[wpa_supplicant] Cumulative patch from b8491ae5a
Also revert local solution for encrypted IMSI and use the upstream version.
Bug: 134177972
Test: Device boots up and connects to WPA3/OWE wifi networks, run traffic.
Test: Able to turn on/off softap, associate wifi STA, run traffic.
Test: Regression test passed (Bug: 137653009)
Change-Id: Ie34a0138a3a2039b03101c788b43acbb33f8332a
diff --git a/wpa_supplicant/Android.mk b/wpa_supplicant/Android.mk
index b63ab39..6c12414 100644
--- a/wpa_supplicant/Android.mk
+++ b/wpa_supplicant/Android.mk
@@ -273,6 +273,7 @@
OBJS += src/common/sae.c
NEED_ECC=y
NEED_DH_GROUPS=y
+NEED_DRAGONFLY=y
endif
ifdef CONFIG_DPP
@@ -673,6 +674,23 @@
NEED_T_PRF=y
endif
+ifdef CONFIG_EAP_TEAP
+# EAP-TEAP
+ifeq ($(CONFIG_EAP_TEAP), dyn)
+L_CFLAGS += -DEAP_YEAP_DYNAMIC
+EAPDYN += src/eap_peer/eap_teap.so
+EAPDYN += src/eap_common/eap_teap_common.c
+else
+L_CFLAGS += -DEAP_TEAP
+OBJS += src/eap_peer/eap_teap.c src/eap_peer/eap_teap_pac.c
+OBJS += src/eap_common/eap_teap_common.c
+endif
+TLS_FUNCS=y
+CONFIG_IEEE8021X_EAPOL=y
+NEED_T_PRF=y
+NEED_SHA384=y
+endif
+
ifdef CONFIG_EAP_PAX
# EAP-PAX
ifeq ($(CONFIG_EAP_PAX), dyn)
@@ -720,6 +738,7 @@
CONFIG_IEEE8021X_EAPOL=y
NEED_SHA256=y
NEED_ECC=y
+NEED_DRAGONFLY=y
endif
ifdef CONFIG_EAP_EKE
@@ -1009,6 +1028,10 @@
L_CFLAGS += -DCONFIG_SMARTCARD
endif
+ifdef NEED_DRAGONFLY
+OBJS += src/common/dragonfly.c
+endif
+
ifdef MS_FUNCS
OBJS += src/crypto/ms_funcs.c
NEED_DES=y
diff --git a/wpa_supplicant/ChangeLog b/wpa_supplicant/ChangeLog
index bf4daaa..89119e7 100644
--- a/wpa_supplicant/ChangeLog
+++ b/wpa_supplicant/ChangeLog
@@ -1,5 +1,74 @@
ChangeLog for wpa_supplicant
+2019-04-21 - v2.8
+ * SAE changes
+ - added support for SAE Password Identifier
+ - changed default configuration to enable only groups 19, 20, 21
+ (i.e., disable groups 25 and 26) and disable all unsuitable groups
+ completely based on REVmd changes
+ - do not regenerate PWE unnecessarily when the AP uses the
+ anti-clogging token mechanisms
+ - fixed some association cases where both SAE and FT-SAE were enabled
+ on both the station and the selected AP
+ - started to prefer FT-SAE over SAE AKM if both are enabled
+ - started to prefer FT-SAE over FT-PSK if both are enabled
+ - fixed FT-SAE when SAE PMKSA caching is used
+ - reject use of unsuitable groups based on new implementation guidance
+ in REVmd (allow only FFC groups with prime >= 3072 bits and ECC
+ groups with prime >= 256)
+ - minimize timing and memory use differences in PWE derivation
+ [https://w1.fi/security/2019-1/] (CVE-2019-9494)
+ * EAP-pwd changes
+ - minimize timing and memory use differences in PWE derivation
+ [https://w1.fi/security/2019-2/] (CVE-2019-9495)
+ - verify server scalar/element
+ [https://w1.fi/security/2019-4/] (CVE-2019-9499)
+ - fix message reassembly issue with unexpected fragment
+ [https://w1.fi/security/2019-5/]
+ - enforce rand,mask generation rules more strictly
+ - fix a memory leak in PWE derivation
+ - disallow ECC groups with a prime under 256 bits (groups 25, 26, and
+ 27)
+ * fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y
+ * Hotspot 2.0 changes
+ - do not indicate release number that is higher than the one
+ AP supports
+ - added support for release number 3
+ - enable PMF automatically for network profiles created from
+ credentials
+ * fixed OWE network profile saving
+ * fixed DPP network profile saving
+ * added support for RSN operating channel validation
+ (CONFIG_OCV=y and network profile parameter ocv=1)
+ * added Multi-AP backhaul STA support
+ * fixed build with LibreSSL
+ * number of MKA/MACsec fixes and extensions
+ * extended domain_match and domain_suffix_match to allow list of values
+ * fixed dNSName matching in domain_match and domain_suffix_match when
+ using wolfSSL
+ * started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both
+ are enabled
+ * extended nl80211 Connect and external authentication to support
+ SAE, FT-SAE, FT-EAP-SHA384
+ * fixed KEK2 derivation for FILS+FT
+ * extended client_cert file to allow loading of a chain of PEM
+ encoded certificates
+ * extended beacon reporting functionality
+ * extended D-Bus interface with number of new properties
+ * fixed a regression in FT-over-DS with mac80211-based drivers
+ * OpenSSL: allow systemwide policies to be overridden
+ * extended driver flags indication for separate 802.1X and PSK
+ 4-way handshake offload capability
+ * added support for random P2P Device/Interface Address use
+ * extended PEAP to derive EMSK to enable use with ERP/FILS
+ * extended WPS to allow SAE configuration to be added automatically
+ for PSK (wps_cred_add_sae=1)
+ * removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS)
+ * extended domain_match and domain_suffix_match to allow list of values
+ * added a RSN workaround for misbehaving PMF APs that advertise
+ IGTK/BIP KeyID using incorrect byte order
+ * fixed PTK rekeying with FILS and FT
+
2018-12-02 - v2.7
* fixed WPA packet number reuse with replayed messages and key
reinstallation
diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
index e81238e..f1384d5 100644
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@@ -275,6 +275,7 @@
OBJS += ../src/common/sae.o
NEED_ECC=y
NEED_DH_GROUPS=y
+NEED_DRAGONFLY=y
endif
ifdef CONFIG_DPP
@@ -670,6 +671,23 @@
NEED_T_PRF=y
endif
+ifdef CONFIG_EAP_TEAP
+# EAP-TEAP
+ifeq ($(CONFIG_EAP_TEAP), dyn)
+CFLAGS += -DEAP_TEAP_DYNAMIC
+EAPDYN += ../src/eap_peer/eap_teap.so
+EAPDYN += ../src/eap_common/eap_teap_common.o
+else
+CFLAGS += -DEAP_TEAP
+OBJS += ../src/eap_peer/eap_teap.o ../src/eap_peer/eap_teap_pac.o
+OBJS += ../src/eap_common/eap_teap_common.o
+endif
+TLS_FUNCS=y
+CONFIG_IEEE8021X_EAPOL=y
+NEED_T_PRF=y
+NEED_SHA384=y
+endif
+
ifdef CONFIG_EAP_PAX
# EAP-PAX
ifeq ($(CONFIG_EAP_PAX), dyn)
@@ -720,6 +738,7 @@
CONFIG_IEEE8021X_EAPOL=y
NEED_SHA256=y
NEED_ECC=y
+NEED_DRAGONFLY=y
endif
ifdef CONFIG_EAP_EKE
@@ -858,6 +877,9 @@
OBJS += ../src/pae/ieee802_1x_kay.o
OBJS += ../src/pae/ieee802_1x_key.o
OBJS += ../src/pae/ieee802_1x_secy_ops.o
+ifdef CONFIG_AP
+OBJS += ../src/ap/wpa_auth_kay.o
+endif
endif
ifdef CONFIG_IEEE8021X_EAPOL
@@ -1023,6 +1045,10 @@
CFLAGS += -DCONFIG_SMARTCARD
endif
+ifdef NEED_DRAGONFLY
+OBJS += ../src/common/dragonfly.o
+endif
+
ifdef MS_FUNCS
OBJS += ../src/crypto/ms_funcs.o
NEED_DES=y
@@ -1035,7 +1061,8 @@
ifdef TLS_FUNCS
NEED_DES=y
-# Shared TLS functions (needed for EAP_TLS, EAP_PEAP, EAP_TTLS, and EAP_FAST)
+# Shared TLS functions (needed for EAP_TLS, EAP_PEAP, EAP_TTLS, EAP_FAST, and
+# EAP_TEAP)
OBJS += ../src/eap_peer/eap_tls_common.o
ifndef CONFIG_FIPS
NEED_TLS_PRF=y
diff --git a/wpa_supplicant/README-DPP b/wpa_supplicant/README-DPP
index 6496733..dcc15f1 100644
--- a/wpa_supplicant/README-DPP
+++ b/wpa_supplicant/README-DPP
@@ -100,7 +100,7 @@
Generate QR code for the device. Store the qr code id returned by the
command.
-> dpp_bootstrap_gen type=qrcode mac=<mac-address-of-device> chan=<operating-channel> key=<key of the device>
+> dpp_bootstrap_gen type=qrcode mac=<mac-address-of-device> chan=<operating-class/operating-channel> key=<key of the device>
(returns bootstrapping info id)
Get QR Code of device using the bootstrap info id.
diff --git a/wpa_supplicant/ap.c b/wpa_supplicant/ap.c
index 4e19169..4e3c281 100644
--- a/wpa_supplicant/ap.c
+++ b/wpa_supplicant/ap.c
@@ -67,7 +67,7 @@
if (!ssid->p2p_group) {
if (!ssid->vht_center_freq1 ||
- conf->vht_oper_chwidth == VHT_CHANWIDTH_USE_HT)
+ conf->vht_oper_chwidth == CHANWIDTH_USE_HT)
goto no_vht;
ieee80211_freq_to_chan(ssid->vht_center_freq1,
&conf->vht_oper_centr_freq_seg0_idx);
@@ -78,14 +78,14 @@
#ifdef CONFIG_P2P
switch (conf->vht_oper_chwidth) {
- case VHT_CHANWIDTH_80MHZ:
- case VHT_CHANWIDTH_80P80MHZ:
+ case CHANWIDTH_80MHZ:
+ case CHANWIDTH_80P80MHZ:
center_chan = wpas_p2p_get_vht80_center(wpa_s, mode, channel);
wpa_printf(MSG_DEBUG,
"VHT center channel %u for 80 or 80+80 MHz bandwidth",
center_chan);
break;
- case VHT_CHANWIDTH_160MHZ:
+ case CHANWIDTH_160MHZ:
center_chan = wpas_p2p_get_vht160_center(wpa_s, mode, channel);
wpa_printf(MSG_DEBUG,
"VHT center channel %u for 160 MHz bandwidth",
@@ -97,14 +97,14 @@
* try oper_cwidth 160 MHz first then VHT 80 MHz, if 160 MHz is
* not supported.
