path: root/wpa_supplicant
Commit message (Collapse)AuthorAgeFilesLines
* wpa_supplicant: Fix buffer overflow in roaming_consortiumsAndrei Otcheretianski2018-10-141-3/+5
| | | | | | | | | When configuring more than 36 roaming consortiums with SET_CRED, the stack is smashed. Fix that by correctly verifying the num_roaming_consortiums. Fixes: 909a948b ("HS 2.0: Add a new cred block parameter roaming_consortiums") Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
* OWE: Improve discovery of OWE transition mode APIlan Peer2018-10-121-25/+101
| | | | | | | | | | | | | | An OWE AP device that supports transition mode does not transmit the SSID of the OWE AP in its Beacon frames and in addition the OWE AP does not reply to broadcast Probe Request frames. Thus, the scan results matching relies only on Beacon frames from the OWE open AP which can be missed in case the AP's frequency is actively scanned. To improve the discovery of transition mode APs, include their SSID in the scan command to perform an active scan for the SSIDs learned from the open mode BSSs. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* OWE: Use shorter scan interval during transition mode searchJouni Malinen2018-10-122-0/+14
| | | | | | | Start scans more quickly if an open BSS advertising OWE transition mode is found, but the matching OWE BSS has not yet been seen. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* OWE: Attempt more scans for OWE transition SSID if expected BSS not seenSunil Dutt2018-10-124-0/+32
| | | | | | | | | | | | This commit introduces a threshold for OWE transition BSS selection, which signifies the maximum number of selection attempts (scans) done for finding OWE BSS. This aims to do more scan attempts for OWE BSS and eventually select the open BSS if the selection/scan attempts for OWE BSS exceed the configured threshold. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0: Request and process OSU Providers NAI List ANQP-elementJouni Malinen2018-10-055-1/+49
| | | | | | | | | Extend wpa_supplicant to use a separate OSU_NAI information from OSU Providers NAI List ANQP-element instead of the OSU_NAI information from OSU Providers list ANQP-element when connecting to the shared BSS (Single SSID) for OSU. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* OWE: Do not try to enable PMF for non-RSN associationsPurushottam Kushwaha2018-10-031-0/+5
| | | | | | | | | | | | | | | Explicitly set the PMF configuration to 0 (NO_MGMT_FRAME_PROTECTION) for non-RSN associations. This specifically helps with OWE transition mode when the network block is configured with PMF set to required, but the BSS selected is in open mode. There is no point to try to enable PMF for such an association. This fixes issues with drivers that use the NL80211_ATTR_USE_MFP attribute to set expectations for PMF use. The combination of non-RSN connection with claimed requirement for PMF (NL80211_MFP_REQUIRED) could cause such drivers to reject the connection in OWE transition mode. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP: Flush PMKSA if an assoc reject without timeout is receivedSrinivas Dasari2018-09-181-0/+10
| | | | | | | | | | | | | | Flush the PMKSA upon receiving assoc reject event without timeout in the event data, to avoid trying the subsequent connections with the old PMKID. Do not flush PMKSA if assoc reject is received with timeout as it is generated internally from the driver without reaching the AP. This extends commit d109aa6cacf2c3f643de0c758a30b0daf936a67a ("SAE: Flush PMKSA if an assoc reject without timeout is received") to handle also the DPP AKM. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* ANQP: Parse and report Venue URL informationJouni Malinen2018-09-151-0/+37
| | | | | | | Parse the Venue URL ANQP-element payload and report it with the new RX-VENUE-URL event messages if the query was done using PMF. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0: Add alternative OSU_SSID into providers info fileJouni Malinen2018-09-111-3/+27
| | | | | | | | | This adds the second SSID (the one used by the shared BSS) for OSU connection when generating osu-providers.txt. External tools can use that to configure multiple network profiles for OSU to cover the cases where transition mode is used. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* OCE: Add OCE capability attribute only when associating to an OCE APBeni Lev2018-09-024-7/+35
