path: root/wpa_supplicant/wpa_supplicant.c
Commit message (Collapse)AuthorAgeFilesLines
* HS 2.0: Generate AssocReq OSEN IE based on AP advertisementJouni Malinen2018-11-091-6/+18
| | | | | | | | | | | Parse the OSEN IE from the AP to determine values used in the AssocReq instead of using hardcoded cipher suites. This is needed to be able to set the group cipher based on AP advertisement now that two possible options exists for this (GTK_NOT_USED in separate OSEN BSS; CCMP or GTK_NOT_USED in shared BSS case). Furthermore, this is a step towards allowing other ciphers than CCMP to be used with OSEN. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* WNM: Collocated Interference ReportingJouni Malinen2018-10-301-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support for negotiating WNM Collocated Interference Reporting. This allows hostapd to request associated STAs to report their collocated interference information and wpa_supplicant to process such request and reporting. The actual values (Collocated Interference Report Elements) are out of scope of hostapd and wpa_supplicant, i.e., external components are expected to generated and process these. For hostapd/AP, this mechanism is enabled by setting coloc_intf_reporting=1 in configuration. STAs are requested to perform reporting with "COLOC_INTF_REQ <addr> <Automatic Report Enabled> <Report Timeout>" control interface command. The received reports are indicated as control interface events "COLOC-INTF-REPORT <addr> <dialog token> <hexdump of report elements>". For wpa_supplicant/STA, this mechanism is enabled by setting coloc_intf_reporting=1 in configuration and setting Collocated Interference Report Elements as a hexdump with "SET coloc_intf_elems <hexdump>" control interface command. The hexdump can contain one or more Collocated Interference Report Elements (each including the information element header). For additional testing purposes, received requests are reported with "COLOC-INTF-REQ <dialog token> <automatic report enabled> <report timeout>" control interface events and unsolicited reports can be sent with "COLOC_INTF_REPORT <hexdump>". This commit adds support for reporting changes in the collocated interference (Automatic Report Enabled == 1 and partial 3), but not for periodic reports (2 and other part of 3). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* OWE: Attempt more scans for OWE transition SSID if expected BSS not seenSunil Dutt2018-10-121-0/+3
| | | | | | | | | | | | This commit introduces a threshold for OWE transition BSS selection, which signifies the maximum number of selection attempts (scans) done for finding OWE BSS. This aims to do more scan attempts for OWE BSS and eventually select the open BSS if the selection/scan attempts for OWE BSS exceed the configured threshold. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* OWE: Do not try to enable PMF for non-RSN associationsPurushottam Kushwaha2018-10-031-0/+5
| | | | | | | | | | | | | | | Explicitly set the PMF configuration to 0 (NO_MGMT_FRAME_PROTECTION) for non-RSN associations. This specifically helps with OWE transition mode when the network block is configured with PMF set to required, but the BSS selected is in open mode. There is no point to try to enable PMF for such an association. This fixes issues with drivers that use the NL80211_ATTR_USE_MFP attribute to set expectations for PMF use. The combination of non-RSN connection with claimed requirement for PMF (NL80211_MFP_REQUIRED) could cause such drivers to reject the connection in OWE transition mode. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* OCE: Add OCE capability attribute only when associating to an OCE APBeni Lev2018-09-021-2/+8
| | | | Signed-off-by: Beni Lev <beni.lev@intel.com>
* FILS: Fix FILS connect failures after ERP key invalidationAnkita Bajaj2018-08-241-1/+40
| | | | | | | | | | | | | | | | If the RADIUS authentication server dropped the cached ERP keys for any reason, FILS authentication attempts with ERP fails and the previous wpa_supplicant implementation ended up trying to use the same keys for all consecutive attempts as well. This did not allow recovery from state mismatch between the ERP server and peer using full EAP authentication. Address this by trying to use full (non-FILS) authentication when trying to connect to an AP using the same ERP realm with FILS-enabled network profile if the previous authentication attempt had failed. This allows new ERP keys to be established and FILS authentication to be used again for the consecutive connections. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Fix QoS Mapping ext capab bit settingJouke Witteveen2018-08-121-1/+1
