path: root/wpa_supplicant/config_ssid.h
Commit message (Collapse)AuthorAgeFilesLines
* OCV: Add wpa_supplicant config parameterMathy Vanhoef2018-12-161-0/+11
| | | | | | | Add wpa_supplicant network profile parameter ocv to disable or enable Operating Channel Verification (OCV) support. Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
* OWE: Attempt more scans for OWE transition SSID if expected BSS not seenSunil Dutt2018-10-121-0/+10
| | | | | | | | | | | | This commit introduces a threshold for OWE transition BSS selection, which signifies the maximum number of selection attempts (scans) done for finding OWE BSS. This aims to do more scan attempts for OWE BSS and eventually select the open BSS if the selection/scan attempts for OWE BSS exceed the configured threshold. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* wpa_supplicant: Fix parsing of max_oper_chwidthSven Eckelmann2018-05-311-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | The max_oper_chwidth is parsed in wpa_config_set as INT_RANGE (see ssid_fields). The actual parsing for INT_RANGE is done by wpa_config_parse_int which can only store the result as full integer. max_oper_chwidth is stored as u8 (a single byte) in wpa_ssid. This means that on little endian systems, the least significant byte of the parsed value are really stored in the max_oper_chwidth. But on big endian system, the only most significant byte is stored as max_oper_chwidth. This means that 0 is always stored because the provided range doesn't allow any other value for systems with multi-byte-wide integers. This also means that for common systems with 4-byte-wide integers, the remaining 3 bytes were written after the actual member of the struct. This should not have influenced the behavior of succeeding members because these bytes would have been part of the padding between the members on most systems. Increasing its size to a full int fixes the write operations outside of the member and allows to use the max_oper_chwidth setting on big endian systems. Fixes: 0f29bc68d18e ("IBSS/mesh: Add support for VHT80P80 configuration") Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
* SAE: Add support for using the optional Password IdentifierJouni Malinen2018-05-191-0/+8
| | | | | | | | | | | | | | This extends the SAE implementation in both infrastructure and mesh BSS cases to allow an optional Password Identifier to be used. This uses the mechanism added in P802.11REVmd/D1.0. The Password Identifier is configured in a wpa_supplicant network profile as a new string parameter sae_password_id. In hostapd configuration, the existing sae_password parameter has been extended to allow the password identifier (and also a peer MAC address) to be set. In addition, multiple sae_password entries can now be provided to hostapd to allow multiple per-peer and per-identifier passwords to be set. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0: Add Roaming Consortium Selection network profile parameterJouni Malinen2018-04-171-0/+13
| | | | | | | | | | | | | This adds new roaming_consortium_selection network profile parameter into wpa_supplicant. This is used to store the OI that was used for network selection (INTERWORKING_SELECT) based on matching against the Roaming Consortium OIs advertised by the AP. This can also be used when using an external component to perform selection. This commit adds the network profile parameter, but does not yet include it in (Re)Association Request frames. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* OWE: Allow station in transition mode to connect to an open BSSJouni Malinen2018-01-211-0/+9
| | | | | | | | | If the OWE network profile matches an open network which does not advertise OWE BSS, allow open connection. The new owe_only=1 network profile parameter can be used to disable this transition mode and enforce connection only with OWE networks. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* OWE: Try all supported DH groups automatically on STAJouni Malinen2017-12-271-1/+2
| | | | | | | | If a specific DH group for OWE is not set with the owe_group parameter, try all supported DH groups (currently 19, 20, 21) one by one if the AP keeps rejecting groups with the status code 77. Signed-off-by: Jouni Malinen <j@w1.fi>
* Remove all PeerKey functionalityJouni Malinen2017-10-151-11/+0
