Add the `sae_check_mfp` global option to limit SAE when PMF will
not be selected for the connection.
With this option SAE is avoided when the hardware is not capable
of PMF due to missing ciphers.
With this option SAE is avoided on capable hardware when the AP
does not enable PMF.
Allows falling back to PSK on drivers with the
WPA_DRIVER_FLAGS_SAE capability but do not support the BIP cipher
necessary for PMF. This enables configurations that can fall back
to WPA-PSK and avoid problems associating with APs configured
with `sae_require_mfp=1`.
Useful when `pmf=1` and `sae_check_mfp=1` are enabled and networks
are configured with ieee80211w=3 (default) and key_mgmt="WPA-PSK SAE".
In this configuration if the device is unable to use PMF due to
lacking BIP group ciphers it will avoid SAE and fallback to
WPA-PSK for that connection.
Signed-off-by: Jeffery Miller <jefferymiller@google.com>
When scanning for a new connection, we currently optimize by scanning
all frequencies only when our MCC capabilities will allow an additional
operating frequency, and scan only the existing operating frequencies
otherwise. This is problematic when there the current operating
frequency singularly accounts for one of the shared radio frequencies
because we should be able to switch operating frequencies without adding
to the channel count. Fix this.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
The Linux kernel expects to use the AP MLD address as destination and
BSSID addresses for non-Public Action frames when the current
association is MLO capable. Use the MLD addresses to support this.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
EAPOL-Key msg 1/4 indication can be received before association
indication from the driver. For MLO connection, the source address check
of such frames should be against the AP MLD address instead of the
associated link BSSID.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Compiler throws a warning for using bitwise operation in
wpa_s_setup_sae_pt() function instead of logical AND operation on two
boolean values.
Fixes: e81ec0962d ("SAE: Use H2E unconditionally with the new AKM suites")
Signed-off-by: Sunil Ravi <sunilravi@google.com>
Append the AP MLD address to CTRL-EVENT-CONNECTED when the current
connection uses MLO.
Signed-off-by: Aleti Nageshwar Reddy <quic_anageshw@quicinc.com>
The driver's SME may choose a BSS of a different ESS (SSID) compared to
the current SSID and trigger external authentication. If the chosen SSID
is not associated/selected before by wpa_supplicant it won't have the
H2E PT derived. Make sure to derive PT for SSID indicated in the
external authentication request.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
According to the OCE specification, the STA shall select the AKM in
priority order from the list below.
1. FT Authentication over FILS (SHA-384) 00-0F-AC:17
2. FILS (SHA-384) 00-0F-AC:15
3. FT Authentication over FILS (SHA-256) 00-0F-AC:16
4. FILS (SHA-256) 00-0F-AC:14
5. FT Authentication using IEEE Std 802.1X (SHA-256) 00-0F-AC:3
6. Authentication using IEEE Std 802.1X (SHA-256) 00-0F-AC:5
7. Authentication using IEEE Std 802.1X 00-0F-AC:1
Move the FT-FILS-SHA256 check to be after the FILS-SHA384 one to match
this.
Signed-off-by: Seongsu Choi <seongsu.choi@samsung.com>
Add support to configure SAE, PSK, and PSK-SHA256 AKMs in connect
request when driver's SME in use. This is needed for implementing
WPA3-Personal transition mode correctly with any driver that handles
roaming internally.
Send additional AKMs configured in network block to driver based on
the maximum number of AKMs allowed by driver in connect request. Keep
first AKM in the list AKMs in the connect request as AKM selected by
wpa_supplicant to maintain backwards compatibility.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Use the recently added attribute to determine whether the kernel
supports a larger number of AKM suites in various commands.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
CRYPTO_RSA_OAEP_SHA256 is not sufficient here since ssid->eap does not
exist without IEEE8021X_EAPOL.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The new SAE AKM suites are defined to use H2E, so ignore the sae_pwe
value when these AKM suites are used similarly to the way H2E gets
enabled when SAE Password Identifiers are used.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Define new WPA_KEY_MGMT_* values for the new SAE AKM suite selectors
with variable length keys. This includes updates to various mapping and
checking of the SAE key_mgmt values.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Use the existing helper function instead of maintaining multiple copies
of lists of SAE key management suites.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Move most of CHANWIDTH_* definitions from ieee80211_defs.h to defs.h as
the definitions are getting used mostly for internal purpose only. Also
change prefix of the definitions to CONF_OPER_CHWIDTH_* and update in
all the files accordingly.
Leave the couple of VHT-specific exceptions to use the old defines (the
reason why they were originally added as VHT values), to avoid use of
clearly marked configuration values in information elements. In
addition, use the defines instead of magic values where appropriate.
