path: root/wpa_supplicant
Commit message (Collapse)AuthorAgeFilesLines
* OCV: Include and verify OCI in the AMPE handshakeMathy Vanhoef2018-12-171-0/+72
| | | | | | | | | Include and verify the OCI element in AMPE Open and Confirm frames. Note that the OCI element is included even if the other STA didn't advertise support of OCV. The OCI element is only required and verified if both peers support OCV. Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
* OCV: Pass ocv parameter to mesh configurationMathy Vanhoef2018-12-172-2/+8
| | | | Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
* Add UNPROT_DEAUTH command for testing OCVMathy Vanhoef2018-12-171-0/+5
| | | | | | | This new wpa_supplicant control interface command can be used to simplify testing SA Query with OCV. Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
* OCV: Perform an SA Query after a channel switchMathy Vanhoef2018-12-173-0/+29
| | | | | | | | | | | After the network changed to a new channel, perform an SA Query with the AP after a random delay if OCV was negotiated for the association. This is used to confirm that we are still operating on the real operating channel of the network. This commit is adding only the station side functionality for this, i.e., the AP behavior is not changed to disconnect stations with OCV that do not go through SA Query. Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
* OCV: Include and verify OCI in SA Query framesMathy Vanhoef2018-12-171-7/+111
| | | | | | | | | | | | | | | | | | | | | | | | | | Include an OCI element in SA Query Request and Response frames if OCV has been negotiated. On Linux, a kernel patch is needed to let clients correctly handle SA Query Requests that contain an OCI element. Without this patch, the kernel will reply to the SA Query Request itself, without verifying the included OCI. Additionally, the SA Query Response sent by the kernel will not include an OCI element. The correct operation of the AP does not require a kernel patch. Without the corresponding kernel patch, SA Query Requests sent by the client are still valid, meaning they do include an OCI element. Note that an AP does not require any kernel patches. In other words, SA Query frames sent and received by the AP are properly handled, even without a kernel patch. As a result, the kernel patch is only required to make the client properly process and respond to a SA Query Request from the AP. Without this patch, the client will send a SA Query Response without an OCI element, causing the AP to silently ignore the response and eventually disconnect the client from the network if OCV has been negotiated to be used. Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
* OCV: Add utility functions to insert OCI elementsMathy Vanhoef2018-12-162-0/+2
| | | | | | | This commit adds utility functions to insert various encoding of the OCI element. Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
* OCV: Advertise OCV capability in RSN capabilities (STA)Mathy Vanhoef2018-12-161-0/+3
| | | | | | | Set the OCV bit in RSN capabilities (RSNE) based on station mode configuration. Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
* OCV: Advertise OCV capability in RSN capabilities (AP)Mathy Vanhoef2018-12-161-0/+4
| | | | | | | | Set the OCV bit in RSN capabilities (RSNE) based on AP mode configuration. Do the same for OSEN since it follows the RSNE field definitions. Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
* OCV: Add wpa_supplicant config parameterMathy Vanhoef2018-12-164-0/+67
| | | | | | | Add wpa_supplicant network profile parameter ocv to disable or enable Operating Channel Verification (OCV) support. Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
* OCV: Add build configuration for channel validation supportMathy Vanhoef2018-12-164-0/+16
| | | | | | Add compilation flags for Operating Channel Verification (OCV) support. Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
* Store the VHT Operation element of an associated STAMathy Vanhoef2018-12-161-0/+1
| | | | | | | | APs and mesh peers use the VHT Operation element to advertise certain channel properties (e.g., the bandwidth of the channel). Save this information element so we can later access this information. Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
* Make channel_info available to the supplicant state machineMathy Vanhoef2018-12-161-0/+10
| | | | | | | | This adds the necessary functions and callbacks to make the channel_info driver API available to the supplicant state machine that implements the 4-way and group key handshake. This is needed for OCV. Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
* Add driver API to get current channel parametersMathy Vanhoef2018-12-161-0/+8
| | | | | | | | This adds driver API functions to get the current operating channel parameters. This encompasses the center frequency, channel bandwidth, frequency segment 1 index (for 80+80 channels), and so on. Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
* WMM AC: Fix a typo in a commentJouni Malinen2018-12-081-1/+1
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* WMM AC: Do not write ERROR level log entries when WMM AC is not in useJouni Malinen2018-12-081-7/+2
