path: root/wpa_supplicant
Commit message (Collapse)AuthorAgeFilesLines
* WPS: Check BSS table against current BSSID if credential does not matchJouni Malinen2017-12-021-0/+3
| | | | | | | | | The credential MAC address is not necessarily that of the AP, i.e., it is more likely to be that of the Enrollee. Check the scan results against the current BSSID as well if match is not found otherwise when going through the mixed mode workaround. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Change Authentication Response retry time to 1 secondJouni Malinen2017-12-021-1/+1
| | | | | | | | The previously used 10 second timer did not really make much sense since the Initiator is not going to be waiting for the response that long. Change this to 1 second based on the DPP tech spec change. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Extend dpp_test with invalid Transaction ID in Peer Disc ReqJouni Malinen2017-11-301-0/+6
| | | | | | | Allow a Transaction ID attribute with invalid length to be sent for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Call wpas_dpp_stop() from wpas_dpp_deinit()Jouni Malinen2017-11-291-3/+1
| | | | | | | | This makes the full DPP deinit operation more consistent with stopping of a single operation. In practice, this adds the new GAS client stopping functionality. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Stop pending GAS client operation on DPP_STOP_LISTENJouni Malinen2017-11-294-0/+25
| | | | | | | This makes the operation more complete in stopping all ongoing DPP related functionality. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Deinit PKEX instance on DPP_STOP_LISTENJouni Malinen2017-11-291-0/+2
| | | | | | | Previously this stopped only the DPP Authentication instance, but it is better to clear both PKEX and Authentication. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Do not process dpp_auth_ok_on_ack multiple timesJouni Malinen2017-11-271-0/+3
| | | | | | | | An additional TX status callback could result in processing the DPP authentication completion another time at least with hostapd. Fix this by clearing the dpp_auth_ok_on_ack when processing it. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Fix compilation without CONFIG_TESTING_OPTIONS=yAshok Ponnaiah2017-11-271-0/+4
| | | | | | | Add CONFIG_TESTING_OPTIONS ifdef protection to couple of forgotten DPP test parameters in wpa_supplicant ctrl_iface. Signed-off-by: Ashok Ponnaiah <aponnaia@qti.qualcomm.com>
* DPP: Ignore GAS server status callback for unknown responseJouni Malinen2017-11-271-0/+8
| | | | | | | | | It was possible for a timeout from an old GAS server operation to trigger DPP configuration failure during the subsequent DPP operation. Fix this by verifying that the status callback is for the response generated during the same DPP Authentication/Configuration exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Add DPP_CONFIGURATOR_SIGN support to hostapdJouni Malinen2017-11-271-1/+1
| | | | | | | | Configurator signing its own Connector was previously supported only in wpa_supplicant. This commit extends that to hostapd to allow an AP acting as a Configurator to self-configure itself. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Allow PKEX x/X and y/Y keypairs to be overriddenJouni Malinen2017-11-231-0/+12
| | | | | | | This is for testing purposes to allow a test vector with specific values to be generated. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Allow PKEX own/peer MAC addresses to be overriddenJouni Malinen2017-11-231-0/+8
| | | | | | | This is for testing purposes to allow a test vector with specific values to be generated. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Provide peer_mac to PKEX Initiator through function argumentJouni Malinen2017-11-231-2/+1
| | | | | | | Avoid unnecessary direct write to a struct dpp_pkex member from outside dpp.c. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Remove compiler warnings about signed/unsigned comparisonsJouni Malinen2017-11-231-1/+1
| | | | | | These timestamp comparisons did not use matching signedness. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Add wpa_msg_ctrl() to report Probe Request frames from STAbhagavathi perumal s2017-11-231-1/+1
| | | | | | | | | This allows external applications to get event indication for Probe Request frames. Extend ctrl iface cmd "ATTACH" to enable this event on per-request basis. For example, user has to send ctrl iface cmd "ATTACH probe_rx_events=1" to enable the Probe Request frame events. Signed-off-by: bhagavathi perumal s <bperumal@qti.qualcomm.com>
* DPP: Fix number of Authentication Request retry casesJouni Malinen2017-11-232-24/+65
| | | | | | | | | | Previous implementation did not handle number of sequences correctly. Make sure the iteration continues in both unicast and broadcast cases until the five attempts have been made. In addition, improve timing by checking 10 second time from the beginning of each iteration round and not the last channel on which the Auth Req frame has been transmitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Take response wait time into account for init retriesJouni Malinen2017-11-221-1/+11
| | | | | | | | | Previously, the Authentication Request frame was retried after 2+10 = 12 seconds since the wait for the response was not accounted for. Substract that wait from the 10 second wait time to start the retries more quickly based on the 10 second timer described in the tech spec. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Stop Authentication Request attempts if no response after ACKJouni Malinen2017-11-221-6/+25
