Commit graph

387 commits

Author SHA1 Message Date
Jouni Malinen
4a6cc86272 Add data test functionality
It is now possible to run hwsim_test like data connectivity test through
wpa_supplicant/hostapd control interface if CONFIG_TESTING_OPTIONS=y is
used for the build. Test functionality is enabled/disabled at runtime
with "DATA_TEST_CONFIG <1/0>". The "DATA_TEST_TX <dst> <src> <tos>"
command can be used to request a test frame to be transmitted.
"DATA-TEST-RX <dst> <src>" event is generated when the test frame is
received.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-19 20:51:45 +03:00
Jouni Malinen
bc26ac50dd SAE: Add support for PMKSA caching on the station side
This makes wpa_supplicant SME create PMKSA cache entries from SAE
authentication and try to use PMKSA caching if an entry is found for the
AP. If the AP rejects the attempt, fall back to SAE authentication is
used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-18 13:02:02 +03:00
Justin Shen
3f7ac05878 WPS: Extend startWhen to 2 if peer AP supports WPS 2.0
Increase EAPOL startWhen to 2 for the case where the AP/GO has
advertised it supports WPS 2.0. This is done to make it less likely for
the EAPOL-Start frame to be sent out since that is only required for WPS
1.0. Not sending it can remove one unnecessary round trip from the EAP
exchange when the AP is going to start with EAP-Request/Identity
immediately based on the Association Request frame.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-13 12:24:17 +03:00
Jouni Malinen
cd3153a983 Fix build without IEEE8021X_EAPOL
The MACsec addition placed one of the calls outside the #ifdef
IEEE802X_EAPOL block while the variable needed for this was defined only
within the block.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-12 16:56:23 +03:00
Jouni Malinen
07e2de3193 wpa_supplicant: Allow OpenSSL cipherlist string to be configured
The new openssl_cipher configuration parameter can be used to select
which TLS cipher suites are enabled for TLS-based EAP methods when
OpenSSL is used as the TLS library. This parameter can be used both as a
global parameter to set the default for all network blocks and as a
network block parameter to override the default for each network
profile.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-12 11:55:13 +03:00
Jouni Malinen
6cbdb0c537 Set WoWLAN triggers only if driver capabilities are known
Previously, wpas_set_wowlan_triggers() could have been called in
uninitialized wpa_driver_capa data if the driver interface did not
support reporting of capabilities. While this would not really happen
with a driver wrapper that implements set_wowlan() and as such, would
not cause any difference in practice, it is better to clean this up to
make the code path easier to understand for static analyzers.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-11 12:38:35 +03:00
Jouni Malinen
c155305fd3 Complete sme-connect radio work when clearing connection state
It was possible for local deauthentication request to leave sme-connect
radio work running even when there was no ongoing effort to complete the
connection anymore. Clean this up by marking sme-connect radio work
item, if any, done when clearing connection state after such
disconnection during connection.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-10 01:33:58 +03:00
Janusz Dziedzic
dc152f32b4 wpa_supplicant: Enable HT for IBSS
Enable HT20 for IBSS when HT is supported by the driver.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2014-10-04 18:54:22 +03:00
Janusz Dziedzic
4ec68377ef wpa_supplicant: Use hostapd_freq_params in assoc_params
Use hostapd_freq_params instead of simple frequency parameter for driver
commands. This is preparation for IBSS configuration to allow use of
HT/VHT in IBSS.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2014-10-04 18:43:42 +03:00
Jouni Malinen
f1a613118e P2P: Use only the -m config for P2P management device
Previously, the case of non-netdev P2P management device ended up
pulling in both the main interface (e.g., wlan0) and P2P Device
interface (from command line -m argument) as configuration. Similarly,
the main interface ended up included both configuration files. This is
not really helpful for various use cases, e.g., when permanent P2P group
information is stored in the P2P Devince interface, but it gets
duplicated in the main station interface configuration.

