path: root/wpa_supplicant
Commit message (Collapse)AuthorAgeFilesLines
* DPP2: Support new legacy+DPP config object credentialsJouni Malinen2019-03-161-5/+7
| | | | | | | | This allows devices supporting DPP protocol version 2 or newer to provision networks that enable both the legacy (PSK/SAE) and DPP credentials. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP: Support DPP and SAE in the same network profileJouni Malinen2019-03-163-6/+24
| | | | | | | | | Make both DPP and SAE code aware of the cases where the same network profile is configured to enable both DPP and SAE. Prefer DPP over SAE in such cases and start DPP/SAE exchanges based on what both the station and the AP support. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP: Clean up configuration parsingJouni Malinen2019-03-161-149/+10
| | | | | | | | Share a single parsing implementation for both hostapd and wpa_supplicant to avoid code duplication. In addition, clean up the implementation to be more easily extensible. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Remove pending connect and sme-connect radio works on disconnectJouni Malinen2019-03-151-0/+2
| | | | | | | | | | | | | | There was a race condition in a case where a new connection attempt was scheduled as a pending radio work and that was followed by a DISCONNECT command before the pending radio work is started. The pending radio work would not have been deleted in that sequence and instead, it was executed when the radio became available next. This could result in an unexpected connection after an explicit request to disconnect. Fix this by removing pending connect and sme-connect radio works on disconnection request. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Testing option for Config Object rejctionJouni Malinen2019-03-141-0/+6
| | | | | | | Add a new testing option to force Enrollee to reject the receive Config Object. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Configuration Result message generation and processingJouni Malinen2019-03-141-24/+178
| | | | | | | | Use this new message from Enrollee to Configurator to indicate result of the config object provisioning if both devices support protocol version 2 or newer. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Make DPP version number support available over control interfaceJouni Malinen2019-03-141-0/+13
| | | | | | | "GET_CAPABILITY dpp" can now be used to determine which version number of DPP is supported in the build. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* P2P: Fix ACS offloading behavior with p2p_no_group_iface=1Jayachandran Sreekumaran2019-03-132-0/+3
| | | | | | | | | | | | | wpa_s->p2p_go_do_acs was not cleared during P2P group deletion and that resulted in the case of no separate group interface continuing to assume ACS was to be used for consecutive GO starts even if they tried to specify a frequency. Fix this by explicitly clearing wpa_s->p2p_go_do_acs during P2P group deletion and also clear this when processing the P2P_GROUP_ADD if the parameters do not request ACS to be used. Fixes: 37ed3254de22 ("P2P: ACS offload for the autonomous GO") Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Build configuration flags for DPP version 2 supportJouni Malinen2019-03-132-0/+6
| | | | | | | | | | The new CONFIG_DPP2=y build option for hostapd and wpa_supplicant is used to control whether new functionality defined after the DPP specification v1.0 is included. All such functionality are considered experimental and subject to change without notice and as such, not suitable for production use. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* OpenSSL: Add 'check_cert_subject' support for TLS serverJared Bents2019-03-114-0/+10
| | | | | | | | | | | | | | | | | This patch added 'check_cert_subject' support to match the value of every field against the DN of the subject in the client certificate. If the values do not match, the certificate verification will fail and will reject the user. This option allows hostapd to match every individual field in the right order, also allow '*' character as a wildcard (e.g OU=Development*). Note: hostapd will match string up to 'wildcard' against the DN of the subject in the client certificate for every individual field. Signed-off-by: Paresh Chaudhary <paresh.chaudhary@rockwellcollins.com> Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com> Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Check that SAE state initialization succeeded for PMKID checkJouni Malinen2019-03-091-1/+3
