The previous implementation missed the case where EAPOL-Key frame may be
reported as having been received before the association event is
processed. This would have resulted in not using the RSNXE override for
EAPOL-Key msg 2/4 when the pending EAPOL-Key frame gets processed
immediately after processing the association event. Fix this by moving
the override case to be handled before that.
Fixes: 1325655397 ("SAE H2E: RSNXE override for testing purposes")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The netRole enum is more generic and can be extended to include new
roles (e.g., Configurator) more easily.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
"SET rsnxe_override_{assoc,eapol} <hexdump>" can now be used to override
RSNXE in (Re)Association Request frames and EAPOL-Key msg 2/4 for
testing purposes.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
check_sae_rejected_groups() returns 1, not -1, in case an enabled group
is rejected. The previous check for < 0 could not have ever triggered.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
"SET extra_sae_rejected_groups <groups>" can now be used to enable test
mode in which wpa_supplicant will report additional groups (configured
as space separated integers) when using SAE H2E.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
"SET ignore_sae_h2e_only 1" can now be used to configurate
wpa_supplicant to a test mode where it ignores AP's H2E-required
advertisement and try to connect with hunt-and-pecking loop instead.
This is used only for testing AP behavior with unexpected STA behavior.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This extends hostapd and wpa_supplicant DPP implementation to allow the
bootstrapping URI to be generated for and parsed from an NFC Tag with an
NFC URI Record. This is similar to the way the bootstrapping URI is used
with QR Code for unidirectional authentication.
The DPP_BOOTSTRAP_GEN command uses "type=nfc-uri" to request the URI to
be assigned for NFC URI Record. In practice, the URI is generated
identically to the QR Code case, but the internal entry maintains the
NFC-URI type.
A new command "DPP_NFC_URI <uri>" can now be used to parse the URI read
from an NFC Tag with the NFC URI Record. This is similar to the
DPP_QR_CODE command.
Other commands (mainly, DPP_LISTEN and DPP_AUTH_INIT) are used for NFC
URI in the same way as they are used for QR Code.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Allow any pointer to be used as source for encoding and use char * as
the return value from encoding and input value for decoding to reduce
number of type casts needed in the callers.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Previously ANQP fetch considered NAI realm query only when cred block
did not specify roaming_consortium to optimize ANQP operations (NAI
realm list can have a very long value). In certain cases, both NAI realm
and roaming_consortium are configured in credential block and this
resulted in ANQP fetch for NAI realm not being initiated. That could
result in not being able to select the highest priority available
credential/network.
Remove roaming_consortium check for NAI realm query inclusion in ANQP
request so that we will request NAI realm information whenever it can
result in matching additional networks. This makes the ANQP queries more
costly in some cases, but the additional information is needed for
correct behavior in network selection.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
wpas_dbus_handler_scan() constructs a set of 'params' each time, but it
doesn't acknowledge the existing randomization settings when doing so.
That means that any D-Bus initiated scans weren't going to follow the
configured settings.
Signed-off-by: Eric Caruso <ejcaruso@chromium.org>
Add D-Bus property:
* MACAddressRandomizationMask: a{say}
which configure random MAC address functionality in the Wi-Fi
driver via netlink.
Signed-off-by: Eric Caruso <ejcaruso@chromium.org>
This array can be freed either from the scan parameters or from
clearing the MAC address randomization parameters from the
wpa_supplicant struct. To make this ownership more clear, we have
each struct own its own copy of the parameters.
Signed-off-by: Eric Caruso <ejcaruso@chromium.org>
These parameter use hexdump values over the control interface, so
mention them in the DPP example documentation.
Signed-off-by: Jouni Malinen <j@w1.fi>
Export a new 'owe' capability to indicate that wpa_supplicant was
built with OWE support and accepts 'key_mgmt=OWE'. Also, support 'owe'
in the array of BSS' available key managements.
Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
When the P2P management interface is deleted, P2P is then disabled and
global->p2p_init_wpa_s is set to NULL. After that, other interfaces can
still trigger P2P functions (like wpas_p2p_find()) using D-Bus. This
makes wpa_supplicant terminate with SIGSEGV, because it dereferences a
NULL pointer. Fix this by adding proper checks, like it's done with
wpa_cli.
CC: Beniamino Galvani <bgalvani@redhat.com>
CC: Benjamin Berg <benjamin@sipsolutions.net>
Reported-by: Vladimir Benes <vbenes@redhat.com>
Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
Previously, an unexpected SAE commit message resulted in forcing
disconnection. While that allowed recovery by starting from scratch,
this is not really necessary. Ignore such unexpected SAE commit message
instead and allow SAE confirm message to be processed after this. This
is somewhat more robust way of handling the cases where SAE commit
message might be retransmitted either in STA->AP or AP->STA direction.
Signed-off-by: Jouni Malinen <j@w1.fi>
wpa_key_mgmt_wpa_psk() includes SAE AKMs. However, with SAE, there is no
way of reaching 4-way handshake without the password having already been
verified as part of SAE authentication. As such, a failure to complete
4-way handshake with SAE cannot indicate that the used password was
incorrect.
Signed-off-by: Jouni Malinen <j@w1.fi>
When using void pointers in calculations, the behavior is undefined.
Arithmetic operations on 'void *' is a GNU C extension,
which defines the 'sizeof(void)' to be 1.
This change improves portability of the code.
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.net>
wpa_s->dbus_groupobj_path is always NULL so suppress to show it.
