aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant/config.c
Commit message (Collapse)AuthorAgeFilesLines
* FST: wpa_supplicant configuration parametersAnton Nayshtut2015-07-161-0/+7
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Remove WEP40/WEP104 cipher suite support for WPA/WPA2Jouni Malinen2015-06-201-0/+7
| | | | | | | | | As far as IEEE 802.11 standard is concerned, WEP is deprecated, but at least in theory, allowed as a group cipher. This option is unlikely to be deployed anywhere and to clean up the implementation, we might as well remove all support for this combination. Signed-off-by: Jouni Malinen <j@w1.fi>
* P2PS: Enable Probe Request frame processing by P2P ClientMax Stepanov2015-06-141-0/+1
| | | | | | | | | | | | | | | | 1. Add global p2p_cli_probe property to enable/disable Probe Request frame RX reporting for connected P2P Clients. The property can be set to 0 - disable or 1 - enable. The default value is 0. 2. Enable Probe Request frame RX reporting for P2P Client on WPA_COMPLETED state if p2p_cli_probe property is set to 1. Disable it when an interface state is changing to any other state. 3. Don't cancel Probe Request frame RX reporting on wpa_stop_listen for a connected P2P Client handling Probe Request frames. Signed-off-by: Max Stepanov <Max.Stepanov@intel.com> Reviewed-by: Ilan Peer <ilan.peer@intel.com>
* WPS: Allow the priority for the WPS networks to be configuredSunil Dutt2015-06-041-0/+1
| | | | | | | This commit adds a configurable parameter (wps_priority) to specify the priority for the networks derived through WPS connection. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Replace MAX_SSID_LEN with SSID_MAX_LENJouni Malinen2015-04-221-2/+2
| | | | | | | | This makes source code more consistent. The use within Android driver interface is left as-is to avoid changes in the old PNO interface definition. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add WPS_DEV_NAME_MAX_LEN define and use it when comparing lengthJouni Malinen2015-04-221-1/+2
| | | | | | This make code easier to understand. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Fix compilation issues with CONFIG_NO_CONFIG_WRITE=yJouni Malinen2015-04-041-0/+8
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Allow PSK/passphrase to be set only when neededJouni Malinen2015-03-281-0/+1
| | | | | | | | | | | | | | | | | | | | | The new network profile parameter mem_only_psk=1 can be used to specify that the PSK/passphrase for that network is requested over the control interface (ctrl_iface or D-Bus) similarly to the EAP network parameter requests. The PSK/passphrase can then be configured temporarily in a way that prevents it from getting stored to the configuration file. For example: Event: CTRL-REQ-PSK_PASSPHRASE-0:PSK or passphrase needed for SSID test-wpa2-psk Response: CTRL-RSP-PSK_PASSPHRASE-0:"qwertyuiop" Note: The response value uses the same encoding as the psk network profile parameter, i.e., passphrase is within double quotation marks. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add IPv4 support function for "get" control interface commandMikael Kanstrup2015-03-151-1/+27
| | | | | | | | Add support to retrieve IPv4 config variables with the "get" control interface command. This allows the ip_addr_* parameters for P2P+NFC IP address assignment to be fetched from the GO. Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
* P2P: Allow configuring CTWindow when working as GOEliad Peller2015-02-211-0/+2
| | | | | | | | | Read p2p_go_ctwindow (0-127 TUs) from the config file, and pass it to the driver on GO start. Use p2p_go_ctwindow=0 (no CTWindow) by default. Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
* IBSS: Add fixed_freq network parameterJanusz Dziedzic2015-02-211-0/+1
| | | | | | | | Add fixed_freq=<0/1> network block parameter and pass it to the driver when starting or joining an IBSS. If this flag is set, IBSS should not try to look for other IBSS networks to merge with on different channels. Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
* Add optional reassoc-to-same-BSS optimizationJouni Malinen2015-02-191-0/+1
