path: root/wpa_supplicant/sme.c
Commit message (Collapse)AuthorAgeFilesLines
* Use bool for is_6ghz variables and functionsJouni Malinen2020-12-111-1/+1
| | | | | | | Replace the implicit boolean checks that used int variables with use of a more explicit bool variable type. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* wpa_supplicant: Fix typosYegor Yefremov2020-10-191-1/+1
| | | | Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
* OCV: Use more granular error codes for OCI validation failuresVeerendranath Jakkam2020-09-111-1/+1
| | | | | | | Enhance the return values of ocv_verify_tx_params with enum to indicate different OCI verification failures to caller. Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
* MSCS: Fix issues due to incorrect usage of wpa_hexdump_buf()Veerendranath Jakkam2020-09-081-2/+1
| | | | | | | | | | Previously wpabuf_head() of the buffer is passed to wpa_hexdump_buf() instead of the wpabuf struct itself and it was causing wpa_supplicant to crash. Fix this by using the correct pointer in the debug prints. Fixes: a118047245b0 ("MSCS: Add support to send MSCS Request frames") Fixes: c504ff5398fa ("MSCS: Add support to populate MSCS Descriptor IE in (Re)AssocReq") Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
* MSCS: Send MSCS change/remove frames only if MSCS setup existsVinita S. Maloo2020-08-141-0/+1
| | | | | | | Allow MSCS change/remove request to be sent only after an initial setup, i.e., after an add request has been accepted. Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
* MSCS: Add support to populate MSCS Descriptor IE in (Re)AssocReqVinita S. Maloo2020-08-141-0/+36
| | | | | | | Include the MSCS Descriptor IE in the (Re)Association Request frames to setup MSCS between the AP and the STA during association. Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
* SAE-PK: Allow SAE-PK password to be set using the psk parameterJouni Malinen2020-08-061-1/+4
| | | | | | | | | Only the sae_password parameter was previously accepted for SAE-PK use. That is not sufficient for covering mixed SAE+PSK cases. Extend this by allowing the psk parameter to be used as well just like it can be used for SAE without SAE-PK. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE-PK: Allow automatic SAE-PK to be disabledJouni Malinen2020-06-071-1/+2
| | | | | | | | | | | This replaces the previously used sae_pk_only configuration parameter with a more generic sae_pk that can be used to specify how SAE-PK is negotiated. The default behavior (sae_pk=0) is to automatically negotiate SAE-PK whenever the AP supports it and the password is in appropriate format. sae_pk=1 allows only SAE-PK to be used and sae_pk=2 disables SAE-PK completely. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Move H2E and PK flags to main sae_dataJouni Malinen2020-06-061-10/+7
| | | | | | | | | This maintains knowledge of whether H2E or PK was used as part of the SAE authentication beyond the removal of temporary state needed during that authentication. This makes it easier to use information about which kind of SAE authentication was used at higher layer functionality. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE-PK: Allow SAE authentication without PK to be disabledJouni Malinen2020-06-061-0/+6
| | | | | | | The new wpa_supplicant network profile parameter sae_pk_only=1 can now be used to disable use of SAE authentication without SAE-PK. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE-PK: STA functionalityJouni Malinen2020-06-021-21/+67
| | | | | | | | This adds STA side functionality for SAE-PK. This version enables SAE-PK automatically based on the configured SAE password value if the selected AP advertises support for SAE-PK. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE-PK: Extend SAE functionality for AP validationJouni Malinen2020-06-021-1/+1
| | | | | | | | | This adds core SAE functionality for a new mode of using SAE with a specially constructed password that contains a fingerprint for an AP public key and that public key being used to validate an additional signature in SAE confirm from the AP. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* OCV: Report OCI validation failures with OCV-FAILURE messages (STA)Jouni Malinen2020-05-291-1/+4
| | | | | | | | | Convert the previously used text log entries to use the more formal OCV-FAILURE prefix and always send these as control interface events to allow upper layers to get information about unexpected operating channel mismatches. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* OCV: Move "OCV failed" prefix to callersJouni Malinen2020-05-251-1/+1
| | | | | | | | | Make reporting of OCV validation failure reasons more flexible by removing the fixed prefix from ocv_verify_tx_params() output in ocv_errorstr so that the caller can use whatever prefix or encapsulation that is most appropriate for each case. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* OCV: Add support to override channel info OCI element (STA)Vamsi Krishna2020-05-251-0/+20
| | | | | | | | | To support the STA testbed role, the STA has to use specified channel information in OCI element sent to the AP in EAPOL-Key msg 2/4, SA Query Request, and SA Query Response frames. Add override parameters to use the specified channel while populating OCI element in all these frames. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP: Allow version number to be overridden for testing purposesJouni Malinen2020-05-031-1/+1
