path: root/wpa_supplicant
Commit message (Collapse)AuthorAgeFilesLines
* defconfig: Enable Hotspot 2.0 (wpa_supplicant)Lubomir Rintel2019-02-251-2/+2
| | | | | | Generally useful, Debian enables this. Other distros should too. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Enable RSN on IBSS networks (wpa_supplicant)Lubomir Rintel2019-02-251-1/+1
| | | | | | | | Fedora and Debian enable this. NetworkManager actually rejects such configurations citing kernel bugs, but that actually might not be the right thing to do anymore. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Remove obsolete notes about OpenSSL requirements for EAP-FASTJouni Malinen2019-02-252-6/+0
| | | | | | | | OpenSSL 0.9.8 reached its end-of-life long time ago, so remove these old notes about need of a newer OpenSSL version for EAP-FAST since all current OpenSSL versions include the needed functionality. Signed-off-by: Jouni Malinen <j@w1.fi>
* defconfig: Enable a handful of EAP methods (wpa_supplicant)Lubomir Rintel2019-02-251-8/+8
| | | | | | | | | | | | Fedora uses AKA, FAST, GPSK_SHA256, GPSK, IKEV2, PAX, SAKE and TNC. I don't know why these in particular. AKA wouldn't work, because CONFIG_PCSC is off anyways; let's enable all the other ones, and also PWD (openSUSE enabled it because users demanded it). Debian enables all of the above uses, but also PWD, AKA_PRIME, SIM, PSK and EKE. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Enable logging to file and syslog (wpa_supplicant)Lubomir Rintel2019-02-251-2/+2
| | | | | | | Debian and Fedora enable both and log to syslog. openSUSE seems to log to a flat file instead. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Enable simple bgscan module (wpa_supplicant)Lubomir Rintel2019-02-251-1/+1
| | | | | | | | | | Generally useful. Linux distros enable this and also utilize it via NetworkManager. Debian also enables the learn module. I'm leaving it off as it's marked experimental. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Enable AP (wpa_supplicant)Lubomir Rintel2019-02-251-1/+1
| | | | | | | Generally useful. Debian and Fedora enable this and support creating access points via NetworkManager too. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Enable WPS (wpa_supplicant)Lubomir Rintel2019-02-251-1/+1
| | | | | | | | | | WPS is generally useful with consumer hardware, and exposed to desktop users via NetworkManager. The Linux distros, including Debian, Fedora, and openSUSE enable it. Debian also enables external registar support and NFC. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Fix typos in Wi-Fi Display descriptionJouni Malinen2019-02-252-4/+4
| | | | | | These were supposed to be talking about Wi-Fi Display, not Wi-Fi Direct. Signed-off-by: Jouni Malinen <j@w1.fi>
* defconfig: Enable P2P and Wi-Fi Display (wpa_supplicant)Lubomir Rintel2019-02-251-2/+2
| | | | | | | Generally useful. Debian and Fedora enable this, upcoming NetworkManager provide some level of support too. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Add SAE (wpa_supplicant)Lubomir Rintel2019-02-251-0/+3
| | | | | | | Generally useful and the distros (Debian, Fedora) enable this already to support WPA3-Personal and protected 802.11s mesh BSSs. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Add DPP (wpa_supplicant)Lubomir Rintel2019-02-251-0/+5
| | | | | | Generally useful, already enabled in Debian and Fedora. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* UBSan: Avoid a warning on unsigned integer overflowJouni Malinen2019-02-251-3/+3
| | | | | | | | | wpa_non_pref_chan_cmp() needs to use explicit typecasts to avoid UBSan warnings for unsigned integer overflows. mbo.c:298:26: runtime error: unsigned integer overflow: 1 - 2 cannot be represented in type 'unsigned int' Signed-off-by: Jouni Malinen <j@w1.fi>
* UBSan: Avoid unnecessary warningJouni Malinen2019-02-251-1/+1
| | | | | | | | | | elems->mic might be NULL here, so do not try to decrement it by 2 even if the result is not used anywhere due to a latter check for elems->mic being NULL. mesh_rsn.c:646:20: runtime error: pointer index expression with base 0x000000000000 overflowed to 0xfffffffffffffffe Signed-off-by: Jouni Malinen <j@w1.fi>
* UBSan: Avoid memcmp(ptr, NULL, 0)Jouni Malinen2019-02-251-1/+3