*/
- conf->vht_oper_chwidth = VHT_CHANWIDTH_160MHZ;
+ conf->vht_oper_chwidth = CHANWIDTH_160MHZ;
center_chan = wpas_p2p_get_vht160_center(wpa_s, mode, channel);
if (center_chan) {
wpa_printf(MSG_DEBUG,
"VHT center channel %u for auto-selected 160 MHz bandwidth",
center_chan);
} else {
- conf->vht_oper_chwidth = VHT_CHANWIDTH_80MHZ;
+ conf->vht_oper_chwidth = CHANWIDTH_80MHZ;
center_chan = wpas_p2p_get_vht80_center(wpa_s, mode,
channel);
wpa_printf(MSG_DEBUG,
@@ -128,7 +128,7 @@
conf->channel);
conf->vht_oper_centr_freq_seg0_idx =
conf->channel + conf->secondary_channel * 2;
- conf->vht_oper_chwidth = VHT_CHANWIDTH_USE_HT;
+ conf->vht_oper_chwidth = CHANWIDTH_USE_HT;
}
#endif /* CONFIG_IEEE80211N */
@@ -239,6 +239,11 @@
conf->vht_capab |= mode->vht_capab;
wpas_conf_ap_vht(wpa_s, ssid, conf, mode);
}
+
+ if (mode->he_capab[wpas_mode_to_ieee80211_mode(
+ ssid->mode)].he_supported &&
+ ssid->he)
+ conf->ieee80211ax = 1;
}
}
@@ -1387,7 +1392,7 @@
void wpas_ap_ch_switch(struct wpa_supplicant *wpa_s, int freq, int ht,
- int offset, int width, int cf1, int cf2)
+ int offset, int width, int cf1, int cf2, int finished)
{
struct hostapd_iface *iface = wpa_s->ap_iface;
@@ -1399,7 +1404,7 @@
if (wpa_s->current_ssid)
wpa_s->current_ssid->frequency = freq;
hostapd_event_ch_switch(iface->bss[0], freq, ht,
- offset, width, cf1, cf2);
+ offset, width, cf1, cf2, finished);
}
diff --git a/wpa_supplicant/ap.h b/wpa_supplicant/ap.h
index 447b551..6c6e94c 100644
--- a/wpa_supplicant/ap.h
+++ b/wpa_supplicant/ap.h
@@ -54,7 +54,7 @@
struct csa_settings *settings);
int ap_ctrl_iface_chanswitch(struct wpa_supplicant *wpa_s, const char *txtaddr);
void wpas_ap_ch_switch(struct wpa_supplicant *wpa_s, int freq, int ht,
- int offset, int width, int cf1, int cf2);
+ int offset, int width, int cf1, int cf2, int finished);
struct wpabuf * wpas_ap_wps_nfc_config_token(struct wpa_supplicant *wpa_s,
int ndef);
#ifdef CONFIG_AP
diff --git a/wpa_supplicant/bss.c b/wpa_supplicant/bss.c
index 9b19f37..441529c 100644
--- a/wpa_supplicant/bss.c
+++ b/wpa_supplicant/bss.c
@@ -431,6 +431,7 @@
struct os_reltime *fetch_time)
{
struct wpa_bss *bss;
+ char extra[50];
bss = os_zalloc(sizeof(*bss) + res->ie_len + res->beacon_ie_len);
if (bss == NULL)
@@ -456,10 +457,15 @@
dl_list_add_tail(&wpa_s->bss, &bss->list);
dl_list_add_tail(&wpa_s->bss_id, &bss->list_id);
wpa_s->num_bss++;
+ if (!is_zero_ether_addr(bss->hessid))
+ os_snprintf(extra, sizeof(extra), " HESSID " MACSTR,
+ MAC2STR(bss->hessid));
+ else
+ extra[0] = '\0';
wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Add new id %u BSSID " MACSTR
- " SSID '%s' freq %d",
+ " SSID '%s' freq %d%s",
bss->id, MAC2STR(bss->bssid), wpa_ssid_txt(ssid, ssid_len),
- bss->freq);
+ bss->freq, extra);
wpas_notify_bss_added(wpa_s, bss->bssid, bss->id);
return bss;
}
diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
index a7ca41c..2895dc8 100644
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
@@ -2240,8 +2240,8 @@
{ INT_RANGE(ht, 0, 1) },
{ INT_RANGE(vht, 0, 1) },
{ INT_RANGE(ht40, -1, 1) },
- { INT_RANGE(max_oper_chwidth, VHT_CHANWIDTH_USE_HT,
- VHT_CHANWIDTH_80P80MHZ) },
+ { INT_RANGE(max_oper_chwidth, CHANWIDTH_USE_HT,
+ CHANWIDTH_80P80MHZ) },
{ INT(vht_center_freq1) },
{ INT(vht_center_freq2) },
#ifdef IEEE8021X_EAPOL
@@ -2407,6 +2407,7 @@
{ INT_RANGE(owe_group, 0, 65535) },
{ INT_RANGE(owe_only, 0, 1) },
{ INT_RANGE(multi_ap_backhaul_sta, 0, 1) },
+ { INT_RANGE(ft_eap_pmksa_caching, 0, 1) },
};
#undef OFFSET
@@ -4868,6 +4869,9 @@
{ INT_RANGE(dpp_config_processing, 0, 2), 0 },
{ INT_RANGE(coloc_intf_reporting, 0, 1), 0 },
{ INT_RANGE(bss_no_flush_when_down, 0, 1), 0 },
+#ifdef CONFIG_WNM
+ { INT_RANGE(disable_btm, 0, 1), CFG_CHANGED_DISABLE_BTM },
+#endif /* CONFIG_WNM */
};
#undef FUNC
diff --git a/wpa_supplicant/config.h b/wpa_supplicant/config.h
index 95817ff..46ab9ca 100644
--- a/wpa_supplicant/config.h
+++ b/wpa_supplicant/config.h
@@ -374,6 +374,7 @@
#define CFG_CHANGED_P2P_PASSPHRASE_LEN BIT(16)
#define CFG_CHANGED_SCHED_SCAN_PLANS BIT(17)
#define CFG_CHANGED_WOWLAN_TRIGGERS BIT(18)
+#define CFG_CHANGED_DISABLE_BTM BIT(19)
/**
* struct wpa_config - wpa_supplicant configuration data
@@ -1535,6 +1536,15 @@
* 1 = Do not flush BSS entries when the interface becomes disabled
*/
int bss_no_flush_when_down;
+
+ /**
+ * disable_btm - Disable BSS transition management in STA
+ * - Set to 0 to enable BSS transition management
+ * - Set to 1 to disable BSS transition management
+ *
+ * By default BSS transition management is enabled
+ */
+ int disable_btm;
};
diff --git a/wpa_supplicant/config_file.c b/wpa_supplicant/config_file.c
index 2c6035c..6fc18ba 100644
--- a/wpa_supplicant/config_file.c
+++ b/wpa_supplicant/config_file.c
@@ -894,6 +894,7 @@
INT(owe_group);
INT(owe_only);
INT(multi_ap_backhaul_sta);
+ INT(ft_eap_pmksa_caching);
#ifdef CONFIG_HT_OVERRIDES
INT_DEF(disable_ht, DEFAULT_DISABLE_HT);
INT_DEF(disable_ht40, DEFAULT_DISABLE_HT40);
@@ -1547,7 +1548,8 @@
if (config->bss_no_flush_when_down)
fprintf(f, "bss_no_flush_when_down=%d\n",
config->bss_no_flush_when_down);
-
+ if (config->disable_btm)
+ fprintf(f, "disable_btm=1\n");
}
#endif /* CONFIG_NO_CONFIG_WRITE */
diff --git a/wpa_supplicant/config_ssid.h b/wpa_supplicant/config_ssid.h
index 1b2b1f1..6fd3a01 100644
--- a/wpa_supplicant/config_ssid.h
+++ b/wpa_supplicant/config_ssid.h
@@ -13,7 +13,6 @@
#include "utils/list.h"
#include "eap_peer/eap_config.h"
-
#define DEFAULT_EAP_WORKAROUND ((unsigned int) -1)
#define DEFAULT_EAPOL_FLAGS (EAPOL_FLAG_REQUIRE_KEY_UNICAST | \
EAPOL_FLAG_REQUIRE_KEY_BROADCAST)
@@ -49,6 +48,39 @@
};
/**
+ * mode - IEEE 802.11 operation mode (Infrastucture/IBSS)
+ *
+ * 0 = infrastructure (Managed) mode, i.e., associate with an AP.
+ *
+ * 1 = IBSS (ad-hoc, peer-to-peer)
+ *
+ * 2 = AP (access point)
+ *
+ * 3 = P2P Group Owner (can be set in the configuration file)
+ *
+ * 4 = P2P Group Formation (used internally; not in configuration
+ * files)
+ *
+ * 5 = Mesh
+ *
+ * Note: IBSS can only be used with key_mgmt NONE (plaintext and static
+ * WEP) and WPA-PSK (with proto=RSN). In addition, key_mgmt=WPA-NONE
+ * (fixed group key TKIP/CCMP) is available for backwards compatibility,
+ * but its use is deprecated. WPA-None requires following network block
+ * options: proto=WPA, key_mgmt=WPA-NONE, pairwise=NONE, group=TKIP (or
+ * CCMP, but not both), and psk must also be set (either directly or
+ * using ASCII passphrase).
+ */
+enum wpas_mode {
+ WPAS_MODE_INFRA = 0,
+ WPAS_MODE_IBSS = 1,
+ WPAS_MODE_AP = 2,
+ WPAS_MODE_P2P_GO = 3,
+ WPAS_MODE_P2P_GROUP_FORMATION = 4,
+ WPAS_MODE_MESH = 5,
+};
+
+/**
* struct wpa_ssid - Network configuration data
*
* This structure includes all the configuration variables for a network. This
@@ -394,14 +426,7 @@
* CCMP, but not both), and psk must also be set (either directly or
* using ASCII passphrase).
*/
- enum wpas_mode {
- WPAS_MODE_INFRA = 0,
- WPAS_MODE_IBSS = 1,
- WPAS_MODE_AP = 2,
- WPAS_MODE_P2P_GO = 3,
- WPAS_MODE_P2P_GROUP_FORMATION = 4,
- WPAS_MODE_MESH = 5,
- } mode;
+ enum wpas_mode mode;
/**
* pbss - Whether to use PBSS. Relevant to DMG networks only.
@@ -1005,6 +1030,16 @@
* 1 = Multi-AP backhaul station
*/
int multi_ap_backhaul_sta;
+
+ /**
+ * ft_eap_pmksa_caching - Whether FT-EAP PMKSA caching is allowed
+ * 0 = do not try to use PMKSA caching with FT-EAP
+ * 1 = try to use PMKSA caching with FT-EAP
+ *
+ * This controls whether to try to use PMKSA caching with FT-EAP for the
+ * FT initial mobility domain association.
