Commit message (Collapse)AuthorAgeFilesLines
* tests: ap_hs20_cred_and_no_roaming_consortium to match implementationHEADpendingmasterJouni Malinen16 hours1-1/+1
| | | | | | | | Now that wpa_supplicant was modified to use NAI realm query even if roaming_consortium is set, this test case is actually able to find a match. Update it to avoid cause incorrect test failures. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS2.0: Skip check for roaming_consortium for NAI realm queryPurushottam Kushwaha16 hours1-1/+1
| | | | | | | | | | | | | | | | | | Previously ANQP fetch considered NAI realm query only when cred block did not specify roaming_consortium to optimize ANQP operations (NAI realm list can have a very long value). In certain cases, both NAI realm and roaming_consortium are configured in credential block and this resulted in ANQP fetch for NAI realm not being initiated. That could result in not being able to select the highest priority available credential/network. Remove roaming_consortium check for NAI realm query inclusion in ANQP request so that we will request NAI realm information whenever it can result in matching additional networks. This makes the ANQP queries more costly in some cases, but the additional information is needed for correct behavior in network selection. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* P2P: Fix listen state machine getting stuck in send_action() scheduled caseHu Wang5 days1-0/+1
| | | | | | | | | | | | | | | | | | | | | | | Commit 947b5a1532f9 ("P2P: Stop listen state if Action frame TX is needed on another channel") added an optimization for P2P response transmission in certain concurrent operation cases. However, it did not take into account possibility of the driver not being in listen state (p2p->drv_in_listen == 0) and could end up getting stuck with the P2P state machine in a manner that made the device not listen for following messages. This showed up in following manner in the debug log: P2P: Starting short listen state (state=SEARCH) P2P: Driver ended Listen state (freq=2437) process received frame and send a response P2P: Stop listen on 0 MHz to allow a frame to be sent immediately on 2437 MHz P2P: Clear timeout (state=SEARCH) --> state machine stuck Fix this by adding drv_in_listen > 0 condition for the optimization to stop the listen operation in send_action() resulting in scheduled TX. Fixes: 947b5a1532f9 ("P2P: Stop listen state if Action frame TX is needed on another channel") Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* hostapd: Update DFS status in VHT80+80 modeLei Wang8 days1-0/+11
| | | | | | | | | | | Update center frequency and center frequency2's DFS channel status in VHT80+80 mode. Otherwise it will cause AP failed to start on a DFS channel. Tested: qca9984 with firmware ver 10.4-3.10-00047 Signed-off-by: Rick Wu <rwu@codeaurora.org> Signed-off-by: Lei Wang <leiwa@codeaurora.org>
* Fix status code in SAE/DPP association PMKID mismatch (driver-AP-SME)Jouni Malinen10 days1-0/+3
| | | | | | | | | | | | | | | | | | | wpa_validate_wpa_ie() was already extended to cover these cases with WPA_INVALID_PMKID return value, but hostapd_notif_assoc() did not have code for mapping this into the appropriate status code (STATUS_INVALID_PMKID) and ended up using the default (WLAN_STATUS_INVALID_IE) instead. This caused AP SME-in-driver cases returning incorrect status code when the AP did not have a matching PMKSA cache entry. This could result in unexpected station behavior where the station could continue trying to use a PMKSA cache entry that the AP does not have and not being able to recover this. Fix this by adding the previously missed mapping of validation errors to status/reason codes. Fixes: 567da5bbd027 ("DPP: Add new AKM") Fixes: 458d8984de1d ("SAE: Reject request with mismatching PMKID (no PMKSA cache entry)") Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: sigma_dut controlled AP and deauth commandsJouni Malinen12 days1-0/+34
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Fix a typo in a commentJouni Malinen12 days1-1/+1
| | | | | | Spell NULL correctly. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: D-Bus MACAddressRandomizationMask property Get/SetJouni Malinen2019-10-271-0/+79
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Allow scans triggered by D-Bus to use MAC address randomizationEric Caruso2019-10-271-0/+4
| | | | | | | | | wpas_dbus_handler_scan() constructs a set of 'params' each time, but it doesn't acknowledge the existing randomization settings when doing so. That means that any D-Bus initiated scans weren't going to follow the configured settings. Signed-off-by: Eric Caruso <ejcaruso@chromium.org>
* D-Bus: Add MAC address randomization endpointsEric Caruso2019-10-276-0/+209
