aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant
Commit message (Collapse)AuthorAgeFilesLines
...
* DPP: Remove unused wpas_dpp_remain_on_channel_cb()Jouni Malinen2018-12-022-25/+0
| | | | | | This function was apparently never used at all. Signed-off-by: Jouni Malinen <j@w1.fi>
* DPP: Apply testing configuration option to signing of own configJouni Malinen2018-12-011-0/+1
| | | | | | | Previous implementation had missed this case of setting configurator parameters. Signed-off-by: Jouni Malinen <j@w1.fi>
* FT: Fix Reassociation Request IEs during FT protocolJouni Malinen2018-12-011-1/+79
| | | | | | | | | | | | | | | The previous implementation ended up replacing all pending IEs prepared for Association Request frame with the FT specific IEs (RSNE, MDE, FTE) when going through FT protocol reassociation with the wpa_supplicant SME. This resulted in dropping all other IEs that might have been prepared for the association (e.g., Extended Capabilities, RM Enabled Capabilities, Supported Operating Classes, vendor specific additions). Fix this by replacing only the known FT specific IEs with the appropriate values for FT protocol while maintaining other already prepared elements. Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix indentation levelJouni Malinen2018-11-302-5/+4
| | | | | | This gets rid of smatch warnings about inconsistent indenting. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Fix external authentication on big endian platformsAshok Ponnaiah2018-11-301-9/+10
| | | | | | | | Need to handle the little endian 16-bit fields properly when building and parsing Authentication frames. Fixes: 5ff39c1380d9 ("SAE: Support external authentication offload for driver-SME cases") Signed-off-by: Ashok Ponnaiah <aponnaia@codeaurora.org>
* DPP: Reject invalid no-psk/pass legacy configurator parametersJouni Malinen2018-11-301-13/+23
| | | | | | | | | | | Instead of going through the configuration exchange, reject invalid legacy configurator parameters explicitly. Previously, configuring legacy (psk/sae) parameters without psk/pass resulted in a config object that used a zero length passphrase. With this change, that config object is not sent and instead, either the initialization attempts is rejected or the incoming initialization attempt is ignored. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* external-auth: Check key_mgmt when selecting SSIDCedric Izoard2018-11-261-1/+2
| | | | | | | | | When selecting SSID to start external authentication procedure also check the key_mgmt field as several network configuration may be defined for the same SSID/BSSID pair. The external authentication mechanism is only available for SAE. Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
* DPP: Fix GAS client error case handlingJouni Malinen2018-11-251-1/+2
| | | | | | | | | | | The GAS client processing of the response callback for DPP did not properly check for GAS query success. This could result in trying to check the Advertisement Protocol information in failure cases where that information is not available and that would have resulted in dereferencing a NULL pointer. Fix this by checking the GAS query result before processing with processing of the response. Signed-off-by: Jouni Malinen <j@w1.fi>
* dbus: Expose availability of SHA384 on D-BusLubomir Rintel2018-11-241-2/+5
| | | | | | This lets us know whether we can attempt to use FT-EAP-SHA384. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* dbus: Expose availability of FT on D-BusLubomir Rintel2018-11-241-2/+5
| | | | | | | This lets us know whether we can attempt to use FT-PSK, FT-EAP, FT-EAP-SHA384, FT-FILS-SHA256 or FT-FILS-SHA384. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* Revert "D-Bus: Implement Pmf property"Lubomir Rintel2018-11-244-70/+0
| | | | | | | | | | | | | | | | | This reverts commit adf8f45f8af27a9ac9429ecde81776b19b6f9224. It is basically all wrong. The Pmf property did exist, with a signature of "s" as documented in doc/dbus.doxygen. It was synthesized from global_fields[]. The patch added a duplicate one, with a signature of "u", in violation of D-Bus specification and to bemusement of tools that are careful enough: $ busctl introspect fi.w1.wpa_supplicant1 /fi/w1/wpa_supplicant1/Interfaces/666 Duplicate property Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* mesh: Add Category and Action field to maximum buffer lengthJouni Malinen2018-11-241-1/+2
| | | | | | | | | Make the buf_len calculation match more closely with the following wpa_buf*() operations. The extra room from the existing elements was apparently sufficiently large to cover this, but better add the two octet header explicitly. Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Fix off-by-one in buf length calculationBob Copeland2018-11-241-1/+1