Signed-off-by: Aleti Nageshwar Reddy <quic_anageshw@quicinc.com>
For hidden GBK encoding of a Chinese SSID, both the UTF-8 and GBK
encoding profiles are added into wpa_supplicant to make sure the
connection succeeds. In this situation, wpa_supplicant_select_network()
will not be called so current_ssid is NULL when association begins.
Android monitors the WPA_EVENT_STATE_CHANGE event to get the SSID and
BSSID. When connecting to a Chinese SSID, in case of association
rejection happens, Android will report null SSID to OEM APP because
current_ssid is updated after wpa_supplicant_set_state(wpa_s,
WPA_ASSOCIATING), which may cause confusion.
Fix this by setting the current_ssid before changing state to
ASSOCIATING.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Use imsi_privacy_cert as the name of the configuration parameter for the
X.509v3 certificate that contains the RSA public key needed for IMSI
privacy. The only allowed format for this information is a PEM-encoded
X.509 certificate, so the previous name was somewhat confusing.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Disable a network profile that has set the imsi_privacy_key if a valid
key cannot be read from the specified file. Previously, this check was
done only after having associated, but there is no point in associating
just to see EAP authentication fail in such a case. This is needed for
avoiding connection attempts if the X.509 certificate for IMSI privacy
has expired.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
It looks like fst_wpa_obj::get_hw_modes would have been left
uninitialized in hostapd. It is not obviously clear why this would not
have caused issues earlier, but in any case, better make this set
properly to allow unexpected behavior should that function pointer ever
be used.
Signed-off-by: Jouni Malinen <j@w1.fi>
This information was already available from the nl80211 control port RX
path, but it was not provided to upper layers within wpa_supplicant and
hostapd. It can be helpful, so parse the information from the driver
event.
Signed-off-by: Jouni Malinen <j@w1.fi>
pbkdf2_sha1() may return errors and this should be checked in calls.
This is especially an issue with FIPS builds because the FIPS
requirement is that the password must be at least 14 characters.
Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
Modify hostapd_set_freq_params() to include EHT parameters and update
the calling functions to match.
Signed-off-by: Muna Sinada <quic_msinada@quicinc.com>
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
It would have been possible for the authentication attemps to go into a
loop if the AP/Authenticator/authentication server were to believe EAP
authentication succeeded when the local conclusion in Supplicant was
failure. Avoid this by timing out authentication immediately on the
second consecutive EAP authentication failure.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
To support the STA testbed role, the STA has to disable transmitting
EAPOL-Key group msg 2/2 of Group Key Handshake. Add test parameter to
disable sending EAPOL-Key group msg 2/2 of Group Key Handshake.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
It was possible for at least the wpa_s->last_ssid to be left pointing to
a removed network which could result in processing the following
association as a reassociation-within-an-ESS even when it was moving to
a different ESS. This could result in unexpected behavior. This was
found with the following test case sequence:
sigma_dut_ap_psk_sae_ft sae_h2e_password_id ap_wps_pk_oom sigma_dut_client_privacy
Move clearing of wpa_s->last_ssid and wpa_s->current_ssid into
wpas_notify_network_removed() to catch all cases similarily to the way
wpa_s->next_ssid was already cleared.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
It looks like the recently added roam_in_progress and
bss_trans_mgmt_in_progress flags could end up getting set, but not
cleared, in some cases. Make sure these get cleared on explicit
disconnection request and also in case the SME-in-driver path is used
(while that path does not really use these flags yet, it is better to
not allow them to be forgotten to be set should it be extended to cover
similar functionality).
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This allows the same functions to be used for both the control interface
and the D-Bus interface.
Signed-off-by: Damien Dejean <damiendejean@chromium.org>
Since the 6 GHz band has no DFS channels, enable 6 GHz 160 MHz bandwidth
as the default configuration for IEEE 802.11s mesh.
example:
network={
ssid="6gmesh160"
key_mgmt=SAE
mode=5
frequency=6275
psk="1234567890"
}
Signed-off-by: P Praneesh <ppranees@codeaurora.org>
Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
Channel numbers of the 6 GHz band overlap those of the 2.4 GHz and 5 GHz
bands. Thus converting to frequency based mesh channel selection helps
accommodate 6 GHz mesh.
Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
Some distros carry patches to specify driver fallback, but only in
specific conditions (e.g. the systemd service definition[1]). This leaves
other wpa_supplicant instances needing to define fallback themselves,
which leads to places where wpa_supplicant thinks it can't find a
driver[2]. Instead, when -D is not specified, have wpa_supplicant try
all the drivers it was built with in an attempt to find a working one
instead of just giving up if the first doesn't work.