| | | | | | | | | Fix the typo in using WPA_DRIVER_FLAGS_QOS_MAPPING to set the QoS Map bit in Extended Capabilities. The previous implementation ended up adding this bit even if the driver did not actually indicate support for the capability. Signed-off-by: Jouke Witteveen <j.witteveen@gmail.com>
* FT: Fix potential NULL pointer dereference in MDE additionJouni Malinen2018-06-051-1/+1
| | | | | | | | The bss variable in this function might be NULL, so make the FT MDE addition case conditional on a BSS entry being available. Fixes: 3dc3afe298f0 ("FT: Add MDE to assoc request IEs in connect params") Signed-off-by: Jouni Malinen <j@w1.fi>
* FT: Connection settings for SHA384-based AKMJouni Malinen2018-06-051-1/+14
| | | | | | | Extend wpa_supplicant to allow SHA384-based FT AKM to be selected for a connection. Signed-off-by: Jouni Malinen <j@w1.fi>
* HS 2.0: Allow OSEN connection to be used in an RSN BSSJouni Malinen2018-05-291-0/+7
| | | | | | | | | This allows a single BSS/SSID to be used for both data connection and OSU. In wpa_supplicant configuration, the current proto=OSEN key_mgmt=OSEN combination is now allowing both the old separate OSEN BSS/IE and the new RSN-OSEN to be used. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* FT: Disable PMKSA caching with FTJouni Malinen2018-05-211-0/+7
| | | | | | | | | PMKSA caching with FT is not fully functional, so disable the case for now, so that wpa_supplicant does not end up trying to connect with a PMKSA cache entry from another AKM. FT-EAP was already modified long time ago to not add PMKSA cache entries itself. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* FT: Add FT auth algorithm to connect params when roamingAhmad Masri2018-04-191-1/+11
| | | | | | | Add WPA FT auth to connect params in case of a re-connection to ESS supporting FT when FT was used in the first connect. Signed-off-by: Ahmad Masri <amasri@codeaurora.org>
* FT: Add MDE to assoc request IEs in connect paramsAhmad Masri2018-04-191-0/+23
| | | | | | | | | Add MDE (mobility domain element) to Association Request frame IEs in the driver assoc params. wpa_supplicant will add MDE only if the network profile allows FT, the selected AP supports FT, and the mobility domain ID matches. Signed-off-by: Ahmad Masri <amasri@codeaurora.org>
* HS 2.0: Add Roaming Consortium Selection element into AssocReqJouni Malinen2018-04-171-1/+2
| | | | | | | | This makes wpa_supplicant add Hotspot 2.0 Roaming Consortium Selection element into (Re)Association Request frames if the network profile includes roaming_consortium_selection parameter. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* wpa_supplicant: Increase authentication timeout if CAC is startedDmitry Lebed2018-04-151-0/+20
| | | | | | | | | | | | | | | | | | Timeout is increased by dfs_cac_ms from channel data, or by max CAC time (10 minutes) if dfs_cac_ms is not defined. This is needed for some more complex cases, e.g., when STA is acting as an active slave with DFS offload enabled and decided to start CAC after receiving CONNECT command, in such a case the 10 second timeout is too small and wpa_supplicant need to wait for CAC completion or CAC timeout (up to 10 minutes). Without such timeout modification wpa_supplicant will be unable to connect to an AP on DFS channel, since the default authentication timeout (10 s) is smaller than the minimum CAC time (60 s). Tested with nl80211 DFS offload implementation. Signed-off-by: Dmitry Lebed <dlebed@quantenna.com>
* SAE: Only allow SAE AKMP for PMKSA caching attemptsJouni Malinen2018-04-091-1/+1
| | | | | | | | | | Explicitly check the PMKSA cache entry to have matching SAE AKMP for the case where determining whether to use PMKSA caching instead of new SAE authentication. Previously, only the network context was checked, but a single network configuration profile could be used with both WPA2-PSK and SAE, so should check the AKMP as well. Signed-off-by: Jouni Malinen <j@w1.fi>
* SAE: Fix default PMK configuration for PMKSA caching caseJouni Malinen2018-04-091-4/+11
| | | | | | | | | | | | The RSN supplicant state machine PMK was set based on WPA PSK even for the cases where SAE would be used. If the AP allows PMKSA caching to be used with SAE, but does not indicate the selected PMKID explicitly in EAPOL-Key msg 1/4, this could result in trying to use the PSK instead of SAE PMK. Fix this by not setting the WPA-PSK as default PMK for SAE network profiles and instead, configuring the PMK explicitly from the found PMKSA cache entry. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add more debug prints for wpa_sm_set_pmk() callsJouni Malinen2018-04-081-0/+5
| | | | | | | Couple of these were not preceded by wpa_hexdump_key(PSK) which made it more difficult to interpret the debug log. Signed-off-by: Jouni Malinen <j@w1.fi>
