aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant/events.c
Commit message (Collapse)AuthorAgeFilesLines
* DPP: Update AES-SIV AD for DPP Authentication framesJouni Malinen2017-10-181-2/+2
| | | | | | | The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FILS: Update replay counter from roam infoVidyullatha Kanchanapally2017-10-171-5/+1
| | | | | | | | | Update the replay counter after a roam for all cases. This restores the design back to what it was before commit 01ef320f192daa074c7055a44a03b6b5b811d6bd ('FILS: Update ERP next sequence number with driver offload'). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Allow last (Re)Association Request frame to be replayed for testingJouni Malinen2017-10-161-0/+10
| | | | | | | | | | | The new wpa_supplicant RESEND_ASSOC command can be used to request the last (Re)Association Request frame to be sent to the AP to test FT protocol behavior. This functionality is for testing purposes and included only in builds with CONFIG_TESTING_OPTIONS=y. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add testing functionality for resetting PN/IPN for configured keysJouni Malinen2017-10-161-0/+5
| | | | | | | | | | | | | This can be used to test replay protection. The "RESET_PN" command in wpa_supplicant and "RESET_PN <addr>" command in hostapd resets the local counters to zero for the last configured key. For hostapd, the address parameter specifies which STA this operation is for or selects GTK ("ff:ff:ff:ff:ff:ff") or IGTK ("ff:ff:ff:ff:ff:ff IGTK"). This functionality is for testing purposes and included only in builds with CONFIG_TESTING_OPTIONS=y. Signed-off-by: Jouni Malinen <j@w1.fi>
* Remove all PeerKey functionalityJouni Malinen2017-10-151-17/+0
| | | | | | | | | | | | | | | | | | | | | | | | This was originally added to allow the IEEE 802.11 protocol to be tested, but there are no known fully functional implementations based on this nor any known deployments of PeerKey functionality. Furthermore, PeerKey design in the IEEE Std 802.11-2016 standard has already been marked as obsolete for DLS and it is being considered for complete removal in REVmd. This implementation did not really work, so it could not have been used in practice. For example, key configuration was using incorrect algorithm values (WPA_CIPHER_* instead of WPA_ALG_*) which resulted in mapping to an invalid WPA_ALG_* value for the actual driver operation. As such, the derived key could not have been successfully set for the link. Since there are bugs in this implementation and there does not seem to be any future for the PeerKey design with DLS (TDLS being the future for DLS), the best approach is to simply delete all this code to simplify the EAPOL-Key handling design and to get rid of any potential issues if these code paths were accidentially reachable. Signed-off-by: Jouni Malinen <j@w1.fi>
* OWE: PMKSA caching in station modeJouni Malinen2017-10-091-3/+4
| | | | | | | This extends OWE support in wpa_supplicant to allow PMKSA caching to be used. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* OWE: Transition mode support on station sideJouni Malinen2017-10-081-4/+84
| | | | | | | Add support for using the OWE Transition Mode element to determine the hidden SSID for an OWE BSS that is used in transition mode. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add group_mgmt network parameter for PMF cipher selectionJouni Malinen2017-09-261-0/+8
| | | | | | | | | | The new wpa_supplicant network parameter group_mgmt can be used to specify which group management ciphers (AES-128-CMAC, BIP-GMAC-128, BIP-GMAC-256, BIP-CMAC-256) are allowed for the network. If not specified, the current behavior is maintained (i.e., follow what the AP advertises). The parameter can list multiple space separate ciphers. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* RRM: Send reject/refuse response only to unicast measurement requestAvraham Stern2017-07-171-0/+1
| | | | | | | | | | IEEE Std 802.11-2016, 11.11.6 specifies that a station that is unable to make a requested measurement or refuses to make a measurement shall respond only if the measurement request was received within an individually addressed radio measurement request frame, but shall not respond if such a request was received in a group addressed frame. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* DPP: Fix compilation without opensslAndrei Otcheretianski2017-07-071-1/+0
| | | | | | | | | dpp.h file requires openssl in order to compile, which breaks compilation on systems without it. Move DPP_OUI_TYPE to ieee802_11_defs.h and don't include dpp.h when not really needed. Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
* FILS: Fix EVENT_ASSOC processing checks for driver-SMEJouni Malinen2017-06-191-3/+4