| | | | | | | | | | The new reassoc_same_bss_optim=1 configuration parameter can now be used to request wpa_supplicant to bypass the unnecessary Authentication frame exchange when reassociating back to the same BSS with which the device is already associated. This functionality is disabled by default since it may cause undesired interoperability issues with some APs. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add control interface commands for fetching wpa_config valuesOla Olsson2015-02-081-6/+85
| | | | | | | The new "DUMP" and "SET <variable>" control interface commands can be used to fetch global wpa_supplicant configuration parameters. Signed-off-by: Ola Olsson <ola.olsson@sonymobile.com>
* Add Suite B 192-bit AKMJouni Malinen2015-01-261-1/+21
| | | | | | | WPA-EAP-SUITE-B-192 can now be used to select 192-bit level Suite B into use as the key management method. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add passive_scan configuration parameterJouni Malinen2015-01-221-0/+1
| | | | | | | | | | This new wpa_supplicant configuration parameter can be used to force passive scanning to be used for most scanning cases at the cost of increased latency and less reliably scans. This may be of use for both testing purposes and somewhat increased privacy due to no Probe Request frames with fixed MAC address being sent out. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Fix memory leak in wpa_supplicant global bgscan configurationIlan Peer2015-01-201-0/+1
| | | | | | | Global bgscan configuration parameter was not freed when config was freed. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* mesh: Make inactivity timer configurableMasashi Honma2015-01-191-0/+2
| | | | | | | | | | | Current mesh code uses ap_max_inactivity as inactivity timer. This patch makes it configurable. There is another mesh inactivity timer in mac80211. The timer works even if user_mpm=1. So this patch sets the max value to the timer for workaround. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* Add domain_match network profile parameterJouni Malinen2015-01-141-0/+4
| | | | | | | | This is similar with domain_suffix_match, but required a full match of the domain name rather than allowing suffix match (subdomains) or wildcard certificates. Signed-off-by: Jouni Malinen <j@w1.fi>
* Include peer certificate always in EAP eventsJouni Malinen2015-01-141-0/+1
| | | | | | | | | | | | | | | | This makes it easier for upper layer applications to get information regarding the server certificate without having to use a special certificate probing connection. This provides both the SHA256 hash of the certificate (to be used with ca_cert="hash://server/sha256/<hash>", if desired) and the full DER encoded X.509 certificate so that upper layer applications can parse and display the certificate easily or extract fields from it for purposes like configuring an altsubject_match or domain_suffix_match. The old behavior can be configured by adding cert_in_cb=0 to wpa_supplicant configuration file. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add address masks to BSSID listsStefan Tomanek2015-01-101-18/+25
| | | | | | | | | | | | In many applications it is useful not just to enumerate a group of well known access points, but to use a address/mask notation to match an entire set of addresses (ca:ff:ee:00:00:00/ff:ff:ff:00:00:00). This change expands the data structures used by MAC lists to include a mask indicating the significant (non-masked) portions of an address and extends the list parser to recognize mask suffixes. Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
* Add network specific BSSID black and white listsStefan Tomanek2015-01-101-0/+46
| | | | | | | | | | | | This change adds the configuration options "bssid_whitelist" and "bssid_blacklist" used to limit the AP selection of a network to a specified (finite) set or discard certain APs. This can be useful for environments where multiple networks operate using the same SSID and roaming between those is not desired. It is also useful to ignore a faulty or otherwise unwanted AP. Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
* Add generic parser for MAC address listsStefan Tomanek2015-01-101-75/+95
| | | | | | | | This change generalizes the code used for parsing the configuration option 'p2p_client_list' and makes it suitable to use it in other contexts. Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
* Remove mesh_ht_mode network block parameterJouni Malinen2015-01-101-54/+0