| | | | | | | mesh_rsn_auth_sae_sta() might fail, so verify that sta->sae got allocated before dereferencing it for a PMKID check. Signed-off-by: Jouni Malinen <j@w1.fi>
* defconfig: Enable DBusLubomir Rintel2019-03-091-2/+2
| | | | | | | | | | | Acquire the new name, along with introspection. This is generally useful for other daemons to integrate with wpa_supplicant, notably NetworkManager. Debian and Fedora (and likely any other distro that configured wireless via NetworkManager) enable this. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* wpa_supplicant: Drop the old D-Bus interface supportLubomir Rintel2019-03-0919-2771/+36
| | | | | | | | | | | | This drops support for the fi.epitest.hostap.WPASupplicant D-Bus name along with the associated CONFIG_CTRL_IFACE_DBUS option. Nothing should really be using this since 2010. This is a just a straightforward removal. Perhaps the dbus_common.c and dbus_new.c can be merged now. Also, the "_NEW" suffix of the config option seems to make even less sense than it used to. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* DPP: Update wpa_supplicant configuration file after provisioningJouni Malinen2019-03-091-1/+9
| | | | | | | | WPS was already doing this if update_config=1 was set and DPP should be consistent with that behavior. Update the configuration file if update_config=1 and dpp_config_processing is set to 1 or 2. Signed-off-by: Jouni Malinen <j@w1.fi>
* WPS: Allow SAE configuration to be added automatically for PSKJouni Malinen2019-03-066-1/+34
| | | | | | | | | | The new wpa_supplicant configuration parameter wps_cred_add_sae=1 can be used to request wpa_supplicant to add SAE configuration whenever WPS is used to provision WPA2-PSK credentials and the credential includes a passphrase (instead of PSK). This can be used to enable WPA3-Personal transition mode with both SAE and PSK enabled and also with PMF enabled. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Reuse previously generated PWE on a retry with the same APJouni Malinen2019-03-061-4/+15
| | | | | | | | | | Do not start SAE authentication from scratch when the AP requests anti-clogging token to be used. Instead, use the previously generated PWE as-is if the retry is for the same AP and the same group. This saves unnecessary processing on the station side in case the AP is under heavy SAE authentiation load. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Enable only groups 19, 20, and 21 in station modeJouni Malinen2019-03-052-6/+11
| | | | | | | | | | | | | Remove groups 25 (192-bit Random ECP Group) and 26 (224-bit Random ECP Group) from the default SAE groups in station mode since those groups are not as strong as the mandatory group 19 (NIST P-256). In addition, add a warning about MODP groups 1, 2, 5, 22, 23, and 24 based on "MUST NOT" or "SHOULD NOT" categorization in RFC 8247. All the MODP groups were already disabled by default and would have needed explicit configuration to be allowed. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* defconfig: Enable IEEE 802.11w management frame protection (wpa_supplicant)Lubomir Rintel2019-02-251-1/+1
| | | | | | | NetworkManager can use these if available and the distros generally enable this already. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: enable IEEE 802.11r fast BSS transition (wpa_supplicant)Lubomir Rintel2019-02-251-1/+1
| | | | | | | Generally useful. Linux distros already enable these, upcoming NetworkManager will support it too. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Enable IEEE 802.11n and 802.11ac (wpa_supplicant)Lubomir Rintel2019-02-251-2/+2
| | | | | | | I guess there's no reason anyone with capable hardware wouldn't want to enable these. Debian and Fedora aleady do. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Enable Hotspot 2.0 (wpa_supplicant)Lubomir Rintel2019-02-251-2/+2
