Commit graph

4345 commits

Author SHA1 Message Date
Jouni Malinen
b979caae57 DPP: Network profile parameters for DPP AKM
Extend wpa_supplicant network profile to include parameters needed for
the DPP AKM: dpp_connector, dpp_netaccesskey, dpp_netaccesskey_expiry,
dpp_csign, dpp_csign_expiry.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 21:13:17 +03:00
Jouni Malinen
567da5bbd0 DPP: Add new AKM
This new AKM is used with DPP when using the signed Connector to derive
a PMK. Since the KCK, KEK, and MIC lengths are variable within a single
AKM, this needs number of additional changes to get the PMK length
delivered to places that need to figure out the lengths of the PTK
components.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 21:13:17 +03:00
Jouni Malinen
9c2b8204e6 DPP: Integration for hostapd
This adds DPP bootstrapping, authentication, and configuration into
hostapd similarly to how the design was integrated in wpa_supplicant.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 21:13:17 +03:00
Jouni Malinen
9beb2892de DPP: Add wpa_cli commands for DPP operations
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 21:13:17 +03:00
Jouni Malinen
461d39af40 DPP: Configuration exchange
This adds support for DPP Configuration Protocol using GAS. Full
generation and processing of the configuration object is not included in
this commit.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 21:13:15 +03:00
Jouni Malinen
30d27b048e DPP: Authentication exchange
Add wpa_supplicant control interface commands for managing DPP
Authentication exchange.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 21:12:30 +03:00
Jouni Malinen
be27e185b7 DPP: Bootstrap information management
Add wpa_supplicant control interface commands for parsing the bootstrap
info URI from a QR Code (get peer public key) and to generate a new
bootstrap info with private key for local use. The optional
key=<hexdump> argument to the DPP_BOOTSTRAP_GEN command can be used to
specify the bootstrapping private key in OpenSSL ECPrivateKey DER
encoding format. This results in the local bootstrapping information
entry being created with the specified key instead of generating a new
random one.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 12:03:30 +03:00
Jouni Malinen
d4d76d9835 Fix offchannel TX done handling for sequence of TX frames
There could be multiple pending TX operations and if the earlier ones
have used wait_time, but the last one did not, the driver call for
canceling pending wait was not done. This could result in the driver
getting stuck waiting for the previously scheduled wait time and not
being able to do new operations until that. Fix this by canceling the
wait if any of the past offchannel_send_action() calls since the last
offchannel_send_action_done() used non-zero wait_time.

This was showing up as issues in certain DPP Public Action frame
sequences when the same offchannel operation is used with multiple
frames and the last frame in the sequence does not need wait_time.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-17 18:04:54 +03:00
Jouni Malinen
005be3daa9 Add JavaScript Object Notation (JSON) parser (RFC7159)
This is needed for DPP configuration attributes/objects.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-17 18:04:51 +03:00
Jouni Malinen
77f273c82c Extend SHA-384 and SHA-512 support to match SHA-256
The additional SHA-384 and SHA-512 functionality is needed to support
DPP with various ECC curves.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-17 18:04:12 +03:00
Jouni Malinen
2c9d924975 P2P: Debug print P2P_FIND rejection reason
This can be helpful in figuring out what happened if P2P_FIND operation
is unexpectedly rejected.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-13 14:50:51 +03:00
Wu Gao
618aa22900 P2P: Fix p2p_in_provisioning clearing in failure case
wpa_s->p2p_in_provisioning needs to be cleared when group formation
fully completes. The change to postpone GO side handling to the first
data connection in commit 41f853235f
('P2P: Extend group formation timeout on GO to first data connection')
resulted in making this not happen in one P2P Client side case: EAP-WSC
timeout in PBC case. While that is quite special case since it requires
30 second timeout without receiving new EAPOL frames and not getting
disassociation, it can apparently happen in some cases in practice. This
would result in new P2P operations (e.g., P2P_FIND) getting rejected
until wpa_supplicant is restarted.

Fix this by clearing wpa_s->p2p_in_provisioning whenever processing a
group formation failure case. For group formation success,
wpa_s->p2p_in_provisioning is left set to non-zero value to avoid
breaking the earlier limits on the GO side.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-13 14:49:36 +03:00
Vidyullatha Kanchanapally
b5db6e5dc4 eap_proxy: Support multiple SIMs in get_imsi()
This allows the eap_proxy mechanism to be used with multiple SIMs by
following the configured sim_num to index which SIM to use for when
fetching the IMSI through eap_proxy.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-06 03:42:32 +03:00
Sunil Dutt
3c2bd55f03 P2P: wpas_p2p_select_go_freq() to check for supported pref_freq
This commit is similar to the commit
783c2920cc ('P2P: Check if the pref_freq
reported by the driver supports P2P') but extends the check for
supported pref_freq to wpas_p2p_select_go_freq().

This avoids issues with P2P_GROUP_ADD ending up selecting an unexpected
channel when get_pref_freq_list() (i.e.,
QCA_NL80211_VENDOR_SUBCMD_GET_PREFERRED_FREQ_LIST) is used. Filter the
list by removing channels that do not allow P2P operation at all.
Previously, only the explicitly disallowed channels were removed and
that could have resulted in selecting an operating channel that is not
allowed for P2P and failing to complete the operation to start the
group.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-05-27 11:41:02 +03:00
Peng Xu
8d968351a0 Interworking: Add NULL checking for EAP name in phase2/autheap parameter
Add NULL checking for EAP name. If it is NULL, do not add the phase2
parameter autheap. This should not happen in practice due to earlier
checks for credential matching, but if there is a code path that would
allow this to be set, it is better to skip setting of the invalid value
and allow automatic selection of the Phase 2 parameters.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-05-26 13:20:52 +03:00
Purushottam Kushwaha
34ee12c559 Do not flush PMKSA on bssid_hint change
Change in any network configuration at runtime will cause flush to
PMKSA cache. For most of the network parameters if there is no change
in value, PMKSA flush is not performed except 'bssid' and 'priority'.

Add 'bssid_hint' to exemption list of avoiding PMKSA flush on change.
This is needed to complete change in commit
43a356b268 ('Provide option to configure
BSSID hint for a network').

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-05-22 13:25:49 +03:00
Vasanthakumar Thiagarajan
aa56e36d66 driver: Make DFS domain information available to core
Current DFS domain information of the driver can be used in ap/dfs
to comply with DFS domain specific requirements like uniform spreading
for ETSI domain.

Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qti.qualcomm.com>
2017-05-13 20:01:44 +03:00
Purushottam Kushwaha
43a356b268 Provide option to configure BSSID hint for a network
This exposes user configurable option to set bssid_hint for a network.
bssid_hint indicates which BSS has been found a suitable candidate for
initial association for drivers that use driver/firmware-based BSS
selection. Unlike the bssid parameter, bssid_hint does not limit the
driver from selecting other BSSs in the ESS.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-05-12 00:20:59 +03:00
Jouni Malinen
95818ec174 Fix compiler warning with CONFIG_IEEE80211R no-CONFIG_FILS build
Addition of remove_ies() handled the CONFIG_IEEE80211R dependency, but
missed the caller being within CONFIG_FILS as well.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-05-09 23:36:36 +03:00
Jaap Keuter
6136394545 Make CONFIG_MACSEC depend on IEEE8021X_EAPOL
When reducing the configuration for MACsec/MKA to the bare minimum, so
no EAP authentication, just MACsec/MKA SA use with preshared key/name,
the EAPOL engine is still needed to run the protocol for MKA. Without
any EAP authentication options the IEEE8021X_EAPOL option is not set,
resulting in a non-working Key Agreement Entity.

