Commit graph

774 commits

Author SHA1 Message Date
Beniamino Galvani
1c58317f56 D-Bus: Allow changing an interface bridge via D-Bus
D-Bus clients can call CreateInterface() once and use the resulting
Interface object to connect multiple times to different networks.

However, if the network interface gets added to a bridge, clients
currently have to remove the Interface object and create a new one.

Improve this by supporting the change of the BridgeIfname property of
an existing Interface object.

Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
2020-10-09 15:18:10 +03:00
Veerendranath Jakkam
93a73ce028 MSCS: Fix issues due to incorrect usage of wpa_hexdump_buf()
Previously wpabuf_head() of the buffer is passed to wpa_hexdump_buf()
instead of the wpabuf struct itself and it was causing wpa_supplicant to
crash. Fix this by using the correct pointer in the debug prints.

Fixes: a118047245 ("MSCS: Add support to send MSCS Request frames")
Fixes: c504ff5398 ("MSCS: Add support to populate MSCS Descriptor IE in (Re)AssocReq")
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-09-08 19:38:35 +03:00
Vinita S. Maloo
d21dde9dac MSCS: Send MSCS change/remove frames only if MSCS setup exists
Allow MSCS change/remove request to be sent only after an initial setup,
i.e., after an add request has been accepted.

Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
2020-08-14 11:53:37 +03:00
Vinita S. Maloo
c504ff5398 MSCS: Add support to populate MSCS Descriptor IE in (Re)AssocReq
Include the MSCS Descriptor IE in the (Re)Association Request frames to
setup MSCS between the AP and the STA during association.

Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
2020-08-14 11:53:37 +03:00
Vinita S. Maloo
a118047245 MSCS: Add support to send MSCS Request frames
Add support to send MSCS add/change/remove types of Action frames
to the connected AP.

Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
2020-08-14 11:53:35 +03:00
Jouni Malinen
2a58968d39 SAE-PK: Allow SAE-PK password to be set using the psk parameter
Only the sae_password parameter was previously accepted for SAE-PK use.
That is not sufficient for covering mixed SAE+PSK cases. Extend this by
allowing the psk parameter to be used as well just like it can be used
for SAE without SAE-PK.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-08-07 00:49:00 +03:00
Veerendranath Jakkam
b28b9dfcbf OCV: OCI channel override support for testing (STA)
Add override parameters to use the specified channel while populating
OCI element in EAPOL-Key group msg 2/2, FT reassoc request, FILS assoc
request and WNM sleep request frames.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-08-03 11:02:13 +03:00
Jouni Malinen
f4877083ec Rename driver op for temporarily disallowed BSSIDs
Use the "tmp_disallow" name more consistently so that both the core
wpa_supplicant functionality (struct wpa_bss_tmp_disallowed) and the
wpa_driver_ops callback have more similar names.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-24 12:26:09 +03:00
Vinita S. Maloo
d0819a11cc FILS: Use FILS auth alg when connecting using PMKSA caching
When a PMKSA cache entry is available and used for connection with FILS
key management suite, use FILS authentication algorithm for connection
even if ERP keys are not available. This scenario may happen when
applications using wpa_supplicant cache persistently only PMKSA but not
ERP keys and reconfigures wpa_supplicant with PMKSA cache after
restarting wpa_supplicant.

The previous implementation correctly handles SME-in-wpa_supplicant
cases. However, SME-in-driver cases, complete FILS authentication
without PMKSA caching is performed.

