When connecting to a WPA-EAP network and the MAC address is changed
just before the association (for example by NetworkManager, which sets
a random MAC during scans), the authentication sometimes fails in the
following way ('####' logs added by me):
wpa_supplicant logs:
wlan0: WPA: RX message 1 of 4-Way Handshake from 02:00:00:00:01:00 (ver=1)
RSN: msg 1/4 key data - hexdump(len=22): dd 14 00 0f ac 04 d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23
WPA: PMKID in EAPOL-Key - hexdump(len=22): dd 14 00 0f ac 04 d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23
RSN: PMKID from Authenticator - hexdump(len=16): d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23
wlan0: RSN: no matching PMKID found
EAPOL: Successfully fetched key (len=32)
WPA: PMK from EAPOL state machines - hexdump(len=32): [REMOVED]
#### WPA: rsn_pmkid():
#### WPA: aa - hexdump(len=6): 02 00 00 00 01 00
#### WPA: spa - hexdump(len=6): 66 20 cf ab 8c dc
#### WPA: PMK - hexdump(len=32): b5 24 76 4f 6f 50 8c f6 a1 2e 24 b8 07 4e 9a 13 1b 94 c4 a8 1f 7e 22 d6 ed fc 7d 43 c7 77 b6 f7
#### WPA: computed PMKID - hexdump(len=16): ea 73 67 b1 8e 5f 18 43 58 24 e8 1c 47 23 87 71
RSN: Replace PMKSA entry for the current AP and any PMKSA cache entry that was based on the old PMK
nl80211: Delete PMKID for 02:00:00:00:01:00
wlan0: RSN: PMKSA cache entry free_cb: 02:00:00:00:01:00 reason=1
RSN: Added PMKSA cache entry for 02:00:00:00:01:00 network_ctx=0x5630bf85a270
nl80211: Add PMKID for 02:00:00:00:01:00
wlan0: RSN: PMKID mismatch - authentication server may have derived different MSK?!
hostapd logs:
WPA: PMK from EAPOL state machine (MSK len=64 PMK len=32)
WPA: 02:00:00:00:00:00 WPA_PTK entering state PTKSTART
wlan1: STA 02:00:00:00:00:00 WPA: sending 1/4 msg of 4-Way Handshake
#### WPA: rsn_pmkid():
#### WPA: aa - hexdump(len=6): 02 00 00 00 01 00
#### WPA: spa - hexdump(len=6): 02 00 00 00 00 00
#### WPA: PMK - hexdump(len=32): b5 24 76 4f 6f 50 8c f6 a1 2e 24 b8 07 4e 9a 13 1b 94 c4 a8 1f 7e 22 d6 ed fc 7d 43 c7 77 b6 f7
#### WPA: computed PMKID - hexdump(len=16): d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23
WPA: Send EAPOL(version=1 secure=0 mic=0 ack=1 install=0 pairwise=1 kde_len=22 keyidx=0 encr=0)
That's because wpa_supplicant computed the PMKID using the wrong (old)
MAC address used during the scan. wpa_supplicant updates own_addr when
the interface goes up, as the MAC can only change while the interface
is down. However, drivers don't report all interface state changes:
for example the nl80211 driver may ignore a down-up cycle if the down
message is processed later, when the interface is already up. In such
cases, wpa_supplicant (and in particular, the EAP state machine) would
continue to use the old MAC.
Add a new driver event that notifies of MAC address changes while the
interface is active.
Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
Add an event callback for EVENT_STATION_OPMODE_CHANGED to allow
user/application to get the notification whenever there is a change in a
station's HT/VHT op mode.
The new events:
STA-OPMODE-MAX-BW-CHANGED <addr> <20(no-HT)|20|40|80|80+80|160>
STA-OPMODE-SMPS-MODE-CHANGED <addr> <automatic|off|dynamic|static>
STA-OPMODE-N_SS-CHANGED <addr> <N_SS>
Signed-off-by: Tamizh chelvam <tamizhr@codeaurora.org>
To retain configurator information across hostapd/wpa_supplicant
restart, private key need to be maintained to generate a valid pair of
authentication keys (connector, netaccess_key, csign) for new enrollees
in the network.
