Commit message (Collapse)AuthorAgeFilesLines
* Add new QCA vendor attribute for getting preferred channelPeng Xu2017-12-221-1/+19
| | | | | | | | A new vendor attribute QCA_WLAN_VENDOR_ATTR_GET_WEIGHED_PCL is added for getting preferred channels with weight value and a flag to indicate how the channels should be used in P2P negotiation process. Signed-off-by: Peng Xu <pxu@qti.qualcomm.com>
* Fix couple of QCA_NL80211_VENDOR_SUBCMD_GET_SAR_LIMITS commentsJouni Malinen2017-12-221-2/+2
| | | | | | Copy-paste errors in the command name (set vs. the new get). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Vendor parameter for forcing RSNE overrideSunil Dutt2017-12-221-0/+12
| | | | | | | | | | Indicates the driver to use the RSNE as-is from the connect interface. Exclusively used for the scenarios where the device is used as a testbed device with special functionality and not recommended for production. This helps driver to not validate the RSNE passed from user space and thus allow arbitrary IE data to be used for testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* wpa_cli: Add completion for get/set cred commandsMikael Kanstrup2017-12-161-4/+82
| | | | | | Add command completion support for get_cred and set_cred commands. Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sony.com>
* dbus: Add FILS key mgmt values into BSS security propertiesMasashi Honma2017-12-161-1/+11
| | | | Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* Define a QCA vendor command to retrieve SAR Power limitsJeff Johnson2017-12-151-3/+14
| | | | | | | | | | Previously commit c79238b6a460ab6bc6ebc5e2453fd94716393105 ('Define a QCA vendor command to configure SAR Power limits') implemented a vendor command interface to allow a userspace entity to dynamically control the SAR power limits. Now implement a command to retrieve the current SAR power limits. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FILS: Driver configuration to disable/enable FILS featuresvamsi krishna2017-12-156-1/+60
| | | | | | | | | | The new disable_fils parameter can be used to disable FILS functionality in the driver. This is currently removing the FILS Capability bit in Extended Capabilities and providing a callback to the driver wrappers. driver_nl80211.c implements this using a QCA vendor specific command for now. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: DPP P-521 test vector (mutual auth)Jouni Malinen2017-12-131-0/+71
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: chan_util_avg_periodJouni Malinen2017-12-111-1/+5
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Add average channel utilization in STATUSBhagavathi Perumal S2017-12-116-0/+46
| | | | | | | | | | This allows external programs to get the average channel utilization. The average channel utilization is calculated and reported through STATUS command. Users need to configure chan_util_avg_period and bss_load_update_period in hostapd config to get the average channel utilization. Signed-off-by: Bhagavathi Perumal S <bperumal@qti.qualcomm.com>
* hostapd: Update BSS load update period dynamicallyBhagavathi Perumal S2017-12-112-12/+27
| | | | | | | | | | | Recalculate the timeout value for each event instead of calculating this once and then not allowing the timeout configuration to be changed without fully stopping and restarting the interface. This allows the bss_load_update_period configuration parameter to be modified while a BSS continues operating. Signed-off-by: Bhagavathi Perumal S <bperumal@qti.qualcomm.com>
* Fix error handling in bss_load_update_period parserJouni Malinen2017-12-112-5/+6
| | | | | | | Do not update the configuration parameter before having verified the value to be in the valid range. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd_cli: Add dpp_listen and dpp_stop_listenJouni Malinen2017-12-111-0/+18
| | | | | | | | Now that hostapd exposes the DPP_LISTEN and DPP_STOP_LISTEN commands similarly to wpa_supplicant, expose these through proper hostapd_cli commands as well to match wpa_cli functionality. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: OWE and unsupported group using cfg80211 connect commandJouni Malinen2017-12-111-0/+11
