Commit graph

4679 commits

Author SHA1 Message Date
michael-dev
b678ed1efc macsec: Make pre-shared CKN variable length
IEEE Std 802.1X-2010, 9.3.1 defines following restrictions for CKN:

"MKA places no restriction on the format of the CKN, save that it comprise
an integral number of octets, between 1 and 32 (inclusive), and that all
potential members of the CA use the same CKN. No further constraints are
placed on the CKNs used with PSKs, ..."

Hence do not require a 32 octet long CKN but instead allow a shorter CKN
to be configured.

This fixes interoperability with some Aruba switches, that do not accept
a 32 octet long CKN (only support shorter ones).

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2018-12-25 17:29:15 +02:00
Jouni Malinen
93701b4afe tests: Allow TX/RX data test to use different frame length
This is needed for MACsec test cases with a bit shorter MTU.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-24 23:56:25 +02:00
Jouni Malinen
e422a819d0 Check snprintf result to avoid compiler warnings
These do not really get truncated in practice, but it looks like some
newer compilers warn about the prints, so silence those by checking the
result and do something a bit more useful if the output would actually
get truncated.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-24 11:09:22 +02:00
Damodaran, Rohit (Contractor)
ee98dd631a Readme for DPP
Addi a readme file for users for on-boarding devices with Device
Provisioning Protocol (DPP).

Signed-off-by: Rohit Damodaran <Rohit_Damodaran@comcast.com>
2018-12-23 17:25:11 +02:00
Andrej Shadura
c3f23ad6c7 dbus: Expose connected stations on D-Bus
Make it possible to list connected stations in AP mode over D-Bus, along
with some of their properties: rx/tx packets, bytes, capabilities, etc.

Signed-off-by: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>

Rebased by Julian Andres Klode <juliank@ubuntu.com> and updated to use
the new getter API.

Further modified by Andrej Shadura to not error out when not in AP mode
and to send separate StationAdded/StationRemoved signals instead of
changing signatures of existing StaAuthorized/StaDeauthorized signals.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
2018-12-23 17:25:11 +02:00
Andrej Shadura
f5f4c11aa1 dbus: Use dbus_bool_t, not int for boolean function arguments
Properties argument specifies whether to add object's properties
or not, hence it doesn't need to be int.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
2018-12-23 17:25:11 +02:00
Sergey Matyukevich
cdeea70f59 wpa_supplicant: Allow overriding HT STBC capabilities
Allow user to override STBC configuration for Rx and Tx spatial streams.
Add new configuration options to test for HT capability overrides.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
2018-12-23 17:25:11 +02:00
Jouni Malinen
0fb292c08e Add SAE to GET_CAPABILITY key_mgmt
Provide information about SAE AKM support in "GET_CAPABILITY key_mgmt"
for completeness. The "GET_CAPABILITY auth_alg" case is already
providing information about SAE support through user space SME.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-21 21:49:02 +02:00
Prasad, Jagadeesh (Contractor)
d2b5138116 DPP: Add self configuration command in hostapd_cli and wpa_cli
The back-end support for DPP self configuration was already present in
hostapd and wpa_supplicant. However, the command to invoke DPP self
configuration was not available in hostapd_cli and wpa_cli. Add the
command "dpp_configurator_sign" in them.

Signed-off-by: Prasad, Jagadeesh <Jagadeesh_Prasad@comcast.com>
2018-12-21 12:02:57 +02:00
Jouni Malinen
53d5de6f1d DPP: Accept DPP_CONFIGURATION_SIGN without double space before parameters
Make this command more convenient to use by not requiring two space
characters between the command and the first parameter.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-21 12:02:57 +02:00
Jouni Malinen
2a93ecc8ca Expose Multi-BSS STA capability through wpa_supplicant control interface
Indicate whether the driver advertises support for Multi-BSS STA
functionality with "GET_CAPABILITY multibss" (returns "MULTIBSS-STA" if
supported).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-20 21:30:43 +02:00
Venkateswara Naralasetty
5abc7823bd wpa_supplicant: Add Multi-AP backhaul STA support
Advertise vendor specific Multi-AP IE in (Re)Association Request frames
and process Multi-AP IE from (Re)Association Response frames if the user
enables Multi-AP fuctionality. If the (Re)Association Response frame
does not contain the Multi-AP IE, disassociate.

This adds a new configuration parameter 'multi_ap_backhaul_sta' to
enable/disable Multi-AP functionality.

Enable 4-address mode after association (if the Association Response
frame contains the Multi-AP IE). Also enable the bridge in that case.
This is necessary because wpa_supplicant only enables the bridge in
wpa_drv_if_add(), which only gets called when an interface is added
through the control interface, not when it is configured from the
command line.

Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org>
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2018-12-20 12:10:31 +02:00
Mathy Vanhoef
fa97981265 OCV: Include and verify OCI in WNM-Sleep Exit frames
Include and verify the OCI element in WNM-Sleep Exit Request and
Response frames. In case verification fails, the frame is silently
ignored.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 15:50:12 +02:00
Mathy Vanhoef
034388ac9c OCV: Include and verify OCI in the AMPE handshake
Include and verify the OCI element in AMPE Open and Confirm frames. Note
that the OCI element is included even if the other STA didn't advertise
support of OCV. The OCI element is only required and verified if both
peers support OCV.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 15:50:12 +02:00
Mathy Vanhoef
716ed96e8d OCV: Pass ocv parameter to mesh configuration
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 15:50:12 +02:00
Mathy Vanhoef
5c7d35ba07 Add UNPROT_DEAUTH command for testing OCV
This new wpa_supplicant control interface command can be used to
simplify testing SA Query with OCV.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 15:50:12 +02:00
Mathy Vanhoef
f91e68e903 OCV: Perform an SA Query after a channel switch
After the network changed to a new channel, perform an SA Query with the
AP after a random delay if OCV was negotiated for the association. This
is used to confirm that we are still operating on the real operating
channel of the network. This commit is adding only the station side
functionality for this, i.e., the AP behavior is not changed to
disconnect stations with OCV that do not go through SA Query.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 15:50:12 +02:00
Mathy Vanhoef
f9da7505bf OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.

On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.

Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.

As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 15:42:23 +02:00
Mathy Vanhoef
6ab73efa72 OCV: Add utility functions to insert OCI elements
This commit adds utility functions to insert various encoding of the OCI
element.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 00:02:14 +02:00
Mathy Vanhoef
55c12f5d37 OCV: Advertise OCV capability in RSN capabilities (STA)
Set the OCV bit in RSN capabilities (RSNE) based on station mode
configuration.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 20:49:27 +02:00
Mathy Vanhoef
875ab60d73 OCV: Advertise OCV capability in RSN capabilities (AP)
Set the OCV bit in RSN capabilities (RSNE) based on AP mode
configuration. Do the same for OSEN since it follows the RSNE field
definitions.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 20:48:48 +02:00
Mathy Vanhoef
ce6829c284 OCV: Add wpa_supplicant config parameter
Add wpa_supplicant network profile parameter ocv to disable or enable
Operating Channel Verification (OCV) support.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 20:31:21 +02:00
Mathy Vanhoef
138205d600 OCV: Add build configuration for channel validation support
Add compilation flags for Operating Channel Verification (OCV) support.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 20:31:21 +02:00
Mathy Vanhoef
ad20a1367f Store the VHT Operation element of an associated STA
APs and mesh peers use the VHT Operation element to advertise certain
channel properties (e.g., the bandwidth of the channel). Save this
information element so we can later access this information.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 18:35:30 +02:00
Mathy Vanhoef
4b62b52e5e Make channel_info available to the supplicant state machine
This adds the necessary functions and callbacks to make the channel_info
driver API available to the supplicant state machine that implements the
4-way and group key handshake. This is needed for OCV.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 18:35:30 +02:00
Mathy Vanhoef
7f00dc6e15 Add driver API to get current channel parameters
This adds driver API functions to get the current operating channel
parameters. This encompasses the center frequency, channel bandwidth,
frequency segment 1 index (for 80+80 channels), and so on.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 18:35:30 +02:00
Jouni Malinen
fb2dc898d6 WMM AC: Fix a typo in a comment
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-08 16:50:42 +02:00
Jouni Malinen
22d8bb04d9 WMM AC: Do not write ERROR level log entries when WMM AC is not in use
These two wpa_printf() calls with MSG_ERROR level could be reached when
connecting without (Re)Association Response frame elements being
available. That would be the case for wired connections and IBSS. Those
cases are not supposed to use WMM AC in the first place, so do not
confuse logs with ERROR messages in them for normal conditions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-08 16:48:33 +02:00
Jouni Malinen
06c00e6d93 OWE: Fix OWE network profile saving
key_mgmt=OWE did not have a config parameter writer and wpa_supplicant
was unable to save such a network profile correctly. Fix this by adding
the needed parameter writer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-08 16:27:26 +02:00
Damodaran, Rohit (Contractor)
ad6a92472d DPP: Support DPP key_mgmt saving to wpa_supplicant configuration
In the existing code, there was no "DPP" string available to the DPP key
management type for configuration parser of wpa supplicant. When the
configuration is saved, the key management string was left out from the
config file. Fix this by adding support for writing key_mgmt=DPP option.

Signed-off-by: Rohit Damodaran <Rohit_Damodaran@comcast.com>
2018-12-08 16:17:48 +02:00
Jouni Malinen
3ce48c440e HS 2.0: Fix PMF-in-use check for ANQP Venue URL processing
The previous implementation did not check that we are associated with
the sender of the GAS response before checking for PMF status. This
could have accepted Venue URL when not in associated state. Fix this by
explicitly checking for association with the responder first.

