path: root/wpa_supplicant
Commit message (Collapse)AuthorAgeFilesLines
* SAE-PK: Allow SAE-PK password to be set using the psk parameterJouni Malinen18 hours2-3/+8
| | | | | | | | | Only the sae_password parameter was previously accepted for SAE-PK use. That is not sufficient for covering mixed SAE+PSK cases. Extend this by allowing the psk parameter to be used as well just like it can be used for SAE without SAE-PK. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* OCV: OCI channel override support for testing (STA)Veerendranath Jakkam4 days4-0/+37
| | | | | | | | Add override parameters to use the specified channel while populating OCI element in EAPOL-Key group msg 2/2, FT reassoc request, FILS assoc request and WNM sleep request frames. Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
* dpp-nfc: Report negotiated connection handover resultJouni Malinen8 days1-0/+18
| | | | | | Print out a summary of the result in yellow text. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* dpp-nfc: Stop only_one run after failed handover attemptJouni Malinen8 days1-2/+4
| | | | | | | Do not require connection handover to succeed before stopping the loop in the only_one case. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* dpp-nfc: Do not indicate no initial HS as failure if alt HR will be sentJouni Malinen8 days1-4/+6
| | | | | | | Do not use red color for the "No response receive" message in case another HR will be sent after this. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* dpp-nfc: Improved version of HandoverServer::serve()Jouni Malinen8 days1-0/+59
| | | | | | | | Fix processing of the case where no handover select is sent out and add automatic (delayed) termination of the link on completing the handover successfully. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* dpp-nfc: Stop process after successful handover client completionJouni Malinen8 days1-2/+2
| | | | | | | | terminate_now was not being set in the only_one case with connection handover. Set it for that case as well as the tag cases to automatically close down the link once it is not needed anymore. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* dpp-nfc: Optimize HandoverClient message receiving for alternative HR caseJouni Malinen8 days1-1/+42
| | | | | | | | | Use a shorter polling interval in recv_octets() to be able to send out the alternative HR more quickly when using a single thread and handover client. In addition, fix recv_records() to handle normal exception cases like not receiving anything. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* dpp-nfc: Use a single handover client threadJouni Malinen8 days1-13/+23
| | | | | | | Avoid extra complexity from use a separate thread to send out the alternative proposal. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* dpp-nfc: Add a class for maintaining connection handover stateJouni Malinen8 days1-121/+104
| | | | | | This cleans up the shared state between the handover server and client. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* dpp-nfc: Reuse the same handover client for alternative URIJouni Malinen8 days1-18/+59
| | | | | | | | Postpone closing of the handover client to allow the same client to be used for sending both handover request messages if an alternative URI needs to be tried. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* dpp-nfc: Add peer URI into the HS in testing modeJouni Malinen8 days1-0/+1
| | | | | | | This makes it easier to confirm that the correct pair of the HR and the HS were used. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* dpp-nfc: Enable more verbose nfcpy debuggingJouni Malinen8 days1-0/+8
| | | | | | | | Set logging level to various upper layer nfcpy modules to enable more detailed debugging of the actual NFC operations when requested (-d on the command line). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* dpp-nfc: Skip P2P management interfacesJouni Malinen8 days1-3/+6
| | | | | | | Do not try to perform DPP operations on the P2P management interface when no specific interface has been identified. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* dpp-nfc: Ignore (no) response to initial handover requestJouni Malinen2020-07-241-1/+13
| | | | | | | | If an alternative proposal (second handover request) is sent, the response (or lack of it) to the initial handover request should be ignored. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* dpp-nfc: Do not allow more than one alternative channel proposalJouni Malinen2020-07-241-2/+13
| | | | | | | | | This avoids potential loops of endless alternative URI exchanges over NFC negotiated connection handover. Only allow one such alternative proposal and declarare the handover as a failure if another alternative were needed. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* dpp-nfc: Add test mode for negotiated connection handoverJouni Malinen2020-07-241-41/+88
| | | | | | | | Allow all actual DPP processing steps in wpa_supplicant to be skipped by specifying hardcoded URI values. Also allow a hardcoded crn to be specified to force specific handover requestor/selector roles. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Rename driver op for temporarily disallowed BSSIDsJouni Malinen2020-07-242-7/+7
| | | | | | | | Use the "tmp_disallow" name more consistently so that both the core wpa_supplicant functionality (struct wpa_bss_tmp_disallowed) and the wpa_driver_ops callback have more similar names. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Fix auth termination after receiving Configurator backupJouni Malinen2020-07-232-1/+5
