path: root/wpa_supplicant/sme.c
Commit message (Collapse)AuthorAgeFilesLines
* SME: Add support for global RRM flagBeni Lev2016-04-171-3/+4
| | | | | | Add RRM to SME authentication/association if the global RRM flag is set. Signed-off-by: Beni Lev <beni.lev@intel.com>
* wpa_supplicant: Handle LCI requestDavid Spinadel2016-04-171-0/+3
| | | | | | | | | | | | | | Handle radio measurement request that contains LCI request. Send measurement report based on a configurable LCI report element. The LCI report element is configured over the control interface with SET lci <hexdump of the element> and cleared with SET lci "" Signed-off-by: David Spinadel <david.spinadel@intel.com>
* HS 2.0: Add support for configuring frame filtersMatti Gottlieb2016-04-081-0/+4
| | | | | | | | | | | | | | | When a station starts an association to a Hotspot 2.0 network, request the driver to do the following, based on the BSS capabilities: 1. Enable gratuitous ARP filtering 2. Enable unsolicited Neighbor Advertisement filtering 3. Enable unicast IP packet encrypted with GTK filtering if DGAF disabled bit is zero Clear the filter configuration when the station interface is disassociated. Signed-off-by: Matti Gottlieb <matti.gottlieb@intel.com>
* P2P: Add a separate pointer to the P2P Device instanceLior David2016-02-271-2/+2
| | | | | | | | | | | | | | | In many places in the code there was a reference to wpa_s->parent to get from group interface to p2p_dev interface. These places can break if P2P_DEVICE interface would need to be used with the primary interface as the group interface, since the parent of the primary interface points to itself and not the p2p_dev interface. Fix this by adding a separate "p2pdev" pointer to wpa_supplicant, it will be the same as parent pointer in most cases but whenever the primary interface is used as a group interface, change it to point to the correct p2p_dev interface. Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
* Move Hotspot 2.0 element in (Re)Association Request framesAvraham Stern2016-02-221-22/+23
| | | | | | | | According to IEEE Std 802.11-2012, Table 8-22, vendor specific elements must follow all other elements, so Hotspot 2.0 element which is actually a vendor specific element must come after all other elements. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* Re-order elements in (Re)Association Request framesAvraham Stern2016-02-221-2/+2
| | | | | | | According to IEEE Std 802.11-2012, Table 8-22, RM Enabled Capabilities element must come before the Extended Capabilities element. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* MBO: Add Supported Operating Classes element to Association RequestAvraham Stern2016-02-221-10/+26
| | | | Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* MBO: Implement MBO non-preferred channel report in Association RequestDavid Spinadel2016-02-221-0/+15
| | | | | | | Add MBO IE with non-preferred channels to (Re)Association Request frames. Signed-off-by: David Spinadel <david.spinadel@intel.com>
* wpa_supplicant: Share a single get_mode() implementationAvraham Stern2016-02-211-15/+0
| | | | | | There is no need to duplicate this helper function in multiple files. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* SAE: Fix PMKID calculation for PMKSA cacheMasashi Honma2016-02-181-1/+1
| | | | | | | | The SAE PMKID is calculated with IEEE Std 802.11-2012, but the PMKID was re-calculated with and saved into PMKSA cache. Fix this to save the PMKID calculated with into the PMKSA cache. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* Abort an ongoing scan before connectKanchanapally, Vidyullatha2015-11-261-0/+2
| | | | | | | | | | Connect radio work is sometimes delayed for a considerable duration if there is an ongoing scan radio work. To avoid these delays abort the ongoing scan on that interface before queuing a connect request. Upon a scan done indication from the driver, connect radio work will be scheduled. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Indicate CTRL-EVENT-AUTH-REJECT event on authentication rejectionJouni Malinen2015-09-051-2/+16
| | | | | | | | This allows control interface monitors to get more detailed information in cases where wpa_supplicant-based SME receives an Authentication frame with non-zero status code. Signed-off-by: Jouni Malinen <j@w1.fi>
* Drop connection attempt if network is disabled before radio work startsHu Wang2015-08-101-1/+2
| | | | | | | | | | | With the radio work design, it is possible for a network entry to get disabled (e.g., DISABLE_NETWORK <id>) during the time the connect or sme-connect radio work waits to start. Previously, only the validity of the BSS entry and BSSID/SSID was verified when starting the actual connection step. Add call to wpas_network_disabled() to those checks to catch the case where the network profile is disabled. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FST: Integration into wpa_supplicantAnton Nayshtut2015-07-161-0/+15