| | | | | | | | | Skip the memcmp() call if ssid_len == 0 and entry->ssid might be NULL to avoid an UBSan warning. wpa_supplicant.c:3956:9: runtime error: null pointer passed as argument 2, which is declared to never be null Signed-off-by: Jouni Malinen <j@w1.fi>
* UBSan: Fix RRM beacon processing attempt without scan_infoJouni Malinen2019-02-251-2/+2
| | | | | | | | | | | | | Some driver interfaces (e.g., wext) might not include the data->scan_info information and data could be NULL here. Do not try to call the RRM handler in this case since that would dereference the NULL pointer when determining where scan_info is located and could potentially result in trying to read from unexpected location if RRM is enabled with a driver interface that does not support it. events.c:1907:59: runtime error: member access within null pointer of type 'union wpa_event_data' Signed-off-by: Jouni Malinen <j@w1.fi>
* UBSan: Avoid size_t variable overflow in control interfaceJouni Malinen2019-02-251-1/+2
| | | | | | | | | | | The loop "if (i-- == 0) break" style construction works in practice fine since the check against 0 is done before decrementation. However, this hits an UBSan warning, so split that decrementation to happen as a separate step after the check and break from the loop. ctrl_iface.c:5086:9: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'size_t' (aka 'unsigned long') Signed-off-by: Jouni Malinen <j@w1.fi>
* UBSan: Avoid unsigned integer overflow is throughput estimationJouni Malinen2019-02-251-2/+3
| | | | | | | | | | | | wpa_scan_result_compar() would return wb->est_throughput - wa->est_throughput in case the comparison is done based on the throughput estimates. While the return value from this function is a signed integer, these est_throughput values are unsigned integers and need to be explicitly typecast to avoid an UBSan warning. scan.c:1996:30: runtime error: unsigned integer overflow: 54000 - 135000 cannot be represented in type 'unsigned int' Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix cipher suite selector default value in RSNE for DMGLior David2019-02-213-3/+18
| | | | | | | | | | | | | | | | | | | | According to IEEE Std 802.11-2016, when fields of an RSNE are not included, the default values are used. The cipher suite defaults were hardcoded to CCMP in the previous implementation, but the default is actually different for DMG: GCMP (per It is not possible to find out from the RSNE if the network is non-DMG or DMG, so callers of wpa_parse_wpa_ie_rsn() need to handle this case based on context, which can be different for each caller. In order to fix this issue, add flags to the wpa_ie_data indicating whether pairwise/group ciphers were included in the RSNE. Callers can check these flags and fill in the appropriate ciphers. The wpa_parse_wpa_ie_rsn() function still initializes the ciphers to CCMP by default so existing callers will not break. This change also fixes some callers which need to handle the DMG network case. Signed-off-by: Lior David <liord@codeaurora.org>
* wpa_supplicant: Support Multi-AP backhaul STA onboarding with WPSDavina Lu2019-02-187-10/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Wi-Fi Alliance Multi-AP Specification v1.0 allows onboarding of a backhaul STA through WPS. To enable this, the backhaul STA needs to add a Multi-AP IE to the WFA vendor extension element in the WSC M1 message that indicates it supports the Multi-AP backhaul STA role. The Registrar (if it support Multi-AP onboarding) will respond to that with a WSC M8 message that also contains the Multi-AP IE, and that contains the credentials for the backhaul SSID (which may be different from the SSID on which WPS is performed). Introduce a new parameter to wpas_wps_start_pbc() and allow it to be set via control interface's new multi_ap=1 parameter of WPS_PBC call. multi_ap_backhaul_sta is set to 1 in the automatically created SSID. Thus, if the AP does not support Multi-AP, association will fail and WPS will be terminated. Only wps_pbc is supported. This commit adds the multi_ap argument only to the control socket interface, not to the D-Bus interface. Since WPS associates with the fronthaul BSS instead of the backhaul BSS, we should not drop association if the AP announces fronthaul-only BSS. Still, we should only do that in the specific case of WPS. Therefore, add a check to multi_ap_process_assoc_resp() to allow association with a fronthaul-only BSS if and only if key_mgmt contains WPS. Signed-off-by: Davina Lu <ylu@quantenna.com> Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Daniel Golle <daniel@makrotopia.org> Cc: Marianna Carrera <marianna.carrera.so@quantenna.com>