| | | | | | Generally useful, Debian enables this. Other distros should too. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Enable RSN on IBSS networks (wpa_supplicant)Lubomir Rintel2019-02-251-1/+1
| | | | | | | | Fedora and Debian enable this. NetworkManager actually rejects such configurations citing kernel bugs, but that actually might not be the right thing to do anymore. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Remove obsolete notes about OpenSSL requirements for EAP-FASTJouni Malinen2019-02-252-6/+0
| | | | | | | | OpenSSL 0.9.8 reached its end-of-life long time ago, so remove these old notes about need of a newer OpenSSL version for EAP-FAST since all current OpenSSL versions include the needed functionality. Signed-off-by: Jouni Malinen <j@w1.fi>
* defconfig: Enable a handful of EAP methods (wpa_supplicant)Lubomir Rintel2019-02-251-8/+8
| | | | | | | | | | | | Fedora uses AKA, FAST, GPSK_SHA256, GPSK, IKEV2, PAX, SAKE and TNC. I don't know why these in particular. AKA wouldn't work, because CONFIG_PCSC is off anyways; let's enable all the other ones, and also PWD (openSUSE enabled it because users demanded it). Debian enables all of the above uses, but also PWD, AKA_PRIME, SIM, PSK and EKE. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Enable logging to file and syslog (wpa_supplicant)Lubomir Rintel2019-02-251-2/+2
| | | | | | | Debian and Fedora enable both and log to syslog. openSUSE seems to log to a flat file instead. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Enable simple bgscan module (wpa_supplicant)Lubomir Rintel2019-02-251-1/+1
| | | | | | | | | | Generally useful. Linux distros enable this and also utilize it via NetworkManager. Debian also enables the learn module. I'm leaving it off as it's marked experimental. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Enable AP (wpa_supplicant)Lubomir Rintel2019-02-251-1/+1
| | | | | | | Generally useful. Debian and Fedora enable this and support creating access points via NetworkManager too. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Enable WPS (wpa_supplicant)Lubomir Rintel2019-02-251-1/+1
| | | | | | | | | | WPS is generally useful with consumer hardware, and exposed to desktop users via NetworkManager. The Linux distros, including Debian, Fedora, and openSUSE enable it. Debian also enables external registar support and NFC. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Fix typos in Wi-Fi Display descriptionJouni Malinen2019-02-252-4/+4
| | | | | | These were supposed to be talking about Wi-Fi Display, not Wi-Fi Direct. Signed-off-by: Jouni Malinen <j@w1.fi>
* defconfig: Enable P2P and Wi-Fi Display (wpa_supplicant)Lubomir Rintel2019-02-251-2/+2
| | | | | | | Generally useful. Debian and Fedora enable this, upcoming NetworkManager provide some level of support too. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Add SAE (wpa_supplicant)Lubomir Rintel2019-02-251-0/+3
| | | | | | | Generally useful and the distros (Debian, Fedora) enable this already to support WPA3-Personal and protected 802.11s mesh BSSs. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Add DPP (wpa_supplicant)Lubomir Rintel2019-02-251-0/+5
| | | | | | Generally useful, already enabled in Debian and Fedora. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* UBSan: Avoid a warning on unsigned integer overflowJouni Malinen2019-02-251-3/+3
| | | | | | | | | wpa_non_pref_chan_cmp() needs to use explicit typecasts to avoid UBSan warnings for unsigned integer overflows. mbo.c:298:26: runtime error: unsigned integer overflow: 1 - 2 cannot be represented in type 'unsigned int' Signed-off-by: Jouni Malinen <j@w1.fi>
* UBSan: Avoid unnecessary warningJouni Malinen2019-02-251-1/+1
| | | | | | | | | | elems->mic might be NULL here, so do not try to decrement it by 2 even if the result is not used anywhere due to a latter check for elems->mic being NULL. mesh_rsn.c:646:20: runtime error: pointer index expression with base 0x000000000000 overflowed to 0xfffffffffffffffe Signed-off-by: Jouni Malinen <j@w1.fi>
* UBSan: Avoid memcmp(ptr, NULL, 0)Jouni Malinen2019-02-251-1/+3
| | | | | | | | | Skip the memcmp() call if ssid_len == 0 and entry->ssid might be NULL to avoid an UBSan warning. wpa_supplicant.c:3956:9: runtime error: null pointer passed as argument 2, which is declared to never be null Signed-off-by: Jouni Malinen <j@w1.fi>