| | | | | | | | | remove_on_tx_status needs to be set in this case even if dpp_config_processing=2 is used since there will be no connection attempt when receiving a Configurator backup instead of station config object. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* dpp-nfc: Return failure status if operation failsJouni Malinen2020-07-231-2/+8
| | | | | | | For now, this is done only for the case where the NFC Device is not usable and if writing a single tag fails. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* dpp-nfc: Add color and details for interactive operationsJouni Malinen2020-07-231-32/+51
| | | | | | | Make the debug output easier to read when performing interactive NFC operations on a device that has a terminal showing the log. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* dpp-nfc: Fix regression in NFC Tag writingJouni Malinen2020-07-231-2/+2
| | | | | | | | The change to checking DPP_LISTEN return value ended up overwriting the actual URI information from wpas_get_nfc_uri(). Fixes: 288c0ffaaa27 ("dpp-nfc: Do not hardcode netrole for NFC Tag writing cases") Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* dpp-nfc: Detect a non-NDEF tag when trying to writeJouni Malinen2020-07-231-0/+3
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* dpp-nfc: Do not hardcode netrole for NFC Tag writing casesJouni Malinen2020-07-221-2/+14
| | | | | | | | | | | | | Allow netrole to be specified for NFC Tag writing cases. Previously, this was hardcoded to use netrole=configurator when starting the listen operation. Now the netrole parameter is not included by default, but any netrole value can be specified with the new --netrole command line argument. In addition, fix the listening frequency for the case where a channel is picked. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* mesh: Fix peer link counting when removing a mesh peerYu Wang2020-07-151-0/+2
| | | | | | | | | | | | | When removing a mesh peer with control interface commands (ACCEPT_ACL DEL_MAC/DENY_ACL ADD_MAC/MESH_PEER_REMOVE) the plink count was not decreased from its last connection. This resulted in peer link count leakage and wpa_supplicant rejecting the connections after reaching max_peer_links (default: 99). Fix this by decreasing the plink count when removing a mesh peer which is in PLINK_ESTAB state. Signed-off-by: Yu Wang <yyuwang@codeaurora.org>
* DPP2: Make sure dpp_auth gets cleared with external config processingJouni Malinen2020-06-261-0/+2
| | | | | | | | wpa_s->dpp_auth did not get cleaner if dpp_config_processing=1 is used. Clear this after having received TX status for Configuration Result to avoid leaving behind the completed provisioning instance. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Do not allow reconfiguration to be started with pending authJouni Malinen2020-06-261-0/+6
| | | | | | | | The pending authentication exchange will make us ignore Reconfig Authentication Request, so do not allow reconfiguration to be started in that state. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Debug print reason for rejecting reconfigurationJouni Malinen2020-06-261-3/+15
| | | | | | | This makes it easier to understand why Reconfig Authentication Request gets ignored. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* dpp-nfc: Fix connection handover renegotiationJouni Malinen2020-06-241-11/+16
| | | | | | | | | | The use of the alternative channel list did not work properly for the case were both ends were trying to initiate the negotiated connection handover. Fix this by always starting a new connection handover client thread for sending the alternative proposal and ignoring peer messages (likely something from the first attempt) during this modified attempt. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* FILS: Use FILS auth alg when connecting using PMKSA cachingVinita S. Maloo2020-06-231-7/+11
| | | | | | | | | | | | | | | | | | When a PMKSA cache entry is available and used for connection with FILS key management suite, use FILS authentication algorithm for connection even if ERP keys are not available. This scenario may happen when applications using wpa_supplicant cache persistently only PMKSA but not ERP keys and reconfigures wpa_supplicant with PMKSA cache after restarting wpa_supplicant. The previous implementation correctly handles SME-in-wpa_supplicant cases. However, SME-in-driver cases, complete FILS authentication without PMKSA caching is performed. Fix SME-in-driver behavior by setting authentication algorithm to WPA_AUTH_ALG_FILS when connecting to a FILS AP using PMKSA caching. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* 6 GHz: Change 6 GHz channels per IEEE P802.11ax/D6.1Wu Gao2020-06-231-3/+3
| | | | | | | | | | | The channel numbering/center frequencies was changed in IEEE P802.11ax/D6.1. The center frequencies of the channels were shifted by 10 MHz. Also, a new operating class 136 was defined with a single channel 2. Add required support to change the channelization as per IEEE P802.11ax/D6.1. Signed-off-by: Wu Gao<wugao@codeaurora.org> Signed-off-by: Vamsi Krishna <vamsin@codeaurora.org>
* dpp-nfc: Support channel list negotiationJouni Malinen2020-06-231-6/+35
| | | | | | | | | If the peer's channel list in negotiated handover does not have any common channels and the local end is configured with an alternative channel list, try to initiate another negotiation handover with the alternative channels. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* dpp-nfc: Update debug print for tag-read-only operationJouni Malinen2020-06-221-1/+4