| | | | Signed-off-by: Beni Lev <beni.lev@intel.com>
* OCE: Send scan parameters when OCE_STA functionality is enabledRoee Zamir2018-09-021-0/+44
| | | | | | | | If the device supports OCE features and OCE is enabled, set the relevant scan parameters and FILS Request Parameters element with Max Channel Time. Signed-off-by: Roee Zamir <roee.zamir@intel.com>
* driver: Add OCE scan parametersRoee Zamir2018-09-021-0/+1
| | | | | | | | | | | | Add a flag to scan parameters that enables OCE scan features. If this flag is set the device should enable the following features as defined in the Optimized Connectivity Experience Technical Specification v1.0: - Overwrite FILS request Max Channel Time with actual value (clause 3.8) - Send Probe Request frame in high rate (at least 5.5 Mbps) (clause 3.12) - Probe Request frame Transmission Deferral and Suppression (clause 3.5) - Accept broadcast Probe Response frame (clause 3.6) Signed-off-by: Roee Zamir <roee.zamir@intel.com>
* DPP: Set group id through DPP_AUTH_INIT or dpp_configurator_paramsPurushottam Kushwaha2018-08-301-0/+25
| | | | | | | | | This enhances DPP_AUTH_INIT, DPP_CONFIGURATOR_SIGN, and SET dpp_configurator_params to allow optional setting of the DPP groupId string for a Connector. If the value is not set, the previously wildcard value ("*") is used by default. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* FILS: Fix FILS connect failures after ERP key invalidationAnkita Bajaj2018-08-244-2/+68
| | | | | | | | | | | | | | | | If the RADIUS authentication server dropped the cached ERP keys for any reason, FILS authentication attempts with ERP fails and the previous wpa_supplicant implementation ended up trying to use the same keys for all consecutive attempts as well. This did not allow recovery from state mismatch between the ERP server and peer using full EAP authentication. Address this by trying to use full (non-FILS) authentication when trying to connect to an AP using the same ERP realm with FILS-enabled network profile if the previous authentication attempt had failed. This allows new ERP keys to be established and FILS authentication to be used again for the consecutive connections. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Fix QoS Mapping ext capab bit settingJouke Witteveen2018-08-121-1/+1
| | | | | | | | | Fix the typo in using WPA_DRIVER_FLAGS_QOS_MAPPING to set the QoS Map bit in Extended Capabilities. The previous implementation ended up adding this bit even if the driver did not actually indicate support for the capability. Signed-off-by: Jouke Witteveen <j.witteveen@gmail.com>
* Provide more details of WPA3 modes in wpa_supplicant.confJouni Malinen2018-08-011-1/+4
| | | | | | | Clarify that proto=RSN is used for WPA3 and add the WPA3-Personal name for SAE and include OWE as a possible key_mgmt value. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* P2P: Use more compact debug print of common group frequenciesJouni Malinen2018-06-151-5/+14
| | | | | | | Print the list of frequencies on a single line instead of one line per frequency. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* P2P: Improve common group channel selection if GO needs to be movedJouni Malinen2018-06-151-0/+87
| | | | | | | | | | | | Prefer channels that support VHT80 (and secondarily, HT40 on the same band) over other common group channels. If no such channel is found, prefer any channel that uses the same band so that CSA can be used. This improves the case where a P2P GO needs to move to another channel and there is no other reason (e.g., preferred channel from the driver or an already used channel from a virtual interface sharing the same radio) to pick a specific channel. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* P2P/AP: More detailed debug prints on HT/VHT parameter selectionJouni Malinen2018-06-151-3/+45
| | | | | | | This makes it easier to debug why wpa_supplicant selects particular HT/VHT parameters for AP/P2P GO mode. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* FT: Fix potential NULL pointer dereference in MDE additionJouni Malinen2018-06-051-1/+1