Add a DPP_CONFIGURATOR_GET_KEY control interface API through which the
private key of an existing configurator can be fetched.
Command format:
DPP_CONFIGURATOR_GET_KEY <configurator_id>
The output from this command can then be used with
"DPP_CONFIGURATOR_ADD key=<hexdump>" to create the same key again.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This extends dpp_test functionality to allow DPP exchanges to be stopped
after authentication is completed on the Initiator, i.e., after sending
out the Authentication Confirm message. Previously, dpp_test=89 was used
only on the Responder side to stop after receiving the Authentication
Confirm message. The main use case for this extended functionality is to
be able to stop the protocol exchange on a device that acts as
authentication Initiator and Enrollee.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
In case MKA is initialized successfully, local copies of CAK and CKN
were allocated, but never freed. Ensure that such memory is released
also when ieee802_1x_kay_create_mka() returns a valid pointer.
Fixes: ad51731abf ("wpa_supplicant: Allow pre-shared (CAK,CKN) pair for MKA")
Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
When the driver indicates that the connection is authorized (i.e., the
4-way handshake was completed by the driver), cancel the EAP
authentication timeout and set the EAP state machine to success state.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
wpa_passphrase requires libcrypto from OpenSSL (or another selected
library). User can set an alternative path to OpenSSL libraries by
defining LIBS at the top of .config but if $(LIBS) is not actually used
wrong libcrypto is used or compilation fails if there is no libcrypto in
the default locations cc is looking for it. It's especially bad for
cross-compilers that fail with 'cannot find -lcrypto' message.
Signed-off-by: Arkadiusz Drabczyk <arkadiusz@drabczyk.org>
This header file pulls in an OpenSSL header file and as such, should not
be included without CONFIG_DPP=y to avoid bringing in an unnecessary
build dependency on OpenSSL header files.
Signed-off-by: Jouni Malinen <j@w1.fi>
Force use of the wildcard BSSID address in GAS query frames with DPP
regardless of how the gas_address3 configuration parameter is set. DPP
specification mandates this and the use of GAS here is really outside
the context of a BSS, so using the wildcard BSSID makes sense even for
the corner case of Configurator running on a known AP (where IEEE 802.11
standard would allow the BSSID of the AP to be used).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
If a DPP_STOP_LISTEN call happens to be received when there is a pending
gas-query radio work that has not yet been started, it was possible for
gas_query_stop() to go through gas_query_done() processing with
gas->work == NULL and that ended up with the pending GAS query getting
freed without removing the pending radio work that hold a reference to
the now freed memory. Fix this by removing the pending non-started radio
work for the GAS query in this specific corner case.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add support for wpa_supplicant to try to initiate PKEX on 5 GHz and 60
GHz bands in addition to the previously available 2.4 GHz case. If no
response from a peer device is seen on the 2.4 GHz band (channel 6) for
the five attempts, try the other PKEX channels (5 GHz channels 44 and
149; and 60 GHz channel 2) if they are supported and allowed for
initiating radiation.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Previously, wpa_supplicant set PMF as optional for the DPP AKM since
there was no clear statement about this requirement in the tech spec.
Now that this requirement has been added, update the implementation to
match. In addition, set ssid->ieee80211w using the actual enum
mfp_options values instead of magic constants to make this a bit more
readable.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
If the -I<config> argument is used and the referenced configuration file
cannot be parsed, wpa_config_read() ended up freeing the main
configuration data structure and that resulted in use of freed memory in
such an error case. Fix this by not freeing the main config data and
handling the error case in the caller.