| | | | | | | | | There should not be a mesh-specific mechanism for setting up channel parameters since that will just result in duplicated code. IBSS, mesh, and AP mode can use the same data structures and parameters for setting up such parameters. Signed-off-by: Jouni Malinen <j@w1.fi>
* D-Bus: Fix memory leak on P2PDeviceConfig::VendorExtensionJouni Malinen2014-12-311-0/+3
| | | | | | | | The wps_vendor_ext array can be set using D-Bus Set(P2PDeviceConfig) with the VendorExtension key in the dictionary. However, there was no code for freeing the allocated memory when the interface is removed. Signed-off-by: Jouni Malinen <j@w1.fi>
* Clear psk_list while freeing config_ssid instancesJouni Malinen2014-12-291-3/+2
| | | | | | | | Previously, the main PSK entry was cleared explicitly, but psk_list could include PSKs for some P2P use cases, so clear it as well when freeing config_ssid instances. Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Make maximum number of peer links configurableMasashi Honma2014-12-211-0/+2
| | | | | | | | Maximum number of peer links is maximum number of connecting mesh peers at the same time. This value is 0..255 based on the dot11MeshNumberOfPeerings range. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* Check os_snprintf() result more consistentlyJouni Malinen2014-12-081-3/+15
| | | | | | | While these are using practically large enoungh buffer sizes, it is better to be more consistent with checking os_snprintf() return value. Signed-off-by: Jouni Malinen <j@w1.fi>
* Check os_snprintf() result more consistently - automatic 1Jouni Malinen2014-12-081-31/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This converts os_snprintf() result validation cases to use os_snprintf_error() where the exact rule used in os_snprintf_error() was used. These changes were done automatically with spatch using the following semantic patch: @@ identifier E1; expression E2,E3,E4,E5,E6; statement S1; @@ ( E1 = os_snprintf(E2, E3, ...); | int E1 = os_snprintf(E2, E3, ...); | if (E5) E1 = os_snprintf(E2, E3, ...); else E1 = os_snprintf(E2, E3, ...); | if (E5) E1 = os_snprintf(E2, E3, ...); else if (E6) E1 = os_snprintf(E2, E3, ...); else E1 = 0; | if (E5) { ... E1 = os_snprintf(E2, E3, ...); } else { ... return -1; } | if (E5) { ... E1 = os_snprintf(E2, E3, ...); } else if (E6) { ... E1 = os_snprintf(E2, E3, ...); } else { ... return -1; } | if (E5) { ... E1 = os_snprintf(E2, E3, ...); } else { ... E1 = os_snprintf(E2, E3, ...); } ) ? os_free(E4); - if (E1 < 0 || \( E1 >= E3 \| (size_t) E1 >= E3 \| (unsigned int) E1 >= E3 \| E1 >= (int) E3 \)) + if (os_snprintf_error(E3, E1)) ( S1 | { ... } ) Signed-off-by: Jouni Malinen <j@w1.fi>
* Check os_snprintf() result more consistently - success caseJouni Malinen2014-12-081-1/+1
| | | | | | | | | | | | | | | | | | | This converts os_snprintf() result validation cases to use os_snprintf_error() in cases where success condition was used to execute a step. These changes were done automatically with spatch using the following semantic patch: @@ expression E1,E2,E3; statement S1; @@ E1 = os_snprintf(E2, E3, ...); - if (\( E1 >= 0 \| E1 > 0 \) && \( (size_t) E1 < E3 \| E1 < (int) E3 \| E1 < E3 \)) + if (!os_snprintf_error(E3, E1)) S1 Signed-off-by: Jouni Malinen <j@w1.fi>
* ERP: Add support for ERP on EAP peerJouni Malinen2014-12-041-0/+1
| | | | | | | | | | | | | | Derive rRK and rIK on EAP peer if ERP is enabled. The new wpa_supplicant network configuration parameter erp=1 can now be used to configure the EAP peer to derive EMSK, rRK, and rIK at the successful completion of an EAP authentication method. This functionality is not included in the default build and can be enabled with CONFIG_ERP=y. If EAP authenticator indicates support for re-authentication protocol, initiate this with EAP-Initiate/Re-auth and complete protocol when receiving EAP-Finish/Re-auth. Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Make plink params configurableMasashi Honma2014-11-161-0/+8
| | | | | | | This patch makes four MIB variables for plink configurable and sets the correct default values based on IEEE Std 802.11s-2011. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* mesh: Make BSSBasicRateSet configurableMasashi Honma2014-11-161-0/+35
| | | | | | | | | | | | | STAs that have different BSSBasicRateSet cannot connect to each other as per IEEE 802.11s-2011 9.6.0c1: "A mesh STA shall not establish a mesh peering with a mesh STA using a different BSSBasicRateSet." Make BSSBasicRateSet configurable to improve interoperability with other stations. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* mesh: Enable mesh HT modeJason Mobarak2014-11-161-0/+66