| | | | | | | | | | | | | | | | | | | | | | | | This was originally added to allow the IEEE 802.11 protocol to be tested, but there are no known fully functional implementations based on this nor any known deployments of PeerKey functionality. Furthermore, PeerKey design in the IEEE Std 802.11-2016 standard has already been marked as obsolete for DLS and it is being considered for complete removal in REVmd. This implementation did not really work, so it could not have been used in practice. For example, key configuration was using incorrect algorithm values (WPA_CIPHER_* instead of WPA_ALG_*) which resulted in mapping to an invalid WPA_ALG_* value for the actual driver operation. As such, the derived key could not have been successfully set for the link. Since there are bugs in this implementation and there does not seem to be any future for the PeerKey design with DLS (TDLS being the future for DLS), the best approach is to simply delete all this code to simplify the EAPOL-Key handling design and to get rid of any potential issues if these code paths were accidentially reachable. Signed-off-by: Jouni Malinen <j@w1.fi>
* SAE: Allow SAE password to be configured separately (STA)Jouni Malinen2017-10-111-0/+10
| | | | | | | | | The new sae_password network profile parameter can now be used to set the SAE password instead of the previously used psk parameter. This allows shorter than 8 characters and longer than 63 characters long passwords to be used. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Remove C-sign-key expiryJouni Malinen2017-10-091-7/+0
| | | | | | This was removed in DPP tech spec v0.2.3. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* OWE: Support DH groups 20 (NIST P-384) and 21 (NIST P-521) in stationJouni Malinen2017-10-081-0/+11
| | | | | | | | This extends OWE support in wpa_supplicant to allow DH groups 20 and 21 to be used in addition to the mandatory group 19 (NIST P-256). The group is configured using the new network profile parameter owe_group. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add group_mgmt network parameter for PMF cipher selectionJouni Malinen2017-09-261-0/+9
| | | | | | | | | | The new wpa_supplicant network parameter group_mgmt can be used to specify which group management ciphers (AES-128-CMAC, BIP-GMAC-128, BIP-GMAC-256, BIP-CMAC-256) are allowed for the network. If not specified, the current behavior is maintained (i.e., follow what the AP advertises). The parameter can list multiple space separate ciphers. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Network profile parameters for DPP AKMJouni Malinen2017-06-191-0/+39
| | | | | | | | Extend wpa_supplicant network profile to include parameters needed for the DPP AKM: dpp_connector, dpp_netaccesskey, dpp_netaccesskey_expiry, dpp_csign, dpp_csign_expiry. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Provide option to configure BSSID hint for a networkPurushottam Kushwaha2017-05-111-0/+13
| | | | | | | | | | This exposes user configurable option to set bssid_hint for a network. bssid_hint indicates which BSS has been found a suitable candidate for initial association for drivers that use driver/firmware-based BSS selection. Unlike the bssid parameter, bssid_hint does not limit the driver from selecting other BSSs in the ESS. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* mesh: Make NL80211_MESHCONF_RSSI_THRESHOLD configurableMasashi Honma2017-05-081-0/+10
| | | | | | | | In some practical cases, it is useful to suppress joining to node in the distance. The new field mesh_rssi_threshold could be used as RSSI threshold for joining. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* FILS: Add FILS SK auth PFS support in STA modeJouni Malinen2017-03-121-0/+8
| | | | | | | | | | | This adds an option to configure wpa_supplicant to use the perfect forward secrecy option in FILS shared key authentication. A new build option CONFIG_FILS_SK_PFS=y can be used to include this functionality. A new runtime network profile parameter fils_dh_group is used to enable this by specifying which DH group to use. For example, fils_dh_group=19 would use FILS SK PFS with a 256-bit random ECP group. Signed-off-by: Jouni Malinen <j@w1.fi>
* wpa_supplicant: Allow disabling HT in AP mode without HT overridesJohannes Berg2017-03-111-0/+1
| | | | | | | | Since VHT can be toggled explicitly, also expose being able to disable HT explicitly, without requiring HT overrides. Continue making it default to enabled though. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* wpa_supplicant: Allow explicit wide channel configuration for AP modeJohannes Berg2017-03-111-0/+1
| | | | | | | | | | | Instead of deducing the wide (HT, VHT) channel configuration only automatically in P2P mode, allow it to be configured in the network in non-P2P mode. Also allow all of these parameters to be configured through the control interface or the configuration file. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* mka: Make MKA actor priority configurableBadrish Adiga H R2016-12-251-0/+7
