path: root/wpa_supplicant
Commit message (Collapse)AuthorAgeFilesLines
* Allow scans triggered by D-Bus to use MAC address randomizationEric Caruso2019-10-271-0/+4
| | | | | | | | | wpas_dbus_handler_scan() constructs a set of 'params' each time, but it doesn't acknowledge the existing randomization settings when doing so. That means that any D-Bus initiated scans weren't going to follow the configured settings. Signed-off-by: Eric Caruso <ejcaruso@chromium.org>
* D-Bus: Add MAC address randomization endpointsEric Caruso2019-10-275-0/+203
| | | | | | | | | | Add D-Bus property: * MACAddressRandomizationMask: a{say} which configure random MAC address functionality in the Wi-Fi driver via netlink. Signed-off-by: Eric Caruso <ejcaruso@chromium.org>
* Move ownership of MAC address randomization mask to scan paramsEric Caruso2019-10-271-39/+40
| | | | | | | | | This array can be freed either from the scan parameters or from clearing the MAC address randomization parameters from the wpa_supplicant struct. To make this ownership more clear, we have each struct own its own copy of the parameters. Signed-off-by: Eric Caruso <ejcaruso@chromium.org>
* DPP: Mention ssid and pass parameters for DPP_AUTH_INIT in documentationJouni Malinen2019-10-271-1/+3
| | | | | | | These parameter use hexdump values over the control interface, so mention them in the DPP example documentation. Signed-off-by: Jouni Malinen <j@w1.fi>
* dbus: Export OWE capability and OWE BSS key_mgmtBeniamino Galvani2019-10-271-3/+9
| | | | | | | | Export a new 'owe' capability to indicate that wpa_supplicant was built with OWE support and accepts 'key_mgmt=OWE'. Also, support 'owe' in the array of BSS' available key managements. Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
* D-Bus: Fix P2P NULL dereference after interface removalDavide Caratti2019-10-271-2/+67
| | | | | | | | | | | | | | When the P2P management interface is deleted, P2P is then disabled and global->p2p_init_wpa_s is set to NULL. After that, other interfaces can still trigger P2P functions (like wpas_p2p_find()) using D-Bus. This makes wpa_supplicant terminate with SIGSEGV, because it dereferences a NULL pointer. Fix this by adding proper checks, like it's done with wpa_cli. CC: Beniamino Galvani <bgalvani@redhat.com> CC: Benjamin Berg <benjamin@sipsolutions.net> Reported-by: Vladimir Benes <vbenes@redhat.com> Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
* SAE: Ignore commit message when waiting for confirm in STA modeJouni Malinen2019-10-271-2/+5
| | | | | | | | | | | Previously, an unexpected SAE commit message resulted in forcing disconnection. While that allowed recovery by starting from scratch, this is not really necessary. Ignore such unexpected SAE commit message instead and allow SAE confirm message to be processed after this. This is somewhat more robust way of handling the cases where SAE commit message might be retransmitted either in STA->AP or AP->STA direction. Signed-off-by: Jouni Malinen <j@w1.fi>
* Do not indicate possible PSK failure when using SAEJouni Malinen2019-10-271-1/+2
| | | | | | | | | | wpa_key_mgmt_wpa_psk() includes SAE AKMs. However, with SAE, there is no way of reaching 4-way handshake without the password having already been verified as part of SAE authentication. As such, a failure to complete 4-way handshake with SAE cannot indicate that the used password was incorrect. Signed-off-by: Jouni Malinen <j@w1.fi>
* wpa_supplicant: Fix arithmetic on void pointerJesus Fernandez Manzano2019-10-251-2/+3
| | | | | | | | | | When using void pointers in calculations, the behavior is undefined. Arithmetic operations on 'void *' is a GNU C extension, which defines the 'sizeof(void)' to be 1. This change improves portability of the code. Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.net>
* dbus: Suppress to show NULL stringMasashi Honma2019-10-251-2/+2
| | | | | | | | | | | | | | | | wpa_s->dbus_groupobj_path is always NULL so suppress to show it. This was found by gcc 9.2.1 warning. dbus/dbus_new.c: In function ‘wpas_dbus_unregister_p2p_group’: dbus/dbus_new.c:4793:3: warning: ‘%s’ directive argument is null [-Wformat-overflow=] 4793 | wpa_printf(MSG_DEBUG, | ^~~~~~~~~~~~~~~~~~~~~ 4794 | "%s: Group object '%s' already unregistered", | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 4795 | __func__, wpa_s->dbus_groupobj_path); | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* Interworking: Check NULL string to avoid compiler warningMasashi Honma2019-10-251-1/+1