* mesh: More consistent checking of wpa_s->ifmsh in completion handlerJouni Malinen2019-02-181-8/+6
| | | | | | | | | It does not look like wpa_s->ifmsg could be NULL here, but better be more consistent anyway to keep static analyzers happier by avoiding dereference of wpa_s->ifmsh in the function before the NULL check for it. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* P2P: Stop listen state if Action frame TX is needed on another channelJouni Malinen2019-02-171-5/+12
| | | | | | | | | | | | | | | | This speeds up P2P responses to frames received on an operating channel in case there is an ongoing P2P listen operation on another channel. This is applicable to drivers that support multiple channels in concurrently. This addresses an issue showing up in the p2ps_channel_active_go_and_station_different_mcc test case where the Provision Discovery Request frame can be received on the operating channel of a group instead of the Listen channel. The response was delayed until the listen operation timed out and this took too long time for the peer to receive the response. Signed-off-by: Jouni Malinen <j@w1.fi>
* Indicate wifi_generation in wpa_supplicant STATUS outputJouni Malinen2019-02-153-0/+36
| | | | | | | | | | This adds a wifi_generation=4/5/6 line to the STATUS output if the driver reports (Re)Association Request frame and (Re)Association Response frame information elements in the association or connection event. Only the generations 4 (HT = 802.11n), 5 (VHT = 802.11ac), and 6 (HE = 802.11ax) are reported. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* VLAN assignment based on used WPA/WPA2 passphrase/PSKJouni Malinen2019-02-142-2/+6
| | | | | | | | | | | | Extend wpa_psk_file to allow an optional VLAN ID to be specified with "vlanid=<VLAN ID>" prefix on the line. If VLAN ID is specified and the particular wpa_psk_file entry is used for a station, that station is bound to the specified VLAN. This can be used to operate a single WPA2-Personal BSS with multiple VLANs based on the used passphrase/PSK. This is similar to the WPA2-Enterprise case where the RADIUS server can assign stations to different VLANs. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Note HT overrides in debug log only if setJouni Malinen2019-02-091-13/+16
| | | | | | | This makes the debug log cleaner by removing the mostly confusing prints about HT override parameters if they are not actually used. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add FT-PSK to GET_CAPABILITY key_mgmtMasashi Honma2019-02-051-0/+8
| | | | Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* Clear config item writing buffer before freeing itJouni Malinen2019-02-051-1/+1
| | | | | | | | This buffer may be used to store items like passwords, so better clean it explicitly to avoid possibility of leaving such items in heap memory unnecessarily. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* D-Bus: Fix P2P DeleteService dict iterationJouni Malinen2019-02-041-35/+17
| | | | | | | | | The previous implementation assumed the first entry coming out from the dict is always service_type. That may not be the case, so properly iterate over all dict entries in one loop instead of assuming what the first entry is. Signed-off-by: Jouni Malinen <j@w1.fi>
* D-Bus: Fix a memory leak in DeleteService handlerJouni Malinen2019-02-041-1/+2
| | | | | | | If the service_type string entry is not included, the dict entry was not cleared. Signed-off-by: Jouni Malinen <j@w1.fi>
* DPP: Clear dpp_listen_freq on remain-on-channel failureJouni Malinen2019-01-301-0/+1
| | | | | | | | | | | If the DPP_LISTEN command failed due to the driver rejecting the remain-on-channel request, wpa_s->dpp_listen_freq was left set to the requested listen frequency and this resulted in the next DPP_LISTEN for the same frequency reporting "DPP: Already listening on .." even when the driver was not really listening on that frequency. Fix this by clearing wpa_s->dpp_listen_freq in the error case. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* P2P: Allow the avoid channels for P2P discovery/negotiationPurushottam Kushwaha2019-01-301-4/+11