[1] https://salsa.debian.org/debian/wpa/-/blob/debian/unstable/debian/patches/networkd-driver-fallback.patch
[2] https://bugs.launchpad.net/netplan/+bug/1814012
Signed-off-by: Kees Cook <kees@ubuntu.com>
After roaming from WPA2-AP (group=CCMP) to WPA-AP (group=TKIP) using
driver-based SME and roaming trigger, GTK renewal failures are observed
for the currently associated WPA-AP because of group cipher mismatch,
resulting in deauthentication with the AP.
Update the group cipher and pairwise cipher values in wpa_sm from
association event received from the driver in case of SME offload to the
driver to address GTK renewal failures (and similar issues) that could
happen when the driver/firmware roams between APs with different
security profiles.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add an explicit check for modes != NULL instead of depending on
num_modes > 0 implying that. This is to silence invalid static analyzer
reports.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Indicate DSCP Policy capability by including a WFA Capabilities element
containing the relevant bit set to 1 in the (Re)Association Request
frames when enabled by user.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
Add support to parse received DSCP Policy Request frames and send the
request details as control interface events.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
This function is not specific to GAS, so make it available throughout
wpa_supplicant without requiring CONFIG_GAS.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
"SET disable_mscs_support 1" can be used to disable indication of MSCS
support in the Extended Capabilities element for testing purposes. This
is also disabling addition of the MSCS element even if valid
configuration parameters had been configured.
Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
Add support to receive and process SCS Response frames from the AP and
indicate the status to upper layers.
Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
"SET disable_scs_support 1" can be used to disable indication of SCS
support in the Extended Capabilities element for testing purposes.
Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
Add support to parse SCS control interface command and form the SCS
Request frame to be sent to SCS enabled AP.
Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
P2P connections in the 6 GHz band use SAE authentication algorithm after
getting credentials with WPS connection. During WPS connection as it
doesn't use SAE, SAE PT is not derived. After getting SAE credentials,
the STA connects to the same SSID using SAE auth algorithm. Earlier, SAE
H2E PT was not derived while connecting to the same SSID to which the
STA is connected last time. Due to this, the P2P group formation fails
for 6 GHz channels when H2E is enabled as the PT will not be setup by
the P2P client before proceeding to the SAE authentication. Same could
happen with infrastructure WPS when wps_cred_add_sae=1 is used.
Set up the SAE H2E PT while connecting to the same SSID again also to
make sure that the H2E PT is set up in the STA to derive the PWE for
successful SAE authentication. The PT derivation will be skipped in
wpa_s_setup_sae_pt() if PT is already available for that SSID.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
External applications can store PMKSA entries persistently and
reconfigure them to wpa_supplicant after restart. This can result in
wpa_supplicant having a PMKSA for FILS authentication without having
matching ERP keys for it which would prevent the previously added
mechanism for dropping FILS PMKSA entries to recover from rejected
association attempts.
Fix this by clearing PMKSA entries configured by external applications
upon FILS connection failure even when ERP keys are not available.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
wpa_supplicant generates both a PMKSA cache entry and ERP keys upon
successful FILS connection and uses FILS authentication algorithm for
subsequent connections when either ERP keys or a PMKSA cache entry is
available.
In some cases, like AP/RADIUS server restart, both ERP keys and PMKSA
becomes invalid. But currently when an AP rejects an association,
wpa_supplicant marks only ERP keys as failed but not clearing PMKSA.
Since PMKSA is not cleared, consecutive connection attempts are still
happening with FILS authentication algorithm and connection attempts are
failing with the same association rejection again instead of trying to
recover from the state mismatch by deriving a new ERP key hierarchy.
Clear PMKSA entries as well on association rejection from an AP to allow
the following connection attempt to go with open authentication to
re-establish a valid ERP key hierarchy. Also, since clearing PMKSA
entries on unprotected (Re)Association Response frames could allow DoS
attack (reduce usability of PMKSA caching), clear PMKSA entries only
when ERP keys exists.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
It is safer to remove and free these entries with a shared helper
function to avoid issues with potentially forgetting to unregister or
free something if this structure is extended in the future.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
When a STA makes an association request that is rejected by an OCE AP
due to the RSSI being insufficient, the AP is added to the driver
disallow list by wpa_set_driver_tmp_disallow_list().
Once the AP increases TX power which makes the AP RSSI higher than
Association Rejection RSSI threshold, the AP is supposed to be removed
from the driver disallow list but that was not the case.
wpa_is_bss_tmp_disallowed() is called in the scan result handler, so it
is the best place to put the logic of removing the AP from the driver
disallow list with sufficient AP RSSI.
This is needed with drivers that use the temporarily disallowed BSS list
(which is currently supported only with a QCA vendor command). The
wpa_supplicant internal functionality was already taking care of this
with the wpa_is_bss_tmp_disallowed() return value even for cases where
the entry remaining in the list.
Signed-off-by: Hu Wang <huw@codeaurora.org>