| | | | | | | This adds a new wpa_supplicant network profile parameter mka_priority=0..255 to set the priority of the MKA Actor. Signed-off-by: Badrish Adiga H R <badrish.adigahr@gmail.com>
* wpa_supplicant: Allow configuring the MACsec port for MKASabrina Dubroca2016-11-191-0/+9
| | | | | | | Previously, wpa_supplicant only supported hardcoded port == 1 in the SCI, but users may want to choose a different port. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* wpa_supplicant: Add macsec_integ_only setting for MKASabrina Dubroca2016-11-191-0/+12
| | | | | | | | | So that the user can turn encryption on (MACsec provides confidentiality+integrity) or off (MACsec provides integrity only). This commit adds the configuration parameter while the actual behavior change to disable encryption in the driver is handled in the following commit. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* wpa_supplicant: Allow pre-shared (CAK,CKN) pair for MKASabrina Dubroca2016-11-191-0/+20
| | | | | | | | | | | | This enables configuring key_mgmt=NONE + mka_ckn + mka_cak. This allows wpa_supplicant to work in a peer-to-peer mode, where peers are authenticated by the pre-shared (CAK,CKN) pair. In this mode, peers can act as key server to distribute keys for the MACsec instances. This is what some MACsec switches support, and even without HW support, it's a convenient way to setup a network. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* Add group_rekey parameter for IBSSJouni Malinen2016-08-131-0/+8
| | | | | | | The new network profile parameter group_rekey can now be used to specify the group rekeying internal in seconds for IBSS. Signed-off-by: Jouni Malinen <j@w1.fi>
* wpa_supplicant: Add wps_disabled parameter to network blockLior David2016-05-141-0/+8
| | | | | | | Add a new parameter wps_disabled to network block (wpa_ssid). This parameter allows WPS functionality to be disabled in AP mode. Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
* wpa_supplicant: "don't care" value for pbss in ssid structureLior David2016-04-081-2/+6
| | | | | | | | | | Add a new value 2 to the pbss parameter of wpa_ssid structure, which means "don't care". This value is used in infrastructure mode to request connection to either AP or PCP, whichever is available in the scan results. The value is also used in regular WPS (not P2P group formation) to make WPS work with devices running as either AP or PCP. Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
* wpa_supplicant: Basic support for PBSS/PCPLior David2016-02-081-0/+9
| | | | | | | | | | | | | | | | | | | | | PBSS (Personal Basic Service Set) is a new BSS type for DMG networks. It is similar to infrastructure BSS, having an AP-like entity called PCP (PBSS Control Point), but it has few differences. PBSS support is mandatory for IEEE 802.11ad devices. Add a new "pbss" argument to network block. The argument is used in the following scenarios: 1. When network has mode=2 (AP), when pbss flag is set will start as a PCP instead of an AP. 2. When network has mode=0 (station), when pbss flag is set will connect to PCP instead of AP. The function wpa_scan_res_match() was modified to match BSS according to the pbss flag in the network block (wpa_ssid structure). When pbss flag is set it will match only PCPs, and when it is clear it will match only APs. Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
* wpa_supplicant: Enable Automatic Channel Selection support for AP modeTomasz Bursztyka2015-12-241-0/+12
| | | | | | | | | | Since hostapd supports ACS now, let's enable its support in wpa_supplicant as well when starting AP mode. Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> [u.oelmann@pengutronix.de: rebased series from hostap_2_1~944 to master] [u.oelmann@pengutronix.de: adjusted added text in defconfig] Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
* P2P: Add support for VHT 80+80 MHz and 160 MHzAhmad Kholaif2015-11-251-0/+4
| | | | | | | | | The new max_oper_chwidth and freq2 arguments to P2P_CONNECT, P2P_INVITE, and P2P_GROUP_ADD control interface commands can be used to request larger VHT operating channel bandwidth to be used than the previously used maximum 80 MHz. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Make it clearer that ap_scan=2 mode should not be used with nl80211Jouni Malinen2015-09-041-1/+3
| | | | | | | Add more details into configuration comments and a runtime info message if ap_scan=2 is used with the nl80211 driver interface. Signed-off-by: Jouni Malinen <j@w1.fi>
* Remove WEP40/WEP104 cipher suite support for WPA/WPA2Jouni Malinen2015-06-201-2/+1