| | | | | | This commit integrates the FST into the wpa_supplicant. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* SAE: Verify that own/peer commit-scalar and COMMIT-ELEMENT are differentJouni Malinen2015-06-231-2/+10
| | | | | | | | | This check explicitly for reflection attack and stops authentication immediately if that is detected instead of continuing to the following 4-way handshake that would fail due to the attacker not knowing the key from the SAE exchange. Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix SAE group selection in an error caseJouni Malinen2015-06-201-1/+1
| | | | | | | The sae_groups parameter is zero terminated array, not -1 terminated, so must check the value against <= 0 to break out from the loop. Signed-off-by: Jouni Malinen <j@w1.fi>
* FT: Stop association attempt if Auth response processing fails (SME)Jouni Malinen2015-06-201-6/+14
| | | | | | | | | | Call the FT processing function directly instead of going through wpa_supplicant_event() to process FT Authentication frame in SME case. This allows parsing error to be used to trigger immediate failure for the connection instead of trying to proceed to reassociation step that cannot succeed. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add optional reassoc-to-same-BSS optimizationJouni Malinen2015-02-191-2/+14
| | | | | | | | | | The new reassoc_same_bss_optim=1 configuration parameter can now be used to request wpa_supplicant to bypass the unnecessary Authentication frame exchange when reassociating back to the same BSS with which the device is already associated. This functionality is disabled by default since it may cause undesired interoperability issues with some APs. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Simplify eapol_sm_notify_pmkid_attempt()Jouni Malinen2015-01-281-1/+1
| | | | | | | | Drop the unneeded 'attempt' argument. This was originally used for indicating an aborted PMKID caching attempt, but a fix in 2006 removed the only such user and since that time, only attempt == 1 has been used. Signed-off-by: Jouni Malinen <j@w1.fi>
* Ignore pmf=1 default if driver does not support PMFJouni Malinen2015-01-271-5/+2
| | | | | | | | | | | Connection with a PMF enabled AP will fail if we try to negotiate PMF while the local driver does not support this. Since pmf=1 does not require PMF for a successful connection, it can be ignored in such a case to avoid connectivity issues with invalid configuration. This makes it somewhat easier to allow upper layer programs to use pmf=1 default regardless of driver capabilities. Signed-off-by: Jouni Malinen <j@w1.fi>
* Extend VENDOR_ELEM parameters to cover non-P2P Association RequestJouni Malinen2015-01-131-0/+14
| | | | | | | | The new VENDOR_ELEM value 13 can now be used to add a vendor element into all (Re)Association Request frames, not just for P2P use cases like the previous item was for. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* SAE: Clear keys from memory on disassociationJouni Malinen2014-12-291-5/+16
| | | | | | | | There is no need to keep temporary keys in memory beyond the end of the association, so explicitly clear any SAE buffers that can contain keys as soon as such keys are not needed. Signed-off-by: Jouni Malinen <j@w1.fi>
* SME: Optimize OBSS scanningJouni Malinen2014-12-221-7/+52
| | | | | | | | Include only the potentially affected channel range in OBSS scans to reduce the amount of offchannel time needed for scanning when requested by the AP. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add more debug prints for WPA/RSN selection issues for connectionJouni Malinen2014-12-221-6/+10
| | | | | | | | ap_ft_sae test case managed to hit a somewhat unclear error case which resulted in "WPA: Failed to select WPA/RSN" print and not enough information to figure out what exactly had went wrong. Signed-off-by: Jouni Malinen <j@w1.fi>
* SAE: Report connection failure if SME cannot build auth frameJouni Malinen2014-12-141-1/+1
| | | | | | | | | Instead of just stopping connection process and network discovery, report SAE failures to build Authentication frames (e.g., due to missing password) as a connection failure to get the normal retry mechanism into use. Signed-off-by: Jouni Malinen <j@w1.fi>
* SAE: Fix Anti-Clogging Token request frame formatMasashi Honma2014-11-251-4/+28
| | | | | | | | This commit inserts Finite Cyclic Group to Anti-Clogging Token request frame because IEEE Std 802.11-2012, Table 8-29 says "Finite Cyclic Group is present if Status is zero or 76". Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* SME: Fix a sign-compare warningJouni Malinen2014-11-241-2/+2
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* wpa_supplicant: Handle link measurement requestsAndrei Otcheretianski2014-11-221-1/+5
| | | | | | | | Send link measurement response when a request is received. Advertise only RCPI, computing it from the RSSI of the request. The TX power field is left to be filled by the driver. All other fields are not published. Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
* SME: Add RRM support to association requestAssaf Krauss2014-11-221-0/+53
