Commit graph

175 commits

Author SHA1 Message Date
Jouni Malinen
5636991749 EAP-SIM/AKA peer: IMSI privacy attribute
Extend IMSI privacy functionality to allow an attribute (in name=value
format) to be added using the new imsi_privacy_attr parameter.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-25 20:18:40 +03:00
Jouni Malinen
99165cc4b0 Rename wpa_supplicant imsi_privacy_key configuration parameter
Use imsi_privacy_cert as the name of the configuration parameter for the
X.509v3 certificate that contains the RSA public key needed for IMSI
privacy. The only allowed format for this information is a PEM-encoded
X.509 certificate, so the previous name was somewhat confusing.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-24 00:44:03 +03:00
Jouni Malinen
42871a5d25 EAP-SIM/AKA peer: IMSI privacy
Add support for IMSI privacy in the EAP-SIM/AKA peer implementation. If
the new wpa_supplicant network configuration parameter imsi_privacy_key
is used to specify an RSA public key in a form of a PEM encoded X.509v3
certificate, that key will be used to encrypt the permanent identity
(IMSI) in the transmitted EAP messages.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-01 16:25:16 +03:00
Damien Dejean
c8e4283f90 D-Bus: Interworking network selection
Add the "InterworkingSelect" method to the DBus API to trigger an
Interworking scan with ANQP fetches. When a BSS that matches a
configured credential is found, the result is emitted using the signal
"InterworkingAPAdded". Completion of the full InterworkingSelect
operation is indicated with the "InterworkingSelectDone" signal.

Signed-off-by: Damien Dejean <damiendejean@chromium.org>
2021-12-12 17:51:46 +02:00
Damien Dejean
e232d97776 HS 2.0: Crypto engine support for creds
Add the support of engine, engine_id, ca_cert_id, cert_id, and key_id
parameters to credential blocks for Hotspot 2.0.

Signed-off-by: Damien Dejean <damiendejean@chromium.org>
2021-12-12 16:47:47 +02:00
Jouni Malinen
1ba8a315cd Avoid use of C++ keyword in a header file
Don't use 'protected' as the name of the variable in bss.h since this
might be used in control interfaces that use C++.

Fixes: 1c77f3d3f9 ("Indicate whether additional ANQP elements were protected")
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-02-21 12:48:13 +02:00
Andrei Otcheretianski
be5f7f3746 wpa_supplicant: Fix potential memleak on an error path
extra_buf allocation was missed in one of the error cases.

Fixes: 170775232d ("ANQP: Add support to specify frequency in ANQP_GET command")
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2021-02-20 00:18:45 +02:00
Jouni Malinen
b58ac90c38 Rename INTERWORKING_BLACKLISTED define
Use more accurate INTERWORKING_EXCLUDED for this. The actual event
prefix is not changed to remains compatible with external components
using this control interface event message.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-02-07 16:43:54 +02:00
Jouni Malinen
1c77f3d3f9 Indicate whether additional ANQP elements were protected
Store information on whether extra ANQP elements were received using the
protection alternative (protected GAS during an association using PMF)
and make this available through the control interface BSS command.

For example:
anqp[277]=<hexdump>
protected-anqp-info[277]=1

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-23 20:32:26 +02:00
Yegor Yefremov
b439b21a2f wpa_supplicant: Fix typos
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
2020-10-20 00:37:01 +03:00
Veerendranath Jakkam
170775232d ANQP: Add support to specify frequency in ANQP_GET command
Previously, wpa_supplicant fetched BSS channel info from scan results to
send ANQP Query frames. If the scan results for the specified BSS are
not available, the ANQP_GET command request was getting rejected.

Add support to send ANQP Query frame on the specified frequency without
requiring the scan results to be available.

The control interface command format:
- ANQP_GET <dst_addr> [freq=<freq in MHz>] <Query ID1>[,<Query ID2>,..]