| | | | | | | | | | | | | The maximum size of a Mesh Peering Management element in the case of an AMPE close frame is actually 24 bytes, not 23 bytes, plus the two bytes of the IE header (IEEE Std 802.11-2016, 9.4.2.102). Found by inspection. The other buffer components seem to use large enough extra room in their allocations to avoid hitting issues with the full buffer size even without this fix. Signed-off-by: Bob Copeland <bobcopeland@fb.com>
* examples: Fix shellcheck warnings in wps-ap-cliDavide Caratti2018-11-221-3/+3
| | | | | | | | use 'printf' instead of 'echo -n', to suppress the following warning: In POSIX sh, echo flags are undefined. [SC2039] Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
* HS 2.0: Generate AssocReq OSEN IE based on AP advertisementJouni Malinen2018-11-092-6/+32
| | | | | | | | | | | Parse the OSEN IE from the AP to determine values used in the AssocReq instead of using hardcoded cipher suites. This is needed to be able to set the group cipher based on AP advertisement now that two possible options exists for this (GTK_NOT_USED in separate OSEN BSS; CCMP or GTK_NOT_USED in shared BSS case). Furthermore, this is a step towards allowing other ciphers than CCMP to be used with OSEN. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* WNM: Collocated Interference ReportingJouni Malinen2018-10-309-1/+170
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support for negotiating WNM Collocated Interference Reporting. This allows hostapd to request associated STAs to report their collocated interference information and wpa_supplicant to process such request and reporting. The actual values (Collocated Interference Report Elements) are out of scope of hostapd and wpa_supplicant, i.e., external components are expected to generated and process these. For hostapd/AP, this mechanism is enabled by setting coloc_intf_reporting=1 in configuration. STAs are requested to perform reporting with "COLOC_INTF_REQ <addr> <Automatic Report Enabled> <Report Timeout>" control interface command. The received reports are indicated as control interface events "COLOC-INTF-REPORT <addr> <dialog token> <hexdump of report elements>". For wpa_supplicant/STA, this mechanism is enabled by setting coloc_intf_reporting=1 in configuration and setting Collocated Interference Report Elements as a hexdump with "SET coloc_intf_elems <hexdump>" control interface command. The hexdump can contain one or more Collocated Interference Report Elements (each including the information element header). For additional testing purposes, received requests are reported with "COLOC-INTF-REQ <dialog token> <automatic report enabled> <report timeout>" control interface events and unsolicited reports can be sent with "COLOC_INTF_REPORT <hexdump>". This commit adds support for reporting changes in the collocated interference (Automatic Report Enabled == 1 and partial 3), but not for periodic reports (2 and other part of 3). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SME: Fix order of WPA IE in association requestIlan Peer2018-10-201-0/+44
| | | | | | | | | | | | | In case that the protocol used for association is WPA the WPA IE was inserted before other (non vendor specific) IEs. This is not in accordance to the standard that states that vendor IEs should be placed after all the non vendor IEs are placed. In addition, this would cause the low layers to fail to properly order information elements. To fix this, if the protocol used is WPA, store the WPA IE and reinsert it after all the non vendor specific IEs were placed. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* wpa_supplicant: Fix buffer overflow in roaming_consortiumsAndrei Otcheretianski2018-10-141-3/+5
| | | | | | | | | When configuring more than 36 roaming consortiums with SET_CRED, the stack is smashed. Fix that by correctly verifying the num_roaming_consortiums. Fixes: 909a948b ("HS 2.0: Add a new cred block parameter roaming_consortiums") Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
* OWE: Improve discovery of OWE transition mode APIlan Peer2018-10-121-25/+101
| | | | | | | | | | | | | | An OWE AP device that supports transition mode does not transmit the SSID of the OWE AP in its Beacon frames and in addition the OWE AP does not reply to broadcast Probe Request frames. Thus, the scan results matching relies only on Beacon frames from the OWE open AP which can be missed in case the AP's frequency is actively scanned. To improve the discovery of transition mode APs, include their SSID in the scan command to perform an active scan for the SSIDs learned from the open mode BSSs. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* OWE: Use shorter scan interval during transition mode searchJouni Malinen2018-10-122-0/+14