| | | | | | | | | "SET dpp_version_override <ver>" can now be used to request wpa_supplicant and hostapd to support a subset of DPP versions. In practice, the only valid case for now is to fall back from DPP version 2 support to version 1 in builds that include CONFIG_DPP2=y. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Try to negotiate PFS only if AP supports version 2 or newerJouni Malinen2020-05-031-0/+6
| | | | | | | | Check AP's DPP Protocol Version during network introduction and mark the PMKSA cache as suitable for PFS use with version 2 or newer. This avoids unnecessary attempt of negotiating PFS with version 1 APs. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Use a local pointer to simply current_ssid accesses in sme_associate()Jouni Malinen2020-05-031-15/+12
| | | | | | | It is simpler to assign wpa_s->current_ssid to a local pointer now that there are numerous dereferences of current_ssid within sme_associate(). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* EAPOL supp: Convert Boolean to C99 boolJouni Malinen2020-04-241-1/+1
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* wpa_supplicant: Add HE override supportP Praneesh2020-03-301-0/+3
| | | | | | | | | | | | Add HE override support under the build parameter CONFIG_HE_OVERRIDES=y. The disable_he=1 network profile parameter can be used to disable HE. This requires a fallback to VHT on the 5 GHz band and to HT on the 2.4 GHz band. There is no nl80211 support for configuring the driver to disable HE, so for now, this applies only to IBSS and mesh cases. Signed-off-by: P Praneesh <ppranees@codeaurora.org>
* DPP2: Allow station to require or not allow PFSJouni Malinen2020-03-281-1/+3
| | | | | | | | | | | | | | | | | | | | The new wpa_supplicant network profile parameter dpp_pfs can be used to specify how PFS is applied to associations. The default behavior (dpp_pfs=0) remains same as it was previously, i.e., try to use PFS if the AP supports it. PFS use can now be required (dpp_pfs=1) or disabled (dpp_pfs=2). This is also working around an interoperability issue of DPP R2 STA with certain hostapd builds that included both OWE and DPP functionality. That issue was introduced by commit 09368515d130 ("OWE: Process Diffie-Hellman Parameter element in AP mode") and removed by commit 16a4e931f03e ("OWE: Allow Diffie-Hellman Parameter element to be included with DPP"). hostapd builds between those two commits would reject DPP association attempt with PFS. The new wpa_supplicant default (dpp_pfs=0) behavior is to automatically try to connect again with PFS disabled if that happens. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Allow SA Query to be disabled for testing purposesJouni Malinen2020-03-211-0/+4
| | | | | | | | The new wpa_supplicant control interface SET parameter disable_sa_query can now be used to disable SA Query on receiving unprotected disconnection event. Signed-off-by: Jouni Malinen <j@w1.fi>
* FT: Omit RSNXE from FT protocol Reassociation Request when neededJouni Malinen2020-03-201-1/+4
| | | | | | | | | | The previous design for adding RSNXE into FT was not backwards compatible. Move to a new design based on 20/332r3 to avoid that issue by not include RSNXE in the FT protocol Reassociation Request frame so that an AP not supporting RSNXE can still validate the FTE MIC correctly. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Fill the current opclass in (Re)AssocRequest depending on HT/VHT IEsAnanya Barat2020-03-111-1/+1
| | | | | | | | | | | | | The previous implementation was assuming a fixed 20 MHz channel bandwidth when determining which operating class value to indicate as the Current Operating Class in the Supported Operating Classes element. This is not accurate for many HT/VHT cases. Fix this by determining the current operating class (i.e., the operating class used for the requested association) based on the HT/VHT operation elements from scan results. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Expose sae_write_commit() error cases to callersJouni Malinen2020-03-081-2/+5
| | | | | | | | Check whether an error is reported from any of the functions that could in theory fail and if so, do not proceed with the partially filled SAE commit buffer. Signed-off-by: Jouni Malinen <j@w1.fi>
* driver: Extend send_mlme() with wait optionIlan Peer2020-02-291-2/+2
| | | | | | | | | | | | PASN authentication can be performed while a station interface is connected to an AP. To allow sending PASN frames while connected, extend the send_mlme() driver callback to also allow a wait option. Update the relevant drivers and wpa_supplicant accordingly. hostapd calls for send_mlme() are left unchanged, since the wait option is not required there. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* Make WEP functionality an optional build parameterJouni Malinen2020-02-291-6/+12
| | | | | | | | | WEP should not be used for anything anymore. As a step towards removing it completely, move all WEP related functionality to be within CONFIG_WEP blocks. This will be included in builds only if CONFIG_WEP=y is explicitly set in build configuration. Signed-off-by: Jouni Malinen <j@w1.fi>
* SAE: Special test mode sae_pwe=3 for looping with password identifierJouni Malinen2020-02-101-1/+2