This fixes an issue that was detected, e.g., with these hwsim test case
sequences:
gas_anqp_venue_url_pmf gas_anqp_venue_url
gas_prot_vs_not_prot gas_anqp_venue_url

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-08 14:06:58 +02:00
Jouni Malinen
f44d760cf0 HS 2.0: Enable PMF automatically for Hotspot 2.0 network profiles
Hotspot 2.0 Release 2 requires PMF to be negotiated, so enable this by
default in the network profiles created from cred blocks.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-08 14:06:58 +02:00
Jouni Malinen
9ce2015a97 HS 2.0: Allocate enough buffer for HS 2.0 Indication element for scan
The HS 2.0 Indication element can be up to 9 octets in length, so add
two more octets to the minimum extra_ie buffer size for scanning.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-08 14:06:58 +02:00
Jouni Malinen
ec2cf403b8 HS 2.0: As a STA, do not indicate release number greater than the AP
Hotspot 2.0 tech spec mandates mobile device to not indicate a release
number that is greater than the release number advertised by the AP. Add
this constraint to the HS 2.0 Indication element when adding this into
(Re)Association Request frame. The element in the Probe Request frame
continues to show the station's latest supported release number.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-08 14:06:58 +02:00
Jouni Malinen
f2973fa39d FT: Fix CONFIG_IEEE80211X=y build without CONFIG_FILS=y
remove_ie() was defined within an ifdef CONFIG_FILS block while it is
now needed even without CONFIG_FILS=y. Remove the CONFIG_FILS condition
there.

Fixes 8c41734e5d ("FT: Fix Reassociation Request IEs during FT protocol")
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-03 12:00:26 +02:00
Jouni Malinen
c2c6c01bb8 Update version to v2.7 and copyright years to include 2018
Also add the ChangeLog entries for both hostapd and wpa_supplicant to
describe main changes between v2.6 and v2.7.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-02 21:34:59 +02:00
Jouni Malinen
55570efe35 Uncomment CONFIG_LIBNL32=y in defconfig
libnl 3.2 release is much more likely to be used nowadays than the
versions using the older API, so uncomment this in wpa_supplicant and
hostapd defconfig.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-02 21:34:59 +02:00
Ashok Kumar
698c9e2021 OWE: Try another group only on association rejection with status 77
Do not change the OWE group if association is rejected for any other
reason than WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED to avoid
unnecessary latency in cases where the APs reject association, e.g., for
load balancing reasons.

Signed-off-by: Ashok Kumar <aponnaia@codeaurora.org>
2018-12-02 20:42:09 +02:00
Jouni Malinen
117f586b05 DPP: Remove unused wpas_dpp_remain_on_channel_cb()
This function was apparently never used at all.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-02 18:40:06 +02:00
Jouni Malinen
e22c23382f DPP: Apply testing configuration option to signing of own config
Previous implementation had missed this case of setting configurator
parameters.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-02 00:26:21 +02:00
Jouni Malinen
8c41734e5d FT: Fix Reassociation Request IEs during FT protocol
The previous implementation ended up replacing all pending IEs prepared
for Association Request frame with the FT specific IEs (RSNE, MDE, FTE)
when going through FT protocol reassociation with the wpa_supplicant
SME. This resulted in dropping all other IEs that might have been
prepared for the association (e.g., Extended Capabilities, RM Enabled
Capabilities, Supported Operating Classes, vendor specific additions).

Fix this by replacing only the known FT specific IEs with the
appropriate values for FT protocol while maintaining other already
prepared elements.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-01 22:02:55 +02:00
Jouni Malinen
3d1d469195 Fix indentation level
This gets rid of smatch warnings about inconsistent indenting.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-30 21:28:19 +02:00
Ashok Ponnaiah
fcb3f11e4d SAE: Fix external authentication on big endian platforms
Need to handle the little endian 16-bit fields properly when building
and parsing Authentication frames.

Fixes: 5ff39c1380 ("SAE: Support external authentication offload for driver-SME cases")
Signed-off-by: Ashok Ponnaiah <aponnaia@codeaurora.org>
2018-11-30 17:26:26 +02:00
Jouni Malinen
a00d65e79f DPP: Reject invalid no-psk/pass legacy configurator parameters
Instead of going through the configuration exchange, reject invalid
legacy configurator parameters explicitly. Previously, configuring
legacy (psk/sae) parameters without psk/pass resulted in a config object
that used a zero length passphrase. With this change, that config object
is not sent and instead, either the initialization attempts is rejected
or the incoming initialization attempt is ignored.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-30 17:14:49 +02:00
Cedric Izoard
18a0508a41 external-auth: Check key_mgmt when selecting SSID
When selecting SSID to start external authentication procedure also
check the key_mgmt field as several network configuration may be defined
for the same SSID/BSSID pair. The external authentication mechanism is
only available for SAE.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2018-11-26 19:09:25 +02:00
Jouni Malinen
931f7ff656 DPP: Fix GAS client error case handling
The GAS client processing of the response callback for DPP did not
properly check for GAS query success. This could result in trying to
check the Advertisement Protocol information in failure cases where that
information is not available and that would have resulted in
dereferencing a NULL pointer. Fix this by checking the GAS query result
before processing with processing of the response.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-11-25 13:33:39 +02:00
Lubomir Rintel
d7591aab85 dbus: Expose availability of SHA384 on D-Bus
This lets us know whether we can attempt to use FT-EAP-SHA384.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2018-11-24 18:18:25 +02:00
Lubomir Rintel
eb7e747931 dbus: Expose availability of FT on D-Bus
This lets us know whether we can attempt to use FT-PSK, FT-EAP,
FT-EAP-SHA384, FT-FILS-SHA256 or FT-FILS-SHA384.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2018-11-24 18:18:25 +02:00
Lubomir Rintel
59d59eb0e0 Revert "D-Bus: Implement Pmf property"
This reverts commit adf8f45f8a.

It is basically all wrong. The Pmf property did exist, with a signature of
"s" as documented in doc/dbus.doxygen. It was synthesized from
global_fields[].

The patch added a duplicate one, with a signature of "u", in violation
of D-Bus specification and to bemusement of tools that are careful
enough:

  $ busctl introspect fi.w1.wpa_supplicant1 /fi/w1/wpa_supplicant1/Interfaces/666
  Duplicate property

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2018-11-24 18:03:55 +02:00
Jouni Malinen
4929d556cc mesh: Add Category and Action field to maximum buffer length
Make the buf_len calculation match more closely with the following
wpa_buf*() operations. The extra room from the existing elements was
apparently sufficiently large to cover this, but better add the two
octet header explicitly.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-11-24 13:36:54 +02:00
Bob Copeland
25778502d5 mesh: Fix off-by-one in buf length calculation
The maximum size of a Mesh Peering Management element in the case
of an AMPE close frame is actually 24 bytes, not 23 bytes, plus the
two bytes of the IE header (IEEE Std 802.11-2016, 9.4.2.102). Found by
inspection.

The other buffer components seem to use large enough extra room in their
allocations to avoid hitting issues with the full buffer size even
without this fix.

Signed-off-by: Bob Copeland <bobcopeland@fb.com>
2018-11-24 13:30:28 +02:00
Davide Caratti
2b7f46f1c7 examples: Fix shellcheck warnings in wps-ap-cli
use 'printf' instead of 'echo -n', to suppress the following warning:

In POSIX sh, echo flags are undefined. [SC2039]

Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
2018-11-22 15:53:30 +02:00
Jouni Malinen
dc673aec46 HS 2.0: Generate AssocReq OSEN IE based on AP advertisement
Parse the OSEN IE from the AP to determine values used in the AssocReq
instead of using hardcoded cipher suites. This is needed to be able to
set the group cipher based on AP advertisement now that two possible
options exists for this (GTK_NOT_USED in separate OSEN BSS; CCMP or
GTK_NOT_USED in shared BSS case). Furthermore, this is a step towards
allowing other ciphers than CCMP to be used with OSEN.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-09 18:07:16 +02:00
Jouni Malinen
d514b50265 WNM: Collocated Interference Reporting
Add support for negotiating WNM Collocated Interference Reporting. This
allows hostapd to request associated STAs to report their collocated
interference information and wpa_supplicant to process such request and
reporting. The actual values (Collocated Interference Report Elements)
are out of scope of hostapd and wpa_supplicant, i.e., external
components are expected to generated and process these.

For hostapd/AP, this mechanism is enabled by setting
coloc_intf_reporting=1 in configuration. STAs are requested to perform
reporting with "COLOC_INTF_REQ <addr> <Automatic Report Enabled> <Report
Timeout>" control interface command. The received reports are indicated
as control interface events "COLOC-INTF-REPORT <addr> <dialog token>
<hexdump of report elements>".

For wpa_supplicant/STA, this mechanism is enabled by setting
coloc_intf_reporting=1 in configuration and setting Collocated
Interference Report Elements as a hexdump with "SET coloc_intf_elems
<hexdump>" control interface command. The hexdump can contain one or
more Collocated Interference Report Elements (each including the
information element header). For additional testing purposes, received
requests are reported with "COLOC-INTF-REQ <dialog token> <automatic
report enabled> <report timeout>" control interface events and
unsolicited reports can be sent with "COLOC_INTF_REPORT <hexdump>".

This commit adds support for reporting changes in the collocated
interference (Automatic Report Enabled == 1 and partial 3), but not for
periodic reports (2 and other part of 3).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-30 14:07:51 +02:00
Ilan Peer
170244a1cd SME: Fix order of WPA IE in association request
In case that the protocol used for association is WPA the WPA IE was
inserted before other (non vendor specific) IEs. This is not in
accordance to the standard that states that vendor IEs should be placed
after all the non vendor IEs are placed. In addition, this would cause
the low layers to fail to properly order information elements.