Signed-off-by: Jouni Malinen <j@w1.fi>
If option -I:config points to a non-existing file, the the previously
allocated config must not be freed. Avoid use of freed memory in such an
error case by skipping the incorrect freeing operation.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
The special case of returning from wpa_supplicant_set_suites() when OWE
transition mode profile is used for an open association did not clear
the wpa_ie buffer length properly. This resulted in trying to use
corrupted IEs in the association request and failed association
(cfg80211 rejects the request or if the request were to go out, the AP
would likely reject it).
Signed-off-by: Jouni Malinen <j@w1.fi>
This functionality can be used regardless of P2P and should not be under
the ifdef of CONFIG_P2P.
Signed-off-by: Simon Dinkin <simon.dinkin@tandemg.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This was supposed to be an array of const-pointers to const-char; not
something duplicating const for char and resulting in compiler warnings
with more recent gcc versions.
Signed-off-by: Jouni Malinen <j@w1.fi>
Extend the SME functionality to support the external authentication.
External authentication may be used by the drivers that do not define
separate commands for authentication and association
(~WPA_DRIVER_FLAGS_SME) but rely on wpa_supplicant's SME for the
authentication.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This allows a separate configuration parameter (imsi_identity) to be
used in EAP-SIM/AKA/AKA' profiles to override the identity used in MK
derivation for the case where the identity is expected to be from the
last AT_IDENTITY attribute (or EAP-Response/Identity if AT_IDENTITY was
not used). This may be needed to avoid sending out an unprotected
permanent identity information over-the-air and if the EAP-SIM/AKA
server ends up using a value based on the real IMSI during the internal
key derivation operation (that does not expose the data to others).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If the OWE network profile matches an open network which does not
advertise OWE BSS, allow open connection. The new owe_only=1 network
profile parameter can be used to disable this transition mode and
enforce connection only with OWE networks.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
GnuTLS-based builds can now be done using either libnettle or libgcrypt
for crypto functionality:
CONFIG_TLS=gnutls
CONFIG_CRYPTO=nettle
CONFIG_TLS=gnutls
CONFIG_CRYPTO=gnutls
Signed-off-by: Jouni Malinen <j@w1.fi>
Replace the internal HMAC MD5, SHA-1, and SHA256 implementations with
the ones from libgcrypt and also add the SHA384 and SHA512 versions.
Signed-off-by: Jouni Malinen <j@w1.fi>
Replace the internal SHA256 implementation with the one from libgcrypt
and also add the SHA384 and SHA512 versions.
Signed-off-by: Jouni Malinen <j@w1.fi>
If a specific DH group for OWE is not set with the owe_group parameter,
try all supported DH groups (currently 19, 20, 21) one by one if the AP
keeps rejecting groups with the status code 77.
Signed-off-by: Jouni Malinen <j@w1.fi>
Instead of requiring OpenSSL headers to be available just for the
SSL3_RANDOM_SIZE definition, replace that macro with a fixed length (32)
to simplify dependencies.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new disable_fils parameter can be used to disable FILS functionality
in the driver. This is currently removing the FILS Capability bit in
Extended Capabilities and providing a callback to the driver wrappers.
driver_nl80211.c implements this using a QCA vendor specific command for
now.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 265bda3444 ('OWE: Allow DH
Parameters element to be overridden for testing purposes') provided
means for using "VENDOR_ELEM_ADD 13 <IE>" in OWE protocol testing, but
that commit covered only the sme.c case (i.e., drivers that use
wpa_supplicant SME). Extend this to cover drivers that use internal SME
(e.g., use the nl80211 Connect command).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Wpa_supplicant's random pool is not necessary on Android. Randomness
is already provided by the entropymixer service which ensures
sufficient entropy is maintained across reboots. Commit b410eb1913
'Initialize /dev/urandom earlier in boot' seeds /dev/urandom with
that entropy before either wpa_supplicant or hostapd are run.
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
If a credential with encp type AES is received, add GCMP-256 and
CCMP-256 cipher options on station Enrollee based on local capabilities.