| | | | | | | | The bss variable in this function might be NULL, so make the FT MDE addition case conditional on a BSS entry being available. Fixes: 3dc3afe298f0 ("FT: Add MDE to assoc request IEs in connect params") Signed-off-by: Jouni Malinen <j@w1.fi>
* FT: Add key management value FT-EAP-SHA384 for wpa_supplicantJouni Malinen2018-06-052-1/+19
| | | | | | | This allows wpa_supplicant to be configuted to use the SHA384-based FT AKM. Signed-off-by: Jouni Malinen <j@w1.fi>
* FT: Connection settings for SHA384-based AKMJouni Malinen2018-06-051-1/+14
| | | | | | | Extend wpa_supplicant to allow SHA384-based FT AKM to be selected for a connection. Signed-off-by: Jouni Malinen <j@w1.fi>
* wpa_supplicant: Fix parsing of max_oper_chwidthSven Eckelmann2018-05-311-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | The max_oper_chwidth is parsed in wpa_config_set as INT_RANGE (see ssid_fields). The actual parsing for INT_RANGE is done by wpa_config_parse_int which can only store the result as full integer. max_oper_chwidth is stored as u8 (a single byte) in wpa_ssid. This means that on little endian systems, the least significant byte of the parsed value are really stored in the max_oper_chwidth. But on big endian system, the only most significant byte is stored as max_oper_chwidth. This means that 0 is always stored because the provided range doesn't allow any other value for systems with multi-byte-wide integers. This also means that for common systems with 4-byte-wide integers, the remaining 3 bytes were written after the actual member of the struct. This should not have influenced the behavior of succeeding members because these bytes would have been part of the padding between the members on most systems. Increasing its size to a full int fixes the write operations outside of the member and allows to use the max_oper_chwidth setting on big endian systems. Fixes: 0f29bc68d18e ("IBSS/mesh: Add support for VHT80P80 configuration") Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
* mesh: Fix crash with CONFIG_TAXONOMY enabledFelix Fietkau2018-05-311-1/+1
| | | | | | | | | wpa_s->ifmsh needs to be allocated using hostapd_alloc_iface() instead of a direct call to os_zalloc(), otherwise the linked list for station taxonomy items remains uninitialized, leading to a crash on the first attempt to traverse that list Signed-off-by: Felix Fietkau <nbd@nbd.name>
* HS 2.0: Allow OSEN connection to be used in an RSN BSSJouni Malinen2018-05-292-4/+17
| | | | | | | | | This allows a single BSS/SSID to be used for both data connection and OSU. In wpa_supplicant configuration, the current proto=OSEN key_mgmt=OSEN combination is now allowing both the old separate OSEN BSS/IE and the new RSN-OSEN to be used. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* FT: Disable PMKSA caching with FTJouni Malinen2018-05-211-0/+7
| | | | | | | | | PMKSA caching with FT is not fully functional, so disable the case for now, so that wpa_supplicant does not end up trying to connect with a PMKSA cache entry from another AKM. FT-EAP was already modified long time ago to not add PMKSA cache entries itself. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Add support for using the optional Password IdentifierJouni Malinen2018-05-197-1/+38
| | | | | | | | | | | | | | This extends the SAE implementation in both infrastructure and mesh BSS cases to allow an optional Password Identifier to be used. This uses the mechanism added in P802.11REVmd/D1.0. The Password Identifier is configured in a wpa_supplicant network profile as a new string parameter sae_password_id. In hostapd configuration, the existing sae_password parameter has been extended to allow the password identifier (and also a peer MAC address) to be set. In addition, multiple sae_password entries can now be provided to hostapd to allow multiple per-peer and per-identifier passwords to be set. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* mesh: Register msg_ctx for hostapd/AP codeJouni Malinen2018-05-191-0/+1
| | | | | | | | | The use of hostapd code for a mesh interface did not register hapd->msg_ctx. This needs to be done similarly to the existing cases in wpa_supplicant AP and IBSS mode uses so that wpa_msg() calls from the hostapd/AP code get delivered properly. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* OWE: Mark connection failed in the unlikely no-bss-entry caseJouni Malinen2018-05-161-1/+4