Fix SME-in-driver behavior by setting authentication algorithm to
WPA_AUTH_ALG_FILS when connecting to a FILS AP using PMKSA caching.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-24 00:29:58 +03:00
Jouni Malinen
518be614f1 SAE-PK: Advertise RSNXE capability bit in STA mode
Set the SAE-PK capability bit in RSNXE when sending out (Re)Association
Request frame for a network profile that allows use of SAE-PK.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-10 12:47:07 +03:00
Jouni Malinen
e7aeb6d8ac SAE-PK: STA functionality
This adds STA side functionality for SAE-PK. This version enables SAE-PK
automatically based on the configured SAE password value if the selected
AP advertises support for SAE-PK.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-02 23:25:22 +03:00
Vamsi Krishna
2d118f557a OCV: Add support to override channel info OCI element (STA)
To support the STA testbed role, the STA has to use specified channel
information in OCI element sent to the AP in EAPOL-Key msg 2/4, SA Query
Request, and SA Query Response frames. Add override parameters to use
the specified channel while populating OCI element in all these frames.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-25 18:01:44 +03:00
Jouni Malinen
12c8eacf73 DPP: Allow version number to be overridden for testing purposes
"SET dpp_version_override <ver>" can now be used to request
wpa_supplicant and hostapd to support a subset of DPP versions. In
practice, the only valid case for now is to fall back from DPP version 2
support to version 1 in builds that include CONFIG_DPP2=y.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 00:37:45 +03:00
Jouni Malinen
143e3d8bc5 DPP2: Add DPP KDE into EAPOL-Key msg 2/4 when using DPP AKM
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 00:37:44 +03:00
Jouni Malinen
1f5f000086 DPP2: Try to negotiate PFS only if AP supports version 2 or newer
Check AP's DPP Protocol Version during network introduction and mark the
PMKSA cache as suitable for PFS use with version 2 or newer. This avoids
unnecessary attempt of negotiating PFS with version 1 APs.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 00:37:44 +03:00
Jouni Malinen
3d58e8286f FILS: Convert Boolean to C99 bool
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-24 17:06:50 +03:00
Jouni Malinen
da8478a1ab EAPOL supp: Convert Boolean to C99 bool
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-24 17:06:50 +03:00
Jouni Malinen
37e3501bf7 FST: Convert Boolean to C99 bool
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-24 17:06:50 +03:00
Jouni Malinen
2c70b7d0b4 Do not open l2_packet(EAPOL) for receive unnecessarily
If the driver supports control port for EAPOL RX, do not register
l2_packet for RX to minimize unnecessary operation load.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-19 17:42:41 +03:00
Jouni Malinen
c3bb8865a0 Clean up l2_packet_get_own_addr() call
There is no need for this to be outside the if block that is used to
check whether l2_packet is used for the interface.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-19 16:50:56 +03:00
Jouni Malinen
9d6334e811 Do not open l2_packet bridge workaround socket if control port is used
This allows wpa_supplicant to avoid the packet socket workaround for
cases where a bridge interface is used if the driver supports control
port for EAPOL frame TX and RX.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-19 16:50:56 +03:00
Jouni Malinen
bb9e3935dd driver: Add second driver capability flags bitmap
All 64 bits of the capability flags bitmap are used, so add a new
variable to hold future capability bits.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-19 15:53:02 +03:00
Jouni Malinen
b2d8dc59f4 FT: Testing override for RSNXE Used subfield in FTE
Allow wpa_supplicant to be requested to override the RSNXE Used subfield
in FT reassociation case for testing purposes with "SET ft_rsnxe_used
<0/1/2>" where 0 = no override, 1 = override to 1, and 2 = override to
0.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-14 16:37:35 +03:00
P Praneesh
7c8f540ee0 wpa_supplicant: Add HE override support
Add HE override support under the build parameter CONFIG_HE_OVERRIDES=y.
The disable_he=1 network profile parameter can be used to disable HE.
This requires a fallback to VHT on the 5 GHz band and to HT on the 2.4
GHz band.

There is no nl80211 support for configuring the driver to disable HE, so
for now, this applies only to IBSS and mesh cases.

Signed-off-by: P Praneesh <ppranees@codeaurora.org>
2020-03-30 12:55:01 +03:00
Jouni Malinen
5058f771d9 DPP2: Allow station to require or not allow PFS
The new wpa_supplicant network profile parameter dpp_pfs can be used to
specify how PFS is applied to associations. The default behavior
(dpp_pfs=0) remains same as it was previously, i.e., try to use PFS if
the AP supports it. PFS use can now be required (dpp_pfs=1) or disabled
(dpp_pfs=2).

This is also working around an interoperability issue of DPP R2 STA with
certain hostapd builds that included both OWE and DPP functionality.
That issue was introduced by commit 09368515d1 ("OWE: Process
Diffie-Hellman Parameter element in AP mode") and removed by commit
16a4e931f0 ("OWE: Allow Diffie-Hellman Parameter element to be
included with DPP"). hostapd builds between those two commits would
reject DPP association attempt with PFS. The new wpa_supplicant default
(dpp_pfs=0) behavior is to automatically try to connect again with PFS
disabled if that happens.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-28 17:23:22 +02:00
Alexander Wetzel
8ca6f924d6 STA: Fix wpa_clear_keys() PTK key deletion logic
We have to delete PTK keys when either BIT(0) or BIT(15) are zero and
not only when both are zero.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-26 00:33:17 +02:00
Alexander Wetzel
b17b7a8e53 STA: Support Extended Key ID
Support Extended Key ID in wpa_supplicant according to
IEEE Std 802.11-2016 for infrastructure (AP) associations.

Extended Key ID allows to rekey pairwise keys without the otherwise
unavoidable MPDU losses on a busy link. The standard is fully backward
compatible, allowing STAs to also connect to APs not supporting it.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-23 11:47:31 +02:00
Jouni Malinen
f21fbfb977 Allow RSNE in EAPOL-Key msg 2/4 to be overridden for testing purposes
The new wpa_supplicant control interface parameter rsne_override_eapol
can be used similarly to the earlier rsnxe_override_eapol to override
the RSNE value added into EAPOL-Key msg 2/4.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-15 11:11:38 +02:00
Jouni Malinen
e861fa1f6b Move the "WPA: AP key_mgmt" debug print to be after final changes
Driver capabilities may end up masking out some WPA_KEY_MGMT_* bits, so
debug print the outcome only after having performed all these steps.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-13 20:01:53 +02:00
Gurumoorthi Gnanasambandhan
1d9cff86bd Multi-AP: Set 4-address mode after network selection
Split multi_ap_process_assoc_resp() to set 4-address mode after network
selection. Previously, wpa_s->current_ssid might have been NULL in some
cases and that would have resulted in 4-address mode not getting enabled
properly.

Signed-off-by: Gurumoorthi Gnanasambandhan <gguru@codeaurora.org>
2020-03-13 17:00:19 +02:00
Ananya Barat
2b9713d616 Fill the current opclass in (Re)AssocRequest depending on HT/VHT IEs
The previous implementation was assuming a fixed 20 MHz channel
bandwidth when determining which operating class value to indicate as
the Current Operating Class in the Supported Operating Classes element.
This is not accurate for many HT/VHT cases.