To fix this, if the protocol used is WPA, store the WPA IE and reinsert
it after all the non vendor specific IEs were placed.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2018-10-20 11:26:13 +03:00
Andrei Otcheretianski
ac0ac1ddfd wpa_supplicant: Fix buffer overflow in roaming_consortiums
When configuring more than 36 roaming consortiums with SET_CRED, the
stack is smashed. Fix that by correctly verifying the
num_roaming_consortiums.

Fixes: 909a948b ("HS 2.0: Add a new cred block parameter roaming_consortiums")
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2018-10-14 20:47:35 +03:00
Ilan Peer
c04562e67e OWE: Improve discovery of OWE transition mode AP
An OWE AP device that supports transition mode does not transmit the
SSID of the OWE AP in its Beacon frames and in addition the OWE AP does
not reply to broadcast Probe Request frames. Thus, the scan results
matching relies only on Beacon frames from the OWE open AP which can be
missed in case the AP's frequency is actively scanned.

To improve the discovery of transition mode APs, include their SSID in
the scan command to perform an active scan for the SSIDs learned from
the open mode BSSs.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2018-10-12 19:59:26 +03:00
Jouni Malinen
a5e6270f25 OWE: Use shorter scan interval during transition mode search
Start scans more quickly if an open BSS advertising OWE transition mode
is found, but the matching OWE BSS has not yet been seen.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-12 19:59:26 +03:00
Sunil Dutt
91073ccaaa OWE: Attempt more scans for OWE transition SSID if expected BSS not seen
This commit introduces a threshold for OWE transition BSS selection,
which signifies the maximum number of selection attempts (scans) done
for finding OWE BSS.

This aims to do more scan attempts for OWE BSS and eventually select the
open BSS if the selection/scan attempts for OWE BSS exceed the
configured threshold.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-12 19:59:26 +03:00
Jouni Malinen
baf4c86379 HS 2.0: Request and process OSU Providers NAI List ANQP-element
Extend wpa_supplicant to use a separate OSU_NAI information from OSU
Providers NAI List ANQP-element instead of the OSU_NAI information from
OSU Providers list ANQP-element when connecting to the shared BSS
(Single SSID) for OSU.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-05 20:51:51 +03:00
Purushottam Kushwaha
cf94626c50 OWE: Do not try to enable PMF for non-RSN associations
Explicitly set the PMF configuration to 0 (NO_MGMT_FRAME_PROTECTION) for
non-RSN associations. This specifically helps with OWE transition mode
when the network block is configured with PMF set to required, but the
BSS selected is in open mode. There is no point to try to enable PMF for
such an association.

This fixes issues with drivers that use the NL80211_ATTR_USE_MFP
attribute to set expectations for PMF use. The combination of non-RSN
connection with claimed requirement for PMF (NL80211_MFP_REQUIRED) could
cause such drivers to reject the connection in OWE transition mode.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-04 00:26:41 +03:00
Srinivas Dasari
50b77f50e8 DPP: Flush PMKSA if an assoc reject without timeout is received
Flush the PMKSA upon receiving assoc reject event without timeout
in the event data, to avoid trying the subsequent connections
with the old PMKID. Do not flush PMKSA if assoc reject is
received with timeout as it is generated internally from the
driver without reaching the AP.

This extends commit d109aa6cac ("SAE:
Flush PMKSA if an assoc reject without timeout is received") to handle
also the DPP AKM.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-09-18 13:15:20 +03:00
Jouni Malinen
3ecb8a5203 ANQP: Parse and report Venue URL information
Parse the Venue URL ANQP-element payload and report it with the new
RX-VENUE-URL event messages if the query was done using PMF.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-09-15 05:17:49 +03:00
Jouni Malinen
075926ec71 HS 2.0: Add alternative OSU_SSID into providers info file
This adds the second SSID (the one used by the shared BSS) for OSU
connection when generating osu-providers.txt. External tools can use
that to configure multiple network profiles for OSU to cover the cases
where transition mode is used.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-09-12 02:52:50 +03:00
Beni Lev
077232f603 OCE: Add OCE capability attribute only when associating to an OCE AP
Signed-off-by: Beni Lev <beni.lev@intel.com>
2018-09-02 18:16:30 +03:00
Roee Zamir
2ac4333404 OCE: Send scan parameters when OCE_STA functionality is enabled
If the device supports OCE features and OCE is enabled, set the relevant
scan parameters and FILS Request Parameters element with Max Channel
Time.

Signed-off-by: Roee Zamir <roee.zamir@intel.com>
2018-09-02 18:08:51 +03:00
Roee Zamir
938dd97a84 driver: Add OCE scan parameters
Add a flag to scan parameters that enables OCE scan features. If this
flag is set the device should enable the following features as defined
in the Optimized Connectivity Experience Technical Specification v1.0:
- Overwrite FILS request Max Channel Time with actual value (clause 3.8)
- Send Probe Request frame in high rate (at least 5.5 Mbps) (clause 3.12)
- Probe Request frame Transmission Deferral and Suppression (clause 3.5)
- Accept broadcast Probe Response frame (clause 3.6)

Signed-off-by: Roee Zamir <roee.zamir@intel.com>
2018-09-02 17:53:32 +03:00
Purushottam Kushwaha
20f612d998 DPP: Set group id through DPP_AUTH_INIT or dpp_configurator_params
This enhances DPP_AUTH_INIT, DPP_CONFIGURATOR_SIGN, and SET
dpp_configurator_params to allow optional setting of the DPP groupId
string for a Connector. If the value is not set, the previously wildcard
value ("*") is used by default.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-30 23:34:00 +03:00
Ankita Bajaj
af835d75b7 FILS: Fix FILS connect failures after ERP key invalidation
If the RADIUS authentication server dropped the cached ERP keys for any
reason, FILS authentication attempts with ERP fails and the previous
wpa_supplicant implementation ended up trying to use the same keys for
all consecutive attempts as well. This did not allow recovery from state
mismatch between the ERP server and peer using full EAP authentication.

Address this by trying to use full (non-FILS) authentication when trying
to connect to an AP using the same ERP realm with FILS-enabled network
profile if the previous authentication attempt had failed. This allows
new ERP keys to be established and FILS authentication to be used again
for the consecutive connections.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-24 16:27:34 +03:00
Jouke Witteveen
1e1245bc8b Fix QoS Mapping ext capab bit setting
Fix the typo in using WPA_DRIVER_FLAGS_QOS_MAPPING to set the QoS Map
bit in Extended Capabilities. The previous implementation ended up
adding this bit even if the driver did not actually indicate support for
the capability.

Signed-off-by: Jouke Witteveen <j.witteveen@gmail.com>
2018-08-12 16:35:31 +03:00
Jouni Malinen
ecec4878b7 Provide more details of WPA3 modes in wpa_supplicant.conf
Clarify that proto=RSN is used for WPA3 and add the WPA3-Personal name
for SAE and include OWE as a possible key_mgmt value.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-01 17:55:50 +03:00
Jouni Malinen
e8cf9fc33f P2P: Use more compact debug print of common group frequencies
Print the list of frequencies on a single line instead of one line per
frequency.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-06-15 22:28:05 +03:00
Jouni Malinen
26eac0a998 P2P: Improve common group channel selection if GO needs to be moved
Prefer channels that support VHT80 (and secondarily, HT40 on the same
band) over other common group channels. If no such channel is found,
prefer any channel that uses the same band so that CSA can be used. This
improves the case where a P2P GO needs to move to another channel and
there is no other reason (e.g., preferred channel from the driver or an
already used channel from a virtual interface sharing the same radio) to
pick a specific channel.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-06-15 22:28:05 +03:00
Jouni Malinen
616178a2ad P2P/AP: More detailed debug prints on HT/VHT parameter selection
This makes it easier to debug why wpa_supplicant selects particular
HT/VHT parameters for AP/P2P GO mode.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-06-15 21:40:43 +03:00
Jouni Malinen
88bf44be42 FT: Fix potential NULL pointer dereference in MDE addition
The bss variable in this function might be NULL, so make the FT MDE
addition case conditional on a BSS entry being available.

Fixes: 3dc3afe298 ("FT: Add MDE to assoc request IEs in connect params")
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 20:16:37 +03:00
Jouni Malinen
d8e8c992cd FT: Add key management value FT-EAP-SHA384 for wpa_supplicant
This allows wpa_supplicant to be configuted to use the SHA384-based FT
AKM.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 20:16:37 +03:00
Jouni Malinen
8c2715b358 FT: Connection settings for SHA384-based AKM
Extend wpa_supplicant to allow SHA384-based FT AKM to be selected for a
connection.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 19:29:53 +03:00
Sven Eckelmann
20c2ea412a wpa_supplicant: Fix parsing of max_oper_chwidth
The max_oper_chwidth is parsed in wpa_config_set as INT_RANGE (see
ssid_fields). The actual parsing for INT_RANGE is done by
wpa_config_parse_int which can only store the result as full integer.

max_oper_chwidth is stored as u8 (a single byte) in wpa_ssid. This means
that on little endian systems, the least significant byte of the parsed
value are really stored in the max_oper_chwidth. But on big endian
system, the only most significant byte is stored as max_oper_chwidth.
This means that 0 is always stored because the provided range doesn't
allow any other value for systems with multi-byte-wide integers.

This also means that for common systems with 4-byte-wide integers, the
remaining 3 bytes were written after the actual member of the struct.
This should not have influenced the behavior of succeeding members
because these bytes would have been part of the padding between the
members on most systems.