Therefore the CONFIG_MACSEC block needs to move up and set the
IEEE8021X_EAPOL option.

Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
2017-05-08 16:28:27 +03:00
Masashi Honma
31a856a127 mesh: Make NL80211_MESHCONF_RSSI_THRESHOLD configurable
In some practical cases, it is useful to suppress joining to node in the
distance. The new field mesh_rssi_threshold could be used as RSSI
threshold for joining.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-05-08 16:23:02 +03:00
Nishant Chaprana
9f49474669 dbus: Add method to disable channel switching with a TDLS peer
This patch adds "TDLSCancelChannelSwitch" dbus method on
"fi.w1.wpa_supplicant1.Interface" interface to disable channel switching
with a TDLS peer.

Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
2017-05-07 22:08:43 +03:00
Nishant Chaprana
2a57b4b821 dbus: Add method to enable channel switching with a TDLS peer
This patch adds "TDLSChannelSwitch" dbus method on
"fi.w1.wpa_supplicant1.Interface" interface to enable channel switching
with a TDLS peer.

Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
2017-05-07 22:08:43 +03:00
Saurav Babu
1939505419 dbus: Add AbortScan method to abort ongoing scan
Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
2017-05-07 22:08:43 +03:00
Jouni Malinen
7d440a3bc4 FILS: Derive FT key hierarchy on supplicant side for FILS+FT
Derive PMK-R0 and the relevant key names when using FILS authentication
for initial FT mobility domain association. Fill in the FT IEs in
(Re)Association Request frame for this.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-05-07 22:08:41 +03:00
Dmitry Shmidt
be1ece46f5 wpa_supplicant: Add GET_CAPABILITY for P2P redirection
It will give capability to check channel list before P2P group is
created.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2017-05-05 00:43:23 +03:00
Vamsi Krishna
35bb8a9a57 Android: Define CONFIG_TESTING_OPTIONS if enabled in config
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-05-05 00:26:06 +03:00
Vamsi Krishna
178553b709 MBO: Add support to set ignore assoc disallow to driver
Add support to set ignore assoc disallow to the driver so that the
driver ignores assoc disallowed bit set by APs while connecting. This is
used by drivers that handle BSS selection and roaming internally.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-05-05 00:26:05 +03:00
Pradeep Reddy Potteti
f2a04874cf MBO: Fix possible NULL pointer dereference on candidate handling
If the driver provides input on MBO transition candidate handling, the
target value in get_mbo_transition_candidate() can be NULL if the driver
provided BSSID is not found in the wpa_supplicant BSS table. And later
it would be dereferenced. Fix this by adding an explicit check before
dereferencing the pointer.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-05-03 18:30:31 +03:00
Jouni Malinen
470f08b4f6 Enable CONFIG_WNM=y automatically for CONFIG_MBO=y builds
wpa_supplicant build with MBO enabled failed in CONFIG_WNM=y was not
specified explicitly. Add the WNM dependency automatically to avoid
needing explicit addition in build configuration.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-05-01 17:39:14 +03:00
Jouni Malinen
8b49b530b3 Fix CONFIG_INTERWORKING=y build without CONFIG_HS20=y
Commit 34f2851902 ('MBO: Parse MBO
ANQP-element on STA') started using the type variable outside
CONFIG_HS20 block, but forgot to remove the ifdef from the variable
declaration.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-05-01 17:39:14 +03:00
Sunil Dutt
0661163eff Do not blacklist the current AP on DISABLE_NETWORK
Disconnection due to DISABLE_NETWORK while being connected was resulting
in the AP getting blacklisted. Avoid this by setting own_disconnect_req
on a disconnect request due to DISABLE_NETWORK similarly to the
SELECT_NETWORK disconnection case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-29 17:46:36 +03:00
Vidyullatha Kanchanapally
da6a28ba60 FILS: Specify if FILS HLP was sent in connect
This adds a string "FILS_HLP_SENT" to connect event when HLP is sent
as part of ASSOC/CONNECT request.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-29 16:35:23 +03:00
Vidyullatha Kanchanapally
a38090b16d FILS: Add HLP to Connect IEs
Add FILS HLP elements to Connect IEs and fragment them if necessary.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-29 16:35:21 +03:00
Vidyullatha Kanchanapally
1e6780bda9 Allocate dynamic memory for connect IEs
This is needed to allow new elements (e.g., FILS HLP request) to be
added.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-29 16:34:48 +03:00
Ashwini Patil
9a72bfe9a4 Add control interface command to enable/disable roaming
The new "SET roaming <0/1>" command can now be used to control
driver-based roaming.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-24 11:10:44 +03:00
Jouni Malinen
183d3924cf WPS: Add option for using random UUID
If the uuid configuration parameter is not set, wpa_supplicant generates
an UUID automatically to allow WPS operations to proceed. This was
previously always using an UUID generated from the MAC address. This
commit adds an option to use a random UUID instead. The type of the
automatically generated UUID is set with the auto_uuid parameter: 0 =
based on MAC address (default; old behavior), 1 = random UUID.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-13 17:38:55 +03:00
Vidyullatha Kanchanapally
bbe7969d63 FILS: Update cache identifier on association
This is needed when offloading FILS shared key to the drivers.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-07 18:59:12 +03:00
Vidyullatha Kanchanapally
f705f41b7f FILS: Update PMKSA cache with FILS shared key offload
Add a new PMKSA cache entry within wpa_supplicant if a driver event from
offloaded FILS shared key authentication indicates a new PMKSA entry was
created.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-07 18:46:13 +03:00
Vidyullatha Kanchanapally
01ef320f19 FILS: Update ERP next sequence number with driver offload
This keeps the internal ERP information within wpa_supplicant in sync
with the driver when offloading FILS shared key authentication.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-07 18:46:13 +03:00
Vidyullatha Kanchanapally
5538fc9309 FILS: Track completion with FILS shared key authentication offload
Update the internal fils_completed state when offloading FILS shared key
authentication to the driver.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-07 18:46:13 +03:00
Vidyullatha Kanchanapally
8b0a6dba87 FILS: Connect request for offloaded FILS shared key authentication
Add FILS/ERP parameters into the driver connect command to support FILS
shared key authentication offload.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-07 18:46:13 +03:00
Vidyullatha Kanchanapally
79f3121bb4 FILS: Set cache identifier in current PMKSA entry for driver-SME case
This was already done in sme_send_authentication() for the case where
wpa_supplicant SME is used. Similar change is needed for driver-SME to
allow FILS authentication to be offloaded to the driver.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-07 18:46:13 +03:00
Vidyullatha Kanchanapally
42e69bda2a FILS: Add support for Cache Identifier in add/remove PMKSA
Add support for setting and deleting PMKSA cache entries based on FILS Cache
Identifer. Also additionally add support for sending PMK as part of
SET_PMKSA to enable driver to derive keys in case of FILS shared key
offload using PMKSA caching.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-07 18:46:13 +03:00
Vidyullatha Kanchanapally
6fbb54140b driver: Move add_pmkid() and remove_pmkid() arguments into a struct
This makes it easier to add more arguments to these wpa_driver_ops
functions.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-07 17:03:35 +03:00
vamsi krishna
199eb3a4e6 FILS: Add support to write FILS key_mgmt values in network blocks
Add support to write FILS related key_mgmt values also while saving a
network block.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-07 16:12:41 +03:00
Jouni Malinen
af3e362fa7 FILS: Add MDE into Authentication frame for FILS+FT
When using FILS for FT initial mobility domain association, add MDE to
the Authentication frame from the STA to indicate this special case for
FILS authentication.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-04-02 13:23:34 +03:00
Jouni Malinen
c10e0ccc9e Hide *PMKSA_ADD parameters from debug log
PMKSA_ADD and MESH_PMKSA_ADD command arguments include keying material,
so show it in debug log only if requested to do with the command line -K
argument.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-04-02 12:37:33 +03:00
Shaul Triebitz
3d5f0e916d wpa_supplicant: Avoid associating to temp disabled SSID in ap_scan=2
In ap_scan=2 mode, wpa_supplicant_assoc_try() did not check whether the
SSID is temporarily disabled before trying to associate and this may
result in an infinite connect/disconnect loop. If the association
succeeds while the SSID is temporarily disabled, wpa_supplicant will
request to deauthenticate and that in turn will cause the SSID to be
temporarily disabled again. Fix that by postponing the association until
the SSID is no longer temporarily disabled.