| | | | | | | | | | | | Add a new option "mesh_ht_mode" that specifies the HT mode for the mesh, with this option on, mesh beacons, actions frames, and probe responses with include the appropriate HT information elements. [original implementation by Chun-Yeow Yeoh <yeohchunyeow@gmail.com>] [some fixes by Masashi Honma <masashi.honma@gmail.com>] Signed-off-by: Ashok Nagarajan <ashok.dragon@gmail.com> Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
* Suite B: Add AKM 00-0F-AC:11Jouni Malinen2014-11-161-0/+12
| | | | | | | | This adds definitions for the 128-bit level Suite B AKM 00-0F-AC:11. The functionality itself is not yet complete, i.e., this commit only includes parts to negotiate the new AKM. Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Add no_auto_peer config optionThomas Pedersen2014-10-251-0/+1
| | | | | | | | | | Add no_auto_peer parameter, which controls wheter a station will automatically initiate peering to another mesh peer that comes into range. Signed-off-by: Javier Lopez <jlopex@gmail.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name> Signed-off-by: Thomas Pedersen <thomas@noack.us>
* mesh: Add mesh mode config optionThomas Pedersen2014-10-251-0/+4
| | | | | | | | | Modify network mode to support mode number 5 when CONFIG_MESH is enabled. Signed-off-by: Javier Lopez <jlopex@gmail.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name> Signed-off-by: Thomas Pedersen <thomas@noack.us>
* mesh: Add user_mpm config optionThomas Pedersen2014-10-251-0/+4
| | | | | | | | | | Add user_mpm config parameter, when this is set to 1 (the default) the peer link management is done on userspace, otherwise the peer management will be done by the kernel. Signed-off-by: Javier Lopez <jlopex@gmail.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name> Signed-off-by: Thomas Pedersen <thomas@noack.us>
* Add support for offloading key management operations to the driverChet Lanctot2014-10-231-0/+2
| | | | | | | | | This commit introduces a QCA vendor command and event to provide an option to use extended versions of the nl80211 connect/roam operations in a way that allows drivers to offload key management operations to the driver/firmware. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* HS 2.0R2: Write OSEN key_mgmt value to config fileJouni Malinen2014-10-191-0/+12
| | | | | | This was forgotten when the parser for key_mgmt=OSEN was added. Signed-off-by: Jouni Malinen <j@w1.fi>
* Write SAE and FT-SAE key_mgmt to configThomas Pedersen2014-10-191-0/+22
| | | | | | | | | This was forgotten when the key_mgmt parser for SAE and FT-SAE was added. Signed-off-by: Javier Lopez <jlopex@gmail.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name> Signed-off-by: Thomas Pedersen <thomas@noack.us>
* wpa_supplicant: Allow OpenSSL cipherlist string to be configuredJouni Malinen2014-10-121-0/+4
| | | | | | | | | | | The new openssl_cipher configuration parameter can be used to select which TLS cipher suites are enabled for TLS-based EAP methods when OpenSSL is used as the TLS library. This parameter can be used both as a global parameter to set the default for all network blocks and as a network block parameter to override the default for each network profile. Signed-off-by: Jouni Malinen <j@w1.fi>
* Extend random MAC address support to allow OUI to be keptJouni Malinen2014-09-291-1/+1
| | | | | | | | | | mac_addr=2 and preassoc_mac_addr=2 parameters can now be used to configure random MAC address to be generated by maintaining the OUI part of the permanent MAC address (but with locally administered bit set to 1). Other than that, these values result in similar behavior with mac_addr=1 and preassoc_mac_addr=1, respectively. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add support for using random local MAC addressJouni Malinen2014-09-271-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds experimental support for wpa_supplicant to assign random local MAC addresses for both pre-association cases (scan, GAS/ANQP) and for connections. MAC address policy for each part can be controlled separately and the connection part can be set per network block. This requires support from the driver to allow local MAC address to be changed if random address policy is enabled. It should also be noted that number of drivers would not support concurrent operations (e.g., P2P and station association) with random addresses in use for one or both. This functionality can be controlled with the global configuration parameters mac_addr and preassoc_mac_addr which set the default MAC address policies for connections and pre-association operations (scan and GAS/ANQP while not connected). The global rand_addr_lifetime parameter can be used to set the lifetime of a random MAC address in seconds (default: 60 seconds). This is used to avoid unnecessarily frequent MAC address changes since those are likely to result in driver clearing most of its state. It should be noted that the random MAC address does not expire during an ESS connection, i.e., this lifetime is only for the case where the device is disconnected. The mac_addr parameter can also be set in the network blocks to define different behavior per network. For example, the global mac_addr=1 and preassoc_mac_addr=1 settings and mac_addr=0 in a home network profile would result in behavior where all scanning is performed using a random MAC address while connections to new networks (e.g., Interworking/Hotspot 2.0) would use random address and connections to the home network would use the permanent MAC address. Signed-off-by: Jouni Malinen <j@w1.fi>
* HS 2.0R2: Add update_identifier field to networkDmitry Shmidt2014-07-021-0/+3
| | | | | | | | | This can be used to configure a Hotspot 2.0 Release 2 network externally for a case where wpa_supplicant-based Interworking network selection is not used and the update_identifier cannot be copied directly from a cred. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
* Mark functions staticJouni Malinen2014-07-021-2/+2
| | | | | | These functions are not used outside this file. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Clear wpa_supplicant configuration keys explicitlyJouni Malinen2014-07-021-29/+30
| | | | | | | | | Use an explicit memset call to clear any wpa_supplicant configuration parameter that contains private information like keys or identity. This brings in an additional layer of protection by reducing the length of time this type of private data is kept in memory. Signed-off-by: Jouni Malinen <j@w1.fi>
* Check for no key_mgmt/proto/auth_alg entries in config writerJouni Malinen2014-07-021-0/+15
| | | | | | | | | | This is not really necessary check, but it keeps a static analyzer happier by avoiding dead increment. Doing it this way rather than removing the increment is less likely to cause problems when new entries are added here in the future (the "dead" increment would be very much needed in those cases). Signed-off-by: Jouni Malinen <j@w1.fi>
* Remove unnecessary tracking of first entryJouni Malinen2014-07-021-7/+7
| | | | | | | | | The pointer to the current position is enough to figure out whether the proto string is the first one in the buffer. Removing the separate tracking variable cleans up a static analyzer warning on dead assignment. Signed-off-by: Jouni Malinen <j@w1.fi>
* P2P: Allow passphrase length to be configuredJouni Malinen2014-06-211-0/+2
| | | | | | | | | | Previously, eight character random passphrase was generated automatically for P2P GO. The new p2p_passphrase_len parameter can be used to increase this length to generate a stronger passphrase for cases where practicality of manual configuration of legacy devices is not a concern. Signed-off-by: Jouni Malinen <j@w1.fi>
* P2P: Use another interface operating channel as listen channelIlan Peer2014-06-141-0/+2
| | | | | | | | | | | | | | | | | | | Performing a P2P Device flow such as p2p_listen or p2p_find, can degrade the performance of an active interface connection, if the listen frequency is different than the frequency used by that interface. To reduce the effect of P2P Device flows on other interfaces, try changing the listen channel of the P2P Device to match the operating channel of one of the other active interfaces. This change will be possible only in case that the listen channel is not forced externally, and will be delayed to a point where the P2P Device state machine is idle. The optimization can be configured in the configuration file and is disabled by default. Signed-off-by: Ilan Peer <ilan.peer@intel.com>