| | | | | | | | | | | | | | | Fix warning by gcc 9.2.1. interworking.c: In function ‘interworking_home_sp_cred’: interworking.c:2263:3: warning: ‘%s’ directive argument is null [-Wformat-overflow=] 2263 | wpa_msg(wpa_s, MSG_DEBUG, | ^~~~~~~~~~~~~~~~~~~~~~~~~ 2264 | "Interworking: Search for match with SIM/USIM domain %s", | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 2265 | realm); | ~~~~~~ Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* Fix name of DBus interface in defconfigPhil Wise2019-10-251-1/+1
| | | | Signed-off-by: Phil Wise <phil@phil-wise.com>
* Store a copy of Association Request RSNXE in AP mode for later useJouni Malinen2019-10-171-1/+1
| | | | | | | This is needed to be able to compare the received RSNXE to a protected version in EAPOL-Key msg 2/4. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Add RSNXE in Association Request and EAPOL-Key msg 2/4Jouni Malinen2019-10-174-7/+50
| | | | | | | | | Add the new RSNXE into (Re)Association Request frames and EAPOL-Key msg 2/4 when using SAE with hash-to-element mechanism enabled. This allows the AP to verify that there was no downgrade attack when both PWE derivation mechanisms are enabled. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* FST: Update FST about MAC address changeDedy Lansky2019-10-151-0/+5
| | | | | | | Notify FST module upon MAC address change. FST module will update the Multiband IE accordingly. Signed-off-by: Dedy Lansky <dlansky@codeaurora.org>
* wpa_supplicant: Pass in operating class for channel validity checksJouni Malinen2019-10-153-29/+51
| | | | | | | | This is needed to allow the 6 GHz operating classes to be compared against the driver support channels since the channel numbers are not really unique identifiers of a channel even within a single band. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Check that peer's rejected groups are not enabledJouni Malinen2019-10-151-0/+52
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: H2E version of SAE commit message handling for STAJouni Malinen2019-10-152-10/+64
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Collect list of rejected groups for H2E in STAJouni Malinen2019-10-153-0/+15
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Derive H2E PT in STA before connectionJouni Malinen2019-10-153-1/+52
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* RSN: Verify RSNXE match between Beacon/ProbeResp and EAPOL-Key msg 3/4Jouni Malinen2019-10-154-7/+25
| | | | | | | | If the AP advertises RSN Extension element, it has to be advertised consistently in the unprotected (Beacon and Probe Response) and protected (EAPOL-Key msg 3/4) frames. Verify that this is the case. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Handle BSS membership selector indication for H2E-only in STA modeJouni Malinen2019-10-151-0/+13
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Add sae_pwe configuration parameter for wpa_supplicantJouni Malinen2019-10-155-0/+22
| | | | | | | | This parameter can be used to specify which PWE derivation mechanism(s) is enabled. This commit is only introducing the new parameter; actual use of it will be address in separate commits. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Tell sae_parse_commit() whether H2E is usedJouni Malinen2019-10-141-1/+2
| | | | | | This will be needed to help parsing the received SAE commit. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* wpa_cli: Clean up unnecessarily complex CONFIG_MESH useJouni Malinen2019-10-071-4/+1
| | | | | | | | | There is no need for #ifdef/#else/#endif construction in network_fields[] to cover "mode" (which is completely independent of CONFIG_MESH) or two separate conditional blocks for mesh related network fields, so move these into a single conditionally included block. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* wpa_supplicant: Pass AP mode EDMG config to hostapd structAlexei Avshalom Lazar2019-10-071-0/+16
| | | | Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
* wpa_supplicant: Add support for EDMG channelsAlexei Avshalom Lazar2019-10-071-0/+177
| | | | | | | | | | | | | | | | | As part of a connection request, set EDMG parameters for the driver to use in the association. The EDMG parameters are based on EDMG IE received from the AP's Probe Response frames, the driver's EDMG capability, and the EDMG configuration from the configuration. As part of starting an AP, set EDMG parameters for the driver to use for AP operation. The EDMG parameters are based on the driver's EDMG capability and the EDMG configuration from the configuration. This implementation is limited to CB2 (channel bonding of 2 channels) and the bonded channels must be adjacent, i.e., the supported values for edmg_channel are 9..13. Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
* Indicate EDMG in scan resultsAlexei Avshalom Lazar2019-10-071-0/+9
| | | | | | Add [EDMG] flag to scan results. Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
* Add EDMG parameters to set_freq functionsAlexei Avshalom Lazar2019-10-071-1/+2