| | | | | | | | | | The new sae_pwe=3 mode can be used to test non-compliant behavior with SAE Password Identifiers. This can be used to force use of hunting-and-pecking loop for PWE derivation when Password Identifier is used. This is not allowed by the standard and as such, this functionality is aimed at compliance testing. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Verify that appropriate Status Code is used in SAE commit (SME)Jouni Malinen2020-02-081-0/+13
| | | | | | | | Previous version accepted both 0 and 126 values in SAE commit message from the AP. Explicitly check that the value the AP uses matches what the STA started with to avoid unexpected cases. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Enhance get_mode() to return correct hw_mode with 6 GHz supportVamsi Krishna2020-01-231-1/+1
| | | | | | | | | | | | | | | | The 5 GHz channels are stored in one hw_features set with mode HOSTAPD_MODE_IEEE80211A while the 6 GHz channels will need to be stored in a separate hw_features set (but with same mode HOSTAPD_MODE_IEEE80211A) due to possibility of different HT/VHT/HE capabilities being available between the 5 GHz and 6 GHz bands. Iterate through all hw_features sets and check and match the band of channel supported by the hw_features set while getting the hw_features set in get_mode(). This allows both the 5 GHz and 6 GHz channels to be found and correct capabilities to be used in cases where the driver reports different capability values between 5 and 6 GHz channels. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Use Anti-Clogging Token Container element with H2EJouni Malinen2020-01-211-3/+30
| | | | | | | | | | | IEEE P802.11-REVmd was modified to use a container IE for anti-clogging token whenver H2E is used so that parsing of the SAE Authentication frames can be simplified. See this document for more details of the approved changes: https://mentor.ieee.org/802.11/dcn/19/11-19-2154-02-000m-sae-anti-clogging-token.docx Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Use H2E whenever Password Identifier is usedJouni Malinen2020-01-211-2/+6
| | | | | | | | | | IEEE P802.11-REVmd was modified to require H2E to be used whenever Password Identifier is used with SAE. See this document for more details of the approved changes: https://mentor.ieee.org/802.11/dcn/19/11-19-2154-02-000m-sae-anti-clogging-token.docx Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SME: Postpone current BSSID clearing until IEs are preparedJouni Malinen2020-01-031-6/+6
| | | | | | | | | | | | | sme_send_authentication() could fail before actually requesting the driver to authenticate with a new AP. This could happen after wpa_s->bssid got cleared even though in such a case, the old association is maintained and still valid. This can result in unexpected behavior since wpa_s->bssid would not match the current BSSID anymore. Fix this by postponing clearing of wpa_s->bssid until the IE preparation has been completed successfully. Signed-off-by: Jouni Malinen <j@w1.fi>
* STA OBSS: Add check for overlapping BSSsSergey Matyukevich2019-12-261-13/+29
| | | | | | | | | | | | | | | | In the previous implementation connected STA performs OBSS scan according to requests from its 20/40 MHz AP. However STA checks only 40 MHz intolerance subfield from HT Capabilities element in scan results. Meanwhile, as per IEEE Std 802.11-2016, 11.16.12, STA should check overlapping BSSs as well. Note that all the required code to check overlapping BSSs did already exist for AP mode since AP does those checks properly before operating as 20/40 MHz BSS in the 2.4 GHz band. Use that existing code by replace existing 40 MHz intolerance check in sme_proc_obss_scan() with the new shared helper function check_bss_coex_40mhz(). Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
* SAE H2E: RSNXE override for testing purposesJouni Malinen2019-12-071-0/+12
| | | | | | | | "SET rsnxe_override_{assoc,eapol} <hexdump>" can now be used to override RSNXE in (Re)Association Request frames and EAPOL-Key msg 2/4 for testing purposes. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE H2E: Fix validation of rejected groups listJouni Malinen2019-12-061-1/+1
| | | | | | | check_sae_rejected_groups() returns 1, not -1, in case an enabled group is rejected. The previous check for < 0 could not have ever triggered. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Ignore commit message when waiting for confirm in STA modeJouni Malinen2019-10-271-2/+5
| | | | | | | | | | | Previously, an unexpected SAE commit message resulted in forcing disconnection. While that allowed recovery by starting from scratch, this is not really necessary. Ignore such unexpected SAE commit message instead and allow SAE confirm message to be processed after this. This is somewhat more robust way of handling the cases where SAE commit message might be retransmitted either in STA->AP or AP->STA direction. Signed-off-by: Jouni Malinen <j@w1.fi>
* SAE: Add RSNXE in Association Request and EAPOL-Key msg 2/4Jouni Malinen2019-10-171-0/+15
| | | | | | | | | Add the new RSNXE into (Re)Association Request frames and EAPOL-Key msg 2/4 when using SAE with hash-to-element mechanism enabled. This allows the AP to verify that there was no downgrade attack when both PWE derivation mechanisms are enabled. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Check that peer's rejected groups are not enabledJouni Malinen2019-10-151-0/+52