+ */
+ int ft_eap_pmksa_caching;
};
#endif /* CONFIG_SSID_H */
diff --git a/wpa_supplicant/config_winreg.c b/wpa_supplicant/config_winreg.c
index 6328e91..3ea5c80 100644
--- a/wpa_supplicant/config_winreg.c
+++ b/wpa_supplicant/config_winreg.c
@@ -946,6 +946,7 @@
INT(update_identifier);
#endif /* CONFIG_HS20 */
INT(group_rekey);
+ INT(ft_eap_pmksa_caching);
#undef STR
#undef INT
diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index 198ac56..8efc08d 100644
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -8,10 +8,10 @@
#include "utils/includes.h"
#ifdef CONFIG_TESTING_OPTIONS
-#include <net/ethernet.h>
#include <netinet/ip.h>
#endif /* CONFIG_TESTING_OPTIONS */
+#include <net/ethernet.h>
#include "utils/common.h"
#include "utils/eloop.h"
#include "utils/uuid.h"
@@ -3129,6 +3129,49 @@
return wpas_mesh_peer_add(wpa_s, addr, duration);
}
+
+static int wpa_supplicant_ctrl_iface_mesh_link_probe(
+ struct wpa_supplicant *wpa_s, char *cmd)
+{
+ struct ether_header *eth;
+ u8 addr[ETH_ALEN];
+ u8 *buf;
+ char *pos;
+ size_t payload_len = 0, len;
+ int ret = -1;
+
+ if (hwaddr_aton(cmd, addr))
+ return -1;
+
+ pos = os_strstr(cmd, " payload=");
+ if (pos) {
+ pos = pos + 9;
+ payload_len = os_strlen(pos);
+ if (payload_len & 1)
+ return -1;
+
+ payload_len /= 2;
+ }
+
+ len = ETH_HLEN + payload_len;
+ buf = os_malloc(len);
+ if (!buf)
+ return -1;
+
+ eth = (struct ether_header *) buf;
+ os_memcpy(eth->ether_dhost, addr, ETH_ALEN);
+ os_memcpy(eth->ether_shost, wpa_s->own_addr, ETH_ALEN);
+ eth->ether_type = htons(ETH_P_802_3);
+
+ if (payload_len && hexstr2bin(pos, buf + ETH_HLEN, payload_len) < 0)
+ goto fail;
+
+ ret = wpa_drv_mesh_link_probe(wpa_s, addr, buf, len);
+fail:
+ os_free(buf);
+ return -ret;
+}
+
#endif /* CONFIG_MESH */
@@ -5548,17 +5591,17 @@
if (freq2 < 0)
return -1;
if (freq2)
- return VHT_CHANWIDTH_80P80MHZ;
+ return CHANWIDTH_80P80MHZ;
switch (chwidth) {
case 0:
case 20:
case 40:
- return VHT_CHANWIDTH_USE_HT;
+ return CHANWIDTH_USE_HT;
case 80:
- return VHT_CHANWIDTH_80MHZ;
+ return CHANWIDTH_80MHZ;
case 160:
- return VHT_CHANWIDTH_160MHZ;
+ return CHANWIDTH_160MHZ;
default:
wpa_printf(MSG_DEBUG, "Unknown max oper bandwidth: %d",
chwidth);
@@ -9583,59 +9626,10 @@
return -1;
}
- if (!enable) {
- wpas_mac_addr_rand_scan_clear(wpa_s, type);
- if (wpa_s->pno) {
- if (type & MAC_ADDR_RAND_PNO) {
- wpas_stop_pno(wpa_s);
- wpas_start_pno(wpa_s);
- }
- } else if (wpa_s->sched_scanning &&
- (type & MAC_ADDR_RAND_SCHED_SCAN)) {
- wpas_scan_restart_sched_scan(wpa_s);
- }
- return 0;
- }
+ if (!enable)
+ return wpas_disable_mac_addr_randomization(wpa_s, type);
- if ((addr && !mask) || (!addr && mask)) {
- wpa_printf(MSG_INFO,
- "CTRL: MAC_RAND_SCAN invalid addr/mask combination");
- return -1;
- }
-
- if (addr && mask && (!(mask[0] & 0x01) || (addr[0] & 0x01))) {
- wpa_printf(MSG_INFO,
- "CTRL: MAC_RAND_SCAN cannot allow multicast address");
- return -1;
- }
-
- if (type & MAC_ADDR_RAND_SCAN) {
- if (wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_SCAN,
- addr, mask))
- return -1;
- }
-
- if (type & MAC_ADDR_RAND_SCHED_SCAN) {
- if (wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_SCHED_SCAN,
- addr, mask))
- return -1;
-
- if (wpa_s->sched_scanning && !wpa_s->pno)
- wpas_scan_restart_sched_scan(wpa_s);
- }
-
- if (type & MAC_ADDR_RAND_PNO) {
- if (wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_PNO,
- addr, mask))
- return -1;
-
- if (wpa_s->pno) {
- wpas_stop_pno(wpa_s);
- wpas_start_pno(wpa_s);
- }
- }
-
- return 0;
+ return wpas_enable_mac_addr_randomization(wpa_s, type, addr, mask);
}
@@ -10171,6 +10165,9 @@
} else if (os_strncmp(buf, "MESH_PEER_ADD ", 14) == 0) {
if (wpa_supplicant_ctrl_iface_mesh_peer_add(wpa_s, buf + 14))
reply_len = -1;
+ } else if (os_strncmp(buf, "MESH_LINK_PROBE ", 16) == 0) {
+ if (wpa_supplicant_ctrl_iface_mesh_link_probe(wpa_s, buf + 16))
+ reply_len = -1;
#endif /* CONFIG_MESH */
#ifdef CONFIG_P2P
} else if (os_strncmp(buf, "P2P_FIND ", 9) == 0) {
@@ -10745,6 +10742,16 @@
} else if (os_strncmp(buf, "DPP_PKEX_REMOVE ", 16) == 0) {
if (wpas_dpp_pkex_remove(wpa_s, buf + 16) < 0)
reply_len = -1;
+#ifdef CONFIG_DPP2
+ } else if (os_strncmp(buf, "DPP_CONTROLLER_START ", 21) == 0) {
+ if (wpas_dpp_controller_start(wpa_s, buf + 20) < 0)
+ reply_len = -1;
+ } else if (os_strcmp(buf, "DPP_CONTROLLER_START") == 0) {
+ if (wpas_dpp_controller_start(wpa_s, NULL) < 0)
+ reply_len = -1;
+ } else if (os_strcmp(buf, "DPP_CONTROLLER_STOP") == 0) {
+ dpp_controller_stop(wpa_s->dpp);
+#endif /* CONFIG_DPP2 */
#endif /* CONFIG_DPP */
} else {
os_memcpy(reply, "UNKNOWN COMMAND\n", 16);
diff --git a/wpa_supplicant/dbus/dbus_new_helpers.c b/wpa_supplicant/dbus/dbus_new_helpers.c
index 0115e32..d80e2d4 100644
--- a/wpa_supplicant/dbus/dbus_new_helpers.c
+++ b/wpa_supplicant/dbus/dbus_new_helpers.c
@@ -98,6 +98,7 @@
dbus_error_init(&error);
if (!fill_dict_with_properties(&dict_iter, obj_dsc->properties,
interface, obj_dsc->user_data, &error)) {
+ wpa_dbus_dict_close_write(&iter, &dict_iter);
dbus_message_unref(reply);
reply = wpas_dbus_reply_new_from_error(
message, &error, DBUS_ERROR_INVALID_ARGS,
@@ -930,6 +931,7 @@
dbus_error_is_set(&error) ? error.name : "none",
dbus_error_is_set(&error) ? error.message : "none");
dbus_error_free(&error);
+ wpa_dbus_dict_close_write(iter, &dict_iter);
return FALSE;
}
diff --git a/wpa_supplicant/defconfig b/wpa_supplicant/defconfig
index 88cd790..cdfb197 100644
--- a/wpa_supplicant/defconfig
+++ b/wpa_supplicant/defconfig
@@ -111,6 +111,16 @@
# EAP-FAST
CONFIG_EAP_FAST=y
+# EAP-TEAP
+# Note: The current EAP-TEAP implementation is experimental and should not be
+# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
+# of conflicting statements and missing details and the implementation has
+# vendor specific workarounds for those and as such, may not interoperate with
+# any other implementation. This should not be used for anything else than
+# experimentation and interoperability testing until those issues has been
+# resolved.
+#CONFIG_EAP_TEAP=y
+
# EAP-GTC
CONFIG_EAP_GTC=y
@@ -120,6 +130,9 @@
# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
#CONFIG_EAP_SIM=y
+# Enable SIM simulator (Milenage) for EAP-SIM
+#CONFIG_SIM_SIMULATOR=y
+
# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
#CONFIG_EAP_PSK=y
diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c
index 8a9e444..30ef5db 100644
--- a/wpa_supplicant/dpp_supplicant.c
+++ b/wpa_supplicant/dpp_supplicant.c
@@ -11,6 +11,7 @@
#include "utils/common.h"
#include "utils/eloop.h"
+#include "utils/ip_addr.h"
#include "common/dpp.h"
#include "common/gas.h"
#include "common/gas_server.h"
@@ -436,8 +437,15 @@
{
const char *pos;
struct dpp_bootstrap_info *peer_bi, *own_bi = NULL;
+ struct dpp_authentication *auth;
u8 allowed_roles = DPP_CAPAB_CONFIGURATOR;
unsigned int neg_freq = 0;
+ int tcp = 0;
+#ifdef CONFIG_DPP2
+ int tcp_port = DPP_TCP_PORT;
+ struct hostapd_ip_addr ipaddr;
+ char *addr;
+#endif /* CONFIG_DPP2 */
wpa_s->dpp_gas_client = 0;
@@ -452,6 +460,25 @@
return -1;
}
+#ifdef CONFIG_DPP2
+ pos = os_strstr(cmd, " tcp_port=");
+ if (pos) {
+ pos += 10;
+ tcp_port = atoi(pos);
+ }
+
+ addr = get_param(cmd, " tcp_addr=");
+ if (addr) {
+ int res;
+
+ res = hostapd_parse_ip_addr(addr, &ipaddr);
+ os_free(addr);
+ if (res)
+ return -1;
+ tcp = 1;
+ }
+#endif /* CONFIG_DPP2 */
+
pos = os_strstr(cmd, " own=");
if (pos) {
pos += 5;
@@ -494,32 +521,37 @@
if (pos)
neg_freq = atoi(pos + 10);
- if (wpa_s->dpp_auth) {
+ if (!tcp && wpa_s->dpp_auth) {
eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s,
NULL);
offchannel_send_action_done(wpa_s);
dpp_auth_deinit(wpa_s->dpp_auth);
- }
- wpa_s->dpp_auth = dpp_auth_init(wpa_s, peer_bi, own_bi, allowed_roles,
- neg_freq,
- wpa_s->hw.modes, wpa_s->hw.num_modes);
- if (!wpa_s->dpp_auth)
- goto fail;
- wpas_dpp_set_testing_options(wpa_s, wpa_s->dpp_auth);
- if (dpp_set_configurator(wpa_s->dpp, wpa_s, wpa_s->dpp_auth, cmd) < 0) {