| | | | | | | | | If no BSS entry can be found when processing association rejected event from the driver for the special OWE case of unsupported finite-cyclic-group, process the event as a connection failure instead of just skipping the the OWE retry with another DH group. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Move wpa_supplicant_event() EVENT_ASSOC_REJECT handling into a functionJouni Malinen2018-05-161-78/+82
| | | | | | | This cleans up the implementation a bit by making this functionality easier to understand. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* OWE: Get the bss from bssid of assoc_reject to try for next groupSrinivas Dasari2018-05-151-0/+9
| | | | | | | | | | | On an assoc_reject from the BSS with the status=77, a connection attempt with the next supported group happens. The BSS considered here is from current_bss which may be NULL at this point of time with SME-in-driver case. Address this by getting the BSS from the bssid obtained in association reject indication and skip the step if no BSS entry can be found. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Flush PMKSA if an assoc reject without timeout is receivedSrinivas Dasari2018-05-151-0/+12
| | | | | | | | | | | | Flush the PMKSA upon receiving association reject event without timeout in the event data in SME-in-driver case to avoid trying to use the old PMKSA entry in subsequent connection attempts. Do not flush PMKSA if association reject is received with timeout as it is generated internally from the driver without reaching the AP. This is similar to the SME-in-wpa_supplicant case that was already addressed within sme_event_assoc_reject(). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Silence a gcc warning on switch statement fallthroughJouni Malinen2018-05-151-0/+1
| | | | | | | Add an explicit comment noting a previously undocumented fallthrough to not trigger an implicit-fallthrough warning. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Silence new gcc warnings on switch statement fallthroughsJouni Malinen2018-05-151-1/+1
| | | | | | | Reword the comments to make gcc 8.1 recognize these as designed cases and not trigger implicit-fallthrough warnings. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* FT: Clear SME FT data on disassocAhmad Masri2018-05-041-1/+1
| | | | | | | | | | | | | | SME ft_used flag is sometimes not cleared on disassoc. For example, after initial FT connection, ft_used is set while ft_ies stays NULL. Later on, upon disassoc, sme_update_ft_ies() is not invoked and ft_used is not cleared. Fix this by invoking sme_update_ft_ies() also in case ft_used is set. This is needed to fix an issue with drivers that use nl80211 Connect API with FT and expect to the NL80211_AUTHTYPE_OPEN specified in the Connect command for the initial mobility domain association. Signed-off-by: Ahmad Masri <amasri@codeaurora.org>
* wpa_supplicant: Make channel switch event available for non-AP buildsBhagavathi Perumal S2018-05-041-0/+4
| | | | | | | This allows user to get channel switch indication in station mode even if wpa_supplicant is built without CONFIG_AP=y. Signed-off-by: Bhagavathi Perumal S <bperumal@codeaurora.org>
* wpa_supplicant: Add ieee80211ac information in STATUSBhagavathi Perumal S2018-05-043-0/+13
| | | | | | This allows user to get current operating mode of station. Signed-off-by: Bhagavathi Perumal S <bperumal@codeaurora.org>
* wolfSSL: Fix EAP-FAST key derivationSean Parkinson2018-05-021-0/+1
| | | | | | | Implement tls_connection_get_eap_fast_key() using cryptographic primitives as wolfSSL implements different spec. Signed-off-by: Sean Parkinson <sean@wolfssl.com>
* EAP-TLS: Extend TLS version config to allow TLS v1.3 to be disabledJouni Malinen2018-05-011-0/+2
| | | | | | | | This may be needed to avoid interoperability issues with the new protocol version and significant changes for EAP use cases in both key derivation and handshake termination. Signed-off-by: Jouni Malinen <j@w1.fi>
* wpa_cli: Indicate HS20-T-C-ACCEPTANCE to action scriptsJouni Malinen2018-04-291-0/+2
| | | | | | | This can be used to start a web browser to go through Terms and Conditions acknowledgment. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DFS: Mark channels required DFS based on reg-domain info from the drivermazumdar2018-04-232-6/+11