| | | | | | | | | If unicast Authentication Request frame is used and the peer ACKs such a frame, but does not reply within the two second limit, there is no need to continue trying to retransmit the request frames since the peer was found, but not responsive. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Add SAE credential support to ConfiguratorJouni Malinen2017-11-221-6/+20
| | | | | | | The new conf={sta,ap}-{sae,psk-sae} parameter values can now be used to specify that the legacy configuration object is for SAE. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Add akm=sae and akm=psk+sae support in Enrollee roleJouni Malinen2017-11-221-1/+7
| | | | | | | | This allows DPP to be used for enrolling credentials for SAE networks in addition to the legacy PSK (WPA-PSK) case. In addition, enable FT-PSK and FT-SAE cases automatically. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Retry PKEX Exchange Request frame up to five timesJouni Malinen2017-11-221-12/+70
| | | | | | | | Retransmit the PKEX Exchange Request frame if no response from a peer is received. This makes the exchange more robust since this frame is sent to a broadcast address and has no link layer retries. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Protocol testing for invalid Peer Discovery Req/Resp valuesJouni Malinen2017-11-191-0/+16
| | | | | | | Extend dpp_test to allow more invalid attribute values to be written into Peer Discovery Request/Response frames. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Protocol testing for invalid Config Attrib Object valueJouni Malinen2017-11-191-0/+6
| | | | | | | Extend dpp_test to cover a case where Config Attrib Object value is invalid in Configuration Request frame. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Retransmit DPP Authentication Response frame if it is not ACKedJouni Malinen2017-11-133-0/+75
| | | | | | | | This extends wpa_supplicant DPP implementation to retransmit DPP Authentication Response frame every 10 seconds up to 5 times if the peer does not reply with DPP Authentication Confirm frame. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Stop authentication exchange of DPP_STOP_LISTENJouni Malinen2017-11-133-0/+9
| | | | | | | | | | Previously, this command stopped listen operation immediately, but if there was an ongoing authentication exchange, a new listen operation was started. This is not really expected behavior, so stop the authentication exchange first with this command to avoid restarting listen operation. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Allowed initiator to indicate either roleJouni Malinen2017-11-131-4/+7
| | | | | | | | The new role=either parameter can now be used with DPP_AUTH_INIT to indicate that the initiator can take either the Configurator or Enrollee role. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Support multiple channels for initiating DPP AuthenticationJouni Malinen2017-11-133-42/+127
| | | | | | | | | | This extends wpa_supplicant to iterate over all available channels from the intersection of what the peer indicates and the local device supports when initiating DPP Authentication. In addition, retry DPP Authentication Request frame up to five times if no response is received. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Share a helper function for PKEX final stepsJouni Malinen2017-11-131-38/+32
| | | | | | | | Generate the PKEX bootstrapping information and release the PKEX session in a helper function that both the initiator and responder can use instead of maintaining this functionality separately in two places. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Protocol testing to allow missing attributes in peer discoveryJouni Malinen2017-11-061-0/+19
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* P2P: ACS offload for the autonomous GOSunil Dutt2017-11-034-6/+52
| | | | | | | | | | | | This commit introduces the ACS functionality for the autonomous GO. The optional parameter <freq> in p2p_group_add is enhanced to carry a value "acs" with the intention to select the channels among any supported band. freq = 2 / 5 carry the need to select the channels only in the respective bands 2.4 / 5 GHz. This functionality is on top of the host driver's capability to offload ACS, which is advertized through WPA_DRIVER_FLAGS_ACS_OFFLOAD. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: PKEX counter tJouni Malinen2017-11-031-0/+17
| | | | | | | | | Add limit on number of failed attempts that could have used PKEX code. If the limit (5) is reached, drop the PKEX state (including the code) and report this on the control interface to indicate that a new code needs to be entered due to possible attack. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Terminate PKEX exchange on detection of a mismatching codeJouni Malinen2017-11-031-0/+5
| | | | | | | | | | Clean up the pending PKEX exchange if Commit-Reveal Request processing indicates a mismatch in the PKEX code. Previously, the this case was silently ignored and the session was left in pending state that prevented new PKEX exchanges from getting initated. Now, a new attempt is allowed to be initiated. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: PKEX and STATUS_BAD_GROUPJouni Malinen2017-11-031-0/+13
| | | | | | | | Report mismatching finite cyclic group with PKEX Exchange Response using STATUS_BAD_GROUP and provide more detailed error report over the control interface on the peer device when this happens. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Report possible PKEX code mismatch in control interfaceJouni Malinen2017-11-021-2/+2