- dpp_auth_deinit(wpa_s->dpp_auth);
wpa_s->dpp_auth = NULL;
+ }
+
+ auth = dpp_auth_init(wpa_s, peer_bi, own_bi, allowed_roles, neg_freq,
+ wpa_s->hw.modes, wpa_s->hw.num_modes);
+ if (!auth)
+ goto fail;
+ wpas_dpp_set_testing_options(wpa_s, auth);
+ if (dpp_set_configurator(wpa_s->dpp, wpa_s, auth, cmd) < 0) {
+ dpp_auth_deinit(auth);
goto fail;
}
- wpa_s->dpp_auth->neg_freq = neg_freq;
+ auth->neg_freq = neg_freq;
if (!is_zero_ether_addr(peer_bi->mac_addr))
- os_memcpy(wpa_s->dpp_auth->peer_mac_addr, peer_bi->mac_addr,
- ETH_ALEN);
+ os_memcpy(auth->peer_mac_addr, peer_bi->mac_addr, ETH_ALEN);
+#ifdef CONFIG_DPP2
+ if (tcp)
+ return dpp_tcp_init(wpa_s->dpp, auth, &ipaddr, tcp_port);
+#endif /* CONFIG_DPP2 */
+
+ wpa_s->dpp_auth = auth;
return wpas_dpp_auth_init_next(wpa_s);
fail:
return -1;
@@ -1283,6 +1315,15 @@
eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout, wpa_s, NULL);
}
+
+static int wpas_dpp_process_conf_obj(void *ctx,
+ struct dpp_authentication *auth)
+{
+ struct wpa_supplicant *wpa_s = ctx;
+
+ return wpas_dpp_handle_config_obj(wpa_s, auth);
+}
+
#endif /* CONFIG_DPP2 */
@@ -2213,6 +2254,7 @@
int wpas_dpp_init(struct wpa_supplicant *wpa_s)
{
+ struct dpp_global_config config;
u8 adv_proto_id[7];
adv_proto_id[0] = WLAN_EID_VENDOR_SPECIFIC;
@@ -2225,7 +2267,14 @@
sizeof(adv_proto_id), wpas_dpp_gas_req_handler,
wpas_dpp_gas_status_handler, wpa_s) < 0)
return -1;
- wpa_s->dpp = dpp_global_init();
+
+ os_memset(&config, 0, sizeof(config));
+ config.msg_ctx = wpa_s;
+ config.cb_ctx = wpa_s;
+#ifdef CONFIG_DPP2
+ config.process_conf_obj = wpas_dpp_process_conf_obj;
+#endif /* CONFIG_DPP2 */
+ wpa_s->dpp = dpp_global_init(&config);
return wpa_s->dpp ? 0 : -1;
}
@@ -2261,3 +2310,23 @@
os_free(wpa_s->dpp_configurator_params);
wpa_s->dpp_configurator_params = NULL;
}
+
+
+#ifdef CONFIG_DPP2
+int wpas_dpp_controller_start(struct wpa_supplicant *wpa_s, const char *cmd)
+{
+ struct dpp_controller_config config;
+ const char *pos;
+
+ os_memset(&config, 0, sizeof(config));
+ if (cmd) {
+ pos = os_strstr(cmd, " tcp_port=");
+ if (pos) {
+ pos += 10;
+ config.tcp_port = atoi(pos);
+ }
+ }
+ config.configurator_params = wpa_s->dpp_configurator_params;
+ return dpp_controller_start(wpa_s->dpp, &config);
+}
+#endif /* CONFIG_DPP2 */
diff --git a/wpa_supplicant/dpp_supplicant.h b/wpa_supplicant/dpp_supplicant.h
index ecb7a7d..9ba315f 100644
--- a/wpa_supplicant/dpp_supplicant.h
+++ b/wpa_supplicant/dpp_supplicant.h
@@ -25,5 +25,6 @@
void wpas_dpp_deinit(struct wpa_supplicant *wpa_s);
int wpas_dpp_check_connect(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
struct wpa_bss *bss);
+int wpas_dpp_controller_start(struct wpa_supplicant *wpa_s, const char *cmd);
#endif /* DPP_SUPPLICANT_H */
diff --git a/wpa_supplicant/driver_i.h b/wpa_supplicant/driver_i.h
index 4a9f472..cf9972a 100644
--- a/wpa_supplicant/driver_i.h
+++ b/wpa_supplicant/driver_i.h
@@ -87,6 +87,16 @@
return -1;
}
+static inline int wpa_drv_mesh_link_probe(struct wpa_supplicant *wpa_s,
+ const u8 *addr,
+ const u8 *eth, size_t len)
+{
+ if (wpa_s->driver->probe_mesh_link)
+ return wpa_s->driver->probe_mesh_link(wpa_s->drv_priv, addr,
+ eth, len);
+ return -1;
+}
+
static inline int wpa_drv_scan(struct wpa_supplicant *wpa_s,
struct wpa_driver_scan_params *params)
{
@@ -168,7 +178,7 @@
}
static inline int wpa_drv_sta_deauth(struct wpa_supplicant *wpa_s,
- const u8 *addr, int reason_code)
+ const u8 *addr, u16 reason_code)
{
if (wpa_s->driver->sta_deauth) {
return wpa_s->driver->sta_deauth(wpa_s->drv_priv,
@@ -179,7 +189,7 @@
}
static inline int wpa_drv_deauthenticate(struct wpa_supplicant *wpa_s,
- const u8 *addr, int reason_code)
+ const u8 *addr, u16 reason_code)
{
if (wpa_s->driver->deauthenticate) {
return wpa_s->driver->deauthenticate(wpa_s->drv_priv, addr,
diff --git a/wpa_supplicant/eap_register.c b/wpa_supplicant/eap_register.c
index ece5716..3f018c4 100644
--- a/wpa_supplicant/eap_register.c
+++ b/wpa_supplicant/eap_register.c
@@ -102,6 +102,11 @@
ret = eap_peer_fast_register();
#endif /* EAP_FAST */
+#ifdef EAP_TEAP
+ if (ret == 0)
+ ret = eap_peer_teap_register();
+#endif /* EAP_TEAP */
+
#ifdef EAP_PAX
if (ret == 0)
ret = eap_peer_pax_register();
@@ -237,6 +242,11 @@
ret = eap_server_fast_register();
#endif /* EAP_SERVER_FAST */
+#ifdef EAP_SERVER_TEAP
+ if (ret == 0)
+ ret = eap_server_teap_register();
+#endif /* EAP_SERVER_TEAP */
+
#ifdef EAP_SERVER_WSC
if (ret == 0)
ret = eap_server_wsc_register();
diff --git a/wpa_supplicant/eapol_test.c b/wpa_supplicant/eapol_test.c
index 3fd4ce6..524724f 100644
--- a/wpa_supplicant/eapol_test.c
+++ b/wpa_supplicant/eapol_test.c
@@ -15,6 +15,7 @@
#include "common.h"
#include "utils/ext_password.h"
#include "common/version.h"
+#include "crypto/tls.h"
#include "config.h"
#include "eapol_supp/eapol_supp_sm.h"
#include "eap_peer/eap.h"
@@ -497,45 +498,40 @@
#endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
-static void eapol_test_cert_cb(void *ctx, int depth, const char *subject,
- const char *altsubject[], int num_altsubject,
- const char *cert_hash,
- const struct wpabuf *cert)
+static void eapol_test_cert_cb(void *ctx, struct tls_cert_data *cert,
+ const char *cert_hash)
{
struct eapol_test_data *e = ctx;
+ int i;
wpa_msg(e->wpa_s, MSG_INFO, WPA_EVENT_EAP_PEER_CERT
"depth=%d subject='%s'%s%s",
- depth, subject,
+ cert->depth, cert->subject,
cert_hash ? " hash=" : "",
cert_hash ? cert_hash : "");
- if (cert) {
+ if (cert->cert) {
char *cert_hex;
- size_t len = wpabuf_len(cert) * 2 + 1;
+ size_t len = wpabuf_len(cert->cert) * 2 + 1;
cert_hex = os_malloc(len);
if (cert_hex) {
- wpa_snprintf_hex(cert_hex, len, wpabuf_head(cert),
- wpabuf_len(cert));
+ wpa_snprintf_hex(cert_hex, len, wpabuf_head(cert->cert),
+ wpabuf_len(cert->cert));
wpa_msg_ctrl(e->wpa_s, MSG_INFO,
WPA_EVENT_EAP_PEER_CERT
"depth=%d subject='%s' cert=%s",
- depth, subject, cert_hex);
+ cert->depth, cert->subject, cert_hex);
os_free(cert_hex);
}
if (e->server_cert_file)
eapol_test_write_cert(e->server_cert_file,
- subject, cert);
+ cert->subject, cert->cert);
}
- if (altsubject) {
- int i;
-
- for (i = 0; i < num_altsubject; i++)
- wpa_msg(e->wpa_s, MSG_INFO, WPA_EVENT_EAP_PEER_ALT
- "depth=%d %s", depth, altsubject[i]);
- }
+ for (i = 0; i < cert->num_altsubject; i++)
+ wpa_msg(e->wpa_s, MSG_INFO, WPA_EVENT_EAP_PEER_ALT
+ "depth=%d %s", cert->depth, cert->altsubject[i]);
}
diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index 815b994..471fc17 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -1222,7 +1222,7 @@
continue;
}
- if (ssid->mode != IEEE80211_MODE_MESH && !bss_is_ess(bss) &&
+ if (ssid->mode != WPAS_MODE_MESH && !bss_is_ess(bss) &&
!bss_is_pbss(bss)) {
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
@@ -1246,7 +1246,7 @@
}
#ifdef CONFIG_MESH
- if (ssid->mode == IEEE80211_MODE_MESH && ssid->frequency > 0 &&
+ if (ssid->mode == WPAS_MODE_MESH && ssid->frequency > 0 &&
ssid->frequency != bss->freq) {
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
@@ -1615,9 +1615,9 @@
continue;
}
#endif /* !CONFIG_IBSS_RSN */
- if (ssid->mode == IEEE80211_MODE_IBSS ||
- ssid->mode == IEEE80211_MODE_AP ||
- ssid->mode == IEEE80211_MODE_MESH)
+ if (ssid->mode == WPAS_MODE_IBSS ||
+ ssid->mode == WPAS_MODE_AP ||
+ ssid->mode == WPAS_MODE_MESH)
return ssid;
}
}
@@ -2839,7 +2839,7 @@
if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE ||
(wpa_s->current_ssid &&
- wpa_s->current_ssid->mode == IEEE80211_MODE_IBSS)) {
+ wpa_s->current_ssid->mode == WPAS_MODE_IBSS)) {
if (wpa_s->current_ssid &&
wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE &&
(wpa_s->drv_flags &
@@ -3596,8 +3596,9 @@
ie_len = info->ie_len;
reason_code = info->reason_code;
locally_generated = info->locally_generated;
- wpa_dbg(wpa_s, MSG_DEBUG, " * reason %u%s", reason_code,
- locally_generated ? " (locally generated)" : "");
+ wpa_dbg(wpa_s, MSG_DEBUG, " * reason %u (%s)%s", reason_code,