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: H2E version of SAE commit message handling for STAJouni Malinen2019-10-151-10/+51
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Collect list of rejected groups for H2E in STAJouni Malinen2019-10-151-0/+6
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Tell sae_parse_commit() whether H2E is usedJouni Malinen2019-10-141-1/+2
| | | | | | This will be needed to help parsing the received SAE commit. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* MBO/OCE: Work around misbehaving MBO/OCE APs that use RSN without PMFVamsi Krishna2019-09-201-1/+1
| | | | | | | | | | | | | | | | | | | | | | The MBO and OCE specification require the station to mandate use of PMF when connecting to an MBO/OCE AP that uses WPA2. The earlier implementation prevented such misbehaving APs from being selected for connection completely. This looks like the safest approach to take, but unfortunately, there are deployed APs that are not compliant with the MBO/OCE requirements and this strict interpretation of the station requirements results in interoperability issues by preventing the association completely. Relax the approach by allowing noncompliant MBO/OCE APs to be selected for RSN connection without PMF to avoid the main impact of this interoperability issue. However, disable MBO/OCE functionality when PMF cannot be negotiated to try to be as compliant as practical with the MBO/OCE tech spec requirements (i.e., stop being an MBO/OCE STA for the duration of such workaround association). Also disable support for BTM in this workaround state since MBO would expect all BTM frames to be protected. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Remove CONFIG_IEEE80211W build parameterJouni Malinen2019-09-081-10/+0
| | | | | | | | | Hardcode this to be defined and remove the separate build options for PMF since this functionality is needed with large number of newer protocol extensions and is also something that should be enabled in all WPA2/WPA3 networks. Signed-off-by: Jouni Malinen <j@w1.fi>
* SAE: Conditionally set PMKID while notifying the external auth statusSunil Dutt2019-08-161-0/+2
| | | | | | | | | | | This is needed for the drivers implementing SME to include the PMKID in the Association Request frame directly following SAE authentication. This commit extends the commit d2b208384391 ("SAE: Allow PMKID to be added into Association Request frame following SAE") for drivers with internal SME that use the external authentication mechanism. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Use BSSID stored in ext_auth_bssid for set_pmkSunil Dutt2019-08-161-4/+4
| | | | | | | | | | | pending_bssid is cleared in the connected state and thus is not valid if SAE authentication is done to a new BSSID when in the connected state. Hence use the BSSID from ext_auth_bssid while configuring the PMK for the external authentication case. This is required for roaming to a new BSSID with driver-based-SME while the SAE processing happens with wpa_supplicant. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Allow PMKID to be added into Association Request frame following SAEJouni Malinen2019-08-141-8/+35
| | | | | | | | | | | IEEE Std 802.11-2016 does not require this behavior from a SAE STA, but it is not disallowed either, so it is useful to have an option to identify the derived PMKSA in the immediately following Association Request frames. This is disabled by default (i.e., no change to previous behavior) and can be enabled with a global wpa_supplicant configuration parameter sae_pmkid_in_assoc=1. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* wpa_supplicant: Fix type for ssid->mode comparisonsSven Eckelmann2019-06-231-1/+1
| | | | | | | | | | | The ssid->mode is from type enum wpas_mode and all its constants start with WPAS_MODE_*. Still some of the code sections used the IEEE80211_MODE_* defines instead of WPAS_MODE_*. This should have no impact on the actual code because the constants for INFRA, IBSS, AP and MESH had the same values. Signed-off-by: Sven Eckelmann <seckelmann@datto.com>
* SAE: Send external auth failure status to driverSrinivas Dasari2019-05-311-16/+21
| | | | | | | | | | | wpa_supplicant prepares auth commit request as part of the external authentication (first SAE authentication frame), but it fails to get prepared when wpa_supplicant is started without mentioning the SAE password in configuration. Send this failure status to the driver to make it aware that the external authentication has been aborted by wpa_supplicant. Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
* Fix a regression in storing of external_auth SSID/BSSIDJouni Malinen2019-04-281-7/+12
| | | | | | | | | | | | | An earlier change in drivers_ops API for struct external_auth broke the way SSID and BSSID for an external authentication request were stored. The implementation depended on the memory array being available in the API struct with a use of memcpy() to copy the full structure even though when only SSID and BSSID was needed. Fix this by replacing that easy-to-break storing mechanism with explicit arrays for the exact set of needed information. Fixes: dd1a8cef4c05 ("Remove unnecessary copying of SSID and BSSID for external_auth") Signed-off-by: Jouni Malinen <j@w1.fi>