Clean this up by changing the -m<file> argument to replace, not
concatenate, configuration information. In other words, the main station
interface will not read this configuration and the P2P Device interface
(non-netdev) does not read parameters from the station interface
configuration file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-03 22:50:21 +03:00
Jouni Malinen
a313d17de9 Extend random MAC address support to allow OUI to be kept
mac_addr=2 and preassoc_mac_addr=2 parameters can now be used to
configure random MAC address to be generated by maintaining the OUI part
of the permanent MAC address (but with locally administered bit set to
1). Other than that, these values result in similar behavior with
mac_addr=1 and preassoc_mac_addr=1, respectively.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-09-30 00:40:23 +03:00
Jouni Malinen
c267753ba2 Add support for using random local MAC address
This adds experimental support for wpa_supplicant to assign random local
MAC addresses for both pre-association cases (scan, GAS/ANQP) and for
connections. MAC address policy for each part can be controlled
separately and the connection part can be set per network block.

This requires support from the driver to allow local MAC address to be
changed if random address policy is enabled. It should also be noted
that number of drivers would not support concurrent operations (e.g.,
P2P and station association) with random addresses in use for one or
both.

This functionality can be controlled with the global configuration
parameters mac_addr and preassoc_mac_addr which set the default MAC
address policies for connections and pre-association operations (scan
and GAS/ANQP while not connected). The global rand_addr_lifetime
parameter can be used to set the lifetime of a random MAC address in
seconds (default: 60 seconds). This is used to avoid unnecessarily
frequent MAC address changes since those are likely to result in driver
clearing most of its state. It should be noted that the random MAC
address does not expire during an ESS connection, i.e., this lifetime is
only for the case where the device is disconnected.

The mac_addr parameter can also be set in the network blocks to define
different behavior per network. For example, the global mac_addr=1 and
preassoc_mac_addr=1 settings and mac_addr=0 in a home network profile
would result in behavior where all scanning is performed using a random
MAC address while connections to new networks (e.g.,
Interworking/Hotspot 2.0) would use random address and connections to
the home network would use the permanent MAC address.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-09-27 20:07:19 +03:00
Jouni Malinen
b08d5fa793 WPS: Set EAPOL workarounds dynamically based on association
Previously, the shorter startWhen value was used based on build
parameters (i.e., if WPS was enabled). This is not really ideal and the
knowledge of WPS use can be provided to the EAPOL state machine to allow
this (and similar WPS workarounds) to be done only when the association
is for the purpose of WPS.

Reduce the default startWhen value from 3 to 2 seconds for non-WPS case
since WPS builds have likely received most testing for the past years
with the 1 second value and there is no strong justification for forcing
the longer 3 second wait should a frame be lost or something else
require the EAPOL-Start to initiate operation after a connection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-08 17:16:04 +03:00
Jouni Malinen
86bd36f0d5 Add generic mechanism for adding vendor elements into frames
This adds following new control interface commands to allow arbitrary
vendor elements to be added into number of frames:

VENDOR_ELEM_ADD <frame id> <hexdump of elem(s)>
VENDOR_ELEM_GET <frame id>
VENDOR_ELEM_REMOVE <frame id> <hexdump of elem(s)>
VENDOR_ELEM_REMOVE <frame id> *

The following frames are supported in this commit (additional frames can
be added in the future):

0 = Probe Request frame in P2P device discovery
1 = Probe Response frame from P2P Device role
2 = Probe Response frame from P2P GO
3 = Beacon frame from P2P GO
4 = PD Req
5 = PD Resp
6 = GO Neg Req
7 = GO Neg Resp
8 = GO Neg Conf
9 = Invitation Request
10 = Invitation Response
11 = P2P Association Request
12 = P2P Association Response