| | | | | | | | | | These two wpa_printf() calls with MSG_ERROR level could be reached when connecting without (Re)Association Response frame elements being available. That would be the case for wired connections and IBSS. Those cases are not supposed to use WMM AC in the first place, so do not confuse logs with ERROR messages in them for normal conditions. Signed-off-by: Jouni Malinen <j@w1.fi>
* OWE: Fix OWE network profile savingJouni Malinen2018-12-081-0/+12
| | | | | | | | key_mgmt=OWE did not have a config parameter writer and wpa_supplicant was unable to save such a network profile correctly. Fix this by adding the needed parameter writer. Signed-off-by: Jouni Malinen <j@w1.fi>
* DPP: Support DPP key_mgmt saving to wpa_supplicant configurationDamodaran, Rohit (Contractor)2018-12-081-0/+12
| | | | | | | | | In the existing code, there was no "DPP" string available to the DPP key management type for configuration parser of wpa supplicant. When the configuration is saved, the key management string was left out from the config file. Fix this by adding support for writing key_mgmt=DPP option. Signed-off-by: Rohit Damodaran <Rohit_Damodaran@comcast.com>
* HS 2.0: Fix PMF-in-use check for ANQP Venue URL processingJouni Malinen2018-12-083-2/+3
| | | | | | | | | | | | | | The previous implementation did not check that we are associated with the sender of the GAS response before checking for PMF status. This could have accepted Venue URL when not in associated state. Fix this by explicitly checking for association with the responder first. This fixes an issue that was detected, e.g., with these hwsim test case sequences: gas_anqp_venue_url_pmf gas_anqp_venue_url gas_prot_vs_not_prot gas_anqp_venue_url Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0: Enable PMF automatically for Hotspot 2.0 network profilesJouni Malinen2018-12-081-0/+1
| | | | | | | Hotspot 2.0 Release 2 requires PMF to be negotiated, so enable this by default in the network profiles created from cred blocks. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0: Allocate enough buffer for HS 2.0 Indication element for scanJouni Malinen2018-12-081-1/+1
| | | | | | | The HS 2.0 Indication element can be up to 9 octets in length, so add two more octets to the minimum extra_ie buffer size for scanning. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0: As a STA, do not indicate release number greater than the APJouni Malinen2018-12-085-6/+32
| | | | | | | | | | Hotspot 2.0 tech spec mandates mobile device to not indicate a release number that is greater than the release number advertised by the AP. Add this constraint to the HS 2.0 Indication element when adding this into (Re)Association Request frame. The element in the Probe Request frame continues to show the station's latest supported release number. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* FT: Fix CONFIG_IEEE80211X=y build without CONFIG_FILS=yJouni Malinen2018-12-031-2/+0
| | | | | | | | | remove_ie() was defined within an ifdef CONFIG_FILS block while it is now needed even without CONFIG_FILS=y. Remove the CONFIG_FILS condition there. Fixes 8c41734e5de1 ("FT: Fix Reassociation Request IEs during FT protocol") Signed-off-by: Jouni Malinen <j@w1.fi>
* Update version to v2.7 and copyright years to include 2018hostap_2_7Jouni Malinen2018-12-0211-11/+81
| | | | | | | Also add the ChangeLog entries for both hostapd and wpa_supplicant to describe main changes between v2.6 and v2.7. Signed-off-by: Jouni Malinen <j@w1.fi>
* Uncomment CONFIG_LIBNL32=y in defconfigJouni Malinen2018-12-021-1/+1
| | | | | | | | libnl 3.2 release is much more likely to be used nowadays than the versions using the older API, so uncomment this in wpa_supplicant and hostapd defconfig. Signed-off-by: Jouni Malinen <j@w1.fi>
* OWE: Try another group only on association rejection with status 77Ashok Kumar2018-12-023-2/+11
| | | | | | | | | Do not change the OWE group if association is rejected for any other reason than WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED to avoid unnecessary latency in cases where the APs reject association, e.g., for load balancing reasons. Signed-off-by: Ashok Kumar <aponnaia@codeaurora.org>
* DPP: Remove unused wpas_dpp_remain_on_channel_cb()Jouni Malinen2018-12-022-25/+0
| | | | | | This function was apparently never used at all. Signed-off-by: Jouni Malinen <j@w1.fi>
* DPP: Apply testing configuration option to signing of own configJouni Malinen2018-12-011-0/+1
| | | | | | | Previous implementation had missed this case of setting configurator parameters. Signed-off-by: Jouni Malinen <j@w1.fi>
* FT: Fix Reassociation Request IEs during FT protocolJouni Malinen2018-12-011-1/+79
| | | | | | | | | | | | | | | The previous implementation ended up replacing all pending IEs prepared for Association Request frame with the FT specific IEs (RSNE, MDE, FTE) when going through FT protocol reassociation with the wpa_supplicant SME. This resulted in dropping all other IEs that might have been prepared for the association (e.g., Extended Capabilities, RM Enabled Capabilities, Supported Operating Classes, vendor specific additions). Fix this by replacing only the known FT specific IEs with the appropriate values for FT protocol while maintaining other already prepared elements. Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix indentation levelJouni Malinen2018-11-302-5/+4
| | | | | | This gets rid of smatch warnings about inconsistent indenting. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Fix external authentication on big endian platformsAshok Ponnaiah2018-11-301-9/+10