Fix this by determining the current operating class (i.e., the operating
class used for the requested association) based on the HT/VHT operation
elements from scan results.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-11 18:30:31 +02:00
Arturo Buzarra
1f13c1393c mesh: Fix CONFIG_HT_OVERRIDES build without CONFIG_VHT_OVERRIDES
Commit e5a9b1e8a3 ("mesh: Implement use of VHT20 config in mesh mode")
introduced the possibility to check the disable_vht param. However, this
entry is only available when CONFIG_VHT_OVERRIDES is enabled and as
such, this broke the build for some cases.

Fix this by encapsulating VHT property with the proper CONFIG entry.

Fixes: e5a9b1e8a3 ("mesh: Implement use of VHT20 config in mesh mode")
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
2020-03-10 22:55:16 +02:00
Pradeep Kumar Chitrapu
43282f7329 mesh: Fix HE enablement on 5 GHz with VHT
Incorrect he_enabled parameter was being passed to
hostapd_set_freq_params() in mesh which caused HE to be not fully
enabled on the 5 GHz band. Fix this by setting freq->he_enabled instead
of vht_freq.he_enabled so that the hostapd_set_freq_params() uses the
correct he_enabled value (and then ends up copying this to
vht_freq.he_enabled in the success case).

Fixes: 6e711e7ab3 ("mesh: Do not enable HE on 5 GHz without VHT")
Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
2020-03-02 19:54:35 +02:00
Jouni Malinen
852d370f65 Silence a compiler warning in no-WEP and no-EAP builds
wep_keys_set was not used in wpas_start_assoc_cb() without
IEEE8021X_EAPOL, so need to make this local variable conditional on
build options.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-01 20:57:14 +02:00
Jouni Malinen
200c7693c9 Make WEP functionality an optional build parameter
WEP should not be used for anything anymore. As a step towards removing
it completely, move all WEP related functionality to be within
CONFIG_WEP blocks. This will be included in builds only if CONFIG_WEP=y
is explicitly set in build configuration.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-29 17:45:25 +02:00
Alexander Wetzel
1f90a49d02 STA: Allow PTK rekeying without Ext KeyID to be disabled as a workaround
Rekeying a pairwise key using only keyid 0 (PTK0 rekey) has many broken
implementations and should be avoided when using or interacting with
one. The effects can be triggered by either end of the connection and
range from hardly noticeable disconnects over long connection freezes up
to leaking clear text MPDUs.

To allow affected users to mitigate the issues, add a new configuration
option "wpa_deny_ptk0_rekey" to replace all PTK0 rekeys with fast
reconnects.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-02-23 13:05:19 +02:00
Didier Raboud
8155b36fae Fix VERSION_STR printf() calls in case the postfix strings include %
Do not use VERSION_STR directly as the format string to printf() since
it is possible for that string to contain '%'.

Signed-off-by: Didier Raboud <odyx@debian.org>
2020-02-17 19:17:10 +02:00
Jouni Malinen
466e48dcd7 HT: Remove SMPS in AP mode
SM Power Save was described in somewhat unclear manner in IEEE Std
802.11n-2009 as far the use of it locally in an AP to save power. That
was clarified in IEEE Std 802.11-2016 to allow only a non-AP STA to use
SMPS while the AP is required to support an associated STA doing so. The
AP itself cannot use SMPS locally and the HT Capability advertisement
for this is not appropriate.

Remove the parts of SMPS support that involve the AP using it locally.
In practice, this reverts the following commits:
04ee647d58 ("HT: Let the driver advertise its supported SMPS modes for AP mode")
8f461b50cf ("HT: Pass the smps_mode in AP parameters")
da1080d721 ("nl80211: Advertise and configure SMPS modes")

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-16 13:58:54 +02:00
Matthew Wang
23dc196fde Check for FT support when selecting FT suites
A driver supports FT if it either supports SME or the
NL80211_CMD_UPDATE_FT_IES command. When selecting AKM suites,
wpa_supplicant currently doesn't take into account whether or not either
of those conditions are met. This can cause association failures, e.g.,
when an AP supports both WPA-EAP and FT-EAP but the driver doesn't
support FT (wpa_supplicant will decide to do FT-EAP since it is unaware
the driver doesn't support it). This change allows an FT suite to be
selected only when the driver also supports FT.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
Reviewed-by: Brian Norris <briannorris@chromium.org>
2020-02-10 06:43:38 +02:00
Jouni Malinen
641d79f165 SAE: Special test mode sae_pwe=3 for looping with password identifier
The new sae_pwe=3 mode can be used to test non-compliant behavior with
SAE Password Identifiers. This can be used to force use of
hunting-and-pecking loop for PWE derivation when Password Identifier is
used. This is not allowed by the standard and as such, this
functionality is aimed at compliance testing.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-10 05:13:13 +02:00
Vamsi Krishna
d0e116f61f Enhance get_mode() to return correct hw_mode with 6 GHz support
The 5 GHz channels are stored in one hw_features set with mode
HOSTAPD_MODE_IEEE80211A while the 6 GHz channels will need to be stored
in a separate hw_features set (but with same mode
HOSTAPD_MODE_IEEE80211A) due to possibility of different HT/VHT/HE
capabilities being available between the 5 GHz and 6 GHz bands.