| | | | | | | | | | | | | | | The avoid channels are notified through QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY allow minimal traffic, so enhance the P2P behavior accordingly by considering these avoid frequencies for P2P discovery/negotiation as long as they are not in disallowed frequencies list. Additionally, do not return failure when none of social channels are available as operation channel, rather, mark the op_channel/op_reg_class to 0 as this would anyway get selected during the group formation in p2p_prepare_channel. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: Use python3 compatible print statementMasashi Honma2019-01-2619-351/+354
| | | | | | | | This patch is made by using 2to3 command. $ find . -name *.py | xargs 2to3 -f print -w -n Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* tests: Use python3 compatible "except" statementMasashi Honma2019-01-2613-39/+39
| | | | | | | | This patch is made by using 2to3 command. $ find . -name *.py | xargs 2to3 -f except -w -n Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* Write multi_ap_backhaul_sta to wpa_supplicant configDaniel Golle2019-01-231-0/+1
| | | | | | | | | | The network configration option multi_ap_backhaul_sta was added without adding it to wpa_config_write_network(). Hence the value of this option was not included when writing the configuration file. Fix this by including it in wpa_config_write_network(). Fixes: 5abc7823b ("wpa_supplicant: Add Multi-AP backhaul STA support") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* dbus: Document more possible BSS/RSA/KeyMgmt valuesLubomir Rintel2019-01-231-1/+6
| | | | | | | | | | This is probably not ideal, since it would be better if it ended up being autogenerated somehow, but at least it's somewhat of an improvement. Also added a comment that encourages keeping the docs in sync. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* Check supported types in wpas_mac_addr_rand_scan_set()Lior David2019-01-232-13/+17
| | | | | | | | | | | When setting scan with randomized MAC, check the requested scan type against supported types, to ensure callers will not set an unsupported type, since this can cause scan/connect failures later. It is better to do this in wpas_mac_addr_rand_scan_set() instead of control interface specific code to apply the constraint on all possible interfaces using this setting. Signed-off-by: Lior David <liord@codeaurora.org>
* Fix test compilation error related to sme_event_unprot_disconnect()Lior David2019-01-231-0/+2
| | | | | | | | sme_event_unprot_disconnect() is only defined with CONFIG_IEEE80211W, so the CONFIG_TESTING_OPTIONS command UNPROT_DEAUTH can be defined only with builds that enable IEEE 802.11w support. Signed-off-by: Lior David <liord@codeaurora.org>
* FILS: Remove notes about experimental implementationJouni Malinen2019-01-222-4/+0
| | | | | | | | | The standard amendment has been published and there has been sufficient amount of interoperability testing for FILS to expect the protocol not to be changed anymore, so remove the notes claiming this to be experimental and not suitable for production use. Signed-off-by: Jouni Malinen <j@w1.fi>
* dbus: Expose support of SAE key management in BSS propertiesLubomir Rintel2019-01-221-1/+7
| | | | | | This is going to be useful for NetworkManager and likely others. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* Revert "mesh: Apply channel attributes before setup interface"Masashi Honma2019-01-211-8/+3
| | | | | | | | | | | | | | | | | | | | This reverts commit 2564184440d9d6041d11a8c7d50b31368634c3bd. Commit 2564184440d9 ("mesh: Apply channel attributes before setup interface") triggers some channel configurations to result in leaking memory. This seems to be caused by hapd->started not getting set when going through a callback to start hostapd operation (e.g., when using HT40 coex scan) due to hostapd_setup_bss() not getting called. This results in hostapd_free_hapd_data() not clearing allocated hapd->wpa_auth. This can be reproduced with the hwsim test case mesh_secure_ocv_mix_legacy. A more complete cleanup of the pending mesh patch for DFS support seems to be needed to fix this properly, so the best approach for now is to revert this patch and bring it back once rest of the mesh changes are ready to be applied. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* D-Bus: Fix P2P Flush method to clear pending Action framesAmit Khatri2019-01-211-0/+1