This is needed to allow connection with an AP using either of these
newer ciphers.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The credential MAC address is not necessarily that of the AP, i.e., it
is more likely to be that of the Enrollee. Check the scan results
against the current BSSID as well if match is not found otherwise when
going through the mixed mode workaround.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The previously used 10 second timer did not really make much sense since
the Initiator is not going to be waiting for the response that long.
Change this to 1 second based on the DPP tech spec change.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This makes the full DPP deinit operation more consistent with stopping
of a single operation. In practice, this adds the new GAS client
stopping functionality.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously this stopped only the DPP Authentication instance, but it is
better to clear both PKEX and Authentication.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
An additional TX status callback could result in processing the DPP
authentication completion another time at least with hostapd. Fix this
by clearing the dpp_auth_ok_on_ack when processing it.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add CONFIG_TESTING_OPTIONS ifdef protection to couple of forgotten DPP
test parameters in wpa_supplicant ctrl_iface.
Signed-off-by: Ashok Ponnaiah <aponnaia@qti.qualcomm.com>
It was possible for a timeout from an old GAS server operation to
trigger DPP configuration failure during the subsequent DPP operation.
Fix this by verifying that the status callback is for the response
generated during the same DPP Authentication/Configuration exchange.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Configurator signing its own Connector was previously supported only in
wpa_supplicant. This commit extends that to hostapd to allow an AP
acting as a Configurator to self-configure itself.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows external applications to get event indication for Probe
Request frames. Extend ctrl iface cmd "ATTACH" to enable this event on
per-request basis. For example, user has to send ctrl iface cmd "ATTACH
probe_rx_events=1" to enable the Probe Request frame events.
Signed-off-by: bhagavathi perumal s <bperumal@qti.qualcomm.com>
Previous implementation did not handle number of sequences correctly.
Make sure the iteration continues in both unicast and broadcast cases
until the five attempts have been made. In addition, improve timing by
checking 10 second time from the beginning of each iteration round and
not the last channel on which the Auth Req frame has been transmitted.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, the Authentication Request frame was retried after 2+10 = 12
seconds since the wait for the response was not accounted for. Substract
that wait from the 10 second wait time to start the retries more quickly
based on the 10 second timer described in the tech spec.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If unicast Authentication Request frame is used and the peer ACKs such a
frame, but does not reply within the two second limit, there is no need
to continue trying to retransmit the request frames since the peer was
found, but not responsive.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new conf={sta,ap}-{sae,psk-sae} parameter values can now be used to
specify that the legacy configuration object is for SAE.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows DPP to be used for enrolling credentials for SAE networks in
addition to the legacy PSK (WPA-PSK) case. In addition, enable FT-PSK
and FT-SAE cases automatically.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Retransmit the PKEX Exchange Request frame if no response from a peer is
received. This makes the exchange more robust since this frame is sent
to a broadcast address and has no link layer retries.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Extend dpp_test to allow more invalid attribute values to be written
into Peer Discovery Request/Response frames.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Extend dpp_test to cover a case where Config Attrib Object value is
invalid in Configuration Request frame.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This extends wpa_supplicant DPP implementation to retransmit DPP
Authentication Response frame every 10 seconds up to 5 times if the peer
does not reply with DPP Authentication Confirm frame.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, this command stopped listen operation immediately, but if
there was an ongoing authentication exchange, a new listen operation was
started. This is not really expected behavior, so stop the
authentication exchange first with this command to avoid restarting
listen operation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new role=either parameter can now be used with DPP_AUTH_INIT to
indicate that the initiator can take either the Configurator or Enrollee
role.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This extends wpa_supplicant to iterate over all available channels from
the intersection of what the peer indicates and the local device
supports when initiating DPP Authentication. In addition, retry DPP
Authentication Request frame up to five times if no response is
received.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Generate the PKEX bootstrapping information and release the PKEX session
in a helper function that both the initiator and responder can use
instead of maintaining this functionality separately in two places.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit introduces the ACS functionality for the autonomous GO. The
optional parameter <freq> in p2p_group_add is enhanced to carry a value
"acs" with the intention to select the channels among any supported
band. freq = 2 / 5 carry the need to select the channels only in the
respective bands 2.4 / 5 GHz. This functionality is on top of the host
driver's capability to offload ACS, which is advertized through
WPA_DRIVER_FLAGS_ACS_OFFLOAD.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add limit on number of failed attempts that could have used PKEX code.