Iterate through all hw_features sets and check and match the band of
channel supported by the hw_features set while getting the hw_features
set in get_mode(). This allows both the 5 GHz and 6 GHz channels to be
found and correct capabilities to be used in cases where the driver
reports different capability values between 5 and 6 GHz channels.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-23 15:48:51 +02:00
Jouni Malinen
e36a5894d0 SAE: Use H2E whenever Password Identifier is used
IEEE P802.11-REVmd was modified to require H2E to be used whenever
Password Identifier is used with SAE.

See this document for more details of the approved changes:
https://mentor.ieee.org/802.11/dcn/19/11-19-2154-02-000m-sae-anti-clogging-token.docx

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-21 13:13:56 +02:00
Alexander Wetzel
a919a26035 Introduce and add key_flag
Add the new set_key() parameter "key_flag" to provide more specific
description of what type of a key is being configured. This is needed to
be able to add support for "Extended Key ID for Individually Addressed
Frames" from IEEE Std 802.11-2016. In addition, this may be used to
replace the set_tx boolean eventually once all the driver wrappers have
moved to using the new key_flag.

The following flag are defined:

  KEY_FLAG_MODIFY
    Set when an already installed key must be updated.
    So far the only use-case is changing RX/TX status of installed
    keys. Must not be set when deleting a key.

  KEY_FLAG_DEFAULT
    Set when the key is also a default key. Must not be set when
    deleting a key. (This is the replacement for set_tx.)

  KEY_FLAG_RX
    The key is valid for RX. Must not be set when deleting a key.

  KEY_FLAG_TX
    The key is valid for TX. Must not be set when deleting a key.

  KEY_FLAG_GROUP
    The key is a broadcast or group key.

  KEY_FLAG_PAIRWISE
    The key is a pairwise key.

  KEY_FLAG_PMK
    The key is a Pairwise Master Key (PMK).

Predefined and needed flag combinations so far are:

  KEY_FLAG_GROUP_RX_TX
    WEP key not used as default key (yet).

  KEY_FLAG_GROUP_RX_TX_DEFAULT
    Default WEP or WPA-NONE key.

  KEY_FLAG_GROUP_RX
    GTK key valid for RX only.

  KEY_FLAG_GROUP_TX_DEFAULT
    GTK key valid for TX only, immediately taking over TX.

  KEY_FLAG_PAIRWISE_RX_TX
    Pairwise key immediately becoming the active pairwise key.

  KEY_FLAG_PAIRWISE_RX
    Pairwise key not yet valid for TX. (Only usable with Extended Key ID
    support.)

  KEY_FLAG_PAIRWISE_RX_TX_MODIFY
    Enable TX for a pairwise key installed with KEY_FLAG_PAIRWISE_RX.

  KEY_FLAG_RX_TX
    Not a valid standalone key type and can only used in combination
    with other flags to mark a key for RX/TX.

This commit is not changing any functionality. It just adds the new
key_flag to all hostapd/wpa_supplicant set_key() functions without using
it, yet.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-01-09 12:38:36 +02:00
Jouni Malinen
6c57019376 Test functionality to override driver reported signal levels
"SET driver_signal_override <BSSID> [<si_signal< <si_avg_signal>
<si_avg_beacon_signal> <si_noise> <scan_level>]" command can now be used
to request wpa_supplicant to override driver reported signal levels for
signal_poll and scan results. This can be used to test roaming behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-02 20:34:39 +02:00
Jouni Malinen
ad2f096609 Maintain BSS entries for 5 seconds after interface is disabled
This is targeting the case of MAC address change for an association
which may require the interface to be set down for a short moment.
Previously, this ended up flushing the BSS table that wpa_supplicant
maintained and that resulted in having to scan again if the MAC address
was changed between the previous scan and the connection attempt. This
is unnecessary extra latency, so maintain the BSS entries for 5 seconds
(i.e., the same time that the old scan results are consider valid for a
new connection attempt) after an interface goes down.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-02 12:58:58 +02:00
Alfonso Sánchez-Beato
02c21c02d0 wpa_supplicant: Do not disconnect on deinit if WoWLAN is enabled
Do not disconnect on interface deinit when WoWLAN is enabled, so we can
boot the system with WoWLAN after S5 (poweroff).