Signed-off-by: Shaul Triebitz <shaul.triebitz@intel.com>
2017-03-29 15:03:16 +03:00
Masashi Honma
fbba28f8c5 P2P: Suppress warning on non-P2P config
Without CONFIG_P2P config, the following warning occurs if CONFIG_AP is
enabled for the build:

ap.c: In function ‘wpas_conf_ap_vht’:
ap.c:54:5: warning: unused variable ‘channel’ [-Wunused-variable]
  u8 channel = conf->channel;
     ^
ap.c:53:5: warning: unused variable ‘center_chan’ [-Wunused-variable]
  u8 center_chan = 0;
     ^

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-03-27 17:21:02 +03:00
Vidyullatha Kanchanapally
6a4363f5f5 MBO: Fix reject reason codes
This change fixes the following compilation warnings:

wnm_sta.c:1007:4: warning: implicit conversion from enumeration type
 'enum mbo_transition_reason' to different enumeration type
 'enum mbo_transition_reject_reason' [-Wenum-conversion]

The actual value of both MBO_TRANSITION_REASON_UNSPECIFIED and
MBO_TRANSITION_REJECT_REASON_UNSPECIFIED is 0, so this does not result
in any change in the contents of the frames.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-26 21:13:21 +03:00
Jouni Malinen
a34317b526 GAS: Handle no-ACK TX status for GAS request frames
Previously, only the success and failure (to TX) cases were handled. It
is also possible for the driver to transmit the frame, but not receive
an ACK from the recipient. Address that by waiting for a short period of
time for a response. This fixes cases where OSU provider icon fetching
could get stuck if no ACK frame is received.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-26 21:13:21 +03:00
Jouni Malinen
31e130f82c FILS: Add FILS-SK-PFS capability into "GET_CAPABILITY fils" command
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-13 11:46:30 +02:00
Jouni Malinen
6498351670 FILS: Check FILS Indication element against local network profile
Do not try to use FILS authentication unless the AP indicates support
for the type the local network profile enforces.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-12 23:23:09 +02:00
Jouni Malinen
76e20f4fa7 FILS: Add FILS SK auth PFS support in STA mode
This adds an option to configure wpa_supplicant to use the perfect
forward secrecy option in FILS shared key authentication. A new build
option CONFIG_FILS_SK_PFS=y can be used to include this functionality. A
new runtime network profile parameter fils_dh_group is used to enable
this by specifying which DH group to use. For example, fils_dh_group=19
would use FILS SK PFS with a 256-bit random ECP group.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-12 23:20:32 +02:00
Jouni Malinen
6115238492 OWE: Add CONFIG_OWE=y build option
This can be used to enable OWE support in hostapd and wpa_supplicant
builds.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-12 20:43:06 +02:00
Jouni Malinen
0a6147991e OWE: Process Diffie-Hellman Parameter element in STA mode
This adds STA side addition of OWE Diffie-Hellman Parameter element into
(Re)Association Request frame and processing it in (Re)Association
Response frame.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-12 19:24:11 +02:00
Jouni Malinen
09368515d1 OWE: Process Diffie-Hellman Parameter element in AP mode
This adds AP side processing for OWE Diffie-Hellman Parameter element in
(Re)Association Request frame and adding it in (Re)Association Response
frame.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-12 19:24:11 +02:00
Jouni Malinen
f9561868ec OWE: Add driver capability flag for OWE AKM
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-12 19:24:11 +02:00
Jouni Malinen
a1ea1b4522 OWE: Define and parse OWE AKM selector
This adds a new RSN AKM "OWE".

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-12 19:24:11 +02:00
Johannes Berg
b07ff9cb04 wpa_supplicant: Allow disabling HT in AP mode without HT overrides
Since VHT can be toggled explicitly, also expose being able to disable
HT explicitly, without requiring HT overrides. Continue making it
default to enabled though.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-03-11 11:11:55 +02:00
Johannes Berg
2124a615e3 wpa_supplicant: Allow explicit wide channel configuration for AP mode
Instead of deducing the wide (HT, VHT) channel configuration only
automatically in P2P mode, allow it to be configured in the network
in non-P2P mode.

Also allow all of these parameters to be configured through the control
interface or the configuration file.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-03-11 10:59:51 +02:00
Jörg Krause
57ee04dc7d wpa_cli: Execute action file in case of WPS_EVENT_TIMEOUT
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
2017-03-11 10:58:28 +02:00
Jörg Krause
6252b981d9 wpa_cli: Execute action file in case of WPS_EVENT_ACTIVE
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
2017-03-11 10:58:10 +02:00
Jörg Krause
acdf502197 WPS: Notify about WPS PBC event in Enrollee mode
Previously, the event "WPS-PBC-ACTIVE" was only generated when
wpa_supplicant is operating as WPS Registrar whereas "WPS-SUCCESS" or
"WPS-TIMEOUT" are generated for both, the Registrar and the Enrollee
roles.

Also generate the event when wpa_supplicant is operating as WPS Enrollee
to allow monitoring the begin and the end of a WPS PBC process.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
2017-03-11 10:56:58 +02:00
Johannes Berg
15e5ee0b75 wpa_supplicant: events: Don't bounce timeout reason through a buffer
There's no point in making the code use a stack buffer and first copying
the string there, only to copy it again to the output. Make the output
directly use the reason string.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-03-11 10:52:43 +02:00
Avraham Stern
e97d15b733 wpa_cli: Update wnm_bss_query auto complete message
It is now possible to add neighbor configuration to wnm_bss_query.
Update the auto complete message to reflect that.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2017-03-11 10:49:08 +02:00
Avraham Stern
15ab61eda0 WNM: Add option to configure candidates for BTM query candidate list
Add a mechanism to configure the candidates for BTM query candidate list
manually. This can be used to verify AP behavior for various candidates
preferences.

usage:
wnm_bss_query <reason> [neighbor=<BSSID>,<BSSID information>,
	                <operating class>,<channel number>,
			<PHY type>[,<hexdump of optional subelements>]]

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2017-03-11 10:47:28 +02:00
Avraham Stern
13bf18eda5 WNM: Use a dynamically allocated buffer for BTM query and response
BSS transition management query and response use a large static buffer
for the frame because the candidate list may require a lot of space.
However, in most cases the actually used space will be much less than
the buffer (since the candidate list is short or completely missing).