+ reason2str(reason_code),
+ locally_generated ? " locally_generated=1" : "");
if (addr)
wpa_dbg(wpa_s, MSG_DEBUG, " * address " MACSTR,
MAC2STR(addr));
@@ -3650,9 +3651,9 @@
ie_len = info->ie_len;
reason_code = info->reason_code;
locally_generated = info->locally_generated;
- wpa_dbg(wpa_s, MSG_DEBUG, " * reason %u%s",
- reason_code,
- locally_generated ? " (locally generated)" : "");
+ wpa_dbg(wpa_s, MSG_DEBUG, " * reason %u (%s)%s",
+ reason_code, reason2str(reason_code),
+ locally_generated ? " locally_generated=1" : "");
if (addr) {
wpa_dbg(wpa_s, MSG_DEBUG, " * address " MACSTR,
MAC2STR(addr));
@@ -4058,9 +4059,18 @@
union wpa_event_data *data)
{
const u8 *bssid = data->assoc_reject.bssid;
+#ifdef CONFIG_MBO
+ struct wpa_bss *reject_bss;
+#endif /* CONFIG_MBO */
if (!bssid || is_zero_ether_addr(bssid))
bssid = wpa_s->pending_bssid;
+#ifdef CONFIG_MBO
+ if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)
+ reject_bss = wpa_s->current_bss;
+ else
+ reject_bss = wpa_bss_get_bssid(wpa_s, bssid);
+#endif /* CONFIG_MBO */
if (data->assoc_reject.bssid)
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_ASSOC_REJECT
@@ -4112,8 +4122,7 @@
#ifdef CONFIG_MBO
if (data->assoc_reject.status_code ==
WLAN_STATUS_DENIED_POOR_CHANNEL_CONDITIONS &&
- wpa_s->current_bss && data->assoc_reject.bssid &&
- data->assoc_reject.resp_ies) {
+ reject_bss && data->assoc_reject.resp_ies) {
const u8 *rssi_rej;
rssi_rej = mbo_get_attr_from_ies(
@@ -4124,13 +4133,12 @@
wpa_printf(MSG_DEBUG,
"OCE: RSSI-based association rejection from "
MACSTR " (Delta RSSI: %u, Retry Delay: %u)",
- MAC2STR(data->assoc_reject.bssid),
+ MAC2STR(reject_bss->bssid),
rssi_rej[2], rssi_rej[3]);
wpa_bss_tmp_disallow(wpa_s,
- data->assoc_reject.bssid,
+ reject_bss->bssid,
rssi_rej[3],
- rssi_rej[2] +
- wpa_s->current_bss->level);
+ rssi_rej[2] + reject_bss->level);
}
}
#endif /* CONFIG_MBO */
@@ -4462,18 +4470,24 @@
data->rx_from_unknown.wds);
break;
#endif /* CONFIG_AP */
+
+ case EVENT_CH_SWITCH_STARTED:
case EVENT_CH_SWITCH:
if (!data || !wpa_s->current_ssid)
break;
- wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CHANNEL_SWITCH
- "freq=%d ht_enabled=%d ch_offset=%d ch_width=%s cf1=%d cf2=%d",
+ wpa_msg(wpa_s, MSG_INFO,
+ "%sfreq=%d ht_enabled=%d ch_offset=%d ch_width=%s cf1=%d cf2=%d",
+ event == EVENT_CH_SWITCH ? WPA_EVENT_CHANNEL_SWITCH :
+ WPA_EVENT_CHANNEL_SWITCH_STARTED,
data->ch_switch.freq,
data->ch_switch.ht_enabled,
data->ch_switch.ch_offset,
channel_width_to_string(data->ch_switch.ch_width),
data->ch_switch.cf1,
data->ch_switch.cf2);
+ if (event == EVENT_CH_SWITCH_STARTED)
+ break;
wpa_s->assoc_freq = data->ch_switch.freq;
wpa_s->current_ssid->frequency = data->ch_switch.freq;
@@ -4489,7 +4503,8 @@
data->ch_switch.ch_offset,
data->ch_switch.ch_width,
data->ch_switch.cf1,
- data->ch_switch.cf2);
+ data->ch_switch.cf2,
+ 1);
}
#endif /* CONFIG_AP */
diff --git a/wpa_supplicant/hidl/1.2/p2p_iface.cpp b/wpa_supplicant/hidl/1.2/p2p_iface.cpp
index ada7ee6..b4433b9 100644
--- a/wpa_supplicant/hidl/1.2/p2p_iface.cpp
+++ b/wpa_supplicant/hidl/1.2/p2p_iface.cpp
@@ -163,7 +163,7 @@
// set P2p network defaults
wpa_network->p2p_group = 1;
- wpa_network->mode = wpa_ssid::wpas_mode::WPAS_MODE_INFRA;
+ wpa_network->mode = wpas_mode::WPAS_MODE_INFRA;
wpa_network->auth_alg = WPA_AUTH_ALG_OPEN;
wpa_network->key_mgmt = WPA_KEY_MGMT_PSK;
@@ -343,7 +343,7 @@
if (wpas_p2p_group_add_persistent(
wpa_s, wpa_network, 0, 0, 0, 0, ht40, vht,
- VHT_CHANWIDTH_USE_HT, 0, NULL, 0, 1)) {
+ CHANWIDTH_USE_HT, 0, NULL, 0, 1)) {
ret = -1;
}
@@ -1061,7 +1061,7 @@
int new_pin = wpas_p2p_connect(
wpa_s, peer_address.data(), pin, wps_method, persistent, false,
join_existing_group, false, go_intent_signed, 0, 0, -1, false, ht40,
- vht, VHT_CHANWIDTH_USE_HT, 0, nullptr, 0);
+ vht, CHANWIDTH_USE_HT, 0, nullptr, 0);
if (new_pin < 0) {
return {{SupplicantStatusCode::FAILURE_UNKNOWN, ""}, {}};
}
@@ -1124,7 +1124,7 @@
if (ssid == NULL) {
if (wpas_p2p_group_add(
wpa_s, persistent, 0, 0, ht40, vht,
- VHT_CHANWIDTH_USE_HT, 0)) {
+ CHANWIDTH_USE_HT, 0)) {
return {SupplicantStatusCode::FAILURE_UNKNOWN, ""};
} else {
return {SupplicantStatusCode::SUCCESS, ""};
@@ -1132,7 +1132,7 @@
} else if (ssid->disabled == 2) {
if (wpas_p2p_group_add_persistent(
wpa_s, ssid, 0, 0, 0, 0, ht40, vht,
- VHT_CHANWIDTH_USE_HT, 0, NULL, 0, 0)) {
+ CHANWIDTH_USE_HT, 0, NULL, 0, 0)) {
return {SupplicantStatusCode::FAILURE_NETWORK_UNKNOWN,
""};
} else {
@@ -1196,7 +1196,7 @@
}
if (wpas_p2p_invite(
wpa_s, peer_address.data(), ssid, NULL, 0, 0, ht40, vht,
- VHT_CHANWIDTH_USE_HT, 0, 0)) {
+ CHANWIDTH_USE_HT, 0, 0)) {
return {SupplicantStatusCode::FAILURE_UNKNOWN, ""};
}
return {SupplicantStatusCode::SUCCESS, ""};
@@ -1652,7 +1652,7 @@
if (wpas_p2p_group_add(
wpa_s, persistent, freq, 0, ht40, vht,
- VHT_CHANWIDTH_USE_HT, 0)) {
+ CHANWIDTH_USE_HT, 0)) {
return {SupplicantStatusCode::FAILURE_UNKNOWN, ""};
}
return {SupplicantStatusCode::SUCCESS, ""};
diff --git a/wpa_supplicant/hidl/1.2/p2p_network.cpp b/wpa_supplicant/hidl/1.2/p2p_network.cpp
index 693b2c0..a84d0e7 100644
--- a/wpa_supplicant/hidl/1.2/p2p_network.cpp
+++ b/wpa_supplicant/hidl/1.2/p2p_network.cpp
@@ -180,7 +180,7 @@
{
struct wpa_ssid *wpa_ssid = retrieveNetworkPtr();
return {{SupplicantStatusCode::SUCCESS, ""},
- (wpa_ssid->mode == wpa_ssid::wpas_mode::WPAS_MODE_P2P_GO)};
+ (wpa_ssid->mode == wpas_mode::WPAS_MODE_P2P_GO)};
}
SupplicantStatus P2pNetwork::setClientListInternal(
diff --git a/wpa_supplicant/ibss_rsn.c b/wpa_supplicant/ibss_rsn.c
index e96ea65..6934c47 100644
--- a/wpa_supplicant/ibss_rsn.c
+++ b/wpa_supplicant/ibss_rsn.c
@@ -193,7 +193,7 @@
}
-static void supp_deauthenticate(void * ctx, int reason_code)
+static void supp_deauthenticate(void * ctx, u16 reason_code)
{
wpa_printf(MSG_DEBUG, "SUPP: %s (TODO)", __func__);
}
diff --git a/wpa_supplicant/interworking.c b/wpa_supplicant/interworking.c
index c66a09b..dabde82 100644
--- a/wpa_supplicant/interworking.c
+++ b/wpa_supplicant/interworking.c
@@ -1388,6 +1388,9 @@
cred->num_roaming_consortiums == 0)
continue;
+ if (!cred->eap_method)
+ continue;
+
if ((cred->roaming_consortium_len == 0 ||
!roaming_consortium_match(ie, anqp,
cred->roaming_consortium,
@@ -2669,7 +2672,8 @@
found++;
bss->flags |= WPA_BSS_ANQP_FETCH_TRIED;
wpa_msg(wpa_s, MSG_INFO, "Starting ANQP fetch for "
- MACSTR, MAC2STR(bss->bssid));
+ MACSTR " (HESSID " MACSTR ")",
+ MAC2STR(bss->bssid), MAC2STR(bss->hessid));
interworking_anqp_send_req(wpa_s, bss);
break;
}
diff --git a/wpa_supplicant/mesh.c b/wpa_supplicant/mesh.c
index 9260021..7354c1b 100644
--- a/wpa_supplicant/mesh.c
+++ b/wpa_supplicant/mesh.c
@@ -208,6 +208,7 @@
wpa_printf(MSG_ERROR,
"mesh: RSN initialization failed - deinit mesh");
wpa_supplicant_mesh_deinit(wpa_s);
+ wpa_drv_leave_mesh(wpa_s);
return -1;
}
@@ -333,14 +334,14 @@
if (ssid->max_oper_chwidth != DEFAULT_MAX_OPER_CHWIDTH)
conf->vht_oper_chwidth = ssid->max_oper_chwidth;
switch (conf->vht_oper_chwidth) {
- case VHT_CHANWIDTH_80MHZ:
- case VHT_CHANWIDTH_80P80MHZ:
+ case CHANWIDTH_80MHZ:
+ case CHANWIDTH_80P80MHZ:
ieee80211_freq_to_chan(
frequency,
&conf->vht_oper_centr_freq_seg0_idx);
conf->vht_oper_centr_freq_seg0_idx += ssid->ht40 * 2;
break;
- case VHT_CHANWIDTH_160MHZ:
+ case CHANWIDTH_160MHZ:
ieee80211_freq_to_chan(
frequency,
&conf->vht_oper_centr_freq_seg0_idx);
@@ -455,6 +456,7 @@
ibss_mesh_setup_freq(wpa_s, ssid, ¶ms->freq);
wpa_s->mesh_ht_enabled = !!params->freq.ht_enabled;
wpa_s->mesh_vht_enabled = !!params->freq.vht_enabled;
+ wpa_s->mesh_he_enabled = !!params->freq.he_enabled;
if (params->freq.ht_enabled && params->freq.sec_channel_offset)
ssid->ht40 = params->freq.sec_channel_offset;
@@ -464,21 +466,23 @@
switch (params->freq.bandwidth) {
case 80:
if (params->freq.center_freq2) {
- ssid->max_oper_chwidth = VHT_CHANWIDTH_80P80MHZ;
+ ssid->max_oper_chwidth = CHANWIDTH_80P80MHZ;
ssid->vht_center_freq2 =
params->freq.center_freq2;
} else {
- ssid->max_oper_chwidth = VHT_CHANWIDTH_80MHZ;