If the limit (5) is reached, drop the PKEX state (including the code)
and report this on the control interface to indicate that a new code
needs to be entered due to possible attack.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Clean up the pending PKEX exchange if Commit-Reveal Request processing
indicates a mismatch in the PKEX code. Previously, the this case was
silently ignored and the session was left in pending state that
prevented new PKEX exchanges from getting initated. Now, a new attempt
is allowed to be initiated.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Report mismatching finite cyclic group with PKEX Exchange Response using
STATUS_BAD_GROUP and provide more detailed error report over the control
interface on the peer device when this happens.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Indicate to upper layers if PKEX Commit-Reveal Request frame AES-SIV
decryption fails. That is a likely sign of the PKEX code mismatch
between the devices.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
DPP AKM should really require PMF to be used, but since that is not yet
explicitly required in the specification, make PMF enabled for now. For
legacy PSK cases, configure PMF to be enabled as well to support both
APs in no-PMF, optional-PMF, and required-PMF configuration.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Allow the Initiator to request a different channel to be used for DPP
Authentication and DPP Configuration exchanges. This commit adds support
for this in wpa_supplicant with the optional neg_freq=<freq in MHz>
parameter in DPP_AUTH_INIT.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows wpa_supplicant dpp_config_obj_override,
dpp_discovery_override, and dpp_groups_override parameters to be cleared
by setting them to a zero-length value.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is useful for protocol testing purposes and UI needs to display
more detailed information about DPP exchanges.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is helpful for testing purposes and also for upper layer components
that may want to show more detailed progress through a DPP exchange.
Both the DPP-TX and DPP-TX-STATUS events are provided.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is helpful for testing purposes and also for upper layer components
that may want to show more detailed progress through a DPP exchange.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Now that dpp_check_attrs() takes care of verifying that no attributes
are after the Wrapped Data attribute, the duplicated checks in hostapd
and wpa_supplicant side of the implementation can be removed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add a generic mechanism for configuring the DPP implementation to behave
in particular different (mostly incorrect) ways for protocol testing
purposes. The new dpp_test parameter can be set to a non-zero integer to
indicate a specific behavior. This is only available in
CONFIG_TESTING_OPTIONS=y builds.
This commit include cases for an extra attribute being added after the
Wrapped Data attribute and Initiator/Responder capabilities having an
unexpected zero capability.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Seems like some test cases, e.g., ap_wpa2_psk_ext_retry_msg_3c, require
larger buffer than 256 bytes.
In other case I fail such test cases when run on real HW and using:
CONFIG_CTRL_IFACE=udp-remote
Increase the RX buffer from 256 to 4096 bytes to match the other control
interface cases.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
After an initial connection wpa_supplicant derives ERP information which
can be used in doing eventual authentications in the same realm. This
information can be used by drivers with offloaded FILS support to do
driver/firmware initiated roamings. Add support to send this updated
information to such drivers.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is needed to be able to use the same implementation for updating
the connection parameters in the driver during an association.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Update the replay counter after a roam for all cases. This restores the
design back to what it was before commit
01ef320f19 ('FILS: Update ERP next
sequence number with driver offload').
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new wpa_supplicant RESEND_ASSOC command can be used to request the
last (Re)Association Request frame to be sent to the AP to test FT
protocol behavior.
This functionality is for testing purposes and included only in builds
with CONFIG_TESTING_OPTIONS=y.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new wpa_supplicant "KEY_REQUEST <error=0/1> <pairwise=0/1>" command
can be used to request an EAPOL-Key Request frame to be sent to the AP.
