path: root/wpa_supplicant
Commit message (Collapse)AuthorAgeFilesLines
* DPP: Fix compilation without opensslAndrei Otcheretianski2017-07-071-1/+0
| | | | | | | | | dpp.h file requires openssl in order to compile, which breaks compilation on systems without it. Move DPP_OUI_TYPE to ieee802_11_defs.h and don't include dpp.h when not really needed. Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
* P2P: Allow auto GO on DFS channels if driver supports thisSunil Dutt2017-07-071-20/+21
| | | | | | | | | | | | | | | If a DFS forced frequency is provided in 'p2p_group_add' and the driver supports DFS offload, the frequency was rejected in wpas_p2p_init_go_params(). However, it was accepted in wpas_p2p_select_go_freq() and wpas_p2p_group_add(). To make the behavior consistent, the DFS frequency is now accepted in wpas_p2p_init_go_params() similar to the way done in wpas_p2p_select_go_freq(). Redundant check in wpas_p2p_group_add() for DFS forced frequency is removed. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FILS: Advertize FILS capability based on driver capabilityVidyullatha Kanchanapally2017-07-071-8/+86
| | | | | | | | Add changes to control interface command get_capability to advertize FILS capability, FILS AKMs suites, and FILS Authentication algorithms based on the driver capabilities. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* MBO: Whitespace cleanupJouni Malinen2017-07-042-2/+2
| | | | | | Fix couple of previously missed whitespace issues. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add wpa_supplicant ctrl iface support to scan for a specific BSSIDAshwini Patil2017-07-041-0/+13
| | | | | | | | | Add support to scan for a specific BSSID through the wpa_supplicant control interface. Usage: wpa_cli scan bssid=ab:bc:cd:de:ef:12 Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Add DPP_CONFIGURATOR_SIGN to generate own connectorJouni Malinen2017-07-043-41/+76
| | | | | | | The DPP Configurator can use this new command to generate its own signed connector for the network that it manages. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Share bootstrap type to string helper functionJouni Malinen2017-07-041-13/+1
| | | | | | This can be used in hostapd as well. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Allow wpa_cli DPP_CONFIGURATOR_ADD without argumentsJouni Malinen2017-07-041-1/+1
| | | | | | | All the arguments to this command are optional, so do not mandate at least one to be included in wpa_cli. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Set PMKSA expiration based on peer connectorJouni Malinen2017-07-031-2/+16
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Configurator parameters in responder roleJouni Malinen2017-07-033-59/+86
| | | | | | | This allows wpa_supplicant to be configured to act as the configurator in the case where a peer device initiates DPP Authentication. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: PKEX bootstrappingJouni Malinen2017-07-025-0/+386
| | | | | | | | This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Fix configuration item listJouni Malinen2017-07-021-5/+5
| | | | | | This was supposed to use semicolons, not commas.. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* nl80211/MBO: Set temporary disallowed BSSID list to driverAshwini Patil2017-06-304-20/+64
| | | | | | | | | Set temporary disallowed BSSID list to the driver so that the driver doesn't try to connect to any of the blacklisted BSSIDs during driver-based roaming operation. This commit includes support only for the nl80211 driver interface using a QCA vendor command for this. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Allow passphrase to be set for ConfiguratorJouni Malinen2017-06-231-6/+15
| | | | | | | The new pass=<hexdump> parameter to DPP_AUTH_INIT can now be used to specify the passphrase to use in config object. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Allow SSID to be set for ConfiguratorJouni Malinen2017-06-231-5/+18
| | | | | | | The new ssid=<hexdump> parameter to DPP_AUTH_INIT can now be used to specify the SSID to use in config object. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Add an example python script for QR Code operationsJouni Malinen2017-06-221-0/+130
| | | | | | | | This script can be used to process Android logcat information for scanned QR Codes (e.g., from Barcode Scanner app) and also to display QR Codes for locally generated bootstrap keys. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Add DPP_BOOTSTRAP_INFO commandJouni Malinen2017-06-224-0/+46