| | | | | | | Start scans more quickly if an open BSS advertising OWE transition mode is found, but the matching OWE BSS has not yet been seen. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* OWE: Attempt more scans for OWE transition SSID if expected BSS not seenSunil Dutt2018-10-124-0/+32
| | | | | | | | | | | | This commit introduces a threshold for OWE transition BSS selection, which signifies the maximum number of selection attempts (scans) done for finding OWE BSS. This aims to do more scan attempts for OWE BSS and eventually select the open BSS if the selection/scan attempts for OWE BSS exceed the configured threshold. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0: Request and process OSU Providers NAI List ANQP-elementJouni Malinen2018-10-055-1/+49
| | | | | | | | | Extend wpa_supplicant to use a separate OSU_NAI information from OSU Providers NAI List ANQP-element instead of the OSU_NAI information from OSU Providers list ANQP-element when connecting to the shared BSS (Single SSID) for OSU. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* OWE: Do not try to enable PMF for non-RSN associationsPurushottam Kushwaha2018-10-031-0/+5
| | | | | | | | | | | | | | | Explicitly set the PMF configuration to 0 (NO_MGMT_FRAME_PROTECTION) for non-RSN associations. This specifically helps with OWE transition mode when the network block is configured with PMF set to required, but the BSS selected is in open mode. There is no point to try to enable PMF for such an association. This fixes issues with drivers that use the NL80211_ATTR_USE_MFP attribute to set expectations for PMF use. The combination of non-RSN connection with claimed requirement for PMF (NL80211_MFP_REQUIRED) could cause such drivers to reject the connection in OWE transition mode. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP: Flush PMKSA if an assoc reject without timeout is receivedSrinivas Dasari2018-09-181-0/+10
| | | | | | | | | | | | | | Flush the PMKSA upon receiving assoc reject event without timeout in the event data, to avoid trying the subsequent connections with the old PMKID. Do not flush PMKSA if assoc reject is received with timeout as it is generated internally from the driver without reaching the AP. This extends commit d109aa6cacf2c3f643de0c758a30b0daf936a67a ("SAE: Flush PMKSA if an assoc reject without timeout is received") to handle also the DPP AKM. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* ANQP: Parse and report Venue URL informationJouni Malinen2018-09-151-0/+37
| | | | | | | Parse the Venue URL ANQP-element payload and report it with the new RX-VENUE-URL event messages if the query was done using PMF. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0: Add alternative OSU_SSID into providers info fileJouni Malinen2018-09-111-3/+27
| | | | | | | | | This adds the second SSID (the one used by the shared BSS) for OSU connection when generating osu-providers.txt. External tools can use that to configure multiple network profiles for OSU to cover the cases where transition mode is used. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* OCE: Add OCE capability attribute only when associating to an OCE APBeni Lev2018-09-024-7/+35
| | | | Signed-off-by: Beni Lev <beni.lev@intel.com>
* OCE: Send scan parameters when OCE_STA functionality is enabledRoee Zamir2018-09-021-0/+44
| | | | | | | | If the device supports OCE features and OCE is enabled, set the relevant scan parameters and FILS Request Parameters element with Max Channel Time. Signed-off-by: Roee Zamir <roee.zamir@intel.com>
* driver: Add OCE scan parametersRoee Zamir2018-09-021-0/+1
| | | | | | | | | | | | Add a flag to scan parameters that enables OCE scan features. If this flag is set the device should enable the following features as defined in the Optimized Connectivity Experience Technical Specification v1.0: - Overwrite FILS request Max Channel Time with actual value (clause 3.8) - Send Probe Request frame in high rate (at least 5.5 Mbps) (clause 3.12) - Probe Request frame Transmission Deferral and Suppression (clause 3.5) - Accept broadcast Probe Response frame (clause 3.6) Signed-off-by: Roee Zamir <roee.zamir@intel.com>
* DPP: Set group id through DPP_AUTH_INIT or dpp_configurator_paramsPurushottam Kushwaha2018-08-301-0/+25