| | | | | | | | | | Add D-Bus property: * MACAddressRandomizationMask: a{say} which configure random MAC address functionality in the Wi-Fi driver via netlink. Signed-off-by: Eric Caruso <ejcaruso@chromium.org>
* Move ownership of MAC address randomization mask to scan paramsEric Caruso2019-10-272-40/+41
| | | | | | | | | This array can be freed either from the scan parameters or from clearing the MAC address randomization parameters from the wpa_supplicant struct. To make this ownership more clear, we have each struct own its own copy of the parameters. Signed-off-by: Eric Caruso <ejcaruso@chromium.org>
* DPP: Mention ssid and pass parameters for DPP_AUTH_INIT in documentationJouni Malinen2019-10-271-1/+3
| | | | | | | These parameter use hexdump values over the control interface, so mention them in the DPP example documentation. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: DPP configuration savingJouni Malinen2019-10-271-0/+37
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* JSON: Fix escaping of characters that have MSB=1 with signed charJouni Malinen2019-10-271-1/+1
| | | | | | | The "\\u%04x" printf string did not really work in the correct way if char is signed. Fix this by type casting this to unsigned char. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Add negative scan testsJohannes Berg2019-10-272-0/+36
| | | | | | | | | | | | There was a bug in wmediumd in that it didn't set the frequency of frames, and thus they were always received by mac80211_hwsim, regardless of channel it was on. Add two tests that verify we only find a single instance of an AP if we only have that one, and run this both with and without wmediumd. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* tests: Make wpas_mesh_pmksa_caching_ext more robustJouni Malinen2019-10-271-0/+4
| | | | | | | | | Avoid race conditions in completing mesh group removal/re-addition steps and starting connectivity check. It seemed to be possible to get to the connectivity test in some cases before the mesh STA had rejoined the mesh and completed key configuration. Signed-off-by: Jouni Malinen <j@w1.fi>
* dbus: Export OWE capability and OWE BSS key_mgmtBeniamino Galvani2019-10-271-3/+9
| | | | | | | | Export a new 'owe' capability to indicate that wpa_supplicant was built with OWE support and accepts 'key_mgmt=OWE'. Also, support 'owe' in the array of BSS' available key managements. Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
* D-Bus: Fix P2P NULL dereference after interface removalDavide Caratti2019-10-271-2/+67
| | | | | | | | | | | | | | When the P2P management interface is deleted, P2P is then disabled and global->p2p_init_wpa_s is set to NULL. After that, other interfaces can still trigger P2P functions (like wpas_p2p_find()) using D-Bus. This makes wpa_supplicant terminate with SIGSEGV, because it dereferences a NULL pointer. Fix this by adding proper checks, like it's done with wpa_cli. CC: Beniamino Galvani <bgalvani@redhat.com> CC: Benjamin Berg <benjamin@sipsolutions.net> Reported-by: Vladimir Benes <vbenes@redhat.com> Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
* nl80211: Indicate SUITE_B_192 capa only when CCMP-256/GCMP-256 supportedMikael Kanstrup2019-10-271-1/+4
| | | | | | | | | | | | | | SUITE_B_192 AKM capability was indicated for all devices using the nl80211 driver (without the QCA vendor specific AKM capability indication). However, some devices can't handle Suite B 192 due to insufficient ciphers supported. Add a check for CCMP-256 or GCMP-256 cipher support and only indicate SUITE_B_192 capability when such cipher is supported. This allows compiling with CONFIG_SUITEB192 and still get proper response to the 'GET_CAPABILITY key_mgmt' command. Under Android it can also serve as a dynamic way for HAL to query platform for WPA3-Enterprise 192-bit support. Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sony.com>
* tests: Additional SAE protocol testingJouni Malinen2019-10-271-4/+162
| | | | | | Check behavior with delayed/replayed SAE commit message. Signed-off-by: Jouni Malinen <j@w1.fi>
* SAE: Ignore commit message when waiting for confirm in STA modeJouni Malinen2019-10-271-2/+5
| | | | | | | | | | | Previously, an unexpected SAE commit message resulted in forcing disconnection. While that allowed recovery by starting from scratch, this is not really necessary. Ignore such unexpected SAE commit message instead and allow SAE confirm message to be processed after this. This is somewhat more robust way of handling the cases where SAE commit message might be retransmitted either in STA->AP or AP->STA direction. Signed-off-by: Jouni Malinen <j@w1.fi>
* Do not indicate possible PSK failure when using SAEJouni Malinen2019-10-271-1/+2