This functionality is for testing purposes and included only in builds
with CONFIG_TESTING_OPTIONS=y.
Signed-off-by: Jouni Malinen <j@w1.fi>
This can be used to test replay protection. The "RESET_PN" command in
wpa_supplicant and "RESET_PN <addr>" command in hostapd resets the local
counters to zero for the last configured key. For hostapd, the address
parameter specifies which STA this operation is for or selects GTK
("ff:ff:ff:ff:ff:ff") or IGTK ("ff:ff:ff:ff:ff:ff IGTK").
This functionality is for testing purposes and included only in builds
with CONFIG_TESTING_OPTIONS=y.
Signed-off-by: Jouni Malinen <j@w1.fi>
This was originally added to allow the IEEE 802.11 protocol to be
tested, but there are no known fully functional implementations based on
this nor any known deployments of PeerKey functionality. Furthermore,
PeerKey design in the IEEE Std 802.11-2016 standard has already been
marked as obsolete for DLS and it is being considered for complete
removal in REVmd.
This implementation did not really work, so it could not have been used
in practice. For example, key configuration was using incorrect
algorithm values (WPA_CIPHER_* instead of WPA_ALG_*) which resulted in
mapping to an invalid WPA_ALG_* value for the actual driver operation.
As such, the derived key could not have been successfully set for the
link.
Since there are bugs in this implementation and there does not seem to
be any future for the PeerKey design with DLS (TDLS being the future for
DLS), the best approach is to simply delete all this code to simplify
the EAPOL-Key handling design and to get rid of any potential issues if
these code paths were accidentially reachable.
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit 03ed0a5239 ('WNM: Ignore WNM-Sleep
Mode Response if WNM-Sleep Mode has not been used') started ignoring the
response when no WNM-Sleep Mode Request had been used during the
association. This can be made tighter by clearing the used flag when
successfully processing a response. This adds an additional layer of
protection against unexpected retransmissions of the response frame.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new sae_password network profile parameter can now be used to set
the SAE password instead of the previously used psk parameter. This
allows shorter than 8 characters and longer than 63 characters long
passwords to be used.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
While considering the movement of P2P GO from its current operating
channel, do not mark a DFS channel as invalid if DFS is offloaded
to the driver.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, wpas_p2p_select_go_freq_no_pref() ended up selecting a 2.4
GHz band channel first before even considering 5 or 60 GHz channels.
This was likely done more or less by accident rather than by design when
the 5 GHz and 60 GHz band extensions were added. It seems reasonable to
enhance this by reordering the code to start with 5 and 60 GHz operating
classes and move to 2.4 GHz band only if no channel was available in 5
or 60 GHz bands for P2P GO use.
This does have some potential interop issues with 2.4 GHz only peer
devices when starting up an autonomous GO (i.e., without there being
prior knowledge of channels that the peers support). Upper layers are
expected to enforce 2.4 GHz selection if that is needed for some use
cases.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows CONFIG_TESTING_OPTIONS=y builds of wpa_supplicant to
override the OWE DH Parameters element in (Re)Association Request frames
with arbitrary data specified with the "VENDOR_ELEM_ADD 13 <IE>"
command. This is only for testing purposes.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This additional field was added to DPP Public Action frames in DPP tech
spec v0.2.3 to support cryptographic agility in the future.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, only the SME-in-wpa_supplicant case was supported. This
extends that to cover the drivers that implement SME internally (e.g.,
through the cfg80211 Connect command).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This extends OWE support in wpa_supplicant to allow DH groups 20 and 21
to be used in addition to the mandatory group 19 (NIST P-256). The group
is configured using the new network profile parameter owe_group.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This extends OWE support in hostapd to allow DH groups 20 and 21 to be
used in addition to the mandatory group 19 (NIST P-256).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add support for using the OWE Transition Mode element to determine the
hidden SSID for an OWE BSS that is used in transition mode.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
sm->pmk_len was not set when deriving the PMK as part of OWE key
generation. This depending on wpa_sm_set_pmk_from_pmksa() call resetting
the value to the default. While this worked for many cases, this is not