| | | | | | | | | As far as IEEE 802.11 standard is concerned, WEP is deprecated, but at least in theory, allowed as a group cipher. This option is unlikely to be deployed anywhere and to clean up the implementation, we might as well remove all support for this combination. Signed-off-by: Jouni Malinen <j@w1.fi>
* Replace MAX_SSID_LEN with SSID_MAX_LENJouni Malinen2015-04-221-2/+0
| | | | | | | | This makes source code more consistent. The use within Android driver interface is left as-is to avoid changes in the old PNO interface definition. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Allow PSK/passphrase to be set only when neededJouni Malinen2015-03-281-0/+8
| | | | | | | | | | | | | | | | | | | | | The new network profile parameter mem_only_psk=1 can be used to specify that the PSK/passphrase for that network is requested over the control interface (ctrl_iface or D-Bus) similarly to the EAP network parameter requests. The PSK/passphrase can then be configured temporarily in a way that prevents it from getting stored to the configuration file. For example: Event: CTRL-REQ-PSK_PASSPHRASE-0:PSK or passphrase needed for SSID test-wpa2-psk Response: CTRL-RSP-PSK_PASSPHRASE-0:"qwertyuiop" Note: The response value uses the same encoding as the psk network profile parameter, i.e., passphrase is within double quotation marks. Signed-off-by: Jouni Malinen <j@w1.fi>
* IBSS: Add fixed_freq network parameterJanusz Dziedzic2015-02-211-0/+5
| | | | | | | | Add fixed_freq=<0/1> network block parameter and pass it to the driver when starting or joining an IBSS. If this flag is set, IBSS should not try to look for other IBSS networks to merge with on different channels. Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
* Add network specific BSSID black and white listsStefan Tomanek2015-01-101-0/+12
| | | | | | | | | | | | This change adds the configuration options "bssid_whitelist" and "bssid_blacklist" used to limit the AP selection of a network to a specified (finite) set or discard certain APs. This can be useful for environments where multiple networks operate using the same SSID and roaming between those is not desired. It is also useful to ignore a faulty or otherwise unwanted AP. Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
* Remove mesh_ht_mode network block parameterJouni Malinen2015-01-101-10/+0
| | | | | | | | | There should not be a mesh-specific mechanism for setting up channel parameters since that will just result in duplicated code. IBSS, mesh, and AP mode can use the same data structures and parameters for setting up such parameters. Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Make plink params configurableMasashi Honma2014-11-161-0/+12
| | | | | | | This patch makes four MIB variables for plink configurable and sets the correct default values based on IEEE Std 802.11s-2011. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* mesh: Make BSSBasicRateSet configurableMasashi Honma2014-11-161-0/+6
| | | | | | | | | | | | | STAs that have different BSSBasicRateSet cannot connect to each other as per IEEE 802.11s-2011 9.6.0c1: "A mesh STA shall not establish a mesh peering with a mesh STA using a different BSSBasicRateSet." Make BSSBasicRateSet configurable to improve interoperability with other stations. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* mesh: Enable mesh HT modeJason Mobarak2014-11-161-0/+10
| | | | | | | | | | | | Add a new option "mesh_ht_mode" that specifies the HT mode for the mesh, with this option on, mesh beacons, actions frames, and probe responses with include the appropriate HT information elements. [original implementation by Chun-Yeow Yeoh <yeohchunyeow@gmail.com>] [some fixes by Masashi Honma <masashi.honma@gmail.com>] Signed-off-by: Ashok Nagarajan <ashok.dragon@gmail.com> Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
* mesh: Add no_auto_peer config optionThomas Pedersen2014-10-251-0/+8
| | | | | | | | | | Add no_auto_peer parameter, which controls wheter a station will automatically initiate peering to another mesh peer that comes into range. Signed-off-by: Javier Lopez <jlopex@gmail.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name> Signed-off-by: Thomas Pedersen <thomas@noack.us>
* mesh: Add mesh mode config optionThomas Pedersen2014-10-251-0/+3
| | | | | | | | | Modify network mode to support mode number 5 when CONFIG_MESH is enabled. Signed-off-by: Javier Lopez <jlopex@gmail.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name> Signed-off-by: Thomas Pedersen <thomas@noack.us>
* Extend random MAC address support to allow OUI to be keptJouni Malinen2014-09-291-0/+1