| | | | | | | | | This enhances DPP_AUTH_INIT, DPP_CONFIGURATOR_SIGN, and SET dpp_configurator_params to allow optional setting of the DPP groupId string for a Connector. If the value is not set, the previously wildcard value ("*") is used by default. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* FILS: Fix FILS connect failures after ERP key invalidationAnkita Bajaj2018-08-244-2/+68
| | | | | | | | | | | | | | | | If the RADIUS authentication server dropped the cached ERP keys for any reason, FILS authentication attempts with ERP fails and the previous wpa_supplicant implementation ended up trying to use the same keys for all consecutive attempts as well. This did not allow recovery from state mismatch between the ERP server and peer using full EAP authentication. Address this by trying to use full (non-FILS) authentication when trying to connect to an AP using the same ERP realm with FILS-enabled network profile if the previous authentication attempt had failed. This allows new ERP keys to be established and FILS authentication to be used again for the consecutive connections. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Fix QoS Mapping ext capab bit settingJouke Witteveen2018-08-121-1/+1
| | | | | | | | | Fix the typo in using WPA_DRIVER_FLAGS_QOS_MAPPING to set the QoS Map bit in Extended Capabilities. The previous implementation ended up adding this bit even if the driver did not actually indicate support for the capability. Signed-off-by: Jouke Witteveen <j.witteveen@gmail.com>
* Provide more details of WPA3 modes in wpa_supplicant.confJouni Malinen2018-08-011-1/+4
| | | | | | | Clarify that proto=RSN is used for WPA3 and add the WPA3-Personal name for SAE and include OWE as a possible key_mgmt value. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* P2P: Use more compact debug print of common group frequenciesJouni Malinen2018-06-151-5/+14
| | | | | | | Print the list of frequencies on a single line instead of one line per frequency. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* P2P: Improve common group channel selection if GO needs to be movedJouni Malinen2018-06-151-0/+87
| | | | | | | | | | | | Prefer channels that support VHT80 (and secondarily, HT40 on the same band) over other common group channels. If no such channel is found, prefer any channel that uses the same band so that CSA can be used. This improves the case where a P2P GO needs to move to another channel and there is no other reason (e.g., preferred channel from the driver or an already used channel from a virtual interface sharing the same radio) to pick a specific channel. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* P2P/AP: More detailed debug prints on HT/VHT parameter selectionJouni Malinen2018-06-151-3/+45
| | | | | | | This makes it easier to debug why wpa_supplicant selects particular HT/VHT parameters for AP/P2P GO mode. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* FT: Fix potential NULL pointer dereference in MDE additionJouni Malinen2018-06-051-1/+1
| | | | | | | | The bss variable in this function might be NULL, so make the FT MDE addition case conditional on a BSS entry being available. Fixes: 3dc3afe298f0 ("FT: Add MDE to assoc request IEs in connect params") Signed-off-by: Jouni Malinen <j@w1.fi>
* FT: Add key management value FT-EAP-SHA384 for wpa_supplicantJouni Malinen2018-06-052-1/+19
| | | | | | | This allows wpa_supplicant to be configuted to use the SHA384-based FT AKM. Signed-off-by: Jouni Malinen <j@w1.fi>
* FT: Connection settings for SHA384-based AKMJouni Malinen2018-06-051-1/+14
| | | | | | | Extend wpa_supplicant to allow SHA384-based FT AKM to be selected for a connection. Signed-off-by: Jouni Malinen <j@w1.fi>
* wpa_supplicant: Fix parsing of max_oper_chwidthSven Eckelmann2018-05-311-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | The max_oper_chwidth is parsed in wpa_config_set as INT_RANGE (see ssid_fields). The actual parsing for INT_RANGE is done by wpa_config_parse_int which can only store the result as full integer. max_oper_chwidth is stored as u8 (a single byte) in wpa_ssid. This means that on little endian systems, the least significant byte of the parsed value are really stored in the max_oper_chwidth. But on big endian system, the only most significant byte is stored as max_oper_chwidth. This means that 0 is always stored because the provided range doesn't allow any other value for systems with multi-byte-wide integers. This also means that for common systems with 4-byte-wide integers, the remaining 3 bytes were written after the actual member of the struct. This should not have influenced the behavior of succeeding members because these bytes would have been part of the padding between the members on most systems. Increasing its size to a full int fixes the write operations outside of the member and allows to use the max_oper_chwidth setting on big endian systems. Fixes: 0f29bc68d18e ("IBSS/mesh: Add support for VHT80P80 configuration") Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