+ ssid->max_oper_chwidth = CHANWIDTH_80MHZ;
}
break;
case 160:
- ssid->max_oper_chwidth = VHT_CHANWIDTH_160MHZ;
+ ssid->max_oper_chwidth = CHANWIDTH_160MHZ;
break;
default:
- ssid->max_oper_chwidth = VHT_CHANWIDTH_USE_HT;
+ ssid->max_oper_chwidth = CHANWIDTH_USE_HT;
break;
}
}
+ if (wpa_s->mesh_he_enabled)
+ ssid->he = 1;
if (ssid->beacon_int > 0)
params->beacon_int = ssid->beacon_int;
else if (wpa_s->conf->beacon_int > 0)
diff --git a/wpa_supplicant/mesh_mpm.c b/wpa_supplicant/mesh_mpm.c
index 9d6ab8d..4a163b6 100644
--- a/wpa_supplicant/mesh_mpm.c
+++ b/wpa_supplicant/mesh_mpm.c
@@ -245,6 +245,16 @@
2 + 5; /* VHT Operation */
}
#endif /* CONFIG_IEEE80211AC */
+#ifdef CONFIG_IEEE80211AX
+ if (type != PLINK_CLOSE && wpa_s->mesh_he_enabled) {
+ buf_len += 3 +
+ HE_MAX_MAC_CAPAB_SIZE +
+ HE_MAX_PHY_CAPAB_SIZE +
+ HE_MAX_MCS_CAPAB_SIZE +
+ HE_MAX_PPET_CAPAB_SIZE;
+ buf_len += 3 + sizeof(struct ieee80211_he_operation);
+ }
+#endif /* CONFIG_IEEE80211AX */
if (type != PLINK_CLOSE)
buf_len += conf->rsn_ie_len; /* RSN IE */
#ifdef CONFIG_OCV
@@ -362,6 +372,21 @@
wpabuf_put_data(buf, vht_capa_oper, pos - vht_capa_oper);
}
#endif /* CONFIG_IEEE80211AC */
+#ifdef CONFIG_IEEE80211AX
+ if (type != PLINK_CLOSE && wpa_s->mesh_he_enabled) {
+ u8 he_capa_oper[3 +
+ HE_MAX_MAC_CAPAB_SIZE +
+ HE_MAX_PHY_CAPAB_SIZE +
+ HE_MAX_MCS_CAPAB_SIZE +
+ HE_MAX_PPET_CAPAB_SIZE +
+ 3 + sizeof(struct ieee80211_he_operation)];
+
+ pos = hostapd_eid_he_capab(bss, he_capa_oper,
+ IEEE80211_MODE_MESH);
+ pos = hostapd_eid_he_operation(bss, pos);
+ wpabuf_put_data(buf, he_capa_oper, pos - he_capa_oper);
+ }
+#endif /* CONFIG_IEEE80211AX */
#ifdef CONFIG_OCV
if (type != PLINK_CLOSE && conf->ocv) {
@@ -725,6 +750,11 @@
set_sta_vht_opmode(data, sta, elems->vht_opmode_notif);
#endif /* CONFIG_IEEE80211AC */
+#ifdef CONFIG_IEEE80211AX
+ copy_sta_he_capab(data, sta, IEEE80211_MODE_MESH,
+ elems->he_capabilities, elems->he_capabilities_len);
+#endif /* CONFIG_IEEE80211AX */
+
if (hostapd_get_aid(data, sta) < 0) {
wpa_msg(wpa_s, MSG_ERROR, "No AIDs available");
ap_free_sta(data, sta);
@@ -742,6 +772,8 @@
params.listen_interval = 100;
params.ht_capabilities = sta->ht_capabilities;
params.vht_capabilities = sta->vht_capabilities;
+ params.he_capab = sta->he_capab;
+ params.he_capab_len = sta->he_capab_len;
params.flags |= WPA_STA_WMM;
params.flags_mask |= WPA_STA_AUTHENTICATED;
if (conf->security == MESH_CONF_SEC_NONE) {
diff --git a/wpa_supplicant/notify.c b/wpa_supplicant/notify.c
index 41dc334..bd16fed 100644
--- a/wpa_supplicant/notify.c
+++ b/wpa_supplicant/notify.c
@@ -17,6 +17,7 @@
#include "dbus/dbus_new.h"
#include "rsn_supp/wpa.h"
#include "fst/fst.h"
+#include "crypto/tls.h"
#include "driver_i.h"
#include "scan.h"
#include "p2p_supplicant.h"
@@ -857,42 +858,41 @@
}
-void wpas_notify_certification(struct wpa_supplicant *wpa_s, int depth,
- const char *subject, const char *altsubject[],
- int num_altsubject, const char *cert_hash,
- const struct wpabuf *cert)
+void wpas_notify_certification(struct wpa_supplicant *wpa_s,
+ struct tls_cert_data *cert,
+ const char *cert_hash)
{
- wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_EAP_PEER_CERT
- "depth=%d subject='%s'%s%s",
- depth, subject, cert_hash ? " hash=" : "",
- cert_hash ? cert_hash : "");
+ int i;
- if (cert) {
+ wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_EAP_PEER_CERT
+ "depth=%d subject='%s'%s%s%s",
+ cert->depth, cert->subject, cert_hash ? " hash=" : "",
+ cert_hash ? cert_hash : "",
+ cert->tod ? " tod=1" : "");
+
+ if (cert->cert) {
char *cert_hex;
- size_t len = wpabuf_len(cert) * 2 + 1;
+ size_t len = wpabuf_len(cert->cert) * 2 + 1;
cert_hex = os_malloc(len);
if (cert_hex) {
- wpa_snprintf_hex(cert_hex, len, wpabuf_head(cert),
- wpabuf_len(cert));
+ wpa_snprintf_hex(cert_hex, len, wpabuf_head(cert->cert),
+ wpabuf_len(cert->cert));
wpa_msg_ctrl(wpa_s, MSG_INFO,
WPA_EVENT_EAP_PEER_CERT
"depth=%d subject='%s' cert=%s",
- depth, subject, cert_hex);
+ cert->depth, cert->subject, cert_hex);
os_free(cert_hex);
}
}
- if (altsubject) {
- int i;
-
- for (i = 0; i < num_altsubject; i++)
- wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_EAP_PEER_ALT
- "depth=%d %s", depth, altsubject[i]);
- }
+ for (i = 0; i < cert->num_altsubject; i++)
+ wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_EAP_PEER_ALT
+ "depth=%d %s", cert->depth, cert->altsubject[i]);
/* notify the new DBus API */
- wpas_dbus_signal_certification(wpa_s, depth, subject, altsubject,
- num_altsubject, cert_hash, cert);
+ wpas_dbus_signal_certification(wpa_s, cert->depth, cert->subject,
+ cert->altsubject, cert->num_altsubject,
+ cert_hash, cert->cert);
}
@@ -1024,7 +1024,7 @@
void wpas_notify_mesh_group_removed(struct wpa_supplicant *wpa_s,
const u8 *meshid, u8 meshid_len,
- int reason_code)
+ u16 reason_code)
{
if (wpa_s->p2p_mgmt)
return;
@@ -1045,7 +1045,7 @@
void wpas_notify_mesh_peer_disconnected(struct wpa_supplicant *wpa_s,
- const u8 *peer_addr, int reason_code)
+ const u8 *peer_addr, u16 reason_code)
{
if (wpa_s->p2p_mgmt)
return;
diff --git a/wpa_supplicant/notify.h b/wpa_supplicant/notify.h
index 2f194ce..8600ee9 100644
--- a/wpa_supplicant/notify.h
+++ b/wpa_supplicant/notify.h
@@ -15,6 +15,7 @@
struct wps_credential;
struct wps_event_m2d;
struct wps_event_fail;
+struct tls_cert_data;
int wpas_notify_supplicant_initialized(struct wpa_global *global);
void wpas_notify_supplicant_deinitialized(struct wpa_global *global);
@@ -134,10 +135,9 @@
void wpas_notify_p2p_wps_failed(struct wpa_supplicant *wpa_s,
struct wps_event_fail *fail);
-void wpas_notify_certification(struct wpa_supplicant *wpa_s, int depth,
- const char *subject, const char *altsubject[],
- int num_altsubject, const char *cert_hash,
- const struct wpabuf *cert);
+void wpas_notify_certification(struct wpa_supplicant *wpa_s,
+ struct tls_cert_data *cert,
+ const char *cert_hash);
void wpas_notify_preq(struct wpa_supplicant *wpa_s,
const u8 *addr, const u8 *dst, const u8 *bssid,
const u8 *ie, size_t ie_len, u32 ssi_signal);
@@ -155,11 +155,11 @@
struct wpa_ssid *ssid);
void wpas_notify_mesh_group_removed(struct wpa_supplicant *wpa_s,
const u8 *meshid, u8 meshid_len,
- int reason_code);
+ u16 reason_code);
void wpas_notify_mesh_peer_connected(struct wpa_supplicant *wpa_s,
const u8 *peer_addr);
void wpas_notify_mesh_peer_disconnected(struct wpa_supplicant *wpa_s,
- const u8 *peer_addr, int reason_code);
+ const u8 *peer_addr, u16 reason_code);
void wpas_notify_anqp_query_done(struct wpa_supplicant *wpa_s, const u8* bssid,
const char* result,
const struct wpa_bss_anqp *anqp);
diff --git a/wpa_supplicant/op_classes.c b/wpa_supplicant/op_classes.c
index 947917b..6a85af4 100644
--- a/wpa_supplicant/op_classes.c
+++ b/wpa_supplicant/op_classes.c
@@ -348,7 +348,7 @@
* TODO: Use the secondary channel and VHT channel width that will be
* used after association.
*/
- if (ieee80211_freq_to_channel_ext(freq, 0, VHT_CHANWIDTH_USE_HT,
+ if (ieee80211_freq_to_channel_ext(freq, 0, CHANWIDTH_USE_HT,
¤t, &chan) == NUM_HOSTAPD_MODES)
return 0;
diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c
index 70b61d6..23bbc21 100644
--- a/wpa_supplicant/p2p_supplicant.c
+++ b/wpa_supplicant/p2p_supplicant.c
@@ -1556,7 +1556,7 @@
{
struct send_action_work *awork;
- if (wpa_s->p2p_send_action_work) {
+ if (radio_work_pending(wpa_s, "p2p-send-action")) {
wpa_printf(MSG_DEBUG, "P2P: Cannot schedule new p2p-send-action work since one is already pending");
return -1;
}
@@ -1573,7 +1573,7 @@
awork->wait_time = wait_time;
os_memcpy(awork->buf, buf, len);
- if (radio_add_work(wpa_s, freq, "p2p-send-action", 0,
+ if (radio_add_work(wpa_s, freq, "p2p-send-action", 1,
wpas_send_action_cb, awork) < 0) {
os_free(awork);
return -1;
@@ -5484,7 +5484,7 @@
* @ht40: Start GO with 40 MHz channel width
* @vht: Start GO with VHT support
* @vht_chwidth: Channel width supported by GO operating with VHT support
- * (VHT_CHANWIDTH_*).