| | | | | | | | | | | | | | Commit 5538fc930988bfc12935579b2b9930d18ffd1be8 ('FILS: Track completion with FILS shared key authentication offload') added an additional case for calling wpa_supplicant_event_assoc_auth() from EVENT_ASSOC handling in case of FILS-completion with driver-based-SME. However, that checked what placed outside the data != NULL case while data != NULL needs to apply for this case as well due to wpa_supplicant_event_assoc_auth() behavior. Move the data != NULL check to apply to both cases to avoid potentially issues if a driver interface were to return EVENT_ASSOC without the associate data. (CID 164708) Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Network Introduction protocol for wpa_supplicantJouni Malinen2017-06-191-3/+4
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Add new AKMJouni Malinen2017-06-191-1/+15
| | | | | | | | | | This new AKM is used with DPP when using the signed Connector to derive a PMK. Since the KCK, KEK, and MIC lengths are variable within a single AKM, this needs number of additional changes to get the PMK length delivered to places that need to figure out the lengths of the PTK components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Configuration exchangeJouni Malinen2017-06-191-0/+10
| | | | | | | | This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Authentication exchangeJouni Malinen2017-06-191-0/+18
| | | | | | | Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* driver: Make DFS domain information available to coreVasanthakumar Thiagarajan2017-05-131-1/+2
| | | | | | | | Current DFS domain information of the driver can be used in ap/dfs to comply with DFS domain specific requirements like uniform spreading for ETSI domain. Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qti.qualcomm.com>
* FILS: Update cache identifier on associationVidyullatha Kanchanapally2017-04-071-0/+10
| | | | | | This is needed when offloading FILS shared key to the drivers. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FILS: Update PMKSA cache with FILS shared key offloadVidyullatha Kanchanapally2017-04-071-0/+17
| | | | | | | | Add a new PMKSA cache entry within wpa_supplicant if a driver event from offloaded FILS shared key authentication indicates a new PMKSA entry was created. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FILS: Update ERP next sequence number with driver offloadVidyullatha Kanchanapally2017-04-071-1/+21
| | | | | | | This keeps the internal ERP information within wpa_supplicant in sync with the driver when offloading FILS shared key authentication. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FILS: Track completion with FILS shared key authentication offloadVidyullatha Kanchanapally2017-04-071-1/+8
| | | | | | | Update the internal fils_completed state when offloading FILS shared key authentication to the driver. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* wpa_supplicant: Avoid associating to temp disabled SSID in ap_scan=2Shaul Triebitz2017-03-291-2/+1
| | | | | | | | | | | | In ap_scan=2 mode, wpa_supplicant_assoc_try() did not check whether the SSID is temporarily disabled before trying to associate and this may result in an infinite connect/disconnect loop. If the association succeeds while the SSID is temporarily disabled, wpa_supplicant will request to deauthenticate and that in turn will cause the SSID to be temporarily disabled again. Fix that by postponing the association until the SSID is no longer temporarily disabled. Signed-off-by: Shaul Triebitz <shaul.triebitz@intel.com>
* FILS: Add FILS SK auth PFS support in STA modeJouni Malinen2017-03-121-1/+2
| | | | | | | | | | | This adds an option to configure wpa_supplicant to use the perfect forward secrecy option in FILS shared key authentication. A new build option CONFIG_FILS_SK_PFS=y can be used to include this functionality. A new runtime network profile parameter fils_dh_group is used to enable this by specifying which DH group to use. For example, fils_dh_group=19 would use FILS SK PFS with a 256-bit random ECP group. Signed-off-by: Jouni Malinen <j@w1.fi>
* OWE: Process Diffie-Hellman Parameter element in STA modeJouni Malinen2017-03-121-0/+10
| | | | | | | | This adds STA side addition of OWE Diffie-Hellman Parameter element into (Re)Association Request frame and processing it in (Re)Association Response frame. Signed-off-by: Jouni Malinen <j@w1.fi>
* OWE: Define and parse OWE AKM selectorJouni Malinen2017-03-121-2/+4
| | | | | | This adds a new RSN AKM "OWE". Signed-off-by: Jouni Malinen <j@w1.fi>
* wpa_supplicant: events: Don't bounce timeout reason through a bufferJohannes Berg2017-03-111-10/+8
| | | | | | | | There's no point in making the code use a stack buffer and first copying the string there, only to copy it again to the output. Make the output directly use the reason string. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* FILS: Use FILS Cache Identifier to extend PMKSA applicabilityJouni Malinen2017-02-261-1/+1
| | | | | | | | This allows PMKSA cache entries for FILS-enabled BSSs to be shared within an ESS when the BSSs advertise the same FILS Cache Identifier value. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* nl80211: Notify reason for connection timeout failurePurushottam Kushwaha2017-02-201-4/+12