* UBSan: Fix RRM beacon processing attempt without scan_infoJouni Malinen2019-02-251-2/+2
| | | | | | | | | | | | | Some driver interfaces (e.g., wext) might not include the data->scan_info information and data could be NULL here. Do not try to call the RRM handler in this case since that would dereference the NULL pointer when determining where scan_info is located and could potentially result in trying to read from unexpected location if RRM is enabled with a driver interface that does not support it. events.c:1907:59: runtime error: member access within null pointer of type 'union wpa_event_data' Signed-off-by: Jouni Malinen <j@w1.fi>
* UBSan: Avoid size_t variable overflow in control interfaceJouni Malinen2019-02-251-1/+2
| | | | | | | | | | | The loop "if (i-- == 0) break" style construction works in practice fine since the check against 0 is done before decrementation. However, this hits an UBSan warning, so split that decrementation to happen as a separate step after the check and break from the loop. ctrl_iface.c:5086:9: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'size_t' (aka 'unsigned long') Signed-off-by: Jouni Malinen <j@w1.fi>
* UBSan: Avoid unsigned integer overflow is throughput estimationJouni Malinen2019-02-251-2/+3
| | | | | | | | | | | | wpa_scan_result_compar() would return wb->est_throughput - wa->est_throughput in case the comparison is done based on the throughput estimates. While the return value from this function is a signed integer, these est_throughput values are unsigned integers and need to be explicitly typecast to avoid an UBSan warning. scan.c:1996:30: runtime error: unsigned integer overflow: 54000 - 135000 cannot be represented in type 'unsigned int' Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix cipher suite selector default value in RSNE for DMGLior David2019-02-213-3/+18
| | | | | | | | | | | | | | | | | | | | According to IEEE Std 802.11-2016, when fields of an RSNE are not included, the default values are used. The cipher suite defaults were hardcoded to CCMP in the previous implementation, but the default is actually different for DMG: GCMP (per It is not possible to find out from the RSNE if the network is non-DMG or DMG, so callers of wpa_parse_wpa_ie_rsn() need to handle this case based on context, which can be different for each caller. In order to fix this issue, add flags to the wpa_ie_data indicating whether pairwise/group ciphers were included in the RSNE. Callers can check these flags and fill in the appropriate ciphers. The wpa_parse_wpa_ie_rsn() function still initializes the ciphers to CCMP by default so existing callers will not break. This change also fixes some callers which need to handle the DMG network case. Signed-off-by: Lior David <liord@codeaurora.org>
* wpa_supplicant: Support Multi-AP backhaul STA onboarding with WPSDavina Lu2019-02-187-10/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Wi-Fi Alliance Multi-AP Specification v1.0 allows onboarding of a backhaul STA through WPS. To enable this, the backhaul STA needs to add a Multi-AP IE to the WFA vendor extension element in the WSC M1 message that indicates it supports the Multi-AP backhaul STA role. The Registrar (if it support Multi-AP onboarding) will respond to that with a WSC M8 message that also contains the Multi-AP IE, and that contains the credentials for the backhaul SSID (which may be different from the SSID on which WPS is performed). Introduce a new parameter to wpas_wps_start_pbc() and allow it to be set via control interface's new multi_ap=1 parameter of WPS_PBC call. multi_ap_backhaul_sta is set to 1 in the automatically created SSID. Thus, if the AP does not support Multi-AP, association will fail and WPS will be terminated. Only wps_pbc is supported. This commit adds the multi_ap argument only to the control socket interface, not to the D-Bus interface. Since WPS associates with the fronthaul BSS instead of the backhaul BSS, we should not drop association if the AP announces fronthaul-only BSS. Still, we should only do that in the specific case of WPS. Therefore, add a check to multi_ap_process_assoc_resp() to allow association with a fronthaul-only BSS if and only if key_mgmt contains WPS. Signed-off-by: Davina Lu <ylu@quantenna.com> Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Daniel Golle <daniel@makrotopia.org> Cc: Marianna Carrera <marianna.carrera.so@quantenna.com>