+ * (CHANWIDTH_*).
* @group_ssid: Specific Group SSID for join or %NULL if not set
* @group_ssid_len: Length of @group_ssid in octets
* Returns: 0 or new PIN (if pin was %NULL) on success, -1 on unspecified
@@ -9201,11 +9201,11 @@
csa_settings.freq_params.center_freq2 = freq2;
switch (conf->vht_oper_chwidth) {
- case VHT_CHANWIDTH_80MHZ:
- case VHT_CHANWIDTH_80P80MHZ:
+ case CHANWIDTH_80MHZ:
+ case CHANWIDTH_80P80MHZ:
csa_settings.freq_params.bandwidth = 80;
break;
- case VHT_CHANWIDTH_160MHZ:
+ case CHANWIDTH_160MHZ:
csa_settings.freq_params.bandwidth = 160;
break;
}
diff --git a/wpa_supplicant/preauth_test.c b/wpa_supplicant/preauth_test.c
index f2fff55..3f2da34 100644
--- a/wpa_supplicant/preauth_test.c
+++ b/wpa_supplicant/preauth_test.c
@@ -35,7 +35,7 @@
};
-static void _wpa_supplicant_deauthenticate(void *wpa_s, int reason_code)
+static void _wpa_supplicant_deauthenticate(void *wpa_s, u16 reason_code)
{
wpa_supplicant_deauthenticate(wpa_s, reason_code);
}
diff --git a/wpa_supplicant/rrm.c b/wpa_supplicant/rrm.c
index cb3c6c9..8468b2f 100644
--- a/wpa_supplicant/rrm.c
+++ b/wpa_supplicant/rrm.c
@@ -717,20 +717,20 @@
seg0 = vht_oper->vht_op_info_chan_center_freq_seg0_idx;
seg1 = vht_oper->vht_op_info_chan_center_freq_seg1_idx;
if (seg1 && abs(seg1 - seg0) == 8)
- vht = VHT_CHANWIDTH_160MHZ;
+ vht = CHANWIDTH_160MHZ;
else if (seg1)
- vht = VHT_CHANWIDTH_80P80MHZ;
+ vht = CHANWIDTH_80P80MHZ;
else
- vht = VHT_CHANWIDTH_80MHZ;
+ vht = CHANWIDTH_80MHZ;
break;
case 2:
- vht = VHT_CHANWIDTH_160MHZ;
+ vht = CHANWIDTH_160MHZ;
break;
case 3:
- vht = VHT_CHANWIDTH_80P80MHZ;
+ vht = CHANWIDTH_80P80MHZ;
break;
default:
- vht = VHT_CHANWIDTH_USE_HT;
+ vht = CHANWIDTH_USE_HT;
break;
}
}
diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index e2cc439..dd50201 100644
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -932,21 +932,23 @@
}
-static void sme_external_auth_send_sae_commit(struct wpa_supplicant *wpa_s,
- const u8 *bssid,
- struct wpa_ssid *ssid)
+static int sme_external_auth_send_sae_commit(struct wpa_supplicant *wpa_s,
+ const u8 *bssid,
+ struct wpa_ssid *ssid)
{
struct wpabuf *resp, *buf;
resp = sme_auth_build_sae_commit(wpa_s, ssid, bssid, 1, 0);
- if (!resp)
- return;
+ if (!resp) {
+ wpa_printf(MSG_DEBUG, "SAE: Failed to build SAE commit");
+ return -1;
+ }
wpa_s->sme.sae.state = SAE_COMMITTED;
buf = wpabuf_alloc(4 + SAE_COMMIT_MAX_LEN + wpabuf_len(resp));
if (!buf) {
wpabuf_free(resp);
- return;
+ return -1;
}
wpa_s->sme.seq_num++;
@@ -955,6 +957,8 @@
wpa_drv_send_mlme(wpa_s, wpabuf_head(buf), wpabuf_len(buf), 1, 0);
wpabuf_free(resp);
wpabuf_free(buf);
+
+ return 0;
}
@@ -972,8 +976,8 @@
}
-static void sme_handle_external_auth_start(struct wpa_supplicant *wpa_s,
- union wpa_event_data *data)
+static int sme_handle_external_auth_start(struct wpa_supplicant *wpa_s,
+ union wpa_event_data *data)
{
struct wpa_ssid *ssid;
size_t ssid_str_len = data->external_auth.ssid_len;
@@ -987,13 +991,12 @@
(ssid->key_mgmt & (WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE)))
break;
}
- if (ssid)
- sme_external_auth_send_sae_commit(wpa_s,
- data->external_auth.bssid,
- ssid);
- else
- sme_send_external_auth_status(wpa_s,
- WLAN_STATUS_UNSPECIFIED_FAILURE);
+ if (!ssid ||
+ sme_external_auth_send_sae_commit(wpa_s, data->external_auth.bssid,
+ ssid) < 0)
+ return -1;
+
+ return 0;
}
@@ -1043,7 +1046,9 @@
wpa_s->sme.sae.state = SAE_NOTHING;
wpa_s->sme.sae.send_confirm = 0;
wpa_s->sme.sae_group_index = 0;
- sme_handle_external_auth_start(wpa_s, data);
+ if (sme_handle_external_auth_start(wpa_s, data) < 0)
+ sme_send_external_auth_status(wpa_s,
+ WLAN_STATUS_UNSPECIFIED_FAILURE);
} else if (data->external_auth.action == EXT_AUTH_ABORT) {
/* Report failure to driver for the wrong trigger */
sme_send_external_auth_status(wpa_s,
@@ -2241,7 +2246,7 @@
*/
if (!((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) ||
(wpa_s->drv_flags & WPA_DRIVER_FLAGS_OBSS_SCAN)) ||
- ssid == NULL || ssid->mode != IEEE80211_MODE_INFRA)
+ ssid == NULL || ssid->mode != WPAS_MODE_INFRA)
return;
if (!wpa_s->hw.modes)
diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c
index 39cd163..c147649 100644
--- a/wpa_supplicant/wnm_sta.c
+++ b/wpa_supplicant/wnm_sta.c
@@ -452,7 +452,8 @@
break;
case WNM_NEIGHBOR_BSS_TERMINATION_DURATION:
if (elen < 10) {
- wpa_printf(MSG_DEBUG, "WNM: Too short bss_term_tsf");
+ wpa_printf(MSG_DEBUG,
+ "WNM: Too short BSS termination duration");
break;
}
rep->bss_term_tsf = WPA_GET_LE64(pos);
@@ -924,9 +925,9 @@
if (ie && ie[1] >= 1) {
vht_oper = (struct ieee80211_vht_operation *) (ie + 2);
- if (vht_oper->vht_op_info_chwidth == VHT_CHANWIDTH_80MHZ ||
- vht_oper->vht_op_info_chwidth == VHT_CHANWIDTH_160MHZ ||
- vht_oper->vht_op_info_chwidth == VHT_CHANWIDTH_80P80MHZ)
+ if (vht_oper->vht_op_info_chwidth == CHANWIDTH_80MHZ ||
+ vht_oper->vht_op_info_chwidth == CHANWIDTH_160MHZ ||
+ vht_oper->vht_op_info_chwidth == CHANWIDTH_80P80MHZ)
vht = vht_oper->vht_op_info_chwidth;
}
@@ -1370,6 +1371,9 @@
const u8 *vendor;
#endif /* CONFIG_MBO */
+ if (wpa_s->conf->disable_btm)
+ return;
+
if (end - pos < 5)
return;
diff --git a/wpa_supplicant/wpa_cli.c b/wpa_supplicant/wpa_cli.c
index 695fcbe..5b2154e 100644
--- a/wpa_supplicant/wpa_cli.c
+++ b/wpa_supplicant/wpa_cli.c
@@ -2064,6 +2064,13 @@
return wpa_cli_cmd(ctrl, "MESH_PEER_ADD", 1, argc, argv);
}
+
+static int wpa_cli_cmd_mesh_link_probe(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ return wpa_cli_cmd(ctrl, "MESH_LINK_PROBE", 1, argc, argv);
+}
+
#endif /* CONFIG_MESH */
@@ -3384,6 +3391,9 @@
{ "mesh_peer_add", wpa_cli_cmd_mesh_peer_add, NULL,
cli_cmd_flag_none,
"<addr> [duration=<seconds>] = Add a mesh peer" },
+ { "mesh_link_probe", wpa_cli_cmd_mesh_link_probe, NULL,
+ cli_cmd_flag_none,
+ "<addr> [payload=<hex dump of payload>] = Probe a mesh link for a given peer by injecting a frame." },
#endif /* CONFIG_MESH */
#ifdef CONFIG_P2P
{ "p2p_find", wpa_cli_cmd_p2p_find, wpa_cli_complete_p2p_find,
@@ -3967,6 +3977,8 @@
wpa_cli_connected = 0;
wpa_cli_exec(action_file, ifname, "DISCONNECTED");
}
+ } else if (str_starts(pos, WPA_EVENT_CHANNEL_SWITCH_STARTED)) {
+ wpa_cli_exec(action_file, ctrl_ifname, pos);
} else if (str_starts(pos, AP_EVENT_ENABLED)) {
wpa_cli_exec(action_file, ctrl_ifname, pos);
} else if (str_starts(pos, AP_EVENT_DISABLED)) {
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index be8efb4..f043264 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -36,6 +36,7 @@
#include "rsn_supp/preauth.h"
#include "rsn_supp/pmksa_cache.h"
#include "common/wpa_ctrl.h"
+#include "common/ieee802_11_common.h"
#include "common/ieee802_11_defs.h"
#include "common/hw_features_common.h"
#include "common/gas_server.h"
@@ -1417,9 +1418,10 @@
wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
wpa_dbg(wpa_s, MSG_DEBUG,
"WPA: using KEY_MGMT FT/802.1X-SHA384");
- if (pmksa_cache_get_current(wpa_s->wpa)) {
- /* PMKSA caching with FT is not fully functional, so
- * disable the case for now. */
+ if (!ssid->ft_eap_pmksa_caching &&
+ pmksa_cache_get_current(wpa_s->wpa)) {
+ /* PMKSA caching with FT may have interoperability
+ * issues, so disable that case by default for now. */
wpa_dbg(wpa_s, MSG_DEBUG,
"WPA: Disable PMKSA caching for FT/802.1X connection");
pmksa_cache_clear_current(wpa_s->wpa);
@@ -1458,9 +1460,10 @@
} else if (sel & WPA_KEY_MGMT_FT_IEEE8021X) {
wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
- if (pmksa_cache_get_current(wpa_s->wpa)) {
- /* PMKSA caching with FT is not fully functional, so
- * disable the case for now. */
+ if (!ssid->ft_eap_pmksa_caching &&
+ pmksa_cache_get_current(wpa_s->wpa)) {
+ /* PMKSA caching with FT may have interoperability
+ * issues, so disable that case by default for now. */
wpa_dbg(wpa_s, MSG_DEBUG,
"WPA: Disable PMKSA caching for FT/802.1X connection");
pmksa_cache_clear_current(wpa_s->wpa);
@@ -1709,7 +1712,8 @@
case 2: /* Bits 16-23 */
#ifdef CONFIG_WNM
*pos |= 0x02; /* Bit 17 - WNM-Sleep Mode */
- *pos |= 0x08; /* Bit 19 - BSS Transition */
+ if (!wpa_s->conf->disable_btm)
+ *pos |= 0x08; /* Bit 19 - BSS Transition */
#endif /* CONFIG_WNM */
break;
case 3: /* Bits 24-31 */
@@ -2063,7 +2067,7 @@
#endif /* CONFIG_TDLS */
if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