| | | | | | | | | This adds reason for timeout in event CTRL-EVENT-ASSOC-REJECT whenever connection failure happens because of timeout. This extends the "timeout" parameter in the event to include the reason, if available: timeout=scan, timeout=auth, timeout=assoc. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Fix estimated throughput based skip-roam caseJouni Malinen2017-02-051-1/+1
| | | | | | | | | | | Commit 8d1e693186336f85bf5d86bd094b5c9bd6f8fd02 ('Use estimated throughput to avoid signal based roaming decision') added a check for the current BSS estimated throughput being significantly higher than the selected BSS estimated throughput. However, this case for skipping a roam used "return 1" which actually allows the roam. Fix this by returning 0 in this case. Signed-off-by: Jouni Malinen <j@w1.fi>
* Increase delayed EAPOL RX frame timeoutAndrejs Cainikovs2017-01-291-1/+1
| | | | | | | | | Increase the EAPOL RX frame timeout from 100 to 200 ms. This fixes lack of optimization (i.e., first EAPOL frame dropped) in occasional roaming and authentication cases on EAP networks if the kernel events can be reordered and delayed a bit longer. Signed-off-by: Tomoharu Hatano <tomoharu.hatano@sonymobile.com>
* Skip EVENT_ACS_CHANNEL_SELECTED also without CONFIG_APJouni Malinen2017-01-281-0/+2
| | | | | | | CONFIG_ACS alone should not refer to wpa_s->ap_iface to avoid potential compilation issues. Signed-off-by: Jouni Malinen <j@w1.fi>
* bgscan: Deliver beacon loss event to bgscan modulesJouni Malinen2017-01-081-1/+7
| | | | | | | | This adds a call to the notify_beacon_loss() callback functions when beacon loss is detected. In addition, a new CTRL-EVENT-BEACON-LOSS event is made available through the wpa_supplicant control interface. Signed-off-by: Jouni Malinen <j@w1.fi>
* wpa_supplicant: Add support for Beacon Report Radio MeasurementAvraham Stern2017-01-031-0/+4
| | | | | | | | Beacon Report Radio Measurement is defined in IEEE Std 802.11-2016, 11.11.9.1. Beacon Report is implemented by triggering a scan on the requested channels with the requested parameters. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* Ignore scan results from ongoing scan when FLUSH command is issuedJouni Malinen2016-12-111-0/+2
| | | | | | | | | | | | | This makes wpa_supplicant behavior more consistent with FLUSH command to clear all state. Previously, it was possible for an ongoing scan to be aborted when the FLUSH command is issued and the scan results from that aborted scan would still be processed and that would update the BSS table which was supposed to cleared by the FLUSH command. This could result in hwsim test case failures due to unexpected BSS table entries being present after the FLUSH command. Signed-off-by: Jouni Malinen <j@w1.fi>
* Debug print scan results matching the currently selected networkJouni Malinen2016-11-131-109/+203
| | | | | | | | | | This provides more details on BSS selection process in the debug log. Previously, the BSSs that were not either the current or the selected one were not necessarily printed at all. Now all BSSs that match the currently selected network are listed with their frequency and signal strength details. Signed-off-by: Jouni Malinen <j@w1.fi>
* Use estimated throughput to avoid signal based roaming decisionJouni Malinen2016-11-131-10/+42
| | | | | | | | | | | | | | | | | Previously, the estimated throughput was used to enable roaming to a better AP. However, this information was not used when considering a roam to an AP that has better signal strength, but smaller estimated throughput. This could result in allowing roaming from 5 GHz band to 2.4 GHz band in cases where 2.4 GHz band has significantly higher signal strength, but still a lower throughput estimate. Make this less likely to happen by increasing/reducing the minimum required signal strength difference based on the estimated throughputs of the current and selected AP. In addition, add more details about the selection process to the debug log to make it easier to determine whaty happened and why. Signed-off-by: Jouni Malinen <j@w1.fi>
* Do not try to start/join RSN IBSS without CONFIG_IBSS_RSN=yJouni Malinen2016-10-281-0/+21
| | | | | | | | | | | Previously, a build without IBSS RSN support tried to start/join an IBSS even if the profile was configured with RSN parameters. This does not work and resulted in quite confusing debug log. Make this clearer by explicitly checking for this case and reject the connection attempt with a clearer debug log entry instead of trying something that is known to fail. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FILS: Association Response processing (STA)Jouni Malinen2016-10-251-0/+20
| | | | | | | Decrypt the AES-SIV protected elements and verify Key-Auth. Parse and configure keys to the driver. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Always propagate scan results to all interfacesAvraham Stern2016-10-151-9/+26