Signed-off-by: Alfonso Sanchez-Beato <alfonso.sanchez-beato@canonical.com>
2019-12-30 18:51:06 +02:00
Jouni Malinen
53661e3a9a Allow debug log to be written to both syslog and file
If hostapd or wpa_supplicant is started with both -s and -f command line
arguments, debug log ended up being written only into syslog and the log
file was left empty. Change this so that the log entries will be written
to both places. Either -s or -f (or both) results in debug log to stdout
being disabled which was already the case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-28 18:28:10 +02:00
Ankita Bajaj
5f9b4afdfa Use frequency in HT/VHT validation steps done before starting AP
Using the channel parameter for validating allowed channel combinations
is not scalable to add 6 GHz support in the future since channel numbers
are duplicated between 2.4 GHz / 5 GHz bands and 6 GHz band. Hence use
frequency field for all channel combination validation steps done before
starting AP.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-20 13:05:39 +02:00
Jouni Malinen
1325655397 SAE H2E: RSNXE override for testing purposes
"SET rsnxe_override_{assoc,eapol} <hexdump>" can now be used to override
RSNXE in (Re)Association Request frames and EAPOL-Key msg 2/4 for
testing purposes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-07 12:54:54 +02:00
Jouni Malinen
b834e97003 SAE H2E: Testing option to report extra rejected groups
"SET extra_sae_rejected_groups <groups>" can now be used to enable test
mode in which wpa_supplicant will report additional groups (configured
as space separated integers) when using SAE H2E.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-07 00:26:13 +02:00
Jouni Malinen
6d6c887751 SAE: Add RSNXE in Association Request and EAPOL-Key msg 2/4
Add the new RSNXE into (Re)Association Request frames and EAPOL-Key msg
2/4 when using SAE with hash-to-element mechanism enabled. This allows
the AP to verify that there was no downgrade attack when both PWE
derivation mechanisms are enabled.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-17 16:54:05 +03:00
Dedy Lansky
cdb5774f42 FST: Update FST about MAC address change
Notify FST module upon MAC address change. FST module will update the
Multiband IE accordingly.

Signed-off-by: Dedy Lansky <dlansky@codeaurora.org>
2019-10-15 15:39:22 +03:00
Jouni Malinen
447cd5f2df SAE: Collect list of rejected groups for H2E in STA
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-15 15:39:22 +03:00
Jouni Malinen
05a2fb0d11 SAE: Derive H2E PT in STA before connection
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-15 15:39:22 +03:00
Jouni Malinen
146889e3ca RSN: Verify RSNXE match between Beacon/ProbeResp and EAPOL-Key msg 3/4
If the AP advertises RSN Extension element, it has to be advertised
consistently in the unprotected (Beacon and Probe Response) and
protected (EAPOL-Key msg 3/4) frames. Verify that this is the case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-15 15:39:22 +03:00
Alexei Avshalom Lazar
a82aee1f40 wpa_supplicant: Add support for EDMG channels
As part of a connection request, set EDMG parameters for the driver to
use in the association. The EDMG parameters are based on EDMG IE
received from the AP's Probe Response frames, the driver's EDMG
capability, and the EDMG configuration from the configuration.

As part of starting an AP, set EDMG parameters for the driver to use for
AP operation. The EDMG parameters are based on the driver's EDMG
capability and the EDMG configuration from the configuration.

This implementation is limited to CB2 (channel bonding of 2 channels)
and the bonded channels must be adjacent, i.e., the supported values for
edmg_channel are 9..13.

Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
2019-10-07 17:20:41 +03:00
Alexei Avshalom Lazar
bebd91e9c4 Add EDMG parameters to set_freq functions
This updates the frequency parameter setting functions to include
argument for EDMG.

Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
2019-10-07 16:59:23 +03:00
Vamsi Krishna
2e06cef80a MBO/OCE: Work around misbehaving MBO/OCE APs that use RSN without PMF
The MBO and OCE specification require the station to mandate use of PMF
when connecting to an MBO/OCE AP that uses WPA2. The earlier
implementation prevented such misbehaving APs from being selected for
connection completely. This looks like the safest approach to take, but
unfortunately, there are deployed APs that are not compliant with the
MBO/OCE requirements and this strict interpretation of the station
requirements results in interoperability issues by preventing the
association completely.

Relax the approach by allowing noncompliant MBO/OCE APs to be selected
for RSN connection without PMF to avoid the main impact of this
interoperability issue. However, disable MBO/OCE functionality when PMF
cannot be negotiated to try to be as compliant as practical with the
MBO/OCE tech spec requirements (i.e., stop being an MBO/OCE STA for the
duration of such workaround association). Also disable support for BTM
in this workaround state since MBO would expect all BTM frames to be
protected.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-21 00:58:33 +03:00
Jouni Malinen
16ef233bf1 DPP2: Connection status result (Enrollee)
Add support for reporting connection status after provisioning if the
Configurator requests this.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-16 17:25:34 +03:00
Mikael Kanstrup
8788a314d7 WPS: Update MAC address on address changes
The WPS component keeps a copy of the network interface MAC address.
When MAC address is changed the WPS copy was not updated so WPS M1
message contained the old address. Some devices check this field
and fail connection attempts.

Update the WPS MAC address on interface MAC address changes.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sony.com>
2019-09-09 16:49:34 +03:00
Ankita Bajaj
a8bfc6fff2 FILS: Update connect params after sending connection notification
Update connect params will update auth_alg and fils_hlp_req in
wpa_supplicant structure before calling function
wpas_notify_state_changed(). This could have resulted in triggering
inconsistent state change events and messages in the Android framework.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-08 17:50:23 +03:00
Jouni Malinen
7d2ed8bae8 Remove CONFIG_IEEE80211W build parameter
Hardcode this to be defined and remove the separate build options for
PMF since this functionality is needed with large number of newer
protocol extensions and is also something that should be enabled in all
WPA2/WPA3 networks.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-09-08 17:33:40 +03:00
Jouni Malinen
b99c4cadb7 EAP peer: Move certificate configuration params into shared struct
These parameters for certificate authentication are identical for the
Phase 1 (EAP-TLS alone) and Phase 2 (EAP-TLS inside a TLS tunnel).
Furthermore, yet another copy would be needed to support separate
machine credential in Phase 2. Clean this up by moving the shared
parameters into a separate data struct that can then be used for each
need without having to define separate struct members for each use.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-09-01 17:19:31 +03:00
Sven Eckelmann
6e711e7ab3 mesh: Do not enable HE on 5 GHz without VHT
The commit ad9a1bfe78 ("nl80211: Share VHT channel configuration for
HE") always enforced that VHT is enabled when HE was enabled. This broke
the mesh functionality on 2.4 GHz with HE because ibss_mesh_setup_freq()
isn't setting up the VHT parameters for 2.4 GHz.