| | | | | | | | | | mac_addr=2 and preassoc_mac_addr=2 parameters can now be used to configure random MAC address to be generated by maintaining the OUI part of the permanent MAC address (but with locally administered bit set to 1). Other than that, these values result in similar behavior with mac_addr=1 and preassoc_mac_addr=1, respectively. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add support for using random local MAC addressJouni Malinen2014-09-271-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds experimental support for wpa_supplicant to assign random local MAC addresses for both pre-association cases (scan, GAS/ANQP) and for connections. MAC address policy for each part can be controlled separately and the connection part can be set per network block. This requires support from the driver to allow local MAC address to be changed if random address policy is enabled. It should also be noted that number of drivers would not support concurrent operations (e.g., P2P and station association) with random addresses in use for one or both. This functionality can be controlled with the global configuration parameters mac_addr and preassoc_mac_addr which set the default MAC address policies for connections and pre-association operations (scan and GAS/ANQP while not connected). The global rand_addr_lifetime parameter can be used to set the lifetime of a random MAC address in seconds (default: 60 seconds). This is used to avoid unnecessarily frequent MAC address changes since those are likely to result in driver clearing most of its state. It should be noted that the random MAC address does not expire during an ESS connection, i.e., this lifetime is only for the case where the device is disconnected. The mac_addr parameter can also be set in the network blocks to define different behavior per network. For example, the global mac_addr=1 and preassoc_mac_addr=1 settings and mac_addr=0 in a home network profile would result in behavior where all scanning is performed using a random MAC address while connections to new networks (e.g., Interworking/Hotspot 2.0) would use random address and connections to the home network would use the permanent MAC address. Signed-off-by: Jouni Malinen <j@w1.fi>
* WPS: Merge mixed-WPA/WPA2 credentials if received in same sessionHu Wang2014-08-291-0/+2
| | | | | | | | | | | Some deployed APs send two credentials when in mixed-WPA/WPA2 configuration; one for the WPA-Personal/TKIP and the other for WPA2-Personal/CCMP. Previously, this would result in two network blocks getting added for the single AP. This can be somewhat confusing and unnecessary, so merge such credentials into a single one that allows both WPA and WPA2 to be used. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* HS 2.0R2: Add update_identifier field to networkDmitry Shmidt2014-07-021-0/+4
| | | | | | | | | This can be used to configure a Hotspot 2.0 Release 2 network externally for a case where wpa_supplicant-based Interworking network selection is not used and the update_identifier cannot be copied directly from a cred. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
* MACsec: wpa_supplicant integrationHu Wang2014-05-091-0/+11
| | | | | | Add MACsec to the wpa_supplicant build system and configuration file. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add SIM identifier to the network profile and cred blockNaresh Jayaram2014-04-241-0/+1
| | | | | | | | | | This allows the specific SIM to be identified for authentication purposes in multi-SIM devices. This SIM number represents the index of the SIM slot. This SIM number shall be used for the authentication using the respective SIM for the Wi-Fi connection to the corresponding network. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Allow HT 40 MHz intolerant flag to be set for associationJouni Malinen2014-04-171-0/+5
| | | | | | | This extends HT overrides to allow HT 40 MHz intolerant flag to be set with ht40_intolerant=1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* wpa_supplicant: Allow disabling LDPCPawel Kulakowski2014-04-011-0/+9
| | | | | | | Allows user to disable LDPC coding. This possibility is useful for testing purpose. Signed-off-by: Pawel Kulakowski <pawel.kulakowski@tieto.com>
* wpa_supplicant: Use monotonic time for temp-disabled networksJohannes Berg2013-12-241-1/+1
| | | | | | | Temporarily disabled networks are disabled for a certain duration, so the code should use monotonic time. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
* Update IBSS documentation to include RSN optionJouni Malinen2013-12-231-6/+7
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>