_supplicant select_network() relies on fast_associate to reuse old
scan results. However, this approach does not apply in some cases in
Android:
1 - If the selected network is hidden, and the SSID is in Chinese,
Android switches between fallback SSIDs, necessitating a new scan for
switching between different hidden SSIDs.
2 - Similarly, if the selected SSID is OWE (Opportunistic Wireless
Encryption), and the OWE SSID bands have been changed, select_network()
requires a fresh scan to discover hidden OWE SSIDs.
To address these, enhance select_network() to trigger new scans instead
of relying on fast_associate. This improves network selection behavior
in Android.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Use current connection MLO capability to fetch the appropriate
RSNE/RSNXE variant while processing association event.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
wpa_supplicant was ignoring RSNXE also if the AP is not using valid
RSN overriding combination when the STA supports RSN overriding. Fix
this fallback to the RSNXE when AP is not using valid RSN overriding.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Add support for RSNE/RSNXE Override elements. Use these elements to
determine AP's extended RSN parameters.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Update the version number for the build and also add the ChangeLog
entries for both hostapd and wpa_supplicant to describe main changes
between v2.10 and v2.11. Update the copyright years for the main
programs.
Signed-off-by: Jouni Malinen <j@w1.fi>
Using D-Bus, it is possible to add a valid UPnP service where 'query'
and 'response' are specified. In this case, memory for 'query' and
'response' is allocated but not used nor freed. Valgrind complains as
follows:
42 bytes in 1 blocks are definitely lost in loss record 32 of 75
at 0x484C214: calloc (vg_replace_malloc.c:1675)
by 0x41C673: wpabuf_alloc (wpabuf.c:124)
by 0x41C673: wpabuf_alloc_copy (wpabuf.c:162)
by 0x54F41A: wpas_dbus_handler_p2p_add_service (dbus_new_handlers_p2p.c:2762)
by 0x53B9A2: msg_method_handler (dbus_new_helpers.c:356)
by 0x53B9A2: message_handler (dbus_new_helpers.c:412)
by 0x4EAB4B8: dbus_connection_dispatch (in /usr/lib64/libdbus-1.so.3.19.13)
by 0x5495DF: dispatch_data (dbus_common.c:37)
by 0x5495DF: process_watch (dbus_common.c:73)
by 0x5495DF: process_watch_read (dbus_common.c:89)
by 0x41EE8E: eloop_sock_table_dispatch.part.0 (eloop.c:603)
by 0x41FA46: eloop_sock_table_dispatch (eloop.c:597)
by 0x41FA46: eloop_run (eloop.c:1233)
by 0x56A3CE: wpa_supplicant_run (wpa_supplicant.c:8074)
by 0x40DB06: main (main.c:393)
49 bytes in 1 blocks are definitely lost in loss record 37 of 75
at 0x484C214: calloc (vg_replace_malloc.c:1675)
by 0x41C673: wpabuf_alloc (wpabuf.c:124)
by 0x41C673: wpabuf_alloc_copy (wpabuf.c:162)
by 0x54F348: wpas_dbus_handler_p2p_add_service (dbus_new_handlers_p2p.c:2755)
by 0x53B9A2: msg_method_handler (dbus_new_helpers.c:356)
by 0x53B9A2: message_handler (dbus_new_helpers.c:412)
by 0x4EAB4B8: dbus_connection_dispatch (in /usr/lib64/libdbus-1.so.3.19.13)
by 0x5495DF: dispatch_data (dbus_common.c:37)
by 0x5495DF: process_watch (dbus_common.c:73)
by 0x5495DF: process_watch_read (dbus_common.c:89)
by 0x41EE8E: eloop_sock_table_dispatch.part.0 (eloop.c:603)
by 0x41FA46: eloop_sock_table_dispatch (eloop.c:597)
by 0x41FA46: eloop_run (eloop.c:1233)
by 0x56A3CE: wpa_supplicant_run (wpa_supplicant.c:8074)
by 0x40DB06: main (main.c:393)
Fix this ensuring that query and resp are freed both in the error and
non-error path of wpas_dbus_handler_p2p_add_service(). Also, add a test
in test_dbus.py to verify the correct behavior.
Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
SignalChange should be defined as a property of an interface.
Previously, it was incorrectly defined as a property of P2P peers.
Fixes: 7a7ce95746 ("dbus: Emit more information over D-Bus")
Signed-off-by: David Ruth <druth@chromium.org>