* mesh: More consistent checking of wpa_s->ifmsh in completion handlerJouni Malinen2019-02-181-8/+6
| | | | | | | | | It does not look like wpa_s->ifmsg could be NULL here, but better be more consistent anyway to keep static analyzers happier by avoiding dereference of wpa_s->ifmsh in the function before the NULL check for it. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* P2P: Stop listen state if Action frame TX is needed on another channelJouni Malinen2019-02-171-5/+12
| | | | | | | | | | | | | | | | This speeds up P2P responses to frames received on an operating channel in case there is an ongoing P2P listen operation on another channel. This is applicable to drivers that support multiple channels in concurrently. This addresses an issue showing up in the p2ps_channel_active_go_and_station_different_mcc test case where the Provision Discovery Request frame can be received on the operating channel of a group instead of the Listen channel. The response was delayed until the listen operation timed out and this took too long time for the peer to receive the response. Signed-off-by: Jouni Malinen <j@w1.fi>
* Indicate wifi_generation in wpa_supplicant STATUS outputJouni Malinen2019-02-153-0/+36
| | | | | | | | | | This adds a wifi_generation=4/5/6 line to the STATUS output if the driver reports (Re)Association Request frame and (Re)Association Response frame information elements in the association or connection event. Only the generations 4 (HT = 802.11n), 5 (VHT = 802.11ac), and 6 (HE = 802.11ax) are reported. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* VLAN assignment based on used WPA/WPA2 passphrase/PSKJouni Malinen2019-02-142-2/+6
| | | | | | | | | | | | Extend wpa_psk_file to allow an optional VLAN ID to be specified with "vlanid=<VLAN ID>" prefix on the line. If VLAN ID is specified and the particular wpa_psk_file entry is used for a station, that station is bound to the specified VLAN. This can be used to operate a single WPA2-Personal BSS with multiple VLANs based on the used passphrase/PSK. This is similar to the WPA2-Enterprise case where the RADIUS server can assign stations to different VLANs. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Note HT overrides in debug log only if setJouni Malinen2019-02-091-13/+16
| | | | | | | This makes the debug log cleaner by removing the mostly confusing prints about HT override parameters if they are not actually used. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add FT-PSK to GET_CAPABILITY key_mgmtMasashi Honma2019-02-051-0/+8
| | | | Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* Clear config item writing buffer before freeing itJouni Malinen2019-02-051-1/+1
| | | | | | | | This buffer may be used to store items like passwords, so better clean it explicitly to avoid possibility of leaving such items in heap memory unnecessarily. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* D-Bus: Fix P2P DeleteService dict iterationJouni Malinen2019-02-041-35/+17
| | | | | | | | | The previous implementation assumed the first entry coming out from the dict is always service_type. That may not be the case, so properly iterate over all dict entries in one loop instead of assuming what the first entry is. Signed-off-by: Jouni Malinen <j@w1.fi>
* D-Bus: Fix a memory leak in DeleteService handlerJouni Malinen2019-02-041-1/+2
| | | | | | | If the service_type string entry is not included, the dict entry was not cleared. Signed-off-by: Jouni Malinen <j@w1.fi>
* DPP: Clear dpp_listen_freq on remain-on-channel failureJouni Malinen2019-01-301-0/+1
| | | | | | | | | | | If the DPP_LISTEN command failed due to the driver rejecting the remain-on-channel request, wpa_s->dpp_listen_freq was left set to the requested listen frequency and this resulted in the next DPP_LISTEN for the same frequency reporting "DPP: Already listening on .." even when the driver was not really listening on that frequency. Fix this by clearing wpa_s->dpp_listen_freq in the error case. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>