| | | | | | This can be used to fetch parsed details on bootstrapping information. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Automatic network profile creationJouni Malinen2017-06-214-0/+119
| | | | | | | | | | | | | | | | | wpa_supplicant can now be configured to generate a network profile automatically based on DPP configuration. The following dpp_config_processing values can be used to specify the behavior: 0 = report received configuration to an external program for processing; do not generate any network profile internally (default) 1 = report received configuration to an external program and generate a network profile internally, but do not automatically connect to the created (disabled) profile; the network profile id is reported to external programs 2 = report received configuration to an external program, generate a network profile internally, try to connect to the created profile automatically Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FILS: Fix EVENT_ASSOC processing checks for driver-SMEJouni Malinen2017-06-191-3/+4
| | | | | | | | | | | | | | Commit 5538fc930988bfc12935579b2b9930d18ffd1be8 ('FILS: Track completion with FILS shared key authentication offload') added an additional case for calling wpa_supplicant_event_assoc_auth() from EVENT_ASSOC handling in case of FILS-completion with driver-based-SME. However, that checked what placed outside the data != NULL case while data != NULL needs to apply for this case as well due to wpa_supplicant_event_assoc_auth() behavior. Move the data != NULL check to apply to both cases to avoid potentially issues if a driver interface were to return EVENT_ASSOC without the associate data. (CID 164708) Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Make wpa_config_read_blob() easier for static analyzersJouni Malinen2017-06-191-1/+1
| | | | | | | | | | While encoded == NULL could happen in the case of an empty blob, that will result in encoded_len == 0 and base64_decode() not derefencing the src argument. That seems to be too difficult for some static analyzers, so to avoid false warnings, explicitly reject the encoded == NULL case without even trying to base64 decode it. (CID 164709) Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Network Introduction protocol for wpa_supplicantJouni Malinen2017-06-195-3/+210
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Network profile parameters for DPP AKMJouni Malinen2017-06-193-0/+56
| | | | | | | | Extend wpa_supplicant network profile to include parameters needed for the DPP AKM: dpp_connector, dpp_netaccesskey, dpp_netaccesskey_expiry, dpp_csign, dpp_csign_expiry. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Add new AKMJouni Malinen2017-06-195-2/+46
| | | | | | | | | | This new AKM is used with DPP when using the signed Connector to derive a PMK. Since the KCK, KEK, and MIC lengths are variable within a single AKM, this needs number of additional changes to get the PMK length delivered to places that need to figure out the lengths of the PTK components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Integration for hostapdJouni Malinen2017-06-192-0/+8
| | | | | | | This adds DPP bootstrapping, authentication, and configuration into hostapd similarly to how the design was integrated in wpa_supplicant. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Add wpa_cli commands for DPP operationsJouni Malinen2017-06-191-0/+93
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Configuration exchangeJouni Malinen2017-06-198-8/+617
| | | | | | | | This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Authentication exchangeJouni Malinen2017-06-197-0/+647
| | | | | | | Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Bootstrap information managementJouni Malinen2017-06-197-0/+317
| | | | | | | | | | | | | Add wpa_supplicant control interface commands for parsing the bootstrap info URI from a QR Code (get peer public key) and to generate a new bootstrap info with private key for local use. The optional key=<hexdump> argument to the DPP_BOOTSTRAP_GEN command can be used to specify the bootstrapping private key in OpenSSL ECPrivateKey DER encoding format. This results in the local bootstrapping information entry being created with the specified key instead of generating a new random one. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Fix offchannel TX done handling for sequence of TX framesJouni Malinen2017-06-172-1/+5