This problem was resolved for 2.4 GHz by commit df4f959988 ("nl80211:
Don't force VHT channel definition with HE"), but it is still possible
to disable VHT during the mesh/IBSS freq setup on 5 GHz - which would
result in the same problem as seen on 2.4 GHz.

The code enabling HE for IBSS/mesh must now make sure that it doesn't
enable HE when VHT could be enforced by the nl80211 driver code but
disabled by the user.

Fixes: 3459c54ac7 ("mesh: Add support for HE mode")
Signed-off-by: Sven Eckelmann <seckelmann@datto.com>
2019-08-30 16:02:23 +03:00
Sunil Dutt
e0b331d896 OWE: Update connect params with new DH attributes to the driver
A new DH public key is sent through this interface to the driver after
every successful connection/roam to a BSS. This helps to do OWE roaming
to a new BSS with drivers that implement SME/MLME operations during
roaming.

This updated DH IEs are added in the subsequent (Re)Association Request
frame sent by the station when roaming. The DH IE from the roamed AP is
given to wpa_supplicant in the roam result event. wpa_supplicant shall
further process these DH IEs to generate the PMK for the 4-way
handshake.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-16 15:31:10 +03:00
Jouni Malinen
ae05b6a215 RSN: Do not allow connection to proceed without MFPC=1 if PMF required
PMF capability check is done as part of BSS selection routines, but
those are not used when going through the enforced roaming operation
("ROAM <BSSID>" control interface command). While that mechanism is
mainly for testing purposes, extend it to do the same check for PMF to
prevent cases where forced roaming could end up disabling PMF against
the local profile requirement.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-16 13:48:16 +03:00
Matthew Wang
dd0153fced Check for LEAP before doing FT
According to https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/80211r-ft/b-80211r-dg.html
Cisco does not support EAP-LEAP with Fast Transition. Here,
we check for LEAP before selecting FT 802.1X key management
suite.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2019-08-11 18:04:24 +03:00
Arend van Spriel
cb28bd52e1 nl80211: Use separate flag for 4-way handshake offload
Commit d896874f86 ("nl80211: Indicate 802.1X 4-way handshake offload
in connect") used the req_key_mgmt_offload flag to indicate to the
driver that it should offload the 802.1X handshake. However, this field
was existing and used for a different offload API. This causes
wpa_supplicant to send a connect request without the WANT_1X_HS flag and
the subsequent set-pmk is rejected causing the connection to fail. Fix
that by introducing a new flag req_handshake_offload so the offloads are
no longer entangled.

Fixes: d896874f86 ("nl80211: Indicate 802.1X 4-way handshake offload in connect")
Reported-by: Stefan Wahren <wahrenst@gmx.net>
Tested-by: Stefan Wahren <wahrenst@gmx.net>
Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
2019-08-01 15:52:48 +03:00
Eric Caruso
91b6eba773 Move MAC address randomization enable/disable to helper functions
This makes it easier to share this for D-Bus implementation.

Signed-off-by: Eric Caruso <ejcaruso@chromium.org>
2019-06-26 20:56:01 +03:00
Sven Eckelmann
3459c54ac7 mesh: Add support for HE mode
Mesh points can partially support HE features (when requiring no
controlling STA/AP) as long as hardware supports it. The kernel just
requires support for HE mesh and wpa_supplicant can forward the peer
capabilities to the kernel for further processing.

Signed-off-by: Sven Eckelmann <seckelmann@datto.com>
2019-06-23 18:03:51 +03:00
Sven Eckelmann
f74618cb92 wpa_supplicant: Fix type for ssid->mode comparisons
The ssid->mode is from type enum wpas_mode and all its constants start
with WPAS_MODE_*. Still some of the code sections used the
IEEE80211_MODE_* defines instead of WPAS_MODE_*.

This should have no impact on the actual code because the constants for
INFRA, IBSS, AP and MESH had the same values.