| | | | | | | | Need to handle the little endian 16-bit fields properly when building and parsing Authentication frames. Fixes: 5ff39c1380d9 ("SAE: Support external authentication offload for driver-SME cases") Signed-off-by: Ashok Ponnaiah <aponnaia@codeaurora.org>
* DPP: Reject invalid no-psk/pass legacy configurator parametersJouni Malinen2018-11-301-13/+23
| | | | | | | | | | | Instead of going through the configuration exchange, reject invalid legacy configurator parameters explicitly. Previously, configuring legacy (psk/sae) parameters without psk/pass resulted in a config object that used a zero length passphrase. With this change, that config object is not sent and instead, either the initialization attempts is rejected or the incoming initialization attempt is ignored. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* external-auth: Check key_mgmt when selecting SSIDCedric Izoard2018-11-261-1/+2
| | | | | | | | | When selecting SSID to start external authentication procedure also check the key_mgmt field as several network configuration may be defined for the same SSID/BSSID pair. The external authentication mechanism is only available for SAE. Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
* DPP: Fix GAS client error case handlingJouni Malinen2018-11-251-1/+2
| | | | | | | | | | | The GAS client processing of the response callback for DPP did not properly check for GAS query success. This could result in trying to check the Advertisement Protocol information in failure cases where that information is not available and that would have resulted in dereferencing a NULL pointer. Fix this by checking the GAS query result before processing with processing of the response. Signed-off-by: Jouni Malinen <j@w1.fi>
* dbus: Expose availability of SHA384 on D-BusLubomir Rintel2018-11-241-2/+5
| | | | | | This lets us know whether we can attempt to use FT-EAP-SHA384. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* dbus: Expose availability of FT on D-BusLubomir Rintel2018-11-241-2/+5
| | | | | | | This lets us know whether we can attempt to use FT-PSK, FT-EAP, FT-EAP-SHA384, FT-FILS-SHA256 or FT-FILS-SHA384. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* Revert "D-Bus: Implement Pmf property"Lubomir Rintel2018-11-244-70/+0
| | | | | | | | | | | | | | | | | This reverts commit adf8f45f8af27a9ac9429ecde81776b19b6f9224. It is basically all wrong. The Pmf property did exist, with a signature of "s" as documented in doc/dbus.doxygen. It was synthesized from global_fields[]. The patch added a duplicate one, with a signature of "u", in violation of D-Bus specification and to bemusement of tools that are careful enough: $ busctl introspect fi.w1.wpa_supplicant1 /fi/w1/wpa_supplicant1/Interfaces/666 Duplicate property Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* mesh: Add Category and Action field to maximum buffer lengthJouni Malinen2018-11-241-1/+2
| | | | | | | | | Make the buf_len calculation match more closely with the following wpa_buf*() operations. The extra room from the existing elements was apparently sufficiently large to cover this, but better add the two octet header explicitly. Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Fix off-by-one in buf length calculationBob Copeland2018-11-241-1/+1
| | | | | | | | | | | | | The maximum size of a Mesh Peering Management element in the case of an AMPE close frame is actually 24 bytes, not 23 bytes, plus the two bytes of the IE header (IEEE Std 802.11-2016, Found by inspection. The other buffer components seem to use large enough extra room in their allocations to avoid hitting issues with the full buffer size even without this fix. Signed-off-by: Bob Copeland <bobcopeland@fb.com>
* examples: Fix shellcheck warnings in wps-ap-cliDavide Caratti2018-11-221-3/+3
| | | | | | | | use 'printf' instead of 'echo -n', to suppress the following warning: In POSIX sh, echo flags are undefined. [SC2039] Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
* HS 2.0: Generate AssocReq OSEN IE based on AP advertisementJouni Malinen2018-11-092-6/+32
| | | | | | | | | | | Parse the OSEN IE from the AP to determine values used in the AssocReq instead of using hardcoded cipher suites. This is needed to be able to set the group cipher based on AP advertisement now that two possible options exists for this (GTK_NOT_USED in separate OSEN BSS; CCMP or GTK_NOT_USED in shared BSS case). Furthermore, this is a step towards allowing other ciphers than CCMP to be used with OSEN. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* WNM: Collocated Interference ReportingJouni Malinen2018-10-309-1/+170