| | | | | | | | | | | | | | | | There could be multiple pending TX operations and if the earlier ones have used wait_time, but the last one did not, the driver call for canceling pending wait was not done. This could result in the driver getting stuck waiting for the previously scheduled wait time and not being able to do new operations until that. Fix this by canceling the wait if any of the past offchannel_send_action() calls since the last offchannel_send_action_done() used non-zero wait_time. This was showing up as issues in certain DPP Public Action frame sequences when the same offchannel operation is used with multiple frames and the last frame in the sequence does not need wait_time. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add JavaScript Object Notation (JSON) parser (RFC7159)Jouni Malinen2017-06-172-0/+10
| | | | | | This is needed for DPP configuration attributes/objects. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Extend SHA-384 and SHA-512 support to match SHA-256Jouni Malinen2017-06-172-0/+32
| | | | | | | The additional SHA-384 and SHA-512 functionality is needed to support DPP with various ECC curves. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* P2P: Debug print P2P_FIND rejection reasonJouni Malinen2017-06-131-1/+7
| | | | | | | This can be helpful in figuring out what happened if P2P_FIND operation is unexpectedly rejected. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* P2P: Fix p2p_in_provisioning clearing in failure caseWu Gao2017-06-131-0/+4
| | | | | | | | | | | | | | | | | | | | wpa_s->p2p_in_provisioning needs to be cleared when group formation fully completes. The change to postpone GO side handling to the first data connection in commit 41f853235fe1d1fad1acecc0ee5dfe81c872c6b2 ('P2P: Extend group formation timeout on GO to first data connection') resulted in making this not happen in one P2P Client side case: EAP-WSC timeout in PBC case. While that is quite special case since it requires 30 second timeout without receiving new EAPOL frames and not getting disassociation, it can apparently happen in some cases in practice. This would result in new P2P operations (e.g., P2P_FIND) getting rejected until wpa_supplicant is restarted. Fix this by clearing wpa_s->p2p_in_provisioning whenever processing a group formation failure case. For group formation success, wpa_s->p2p_in_provisioning is left set to non-zero value to avoid breaking the earlier limits on the GO side. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* eap_proxy: Support multiple SIMs in get_imsi()Vidyullatha Kanchanapally2017-06-063-4/+4
| | | | | | | | This allows the eap_proxy mechanism to be used with multiple SIMs by following the configured sim_num to index which SIM to use for when fetching the IMSI through eap_proxy. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* P2P: wpas_p2p_select_go_freq() to check for supported pref_freqSunil Dutt2017-05-271-2/+4
| | | | | | | | | | | | | | | | | | This commit is similar to the commit 783c2920cc9117b663506dc82223867bfa792a5d ('P2P: Check if the pref_freq reported by the driver supports P2P') but extends the check for supported pref_freq to wpas_p2p_select_go_freq(). This avoids issues with P2P_GROUP_ADD ending up selecting an unexpected channel when get_pref_freq_list() (i.e., QCA_NL80211_VENDOR_SUBCMD_GET_PREFERRED_FREQ_LIST) is used. Filter the list by removing channels that do not allow P2P operation at all. Previously, only the explicitly disallowed channels were removed and that could have resulted in selecting an operating channel that is not allowed for P2P and failing to complete the operation to start the group. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Interworking: Add NULL checking for EAP name in phase2/autheap parameterPeng Xu2017-05-261-3/+4
| | | | | | | | | | Add NULL checking for EAP name. If it is NULL, do not add the phase2 parameter autheap. This should not happen in practice due to earlier checks for credential matching, but if there is a code path that would allow this to be set, it is better to skip setting of the invalid value and allow automatic selection of the Phase 2 parameters. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Do not flush PMKSA on bssid_hint changePurushottam Kushwaha2017-05-221-0/+1