One or more vendor element can be added/removed with the commands. The
hexdump of the element(s) needs to contain the full element (id, len,
payload) and the buffer needs to pass IE parsing requirements to be
accepted.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-07-07 12:25:09 +03:00
Jouni Malinen
5bc285716e Fix some sparse warnings about u16 vs. le16
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-07-02 13:34:34 +03:00
Jouni Malinen
a520bf4aeb Mark function static
This function is not used outside this file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-07-02 13:08:46 +03:00
Jouni Malinen
19c48da06b Clear wpa_supplicant configuration keys explicitly
Use an explicit memset call to clear any wpa_supplicant configuration
parameter that contains private information like keys or identity. This
brings in an additional layer of protection by reducing the length of
time this type of private data is kept in memory.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
745ef18478 HS 2.0: Verify assoc_req_ie buffer size for indication elements
While the buffer is expected to be large enough for all the IEs, it is
better to check for this explicitly when adding the HS 2.0 Indication
element. (CID 68601)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
bd10d93891 P2P: Clean up by moving ifdef CONFIG_P2P to p2p_suppplicant.h
This removes number of unnecessary #ifdef CONFIG_P2P blocks from generic
code by hiding the conditional build into p2p_supplicant.h with empty
inline functions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-15 19:31:53 +03:00
Ilan Peer
e3bd6e9dc0 P2P: Use another interface operating channel as listen channel
Performing a P2P Device flow such as p2p_listen or
p2p_find, can degrade the performance of an active interface
connection, if the listen frequency is different than the
frequency used by that interface.

To reduce the effect of P2P Device flows on other interfaces,
try changing the listen channel of the P2P Device to match the
operating channel of one of the other active interfaces. This change
will be possible only in case that the listen channel is not forced
externally, and will be delayed to a point where the P2P Device
state machine is idle.

The optimization can be configured in the configuration file and
is disabled by default.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-06-15 00:46:11 +03:00
Avraham Stern
0a816e8cbf P2P: Remove duplicated code from get_shared_radio_freqs_data()
Remove the seperation between getting the local interface frequency and
other interfaces frequencies since going over all the radio interfaces
includes the local interface.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2014-06-15 00:21:41 +03:00
Jouni Malinen
504df28a1d Remove unused dump_freq_array()
This function is not used anymore.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-15 00:21:41 +03:00
Ilan Peer
a0c90bb073 P2P: Collect and use extended data on used frequencies
When the number of frequencies supported by the kernel is bigger than
one, and there is a need to pick a frequency for a new flow such as P2P
GO Negotiation or P2P Invitation, the flow should be able to pick the
best frequency among all the frequencies currently used by the device.

In order to prioritize between the currently used frequencies, add
the ability to collect additional data about each used frequency
(if the frequency is used by a station interface or P2P Client)
and when needed select the best frequency, where:

1. Infrastructure interfaces have highest priority
2. P2P Client interfaces have higher priority over AP/GO
   interfaces.

The rational is that the frequency of an AP/GO can change while
that of a station interface cannot.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-06-15 00:21:40 +03:00
Avraham Stern
b278f323ed P2P: Remove unused code from get_shared_radio_freqs_data()
Remove the check for get_radio_name support from
get_shared_radio_freqs_data() since get_radio_name is no longer in use
in this function.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2014-06-15 00:21:40 +03:00
Jouni Malinen
137ff332fd HS 2.0R2: Fix OSEN IE parsing for in cipher setup (CID 68132)
The OSEN code path hardcodes number of struct wpa_ie_data items.
However, it did not clear the full structure and some uninitialized
fields could have been used (e.g., ie.mgmt_group_cipher for a debug
print and ie.capabilities for checking MFPC). Fix this by clearing the
ie data before filling in the hardcoded OSEN values.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:36:42 +03:00
Jouni Malinen
0bbaa9b93f Validate driver extended capabilities length against buffer length
Prepare for new extended capabilities bits by checking that the local
buffer is large enough to contain all the bits the driver requests. The
existing buffers are large enough to include anything defined until now,
but it would be possible to add more definitions in the future, so
increase them a bit as well to make this more future proof.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-07 16:35:30 +03:00
Dmitry Shmidt
b19c098e75 Send authentication failure reason in wpas_auth_failed()
"WRONG_KEY"   - possibly wrong psk
"AUTH_FAILED" - authentication failure
"CONN_FAILED" - continiuos connection failure

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-05-16 18:08:39 +03:00
Eduardo Abinader
5516ed32c5 WPS: Deinit before wpas_p2p_disconnect()
When there is a pending WPS negotiation for P2P and signal interrupt is
triggered, invalid read occurs in wpas_wps_terminate_pending() if
wpas_p2p_disconnect() removed the interface. Inverting deinit order
solves the issue.

Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
2014-05-16 01:03:44 +03:00
Alexandru Costache
fb2ac53df1 Remove leftover timeouts on cleanup
Signed-off-by: Alexandru Costache <alexandru.costache.100@gmail.com>
2014-05-12 19:43:59 +03:00
Hu Wang
dd10abccc8 MACsec: wpa_supplicant integration
Add MACsec to the wpa_supplicant build system and configuration file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:42:44 +03:00
Eliad Peller
e4fa8b120b wpa_supplicant: Add Wake-on-WLAN configuration support
Add a new wowlan_triggers option to wpa_supplicant.conf. The triggers in
this key will be used to configure the kernel wowlan configuration.

For now, support only simple flags. More complex triggers can be added
later on.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2014-04-29 18:59:12 +03:00
Ilan Peer
d0df643735 wpa_supplicant: Call frequency conflict handling during auth
Previously, the frequency conflict was handled only during the
association flow. However, some drivers, e.g., mac80211 based
drivers, will fail an authentication request in case that there
are no available channels for use (as they might be used by
other interfaces), and thus the frequency conflict resolution
is never called.

Fix this by calling frequency conflict resolution during
authentication (SME-in-wpa_supplicant) as well.

In addition, get the shared radio frequency from the wpa_s context in
both the SME-in-driver and SME-in-wpa_supplicant cases and not from the
driver.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-04-24 12:15:32 +03:00
Luciano Coelho
0cf24fdaed scan: Reset normal scan counter when a connection succeeds
The normal scan counter is used to trigger a few normal scans before a
scheduled scan is issued. The reason for doing this is that we get
results faster and some drivers support more SSIDs per normal scan
than during sched scan. After 2 normal scans, we start using
sched_scan. But the problem is that when a connection succeeds, we do
not reset this counter, so we will keep using sched scans.

To fix this, now we reset the counter when we switch to WPA_COMPLETED
state.

Signed-off-by: Luciano Coelho <luciano.coelho@intel.com>
2014-04-24 12:15:32 +03:00
Jouni Malinen
d41cc8ccf6 Allow HT 40 MHz intolerant flag to be set for association
This extends HT overrides to allow HT 40 MHz intolerant flag to be set
with ht40_intolerant=1.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-17 17:11:17 +03:00
Jouni Malinen
e83e15ee77 P2P: Fix interface remove to terminate all P2P groups
Previously, it was possible to remove the main interface and leave
behind dynamic P2P group interfaces. This would eventually result in
references freed memory, so it is not really suitable behavior. Instesd,
remove all the dynamic P2P group interfaces that were created through an
interface that is now removed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-15 00:20:17 +03:00
Jouni Malinen
759ff2f075 Re-enable use of wildcard SSID with passphrase
This used to work, but it looks like the disabled-PSK-network check
ended up rejecting confiurations that configured a wildcard SSID with a
passphrase (instead of PSK).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-13 10:26:53 +03:00
Pawel Kulakowski
39a5800f7c wpa_supplicant: Allow disabling LDPC
Allows user to disable LDPC coding.
This possibility is useful for testing purpose.

Signed-off-by: Pawel Kulakowski <pawel.kulakowski@tieto.com>
2014-04-01 11:20:48 +03:00
Eliad Peller
4f560cdee3 wpa_supplicant: Override HT A-MPDU size if VHT A-MPDU was overridden
According to the standard, if the max A-MPDU VHT cap is <= 3, we
have to adjust the max A-MPDU HT cap to the same value. Otherwise
it should be set to 3.