| | | | | | | | | | | In case the AP we are associating with advertises support for RRM, advertise our own RRM support in the (Re)Association Request frame. This is done by adding an RRM Capabilities IE. The underlying driver is expected to further add a Power Capabilities IE to the request, and set the Radio Measurement flag in the Capability Info field. At this point the RRM Capabilities IE advertises no measurement support. Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
* Update pending connect radio work BSS pointer on scan updateJouni Malinen2014-10-271-1/+2
| | | | | | | | | | | | | | | | | | | | | It is possible for scan result processing or BSS entry removal to occur while there is a pending connect or sme-connect radio work with a previously selected BSS entry. The BSS pointer was previously verified to be valid, i.e., still point to a BSS entry, at the time the actual connection operation is started. However, that BSS entry could have changed to point to another BSS if the old BSS entry was either removed or reallocated and a new BSS entry was added at the same location in memory. This could result in the connection attempt failing to configure parameters properly due to different BSS information (e.g., different BSSID). Fix this by updated the pending connect radio work data on BSS entry updates similarly to how the last_scan_res array was updated. If the selected BSS entry is removed, this will still result in a failed connection, but reallocated BSS entry is now followed properly and used when the connection work starts. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* SAE: Add support for PMKSA caching on the station sideJouni Malinen2014-10-181-1/+33
| | | | | | | | | This makes wpa_supplicant SME create PMKSA cache entries from SAE authentication and try to use PMKSA caching if an entry is found for the AP. If the AP rejects the attempt, fall back to SAE authentication is used. Signed-off-by: Jouni Malinen <j@w1.fi>
* wpa_supplicant: Use hostapd_freq_params in assoc_paramsJanusz Dziedzic2014-10-041-2/+2
| | | | | | | | Use hostapd_freq_params instead of simple frequency parameter for driver commands. This is preparation for IBSS configuration to allow use of HT/VHT in IBSS. Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
* SME: Verify that os_get_random() succeeds for SA QueryJouni Malinen2014-09-071-1/+4
| | | | | | Be more consistent on checking os_get_random() return value (CID 72706). Signed-off-by: Jouni Malinen <j@w1.fi>
* HS 2.0: Verify assoc_req_ie buffer size for indication elementsJouni Malinen2014-07-021-4/+10
| | | | | | | | While the buffer is expected to be large enough for all the IEs, it is better to check for this explicitly when adding the HS 2.0 Indication element. (CID 68601) Signed-off-by: Jouni Malinen <j@w1.fi>
* nl80211: Use low-priority scan for OBSS scanJohannes Berg2014-06-211-0/+1
| | | | | | | Some drivers may support low-priority scans, if they do then use that for OBSS scanning. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* Rate limit SA Query procedure initiation on unprotected disconnectJouni Malinen2014-06-191-0/+7
| | | | | | | | | | | | | There is no need to trigger new SA Query procedure to check the state of the connection immediately after having performed such a check. Limit the impact of burst of unprotected Deauth/Disassoc frames by starting a new SA Query procedure only once at least 10 seconds has passed from the previous SA Query that was triggered by reception of an unprotected disconnection. The first SA Query procedure for each association does not follow this rule to avoid issues with test cases that expect to see an SA Query every time. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Validate driver extended capabilities length against buffer lengthJouni Malinen2014-06-071-2/+3
| | | | | | | | | | Prepare for new extended capabilities bits by checking that the local buffer is large enough to contain all the bits the driver requests. The existing buffers are large enough to include anything defined until now, but it would be possible to add more definitions in the future, so increase them a bit as well to make this more future proof. Signed-off-by: Jouni Malinen <j@w1.fi>
* wpa_supplicant: Call frequency conflict handling during authIlan Peer2014-04-241-0/+26
| | | | | | | | | | | | | | | | | | Previously, the frequency conflict was handled only during the association flow. However, some drivers, e.g., mac80211 based drivers, will fail an authentication request in case that there are no available channels for use (as they might be used by other interfaces), and thus the frequency conflict resolution is never called. Fix this by calling frequency conflict resolution during authentication (SME-in-wpa_supplicant) as well. In addition, get the shared radio frequency from the wpa_s context in both the SME-in-driver and SME-in-wpa_supplicant cases and not from the driver. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* wpa_supplicant: Remove pending sme-connect radio workIlan Peer2014-03-271-2/+8