| | | | | | | | | | | | | Change in any network configuration at runtime will cause flush to PMKSA cache. For most of the network parameters if there is no change in value, PMKSA flush is not performed except 'bssid' and 'priority'. Add 'bssid_hint' to exemption list of avoiding PMKSA flush on change. This is needed to complete change in commit 43a356b2687219b7a212df8ef21237b5ddf49f35 ('Provide option to configure BSSID hint for a network'). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* driver: Make DFS domain information available to coreVasanthakumar Thiagarajan2017-05-133-4/+8
| | | | | | | | Current DFS domain information of the driver can be used in ap/dfs to comply with DFS domain specific requirements like uniform spreading for ETSI domain. Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qti.qualcomm.com>
* Provide option to configure BSSID hint for a networkPurushottam Kushwaha2017-05-114-0/+73
| | | | | | | | | | This exposes user configurable option to set bssid_hint for a network. bssid_hint indicates which BSS has been found a suitable candidate for initial association for drivers that use driver/firmware-based BSS selection. Unlike the bssid parameter, bssid_hint does not limit the driver from selecting other BSSs in the ESS. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Fix compiler warning with CONFIG_IEEE80211R no-CONFIG_FILS buildJouni Malinen2017-05-091-0/+2
| | | | | | | Addition of remove_ies() handled the CONFIG_IEEE80211R dependency, but missed the caller being within CONFIG_FILS as well. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Make CONFIG_MACSEC depend on IEEE8021X_EAPOLJaap Keuter2017-05-081-12/+13
| | | | | | | | | | | | | When reducing the configuration for MACsec/MKA to the bare minimum, so no EAP authentication, just MACsec/MKA SA use with preshared key/name, the EAPOL engine is still needed to run the protocol for MKA. Without any EAP authentication options the IEEE8021X_EAPOL option is not set, resulting in a non-working Key Agreement Entity. Therefore the CONFIG_MACSEC block needs to move up and set the IEEE8021X_EAPOL option. Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
* mesh: Make NL80211_MESHCONF_RSSI_THRESHOLD configurableMasashi Honma2017-05-085-1/+18
| | | | | | | | In some practical cases, it is useful to suppress joining to node in the distance. The new field mesh_rssi_threshold could be used as RSSI threshold for joining. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* dbus: Add method to disable channel switching with a TDLS peerNishant Chaprana2017-05-073-0/+41
| | | | | | | | This patch adds "TDLSCancelChannelSwitch" dbus method on "fi.w1.wpa_supplicant1.Interface" interface to disable channel switching with a TDLS peer. Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
* dbus: Add method to enable channel switching with a TDLS peerNishant Chaprana2017-05-073-0/+129
| | | | | | | | This patch adds "TDLSChannelSwitch" dbus method on "fi.w1.wpa_supplicant1.Interface" interface to enable channel switching with a TDLS peer. Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
* dbus: Add AbortScan method to abort ongoing scanSaurav Babu2017-05-073-0/+30
| | | | Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
* FILS: Derive FT key hierarchy on supplicant side for FILS+FTJouni Malinen2017-05-071-0/+43
| | | | | | | | Derive PMK-R0 and the relevant key names when using FILS authentication for initial FT mobility domain association. Fill in the FT IEs in (Re)Association Request frame for this. Signed-off-by: Jouni Malinen <j@w1.fi>
* wpa_supplicant: Add GET_CAPABILITY for P2P redirectionDmitry Shmidt2017-05-041-0/+1
| | | | | | | It will give capability to check channel list before P2P group is created. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
* Android: Define CONFIG_TESTING_OPTIONS if enabled in configVamsi Krishna2017-05-041-0/+4
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* MBO: Add support to set ignore assoc disallow to driverVamsi Krishna2017-05-042-0/+10
| | | | | | | | Add support to set ignore assoc disallow to the driver so that the driver ignores assoc disallowed bit set by APs while connecting. This is used by drivers that handle BSS selection and roaming internally. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* MBO: Fix possible NULL pointer dereference on candidate handlingPradeep Reddy Potteti2017-05-031-2/+3
| | | | | | | | | | If the driver provides input on MBO transition candidate handling, the target value in get_mbo_transition_candidate() can be NULL if the driver provided BSSID is not found in the wpa_supplicant BSS table. And later it would be dereferenced. Fix this by adding an explicit check before dereferencing the pointer. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>