Use a dynamically allocated buffer instead and allocate it according
to the actual space needed.

While at it, remove unneeded filling of the MAC header in the Action
frames, since this gets ignored and wpa_drv_send_action() adds the MAC
header anyway.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2017-03-10 23:52:44 +02:00
Jouni Malinen
34f2851902 MBO: Parse MBO ANQP-element on STA
This extends the GAS/ANQP parser in wpa_supplicant to process MBO
ANQP-elements and indicate received Cellular Data Connection Preference
values over the control interface.

When a valid MBO ANQP-element is received, the following control
interface message is sent:

RX-MBO-ANQP <BSSID> cell_conn_pref=<value>

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-10 18:57:12 +02:00
Jouni Malinen
8ecf2231fd ANQP: Extend ANQP_GET command to request without IEEE 802.11 elements
Previously, ANQP_GET required at least one IEEE 802.11 ANQP-element to
be requested. This is not really necessary, so allow a case where
num_ids == 0 as long as the request includes at least one Hotspot 2.0 or
MBO ANQP-element.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-10 17:02:22 +02:00
Avraham Stern
2316cb358c MBO: Add option to add MBO query list to ANQP query
MBO techspec v0.0_r27 changed the MBO ANQP-element format. The MBO
element in ANQP query should now include an MBO Query List element that
contains a list of MBO elements to query.

Add API to add the MBO Query List to an ANQP query.

Format:
ANQP_GET <addr> <info_id>[,<info_id>]...[,mbo:<subtype>...]

Example for querying neighbor report with MBO cellular data
connection preference:
ANQP_GET <bssid> 272,mbo:2

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2017-03-10 16:53:10 +02:00
Purushottam Kushwaha
d0330d57f3 nl80211: Add option to delay start of schedule scan plans
The userspace may want to delay the the first scheduled scan.
This enhances sched_scan to add initial delay (in seconds) before
starting first scan cycle. The driver may optionally choose to
ignore this parameter and start immediately (or at any other time).

This uses NL80211_ATTR_SCHED_SCAN_DELAY to add this via user
global configurable option: sched_scan_start_delay.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-09 15:44:26 +02:00
Jouni Malinen
b696f791ac RRM: Fix wpas_rrm_send_msr_report() loop handling
The while (len) loop was updating the next pointer at the end even when
len == 0, i.e., when the new next value won't be used. This could result
in reading one octet beyond the end of the allocated response wpabuf.
While the read value is not really used in practice, this is not correct
behavior, so fix this by skipping the unnecessary next pointer update in
len == 0 case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-08 16:16:37 +02:00
Avraham Stern
891aa65b88 RRM: Use dynamically allocated buffer for beacon report
The maximum required size for each Beacon Report element is known in
advance: it is the size of the Beacon Report element fixed fields + the
size of the Reported Frame Body subelement.

Allocate the buffer used for constructing the Beacon Report element
dynamically with the maximum needed size, instead of using a very
large static buffer.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2017-03-08 16:05:52 +02:00
Johannes Berg
a1f11e34c4 Use os_memdup()
This leads to cleaner code overall, and also reduces the size
of the hostapd and wpa_supplicant binaries (in hwsim test build
on x86_64) by about 2.5 and 3.5KiB respectively.

The mechanical conversions all over the code were done with
the following spatch:

    @@
    expression SIZE, SRC;
    expression a;
    @@
    -a = os_malloc(SIZE);
    +a = os_memdup(SRC, SIZE);
    <...
    if (!a) {...}
    ...>
    -os_memcpy(a, SRC, SIZE);

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-03-07 13:19:10 +02:00
Kanchanapally, Vidyullatha
af8bc24da3 MBO: Add support for transition reject reason code
Add support for rejecting a BSS transition request using MBO reject
reason codes. A candidate is selected or rejected based on whether it is
found acceptable by both wpa_supplicant and the driver. Also accept any
candidate meeting a certain threshold if disassoc imminent is set in BTM
Request frame.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-07 00:34:14 +02:00
Kanchanapally, Vidyullatha
3ab484928a nl80211: Driver command for checking BTM accept/reject
Add driver interface command using the QCA vendor extensions to check
the driverr whether to accept or reject a BSS transition candidate. For
the reject case, report an MBO reject reason code.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-07 00:20:29 +02:00
Avraham Stern
23cddd7519 wpa_supplicant: Fix non_pref_chan example
The parsing code expects non_pref_chan to be non-quoted.
Fix the example in wpa_supplicant.conf not to include
quotes.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2017-03-06 23:41:26 +02:00
Hu Wang
57d3c5913a Clear scan_res_handler on no-retry failure
Previously it was possible for wpa_s->scan_res_handler to remain set to
its old value in case wpa_drv_scan() failed and no retry for the scan
trigger was scheduled (i.e., when last_scan_req == MANUAL_SCAN_REQ).
This could result in getting stuck with the next connection attempt
after a failed "SCAN TYPE=ONLY" operation when wpa_s->scan_res_handler
was set to scan_only_handler().

Fix this by clearing wpa_s->scan_res_handler if wpa_drv_scan() fails and
no retry is scheduled.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-01 16:39:30 +02:00
Amarnath Hullur Subramanyam
e9518ae749 WFD: Add WFD R2 Subelements
Define and add support for WFD R2 Subelements.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-01 11:59:57 +02:00
Jouni Malinen
206516e8c2 af_alg: Crypto wrappers for Linux kernel crypto (AF_ALG)
CONFIG_TLS=linux can now be used to select the crypto implementation
that uses the user space socket interface (AF_ALG) for the Linux kernel
crypto implementation. This commit includes some of the cipher, hash,
and HMAC functions. The functions that are not available through AF_ALG
(e.g., the actual TLS implementation) use the internal implementation
(CONFIG_TLS=internal).

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-28 11:24:15 +02:00
Ashwini Patil
dca4b503f1 MBO: Fix minimum length check on non_pref_chan configuration
The reason detail field in non_pref_chan attribute was removed
from MBO draft v0.0_r25. Also oper_class can be 1 character for
few country codes (e.g., country code-UK, channel number-1). So the
shortest channel configuration is 7 characters.

This was missed in the earlier commit
4a83d4b686 ('MBO: Do not add reason_detail
in non_pref_chan attr (STA)') that took care of other changes related to
removal of the reason detail.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-26 12:26:22 +02:00
Jouni Malinen
c4bb39707f Fix AES-SIV build dependencies
aes-siv.c needs functions from aes-ctr.c and aes-omac1.c, so set
NEED_AES_CTR=y and NEED_AES_OMAC1=y if NEED_AES_SIV is defined. This
fixes some build configuration combinations where either of those
dependencies were not pulled in through other parameters. For example,
some CONFIG_FILS=y cases were impacted.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-26 12:05:40 +02:00
Jouni Malinen
694a3a0d64 mesh: Fix CONFIG_MESH=y build without CONFIG_IEEE80211W=y
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-26 12:05:40 +02:00
Jouni Malinen
88a447556e Fix SELECT_NETWORK freq parameter
This functionality was originally added in commit
204c9ac4ee ('Extend select_network command
with freq= to reduce scan time') re-using wpa_s->manual_scan_freqs and
MANUAL_SCAN_REQ. That got broken when commit
35d403096e ('Set NORMAL_SCAN_REQ on
SELECT_NETWORK/ENABLE_NETWORK') started overriding wpa_s->scan_req for
SELECT_NETWORK.