| | | | | | | | | | | Scan results were not propagated to all interfaces if scan results started a new operation, in order to prevent concurrent operations. But this can cause other interfaces to trigger a new scan when scan results are already available. Instead, always notify other interfaces of the scan results, but note that new operations are not allowed. Signed-off-by: Avraham Stern <avraham.stern@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
* Continue scanning if sched_scan stops unexpectedlyAvraham Stern2016-10-021-0/+14
| | | | | | | | When scheduled scan stops without the interface request (for example, driver stopped it unexpectedly), start a regular scan to continue scanning for networks and avoid being left with no scan at all. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* Remove disconnected APs from BSS table if likely out-of-rangeDavid Spinadel2016-10-011-0/+17
| | | | | | | | | | | | | | | | In some cases, after a sudden AP disappearing and reconnection to another AP in the same ESS, if another scan occurs, wpa_supplicant might try to roam to the old AP (if it was better ranked than the new one) because it is still saved in BSS list and the blacklist entry was cleared in previous reconnect. This attempt is going to fail if the AP is not present anymore and it'll cause long disconnections. Remove an AP that is probably out of range from the BSS list to avoid such disconnections. In particular mac80211-based drivers use the WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY reason code in locally generated disconnection events for cases where the AP does not reply anymore. Signed-off-by: David Spinadel <david.spinadel@intel.com>
* Restart PNO/sched_scan on channel list updateArik Nemtsov2016-09-301-7/+9
| | | | | | | | | | As the scan channels might need to change when the channel list has been updated by the kernel. Use the simulated sched_scan timeout (wpas_scan_restart_sched_scan()) to handle a possible race where an ongoing sched_scan has stopped asynchronously while trying to restart a new sched_scan. Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
* MBO: Add support to ignore association disallowed set by APvamsi krishna2016-09-251-0/+7
| | | | | | | | Add a testing mechanism to allow association disallowed set by AP to be ignored. This can be used to verify AP behavior for disallowing a specific association. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add ignore_auth_resp control interface debug parameterMikael Kanstrup2016-09-231-0/+14
| | | | | | | | Implement "SET ignore_auth_resp <0/1>" command to simulate auth/assoc response loss and EAPOL RX packet loss by ignoring corresponding incoming events. Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
* Flush the BSS (scan) entries when an interface becomes disabledMoshe Benji2016-09-221-0/+1
| | | | | | | | | | | When an interface becomes disabled (e.g., when RF-kill becomes blocked) we should clear the stored scan results to avoid maintaining stale information. Fix this by flushing the BSS entries when an interface becomes disabled. Signed-off-by: Moshe Benji <moshe.benji@intel.com>
* Add group_rekey parameter for IBSSJouni Malinen2016-08-131-1/+1
| | | | | | | The new network profile parameter group_rekey can now be used to specify the group rekeying internal in seconds for IBSS. Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix EAP state machine reset with offloaded roaming and authorizationJouni Malinen2016-08-111-3/+6
| | | | | | | | | | | | If the driver indicates a roamed event with already completed authorization, altAccept = TRUE could have resulted in the EAP state machine ending up in the FAILURE state from the INITIALIZE state. This is not correct behavior and similar cases were already addressed for FT and WPA-PSK. Fix the offloaded roamed+authorized (EAP/PMKSA caching) case by doing similar changes to EAPOL/EAP state variable updates during association event handling. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* mesh: Stop joining to different frequency networkMasashi Honma2016-07-231-0/+8
| | | | Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* mesh: Join an existing MBSS instead of creating a new oneMasashi Honma2016-07-231-9/+12
| | | | | | | If scan results show a matching existing MBSS, join it instead of creating a new MBSS. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* P2P: Allow P2P listen being offloaded to the driver/firmwarePeng Xu2016-07-031-0/+8
| | | | | | | | | | | | | This allows P2P Listen to be offloaded to device to enhance power saving. To start P2P listen offload, from wpa_cli interface, issue the command: p2p_lo_start <freq> <period> <interval> <count> To stop P2P listen offload, issue the command: p2p_lo_stop Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add CTRL-EVENT-CHANNEL-SWITCH event to indicate channel changesJouni Malinen2016-06-271-0/+9
| | | | | | | This provides information of the channel switch to wpa_supplicant control interface monitors. Signed-off-by: Jouni Malinen <j@w1.fi>