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-08-13 17:51:00 +03:00
Jouni Malinen
cc2d03601b HS 2.0: Use global pmf=2 for the created network block
Previously, PMF support was enabled in optional mode (ieee80211w=1) for
Hotspot 2.0 network blocks automatically. This did not consider the
global PMF parameter and unconditionally changed that value to optional.
Since the newly added network block had an explicit ieee80211w
parameter, this overrode the global parameter. To make this less
surprising, use the global pmf parameter value to select whether to add
network blocks for Hotspot 2.0 with PMF being optionally enabled (pmf=0
or pmf=1) or required (pmf=2).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-09 00:55:13 +03:00
Veerendranath Jakkam
3790f3a6ee Use per-interface type driver key_mgmt capabilities when possible
Use key_mgmt_iftype instead of key_mgmt when the specific interface type
is known by the context of the operation.

Use per interface type AKM capabilities in capa.key_mgmt_iftype array
based on the wpa_supplicant context instead of using capa.key_mgmt to
determine the driver AKM capability.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-05-12 17:33:54 +03:00
Jouni Malinen
0c5edededa DPP: Fix config exchange with gas_rand_mac_addr
Do not use a random MAC address for the GAS exchange that is used as
part of the DPP protocol exchange since that would break DPP.
Configurator expects the same MAC address to be used for DPP
Authentication exchange and DPP Configuration exchange (GAS).

Since the DPP Authentication exchange has already used the MAC address
configured on the interface, use of a random address for the GAS
exchange would not provide any additional privacy protection. If a
random MAC address needs to be used for this type of an exchange, that
random address would need to be first configured on the interface before
starting DPP exchange.

This does not change GAS query behavior for any other use case, i.e.,
the gas_rand_mac_addr configuration continues to apply to all the
Interworking/Hotspot 2.0 uses.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-22 17:09:01 +03:00
Purushottam Kushwaha
783a99b73d HS2.0: Skip check for roaming_consortium for NAI realm query
Previously ANQP fetch considered NAI realm query only when cred block
did not specify roaming_consortium to optimize ANQP operations (NAI
realm list can have a very long value). In certain cases, both NAI realm
and roaming_consortium are configured in credential block and this
resulted in ANQP fetch for NAI realm not being initiated. That could
result in not being able to select the highest priority available
credential/network.

Remove roaming_consortium check for NAI realm query inclusion in ANQP
request so that we will request NAI realm information whenever it can
result in matching additional networks. This makes the ANQP queries more
costly in some cases, but the additional information is needed for
correct behavior in network selection.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-11-17 21:04:38 +02:00
Masashi Honma
6807eee9ca Interworking: Check NULL string to avoid compiler warning
Fix warning by gcc 9.2.1.

interworking.c: In function ‘interworking_home_sp_cred’:
interworking.c:2263:3: warning: ‘%s’ directive argument is null [-Wformat-overflow=]
 2263 |   wpa_msg(wpa_s, MSG_DEBUG,
      |   ^~~~~~~~~~~~~~~~~~~~~~~~~
 2264 |    "Interworking: Search for match with SIM/USIM domain %s",
      |    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 2265 |    realm);
      |    ~~~~~~

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-10-25 16:03:37 +03:00
Jouni Malinen
043de65f1c EAP peer config: Move ocsp param to phase1/phase2
OCSP configuration is applicable to each instance of TLS-based
authentication and as such, the configuration might need to be different
for Phase 1 and Phase 2. Move ocsp into struct eap_peer_cert_config and
add a separate ocsp2 network profile parameter to set this for Phase 2.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-09-01 17:19:35 +03:00
Purushottam Kushwaha
84ebc759a0 HS 2.0: Match credentials based on required_roaming_consortium
When required_roaming_consortium is set in a credential, station
should match this against Roaming Consortium(s) for a BSS similar
to how it is matching for roaming_consortiums during Interworking
credentials availability check for roaming_consortium.