| | | | | | | | If we call p2p_flush from ctrl_iface, before calling p2p_flush() it calls wpas_p2p_stop_find(). Add the same call to the matching D-Bus method to clear all pending operations. Signed-off-by: Amit Khatri <amit7861234@gmail.com>
* P2P: support random interface addressJimmy Chen2019-01-124-0/+44
| | | | | | | | | | To enhance privacy, generate a random interface for each group. There are two configurations are introduced: * p2p_interface_random_mac_addr enable interface random MAC address feature, default disable. Signed-off-by: Jimmy Chen <jimmycmchen@google.com>
* P2P: Support random device addressJimmy Chen2019-01-125-0/+97
| | | | | | | | | | | | | | | To enhance privacy, generate a random device address for P2P interface. If there is no saved persistent group, it generate a new random MAC address on bringing up p2p0. If there is saved persistent group, it will use last MAC address to avoid breaking group reinvoke behavior. There are two configurations are introduced: * p2p_device_random_mac_addr enable device random MAC address feature, default disable. * p2p_device_persistent_mac_addr store last used random MAC address. Signed-off-by: Jimmy Chen <jimmycmchen@google.com>
* P2P: Add 802.11ax support for P2P GOPeng Xu2019-01-1211-36/+72
| | | | | | | | An optional parameter "he" is added to p2p_connect, p2p_group_add, and p2p_invite to enable 11ax HE support. The new p2p_go_he=1 configuration parameter can be used to request this to be enabled by default. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* eapol_test: Start the identifier at an initial random valueMartin Stanislav2019-01-081-1/+2
| | | | | | | | Start the (EAP request) identifier at an initial random value as recommended by RFC 3748 in section 4.1 Request and Response on page 21. Signed-off-by: Martin Stanislav <ms@uakom.sk>
* nl80211: Indicate 802.1X 4-way handshake offload in connectArend van Spriel2019-01-071-0/+7
| | | | | | | | Upon issuing a connect request we need to indicate that we want the driver to offload the 802.1X 4-way handshake for us. Indicate it if the driver capability supports the offload. Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
* drivers: Add separate driver flags for 802.1X and PSK 4-way HS offloadsArend van Spriel2019-01-073-6/+6
| | | | | | | | | Allow drivers to indicate support for offloading 4-way handshake for either IEEE 802.1X (WPA2-Enterprise; EAP) and/or WPA/WPA2-PSK (WPA2-Personal) by splitting the WPA_DRIVER_FLAGS_4WAY_HANDSHAKE flag into two separate flags. Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
* Use freq_list to constrain supported operating class informationBen Greear2019-01-071-0/+27
| | | | | | | | If a station is configured to allow only a subset of frequencies for an association, the supported operating classes may need to be more limited than what the hardware supports. Signed-off-by: Ben Greear <greearb@candelatech.com>
* Use disable_ht/vht to constrain supported operating class informationBen Greear2019-01-074-7/+43
| | | | | | | If user has disabled HT or VHT, those related operating classes should not be advertised as supported. Signed-off-by: Ben Greear <greearb@candelatech.com>
* mesh: Implement use of VHT20 config in mesh modePeter Oh2019-01-061-4/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | Mesh in VHT mode is supposed to be able to use any bandwidth that VHT supports, but there was no way to set VHT20 although there are parameters that are supposed to be used. This commit along then previous commit for VHT_CHANWIDTH_USE_HT makes mesh configuration available to use any bandwidth with combinations of existing parameters like shown below. VHT80: default do not set any parameters VHT40: max_oper_chwidth = 0 VHT20: max_oper_chwidth = 0 disable_ht40 = 1 HT40: disable_vht = 1 HT20: disable_ht40 = 1 disable HT: disable_ht = 1 Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>