* wpa_supplicant: Don't reply to EAPOL if pkt_type is PACKET_OTHERHOSTDavide Caratti2018-04-021-0/+5
| | | | | | | | | | | | | | When wpa_supplicant is running on a Linux interface that is configured in promiscuous mode, and it is not a member of a bridge, incoming EAPOL packets are processed regardless of the Destination Address in the frame. As a consequence, there are situations where wpa_supplicant replies to EAPOL packets that are not destined for it. This behavior seems undesired (see IEEE Std 802.1X-2010, 11.4.a), and can be avoided by attaching a BPF filter that lets the kernel discard packets having pkt_type equal to PACKET_OTHERHOST. Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
* Clean up setting of iface->p2p_mgmt flagVasyl Vavrychuk2018-04-021-9/+6
| | | | | | | | | | | | | | | | | | | Previously we set this flag to one in wpa_supplicant_init_iface() if Wi-Fi controller does not have a dedicated P2P-interface. This setting had effect only in scope of wpa_supplicant_init_iface() and it contradicts with comment to struct wpa_interface::p2p_mgmt field. This comment says that this flag is used only if Wi-Fi controller has dedicated P2P-device interface. Also it contradicts with usage of similiar p2p_mgmt field in struct wpa_supplicant. Again struct wpa_supplicant::p2p_mgmt is set only for dedicated P2P-device interface. After this change wpa_interface become input argument to wpa_supplicant_init_iface() that we are not modifying. Signed-off-by: Vasyl Vavrychuk <vvavrychuk@gmail.com>
* dbus: Add FILS to global capabilitiesMasashi Honma2018-04-021-0/+21
| | | | | | | If any of the interfaces supports FILS (and similarly for FILS-SK-PFS), include the "fils" (and "fils_sk_pfs") capability in D-Bus information. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* DPP: Fix GAS query removal race condition on DPP_STOP_LISTENJouni Malinen2018-02-071-0/+16
| | | | | | | | | | | | If a DPP_STOP_LISTEN call happens to be received when there is a pending gas-query radio work that has not yet been started, it was possible for gas_query_stop() to go through gas_query_done() processing with gas->work == NULL and that ended up with the pending GAS query getting freed without removing the pending radio work that hold a reference to the now freed memory. Fix this by removing the pending non-started radio work for the GAS query in this specific corner case. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* wpa_supplicant: Fix parsing errors on additional config fileJouni Malinen2018-02-041-2/+14
| | | | | | | | | | If the -I<config> argument is used and the referenced configuration file cannot be parsed, wpa_config_read() ended up freeing the main configuration data structure and that resulted in use of freed memory in such an error case. Fix this by not freeing the main config data and handling the error case in the caller. Signed-off-by: Jouni Malinen <j@w1.fi>
* OWE: Fix association IEs for transition mode open AP connectionJouni Malinen2018-02-041-0/+1
| | | | | | | | | | | The special case of returning from wpa_supplicant_set_suites() when OWE transition mode profile is used for an open association did not clear the wpa_ie buffer length properly. This resulted in trying to use corrupted IEs in the association request and failed association (cfg80211 rejects the request or if the request were to go out, the AP would likely reject it). Signed-off-by: Jouni Malinen <j@w1.fi>
* SAE: Support external authentication offload for driver-SME casesSunil Dutt2018-02-021-0/+4
| | | | | | | | | | Extend the SME functionality to support the external authentication. External authentication may be used by the drivers that do not define separate commands for authentication and association (~WPA_DRIVER_FLAGS_SME) but rely on wpa_supplicant's SME for the authentication. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* OWE: Allow station in transition mode to connect to an open BSSJouni Malinen2018-01-211-0/+9
| | | | | | | | | If the OWE network profile matches an open network which does not advertise OWE BSS, allow open connection. The new owe_only=1 network profile parameter can be used to disable this transition mode and enforce connection only with OWE networks. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* OWE: Try all supported DH groups automatically on STAJouni Malinen2017-12-271-2/+14
| | | | | | | | If a specific DH group for OWE is not set with the owe_group parameter, try all supported DH groups (currently 19, 20, 21) one by one if the AP keeps rejecting groups with the status code 77. Signed-off-by: Jouni Malinen <j@w1.fi>
* FILS: Driver configuration to disable/enable FILS featuresvamsi krishna2017-12-151-1/+2