In the context of Hotspot 2.0 PPS MO, this means addressing matching
part in the same manner for HomeSP/HomeOIList/<X+>/HomeOI regardless of
how HomeSP/HomeOIList/<X+>/HomeOIRequired is set (i.e., the required
part is used as an independent check for the AP advertising the needed
information while the "credential can be used here and this is a home
network" part is shared).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-15 16:51:02 +03:00
Purushottam Kushwaha
dcc31e7957 HS 2.0: Skip credential without EAP method for roaming consortium match
EAP method is required for a credential that matches configured
roaming_consortium with an Interworking AP. Hence skip credentials which
do not have EAP method specified for this match. This fixes an issue
where a credential that cannot work without EAP method from NAI Realms
information is selected first based on roaming consortium.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-14 23:10:51 +03:00
Jouni Malinen
7deb0450bc Interworking: Print HESSID in debug messages
This makes it easier to understand ANQP queries needed during
Interworking network selection.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-05 21:09:57 +03:00
Jouni Malinen
ed87f6a80e Use a helper function for checking Extended Capabilities field
The new ieee802_11_ext_capab() and wpa_bss_ext_capab() functions can be
used to check whether a specific extended capability bit is set instead
of having to implement bit parsing separately for each need.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-02 18:13:19 +02:00
Jouni Malinen
3ce48c440e HS 2.0: Fix PMF-in-use check for ANQP Venue URL processing
The previous implementation did not check that we are associated with
the sender of the GAS response before checking for PMF status. This
could have accepted Venue URL when not in associated state. Fix this by
explicitly checking for association with the responder first.

This fixes an issue that was detected, e.g., with these hwsim test case
sequences:
gas_anqp_venue_url_pmf gas_anqp_venue_url
gas_prot_vs_not_prot gas_anqp_venue_url

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-08 14:06:58 +02:00
Jouni Malinen
f44d760cf0 HS 2.0: Enable PMF automatically for Hotspot 2.0 network profiles
Hotspot 2.0 Release 2 requires PMF to be negotiated, so enable this by
default in the network profiles created from cred blocks.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-08 14:06:58 +02:00
Jouni Malinen
baf4c86379 HS 2.0: Request and process OSU Providers NAI List ANQP-element
Extend wpa_supplicant to use a separate OSU_NAI information from OSU
Providers NAI List ANQP-element instead of the OSU_NAI information from
OSU Providers list ANQP-element when connecting to the shared BSS
(Single SSID) for OSU.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-05 20:51:51 +03:00
Jouni Malinen
3ecb8a5203 ANQP: Parse and report Venue URL information
Parse the Venue URL ANQP-element payload and report it with the new
RX-VENUE-URL event messages if the query was done using PMF.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-09-15 05:17:49 +03:00
Jouni Malinen
6311547e7b HS 2.0: Add Roaming Consortium Selection network profile parameter
This adds new roaming_consortium_selection network profile parameter
into wpa_supplicant. This is used to store the OI that was used for
network selection (INTERWORKING_SELECT) based on matching against the
Roaming Consortium OIs advertised by the AP. This can also be used when
using an external component to perform selection.

This commit adds the network profile parameter, but does not yet include
it in (Re)Association Request frames.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-17 17:26:56 +03:00
Jouni Malinen
5b7695275c HS 2.0: Use roaming_consortiums list to match OIs for access
This extends Hotspot 2.0 credential matching to consider the
roaming_consortiums parameter when determining whether the cred block
matches the information advertised by an AP.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-17 17:26:53 +03:00
Jouni Malinen
aca4d84e3d DPP: Use wildcard BSSID in GAS query frames
Force use of the wildcard BSSID address in GAS query frames with DPP
regardless of how the gas_address3 configuration parameter is set. DPP
specification mandates this and the use of GAS here is really outside
the context of a BSS, so using the wildcard BSSID makes sense even for
the corner case of Configurator running on a known AP (where IEEE 802.11
standard would allow the BSSID of the AP to be used).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-02-10 12:42:00 +02:00
Ilan Peer
422570eec8 MBO: Fix possible memory leak in anqp_send_req()
In case that an mbo object is allocated, but there is a failure
to resize the wpabuf, need to free the mbo object.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2017-07-08 16:14:03 +03:00
Vidyullatha Kanchanapally
b5db6e5dc4 eap_proxy: Support multiple SIMs in get_imsi()
This allows the eap_proxy mechanism to be used with multiple SIMs by
following the configured sim_num to index which SIM to use for when
fetching the IMSI through eap_proxy.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-06 03:42:32 +03:00
Peng Xu
8d968351a0 Interworking: Add NULL checking for EAP name in phase2/autheap parameter
Add NULL checking for EAP name. If it is NULL, do not add the phase2
parameter autheap. This should not happen in practice due to earlier
checks for credential matching, but if there is a code path that would
allow this to be set, it is better to skip setting of the invalid value
and allow automatic selection of the Phase 2 parameters.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-05-26 13:20:52 +03:00
Jouni Malinen
8b49b530b3 Fix CONFIG_INTERWORKING=y build without CONFIG_HS20=y
Commit 34f2851902 ('MBO: Parse MBO
ANQP-element on STA') started using the type variable outside
CONFIG_HS20 block, but forgot to remove the ifdef from the variable
declaration.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-05-01 17:39:14 +03:00
Jouni Malinen
34f2851902 MBO: Parse MBO ANQP-element on STA
This extends the GAS/ANQP parser in wpa_supplicant to process MBO
ANQP-elements and indicate received Cellular Data Connection Preference
values over the control interface.