Fix this by adding a new scan frequency list specifically for
SELECT_NETWORK so that this does not need to depend on any specific
wpa_s->scan_req value.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-26 12:05:40 +02:00
Saurav Babu
d02989f2e4 D-Bus: Notify mesh capability if driver supports it
Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
2017-02-26 12:05:40 +02:00
Jouni Malinen
b7286c1b5d FILS: External management of PMKSA cache entry with Cache Identifier
The PMKSA_GET and PMKSA_ADD commands can now use an optional extra
parameter to fetch and add PMKSA cache entries with the FILS Cache
Identifier.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-26 12:05:40 +02:00
Jouni Malinen
869af30728 FILS: Use FILS Cache Identifier to extend PMKSA applicability
This allows PMKSA cache entries for FILS-enabled BSSs to be shared
within an ESS when the BSSs advertise the same FILS Cache Identifier
value.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-26 12:05:40 +02:00
Jouni Malinen
6aea02e579 SME: Clear portValid on starting authentication to fix FILS
The ft_completed for FILS authentication case in
wpa_supplicant_event_assoc() depends on something having cleared
portValid so that setting it TRUE ends up authorizing the port. This
clearing part did not happen when using FILS authentication during a
reassociation within an ESS. Fix this by clearing portValid in
sme_send_authentication() just before the keys are cleared (i.e., the
old connection would not be usable anyway).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-21 12:51:48 +02:00
Jouni Malinen
ba9774bd76 FILS: Fix BSSID in reassociation case
The RSN supplicant implementation needs to be updated to use the new
BSSID whenever doing FILS authentication. Previously, this was only done
when notifying association and that was too late for the case of
reassociation. Fix this by providing the new BSSID when calling
fils_process_auth(). This makes PTK derivation use the correct BSSID.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-21 12:26:57 +02:00
Saurav Babu
213eb18851 dbus: Set mode to mesh in bss properties when mesh is supported
Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
2017-02-20 22:14:19 +02:00
Purushottam Kushwaha
3f23260da8 nl80211: Notify reason for connection timeout failure
This adds reason for timeout in event CTRL-EVENT-ASSOC-REJECT whenever
connection failure happens because of timeout. This extends the
"timeout" parameter in the event to include the reason, if available:
timeout=scan, timeout=auth, timeout=assoc.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-20 10:47:08 +02:00
Peng Xu
d512f406fc hostapd: Add IEEE 802.11ax HE IEs into Beacon/Probe Response frames
IEEE 802.11ax HE changes to include HE IEs in Beacon and Probe Response
frames. These elements are using vendor specific forms for now since the
IEEE 802.11ax draft is not yet finalized and the element contents is
subject to change.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-19 17:37:55 +02:00
Peng Xu
94380cb40a hostapd: Initial IEEE 802.11ax (HE) definitions
Add IEEE 802.11ax definitions for config, IEEE structures, and
constants. These are still subject to change in the IEEE process.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-19 17:37:52 +02:00
Masashi Honma
84ea61cffe mesh: Use correct rate in HT and legacy mixed environment
Let mesh STA A be a STA which has config disable_ht=1.
Let mesh STA B be a STA which has config disable_ht=0.
The mesh STA A and B was connected.

Previously, the mesh STA A sent frame with HT rate even though its HT
was disabled. This commit fixes the issue by checking the local BSS HT
configuration.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-02-19 16:01:17 +02:00
Masashi Honma
025c6a47fb VHT: Remove a redundant check
This check is already done in ibss_mesh_setup_freq().

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-02-19 16:01:17 +02:00
Jouni Malinen
c6c41f6ea6 FT: Support addition of RIC elements into Reassociation Request frame
The new "SET ric_ies <hexdump>" control interface command can now be
used to request wpa_supplicant to add the specified RIC elements into
Reassociation Request frame when using FT protocol. This is mainly for
testing purposes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-18 21:39:01 +02:00
Jouni Malinen
62944f7d2c Add HMAC-SHA384 with internal crypto
This is a copy of the internal HMAC-SHA256 implementation with the hash
block size and output length updated to match SHA384 parameters.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-16 22:15:29 +02:00
Jouni Malinen
3a7819f0ad P2P: Add P2P_SET override_pref_op_chan to allow overriding preference
This new P2P_SET parameter uses <op_class>:<channel> format and is used
mainly for testing purposes to allow overriding the value of the GO
Negotiation Response frame Operating Channel attribute.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-16 12:08:22 +02:00
Jouni Malinen
c06fca04fd Add wpa_supplicant SET get_pref_freq_list_override
This can be used to override driver get_pref_freq_list() operation for
more convenient testing of preferred frequency list functionality.

Override string format:
<if_type1>:<freq1>,<freq2>,... <if_type2>:...

if_type: 0=STATION, 2=AP, 3=P2P_GO, 4=P2P_CLIENT, 8=TDLS, 9=IBSS

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-16 12:08:22 +02:00
Jouni Malinen
b4d56efb1a Use throughput estimate-based BSS selection with larger SNR difference
Previously, the est_throughput comparison was done only when SNR
difference was less than 5 dB. Since the throughput estimation take into
account SNR, this can be done in more cases. For now, add a conservative
2 dB more to the difference so that any SNR difference below 7 dB
results in BSS selection based on throughput estimates.

In addition, the throughput estimates require SNR values to be
available, so separate this from the 5 GHz preference that can be done
based on either SNR or qual values.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-16 12:05:10 +02:00
Jouni Malinen
1420414878 Drop GREAT_SNR definition from 30 to 25 dB
This allows throughput estimates and 5 GHz preference over 2.4 GHz band
to be used in more cases. The previously used value of 30 was
significantly more conservative than the SNR limits used for the highest
rate in scan_est_throughput() and this resulted in cases where 5 GHz AP
was ignored while SNR with it would have been close to reaching the
maximum TX rate.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-16 11:15:13 +02:00
Jouni Malinen
b5562a1a6e FILS: Remove CRC32 dependency from build
The published P802.11ai version does not use CRC32 anymore, so remove
inclusion of crc32.o into wpa_supplicant and hostapd builds based on
CONFIG_FILS=y.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-13 23:17:31 +02:00
Jouni Malinen
577e794eba Sync android.config with wpa_supplicant defconfig changes
This adds new edits from defconfig to android.config. No new build
options are enabled, i.e., this is only bringing in comment updates and
new parameters in commented out form.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-11 10:21:56 +02:00
Jouni Malinen
784710b7ff Add bgscan options to wpa_supplicant defconfig
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-11 10:21:24 +02:00
Jouni Malinen
212a8f487f Fix wpa_supplicant defconfig copy-paste description
This is obviously for the wpa_supplicant binary, not hostapd.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-11 10:12:16 +02:00
vamsi krishna
57c3a605ce Add support to sched scan to report relatively better BSSs
Add support to set sched scan relative RSSI parameters so that the
drivers can report BSSs after relative comparision with the current
connected BSS. This feature is applicable only when in connected mode.