Increasing its size to a full int fixes the write operations outside of
the member and allows to use the max_oper_chwidth setting on big endian
systems.

Fixes: 0f29bc68d1 ("IBSS/mesh: Add support for VHT80P80 configuration")
Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
2018-05-31 16:14:28 +03:00
Felix Fietkau
8fd29a0439 mesh: Fix crash with CONFIG_TAXONOMY enabled
wpa_s->ifmsh needs to be allocated using hostapd_alloc_iface() instead
of a direct call to os_zalloc(), otherwise the linked list for station
taxonomy items remains uninitialized, leading to a crash on the first
attempt to traverse that list

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-05-31 13:06:07 +03:00
Jouni Malinen
f5a602168f HS 2.0: Allow OSEN connection to be used in an RSN BSS
This allows a single BSS/SSID to be used for both data connection and
OSU. In wpa_supplicant configuration, the current proto=OSEN
key_mgmt=OSEN combination is now allowing both the old separate OSEN
BSS/IE and the new RSN-OSEN to be used.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-29 23:34:22 +03:00
Jouni Malinen
833bb2ab15 FT: Disable PMKSA caching with FT
PMKSA caching with FT is not fully functional, so disable the case for
now, so that wpa_supplicant does not end up trying to connect with a
PMKSA cache entry from another AKM. FT-EAP was already modified long
time ago to not add PMKSA cache entries itself.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-21 22:18:50 +03:00
Jouni Malinen
9be19d0b9c SAE: Add support for using the optional Password Identifier
This extends the SAE implementation in both infrastructure and mesh BSS
cases to allow an optional Password Identifier to be used. This uses the
mechanism added in P802.11REVmd/D1.0. The Password Identifier is
configured in a wpa_supplicant network profile as a new string parameter
sae_password_id. In hostapd configuration, the existing sae_password
parameter has been extended to allow the password identifier (and also a
peer MAC address) to be set. In addition, multiple sae_password entries
can now be provided to hostapd to allow multiple per-peer and
per-identifier passwords to be set.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-19 17:30:29 +03:00
Jouni Malinen
d6a65a83fb mesh: Register msg_ctx for hostapd/AP code
The use of hostapd code for a mesh interface did not register
hapd->msg_ctx. This needs to be done similarly to the existing cases in
wpa_supplicant AP and IBSS mode uses so that wpa_msg() calls from the
hostapd/AP code get delivered properly.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-19 17:22:48 +03:00
Jouni Malinen
ffff7f7095 OWE: Mark connection failed in the unlikely no-bss-entry case
If no BSS entry can be found when processing association rejected event
from the driver for the special OWE case of unsupported
finite-cyclic-group, process the event as a connection failure instead
of just skipping the the OWE retry with another DH group.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-16 19:01:23 +03:00
Jouni Malinen
0cc41ee635 Move wpa_supplicant_event() EVENT_ASSOC_REJECT handling into a function
This cleans up the implementation a bit by making this functionality
easier to understand.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-16 18:52:17 +03:00
Srinivas Dasari
16d5c9637c OWE: Get the bss from bssid of assoc_reject to try for next group
On an assoc_reject from the BSS with the status=77, a connection attempt
with the next supported group happens. The BSS considered here is from
current_bss which may be NULL at this point of time with SME-in-driver
case. Address this by getting the BSS from the bssid obtained in
association reject indication and skip the step if no BSS entry can be
found.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-16 01:16:54 +03:00
Srinivas Dasari
d109aa6cac SAE: Flush PMKSA if an assoc reject without timeout is received
Flush the PMKSA upon receiving association reject event without timeout
in the event data in SME-in-driver case to avoid trying to use the old
PMKSA entry in subsequent connection attempts. Do not flush PMKSA if
association reject is received with timeout as it is generated
internally from the driver without reaching the AP. This is similar to
the SME-in-wpa_supplicant case that was already addressed within
sme_event_assoc_reject().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-16 01:16:54 +03:00
Jouni Malinen
ce2a9644bd Silence a gcc warning on switch statement fallthrough
Add an explicit comment noting a previously undocumented fallthrough to
not trigger an implicit-fallthrough warning.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-16 01:16:35 +03:00
Jouni Malinen
d267bdf9bd Silence new gcc warnings on switch statement fallthroughs
Reword the comments to make gcc 8.1 recognize these as designed cases
and not trigger implicit-fallthrough warnings.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-15 20:55:17 +03:00
Ahmad Masri
60a5737e8f FT: Clear SME FT data on disassoc
SME ft_used flag is sometimes not cleared on disassoc. For example,
after initial FT connection, ft_used is set while ft_ies stays NULL.
Later on, upon disassoc, sme_update_ft_ies() is not invoked and ft_used
is not cleared. Fix this by invoking sme_update_ft_ies() also in case
ft_used is set.

This is needed to fix an issue with drivers that use nl80211 Connect API
with FT and expect to the NL80211_AUTHTYPE_OPEN specified in the Connect
command for the initial mobility domain association.

Signed-off-by: Ahmad Masri <amasri@codeaurora.org>
2018-05-04 20:56:52 +03:00
Bhagavathi Perumal S
d57e06170b wpa_supplicant: Make channel switch event available for non-AP builds
This allows user to get channel switch indication in station mode even
if wpa_supplicant is built without CONFIG_AP=y.

Signed-off-by: Bhagavathi Perumal S <bperumal@codeaurora.org>
2018-05-04 20:31:23 +03:00
Bhagavathi Perumal S
d7f038ded2 wpa_supplicant: Add ieee80211ac information in STATUS
This allows user to get current operating mode of station.

Signed-off-by: Bhagavathi Perumal S <bperumal@codeaurora.org>
2018-05-04 20:18:55 +03:00
Sean Parkinson
ab35793ec1 wolfSSL: Fix EAP-FAST key derivation
Implement tls_connection_get_eap_fast_key() using cryptographic
primitives as wolfSSL implements different spec.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2018-05-02 13:32:51 +03:00
Jouni Malinen
bbbc7e8016 EAP-TLS: Extend TLS version config to allow TLS v1.3 to be disabled
This may be needed to avoid interoperability issues with the new
protocol version and significant changes for EAP use cases in both key
derivation and handshake termination.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-05-01 22:13:38 +03:00
Jouni Malinen
625a8c86ba wpa_cli: Indicate HS20-T-C-ACCEPTANCE to action scripts
This can be used to start a web browser to go through Terms and
Conditions acknowledgment.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-29 20:02:13 +03:00
mazumdar
d239ab3962 DFS: Mark channels required DFS based on reg-domain info from the driver
Mark a channel as required DFS based on regulatory information received
from the driver/kernel rather than deciding based on hardcoded
boundaries on the frequency. Previously few channels were being marked
as requiring DFS even though they were non-DFS in a particular country.

If the driver does not provide channel list information, fall back to
the previously used frequency-based determination.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-24 00:35:47 +03:00
Jouni Malinen
7fc6a024f9 HS 2.0: Process received Terms and Conditions Acceptance notification
Extend wpa_supplicant WNM-Notification RX handling to parse and process
received Terms and Conditions Acceptance notifications. If PMF is
enabled for the association, this frame results in control interface
indication (HS20-T-C-ACCEPTANCE <URL>) to get upper layers to guide the
user through the required acceptance steps.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-24 00:35:47 +03:00
Jouni Malinen
72b6e5d1e2 Do not remove CCMP group cipher if any CCMP/GCMP cipher is enabled
CCMP group cipher was removed if CCMP was not allowed as a pairwise
cipher when loading a configuration file (but not actually when changing
configuration during runtime). This is needed to avoid issues with
configurations that use the default group cipher (TKIP CCMP) while
modifying pairwise cipher from the default CCMP TKIP) to TKIP. However,
there is not really a need to remove the CCMP group cipher if any GCMP
or CCMP cipher is enabled as a pairwise cipher.

Change the network profile validation routine to not remove CCMP as
group cipher if CCMP-256, GCMP, or GCMP-256 is enabled as a pairwise
cipher even if CCMP is not.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-24 00:35:43 +03:00
Tova Mussai
c4315e6620 AP: Handle AP initalization failure in async flow
When AP initialization is completed in a callback (e.g., OBSS scan),
wpa_supplicant_deinit_ap() is not called in case of failure. Fix this by
calling setup_complete_cb in case of failure, too, which in turn calls
wpa_supplicant_deinit_ap() if needed.

Signed-off-by: Tova Mussai <tova.mussai@intel.com>
2018-04-20 00:48:49 +03:00
Ahmad Masri
86c998d37a FT: Add FT auth algorithm to connect params when roaming
Add WPA FT auth to connect params in case of a re-connection to ESS
supporting FT when FT was used in the first connect.

Signed-off-by: Ahmad Masri <amasri@codeaurora.org>
2018-04-20 00:35:41 +03:00
Ahmad Masri
3dc3afe298 FT: Add MDE to assoc request IEs in connect params
Add MDE (mobility domain element) to Association Request frame IEs in
the driver assoc params. wpa_supplicant will add MDE only if the network
profile allows FT, the selected AP supports FT, and the mobility domain
ID matches.

Signed-off-by: Ahmad Masri <amasri@codeaurora.org>
2018-04-20 00:32:49 +03:00
Bhagavathi Perumal S
b55c623e4c Make CENTER_FRQ1 available independently in SIGNAL_POLL
This allows user to get center frequency and find secondary channel
offset.

