aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant
Commit message (Collapse)AuthorAgeFilesLines
...
* DPP: Negotiation channel change request from InitiatorJouni Malinen2017-10-291-7/+49
| | | | | | | | | Allow the Initiator to request a different channel to be used for DPP Authentication and DPP Configuration exchanges. This commit adds support for this in wpa_supplicant with the optional neg_freq=<freq in MHz> parameter in DPP_AUTH_INIT. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Allow testing override values to be clearedJouni Malinen2017-10-291-3/+18
| | | | | | | | This allows wpa_supplicant dpp_config_obj_override, dpp_discovery_override, and dpp_groups_override parameters to be cleared by setting them to a zero-length value. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Add DPP Status attribute into Peer Discovery ResponseJouni Malinen2017-10-291-9/+38
| | | | | | | This was added in DPP tech spec v0.2.7 to allow result of network introduction to be reported. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Report invalid messages and failure conditions in control interfaceJouni Malinen2017-10-221-8/+8
| | | | | | | This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Report transmitted messages as control interface eventsJouni Malinen2017-10-221-13/+47
| | | | | | | | This is helpful for testing purposes and also for upper layer components that may want to show more detailed progress through a DPP exchange. Both the DPP-TX and DPP-TX-STATUS events are provided. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Report received messages as control interface eventsJouni Malinen2017-10-221-1/+10
| | | | | | | This is helpful for testing purposes and also for upper layer components that may want to show more detailed progress through a DPP exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Remove unnecessary Wrapped Data checks from callersJouni Malinen2017-10-221-18/+5
| | | | | | | | Now that dpp_check_attrs() takes care of verifying that no attributes are after the Wrapped Data attribute, the duplicated checks in hostapd and wpa_supplicant side of the implementation can be removed. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Protocol testing frameworkJouni Malinen2017-10-221-0/+6
| | | | | | | | | | | | | | Add a generic mechanism for configuring the DPP implementation to behave in particular different (mostly incorrect) ways for protocol testing purposes. The new dpp_test parameter can be set to a non-zero integer to indicate a specific behavior. This is only available in CONFIG_TESTING_OPTIONS=y builds. This commit include cases for an extra attribute being added after the Wrapped Data attribute and Initiator/Responder capabilities having an unexpected zero capability. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Fix a typo in a debug messageJouni Malinen2017-10-221-1/+1
| | | | | | This radio_work_free() message was missing the closing parenthesis. Signed-off-by: Jouni Malinen <j@w1.fi>
* wpa_supplicant: Increase UDP control interface RX bufferJanusz Dziedzic2017-10-211-2/+2
| | | | | | | | | | | | | Seems like some test cases, e.g., ap_wpa2_psk_ext_retry_msg_3c, require larger buffer than 256 bytes. In other case I fail such test cases when run on real HW and using: CONFIG_CTRL_IFACE=udp-remote Increase the RX buffer from 256 to 4096 bytes to match the other control interface cases. Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
* DPP: Update AES-SIV AD for PKEX framesJouni Malinen2017-10-191-6/+9
| | | | | | | The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Update AES-SIV AD for DPP Authentication framesJouni Malinen2017-10-182-51/+27
| | | | | | | The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FILS: Send updated connection parameters to drivers if neededVidyullatha Kanchanapally2017-10-172-2/+55
| | | | | | | | | | After an initial connection wpa_supplicant derives ERP information which can be used in doing eventual authentications in the same realm. This information can be used by drivers with offloaded FILS support to do driver/firmware initiated roamings. Add support to send this updated information to such drivers. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Move assoc param setting into a helper functionVidyullatha Kanchanapally2017-10-171-117/+130
| | | | | | | This is needed to be able to use the same implementation for updating the connection parameters in the driver during an association. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FILS: Update replay counter from roam infoVidyullatha Kanchanapally2017-10-171-5/+1
| | | | | | | | | Update the replay counter after a roam for all cases. This restores the design back to what it was before commit 01ef320f192daa074c7055a44a03b6b5b811d6bd ('FILS: Update ERP next sequence number with driver offload'). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Allow last (Re)Association Request frame to be replayed for testingJouni Malinen2017-10-165-0/+63