The below commands can be used to configure relative RSSI parameters
SET relative_rssi <disable|rssi_value>
	disable - to disable the feature
	rssi_value - amount of relative RSSI in dB
SET relative_band_adjust <band:adjust_value>
	band - "2G" or "5G" for 2.4 GHz or 5 GHz respectively
	adjust_value - amount of RSSI to be adjusted in dB

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-10 19:48:12 +02:00
Paul Stewart
ed9b1c16d5 EAP peer: Cache decrypted requests for EAP-SIM/AKA/AKA'
Add an internal flag which indicates to tunneled EAP methods (FAST,
PEAP, TTLS) that they should cache decrypted EAP-SIM/AKA/AKA' requests.
This allows EAP-SIM/AKA/AKA' to be tunneled within these outer methods
while using an external SIM authenticator over the control interface.

Signed-off-by: Paul Stewart <pstew@google.com>
2017-02-10 19:48:12 +02:00
Jouni Malinen
5f11880f6a SME: Remove null ie param from CTRL-EVENT-AUTH-REJECT
Clean up the event message by removing the ie=<value> parameter when the
IEs are not available instead of printing out "ie=(null)".

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-10 19:48:12 +02:00
Jouni Malinen
4d70b2a4e5 RRM: Fix a memory leak in beacon request handling
Free the pending frequency list if a second beacon request is received
before the scan for the previous one has been completed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-10 19:48:04 +02:00
vamsi krishna
b4fd1f0ed7 Allow PNO scan also in connection completed state
Sched scan is supported by the kernel also in the connected state, so
allow PNO scan to be issued in the connected state from wpa_supplicant
as well.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-08 15:55:35 +02:00
Jouni Malinen
4c6f450cad Add radio_work_is_connect() helper
This avoids duplicated code to check for different types of connection
radio work items.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-07 23:58:56 +02:00
Sunil Dutt
85b6b6b6e1 Serialize scan/p2p-scan if already scheduled on the same interface
The current implementation of QCA vendor scan does not handle the
simultaneous scan/p2p-scan operations on the same interface due to
missing support for tracking multiple scan cookie values. Hence
serialize such operations on the same interface for now.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-07 23:58:55 +02:00
Jouni Malinen
fcb303a57f P2P: Clear driver scan cache after BSS_FLUSH
The only_new_results=1 scan parameter was previously set on other scan
cases, but not on the two P2P specific scan triggers. Set this also for
those P2P cases to get consistent behavior after BSS_FLUSH.

This was showing up with number of hwsim P2P test cases maintaining
unexpected scan results from previous test cases due to the flush
operation not really working correctly since the cfg80211 BSS table was
not explicitly cleared.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-07 22:48:20 +02:00
Vamsi Krishna
1d9d21f376 GAS: Add support to randomize transmitter address
Add support to send GAS requests with a randomized transmitter address
if supported by the driver. The following control interface commands
(and matching configuration file parameters) can be used to configure
different types of randomization:

"SET gas_rand_mac_addr 0" to disable randomizing TX MAC address,
"SET gas_rand_mac_addr 1" to randomize the complete TX MAC address,
"SET gas_rand_mac_addr 2" to randomize the TX MAC address except for OUI.

A new random MAC address will be generated for every
gas_rand_addr_lifetime seconds and this can be configured with
"SET gas_rand_addr_lifetime <timeout>".

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-07 19:41:32 +02:00
Masashi Honma
f3e1570576 VHT: Fill VHT capability with hardware capability
Previously, VHT capability was default value (=0x0000). This makes
VHT Capabilities Info in VHT Capabilities IE in mesh peering
open/confirm frame 0x0000. This patch fills it with hardware capability.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-02-07 11:14:55 +02:00
Günther Kelleter
41f140d386 Add hostapd options wpa_group_update_count and wpa_pairwise_update_count
wpa_group_update_count and wpa_pairwise_update_count can now be used to
set the GTK and PTK rekey retry limits (dot11RSNAConfigGroupUpdateCount
and dot11RSNAConfigPairwiseUpdateCount). Defaults set to current
hardcoded value (4).

Some stations may suffer from frequent deauthentications due to GTK
rekey failures: EAPOL 1/2 frame is not answered during the total timeout
period of currently ~3.5 seconds. For example, a Galaxy S6 with Android
6.0.1 appears to go into power save mode for up to 5 seconds. Increasing
wpa_group_update_count to 6 fixed this issue.

Signed-off-by: Günther Kelleter <guenther.kelleter@devolo.de>
2017-02-07 00:25:36 +02:00
Sunil Dutt
f47f936170 P2P: Override P2P_PEER group_capab with 0 if no matching BSS entry found
Relying on the group_capab from the P2P peer information can result in
improper information on whether the peer is currently operating as a GO.
However, there is a known implementation in Android that does this.

To reduce issues from this misuse in upper layer to try to determine
whether a specific peer is operationg a group, override the group_capab
value in P2P_PEER output with 0 if there are no BSS entries with the
peer P2P Device as a GO. This is not a perfect information since there
may not have been a recent scan on all channels, but this results in
less issues than trying to decide between new group formation and
joining an existing group based on stale or incorrect information.

Since no upper layer application is really supposed to use the
group_capab field value in P2P_PEER command, this change should not
cause any impact for properly design components and the possibility of
regressions is limited to cases that are already known to work
incorrectly in number of identifiable cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-06 12:17:12 +02:00
Jouni Malinen
bcf66493cf Fix estimated throughput based skip-roam case
Commit 8d1e693186 ('Use estimated
throughput to avoid signal based roaming decision') added a check for
the current BSS estimated throughput being significantly higher than the
selected BSS estimated throughput. However, this case for skipping a
roam used "return 1" which actually allows the roam. Fix this by
returning 0 in this case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-05 21:52:26 +02:00
Jouni Malinen
1fb4437c80 tests: Validate hwaddr/hexstr input to DRIVER_EVENT SCAN_RES
To be more consistent with existing hwaddr_aton() and hexstr2bin()
callers, check the return values in this test command.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-05 16:31:03 +02:00
Jouni Malinen
db5e53cb06 mesh: Fix struct hostapd_data initialization
The local custom version of allocating and initializing struct
hostapd_data within wpa_supplicant_mesh_init() is problematic. This has
already missed couple of initialization steps that are required. Instead
of trying to remember to keep this up to date, use
hostapd_alloc_bss_data() so that there is only one place for this
initialization.