Signed-off-by: Bhagavathi Perumal S <bperumal@codeaurora.org>
2018-04-20 00:10:45 +03:00
Jouni Malinen
4204669c69 HS 2.0: Add Roaming Consortium Selection element into AssocReq
This makes wpa_supplicant add Hotspot 2.0 Roaming Consortium Selection
element into (Re)Association Request frames if the network profile
includes roaming_consortium_selection parameter.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-18 01:12:25 +03:00
Jouni Malinen
6311547e7b HS 2.0: Add Roaming Consortium Selection network profile parameter
This adds new roaming_consortium_selection network profile parameter
into wpa_supplicant. This is used to store the OI that was used for
network selection (INTERWORKING_SELECT) based on matching against the
Roaming Consortium OIs advertised by the AP. This can also be used when
using an external component to perform selection.

This commit adds the network profile parameter, but does not yet include
it in (Re)Association Request frames.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-17 17:26:56 +03:00
Jouni Malinen
5b7695275c HS 2.0: Use roaming_consortiums list to match OIs for access
This extends Hotspot 2.0 credential matching to consider the
roaming_consortiums parameter when determining whether the cred block
matches the information advertised by an AP.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-17 17:26:53 +03:00
Jouni Malinen
909a948b0f HS 2.0: Add a new cred block parameter roaming_consortiums
This new string parameter contains a comma delimited list of OIs
(hexdump) in a string. This is used to store Hotspot 2.0
PerProviderSubscription/<X+>/HomeSP/RoamingConsortiumOI. This commit
includes the configuration changes to parse and write the parameter. The
actual values are not yet used in Interworking network selection.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-17 16:40:47 +03:00
Jouni Malinen
9b6f93e4d6 HS 2.0: Document credential parameter required_roaming_consortium
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-17 16:40:47 +03:00
Jouni Malinen
6a8a04d742 HS 2.0: Add fetching of Operator Icon Metadata ANQP-element
This extends wpa_supplicant Hotspot 2.0 ANQP routines to allow the
Operator Icon Metadata ANQP-element to be fetched with "ANQP_GET <bssid>
hs20:12". The result is available in the new hs20_operator_icon_metadata
entry in the "BSS <bssid>" output.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-17 16:40:42 +03:00
Dmitry Lebed
37547ad63c wpa_supplicant: Increase authentication timeout if CAC is started
Timeout is increased by dfs_cac_ms from channel data, or by max CAC time
(10 minutes) if dfs_cac_ms is not defined. This is needed for some more
complex cases, e.g., when STA is acting as an active slave with DFS
offload enabled and decided to start CAC after receiving CONNECT
command, in such a case the 10 second timeout is too small and
wpa_supplicant need to wait for CAC completion or CAC timeout (up to 10
minutes).

Without such timeout modification wpa_supplicant will be unable to
connect to an AP on DFS channel, since the default authentication
timeout (10 s) is smaller than the minimum CAC time (60 s).

Tested with nl80211 DFS offload implementation.

Signed-off-by: Dmitry Lebed <dlebed@quantenna.com>
2018-04-15 22:20:49 +03:00
Dmitry Lebed
2dd5fbbff8 wpa_supplicant: Rename wpas_event_*() to wpas_ap_event_*()
Rename DFS event handling functions, since they are located in ap.c and
refer to AP-mode only. Needed to add some STA-mode DFS event handling.

Signed-off-by: Dmitry Lebed <dlebed@quantenna.com>
2018-04-15 22:07:09 +03:00
Jouni Malinen
a2ab37308a Fix sae_password documentation in wpa_supplicant to refer correct field
sae_password replaces psk, not passphrase, parameter in wpa_supplicant.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-04-13 12:09:33 +03:00
Daniel Golle
d5906fbb72 mesh: Properly handle sae_password
The recently introduced sae_password parameter was only handled properly
in wpa_supplicant/sme.c while wpa_supplicant/mesh.c assumed that
ssid->passphrase exclusively holds the secret.

Import the logic from sme.c to mesh.c to allow having only sae_password
set which otherwise throws this error:
AP-ENABLED
mesh: Passphrase for SAE not configured

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-04-13 12:09:33 +03:00
Jouni Malinen
852b2f2738 SAE: Only allow SAE AKMP for PMKSA caching attempts
Explicitly check the PMKSA cache entry to have matching SAE AKMP for the
case where determining whether to use PMKSA caching instead of new SAE
authentication. Previously, only the network context was checked, but a
single network configuration profile could be used with both WPA2-PSK
and SAE, so should check the AKMP as well.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-04-09 19:34:44 +03:00
Jouni Malinen
06b1a10434 SAE: Fix default PMK configuration for PMKSA caching case
The RSN supplicant state machine PMK was set based on WPA PSK even for
the cases where SAE would be used. If the AP allows PMKSA caching to be
used with SAE, but does not indicate the selected PMKID explicitly in
EAPOL-Key msg 1/4, this could result in trying to use the PSK instead of
SAE PMK. Fix this by not setting the WPA-PSK as default PMK for SAE
network profiles and instead, configuring the PMK explicitly from the
found PMKSA cache entry.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-04-09 13:10:08 +03:00
Jouni Malinen
66dbc8d9c3 Add more debug prints for wpa_sm_set_pmk() calls
Couple of these were not preceded by wpa_hexdump_key(PSK) which made it
more difficult to interpret the debug log.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-04-08 19:11:07 +03:00
Jouni Malinen
ee2c6bb5e5 Remove CONFIG_IEEE80211R_AP=y build option from wpa_supplicant
There is no existing mechanism for setting up AP mode functionality with
FT enabled, so there is not really much point in having a build option
for trying to include the AP-to-AP FT functionality into wpa_supplicant
either. Since this build option results in failures to complete the
build, simply remove it completely. This can be restored if there is
ever desire to enable FT functionality in wpa_supplicant controlled AP
mode.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-04-02 17:00:45 +03:00
Davide Caratti
d89edb6112 wpa_supplicant: Don't reply to EAPOL if pkt_type is PACKET_OTHERHOST
When wpa_supplicant is running on a Linux interface that is configured in
promiscuous mode, and it is not a member of a bridge, incoming EAPOL
packets are processed regardless of the Destination Address in the frame.
As a consequence, there are situations where wpa_supplicant replies to
EAPOL packets that are not destined for it.

This behavior seems undesired (see IEEE Std 802.1X-2010, 11.4.a), and can
be avoided by attaching a BPF filter that lets the kernel discard packets
having pkt_type equal to PACKET_OTHERHOST.

Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
2018-04-02 12:21:27 +03:00
Vasyl Vavrychuk
8fb2b35735 Clean up setting of iface->p2p_mgmt flag
Previously we set this flag to one in wpa_supplicant_init_iface() if
Wi-Fi controller does not have a dedicated P2P-interface.

This setting had effect only in scope of wpa_supplicant_init_iface() and
it contradicts with comment to struct wpa_interface::p2p_mgmt field.
This comment says that this flag is used only if Wi-Fi controller has
dedicated P2P-device interface.

Also it contradicts with usage of similiar p2p_mgmt field in struct
wpa_supplicant. Again struct wpa_supplicant::p2p_mgmt is set only for
dedicated P2P-device interface.

After this change wpa_interface become input argument to
wpa_supplicant_init_iface() that we are not modifying.

Signed-off-by: Vasyl Vavrychuk <vvavrychuk@gmail.com>
2018-04-02 12:13:59 +03:00
Vasyl Vavrychuk
d53401c54b dbus: Redirect signal processing to the management device if present
This fixes sending of FindStopped, GroupFormationFailure, and
InvitationReceived signals in the case of separate P2P-Device interface.
This extends the coverage of the earlier commit
745d62322b ("dbus: Redirect P2P request to
the managment device if present") to these three functions that were
missing the redirection.

Some wireless controllers might have separate P2P-Device interface, see
as example result of 'iw dev':

phy#0
        Unnamed/non-netdev interface
                ...
                type P2P-device
                ...
        Interface wlp2s0
                type managed
                ...

In this case there is separate 'struct wpa_supplicant' created for this
p2p-dev-* device as result of 'wpa_supplicant_add_iface >
wpas_p2p_add_p2pdev_interface > wpa_supplicant_add_iface'.

This instance of wpa_supplicant is not registered in D-Bus
(wpas_dbus_register_*) since for corresponding P2P device interface flag
'struct wpa_interface > p2p_mgmt' is set.

But this instance is saved in p2p_init_wpa_s and is used for handling
P2P related D-Bus commands. Therefore we should look for D-Bus path in
the parent of p2p_init_wpa_s instance.

Without this change test dbus_p2p_discovery starts failing if we set
support_p2p_device in vm-run.sh.

Signed-off-by: Vasyl Vavrychuk <vvavrychuk@gmail.com>
2018-04-02 12:02:13 +03:00
Masashi Honma
e480212765 dbus: Add FILS to global capabilities
If any of the interfaces supports FILS (and similarly for FILS-SK-PFS),
include the "fils" (and "fils_sk_pfs") capability in D-Bus information.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2018-04-02 11:56:06 +03:00
Jaap Keuter
208263c014 Add config information related to MACsec
Add examples of relevant top level CONFIG clauses for wpa_supplicant
MACsec support to defconfig.

Extend the example of MACsec related network configuration. Also bring
them in line with the format of the other example network configurations.

Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
2018-04-01 21:58:57 +03:00
Saurav Babu
e360010c3a dbus: Add mesh to global capabilities
Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
2018-04-01 21:52:56 +03:00
Ahmed ElArabawy
45f7574d31 Propagate the EAP method error code
In the current implementation, upon an EAP method failure, followed by
an EAP failure, the EAP Status is propagated up in wpa_supplicant with a
general failure parameter string "failure". This parameter is used for a
notification on the dbus.