| | | | | | | This updates the frequency parameter setting functions to include argument for EDMG. Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
* wpa_supplicant: Add EDMG channel configuration parametersAlexei Avshalom Lazar2019-10-075-0/+32
| | | | | | | | | | Add two new configuration parameters for wpa_supplicant: enable_edmg: Enable EDMG capability for STA/AP mode edmg_channel: Configure channel bonding. In AP mode it defines the EDMG channel to start the AP on. In STA mode it defines the EDMG channel to use for connection. Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
* MBO/OCE: Update disable_mbo_oce flag after associationAnkita Bajaj2019-10-011-1/+10
| | | | | | | | | | | | | | After roaming to an AP, update disable_mbo_oce flag based on the current BSS capabilities. This flag is used to check whether STA should support MBO/OCE features and process BTM request received from the current connected AP. When a STA roams from a WPA2 MBO/OCE AP with PMF enabled to a misbehaving WPA2 MBO/OCE AP without PMF, or if the driver chooses a BSS in which PMF is not enabled for the initial connection, BTM requests from such APs should not be processed by STA. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Support multiple Config Objects in EnrolleeJouni Malinen2019-10-011-43/+72
| | | | | | | | | Process all received DPP Configuration Object attributes from Configuration Result in Enrollee STA case. If wpa_supplicant is configured to add networks automatically, this results in one network being added for each included Configuration Object. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Allow SAE to be used in wpa_supplicant AP modeJouni Malinen2019-09-211-1/+29
| | | | | | | | | | | SAE password configuration for AP mode requires additional steps compared to PSK cases. Previous implementation allowed SAE to be configured, but all authentication attempts would fail due to no password being available. Now both psk and sae_password/sae_password_id parameters are translated properly to the hostapd configuration structures to fix this. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* NetBSD: Fix compileRoy Marples2019-09-211-3/+6
| | | | | | | | | | On NetBSD the ethernet header is net/if_ether.h This also pulls in net/if.h which defines if_type, which in turn conflicts with an enum in wpa_supplicant. As such we need to include this at the bottom rather than at the top. Signed-off-by: Roy Marples <roy@marples.name>
* MBO/OCE: Work around misbehaving MBO/OCE APs that use RSN without PMFVamsi Krishna2019-09-206-23/+43
| | | | | | | | | | | | | | | | | | | | | | The MBO and OCE specification require the station to mandate use of PMF when connecting to an MBO/OCE AP that uses WPA2. The earlier implementation prevented such misbehaving APs from being selected for connection completely. This looks like the safest approach to take, but unfortunately, there are deployed APs that are not compliant with the MBO/OCE requirements and this strict interpretation of the station requirements results in interoperability issues by preventing the association completely. Relax the approach by allowing noncompliant MBO/OCE APs to be selected for RSN connection without PMF to avoid the main impact of this interoperability issue. However, disable MBO/OCE functionality when PMF cannot be negotiated to try to be as compliant as practical with the MBO/OCE tech spec requirements (i.e., stop being an MBO/OCE STA for the duration of such workaround association). Also disable support for BTM in this workaround state since MBO would expect all BTM frames to be protected. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP: Add bandSupport JSON array into config requestJouni Malinen2019-09-183-4/+30
| | | | | | | Indicate supported global operating classes when wpa_supplicant is operating as an Enrollee. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP: Allow name and mudurl to be configured for Config RequestJouni Malinen2019-09-184-15/+39
| | | | | | | | | | | The new hostapd and wpa_supplicant configuration parameters dpp_name and dpp_mud_url can now be used to set a specific name and MUD URL for the Enrollee to use in the Configuration Request. dpp_name replaces the previously hardcoded "Test" string (which is still the default if an explicit configuration entry is not included). dpp_mud_url can optionally be used to add a MUD URL to describe the Enrollee device. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Connection status result (Enrollee)Jouni Malinen2019-09-165-3/+201
| | | | | | | Add support for reporting connection status after provisioning if the Configurator requests this. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Connection status result (Configurator)Jouni Malinen2019-09-161-0/+74