* mesh: Fix crash with CONFIG_TAXONOMY enabledFelix Fietkau2018-05-311-1/+1
| | | | | | | | | wpa_s->ifmsh needs to be allocated using hostapd_alloc_iface() instead of a direct call to os_zalloc(), otherwise the linked list for station taxonomy items remains uninitialized, leading to a crash on the first attempt to traverse that list Signed-off-by: Felix Fietkau <nbd@nbd.name>
* HS 2.0: Allow OSEN connection to be used in an RSN BSSJouni Malinen2018-05-292-4/+17
| | | | | | | | | This allows a single BSS/SSID to be used for both data connection and OSU. In wpa_supplicant configuration, the current proto=OSEN key_mgmt=OSEN combination is now allowing both the old separate OSEN BSS/IE and the new RSN-OSEN to be used. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* FT: Disable PMKSA caching with FTJouni Malinen2018-05-211-0/+7
| | | | | | | | | PMKSA caching with FT is not fully functional, so disable the case for now, so that wpa_supplicant does not end up trying to connect with a PMKSA cache entry from another AKM. FT-EAP was already modified long time ago to not add PMKSA cache entries itself. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Add support for using the optional Password IdentifierJouni Malinen2018-05-197-1/+38
| | | | | | | | | | | | | | This extends the SAE implementation in both infrastructure and mesh BSS cases to allow an optional Password Identifier to be used. This uses the mechanism added in P802.11REVmd/D1.0. The Password Identifier is configured in a wpa_supplicant network profile as a new string parameter sae_password_id. In hostapd configuration, the existing sae_password parameter has been extended to allow the password identifier (and also a peer MAC address) to be set. In addition, multiple sae_password entries can now be provided to hostapd to allow multiple per-peer and per-identifier passwords to be set. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* mesh: Register msg_ctx for hostapd/AP codeJouni Malinen2018-05-191-0/+1
| | | | | | | | | The use of hostapd code for a mesh interface did not register hapd->msg_ctx. This needs to be done similarly to the existing cases in wpa_supplicant AP and IBSS mode uses so that wpa_msg() calls from the hostapd/AP code get delivered properly. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* OWE: Mark connection failed in the unlikely no-bss-entry caseJouni Malinen2018-05-161-1/+4
| | | | | | | | | If no BSS entry can be found when processing association rejected event from the driver for the special OWE case of unsupported finite-cyclic-group, process the event as a connection failure instead of just skipping the the OWE retry with another DH group. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Move wpa_supplicant_event() EVENT_ASSOC_REJECT handling into a functionJouni Malinen2018-05-161-78/+82
| | | | | | | This cleans up the implementation a bit by making this functionality easier to understand. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* OWE: Get the bss from bssid of assoc_reject to try for next groupSrinivas Dasari2018-05-151-0/+9
| | | | | | | | | | | On an assoc_reject from the BSS with the status=77, a connection attempt with the next supported group happens. The BSS considered here is from current_bss which may be NULL at this point of time with SME-in-driver case. Address this by getting the BSS from the bssid obtained in association reject indication and skip the step if no BSS entry can be found. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Flush PMKSA if an assoc reject without timeout is receivedSrinivas Dasari2018-05-151-0/+12
| | | | | | | | | | | | Flush the PMKSA upon receiving association reject event without timeout in the event data in SME-in-driver case to avoid trying to use the old PMKSA entry in subsequent connection attempts. Do not flush PMKSA if association reject is received with timeout as it is generated internally from the driver without reaching the AP. This is similar to the SME-in-wpa_supplicant case that was already addressed within sme_event_assoc_reject(). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Silence a gcc warning on switch statement fallthroughJouni Malinen2018-05-151-0/+1
| | | | | | | Add an explicit comment noting a previously undocumented fallthrough to not trigger an implicit-fallthrough warning. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>