| | | | | | | | Indicate to upper layers if PKEX Commit-Reveal Request frame AES-SIV decryption fails. That is a likely sign of the PKEX code mismatch between the devices. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Enable PMF when adding wpa_supplicant network profileJouni Malinen2017-11-011-1/+3
| | | | | | | | | DPP AKM should really require PMF to be used, but since that is not yet explicitly required in the specification, make PMF enabled for now. For legacy PSK cases, configure PMF to be enabled as well to support both APs in no-PMF, optional-PMF, and required-PMF configuration. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Negotiation channel change request from InitiatorJouni Malinen2017-10-291-7/+49
| | | | | | | | | Allow the Initiator to request a different channel to be used for DPP Authentication and DPP Configuration exchanges. This commit adds support for this in wpa_supplicant with the optional neg_freq=<freq in MHz> parameter in DPP_AUTH_INIT. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Allow testing override values to be clearedJouni Malinen2017-10-291-3/+18
| | | | | | | | This allows wpa_supplicant dpp_config_obj_override, dpp_discovery_override, and dpp_groups_override parameters to be cleared by setting them to a zero-length value. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Add DPP Status attribute into Peer Discovery ResponseJouni Malinen2017-10-291-9/+38
| | | | | | | This was added in DPP tech spec v0.2.7 to allow result of network introduction to be reported. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Report invalid messages and failure conditions in control interfaceJouni Malinen2017-10-221-8/+8
| | | | | | | This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Report transmitted messages as control interface eventsJouni Malinen2017-10-221-13/+47
| | | | | | | | This is helpful for testing purposes and also for upper layer components that may want to show more detailed progress through a DPP exchange. Both the DPP-TX and DPP-TX-STATUS events are provided. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Report received messages as control interface eventsJouni Malinen2017-10-221-1/+10
| | | | | | | This is helpful for testing purposes and also for upper layer components that may want to show more detailed progress through a DPP exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Remove unnecessary Wrapped Data checks from callersJouni Malinen2017-10-221-18/+5
| | | | | | | | Now that dpp_check_attrs() takes care of verifying that no attributes are after the Wrapped Data attribute, the duplicated checks in hostapd and wpa_supplicant side of the implementation can be removed. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Protocol testing frameworkJouni Malinen2017-10-221-0/+6
| | | | | | | | | | | | | | Add a generic mechanism for configuring the DPP implementation to behave in particular different (mostly incorrect) ways for protocol testing purposes. The new dpp_test parameter can be set to a non-zero integer to indicate a specific behavior. This is only available in CONFIG_TESTING_OPTIONS=y builds. This commit include cases for an extra attribute being added after the Wrapped Data attribute and Initiator/Responder capabilities having an unexpected zero capability. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Fix a typo in a debug messageJouni Malinen2017-10-221-1/+1
| | | | | | This radio_work_free() message was missing the closing parenthesis. Signed-off-by: Jouni Malinen <j@w1.fi>
* wpa_supplicant: Increase UDP control interface RX bufferJanusz Dziedzic2017-10-211-2/+2
| | | | | | | | | | | | | Seems like some test cases, e.g., ap_wpa2_psk_ext_retry_msg_3c, require larger buffer than 256 bytes. In other case I fail such test cases when run on real HW and using: CONFIG_CTRL_IFACE=udp-remote Increase the RX buffer from 256 to 4096 bytes to match the other control interface cases. Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
* DPP: Update AES-SIV AD for PKEX framesJouni Malinen2017-10-191-6/+9
| | | | | | | The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Update AES-SIV AD for DPP Authentication framesJouni Malinen2017-10-182-51/+27
| | | | | | | The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FILS: Send updated connection parameters to drivers if neededVidyullatha Kanchanapally2017-10-172-2/+55
| | | | | | | | | | After an initial connection wpa_supplicant derives ERP information which can be used in doing eventual authentications in the same realm. This information can be used by drivers with offloaded FILS support to do driver/firmware initiated roamings. Add support to send this updated information to such drivers. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Move assoc param setting into a helper functionVidyullatha Kanchanapally2017-10-171-117/+130
| | | | | | | This is needed to be able to use the same implementation for updating the connection parameters in the driver during an association. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FILS: Update replay counter from roam infoVidyullatha Kanchanapally2017-10-171-5/+1
| | | | | | | | | Update the replay counter after a roam for all cases. This restores the design back to what it was before commit 01ef320f192daa074c7055a44a03b6b5b811d6bd ('FILS: Update ERP next sequence number with driver offload'). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>