| | | | | | | | | | wpa_key_mgmt_wpa_psk() includes SAE AKMs. However, with SAE, there is no way of reaching 4-way handshake without the password having already been verified as part of SAE authentication. As such, a failure to complete 4-way handshake with SAE cannot indicate that the used password was incorrect. Signed-off-by: Jouni Malinen <j@w1.fi>
* nl80211: Add STA node details in AP through QCA vendor subcommandShiva Sankar Gajula2019-10-255-3/+52
| | | | | | | | Addi STA node details in AP through QCA vendor subcommand QCA_NL80211_VENDOR_SUBCMD_ADD_STA_NODE vendor when processing FT protocol roaming. Signed-off-by: Shiva Sankar Gajula <sgajula@codeaurora.org>
* Add QCA vendor cmd for setting BT coex chain modeYu Wang2019-10-251-0/+43
| | | | | | | | | | | | | To config BT coex chain mode, add a new QCA sub command QCA_NL80211_VENDOR_SUBCMD_BTC_CHAIN_MODE. This new command has two attributes: 1. QCA_VENDOR_ATTR_COEX_BTC_CHAIN_MODE: u32 attribute. Indicates the BT coex chain mode, are 32-bit values from enum qca_btc_chain_mode. 2. QCA_VENDOR_ATTR_COEX_BTC_CHAIN_MODE_RESTART: flag attribute. If set, vdev should be restarted once BT coex chain mode is updated. Signed-off-by: Yu Wang <yyuwang@codeaurora.org>
* Extend QCA OEM data vendor subcmd to allow use as an eventAshish Kumar Dhanotiya2019-10-251-8/+11
| | | | | | | | | | The QCA_NL80211_VENDOR_SUBCMD_OEM_DATA command was previously defined only to pass data blobs from user space to kernel (application to firmware) but there was no mechanism to send the data blobs from firmware to application. Extend this to define use of the same subcommand and attributes as vendor events. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: SAE and authentication restarts with H2E/loopingJouni Malinen2019-10-251-0/+30
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Determine H2E vs. looping when restarting SAE auth in AP modeJouni Malinen2019-10-251-10/+20
| | | | | | | | | | | | | | | | | If hostapd had existing STA SAE state, e.g., from a previously completed SAE authentication, a new start of a separate SAE authentication (i.e., receiving of a new SAE commit) ended up using some of the previous state. This is problematic for determining whether to H2E vs. looping since the STA is allowed (even if not really expected to) to change between these two alternatives. This could result in trying to use H2E when STA was using looping to derive PWE and that would result in SAE confirm failing. Fix this by determining whether to use H2E or looping for the restarted authentication based on the Status Code in the new SAE commit message instead of previously cached state information. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* crypto: Remove unused crypto_bignum_sqrtmod()Jouni Malinen2019-10-253-41/+0
| | | | | | | | This wrapper function is not used anymore, so drop it instead of trying to figure out good way of implementing it in constant time with various crypto libraries. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Drop sqrt() alternative from SSWU (H2E)Jouni Malinen2019-10-251-13/+10
| | | | | | | | | | Remove support for performing full sqrt(), i.e., only support curves that use prime with p = 3 mod 4. In practice, this drops only group 26 with SAE H2E. This seems acceptable since there does not seem to be any strong use case for that group taken into account the limits being placed on acceptable prime lengths. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: Remove SAE H2E testing with group 26Jouni Malinen2019-10-251-4/+0
| | | | | | | This is in preparation of an implementation to to remove the alternative SSWU path that was needed only for this particular group. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: Fix copy-paste issues in SAE H2E group testsJouni Malinen2019-10-251-10/+10
| | | | | | | These test cases were all using group 21 even though they were supposed to go through all the possible groups. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* wpa_supplicant: Fix arithmetic on void pointerJesus Fernandez Manzano2019-10-251-2/+3
| | | | | | | | | | When using void pointers in calculations, the behavior is undefined. Arithmetic operations on 'void *' is a GNU C extension, which defines the 'sizeof(void)' to be 1. This change improves portability of the code. Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.net>
* common: Fix same expression checked twice in fils_key_auth_sk()Jesus Fernandez Manzano2019-10-251-2/+2
| | | | Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.net>
* tests: HE AP FunctionalityPradeep Kumar Chitrapu2019-10-252-0/+1010
| | | | Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
* HE: Add 11ax info to ap mode ctrl iface STATUS commandPradeep Kumar Chitrapu2019-10-252-1/+18
| | | | Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
* Fix AP Extended Capability length determinationJouni Malinen2019-10-251-4/+12