Signed-off-by: Sven Eckelmann <seckelmann@datto.com>
2019-06-23 18:03:51 +03:00
Ankita Bajaj
ef59f98729 WNM: Provide option to disable/enable BTM support in STA
Add support to disable/enable BTM support using configuration and
wpa_cli command. This is useful mainly for testing purposes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-14 23:10:51 +03:00
John Crispin
88005ee98d HE: Pass in HE information into hostapd_set_freq_params()
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:33:59 +03:00
John Crispin
464dcfd030 HE: Remove VHT_ prefix from CHANWITDH_* define
The bandwidth values are shared between VHT and HE mode so remove the
VHT specific prefix.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:27:49 +03:00
Jouni Malinen
9083ef1355 FT: Allow PMKSA caching to be enabled with FT-EAP
The new wpa_supplicant network profile configuration parameter
ft_eap_pmksa_caching=1 can be used to enable use of PMKSA caching with
FT-EAP for FT initial mobility domain association. This is still
disabled by default (i.e., maintaining previous behavior) to avoid
likely interoperability issues.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-28 16:01:45 +03:00
Jouni Malinen
4be17ffbd9 Replace int status/reason_code with u16 variable
These cases are for the IEEE 802.11 Status Code and Reason Code and
those fields are unsigned 16 bit values, so use the more appropriate
type consistently. This is mainly to document the uses and to make the
source code easier to understand.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-22 22:08:07 +03:00
Alex Khouderchah
cfde99a84b Add 802.11 reason code strings into wpa_supplicant messages
Logs involving IEEE 802.11 Reason Codes output the Reason Code value,
but do not provide any explanation of what the value means. This change
provides a terse explanation of each Reason Code using the latter part
of the reason code #define names.

Signed-off-by: Alex Khouderchah <akhouderchah@chromium.org>
2019-04-22 22:08:05 +03:00
Wiktor Drewniak
bce3d4f70e autoscan: Disable when we move above WPA_SCANNING state
In case of drivers that don't use wpa_supplicant as SME, autoscan
feature was never disabled.

Signed-off-by: Wiktor Drewniak <wiktor.drewniak@gmail.com>
2019-04-16 01:53:21 +03:00
Sergey Matyukevich
eb3234c07b SAE: Use open authentication to reassociate for PMKSA caching
For reassociation with the same AP wpa_supplicant attempts to use cached
PMKSA. For this purpose PMKID is passed in RSNE in (Re)Association
Request frame. In the case of SAE AP, open authentication shall be used
during reassociation. Otherwise cached PMKID becomes invalid after full
SAE authentication.

The previous implementation correctly handles SME-in-wpa_supplicant
cases. However SME-in-driver cases, complete SAE authentication is
performed. As a result, first reassociation attempt fails.

Fix SME-in-driver behavior by reseting authentication algorithm to
WPA_AUTH_ALG_OPEN when reassociating with SAE AP with an existing PMKSA
cache entry.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
2019-04-16 01:53:21 +03:00
Ilan Peer
0a42f1eded scan: Use normal scans after connection failure
In case of connection attempt failure, set 'normal_scans'
to zero, as otherwise it is possible that scheduled scan
would be used and not normal scan, which might delay the
next connection attempt.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2019-04-06 17:13:10 +03:00
Ilan Peer
0487967153 OWE: Fix a possible memory leak on error path
Properly handle the case where OWE IE is allocated, but
there is no space left to add it in the WPA IE buffer.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2019-04-06 17:02:13 +03:00
Ankita Bajaj
822c756e8c MBO: Update connect params with new MBO attributes to driver
MBO attributes Non-preferred channel list and Cellular capabilities are
updated using WNM-Notification Request frame to the current connected
BSS. These same attributes need to be added in the (Re)Association
Request frame sent by the station when roaming, including the case where
the driver/firmware takes care of SME/MLME operations during roaming, so
we need to update the MBO IE to the driver.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-05 20:56:03 +03:00
Jouni Malinen
9af1eea37a Prefer FT-SAE over FT-PSK if both are enabled
FT-SAE is considered stronger than FT-PSK, so prefer it over FT-PSK
similarly to how SAE is preferred over WPA-PSK.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-28 03:27:35 +02:00
Jouni Malinen
853bd19f22 Add more debug prints on suite selector selection
This makes it a bit easier to figure out why wpa_supplicant selects a
specific cipher/AKM for association.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-28 02:58:00 +02:00
Jouni Malinen
6d77014e71 Suite B: Prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192
If both of these AKMs are enabled in the wpa_supplicant network profile
and the target AP advertises support for both, prefer the FT version
over the non-FT version to allow FT to be used.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-28 01:57:10 +02:00
Jouni Malinen
76fd782abe SAE: Reorder SAE and FT-SAE AKM selection to prefer the FT option
If a network profile has both SAE and FT-SAE enabled, SAE was previously
picked (and used incorrectly as explained in the previous commit). This
is not ideal since use of FT protocol can speed up roaming within in
mobility domain. Reorder this checks so that FT-SAE is preferred over
SAE if both are enabled.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-26 22:50:17 +02:00
Jouni Malinen
87d8435cf9 DPP: Common configurator/bootstrapping data management
Merge the practically copy-pasted implementations in wpa_supplicant and
hostapd into a single shared implementation in dpp.c for managing
configurator and boostrapping information. This avoid unnecessary code
duplication and provides a convenient location for adding new global DPP
data.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-24 17:29:45 +02:00
Jouni Malinen
10ec6a5f38 DPP2: PFS for PTK derivation
Use Diffie-Hellman key exchange to derivate additional material for
PMK-to-PTK derivation to get PFS. The Diffie-Hellman Parameter element
(defined in OWE RFC 8110) is used in association frames to exchange the
DH public keys. For backwards compatibility, ignore missing
request/response DH parameter and fall back to no PFS in such cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-18 18:32:31 +02:00
Jouni Malinen
dd6c598007 DPP: Support DPP and SAE in the same network profile
Make both DPP and SAE code aware of the cases where the same network
profile is configured to enable both DPP and SAE. Prefer DPP over SAE in
such cases and start DPP/SAE exchanges based on what both the station
and the AP support.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-16 17:29:59 +02:00
Jouni Malinen
f5db775049 Remove pending connect and sme-connect radio works on disconnect
There was a race condition in a case where a new connection attempt was
scheduled as a pending radio work and that was followed by a DISCONNECT
command before the pending radio work is started. The pending radio work
would not have been deleted in that sequence and instead, it was
executed when the radio became available next. This could result in an
unexpected connection after an explicit request to disconnect.