| | | | | | | | | | | | Mark a channel as required DFS based on regulatory information received from the driver/kernel rather than deciding based on hardcoded boundaries on the frequency. Previously few channels were being marked as requiring DFS even though they were non-DFS in a particular country. If the driver does not provide channel list information, fall back to the previously used frequency-based determination. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0: Process received Terms and Conditions Acceptance notificationJouni Malinen2018-04-233-0/+39
| | | | | | | | | | Extend wpa_supplicant WNM-Notification RX handling to parse and process received Terms and Conditions Acceptance notifications. If PMF is enabled for the association, this frame results in control interface indication (HS20-T-C-ACCEPTANCE <URL>) to get upper layers to guide the user through the required acceptance steps. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Do not remove CCMP group cipher if any CCMP/GCMP cipher is enabledJouni Malinen2018-04-231-2/+3
| | | | | | | | | | | | | | | | CCMP group cipher was removed if CCMP was not allowed as a pairwise cipher when loading a configuration file (but not actually when changing configuration during runtime). This is needed to avoid issues with configurations that use the default group cipher (TKIP CCMP) while modifying pairwise cipher from the default CCMP TKIP) to TKIP. However, there is not really a need to remove the CCMP group cipher if any GCMP or CCMP cipher is enabled as a pairwise cipher. Change the network profile validation routine to not remove CCMP as group cipher if CCMP-256, GCMP, or GCMP-256 is enabled as a pairwise cipher even if CCMP is not. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* AP: Handle AP initalization failure in async flowTova Mussai2018-04-191-0/+7
| | | | | | | | | When AP initialization is completed in a callback (e.g., OBSS scan), wpa_supplicant_deinit_ap() is not called in case of failure. Fix this by calling setup_complete_cb in case of failure, too, which in turn calls wpa_supplicant_deinit_ap() if needed. Signed-off-by: Tova Mussai <tova.mussai@intel.com>
* FT: Add FT auth algorithm to connect params when roamingAhmad Masri2018-04-191-1/+11
| | | | | | | Add WPA FT auth to connect params in case of a re-connection to ESS supporting FT when FT was used in the first connect. Signed-off-by: Ahmad Masri <amasri@codeaurora.org>
* FT: Add MDE to assoc request IEs in connect paramsAhmad Masri2018-04-191-0/+23
| | | | | | | | | Add MDE (mobility domain element) to Association Request frame IEs in the driver assoc params. wpa_supplicant will add MDE only if the network profile allows FT, the selected AP supports FT, and the mobility domain ID matches. Signed-off-by: Ahmad Masri <amasri@codeaurora.org>
* Make CENTER_FRQ1 available independently in SIGNAL_POLLBhagavathi Perumal S2018-04-191-4/+11
| | | | | | | This allows user to get center frequency and find secondary channel offset. Signed-off-by: Bhagavathi Perumal S <bperumal@codeaurora.org>
* HS 2.0: Add Roaming Consortium Selection element into AssocReqJouni Malinen2018-04-174-2/+22
| | | | | | | | This makes wpa_supplicant add Hotspot 2.0 Roaming Consortium Selection element into (Re)Association Request frames if the network profile includes roaming_consortium_selection parameter. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0: Add Roaming Consortium Selection network profile parameterJouni Malinen2018-04-176-1/+48
| | | | | | | | | | | | | This adds new roaming_consortium_selection network profile parameter into wpa_supplicant. This is used to store the OI that was used for network selection (INTERWORKING_SELECT) based on matching against the Roaming Consortium OIs advertised by the AP. This can also be used when using an external component to perform selection. This commit adds the network profile parameter, but does not yet include it in (Re)Association Request frames. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0: Use roaming_consortiums list to match OIs for accessJouni Malinen2018-04-171-9/+29
| | | | | | | | This extends Hotspot 2.0 credential matching to consider the roaming_consortiums parameter when determining whether the cred block matches the information advertised by an AP. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>