This commit reports the EAP method failure error code in a separate
callback.

The solution in this commit is generic to all EAP methods, and can be
used by any method that need to pass its error code. However, this
commit only implements the reporting for EAP-SIM and EAP-AKA methods
where the Notification Code (in AT_NOTIFICATION) is used as the method
specific error code value.

Signed-off-by: Ahmed ElArabawy <arabawy@google.com>
2018-03-31 11:57:33 +03:00
Beniamino Galvani
77a020a118 wpa_supplicant: Fix auth failure when the MAC is updated externally
When connecting to a WPA-EAP network and the MAC address is changed
just before the association (for example by NetworkManager, which sets
a random MAC during scans), the authentication sometimes fails in the
following way ('####' logs added by me):

wpa_supplicant logs:
 wlan0: WPA: RX message 1 of 4-Way Handshake from 02:00:00:00:01:00 (ver=1)
 RSN: msg 1/4 key data - hexdump(len=22): dd 14 00 0f ac 04 d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23
 WPA: PMKID in EAPOL-Key - hexdump(len=22): dd 14 00 0f ac 04 d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23
 RSN: PMKID from Authenticator - hexdump(len=16): d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23
 wlan0: RSN: no matching PMKID found
 EAPOL: Successfully fetched key (len=32)
 WPA: PMK from EAPOL state machines - hexdump(len=32): [REMOVED]
 #### WPA: rsn_pmkid():
 #### WPA: aa              - hexdump(len=6): 02 00 00 00 01 00
 #### WPA: spa             - hexdump(len=6): 66 20 cf ab 8c dc
 #### WPA: PMK             - hexdump(len=32): b5 24 76 4f 6f 50 8c f6 a1 2e 24 b8 07 4e 9a 13 1b 94 c4 a8 1f 7e 22 d6 ed fc 7d 43 c7 77 b6 f7
 #### WPA: computed PMKID  - hexdump(len=16): ea 73 67 b1 8e 5f 18 43 58 24 e8 1c 47 23 87 71
 RSN: Replace PMKSA entry for the current AP and any PMKSA cache entry that was based on the old PMK
 nl80211: Delete PMKID for 02:00:00:00:01:00
 wlan0: RSN: PMKSA cache entry free_cb: 02:00:00:00:01:00 reason=1
 RSN: Added PMKSA cache entry for 02:00:00:00:01:00 network_ctx=0x5630bf85a270
 nl80211: Add PMKID for 02:00:00:00:01:00
 wlan0: RSN: PMKID mismatch - authentication server may have derived different MSK?!

hostapd logs:
 WPA: PMK from EAPOL state machine (MSK len=64 PMK len=32)
 WPA: 02:00:00:00:00:00 WPA_PTK entering state PTKSTART
 wlan1: STA 02:00:00:00:00:00 WPA: sending 1/4 msg of 4-Way Handshake
 #### WPA: rsn_pmkid():
 #### WPA: aa              - hexdump(len=6): 02 00 00 00 01 00
 #### WPA: spa             - hexdump(len=6): 02 00 00 00 00 00
 #### WPA: PMK             - hexdump(len=32): b5 24 76 4f 6f 50 8c f6 a1 2e 24 b8 07 4e 9a 13 1b 94 c4 a8 1f 7e 22 d6 ed fc 7d 43 c7 77 b6 f7
 #### WPA: computed PMKID  - hexdump(len=16): d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23
 WPA: Send EAPOL(version=1 secure=0 mic=0 ack=1 install=0 pairwise=1 kde_len=22 keyidx=0 encr=0)

That's because wpa_supplicant computed the PMKID using the wrong (old)
MAC address used during the scan. wpa_supplicant updates own_addr when
the interface goes up, as the MAC can only change while the interface
is down. However, drivers don't report all interface state changes:
for example the nl80211 driver may ignore a down-up cycle if the down
message is processed later, when the interface is already up. In such
cases, wpa_supplicant (and in particular, the EAP state machine) would
continue to use the old MAC.

Add a new driver event that notifies of MAC address changes while the
interface is active.

Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
2018-03-30 12:16:42 +03:00
Jouni Malinen
64624f31cf OWE: Fix CONFIG_OWE=y build without CONFIG_IEEE80211R=y
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-26 12:34:36 +03:00
Tamizh chelvam
ec2b5173ce Make STA opmode change event available to upper layers
Add an event callback for EVENT_STATION_OPMODE_CHANGED to allow
user/application to get the notification whenever there is a change in a
station's HT/VHT op mode.

The new events:
STA-OPMODE-MAX-BW-CHANGED <addr> <20(no-HT)|20|40|80|80+80|160>
STA-OPMODE-SMPS-MODE-CHANGED <addr> <automatic|off|dynamic|static>
STA-OPMODE-N_SS-CHANGED <addr> <N_SS>

Signed-off-by: Tamizh chelvam <tamizhr@codeaurora.org>
2018-03-19 20:07:22 +02:00
Purushottam Kushwaha
8179ae3a2a DPP: Support retrieving of configurator's private key
To retain configurator information across hostapd/wpa_supplicant
restart, private key need to be maintained to generate a valid pair of
authentication keys (connector, netaccess_key, csign) for new enrollees
in the network.

Add a DPP_CONFIGURATOR_GET_KEY control interface API through which the
private key of an existing configurator can be fetched.

Command format:
DPP_CONFIGURATOR_GET_KEY <configurator_id>

The output from this command can then be used with
"DPP_CONFIGURATOR_ADD key=<hexdump>" to create the same key again.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-16 20:55:32 +02:00
Srinivas Dasari
d74963d411 DPP: Extend dpp_test 89 functionality to transmit side
This extends dpp_test functionality to allow DPP exchanges to be stopped
after authentication is completed on the Initiator, i.e., after sending
out the Authentication Confirm message. Previously, dpp_test=89 was used
only on the Responder side to stop after receiving the Authentication
Confirm message. The main use case for this extended functionality is to
be able to stop the protocol exchange on a device that acts as
authentication Initiator and Enrollee.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-13 01:03:37 +02:00
Davide Caratti
22151b111b wpa_supplicant: Fix memory leaks in ieee802_1x_create_preshared_mka()
In case MKA is initialized successfully, local copies of CAK and CKN
were allocated, but never freed. Ensure that such memory is released
also when ieee802_1x_kay_create_mka() returns a valid pointer.

Fixes: ad51731abf ("wpa_supplicant: Allow pre-shared (CAK,CKN) pair for MKA")
Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
2018-03-11 17:01:14 +02:00
Sean Parkinson
fec03f9838 Add support for wolfSSL cryptographic library
Allow hostapd/wpa_supplicant to be compiled with the wolfSSL
cryptography and TLS library.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2018-03-03 11:52:40 +02:00
Avraham Stern
b8e88d357a wpa_supplicant: Handle port authorized event
When the driver indicates that the connection is authorized (i.e., the
4-way handshake was completed by the driver), cancel the EAP
authentication timeout and set the EAP state machine to success state.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2018-02-17 18:45:26 +02:00
Arkadiusz Drabczyk
14dcb22a5b wpa_passphrase: Include $(LIBS) for linking
wpa_passphrase requires libcrypto from OpenSSL (or another selected
library). User can set an alternative path to OpenSSL libraries by
defining LIBS at the top of .config but if $(LIBS) is not actually used
wrong libcrypto is used or compilation fails if there is no libcrypto in
the default locations cc is looking for it. It's especially bad for
cross-compilers that fail with 'cannot find -lcrypto' message.

Signed-off-by: Arkadiusz Drabczyk <arkadiusz@drabczyk.org>
2018-02-17 18:11:40 +02:00
Jouni Malinen
4b07484c3d DPP: Do not include common/dpp.h without CONFIG_DPP=y
This header file pulls in an OpenSSL header file and as such, should not
be included without CONFIG_DPP=y to avoid bringing in an unnecessary
build dependency on OpenSSL header files.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-02-17 18:07:43 +02:00
Jouni Malinen
6e3726c09e Fix a typo in disassoc_low_ack documentation
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-02-17 17:59:27 +02:00
Danilo Ravotto
19e20c14fb Add ap_isolate configuration option for wpa_supplicant AP mode
Allow client isolation to be configured with ap_isolate inside
wpa_supplicant configuration file.