Fix this by removing pending connect and sme-connect radio works on
disconnection request.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-15 13:03:31 +02:00
Jouni Malinen
c4fccfc7a5 UBSan: Avoid memcmp(ptr, NULL, 0)
Skip the memcmp() call if ssid_len == 0 and entry->ssid might be NULL to
avoid an UBSan warning.

wpa_supplicant.c:3956:9: runtime error: null pointer passed as argument 2, which is declared to never be null

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-25 19:48:49 +02:00
Lior David
2c129a1b71 Fix cipher suite selector default value in RSNE for DMG
According to IEEE Std 802.11-2016, 9.4.2.25 when fields of an RSNE are
not included, the default values are used. The cipher suite defaults
were hardcoded to CCMP in the previous implementation, but the default
is actually different for DMG: GCMP (per 9.4.2.25.2).

It is not possible to find out from the RSNE if the network is non-DMG
or DMG, so callers of wpa_parse_wpa_ie_rsn() need to handle this case
based on context, which can be different for each caller.

In order to fix this issue, add flags to the wpa_ie_data indicating
whether pairwise/group ciphers were included in the RSNE. Callers can
check these flags and fill in the appropriate ciphers. The
wpa_parse_wpa_ie_rsn() function still initializes the ciphers to CCMP by
default so existing callers will not break. This change also fixes some
callers which need to handle the DMG network case.

Signed-off-by: Lior David <liord@codeaurora.org>
2019-02-21 12:42:24 +02:00
Jouni Malinen
bbdb501460 Note HT overrides in debug log only if set
This makes the debug log cleaner by removing the mostly confusing prints
about HT override parameters if they are not actually used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-10 01:43:50 +02:00
Arend van Spriel
d896874f86 nl80211: Indicate 802.1X 4-way handshake offload in connect
Upon issuing a connect request we need to indicate that we want the
driver to offload the 802.1X 4-way handshake for us. Indicate it if
the driver capability supports the offload.

Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
2019-01-08 01:12:02 +02:00
Arend van Spriel
436ee2fd93 drivers: Add separate driver flags for 802.1X and PSK 4-way HS offloads
Allow drivers to indicate support for offloading 4-way handshake for
either IEEE 802.1X (WPA2-Enterprise; EAP) and/or WPA/WPA2-PSK
(WPA2-Personal) by splitting the WPA_DRIVER_FLAGS_4WAY_HANDSHAKE flag
into two separate flags.

Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
2019-01-08 01:12:02 +02:00
Ben Greear
cb828507f5 Use disable_ht/vht to constrain supported operating class information
If user has disabled HT or VHT, those related operating classes
should not be advertised as supported.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2019-01-08 00:19:07 +02:00
Peter Oh
e5a9b1e8a3 mesh: Implement use of VHT20 config in mesh mode
Mesh in VHT mode is supposed to be able to use any bandwidth that VHT
supports, but there was no way to set VHT20 although there are
parameters that are supposed to be used. This commit along then previous
commit for VHT_CHANWIDTH_USE_HT makes mesh configuration available to
use any bandwidth with combinations of existing parameters like shown
below.

VHT80:
  default
  do not set any parameters
VHT40:
  max_oper_chwidth = 0
VHT20:
  max_oper_chwidth = 0
  disable_ht40 = 1
HT40:
  disable_vht = 1
HT20:
  disable_ht40 = 1
disable HT:
  disable_ht = 1

Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
2019-01-06 23:49:40 +02:00
Peter Oh
806db174fd mesh: Add VHT_CHANWIDTH_USE_HT to max_oper_chwidth
Channel width in VHT mode refers HT capability when the width goes down
to below 80 MHz, hence add checking HT channel width to its max
operation channel width. So that mesh has capability to select bandwidth
below 80 MHz.

Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
2019-01-06 23:43:40 +02:00
Ben Greear
fd83a80815 wpa_supplicant: Allow disabling VHT SGI capability
This provides similar features to what was already available for HT
overrides. Probe Request frames look correct, and VHT capabilities shown
in debugfs look as expected.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2019-01-06 20:59:36 +02:00
Matthew Wang
2bbad1c7c9 dbus: Export roam time, roam complete, and session length
Add new Interface properties "RoamTime", "RoamComplete", and
"SessionLength". "RoamTime" carries the roam time of the most recent
roam in milliseconds. "RoamComplete" carries True or False corresponding
to the success status of the most recent roam. "SessionLength" carries
the number of milliseconds corresponding to how long the connection to
the last AP was before a roam or disconnect happened.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2019-01-03 00:20:34 +02:00