| | | | | | | | | | | The new wpa_supplicant RESEND_ASSOC command can be used to request the last (Re)Association Request frame to be sent to the AP to test FT protocol behavior. This functionality is for testing purposes and included only in builds with CONFIG_TESTING_OPTIONS=y. Signed-off-by: Jouni Malinen <j@w1.fi>
* Allow EAPOL-Key Request to be sent through control interfaceJouni Malinen2017-10-161-0/+18
| | | | | | | | | | The new wpa_supplicant "KEY_REQUEST <error=0/1> <pairwise=0/1>" command can be used to request an EAPOL-Key Request frame to be sent to the AP. This functionality is for testing purposes and included only in builds with CONFIG_TESTING_OPTIONS=y. Signed-off-by: Jouni Malinen <j@w1.fi>
* Make last received ANonce available through control interfaceJouni Malinen2017-10-161-0/+6
| | | | | | | This makes it easier to debug 4-way handshake implementation issues without having to use a sniffer. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add testing functionality for resetting PN/IPN for configured keysJouni Malinen2017-10-164-0/+47
| | | | | | | | | | | | | This can be used to test replay protection. The "RESET_PN" command in wpa_supplicant and "RESET_PN <addr>" command in hostapd resets the local counters to zero for the last configured key. For hostapd, the address parameter specifies which STA this operation is for or selects GTK ("ff:ff:ff:ff:ff:ff") or IGTK ("ff:ff:ff:ff:ff:ff IGTK"). This functionality is for testing purposes and included only in builds with CONFIG_TESTING_OPTIONS=y. Signed-off-by: Jouni Malinen <j@w1.fi>
* Remove all PeerKey functionalityJouni Malinen2017-10-1515-113/+20
| | | | | | | | | | | | | | | | | | | | | | | | This was originally added to allow the IEEE 802.11 protocol to be tested, but there are no known fully functional implementations based on this nor any known deployments of PeerKey functionality. Furthermore, PeerKey design in the IEEE Std 802.11-2016 standard has already been marked as obsolete for DLS and it is being considered for complete removal in REVmd. This implementation did not really work, so it could not have been used in practice. For example, key configuration was using incorrect algorithm values (WPA_CIPHER_* instead of WPA_ALG_*) which resulted in mapping to an invalid WPA_ALG_* value for the actual driver operation. As such, the derived key could not have been successfully set for the link. Since there are bugs in this implementation and there does not seem to be any future for the PeerKey design with DLS (TDLS being the future for DLS), the best approach is to simply delete all this code to simplify the EAPOL-Key handling design and to get rid of any potential issues if these code paths were accidentially reachable. Signed-off-by: Jouni Malinen <j@w1.fi>
* WNM: Ignore WNM-Sleep Mode Response without pending requestJouni Malinen2017-10-151-1/+3
| | | | | | | | | | | Commit 03ed0a52393710be6bdae657d1b36efa146520e5 ('WNM: Ignore WNM-Sleep Mode Response if WNM-Sleep Mode has not been used') started ignoring the response when no WNM-Sleep Mode Request had been used during the association. This can be made tighter by clearing the used flag when successfully processing a response. This adds an additional layer of protection against unexpected retransmissions of the response frame. Signed-off-by: Jouni Malinen <j@w1.fi>
* SAE: Allow SAE password to be configured separately (STA)Jouni Malinen2017-10-118-6/+39
| | | | | | | | | The new sae_password network profile parameter can now be used to set the SAE password instead of the previously used psk parameter. This allows shorter than 8 characters and longer than 63 characters long passwords to be used. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* P2P: Do not mark DFS channel as invalid if DFS is offloaded to driverSunil Dutt2017-10-111-2/+6
| | | | | | | | While considering the movement of P2P GO from its current operating channel, do not mark a DFS channel as invalid if DFS is offloaded to the driver. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* P2P: Prefer 5/60 GHz band over 2.4 GHz during GO configurationSunil Dutt2017-10-111-24/+24
| | | | | | | | | | | | | | | | | | Previously, wpas_p2p_select_go_freq_no_pref() ended up selecting a 2.4 GHz band channel first before even considering 5 or 60 GHz channels. This was likely done more or less by accident rather than by design when the 5 GHz and 60 GHz band extensions were added. It seems reasonable to enhance this by reordering the code to start with 5 and 60 GHz operating classes and move to 2.4 GHz band only if no channel was available in 5 or 60 GHz bands for P2P GO use. This does have some potential interop issues with 2.4 GHz only peer devices when starting up an autonomous GO (i.e., without there being prior knowledge of channels that the peers support). Upper layers are expected to enforce 2.4 GHz selection if that is needed for some use cases. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* OWE: Allow DH Parameters element to be overridden for testing purposesJouni Malinen2017-10-101-0/+6