| | | | | | | | | The IE minimum length determination in hostapd_eid_ext_capab() was not fully up to date with the hostapd_ext_capab_byte() conditions. This could result in omitting some of the capability octets depending on configuration. Fix this by adding the missing conditions. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* P2P: Continue listening next request if no post-PD operationsJimmy Chen2019-10-251-2/+8
| | | | | | | | If there are no post-provision discovery operations, we should continue in find mode to avoid getting the p2p_find operation stopped (stuck in SEARCH state) unexpectedly. Signed-off-by: Jimmy Chen <jimmycmchen@google.com>
* Fix hostapd build with CONFIG_WPA_TRACE but no CONFIG_WPA_TRACE_BFDBrian Norris2019-10-251-1/+1
| | | | | | | | | | | Otherwise, we may get linker failures: ld.lld: error: unable to find library -lbfd While we're at it, pull in the library selection fixes from commit 848905b12abf ("Avoid undefined references with CONFIG_WPA_TRACE_BFD=y"). Signed-off-by: Brian Norris <briannorris@chromium.org>
* dbus: Suppress to show NULL stringMasashi Honma2019-10-251-2/+2
| | | | | | | | | | | | | | | | wpa_s->dbus_groupobj_path is always NULL so suppress to show it. This was found by gcc 9.2.1 warning. dbus/dbus_new.c: In function ‘wpas_dbus_unregister_p2p_group’: dbus/dbus_new.c:4793:3: warning: ‘%s’ directive argument is null [-Wformat-overflow=] 4793 | wpa_printf(MSG_DEBUG, | ^~~~~~~~~~~~~~~~~~~~~ 4794 | "%s: Group object '%s' already unregistered", | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 4795 | __func__, wpa_s->dbus_groupobj_path); | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* Interworking: Check NULL string to avoid compiler warningMasashi Honma2019-10-251-1/+1
| | | | | | | | | | | | | | | Fix warning by gcc 9.2.1. interworking.c: In function ‘interworking_home_sp_cred’: interworking.c:2263:3: warning: ‘%s’ directive argument is null [-Wformat-overflow=] 2263 | wpa_msg(wpa_s, MSG_DEBUG, | ^~~~~~~~~~~~~~~~~~~~~~~~~ 2264 | "Interworking: Search for match with SIM/USIM domain %s", | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 2265 | realm); | ~~~~~~ Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* Fix name of DBus interface in defconfigPhil Wise2019-10-251-1/+1
| | | | Signed-off-by: Phil Wise <phil@phil-wise.com>
* tests: Make ap_ft_ap_oom4 more robust against compiler optimizationsJouni Malinen2019-10-181-1/+1
| | | | | | | | | It looks like the wpa_auth_get_seqnum() function might not always be visible in the backtrace since the compiler may optimize that wrapper away. Use the i802_get_seqnum() function instead as a trigger for the get_seqnum operation failure trigger to avoid this. Signed-off-by: Jouni Malinen <j@w1.fi>
* FT-SAE: Add RSNXE into FT MICJouni Malinen2019-10-184-5/+62
| | | | | | | Protect RSNXE, if present, in FT Reassociation Request/Response frames. This is needed for SAE H2E with FT. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Add RSNXE into (Re)Association Response framesJouni Malinen2019-10-184-0/+26
| | | | | | | Add the new RSNXE into (Re)Association Response frames if any of the capability bits is nonzero. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: WPA2-PSK-FT-SAE AP (H2E)Jouni Malinen2019-10-181-1/+14
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Merge wpa_supplicant and hostapd EAPOL-Key KDE parsersJouni Malinen2019-10-186-496/+317
| | | | | | | | Use a single struct definition and a single shared implementation for parsing EAPOL-Key KDEs and IEs instead of maintaining more or less identical functionality separately for wpa_supplicant and hostapd. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Verify that STA negotiated H2E if it claims to support itJouni Malinen2019-10-182-0/+26
| | | | | | | If a STA indicates support for SAE H2E in RSNXE and H2E is enabled in the AP configuration, require H2E to be used. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* RSN: Verify RSNXE match between (Re)AssocReq and EAPOL-Key msg 2/4Jouni Malinen2019-10-171-0/+16
| | | | | | | | If the STA advertises RSN Extension element, it has to be advertised consistently in the unprotected ((Re)Association Request) and protected (EAPOL-Key msg 2/4) frames. Verify that this is the case. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Add RSNXE into AP KDE parserJouni Malinen2019-10-172-0/+5
| | | | | | This is needed for SAE hash-to-element implementation. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Store a copy of Association Request RSNXE in AP mode for later useJouni Malinen2019-10-179-4/+31
| | | | | | | This is needed to be able to compare the received RSNXE to a protected version in EAPOL-Key msg 2/4. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>