| | | | | | | | | | The new disable_fils parameter can be used to disable FILS functionality in the driver. This is currently removing the FILS Capability bit in Extended Capabilities and providing a callback to the driver wrappers. driver_nl80211.c implements this using a QCA vendor specific command for now. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* OWE: Allow DH Parameters element overriding with driver SMEJouni Malinen2017-12-111-0/+5
| | | | | | | | | | | Commit 265bda34441da14249cb22ce8a459cebe8015a55 ('OWE: Allow DH Parameters element to be overridden for testing purposes') provided means for using "VENDOR_ELEM_ADD 13 <IE>" in OWE protocol testing, but that commit covered only the sme.c case (i.e., drivers that use wpa_supplicant SME). Extend this to cover drivers that use internal SME (e.g., use the nl80211 Connect command). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Fix a typo in a debug messageJouni Malinen2017-10-221-1/+1
| | | | | | This radio_work_free() message was missing the closing parenthesis. Signed-off-by: Jouni Malinen <j@w1.fi>
* FILS: Send updated connection parameters to drivers if neededVidyullatha Kanchanapally2017-10-171-2/+44
| | | | | | | | | | After an initial connection wpa_supplicant derives ERP information which can be used in doing eventual authentications in the same realm. This information can be used by drivers with offloaded FILS support to do driver/firmware initiated roamings. Add support to send this updated information to such drivers. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Move assoc param setting into a helper functionVidyullatha Kanchanapally2017-10-171-117/+130
| | | | | | | This is needed to be able to use the same implementation for updating the connection parameters in the driver during an association. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Allow last (Re)Association Request frame to be replayed for testingJouni Malinen2017-10-161-0/+5
| | | | | | | | | | | The new wpa_supplicant RESEND_ASSOC command can be used to request the last (Re)Association Request frame to be sent to the AP to test FT protocol behavior. This functionality is for testing purposes and included only in builds with CONFIG_TESTING_OPTIONS=y. Signed-off-by: Jouni Malinen <j@w1.fi>
* Remove all PeerKey functionalityJouni Malinen2017-10-151-10/+0
| | | | | | | | | | | | | | | | | | | | | | | | This was originally added to allow the IEEE 802.11 protocol to be tested, but there are no known fully functional implementations based on this nor any known deployments of PeerKey functionality. Furthermore, PeerKey design in the IEEE Std 802.11-2016 standard has already been marked as obsolete for DLS and it is being considered for complete removal in REVmd. This implementation did not really work, so it could not have been used in practice. For example, key configuration was using incorrect algorithm values (WPA_CIPHER_* instead of WPA_ALG_*) which resulted in mapping to an invalid WPA_ALG_* value for the actual driver operation. As such, the derived key could not have been successfully set for the link. Since there are bugs in this implementation and there does not seem to be any future for the PeerKey design with DLS (TDLS being the future for DLS), the best approach is to simply delete all this code to simplify the EAPOL-Key handling design and to get rid of any potential issues if these code paths were accidentially reachable. Signed-off-by: Jouni Malinen <j@w1.fi>
* SAE: Allow SAE password to be configured separately (STA)Jouni Malinen2017-10-111-0/+5
| | | | | | | | | The new sae_password network profile parameter can now be used to set the SAE password instead of the previously used psk parameter. This allows shorter than 8 characters and longer than 63 characters long passwords to be used. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* OWE: Support station SME-in-driver caseJouni Malinen2017-10-091-1/+20
| | | | | | | | Previously, only the SME-in-wpa_supplicant case was supported. This extends that to cover the drivers that implement SME internally (e.g., through the cfg80211 Connect command). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* OWE: Transition mode support on station sideJouni Malinen2017-10-081-0/+44
| | | | | | | Add support for using the OWE Transition Mode element to determine the hidden SSID for an OWE BSS that is used in transition mode. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* OWE: Set PMK length properly on supplicant sideJouni Malinen2017-10-081-0/+6