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* OWE: Allow DH Parameters element overriding with driver SMEJouni Malinen2017-12-111-0/+5
| | | | | | | | | | | Commit 265bda34441da14249cb22ce8a459cebe8015a55 ('OWE: Allow DH Parameters element to be overridden for testing purposes') provided means for using "VENDOR_ELEM_ADD 13 <IE>" in OWE protocol testing, but that commit covered only the sme.c case (i.e., drivers that use wpa_supplicant SME). Extend this to cover drivers that use internal SME (e.g., use the nl80211 Connect command). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* OWE: Fix error case handling with drivers that implement AP SMEJouni Malinen2017-12-111-4/+9
| | | | | | | | | | | | owe_auth_req_process() can return NULL in error cases, but the caller was not prepared for this. The p pointer cannot be overridden in such cases since that would result in buffer length (p - buf) overflows. Fix this by using a temporary variable to check the return value before overriding p so that the hostapd_sta_assoc() ends up using correct length for the IE buffer. Fixes: 33c8bbd8ca7a ("OWE: Add AP mode handling of OWE with drivers that implement SME") Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* OpenSSL: Replace EVP_PKEY_paramgen() with EC_KEY_new_by_curve_name()Jouni Malinen2017-12-102-56/+3
| | | | | | | | The BoringSSL version of crypto_ecdh_init() and dpp_gen_keypair() works fine with OpenSSL as well, so use that same implementation for both to avoid unnecessary maintanence of multiple versions. Signed-off-by: Jouni Malinen <j@w1.fi>
* BoringSSL: Use EC_KEY_new_by_curve_name() to simplify implementationJouni Malinen2017-12-102-8/+4
| | | | | | | | There is no need to go through EC_GROUP_new_by_curve_name(), EC_KEY_new(), and EC_KEY_set_group() when a single call to EC_KEY_new_by_curve_name() takes care of all that. Signed-off-by: Jouni Malinen <j@w1.fi>
* Revert "BoringSSL: Add DPP special cases regardless of claimed version number"Jouni Malinen2017-12-101-2/+2
| | | | | | | | | | | This reverts commit 5548453a2d0061cf5d65180dca5d0141e15e14bb since BoringSSL added ECDSA_SIG_set0() and ECDSA_SIG_get0() in commit 8dc226ca8f1ef60737e1c1bf8cfcabf51d4068c7 ('Add some missing OpenSSL 1.1.0 accessors.') and updated X509_ALGOR_get0() prototype to match OpenSSL 1.1.0 changes in commit e3b2a5d30d309091cab3e6a19dee7323c40d968d ('Const-correct X509_ALGOR_get0.'). Signed-off-by: Jouni Malinen <j@w1.fi>
* Revert "BoringSSL: Define RSA_bits() helper"Jouni Malinen2017-12-101-1/+1
| | | | | | | | | This reverts commit 3cfbd3b0f63fb299f1187f16db6fcec9421e3df4 since BoringSSL added RSA_bits() in commit 8dc226ca8f1ef60737e1c1bf8cfcabf51d4068c7 ('Add some missing OpenSSL 1.1.0 accessors.'). Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Suite B 192-bit with RSA and RADIUSJouni Malinen2017-12-101-0/+40
| | | | | | | This tests use of RSA >3K keys and forcing ECDHE on both the server and client side. Signed-off-by: Jouni Malinen <j@w1.fi>
* OpenSSL: Allow cipher list to be overridden for tls_suiteb=1 caseJouni Malinen2017-12-101-3/+17
| | | | | | | | | This allows wpa_supplicant configuration with phase1="tls_suiteb=1" to use openssl_ciphers="ECDHE-RSA-AES256-GCM-SHA384" to further limit the possible TLS cipher suites when using Suite B with RSA >3K keys. This combination disables use of DHE and as such, mandates ECDHE to be used. Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix wnm-fuzzer buildJouni Malinen2017-12-091-0/+3
| | | | | | | Need to include couple more wpa_supplicant source code files into the build. Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix ap-mgmt-fuzzer buildJouni Malinen2017-12-091-0/+2
| | | | | | Add src/ap/eth_p_oui.o into libap.a to be able to link ap-mgmt-fuzzer. Signed-off-by: Jouni Malinen <j@w1.fi>
* eapol-fuzzer: Resolve circular library references with --start-groupJouni Malinen2017-12-091-4/+1
| | | | | | | | | | | | src/crypto/libcrypto.a and src/tls/libtls.a have circular references and will need special handling with the linker at least for the time being. This could be cleaned up eventually, but for now, provide a mechanism to get the program linked. This was already done in tests/Makefile, but tests/eapol-fuzzer/Makefile needs the same. Signed-off-by: Jouni Malinen <j@w1.fi>