| | | | | | | Be clearer about only a tag read being allowed when dpp-nfc is configured to not allow connection handover. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Fix DPP_CA_SET processing with authentication not having peer BIJouni Malinen2020-06-221-1/+2
| | | | | | Need to check for auth->peer_bi being set before using it here. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP: Clear bootstrap entries only after clearing authentication stateJouni Malinen2020-06-221-1/+1
| | | | | | | | | | This fixes an issue where the pending authentication might have held a reference to auth->tmp_peer_bi and dpp_auth_deinit() would try to free that bootstrapping entry. This needs to happen before the call to dpp_global_clear() to avoid double-removal of the bootstrapping entry from the list. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Convert int to bool for throughput estimate tablesJouni Malinen2020-06-191-7/+7
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Add WPA_EVENT_{DO,SKIP}_ROAM eventsMatthew Wang2020-06-191-6/+16
| | | | | | | Add events for within-ESS reassociation. This allows us to monitor roam events, both skipped and allowed, in tests. Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
* Refactor wpa_supplicant_need_to_roam()Matthew Wang2020-06-192-37/+48
| | | | | | | | | | Pull all the within-ESS roam code out of wpa_supplicant_need_to_roam() and into its own function, wpa_supplicant_need_to_roam_within_ess(). This way, we avoid interleaving several #ifndef's in the original function and wrap the new function in one big #ifndef. This also modularizes the within-ESS roam code and makes it easier to test. Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
* Use lookup-table instead of macro for TX rate estimatesMatthew Wang2020-06-191-48/+76
| | | | | | | Change INTERPOLATE_RATE() macro to a lookup-table instead for the sake of readability. Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
* DPP2: Remove forgetten development time debug printsJouni Malinen2020-06-181-4/+0
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Add an automatic peer_bi entry for CSR matching if neededJouni Malinen2020-06-181-12/+28
| | | | | | | | This allows the DPP_CA_SET command to be targeting a specific DPP-CST event in cases where the Configurator did not receive the bootstrapping information for the peer. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Add Enrollee name into CSR as the commonNameJouni Malinen2020-06-181-2/+4
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Do not try to proceed with GAS client if CSR building failsJouni Malinen2020-06-181-0/+1
| | | | | | | This error path was supposed to stop instead of continuing to wpas_dpp_start_gas_client(). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Allow CSR processing by CA/RA to reject configurationJouni Malinen2020-06-171-17/+27
| | | | | | | "DPP_CA_SET name=status value=<int>" can now be used to explicitly indicate that CSR was rejected by CA/RA. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Enterprise provisioning (Enrollee)Jouni Malinen2020-06-161-1/+160
| | | | | | | | | Add initial Enrollee functionality for provisioning enterprise (EAP-TLS) configuration object. This commit is handling only the most basic case and a number of TODO items remains to handle more complete CSR generation and config object processing. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Enterprise provisioning (Configurator)Jouni Malinen2020-06-163-0/+103
| | | | | | | Add Configurator functionality for provisioning enterprise (EAP-TLS) configuration object. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* GAS server: Support comeback delay from the request handlerJouni Malinen2020-06-151-2/+2
| | | | | | | Allow GAS request handler function to request comeback delay before providing the response. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE-PK: Advertise RSNXE capability bit in STA modeJouni Malinen2020-06-101-0/+7
| | | | | | | Set the SAE-PK capability bit in RSNXE when sending out (Re)Association Request frame for a network profile that allows use of SAE-PK. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0: Use global pmf=2 for the created network blockJouni Malinen2020-06-081-1/+3
| | | | | | | | | | | | | Previously, PMF support was enabled in optional mode (ieee80211w=1) for Hotspot 2.0 network blocks automatically. This did not consider the global PMF parameter and unconditionally changed that value to optional. Since the newly added network block had an explicit ieee80211w parameter, this overrode the global parameter. To make this less surprising, use the global pmf parameter value to select whether to add network blocks for Hotspot 2.0 with PMF being optionally enabled (pmf=0 or pmf=1) or required (pmf=2). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Allow TX queue parameters to be configured for wpa_supplicant AP/P2P GOSubrat Dash2020-06-083-0/+41
| | | | | | | | | | | | Allow user to configure the TX queue parameters through the wpa_supplicant configuration file similarly to the way these can be set in hostapd. Parse the tx_queue_* parameters in the wpa_supplicant configuration file and update the TX queue configuration to the AP/P2P GO interface in the function wpa_supplicant_create_ap(). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>