| | | | | | | | | | If a new connection is attempted while there is a pending sme-connection radio work, cancel the pending radio work and continue with the new connection attempt. This is preferable over rejecting the new work and continuing with the pending one, as it is possible that the previous work is no longer valid. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* nl80211: Indicate HS 2.0 OSEN AKM in connect/associate commandJouni Malinen2014-03-251-0/+2
| | | | | | | This allows drivers that build the WPA/RSN IEs internally to use similar design for building the OSEN IE. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* SME: Add more debug prints for OBSS scans and 20/40 MHz co-ex reportJouni Malinen2014-03-231-2/+8
| | | | | | | This makes it easier to debug wpa_supplicant behavior when reporting 20/40 MHz co-ex information based on OBSS scans. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* SME: Fix OBSS scan result processing for 20/40 MHz co-ex reportJouni Malinen2014-03-231-3/+3
| | | | | | | | | | | The 40 MHz intolerant bit needs to be checked before skipping the BSS based on the channel already being in the lost (which could have happened due to another BSS that does not indicate 40 MHz intolerant). This fixed the 20/40 MHz co-ex report to indicate 20 MHz request properly if there are both 40 MHz tolerant and intolerant BSSes on the same channel. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* HS 2.0R2: Add OSEN client implementationJouni Malinen2014-02-251-0/+4
| | | | Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* HS 2.0R2: Update Indication element to Release 2Jouni Malinen2014-02-251-1/+2
| | | | | | | | | | | | The HS 2.0 Indication element from wpa_supplicant now includes the release number field and wpa_supplicant shows the release number of the AP in STATUS command (hs20=1 replaced with hs20=<release>). The new update_identifier field in the cred block can now be used to configure the PPS MO ID so that wpa_supplicant adds it to the Indication element in Association Request frames. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Do not start another connect work while one is pendingJouni Malinen2014-02-241-0/+5
| | | | | | | | | | | It was possible for the connect or sme-connect radio work to get re-scheduled while an earlier request was still pending, e.g., select_network is issued at the moment a scan radio work is in progress and the old scan results are recent enough for starting the connection. This could result in unexpected attempt to re-associate immediately after completing the first connection. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* wpa_supplicant: Complete radio works on disable eventAndrei Otcheretianski2014-02-151-0/+3
| | | | | | | | | | | | | | | | | While testing rfkill blocking of a scanning interface, it was seen that the ongoing scan never completes. This happens since EVENT_SCAN_RESULTS is discarded on a disabled interface. Fix this and also other possible radio work completion issues by removing all the radio works (including started) of the disabled interface. To be able to remove already started radio works, make their callbacks be reentrant with deinit flag (when the work is started), so each radio work should be able to handle its own termination. Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
* Fix authentication algorithm negotiation in SME codeJouni Malinen2014-02-031-0/+2
| | | | | | | | | | | Commit 6ac4b15ef8af434d216fd2dac62ec82948ab0fbd (wpa_radio work for connection) caused a regression for cases where multiple auth_alg values are set in a network block and wpa_supplicant-based SME is supposed to iterate through them. The connection radio work was not terminated when receiving authentication failure and this resulted in the following authentication attempt failing. Signed-hostap: Jouni Malinen <j@w1.fi>
* Use wpa_radio work for connectionJouni Malinen2014-01-071-3/+50
| | | | | | | | This protects against conflicting offchannel operations during connection (authentication, association, EAP exchanges, 4-way handshake). Signed-hostap: Jouni Malinen <j@w1.fi>
* Get rid of duplicated cipher suite and AKM definitionsJouni Malinen2013-12-311-3/+2
| | | | | | | | | | | | | WPA_CIPHER_* and CIPHER_* are used for the exact same set of cipher suites with the main difference being that the WPA_CIPHER_* version is suitable to be used as a bitfield. Similarly, WPA_KEY_MGMT_* and KEY_MGMT_* have similar design for AKMs. There is no need to maintain two separate copies of the definitions since the bitfield compatible version can be used for both needs. Get rid of the CIPHER_* and KEY_MGMT_* versions to clean up the implementation by getting rid of unnecessary mapping functions. Signed-hostap: Jouni Malinen <j@w1.fi>
* wpa_supplicant: Use monotonic time for SA query timeoutJohannes Berg2013-12-241-4/+4
| | | | | | | The SA query timeout is just a regular timeout (currently hard-coded to 1000 TU), so use monotonic time for it. Signed-off-by: Johannes Berg <johannes.berg@intel.com>