Signed-off-by: Danilo Ravotto <danilo.ravotto@zirak.it>
2018-02-17 17:48:31 +02:00
Jouni Malinen
aca4d84e3d DPP: Use wildcard BSSID in GAS query frames
Force use of the wildcard BSSID address in GAS query frames with DPP
regardless of how the gas_address3 configuration parameter is set. DPP
specification mandates this and the use of GAS here is really outside
the context of a BSS, so using the wildcard BSSID makes sense even for
the corner case of Configurator running on a known AP (where IEEE 802.11
standard would allow the BSSID of the AP to be used).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-02-10 12:42:00 +02:00
Jouni Malinen
6a252ece24 DPP: Fix GAS query removal race condition on DPP_STOP_LISTEN
If a DPP_STOP_LISTEN call happens to be received when there is a pending
gas-query radio work that has not yet been started, it was possible for
gas_query_stop() to go through gas_query_done() processing with
gas->work == NULL and that ended up with the pending GAS query getting
freed without removing the pending radio work that hold a reference to
the now freed memory. Fix this by removing the pending non-started radio
work for the GAS query in this specific corner case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-02-07 18:03:58 +02:00
Jouni Malinen
3b50f8a460 DPP: PKEX initiation on other bands
Add support for wpa_supplicant to try to initiate PKEX on 5 GHz and 60
GHz bands in addition to the previously available 2.4 GHz case. If no
response from a peer device is seen on the 2.4 GHz band (channel 6) for
the five attempts, try the other PKEX channels (5 GHz channels 44 and
149; and 60 GHz channel 2) if they are supported and allowed for
initiating radiation.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-02-07 16:56:43 +02:00
Jouni Malinen
70e1901371 DPP: Require use of PMF for DPP AKM
Previously, wpa_supplicant set PMF as optional for the DPP AKM since
there was no clear statement about this requirement in the tech spec.
Now that this requirement has been added, update the implementation to
match. In addition, set ssid->ieee80211w using the actual enum
mfp_options values instead of magic constants to make this a bit more
readable.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-02-06 22:08:21 +02:00
Jouni Malinen
3bd35b6816 wpa_supplicant: Fix parsing errors on additional config file
If the -I<config> argument is used and the referenced configuration file
cannot be parsed, wpa_config_read() ended up freeing the main
configuration data structure and that resulted in use of freed memory in
such an error case. Fix this by not freeing the main config data and
handling the error case in the caller.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-02-04 12:20:13 +02:00
Dmitry Shmidt
9c5fe742a2 wpa_supplicant: Free config only if it was allocated in same call
If option -I:config points to a non-existing file, the the previously
allocated config must not be freed. Avoid use of freed memory in such an
error case by skipping the incorrect freeing operation.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2018-02-04 12:13:12 +02:00
Jouni Malinen
9f8d459d4c OWE: Fix association IEs for transition mode open AP connection
The special case of returning from wpa_supplicant_set_suites() when OWE
transition mode profile is used for an open association did not clear
the wpa_ie buffer length properly. This resulted in trying to use
corrupted IEs in the association request and failed association
(cfg80211 rejects the request or if the request were to go out, the AP
would likely reject it).

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-02-04 11:55:01 +02:00
Simon Dinkin
c6096c6eef wpa_cli: Enable add/remove/get vendor elements without P2P
This functionality can be used regardless of P2P and should not be under
the ifdef of CONFIG_P2P.

Signed-off-by: Simon Dinkin <simon.dinkin@tandemg.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2018-02-03 12:44:20 +02:00
Vasyl Vavrychuk
ebf4043739 D-Bus: Report error on starting P2P find
Signed-off-by: Vasyl Vavrychuk <vvavrychuk@gmail.com>
2018-02-03 12:25:32 +02:00
Jouni Malinen
66b9f3ca8a wpa_cli: Fix cred_fields[] declaration
This was supposed to be an array of const-pointers to const-char; not
something duplicating const for char and resulting in compiler warnings
with more recent gcc versions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-02-03 12:08:09 +02:00
Sunil Dutt
5ff39c1380 SAE: Support external authentication offload for driver-SME cases
Extend the SME functionality to support the external authentication.
External authentication may be used by the drivers that do not define
separate commands for authentication and association
(~WPA_DRIVER_FLAGS_SME) but rely on wpa_supplicant's SME for the
authentication.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-02-02 21:17:55 +02:00
Jouni Malinen
9e834fc648 EAP-SIM/AKA: Separate identity for MK derivation
This allows a separate configuration parameter (imsi_identity) to be
used in EAP-SIM/AKA/AKA' profiles to override the identity used in MK
derivation for the case where the identity is expected to be from the
last AT_IDENTITY attribute (or EAP-Response/Identity if AT_IDENTITY was
not used). This may be needed to avoid sending out an unprotected
permanent identity information over-the-air and if the EAP-SIM/AKA
server ends up using a value based on the real IMSI during the internal
key derivation operation (that does not expose the data to others).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2018-01-21 11:28:53 +02:00
Jouni Malinen
c1790a5ff8 OWE: Allow station in transition mode to connect to an open BSS
If the OWE network profile matches an open network which does not
advertise OWE BSS, allow open connection. The new owe_only=1 network
profile parameter can be used to disable this transition mode and
enforce connection only with OWE networks.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-21 11:13:01 +02:00
Jouni Malinen
fd92095491 DPP: Report reception of Config Request to upper layers
This is mainly for protocol testing purposes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-12 00:50:45 +02:00
Jouni Malinen
b7ed94834d GnuTLS: Add option to build with libnettle instead of libgcrypt
GnuTLS-based builds can now be done using either libnettle or libgcrypt
for crypto functionality:

CONFIG_TLS=gnutls
CONFIG_CRYPTO=nettle

CONFIG_TLS=gnutls
CONFIG_CRYPTO=gnutls

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-29 17:13:57 +02:00
Jouni Malinen
133f8d09fc GnuTLS: Implement HMAC functions using libgcrypt
Replace the internal HMAC MD5, SHA-1, and SHA256 implementations with
the ones from libgcrypt and also add the SHA384 and SHA512 versions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-27 23:35:26 +02:00
Jouni Malinen
85c12a62ee GnuTLS: Implement sha{256,384,512}_vector() using libgcrypt
Replace the internal SHA256 implementation with the one from libgcrypt
and also add the SHA384 and SHA512 versions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-27 23:21:37 +02:00
Jouni Malinen
2cb40e9f40 OWE: Try all supported DH groups automatically on STA
If a specific DH group for OWE is not set with the owe_group parameter,
try all supported DH groups (currently 19, 20, 21) one by one if the AP
keeps rejecting groups with the status code 77.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-27 21:06:02 +02:00
Jouni Malinen
9596a75652 PAE: Remove OpenSSL header dependency
Instead of requiring OpenSSL headers to be available just for the
SSL3_RANDOM_SIZE definition, replace that macro with a fixed length (32)
to simplify dependencies.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-24 21:40:21 +02:00
Sean Parkinson
04b1bcc5f3 EAP-pwd: Use abstract crypto API
This makes it easier to use EAP-pwd with other crypto libraries than
OpenSSL.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2017-12-24 21:40:21 +02:00
Mikael Kanstrup
12bce14b10 wpa_cli: Add completion for get/set cred commands
Add command completion support for get_cred and set_cred commands.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sony.com>
2017-12-16 13:23:52 +02:00
Masashi Honma
6240424a76 dbus: Add FILS key mgmt values into BSS security properties
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-12-16 13:14:37 +02:00
vamsi krishna
d98038bb05 FILS: Driver configuration to disable/enable FILS features
The new disable_fils parameter can be used to disable FILS functionality
in the driver. This is currently removing the FILS Capability bit in
Extended Capabilities and providing a callback to the driver wrappers.
driver_nl80211.c implements this using a QCA vendor specific command for
now.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-15 20:52:17 +02:00
Jouni Malinen
5f30b69cde OWE: Allow DH Parameters element overriding with driver SME
Commit 265bda3444 ('OWE: Allow DH
Parameters element to be overridden for testing purposes') provided
means for using "VENDOR_ELEM_ADD 13 <IE>" in OWE protocol testing, but
that commit covered only the sme.c case (i.e., drivers that use
wpa_supplicant SME). Extend this to cover drivers that use internal SME
(e.g., use the nl80211 Connect command).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-11 13:59:55 +02:00
Jeff Vander Stoep
b65353a767 Android: Set CONFIG_NO_RANDOM_POOL=y
Wpa_supplicant's random pool is not necessary on Android. Randomness
is already provided by the entropymixer service which ensures
sufficient entropy is maintained across reboots. Commit b410eb1913
'Initialize /dev/urandom earlier in boot' seeds /dev/urandom with
that entropy before either wpa_supplicant or hostapd are run.

Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
2017-12-09 17:47:42 +02:00
Jouni Malinen
055cd39788 tests: DPP P-256 test vectors
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-07 13:35:19 +02:00
Jouni Malinen
f55269753c DPP: Allow protocol key to be overridden for testing purposes
This can be used for various testing needs.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-05 23:53:08 +02:00
Jouni Malinen
afd3cf14a0 WPS: Add GCMP-256 and CCMP-256 cipher options on Enrollee
If a credential with encp type AES is received, add GCMP-256 and
CCMP-256 cipher options on station Enrollee based on local capabilities.
This is needed to allow connection with an AP using either of these
newer ciphers.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-02 12:14:55 +02:00
Jouni Malinen
5f481b6fdb WPS: Check BSS table against current BSSID if credential does not match
The credential MAC address is not necessarily that of the AP, i.e., it
is more likely to be that of the Enrollee. Check the scan results
against the current BSSID as well if match is not found otherwise when
going through the mixed mode workaround.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-02 12:00:45 +02:00
Jouni Malinen
ed2c493e9e DPP: Change Authentication Response retry time to 1 second
The previously used 10 second timer did not really make much sense since
the Initiator is not going to be waiting for the response that long.
Change this to 1 second based on the DPP tech spec change.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-02 12:00:44 +02:00
Jouni Malinen
55c6c85855 DPP: Extend dpp_test with invalid Transaction ID in Peer Disc Req
Allow a Transaction ID attribute with invalid length to be sent for
protocol testing purposes.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-30 21:56:19 +02:00
Jouni Malinen
fa5c907495 DPP: Call wpas_dpp_stop() from wpas_dpp_deinit()
This makes the full DPP deinit operation more consistent with stopping
of a single operation. In practice, this adds the new GAS client
stopping functionality.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-30 00:11:22 +02:00
Jouni Malinen
1866dfb52c DPP: Stop pending GAS client operation on DPP_STOP_LISTEN
This makes the operation more complete in stopping all ongoing DPP
related functionality.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-30 00:08:40 +02:00
Jouni Malinen
ed62d40116 DPP: Deinit PKEX instance on DPP_STOP_LISTEN
Previously this stopped only the DPP Authentication instance, but it is
better to clear both PKEX and Authentication.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-29 12:24:01 +02:00
Jouni Malinen
d3cb7ebe1b DPP: Do not process dpp_auth_ok_on_ack multiple times
An additional TX status callback could result in processing the DPP
authentication completion another time at least with hostapd. Fix this
by clearing the dpp_auth_ok_on_ack when processing it.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-27 20:20:26 +02:00
Ashok Ponnaiah
dc2f24f1b2 DPP: Fix compilation without CONFIG_TESTING_OPTIONS=y
Add CONFIG_TESTING_OPTIONS ifdef protection to couple of forgotten DPP
test parameters in wpa_supplicant ctrl_iface.