* OpenSSL: Avoid SSL*_use_default_passwd_cb()David Benjamin2017-12-091-73/+58
| | | | | | | | | | | | | | These functions are a bit awkward to use for one-off file loads, as suggested by the tls_clear_default_passwd_cb() logic. There was also some historical mess with OpenSSL versions and either not having per-SSL settings, having per-SSL settings but ignoring them, and requiring the per-SSL settings. Instead, loading the key with the lower-level functions seems a bit tidier and also allows abstracting away trying both formats, one after another. Signed-off-by: David Benjamin <davidben@google.com>
* OpenSSL: Remove unnecessary os_strdup() from password callbackDavid Benjamin2017-12-091-27/+11
| | | | | | | There's no need to make an extra copy of private_key_passwd for SSL_{CTX_,}set_default_passwd_cb(). Signed-off-by: David Benjamin <davidben@google.com>
* Android: Set CONFIG_NO_RANDOM_POOL=yJeff Vander Stoep2017-12-093-2/+14
| | | | | | | | | | Wpa_supplicant's random pool is not necessary on Android. Randomness is already provided by the entropymixer service which ensures sufficient entropy is maintained across reboots. Commit b410eb1913 'Initialize /dev/urandom earlier in boot' seeds /dev/urandom with that entropy before either wpa_supplicant or hostapd are run. Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
* Android: Move hostapd to vendor partitionPo-Chien Hsueh2017-12-092-1/+3
| | | | | | Move hostapd to /vendor/bin/ because it's only used by WIFI HAL. Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
* wlantest: Try harder to find a STA entry with PTK for 4-address framesJouni Malinen2017-12-081-3/+6
| | | | | | | | | | | | | | Commit aab66128369c5953e70f867e997a54146bcca88b ('wlantest: Search bss/sta entry more thoroughly for 4-address frames') allowed wlantest to find a STA entry in this type of cases, but it was still possible for that STA entry to be the one that has no derived PTK while the STA entry for the other side of the link might have the derived PTK available. Extend this BSS/STA selection mechanism to use sta->ptk_set to determine which STA entry is more useful for decryption, i.e., select the one with a known PTK. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add new QCA vendor attribute for WLAN Latency Module (WLM)Paul Zhang2017-12-081-0/+41
| | | | | | | | A new vendor attribute QCA_WLAN_VENDOR_ATTR_CONFIG_LATENCY_LEVEL is added for vendor sub-command QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION. This attribute is for setting the level of WLM. Signed-off-by: Paul Zhang <paulz@qti.qualcomm.com>
* tests: DPP P-256 test vectorsJouni Malinen2017-12-074-0/+165
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Allow protocol key to be overridden for testing purposesJouni Malinen2017-12-053-0/+43
| | | | | | This can be used for various testing needs. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: sigma_dut and DPPAuthDirection,Mutual on InitiatorJouni Malinen2017-12-051-3/+11
| | | | | | | Do not include this argument in normal case, but add a test case to cover the special extra check case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: sigma_dut DPP protocol testing - Stop at RXJouni Malinen2017-12-051-0/+95
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: WPS with other AES-based ciphersJouni Malinen2017-12-021-0/+28
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* WPS: Add GCMP-256 and CCMP-256 cipher options on EnrolleeJouni Malinen2017-12-021-0/+10
| | | | | | | | | If a credential with encp type AES is received, add GCMP-256 and CCMP-256 cipher options on station Enrollee based on local capabilities. This is needed to allow connection with an AP using either of these newer ciphers. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: Make ap_wps_ap_scan_2 work with multiple AES-ciphersJouni Malinen2017-12-021-0/+11
| | | | | | | | This test case is not really realistic and the second connection attempt would fail if additional AES-based ciphers get provisioned. Work this around by dropping to CCMP only if other ciphers are present. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: Allow more ciphers in ap_wps_mixed_credJouni Malinen2017-12-021-1/+2