correct and can have issues with network profile selection based on
association information. For example, the OWE transition mode cases
would hit an issue here.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds new wpa_supplicant configuration parameters (go_interworking,
go_access_network_type, go_internet, go_venue_group, go_venue_type) to
add a possibility of configuring the P2P GO to advertise Interworking
element.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Update the default scan IEs when OCE is enabled/disabled to the
driver/firmware, so that the correct IEs will be sent out by the
driver/firmware in Probe Request frames.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new wpa_supplicant network parameter group_mgmt can be used to
specify which group management ciphers (AES-128-CMAC, BIP-GMAC-128,
BIP-GMAC-256, BIP-CMAC-256) are allowed for the network. If not
specified, the current behavior is maintained (i.e., follow what the AP
advertises). The parameter can list multiple space separate ciphers.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds phase1 parameter tls_suiteb=1 into wpa_supplicant
configuration to allow TLS library (only OpenSSL supported for now) to
use Suite B 192-bit level rules with RSA when using >= 3k (3072) keys.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new psk=<hexdump> can be used as an alternative to pass=<passphrase>
when configuring the DPP Configurator with a legacy network parameters.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, wowlan_triggers were updated in kernel only during startup.
Also update it whenever it is set from the control interface.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, the code that writes mesh_rssi_threshold to a network block
always executes, but the code that reads it from network block and the
code that initializes it to a default value in a new network block are
inside #ifdef CONFIG_MESH. As a result when writing a config file it
will write mesh_rssi_threshold (since it has a non-default value) and
later fail to read the network block.
Fix this by moving the write code under #ifdef CONFIG_MESH as well.
Note, network blocks which already have mesh_rssi_threshold because of
the bug will still fail to read after the fix.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
The introduction of radio works and a delayed callback to complete
association/connection requests ended up breaking RSN pre-authentication
candidate list generation for the case of pre-connection scan results.
Previously, wpa_supplicant_associate() set the RSN state machine
configuration before returning and the calls to
wpa_supplicant_rsn_preauth_scan_results() immediately after this
function call were working fine. However, with the radio work callback,
the RSN state machine configuration started to happen only in that
callback which would be called soon after this code path has completed.
This resulted in the RSN state machine not knowing the selected SSID and
as such, rejecting all pre-authentication candidates.
Fix this by setting the RSN state machine configuration from
wpa_supplicant_associate() so that the existing callers of
wpa_supplicant_rsn_preauth_scan_results() can be used as-is to add
candidates for pre-authentication.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
secy_init_macsec() can fail (if ->macsec_init fails), and
ieee802_1x_kay_init() should handle this and not let MKA run any
further, because nothing is going to work anyway.
On failure, ieee802_1x_kay_init() must deinit its kay, which will free
kay->ctx, so ieee802_1x_kay_init callers (only ieee802_1x_alloc_kay_sm)
must not do it. Before this patch there is a double-free of the ctx
argument when ieee802_1x_kay_deinit() was called.
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
When building wpa_ie in wpas_start_assoc_cb() with ext_capab,
make sure that assignment does not exceed max_wpa_ie_len.
Signed-off-by: Adiel Aloni <adiel.aloni@intel.com>
This introduces a new interface for mesh and adds a signal that
is similar to the control interface event MESH-GROUP-STARTED.
Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
The new "SET sae_commit_override <hexdump>" control interface command
can be used to force wpa_supplicant to override SAE commit message
fields for testing purposes. This is included only in
CONFIG_TESTING_OPTIONS=y builds.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
DPP tech spec changed the contents of these frames by replacing the
public key hash attributes with a Transaction ID attribute that gets
copied from the request to the response to identify the transaction in a
simpler manner.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, CONFIG_WNM enabled build that supports WNM for both
station mode and AP mode. However, in most wpa_supplicant cases only
station mode WNM is required and there is no need for AP mode WNM.