This is fixing a recent issue where FILS HLP started using
hapd->dhcp_server and expected that to be initialized to -1. For the
mesh case, that did not happen and when removing the interface, the FILS
HLP implementation ended up unregistering eloop socket for
hapd->dhcp_server (= 0). This could result in missing socket callbacks
for an arbitrary socket.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-04 22:17:54 +02:00
Jouni Malinen
9b170991ac mesh: Fix mesh interface removal fix
This wpa_drv_if_remove() call was previously modified to fix a different
issue, but that fix resulted in unconditional use of treed memory here
(wpa_supplicant_deinit_iface() frees wpa_s). Make a local copy of
wpa_s->parent to be able to use it after wpa_s is freed. The
mesh_if_created case has wpa_s->parent != wpa_s, so this should be
sufficient way of handling the wpa_drv_if_remove() call here.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-04 21:24:37 +02:00
Jouni Malinen
124ddfa19e FILS: Parse and report received FILS HLP Containers from response
The new FILS-HLP-RX control interface event is now used to report
received FILS HLP responses from (Re)Association Response frame as a
response to the HLP requests configured with FILS_HLP_REQ_ADD.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-01 18:17:39 +02:00
Jouni Malinen
54b04d6f39 FILS: Move HLP request handling into a separate file
This is independent functionality from the core IEEE 802.11 management
handling and will increase significantly in size, so it is cleaner to
maintain this in a separate source code file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-01-31 17:46:13 +02:00
Dmitry Shmidt
f2bc344808 wpa_supplicant: Fix global control interface for STA/STA-FIRST/STA-NEXT
update_stations(ctrl_conn) is stuck in never-ending loop:

sendto(3, "STA-FIRST", 9, 0, NULL, 0)   = 9
pselect6(4, [3], NULL, NULL, {10, 0}, NULL) = 1 (in [3], left {9, 999995000})
recvfrom(3, "UNKNOWN COMMAND\n", 4095, 0, NULL, NULL) = 16
sendto(3, "STA-NEXT UNKNOWN COMMAND", 24, 0, NULL, 0) = 24
pselect6(4, [3], NULL, NULL, {10, 0}, NULL) = 1 (in [3], left {9, 999995833})
recvfrom(3, "UNKNOWN COMMAND\n", 4095, 0, NULL, NULL) = 16
sendto(3, "STA-NEXT UNKNOWN COMMAND", 24, 0, NULL, 0) = 24
pselect6(4, [3], NULL, NULL, {10, 0}, NULL) = 1 (in [3], left {9, 999995000})
recvfrom(3, "UNKNOWN COMMAND\n", 4095, 0, NULL, NULL) = 16
sendto(3, "STA-NEXT UNKNOWN COMMAND", 24, 0, NULL, 0) = 24

Direct STA, STA-FIRST, and STA-NEXT commands from the global control
interface to a per-interface control interface to avoid this.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2017-01-30 01:54:22 +02:00
Jouni Malinen
0da355235e FST: Remove WPA_ASSERT from wpas_fst_send_action_cb()
It was possible to hit this WPA_ASSERT when FST-MANAGER SESSION_REMOVE
command is exececuted when in not-associated state. In
CONFIG_EAPOL_TEST=y builds, this would result in the wpa_supplicant
process being terminated. Convert this WPA_ASSERT to a check that does
not terminate the process, but only rejects the command if wpa_s->bssid
does not match the da argument.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-29 19:22:14 +02:00
Andrejs Cainikovs
6a5425fd60 Increase delayed EAPOL RX frame timeout
Increase the EAPOL RX frame timeout from 100 to 200 ms. This fixes lack
of optimization (i.e., first EAPOL frame dropped) in occasional roaming
and authentication cases on EAP networks if the kernel events can be
reordered and delayed a bit longer.

Signed-off-by: Tomoharu Hatano <tomoharu.hatano@sonymobile.com>
2017-01-29 18:41:29 +02:00
Johannes Berg
cef8fac04b wpa_auth: Make struct wpa_auth_callbacks const
Instead of copying the struct wpa_auth_callbacks, just keep a pointer to
it, keep the context pointer separate, and let the user just provide a
static const structure. This reduces the attack surface of heap
overwrites, since the function pointers move elsewhere.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-01-29 18:41:26 +02:00
Johannes Berg
30eddf3529 Fix or supress various sparse warnings
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-01-29 18:33:10 +02:00
Jouni Malinen
b301f54e55 IBSS/mesh: Skip VHT channel setup with vht_disabled=1
If the VHT capability override vht_disabled=1 is used in the network
profile, skip VHT configuration of the local channel.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-29 18:31:54 +02:00
Masashi Honma
adc6a5d81a mesh: Check remote peer HT Operation element
The remote mesh STA which had configuration disable_ht40=1 could have HT
Capabilities element which includes Supported Channel Width Set = 1
(both 20 MHz and 40 MHz operation is supported) even though it had HT
Operation element which includes STA Channel Width = 0 (20 MHz channel
width only). Previously, local peer recognized such a remote peer as 40
MHz band width enabled STA because local peer only checked HT
Capabilities element. This could cause disconnection between
disable_ht40=1 mesh STA and disable_ht40=0 mesh STA. They could
establish a mesh BSS but could not ping with ath9k_htc device. This
commit fixes the issue by refering HT Operation element.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-01-29 18:04:21 +02:00
Masashi Honma
9eb5757a86 Define helper function set_disable_ht40()
This functionality can be used outside wpa_set_disable_ht40(), so move
the generic part to a helper function.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-01-29 18:04:21 +02:00
Saurav Babu
6b585f420a mesh: Fix crash on removing virtual mesh interface
If a virtual mesh interface has been created and is still operational
when the main interface is removed (e.g., Wi-Fi hardware ejected), the
following crash occurred with the below backtrace:

WPA_TRACE: eloop SIGSEGV - START
[1]: /usr/local/sbin/wpa_supplicant() [0x44ef7e]
     eloop_sigsegv_handler() home/saurav/hostap/wpa_supplicant/../src/utils/eloop.c:123
[2]: /lib/x86_64-linux-gnu/libc.so.6(+0x36d40) [0x7f4c395cfd40]
[3]: /usr/local/sbin/wpa_supplicant(wpa_supplicant_remove_iface+0xd0) [0x57f500]
     wpa_supplicant_remove_iface() home/saurav/hostap/wpa_supplicant/wpa_supplicant.c:5338
[4]: /usr/local/sbin/wpa_supplicant() [0x57fbef]
     wpa_supplicant_deinit_iface() home/saurav/hostap/wpa_supplicant/wpa_supplicant.c:5069
[5]: /usr/local/sbin/wpa_supplicant(wpa_supplicant_remove_iface+0xc5) [0x57f4f5]
     wpa_supplicant_remove_iface() home/saurav/hostap/wpa_supplicant/wpa_supplicant.c:5343
[6]: /usr/local/sbin/wpa_supplicant(wpas_dbus_handler_remove_interface+0x8d) [0x55baad]
     wpas_dbus_handler_remove_interface() home/saurav/hostap/wpa_supplicant/dbus/dbus_new_handlers.c:679
[7]: /usr/local/sbin/wpa_supplicant() [0x5560cb]
     msg_method_handler() home/saurav/hostap/wpa_supplicant/dbus/dbus_new_helpers.c:354
     message_handler() home/saurav/hostap/wpa_supplicant/dbus/dbus_new_helpers.c:410
[8]: /lib/x86_64-linux-gnu/libdbus-1.so.3(+0x1be86) [0x7f4c39979e86]
[9]: /lib/x86_64-linux-gnu/libdbus-1.so.3(dbus_connection_dispatch+0x381) [0x7f4c3996ca21]
[10]: /usr/local/sbin/wpa_supplicant() [0x567148]
     dispatch_data() home/saurav/hostap/wpa_supplicant/dbus/dbus_common.c:36
[11]: /usr/local/sbin/wpa_supplicant() [0x5674a7]
     process_watch() home/saurav/hostap/wpa_supplicant/dbus/dbus_common.c:75
     process_watch_read() home/saurav/hostap/wpa_supplicant/dbus/dbus_common.c:90
[12]: /usr/local/sbin/wpa_supplicant() [0x44f297]
     eloop_sock_table_dispatch() home/saurav/hostap/wpa_supplicant/../src/utils/eloop.c:598
[13]: /usr/local/sbin/wpa_supplicant(eloop_run+0x1fe) [0x44ff1e]
     eloop_run() home/saurav/hostap/wpa_supplicant/../src/utils/eloop.c:1219
[14]: /usr/local/sbin/wpa_supplicant(wpa_supplicant_run+0x77) [0x57fd87]
     wpa_supplicant_run() home/saurav/hostap/wpa_supplicant/wpa_supplicant.c:5608
[15]: /usr/local/sbin/wpa_supplicant(main+0x3a8) [0x43ba88]
     main() home/saurav/hostap/wpa_supplicant/main.c:392
WPA_TRACE: eloop SIGSEGV - END
Aborted (core dumped)

Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
2017-01-29 17:42:02 +02:00
Jouni Malinen
5732b770f4 FILS: Allow FILS HLP requests to be added
The new wpa_supplicant control interface commands FILS_HLP_REQ_FLUSH and
FILS_HLP_REQ_ADD can now be used to request FILS HLP requests to be
added to the (Re)Association Request frame whenever FILS authentication
is used.

FILS_HLP_REQ_ADD parameters use the following format:
<destination MAC address> <hexdump of payload starting from ethertype>

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-01-29 14:32:17 +02:00
Jouni Malinen
afe731004b Fix CONFIG_SAE build without CONFIG_SME
The control interface code was using wpa_s->sme in an area that was not
within ifdef CONFIG_SME.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-28 11:58:26 +02:00
Jouni Malinen
34e8bfd7a9 Skip EVENT_ACS_CHANNEL_SELECTED also without CONFIG_AP
CONFIG_ACS alone should not refer to wpa_s->ap_iface to avoid potential
compilation issues.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-28 11:57:23 +02:00
vamsi krishna
53b38209f4 GAS: Cancel gas_query_timeout when AP responds with comeback delay
When AP responds with comeback delay for initial GAS query sent by STA,
gas_query_timeout should be cancelled to avoid GAS failures when
comeback delay is more than GAS_QUERY_TIMEOUT_PERIOD. The
gas_query_timeout is getting registered again when tx_status is received
for GAS comeback request.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-01-23 07:02:30 +02:00
Masashi Honma
4d77d80edd mesh: Add MESH_PMKSA_GET/ADD commands
These commnds are mesh version of PMKSA_GET/ADD commands. So the usage
and security risk is similar to them. Refer to
commit 3459381dd2 ('External persistent
storage for PMKSA cache entries') also.

The MESH_PMKSA_GET command requires peer MAC address or "any" as an
argument and outputs appropriate stored PMKSA cache. And the
MESH_PMKSA_ADD command receives an output of MESH_PMKSA_GET and re-store
the PMKSA cache into wpa_supplicant. By using re-stored PMKSA cache,
wpa_supplicant can skip commit message creation which can use
significant CPU resources.

The output of the MESH_PMKSA_GET command uses the following format:
<BSSID> <PMKID> <PMK> <expiration in seconds>

The example of MESH_PMKSA_ADD command is this.
MESH_PMKSA_ADD 02:00:00:00:03:00 231dc1c9fa2eed0354ea49e8ff2cc2dc cb0f6c9cab358a8146488566ca155421ab4f3ea4a6de2120050c149b797018fe 42930
MESH_PMKSA_ADD 02:00:00:00:04:00 d7e595916611640d3e4e8eac02909c3c eb414a33c74831275f25c2357b3c12e3d8bd2f2aab6cf781d6ade706be71321a 43180

This functionality is disabled by default and can be enabled with
CONFIG_PMKSA_CACHE_EXTERNAL=y build configuration option.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-01-14 18:07:46 +02:00
Jouni Malinen
117875db33 D-Bus: Add GroupMgmt entry into the interface Capabilities dict
This can be used to determine whether the driver supports PMF and if so,
with which group management cipher suites. In addition, add the missing
pairwise and group cipher suite values to the documentation while adding
this new entry there as well.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-14 17:41:20 +02:00
Stijn Tintel
3cdb4ac074 D-Bus: Add pmf to global capabilities
This indicates that the wpa_supplicant binary has been compiled with PMF
support.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-01-14 17:29:22 +02:00
Stijn Tintel
adf8f45f8a D-Bus: Implement Pmf property
The Pmf property is documented in doc/dbus.doxygen, but does not exist,
so implement it.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-01-14 17:28:00 +02:00
Jouni Malinen
b98706c14b RSN IBSS: Fix TK clearing on Authentication frame RX
When wpa_supplicant was processing a received Authentication frame (seq
1) from a peer STA for which there was already a TK configured to the
driver, debug log claimed that the PTK gets cleared, but the actual
call to clear the key was actually dropped due to AUTH vs. SUPP set_key
selection. Fix this by explicitly clearing the TK in case it was set
and an Authentication frame (seq 1) is received.

This fixes some cases where EAPOL-Key frames were sent encrypted using
the old key when a peer STA restarted itself and lost the key and had to
re-join the IBSS. Previously, that state required timing out the 4-way
handshake and Deauthentication frame exchange to recover.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-14 13:56:18 +02:00
Johannes Berg
f09095d57b wpa_supplicant: Clarify group_rekey documentation
This is also used in mesh and AP modes.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-01-13 15:05:26 +02:00
Jouni Malinen
8f315d0505 Fix country code in wpa_supplicant AP mode Country element
country[2] needs to be set to ' ' instead of left to '\0' for the case
where wpa_supplicant sets up AP mode operations and includes the Country
element. Currently, this would be only for DFS channels. Without this,
the Beacon frames would go out with incorrect third octet in the country
code.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-01-13 15:05:26 +02:00
Jouni Malinen
e4a3e1d076 tests: Add DRIVER_EVENT SCAN_RES for scan result testing
This control interface command can be used to inject scan results from
test scripts to make it easier to test various scan result processing
operations.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-08 18:39:24 +02:00
Jouni Malinen
29065686ac D-Bus: Fix BSS Mode getter for invalid DMG BSS
Previous version could have used uninitialized char* when a DMG with
invalid capabilities were added to BSS table from scan results.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-08 18:39:24 +02:00
Jouni Malinen
2901bc2725 bgscan: Remove unnecessary NULL check
The name argument to bgscan_init() cannot be NULL since the only caller
already checks this before the call.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-08 14:44:34 +02:00
Jouni Malinen
9d6eaad6b8 bgscan: Remove unnecessary NULL check
bgscan_init() is the only caller for the init() function and the
parameters argument is never NULL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-08 12:43:33 +02:00
Jouni Malinen
0f9b4a0f1d bgscan: Deliver beacon loss event to bgscan modules
This adds a call to the notify_beacon_loss() callback functions when
beacon loss is detected. In addition, a new CTRL-EVENT-BEACON-LOSS event
is made available through the wpa_supplicant control interface.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-08 12:17:58 +02:00