| | | | | | | | | | | | | | | | | | A new argument to the DPP_AUTH_INIT command (conn_status=1) can now be used to set Configurator to request a station Enrollee to report connection result after a successfully completed provisioning step. If the peer supports this, the DPP-CONF-SENT event indicates this with a new argument (wait_conn_status=1) and the Configurator remains waiting for the connection result for up to 16 seconds. Once the Enrollee reports the result, a new DPP-CONN-STATUS-RESULT event is generated with arguments result, ssid, and channel_list indicating what the Enrollee reported. result=0 means success while non-zero codes are for various error cases as specified in the DPP tech spec. If no report is received from the Enrollee, the event with "timeout" argument is generated locally. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* wpa_supplicant: Don't return an error when successfully parsing WMM rulesSujay Patwardhan2019-09-131-0/+1
| | | | | | | | | The config file parser previously would fall through into an error if CONFIG_AP is defined and it hit a wmm_ac_* rule with a valid value. Add a return to prevent incorrectly printing an error message and returning a non-zero exit code. Signed-off-by: Sujay Patwardhan <sujay@eero.com>
* P2P: Use latest BSS entry if multiple P2P Device Addr matches foundHu Wang2019-09-131-6/+13
| | | | | | | | | | | | If an AP (P2P GO) has changed its operating channel or SSID recently, the BSS table may have multiple entries for the same BSSID. Commit 702621e6dd35 ('WPS: Use latest updated BSS entry if multiple BSSID matches found') fetches latest updated BSS entry based on BSSID. Do the same when fetching an entry based on the P2P Device Address. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* wpa_supplicant: Add support for 60 GHz band channels 5 and 6Alexei Avshalom Lazar2019-09-132-2/+2
| | | | | | | The previous support in the 60 GHz band was for channels 1-4. Add support for channels 5 and 6. Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
* WPS: Update MAC address on address changesMikael Kanstrup2019-09-093-0/+16
| | | | | | | | | | | The WPS component keeps a copy of the network interface MAC address. When MAC address is changed the WPS copy was not updated so WPS M1 message contained the old address. Some devices check this field and fail connection attempts. Update the WPS MAC address on interface MAC address changes. Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sony.com>
* wpa_cli: Do not pick p2p-dev-* interfaces by defaultJouni Malinen2019-09-091-1/+4
| | | | | | | | These are the driver-specific interface for the non-netdev P2P Device interface and not something that useful for most use cases. Skip them to allow the main netdev (e.g., wlan0 over p2p-dev-wlan0) to be selected. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* FILS: Update connect params after sending connection notificationAnkita Bajaj2019-09-081-1/+8
| | | | | | | | | Update connect params will update auth_alg and fils_hlp_req in wpa_supplicant structure before calling function wpas_notify_state_changed(). This could have resulted in triggering inconsistent state change events and messages in the Android framework. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Fix wpa_supplicant build dependencies for CONFIG_AP=y buildJouni Malinen2019-09-082-0/+8
| | | | | | | Fix CONFIG_DPP2=y with CONFIG_AP=y build for cases where the needed dependencies were not pulled in by other optional build parameters. Signed-off-by: Jouni Malinen <j@w1.fi>
* DPP: Fix wpa_supplicant build dependencies for DPP-only buildJouni Malinen2019-09-082-8/+4
| | | | | | | Fix CONFIG_DPP=y build for cases where the needed dependencies were not pulled in by other optional build parameters. Signed-off-by: Jouni Malinen <j@w1.fi>
* Remove CONFIG_IEEE80211W build parameterJouni Malinen2019-09-0820-177/+1
| | | | | | | | | Hardcode this to be defined and remove the separate build options for PMF since this functionality is needed with large number of newer protocol extensions and is also something that should be enabled in all WPA2/WPA3 networks. Signed-off-by: Jouni Malinen <j@w1.fi>
* EAP-TEAP peer: Add support for machine credentials using certificatesJouni Malinen2019-09-013-0/+42
| | | | | | | | | This allows EAP-TLS to be used within an EAP-TEAP tunnel when there is an explicit request for machine credentials. The network profile parameters are otherwise same as the Phase 1 parameters, but each one uses a "machine_" prefix for the parameter name. Signed-off-by: Jouni Malinen <j@w1.fi>
* Do not try to include net/ethernet.h in MinGW/Windows buildsJouni Malinen2019-09-011-0/+2
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>