When a valid MBO ANQP-element is received, the following control
interface message is sent:

RX-MBO-ANQP <BSSID> cell_conn_pref=<value>

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-10 18:57:12 +02:00
Jouni Malinen
8ecf2231fd ANQP: Extend ANQP_GET command to request without IEEE 802.11 elements
Previously, ANQP_GET required at least one IEEE 802.11 ANQP-element to
be requested. This is not really necessary, so allow a case where
num_ids == 0 as long as the request includes at least one Hotspot 2.0 or
MBO ANQP-element.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-10 17:02:22 +02:00
Avraham Stern
2316cb358c MBO: Add option to add MBO query list to ANQP query
MBO techspec v0.0_r27 changed the MBO ANQP-element format. The MBO
element in ANQP query should now include an MBO Query List element that
contains a list of MBO elements to query.

Add API to add the MBO Query List to an ANQP query.

Format:
ANQP_GET <addr> <info_id>[,<info_id>]...[,mbo:<subtype>...]

Example for querying neighbor report with MBO cellular data
connection preference:
ANQP_GET <bssid> 272,mbo:2

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2017-03-10 16:53:10 +02:00
Jouni Malinen
9cad618679 FILS: Add Realm Information ANQP-element in BSS data
Add a named BSS command output entry for FILS Realm Information
ANQP-element (anqp_fils_realm_info).

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-18 11:41:51 +02:00
Jouni Malinen
a5c723adcf Interworking: Clear SCANNING state if no network selected
Commit 192ad3d730 ('Interworking: Clear
SCANNING state if no match found') did this for the case where no
network matched credentials, but left the SCANNING state in place if
there were a match, but automatic connection was not enabled. Extend
this to cover the case where INTERWORKING_SELECT is not followed by a
connection attempt so that wpa_state is not left indefinitely to
SCANNING.

This fixes a hwsim test case failure in the following sequence:
ap_anqp_sharing scan_trigger_failure

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-11 18:39:12 +02:00
vamsi krishna
8f47917493 MBO: Add support to send ANQP request to get cellular preference
This extends ANQP_GET command to support querying MBO cellular
preference also. The cellular preference can be requested along with
neigbor report by appending mbo:1 to the command arguments.

For example:
ANQP_GET <bssid> 272,mbo:1

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-09-30 22:45:03 +03:00
Jouni Malinen
f465c32dc2 Interworking: Define control interface message prefixes in wpa_ctrl.h
These control interface event message are used by external programs, so
define them a bit more formally in the header file.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-07-11 21:56:56 +03:00
Jouni Malinen
0da9869b02 Interworking: Remove unused allow_excluded from interworking_connect()
This argument was set to a hardcoded value 1 and as such, the other
cases were not reachable.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-07-04 17:49:57 +03:00
Jouni Malinen
f7c04e50bd Interworking: Combine identical error returns into a single one
There is no need to maintain separate "return -1;" for each of the
wpa_config_set() calls that cannot really fail in practice.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-07-03 22:37:01 +03:00
Jouni Malinen
c6c29be1bd Interworking: Add credential realm to EAP-TLS identity
If the configured credential includes a username without '@' (i.e., no
realm) in it and a realm, combine these to form the EAP-Request/Identity
value as "<username>@<realm>" for EAP-TLS. This was already done for
EAP-TTLS as part of the anonymous NAI conversion, but EAP-TLS could have
ended up using a username without any realm information which would be
unlikely to work properly with roaming cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-11 21:06:15 +02:00
Jan Nordqvist
8dd5c1b4e9 HS 2.0: Add a command to retrieve icon with in-memory storage
This adds a new command based Hotspot 2.0 icon retrieval option.