Take care of it when the max VHT A-MPDU value is overridden.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2014-03-27 16:45:21 +02:00
Dmitry Shmidt
d3c9c35f32 Add freq= parameter to 'set pno' command
This allows channels-to-be-scanned to be specified for PNO similarly to
the scan command.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-03-21 23:56:46 +02:00
Andrei Otcheretianski
c46235aaf0 wpa_supplicant: Fix radio_remove_interface
Remove pending radio works when an interface is removed from a radio.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2014-03-21 22:21:37 +02:00
Prameela Rani Garnepudi
95bf699f76 Add get_radio_name() driver wrapper for wpa_supplicant
Signed-off-by: Prameela Rani Garnepudi <prameela.g@samsung.com>
2014-03-21 22:20:38 +02:00
Jouni Malinen
8dd9f9cdde Allow management group cipher to be configured
This allows hostapd to set a different management group cipher than the
previously hardcoded default BIP (AES-128-CMAC). The new configuration
file parameter group_mgmt_cipher can be set to BIP-GMAC-128,
BIP-GMAC-256, or BIP-CMAC-256 to select one of the ciphers defined in
IEEE Std 802.11ac-2013.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-14 21:58:45 +02:00
Paul Stewart
6aa1cd4e06 wpa_supplicant: Apply VHT_OVERRIDES to wpas_start_assoc_cb()
A previous patch "Support VHT capability overrides" missed one
place where HT overrides were being applied and where it would
also be useful to apply VHT overrides.

Signed-hostap: Paul Stewart <pstew@chromium.org>
2014-03-14 21:50:58 +02:00
Ben Greear
5d0d72a3e5 wpa_supplicant: Put upper bound on initial scan time delay
This makes stations associate much faster when using lots of stations.
In addition, this avoids delaying the initial scan continuously for
dynamic interface removal/addition cases.

Signed-hostap: Ben Greear <greearb@candelatech.com>
2014-03-11 19:23:17 +02:00
Ilan Peer
c16a7590cf wpa_supplicant: Add a configuration file for the P2P_DEVICE parameters
Add an option to specify a configuration file that can be used to hold
the P2P_DEVICE configuration parameters. If this option is not used, the
P2P_DEVICE configuration parameters will be read from interface
configuration file.

Note that it is advised to use this option in some cases such as:

If a P2P_DEVICE is supported by the driver, the wpa_supplicant creates a
dedicated P2P Device interface, where the configuration file used for
the main interface is used. As a consequence, if the configuration file
includes network definition etc., the wpa_supplicant will try to perform
station specific flows on the P2P Device interface which will fail.

If a P2P_DEVICE is supported by the driver and update_config is used,
the P2P Device configuration data will override the main interface
configuration data.

Signed-hostap: Ilan Peer <ilan.peer@intel.com>
2014-03-07 00:11:04 +02:00
Jouni Malinen
8f05577d11 Configure beacon interval for IBSS command
wpa_supplicant already allowed beacon interval to be configured for AP
mode operations, but this was not passed to the driver for IBSS even
though the same parameter can used for that case. Add this for the
nl80211 driver interface to allow beacon interval to be controlled for
IBSS as well.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-06 23:09:20 +02:00
Eliad Peller
3a94adbf42 P2P: Do not start scan for P2P Device interfaces at driver init
wpa_supplicant started delayed sched scan also on P2P Device interfaces,
resulting in erroneous scans and connection attempts. Skip that on
driver init when the interface is dedicated only for P2P management
purposes.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2014-03-04 22:34:00 +02:00
David Spinadel
aa10983004 P2P: Do not initialize bgscan on P2P interfaces
As a P2P group has a unique SSID and one security domain, it does
not make sense to enable background scanning for roaming purposes.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2014-03-04 22:32:24 +02:00
David Spinadel
268043d55f bgscan: Do not initialize bgscan if disabled by user
Do not initialize bgscan if the user explicitly set bgscan to an empty
string. Without this patch wpa_supplicant tries to initialize bgscan to
the first option if the string is empty.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2014-03-04 22:26:19 +02:00
Jouni Malinen
8a77f1be86 HS 2.0R2: Slow down connection attempts on EAP failures
This is needed to limit the number of consecutive authentication
attempts to no more than 10 within a 10-minute interval to avoid
unnecessary load on the authentication server. In addition, use a random
component in the delay to avoid multiple stations hitting the same
timing in case of simultaneous disconnection from the network.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00