| | | | | | | | | | | sm->pmk_len was not set when deriving the PMK as part of OWE key generation. This depending on wpa_sm_set_pmk_from_pmksa() call resetting the value to the default. While this worked for many cases, this is not correct and can have issues with network profile selection based on association information. For example, the OWE transition mode cases would hit an issue here. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add group_mgmt network parameter for PMF cipher selectionJouni Malinen2017-09-261-4/+23
| | | | | | | | | | The new wpa_supplicant network parameter group_mgmt can be used to specify which group management ciphers (AES-128-CMAC, BIP-GMAC-128, BIP-GMAC-256, BIP-CMAC-256) are allowed for the network. If not specified, the current behavior is maintained (i.e., follow what the AP advertises). The parameter can list multiple space separate ciphers. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* wpa_supplicant: Support dynamic update of wowlan_triggersLior David2017-09-131-0/+10
| | | | | | | Previously, wowlan_triggers were updated in kernel only during startup. Also update it whenever it is set from the control interface. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Fix RSN pre-authentication regression with pre-connection scan resultsJouni Malinen2017-09-121-0/+9
| | | | | | | | | | | | | | | | | | | | | The introduction of radio works and a delayed callback to complete association/connection requests ended up breaking RSN pre-authentication candidate list generation for the case of pre-connection scan results. Previously, wpa_supplicant_associate() set the RSN state machine configuration before returning and the calls to wpa_supplicant_rsn_preauth_scan_results() immediately after this function call were working fine. However, with the radio work callback, the RSN state machine configuration started to happen only in that callback which would be called soon after this code path has completed. This resulted in the RSN state machine not knowing the selected SSID and as such, rejecting all pre-authentication candidates. Fix this by setting the RSN state machine configuration from wpa_supplicant_associate() so that the existing callers of wpa_supplicant_rsn_preauth_scan_results() can be used as-is to add candidates for pre-authentication. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* wpa_supplicant: Check length when building ext_capability in assoc_cbAdiel Aloni2017-09-101-1/+2
| | | | | | | When building wpa_ie in wpas_start_assoc_cb() with ext_capab, make sure that assignment does not exceed max_wpa_ie_len. Signed-off-by: Adiel Aloni <adiel.aloni@intel.com>
* dbus: Add MeshGroupRemoved signalSaurav Babu2017-09-091-0/+9
| | | | | | This is similar to the control interface event MESH-GROUP-REMOVED. Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
* dbus: Add MeshGroupStarted signalSaurav Babu2017-09-091-0/+1
| | | | | | | This introduces a new interface for mesh and adds a signal that is similar to the control interface event MESH-GROUP-STARTED. Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
* STA: Add OCE capability indication attributeAshwini Patil2017-07-141-0/+11
| | | | | | | Add OCE capability indication attribute in Probe Request and (Re)Association Request frames. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FILS: Fix issuing FILS connect to a non-FILS AP in driver-FILS caseVidyullatha Kanchanapally2017-07-141-46/+43
| | | | | | | | | | | If an AP is not FILS capable and wpa_supplicant has a saved network block for the network with FILS key management and a saved erp info, wpa_supplicant might end up issuing a FILS connection to a non-FILS AP. Fix this by looking for the presence of FILS AKMs in wpa_s->key_mgmt, i.e., after deciding on the AKM suites to use for the current connection. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* nl80211/MBO: Set temporary disallowed BSSID list to driverAshwini Patil2017-06-301-19/+51
| | | | | | | | | Set temporary disallowed BSSID list to the driver so that the driver doesn't try to connect to any of the blacklisted BSSIDs during driver-based roaming operation. This commit includes support only for the nl80211 driver interface using a QCA vendor command for this. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Network Introduction protocol for wpa_supplicantJouni Malinen2017-06-191-0/+5
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Add new AKMJouni Malinen2017-06-191-1/+8
| | | | | | | | | | This new AKM is used with DPP when using the signed Connector to derive a PMK. Since the KCK, KEK, and MIC lengths are variable within a single AKM, this needs number of additional changes to get the PMK length delivered to places that need to figure out the lengths of the PTK components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Configuration exchangeJouni Malinen2017-06-191-0/+46
| | | | | | | | This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>