Signed-off-by: Ashok Ponnaiah <aponnaia@qti.qualcomm.com>
2017-11-27 17:30:03 +02:00
Jouni Malinen
82feacced0 DPP: Ignore GAS server status callback for unknown response
It was possible for a timeout from an old GAS server operation to
trigger DPP configuration failure during the subsequent DPP operation.
Fix this by verifying that the status callback is for the response
generated during the same DPP Authentication/Configuration exchange.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-27 13:48:40 +02:00
Jouni Malinen
a2588be82c DPP: Add DPP_CONFIGURATOR_SIGN support to hostapd
Configurator signing its own Connector was previously supported only in
wpa_supplicant. This commit extends that to hostapd to allow an AP
acting as a Configurator to self-configure itself.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-27 13:24:20 +02:00
Jouni Malinen
acc555f9e6 DPP: Allow PKEX x/X and y/Y keypairs to be overridden
This is for testing purposes to allow a test vector with specific values
to be generated.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-24 01:41:50 +02:00
Jouni Malinen
2bdc47a945 DPP: Allow PKEX own/peer MAC addresses to be overridden
This is for testing purposes to allow a test vector with specific values
to be generated.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-23 23:47:52 +02:00
Jouni Malinen
af4103e5e9 DPP: Provide peer_mac to PKEX Initiator through function argument
Avoid unnecessary direct write to a struct dpp_pkex member from outside
dpp.c.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-23 23:32:33 +02:00
Jouni Malinen
3ca4be1eaa DPP: Remove compiler warnings about signed/unsigned comparisons
These timestamp comparisons did not use matching signedness.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-23 20:31:12 +02:00
bhagavathi perumal s
cc79e06f00 hostapd: Add wpa_msg_ctrl() to report Probe Request frames from STA
This allows external applications to get event indication for Probe
Request frames. Extend ctrl iface cmd "ATTACH" to enable this event on
per-request basis. For example, user has to send ctrl iface cmd "ATTACH
probe_rx_events=1" to enable the Probe Request frame events.

Signed-off-by: bhagavathi perumal s <bperumal@qti.qualcomm.com>
2017-11-23 20:12:34 +02:00
Jouni Malinen
0db637ca80 DPP: Fix number of Authentication Request retry cases
Previous implementation did not handle number of sequences correctly.
Make sure the iteration continues in both unicast and broadcast cases
until the five attempts have been made. In addition, improve timing by
checking 10 second time from the beginning of each iteration round and
not the last channel on which the Auth Req frame has been transmitted.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-23 13:08:45 +02:00
Jouni Malinen
921f5acd17 DPP: Take response wait time into account for init retries
Previously, the Authentication Request frame was retried after 2+10 = 12
seconds since the wait for the response was not accounted for. Substract
that wait from the 10 second wait time to start the retries more quickly
based on the 10 second timer described in the tech spec.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-23 00:42:20 +02:00
Jouni Malinen
248264c622 DPP: Stop Authentication Request attempts if no response after ACK
If unicast Authentication Request frame is used and the peer ACKs such a
frame, but does not reply within the two second limit, there is no need
to continue trying to retransmit the request frames since the peer was
found, but not responsive.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-23 00:22:13 +02:00
Jouni Malinen
e3a5882b3e DPP: Add SAE credential support to Configurator
The new conf={sta,ap}-{sae,psk-sae} parameter values can now be used to
specify that the legacy configuration object is for SAE.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-22 21:24:08 +02:00
Jouni Malinen
5dd745b738 DPP: Add akm=sae and akm=psk+sae support in Enrollee role
This allows DPP to be used for enrolling credentials for SAE networks in
addition to the legacy PSK (WPA-PSK) case. In addition, enable FT-PSK
and FT-SAE cases automatically.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-22 21:23:51 +02:00
Jouni Malinen
00d2d13db2 DPP: Retry PKEX Exchange Request frame up to five times
Retransmit the PKEX Exchange Request frame if no response from a peer is
received. This makes the exchange more robust since this frame is sent
to a broadcast address and has no link layer retries.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-22 15:54:35 +02:00
Jouni Malinen
4b8de0c929 DPP: Protocol testing for invalid Peer Discovery Req/Resp values
Extend dpp_test to allow more invalid attribute values to be written
into Peer Discovery Request/Response frames.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 17:15:02 +02:00
Jouni Malinen
f9cf7d03f1 DPP: Protocol testing for invalid Config Attrib Object value
Extend dpp_test to cover a case where Config Attrib Object value is
invalid in Configuration Request frame.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 14:13:20 +02:00
Jouni Malinen
95b0104a34 DPP: Retransmit DPP Authentication Response frame if it is not ACKed
This extends wpa_supplicant DPP implementation to retransmit DPP
Authentication Response frame every 10 seconds up to 5 times if the peer
does not reply with DPP Authentication Confirm frame.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 12:35:26 +02:00
Jouni Malinen
c1d3773967 DPP: Stop authentication exchange of DPP_STOP_LISTEN
Previously, this command stopped listen operation immediately, but if
there was an ongoing authentication exchange, a new listen operation was
started. This is not really expected behavior, so stop the
authentication exchange first with this command to avoid restarting
listen operation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 12:35:26 +02:00
Jouni Malinen
d1f082644c DPP: Allowed initiator to indicate either role
The new role=either parameter can now be used with DPP_AUTH_INIT to
indicate that the initiator can take either the Configurator or Enrollee
role.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 11:45:05 +02:00
Jouni Malinen
f97ace34cb DPP: Support multiple channels for initiating DPP Authentication
This extends wpa_supplicant to iterate over all available channels from
the intersection of what the peer indicates and the local device
supports when initiating DPP Authentication. In addition, retry DPP
Authentication Request frame up to five times if no response is
received.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 11:45:05 +02:00
Jouni Malinen
de02986189 DPP: Share a helper function for PKEX final steps
Generate the PKEX bootstrapping information and release the PKEX session
in a helper function that both the initiator and responder can use
instead of maintaining this functionality separately in two places.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 10:30:11 +02:00
Jouni Malinen
a306ed5a58 DPP: Protocol testing to allow missing attributes in peer discovery
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-06 12:40:18 +02:00
Sunil Dutt
37ed3254de P2P: ACS offload for the autonomous GO
This commit introduces the ACS functionality for the autonomous GO. The
optional parameter <freq> in p2p_group_add is enhanced to carry a value
"acs" with the intention to select the channels among any supported
band. freq = 2 / 5 carry the need to select the channels only in the
respective bands 2.4 / 5 GHz. This functionality is on top of the host
driver's capability to offload ACS, which is advertized through
WPA_DRIVER_FLAGS_ACS_OFFLOAD.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 21:47:32 +02:00
Jouni Malinen
29ab69e4b0 DPP: PKEX counter t
Add limit on number of failed attempts that could have used PKEX code.
If the limit (5) is reached, drop the PKEX state (including the code)
and report this on the control interface to indicate that a new code
needs to be entered due to possible attack.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:59:46 +02:00
Jouni Malinen
039b8e7369 DPP: Terminate PKEX exchange on detection of a mismatching code
Clean up the pending PKEX exchange if Commit-Reveal Request processing
indicates a mismatch in the PKEX code. Previously, the this case was
silently ignored and the session was left in pending state that
prevented new PKEX exchanges from getting initated. Now, a new attempt
is allowed to be initiated.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:59:46 +02:00
Jouni Malinen
e0247e7983 DPP: PKEX and STATUS_BAD_GROUP
Report mismatching finite cyclic group with PKEX Exchange Response using
STATUS_BAD_GROUP and provide more detailed error report over the control
interface on the peer device when this happens.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:59:46 +02:00
Jouni Malinen
219d4c9fcb DPP: Report possible PKEX code mismatch in control interface
Indicate to upper layers if PKEX Commit-Reveal Request frame AES-SIV
decryption fails. That is a likely sign of the PKEX code mismatch
between the devices.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 12:25:35 +02:00
Jouni Malinen
69d8d029f5 DPP: Enable PMF when adding wpa_supplicant network profile
DPP AKM should really require PMF to be used, but since that is not yet
explicitly required in the specification, make PMF enabled for now. For
legacy PSK cases, configure PMF to be enabled as well to support both
APs in no-PMF, optional-PMF, and required-PMF configuration.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-01 17:14:30 +02:00
Jouni Malinen
d270920692 DPP: Negotiation channel change request from Initiator
Allow the Initiator to request a different channel to be used for DPP
Authentication and DPP Configuration exchanges. This commit adds support
for this in wpa_supplicant with the optional neg_freq=<freq in MHz>
parameter in DPP_AUTH_INIT.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 16:08:02 +02:00
Jouni Malinen
b7dddab7be DPP: Allow testing override values to be cleared
This allows wpa_supplicant dpp_config_obj_override,
dpp_discovery_override, and dpp_groups_override parameters to be cleared
by setting them to a zero-length value.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 12:23:34 +02:00