| | | | | | | | | This allows CONFIG_TESTING_OPTIONS=y builds of wpa_supplicant to override the OWE DH Parameters element in (Re)Association Request frames with arbitrary data specified with the "VENDOR_ELEM_ADD 13 <IE>" command. This is only for testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Add the crypto suite field to the framesJouni Malinen2017-10-091-6/+12
| | | | | | | This additional field was added to DPP Public Action frames in DPP tech spec v0.2.3 to support cryptographic agility in the future. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Remove C-sign-key expiryJouni Malinen2017-10-094-38/+3
| | | | | | This was removed in DPP tech spec v0.2.3. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* OWE: Support station SME-in-driver caseJouni Malinen2017-10-091-1/+20
| | | | | | | | Previously, only the SME-in-wpa_supplicant case was supported. This extends that to cover the drivers that implement SME internally (e.g., through the cfg80211 Connect command). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* OWE: PMKSA caching in station modeJouni Malinen2017-10-091-3/+4
| | | | | | | This extends OWE support in wpa_supplicant to allow PMKSA caching to be used. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* OWE: Support DH groups 20 (NIST P-384) and 21 (NIST P-521) in stationJouni Malinen2017-10-086-1/+27
| | | | | | | | This extends OWE support in wpa_supplicant to allow DH groups 20 and 21 to be used in addition to the mandatory group 19 (NIST P-256). The group is configured using the new network profile parameter owe_group. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* OWE: Support DH groups 20 (NIST P-384) and 21 (NIST P-521) in AP modeJouni Malinen2017-10-082-2/+9
| | | | | | | This extends OWE support in hostapd to allow DH groups 20 and 21 to be used in addition to the mandatory group 19 (NIST P-256). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* OWE: Transition mode support on station sideJouni Malinen2017-10-083-6/+147
| | | | | | | Add support for using the OWE Transition Mode element to determine the hidden SSID for an OWE BSS that is used in transition mode. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* OWE: Set PMK length properly on supplicant sideJouni Malinen2017-10-081-0/+6
| | | | | | | | | | | sm->pmk_len was not set when deriving the PMK as part of OWE key generation. This depending on wpa_sm_set_pmk_from_pmksa() call resetting the value to the default. While this worked for many cases, this is not correct and can have issues with network profile selection based on association information. For example, the OWE transition mode cases would hit an issue here. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* P2P: Allow GO to advertise Interworking elementSunil Dutt2017-10-057-0/+101
| | | | | | | | | This adds new wpa_supplicant configuration parameters (go_interworking, go_access_network_type, go_internet, go_venue_group, go_venue_type) to add a possibility of configuring the P2P GO to advertise Interworking element. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* OCE: Update default scan IEs when OCE is enabled/disabledvamsi krishna2017-10-011-0/+1
| | | | | | | | Update the default scan IEs when OCE is enabled/disabled to the driver/firmware, so that the correct IEs will be sent out by the driver/firmware in Probe Request frames. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add group_mgmt network parameter for PMF cipher selectionJouni Malinen2017-09-267-4/+101
| | | | | | | | | | The new wpa_supplicant network parameter group_mgmt can be used to specify which group management ciphers (AES-128-CMAC, BIP-GMAC-128, BIP-GMAC-256, BIP-CMAC-256) are allowed for the network. If not specified, the current behavior is maintained (i.e., follow what the AP advertises). The parameter can list multiple space separate ciphers. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Suite B: Add tls_suiteb=1 parameter for RSA 3k key caseJouni Malinen2017-09-161-0/+3
| | | | | | | | This adds phase1 parameter tls_suiteb=1 into wpa_supplicant configuration to allow TLS library (only OpenSSL supported for now) to use Suite B 192-bit level rules with RSA when using >= 3k (3072) keys. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Allow raw hex PSK to be used for legacy configurationJouni Malinen2017-09-151-6/+24