Add support to differentiate between station mode WNM and AP mode
WNM in wpa_supplicant builds by adding CONFIG_WNM_AP that should be
used when AP mode WNM support is required in addition to station mode
WNM. This allows binary size to be reduced for builds that require
only the station side WNM functionality.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
When setting the frequencies for beacon report request scan, it is
possible that a frequency is added twice (e.g., when the same channel
appears both in the channel field and in the AP channel report
subelement). This may cause the scan request to fail.
Make sure the frequencies array contains no duplications before
requesting the scan.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Send Radio Measurement response with measurement mode set to reject
in the following cases:
1. Reporting conditions is not supported.
2. No valid channels found for the measurement
Sending a response with an incapable indication will stop the AP from
sending other measurement requests of the same type as specified
in IEEE Std 802.11-2016, 11.11.6.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
When failing to trigger scan for beacon report (e.g., when the
requested duration is not supported by the driver), send a
Radio Measurement response with the mode set to refused and don't
retry the scan.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
IEEE Std 802.11-2016, 11.11.6 specifies that a station that is unable to
make a requested measurement or refuses to make a measurement shall
respond only if the measurement request was received within an
individually addressed radio measurement request frame, but shall not
respond if such a request was received in a group addressed frame.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Add a build option to select different default ciphers for OpenSSL
instead of the hardcoded default "DEFAULT:!EXP:!LOW".
This new option is useful on distributions where the security level
should be consistent for all applications, as in Fedora [1]. In such
cases the new configuration option would be set to "" or
"PROFILE=SYSTEM" to select the global crypto policy by default.
[1] https://fedoraproject.org/wiki/Changes/CryptoPolicy
Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
If an AP is not FILS capable and wpa_supplicant has a saved network
block for the network with FILS key management and a saved erp info,
wpa_supplicant might end up issuing a FILS connection to a non-FILS AP.
Fix this by looking for the presence of FILS AKMs in wpa_s->key_mgmt,
i.e., after deciding on the AKM suites to use for the current
connection.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
In case that an mbo object is allocated, but there is a failure
to resize the wpabuf, need to free the mbo object.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Scan results with parent TSF older than the scan start TSF are not added
to the beacon report since they are considered as scan results from
previous scans. However, for drivers that report the scan start TSF but
not the parent TSF of each scan result, the parent TSF will be zero so
valid scan results will be dropped.
Fix this by filtering scan results by the parent TSF only if the
driver supports reporting the parent TSF for each scan result.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Clear the get_pref_freq_list_override in p2p_ctrl_flush(). This fixes
the case when a dedicated P2P device interface is used.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
dpp.h file requires openssl in order to compile, which breaks
compilation on systems without it.
Move DPP_OUI_TYPE to ieee802_11_defs.h and don't include dpp.h when
not really needed.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
If a DFS forced frequency is provided in 'p2p_group_add' and the driver
supports DFS offload, the frequency was rejected in
wpas_p2p_init_go_params(). However, it was accepted in
wpas_p2p_select_go_freq() and wpas_p2p_group_add(). To make the behavior
consistent, the DFS frequency is now accepted in
wpas_p2p_init_go_params() similar to the way done in
wpas_p2p_select_go_freq().
Redundant check in wpas_p2p_group_add() for DFS forced frequency is
removed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add changes to control interface command get_capability to advertize
FILS capability, FILS AKMs suites, and FILS Authentication algorithms
based on the driver capabilities.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add support to scan for a specific BSSID through the wpa_supplicant
control interface.
Usage: wpa_cli scan bssid=ab:bc:cd🇩🇪ef:12
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The DPP Configurator can use this new command to generate its own signed
connector for the network that it manages.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
All the arguments to this command are optional, so do not mandate at
least one to be included in wpa_cli.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows wpa_supplicant to be configured to act as the configurator
in the case where a peer device initiates DPP Authentication.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>