| | | | | | | This is needed to avoid false errors with GCMP-256 and CCMP-256 to be added in the implementation. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* WPS: Check BSS table against current BSSID if credential does not matchJouni Malinen2017-12-021-0/+3
| | | | | | | | | The credential MAC address is not necessarily that of the AP, i.e., it is more likely to be that of the Enrollee. Check the scan results against the current BSSID as well if match is not found otherwise when going through the mixed mode workaround. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* WPS: Map GCMP-256 and CCMP-256 to AES encryption typeJouni Malinen2017-12-021-1/+3
| | | | | | | This is needed to allow a credential to be built for GCMP-256/CCMP-256 networks that do not enable GCMP-128/CCMP-128. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* WPS: Allow WPS to be enabled in CCMP-256 and GCMP-256 only casesShiva Sankar Gajula2017-12-021-1/+3
| | | | | | | | | Extend the check against WPA/TKIP only configuration by adding CCMP-256 and GCMP-256 to the list of allowed ciphers. This is needed to allow WPS to be enabled in AP configurations where neither CCMP-128 nor GCMP-128 are enabled. Signed-off-by: Shiva Sankar Gajula <sgajula@qti.qualcomm.com>
* tests: DPP testing to check for mutual authentication on InitiatorJouni Malinen2017-12-021-0/+26
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Indicate to upper layers whether mutual authentication was usedJouni Malinen2017-12-022-0/+4
| | | | | | | | DPP Responder selects whether mutual authentication is used. This commit adds information about that selection to upper layers (ctrl_iface event DPP-AUTH-DIRECTION mutual=<0/1>) on the Initiator side. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: DPP exchange stopping unexpectedlyJouni Malinen2017-12-021-3/+121
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Extend protocol testing to allow exchange terminationJouni Malinen2017-12-022-0/+64
| | | | | | | This extends dpp_test functionality to allow DPP exchanges to be stopped when receiving a specified message. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Change Authentication Response retry time to 1 secondJouni Malinen2017-12-021-1/+1
| | | | | | | | The previously used 10 second timer did not really make much sense since the Initiator is not going to be waiting for the response that long. Change this to 1 second based on the DPP tech spec change. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: nl80211.py: Fix attribute paddingJohannes Berg2017-12-021-5/+7
| | | | | | | | | | The kernel started enforcing attribute lengths, and nl80211.py had been doing it all wrong - the padding must be present, but not part of the length. Fix it to do it the right way. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* nl80211: Fix NL80211_MESHCONF_AUTO_OPEN_PLINKS encodingJouni Malinen2017-12-011-2/+2
| | | | | | | | | | | | | | This nl80211 attribute uses NLA_U8 policy in cfg80211 and wpa_supplicant needs to use same size when writing the attribute. This fixes mesh mode regression triggered by kernel commit "net: netlink: Update attr validation to require exact length for some types" in v4.15-rc1 that resulted in the following debug log entry when trying to join a mesh: nl80211: mesh join failed: ret=-22 (Invalid argument) Fixes: 6c1664f6051f ("nl80211: Add new commands to support mesh interfaces") Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* nl80211: Fix NL80211_ATTR_SMPS_MODE encodingJouni Malinen2017-12-011-1/+1
| | | | | | | | | | | | | | | This nl80211 attribute uses NLA_U8 policy in cfg80211 and hostapd/wpa_supplicant needs to use same size when writing the attribute. This fixes AP mode regression triggered by kernel commit "net: netlink: Update attr validation to require exact length for some types" in v4.15-rc1 that resulted in the following debug log entry when trying to enable beaconing: nl80211: Beacon set failed: -34 (Numerical result out of range) Fixes: da1080d7215f ("nl80211: Advertise and configure SMPS modes") Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>