| | | | | | | The new psk=<hexdump> can be used as an alternative to pass=<passphrase> when configuring the DPP Configurator with a legacy network parameters. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* wpa_supplicant: Support dynamic update of wowlan_triggersLior David2017-09-133-1/+12
| | | | | | | Previously, wowlan_triggers were updated in kernel only during startup. Also update it whenever it is set from the control interface. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* mesh: Move writing of mesh_rssi_threshold inside CONFIG_MESHLior David2017-09-121-1/+1
| | | | | | | | | | | | | | | Previously, the code that writes mesh_rssi_threshold to a network block always executes, but the code that reads it from network block and the code that initializes it to a default value in a new network block are inside #ifdef CONFIG_MESH. As a result when writing a config file it will write mesh_rssi_threshold (since it has a non-default value) and later fail to read the network block. Fix this by moving the write code under #ifdef CONFIG_MESH as well. Note, network blocks which already have mesh_rssi_threshold because of the bug will still fail to read after the fix. Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
* Fix RSN pre-authentication regression with pre-connection scan resultsJouni Malinen2017-09-121-0/+9
| | | | | | | | | | | | | | | | | | | | | The introduction of radio works and a delayed callback to complete association/connection requests ended up breaking RSN pre-authentication candidate list generation for the case of pre-connection scan results. Previously, wpa_supplicant_associate() set the RSN state machine configuration before returning and the calls to wpa_supplicant_rsn_preauth_scan_results() immediately after this function call were working fine. However, with the radio work callback, the RSN state machine configuration started to happen only in that callback which would be called soon after this code path has completed. This resulted in the RSN state machine not knowing the selected SSID and as such, rejecting all pre-authentication candidates. Fix this by setting the RSN state machine configuration from wpa_supplicant_associate() so that the existing callers of wpa_supplicant_rsn_preauth_scan_results() can be used as-is to add candidates for pre-authentication. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* mka: Add error handling for secy_init_macsec() callsSabrina Dubroca2017-09-101-3/+2
| | | | | | | | | | | | | secy_init_macsec() can fail (if ->macsec_init fails), and ieee802_1x_kay_init() should handle this and not let MKA run any further, because nothing is going to work anyway. On failure, ieee802_1x_kay_init() must deinit its kay, which will free kay->ctx, so ieee802_1x_kay_init callers (only ieee802_1x_alloc_kay_sm) must not do it. Before this patch there is a double-free of the ctx argument when ieee802_1x_kay_deinit() was called. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* wpa_supplicant: Check length when building ext_capability in assoc_cbAdiel Aloni2017-09-101-1/+2
| | | | | | | When building wpa_ie in wpas_start_assoc_cb() with ext_capab, make sure that assignment does not exceed max_wpa_ie_len. Signed-off-by: Adiel Aloni <adiel.aloni@intel.com>
* dbus: Add new interface property to get mesh groupSaurav Babu2017-09-093-0/+39
| | | | Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
* dbus: Add new interface property to get connected mesh peersSaurav Babu2017-09-093-0/+77
| | | | Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
* dbus: Add MeshPeerDisconnected signalSaurav Babu2017-09-095-0/+64
| | | | | | This is similar to the control interface event MESH-PEER-DISCONNECTED. Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
* dbus: Add MeshPeerConnected signalSaurav Babu2017-09-095-0/+62
| | | | | | This is similar to the control interface event MESH-PEER-CONNECTED. Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
* dbus: Add MeshGroupRemoved signalSaurav Babu2017-09-095-0/+79
| | | | | | This is similar to the control interface event MESH-GROUP-REMOVED. Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
* dbus: Add MeshGroupStarted signalSaurav Babu2017-09-095-0/+68
| | | | | | | This introduces a new interface for mesh and adds a signal that is similar to the control interface event MESH-GROUP-STARTED. Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
* SAE: Allow commit fields to be overridden for testing purposes (STA)Jouni Malinen2017-09-043-0/+22
| | | | | | | | | The new "SET sae_commit_override <hexdump>" control interface command can be used to force wpa_supplicant to override SAE commit message fields for testing purposes. This is included only in CONFIG_TESTING_OPTIONS=y builds. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>