This was found by gcc 9.2.1 warning.
dbus/dbus_new.c: In function ‘wpas_dbus_unregister_p2p_group’:
dbus/dbus_new.c:4793:3: warning: ‘%s’ directive argument is null [-Wformat-overflow=]
4793 | wpa_printf(MSG_DEBUG,
| ^~~~~~~~~~~~~~~~~~~~~
4794 | "%s: Group object '%s' already unregistered",
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
4795 | __func__, wpa_s->dbus_groupobj_path);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This is needed to be able to compare the received RSNXE to a protected
version in EAPOL-Key msg 2/4.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add the new RSNXE into (Re)Association Request frames and EAPOL-Key msg
2/4 when using SAE with hash-to-element mechanism enabled. This allows
the AP to verify that there was no downgrade attack when both PWE
derivation mechanisms are enabled.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is needed to allow the 6 GHz operating classes to be compared
against the driver support channels since the channel numbers are not
really unique identifiers of a channel even within a single band.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
If the AP advertises RSN Extension element, it has to be advertised
consistently in the unprotected (Beacon and Probe Response) and
protected (EAPOL-Key msg 3/4) frames. Verify that this is the case.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This parameter can be used to specify which PWE derivation mechanism(s)
is enabled. This commit is only introducing the new parameter; actual
use of it will be address in separate commits.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
There is no need for #ifdef/#else/#endif construction in
network_fields[] to cover "mode" (which is completely independent of
CONFIG_MESH) or two separate conditional blocks for mesh related network
fields, so move these into a single conditionally included block.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
As part of a connection request, set EDMG parameters for the driver to
use in the association. The EDMG parameters are based on EDMG IE
received from the AP's Probe Response frames, the driver's EDMG
capability, and the EDMG configuration from the configuration.
As part of starting an AP, set EDMG parameters for the driver to use for
AP operation. The EDMG parameters are based on the driver's EDMG
capability and the EDMG configuration from the configuration.
This implementation is limited to CB2 (channel bonding of 2 channels)
and the bonded channels must be adjacent, i.e., the supported values for
edmg_channel are 9..13.
Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
Add two new configuration parameters for wpa_supplicant:
enable_edmg: Enable EDMG capability for STA/AP mode
edmg_channel: Configure channel bonding. In AP mode it defines the EDMG
channel to start the AP on. In STA mode it defines the EDMG channel to
use for connection.
Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
After roaming to an AP, update disable_mbo_oce flag based on the current
BSS capabilities. This flag is used to check whether STA should support
MBO/OCE features and process BTM request received from the current
connected AP.
When a STA roams from a WPA2 MBO/OCE AP with PMF enabled to a
misbehaving WPA2 MBO/OCE AP without PMF, or if the driver chooses a BSS
in which PMF is not enabled for the initial connection, BTM requests
from such APs should not be processed by STA.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Process all received DPP Configuration Object attributes from
Configuration Result in Enrollee STA case. If wpa_supplicant is
configured to add networks automatically, this results in one network
being added for each included Configuration Object.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
SAE password configuration for AP mode requires additional steps
compared to PSK cases. Previous implementation allowed SAE to be
configured, but all authentication attempts would fail due to no
password being available. Now both psk and sae_password/sae_password_id
parameters are translated properly to the hostapd configuration
structures to fix this.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
On NetBSD the ethernet header is net/if_ether.h
This also pulls in net/if.h which defines if_type, which in turn
conflicts with an enum in wpa_supplicant. As such we need to
include this at the bottom rather than at the top.
Signed-off-by: Roy Marples <roy@marples.name>
The MBO and OCE specification require the station to mandate use of PMF
when connecting to an MBO/OCE AP that uses WPA2. The earlier
implementation prevented such misbehaving APs from being selected for
connection completely. This looks like the safest approach to take, but
unfortunately, there are deployed APs that are not compliant with the
MBO/OCE requirements and this strict interpretation of the station
requirements results in interoperability issues by preventing the
association completely.
Relax the approach by allowing noncompliant MBO/OCE APs to be selected
for RSN connection without PMF to avoid the main impact of this
interoperability issue. However, disable MBO/OCE functionality when PMF
cannot be negotiated to try to be as compliant as practical with the
MBO/OCE tech spec requirements (i.e., stop being an MBO/OCE STA for the
duration of such workaround association). Also disable support for BTM
in this workaround state since MBO would expect all BTM frames to be
protected.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The new hostapd and wpa_supplicant configuration parameters dpp_name and
dpp_mud_url can now be used to set a specific name and MUD URL for the
Enrollee to use in the Configuration Request. dpp_name replaces the
previously hardcoded "Test" string (which is still the default if an
explicit configuration entry is not included). dpp_mud_url can
optionally be used to add a MUD URL to describe the Enrollee device.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
A new argument to the DPP_AUTH_INIT command (conn_status=1) can now be
used to set Configurator to request a station Enrollee to report
connection result after a successfully completed provisioning step. If
the peer supports this, the DPP-CONF-SENT event indicates this with a
new argument (wait_conn_status=1) and the Configurator remains waiting
for the connection result for up to 16 seconds.
Once the Enrollee reports the result, a new DPP-CONN-STATUS-RESULT event
is generated with arguments result, ssid, and channel_list indicating
what the Enrollee reported. result=0 means success while non-zero codes
are for various error cases as specified in the DPP tech spec. If no
report is received from the Enrollee, the event with "timeout" argument
is generated locally.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>