In short, here is the new command sequence:
1. REQ_HS20_ICON <bssid> <file-name>
2. event: RX-HS20-ICON <bssid> <file-name> <size>
3. GET_HS20_ICON <bssid> <file-name> <offset> <size>
   (if needed, repeat with larger offset values until full icon is
   fetched)
5. DEL_HS20_ICON <bssid> <file-name>

REQ_HS20_ICON is a new command that is analogous to HS20_ICON_REQUEST
with the slight difference that an entry to store the icon in memory is
prepared. The RX-HS20-ICON event has been augmented with BSSID,
file-name and size, and GET_HS20_ICON is used to retrieve a chunk of up
to <size> bytes of icon data at offset <offset>. Each chunk is returned
as a base64 encoded fragment, preceded by "HS20-ICON-DATA", BSSID, and
file-name as well as the starting offset of the data.

If there is no entry prepared for the icon when the ANQP result comes
back, hs20_process_icon_binary_file falls back to legacy behavior.

Finally the DEL_HS20_ICON command deletes (all) icons associated with
BSSID and file-name (there could be several if retries are used and they
have different dialog tokens).

Signed-off-by: Jan Nordqvist <jannq@google.com>
2015-12-19 18:34:01 +02:00
Jouni Malinen
67fea55ca2 Interworking: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-24 21:43:54 +03:00
Jouni Malinen
876e74aa5f Interworking: Fix wpa_supplicant build without CONFIG_HS20=y
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-07 17:07:21 +03:00
Jouni Malinen
8c4a1026b8 Interworking: Support unknown ANQP-elements in BSS table
This allows wpa_supplicant to expose internally unknown ANQP-elements in
the BSS command. For example, "ANQP_GET <BSSID> 265" can be used to
fetch the AP Geospatial Location ANQP-element and if the AP has this
information, the "BSS <BSSID>" command will include the response as
"anqp[265]=<hexdump>".

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-07 17:07:21 +03:00
Matti Gottlieb
0c28071872 Fix sending ANQP request to an unknown BSS while associated
While being associated, if an ANQP request is received for a different
AP that doesn't exist in the BSS list, the ANQP request will be sent on
the frequency of the AP that we are currently associated to.

In such a case, it is possible that the ANQP request would be sent on
a channel different than that of the requested AP, potentially delaying
other requests/activities.

Avoid sending the ANQP request to an AP that is not in the BSS list.

Signed-off-by: Matti Gottlieb <matti.gottlieb@intel.com>
2015-05-03 17:32:32 +03:00
Jouni Malinen
9f390f431c Interworking: Fix network selection warning without SIM/USIM support
interworking_credentials_available_3gpp() would have left excluded2
uninitialized without INTERWORKING_3GPP in the build. This could result
in a static analyzer warning within
interworking_credentials_available_helper() about use of uninitialized
variable. Get rid of that warning by explicitly initializing excluded2
even though this does not really result in any difference in behavior
since the excluded2 value would be used only if the non-NULL is returned
and that could not have been the case here without INTERWORKING_3GPP.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-04-26 17:00:26 +03:00
Jouni Malinen
192ad3d730 Interworking: Clear SCANNING state if no match found
Previously, it was possible for wpa_state to be left at SCANNING if
INTERWORKING_SELECT command failed to find any match. Now the state is
set to DISCONNECTED if the operation terminates because of no matching
networks.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-03-03 17:03:25 +02:00
Jouni Malinen
c28059091a Do not add blacklist entries based on normal disconnect request cases
There are number of cases where wpa_supplicant requests the current
connection to be disconnected before starting a new operation. Such
cases do not really indicate that there was an error in connecting or a
disconnection initiated by the AP, so do not add a temporary blacklist
entry in such sequences.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-01 15:54:24 +02:00