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support for negotiating WNM Collocated Interference Reporting. This allows hostapd to request associated STAs to report their collocated interference information and wpa_supplicant to process such request and reporting. The actual values (Collocated Interference Report Elements) are out of scope of hostapd and wpa_supplicant, i.e., external components are expected to generated and process these. For hostapd/AP, this mechanism is enabled by setting coloc_intf_reporting=1 in configuration. STAs are requested to perform reporting with "COLOC_INTF_REQ <addr> <Automatic Report Enabled> <Report Timeout>" control interface command. The received reports are indicated as control interface events "COLOC-INTF-REPORT <addr> <dialog token> <hexdump of report elements>". For wpa_supplicant/STA, this mechanism is enabled by setting coloc_intf_reporting=1 in configuration and setting Collocated Interference Report Elements as a hexdump with "SET coloc_intf_elems <hexdump>" control interface command. The hexdump can contain one or more Collocated Interference Report Elements (each including the information element header). For additional testing purposes, received requests are reported with "COLOC-INTF-REQ <dialog token> <automatic report enabled> <report timeout>" control interface events and unsolicited reports can be sent with "COLOC_INTF_REPORT <hexdump>". This commit adds support for reporting changes in the collocated interference (Automatic Report Enabled == 1 and partial 3), but not for periodic reports (2 and other part of 3). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SME: Fix order of WPA IE in association requestIlan Peer2018-10-201-0/+44
| | | | | | | | | | | | | In case that the protocol used for association is WPA the WPA IE was inserted before other (non vendor specific) IEs. This is not in accordance to the standard that states that vendor IEs should be placed after all the non vendor IEs are placed. In addition, this would cause the low layers to fail to properly order information elements. To fix this, if the protocol used is WPA, store the WPA IE and reinsert it after all the non vendor specific IEs were placed. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* wpa_supplicant: Fix buffer overflow in roaming_consortiumsAndrei Otcheretianski2018-10-141-3/+5
| | | | | | | | | When configuring more than 36 roaming consortiums with SET_CRED, the stack is smashed. Fix that by correctly verifying the num_roaming_consortiums. Fixes: 909a948b ("HS 2.0: Add a new cred block parameter roaming_consortiums") Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
* OWE: Improve discovery of OWE transition mode APIlan Peer2018-10-121-25/+101
| | | | | | | | | | | | | | An OWE AP device that supports transition mode does not transmit the SSID of the OWE AP in its Beacon frames and in addition the OWE AP does not reply to broadcast Probe Request frames. Thus, the scan results matching relies only on Beacon frames from the OWE open AP which can be missed in case the AP's frequency is actively scanned. To improve the discovery of transition mode APs, include their SSID in the scan command to perform an active scan for the SSIDs learned from the open mode BSSs. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* OWE: Use shorter scan interval during transition mode searchJouni Malinen2018-10-122-0/+14
| | | | | | | Start scans more quickly if an open BSS advertising OWE transition mode is found, but the matching OWE BSS has not yet been seen. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* OWE: Attempt more scans for OWE transition SSID if expected BSS not seenSunil Dutt2018-10-124-0/+32
| | | | | | | | | | | | This commit introduces a threshold for OWE transition BSS selection, which signifies the maximum number of selection attempts (scans) done for finding OWE BSS. This aims to do more scan attempts for OWE BSS and eventually select the open BSS if the selection/scan attempts for OWE BSS exceed the configured threshold. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0: Request and process OSU Providers NAI List ANQP-elementJouni Malinen2018-10-055-1/+49
| | | | | | | | | Extend wpa_supplicant to use a separate OSU_NAI information from OSU Providers NAI List ANQP-element instead of the OSU_NAI information from OSU Providers list ANQP-element when connecting to the shared BSS (Single SSID) for OSU. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* OWE: Do not try to enable PMF for non-RSN associationsPurushottam Kushwaha2018-10-031-0/+5
| | | | | | | | | | | | | | | Explicitly set the PMF configuration to 0 (NO_MGMT_FRAME_PROTECTION) for non-RSN associations. This specifically helps with OWE transition mode when the network block is configured with PMF set to required, but the BSS selected is in open mode. There is no point to try to enable PMF for such an association. This fixes issues with drivers that use the NL80211_ATTR_USE_MFP attribute to set expectations for PMF use. The combination of non-RSN connection with claimed requirement for PMF (NL80211_MFP_REQUIRED) could cause such drivers to reject the connection in OWE transition mode. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP: Flush PMKSA if an assoc reject without timeout is receivedSrinivas Dasari2018-09-181-0/+10
| | | | | | | | | | | | | | Flush the PMKSA upon receiving assoc reject event without timeout in the event data, to avoid trying the subsequent connections with the old PMKID. Do not flush PMKSA if assoc reject is received with timeout as it is generated internally from the driver without reaching the AP. This extends commit d109aa6cacf2c3f643de0c758a30b0daf936a67a ("SAE: Flush PMKSA if an assoc reject without timeout is received") to handle also the DPP AKM. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* ANQP: Parse and report Venue URL informationJouni Malinen2018-09-151-0/+37
| | | | | | | Parse the Venue URL ANQP-element payload and report it with the new RX-VENUE-URL event messages if the query was done using PMF. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>