- ssid->mode == IEEE80211_MODE_INFRA) {
+ ssid->mode == WPAS_MODE_INFRA) {
sme_authenticate(wpa_s, bss, ssid);
return;
}
@@ -2137,6 +2141,7 @@
const struct wpa_ssid *ssid,
struct hostapd_freq_params *freq)
{
+ int ieee80211_mode = wpas_mode_to_ieee80211_mode(ssid->mode);
enum hostapd_hw_mode hw_mode;
struct hostapd_hw_modes *mode = NULL;
int ht40plus[] = { 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157,
@@ -2200,6 +2205,9 @@
if (!mode)
return;
+ /* HE can work without HT + VHT */
+ freq->he_enabled = mode->he_capab[ieee80211_mode].he_supported;
+
#ifdef CONFIG_HT_OVERRIDES
if (ssid->disable_ht) {
freq->ht_enabled = 0;
@@ -2353,11 +2361,11 @@
return;
}
- chwidth = VHT_CHANWIDTH_80MHZ;
+ chwidth = CHANWIDTH_80MHZ;
seg0 = vht80[j] + 6;
seg1 = 0;
- if (ssid->max_oper_chwidth == VHT_CHANWIDTH_80P80MHZ) {
+ if (ssid->max_oper_chwidth == CHANWIDTH_80P80MHZ) {
/* setup center_freq2, bandwidth */
for (k = 0; k < ARRAY_SIZE(vht80); k++) {
/* Only accept 80 MHz segments separated by a gap */
@@ -2376,27 +2384,27 @@
continue;
/* Found a suitable second segment for 80+80 */
- chwidth = VHT_CHANWIDTH_80P80MHZ;
+ chwidth = CHANWIDTH_80P80MHZ;
vht_caps |=
VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ;
seg1 = vht80[k] + 6;
}
- if (chwidth == VHT_CHANWIDTH_80P80MHZ)
+ if (chwidth == CHANWIDTH_80P80MHZ)
break;
}
- } else if (ssid->max_oper_chwidth == VHT_CHANWIDTH_160MHZ) {
+ } else if (ssid->max_oper_chwidth == CHANWIDTH_160MHZ) {
if (freq->freq == 5180) {
- chwidth = VHT_CHANWIDTH_160MHZ;
+ chwidth = CHANWIDTH_160MHZ;
vht_caps |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
seg0 = 50;
} else if (freq->freq == 5520) {
- chwidth = VHT_CHANWIDTH_160MHZ;
+ chwidth = CHANWIDTH_160MHZ;
vht_caps |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
seg0 = 114;
}
- } else if (ssid->max_oper_chwidth == VHT_CHANWIDTH_USE_HT) {
- chwidth = VHT_CHANWIDTH_USE_HT;
+ } else if (ssid->max_oper_chwidth == CHANWIDTH_USE_HT) {
+ chwidth = CHANWIDTH_USE_HT;
seg0 = vht80[j] + 2;
#ifdef CONFIG_HT_OVERRIDES
if (ssid->disable_ht40)
@@ -2406,9 +2414,10 @@
if (hostapd_set_freq_params(&vht_freq, mode->mode, freq->freq,
freq->channel, freq->ht_enabled,
- vht_freq.vht_enabled,
+ vht_freq.vht_enabled, freq->he_enabled,
freq->sec_channel_offset,
- chwidth, seg0, seg1, vht_caps) != 0)
+ chwidth, seg0, seg1, vht_caps,
+ &mode->he_capab[ieee80211_mode]) != 0)
return;
*freq = vht_freq;
@@ -3422,16 +3431,17 @@
* current AP.
*/
void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
- int reason_code)
+ u16 reason_code)
{
u8 *addr = NULL;
union wpa_event_data event;
int zero_addr = 0;
wpa_dbg(wpa_s, MSG_DEBUG, "Request to deauthenticate - bssid=" MACSTR
- " pending_bssid=" MACSTR " reason=%d state=%s",
+ " pending_bssid=" MACSTR " reason=%d (%s) state=%s",
MAC2STR(wpa_s->bssid), MAC2STR(wpa_s->pending_bssid),
- reason_code, wpa_supplicant_state_txt(wpa_s->wpa_state));
+ reason_code, reason2str(reason_code),
+ wpa_supplicant_state_txt(wpa_s->wpa_state));
if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
(wpa_s->wpa_state == WPA_AUTHENTICATING ||
@@ -3473,7 +3483,7 @@
if (addr) {
wpa_drv_deauthenticate(wpa_s, addr, reason_code);
os_memset(&event, 0, sizeof(event));
- event.deauth_info.reason_code = (u16) reason_code;
+ event.deauth_info.reason_code = reason_code;
event.deauth_info.locally_generated = 1;
wpa_supplicant_event(wpa_s, EVENT_DEAUTH, &event);
if (zero_addr)
@@ -4228,7 +4238,7 @@
!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
wpa_s->wpa_state != WPA_COMPLETED) &&
(wpa_s->current_ssid == NULL ||
- wpa_s->current_ssid->mode != IEEE80211_MODE_IBSS)) {
+ wpa_s->current_ssid->mode != WPAS_MODE_IBSS)) {
/* Timeout for completing IEEE 802.1X and WPA authentication */
int timeout = 10;
@@ -6629,6 +6639,9 @@
wpa_s->conf->wowlan_triggers);
}
+ if (wpa_s->conf->changed_parameters & CFG_CHANGED_DISABLE_BTM)
+ wpa_supplicant_set_default_scan_ies(wpa_s);
+
#ifdef CONFIG_WPS
wpas_wps_update_config(wpa_s);
#endif /* CONFIG_WPS */
@@ -7516,3 +7529,66 @@
return 1;
}
+
+
+int wpas_enable_mac_addr_randomization(struct wpa_supplicant *wpa_s,
+ unsigned int type, const u8 *addr,
+ const u8 *mask)
+{
+ if ((addr && !mask) || (!addr && mask)) {
+ wpa_printf(MSG_INFO,
+ "MAC_ADDR_RAND_SCAN invalid addr/mask combination");
+ return -1;
+ }
+
+ if (addr && mask && (!(mask[0] & 0x01) || (addr[0] & 0x01))) {
+ wpa_printf(MSG_INFO,
+ "MAC_ADDR_RAND_SCAN cannot allow multicast address");
+ return -1;
+ }
+
+ if (type & MAC_ADDR_RAND_SCAN) {
+ if (wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_SCAN,
+ addr, mask))
+ return -1;
+ }
+
+ if (type & MAC_ADDR_RAND_SCHED_SCAN) {
+ if (wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_SCHED_SCAN,
+ addr, mask))
+ return -1;
+
+ if (wpa_s->sched_scanning && !wpa_s->pno)
+ wpas_scan_restart_sched_scan(wpa_s);
+ }
+
+ if (type & MAC_ADDR_RAND_PNO) {
+ if (wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_PNO,
+ addr, mask))
+ return -1;
+
+ if (wpa_s->pno) {
+ wpas_stop_pno(wpa_s);
+ wpas_start_pno(wpa_s);
+ }
+ }
+
+ return 0;
+}
+
+
+int wpas_disable_mac_addr_randomization(struct wpa_supplicant *wpa_s,
+ unsigned int type)
+{
+ wpas_mac_addr_rand_scan_clear(wpa_s, type);
+ if (wpa_s->pno) {
+ if (type & MAC_ADDR_RAND_PNO) {
+ wpas_stop_pno(wpa_s);
+ wpas_start_pno(wpa_s);
+ }
+ } else if (wpa_s->sched_scanning && (type & MAC_ADDR_RAND_SCHED_SCAN)) {
+ wpas_scan_restart_sched_scan(wpa_s);
+ }
+
+ return 0;
+}
diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
index a9205f0..1159bdc 100644
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -1058,6 +1058,14 @@
# 0 = disabled (default unless changed with the global okc parameter)
# 1 = enabled
#
+# ft_eap_pmksa_caching:
+# Whether FT-EAP PMKSA caching is allowed
+# 0 = do not try to use PMKSA caching with FT-EAP (default)
+# 1 = try to use PMKSA caching with FT-EAP
+# This controls whether to try to use PMKSA caching with FT-EAP for the
+# FT initial mobility domain association.
+#ft_eap_pmksa_caching=0
+#
# wep_key0..3: Static WEP key (ASCII in double quotation, e.g. "abcde" or
# hex without quotation, e.g., 0102030405)
# wep_tx_keyidx: Default WEP key index (TX) (0..3)
@@ -1508,6 +1516,12 @@
# Transitioning between states).
#fst_llt=100
+# BSS Transition Management
+# disable_btm - Disable BSS transition management in STA
+# Set to 0 to enable BSS transition management (default behavior)
+# Set to 1 to disable BSS transition management
+#disable_btm=0
+
# Example blocks:
# Simple case: WPA-PSK, PSK as an ASCII passphrase, allow all valid ciphers
diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h
index 7eef32c..e59cf30 100644
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -823,6 +823,7 @@
unsigned int mesh_if_created:1;
unsigned int mesh_ht_enabled:1;
unsigned int mesh_vht_enabled:1;
+ unsigned int mesh_he_enabled:1;
struct wpa_driver_mesh_join_params *mesh_params;
#ifdef CONFIG_PMKSA_CACHE_EXTERNAL
/* struct external_pmksa_cache::list */
@@ -1295,7 +1296,7 @@
const char * wpa_supplicant_get_eap_mode(struct wpa_supplicant *wpa_s);
void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s);
void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
- int reason_code);
+ u16 reason_code);
struct wpa_ssid * wpa_supplicant_add_network(struct wpa_supplicant *wpa_s);
int wpa_supplicant_remove_network(struct wpa_supplicant *wpa_s, int id);
@@ -1419,6 +1420,12 @@
struct wpa_ssid *ssid,
int freq, u8 *pos, size_t len);
+int wpas_enable_mac_addr_randomization(struct wpa_supplicant *wpa_s,
+ unsigned int type, const u8 *addr,
+ const u8 *mask);
+int wpas_disable_mac_addr_randomization(struct wpa_supplicant *wpa_s,
+ unsigned int type);
+
/**
* wpa_supplicant_ctrl_iface_ctrl_rsp_handle - Handle a control response
* @wpa_s: Pointer to wpa_supplicant data
@@ -1480,6 +1487,24 @@
return ssid->disabled == 2 && ssid->p2p_persistent_group;
}
+static inline int wpas_mode_to_ieee80211_mode(enum wpas_mode mode)
+{
+ switch (mode) {
+ default:
+ case WPAS_MODE_INFRA:
+ return IEEE80211_MODE_INFRA;
+ case WPAS_MODE_IBSS:
+ return IEEE80211_MODE_IBSS;
+ case WPAS_MODE_AP:
+ case WPAS_MODE_P2P_GO:
+ case WPAS_MODE_P2P_GROUP_FORMATION:
+ return IEEE80211_MODE_AP;
+ case WPAS_MODE_MESH:
+ return IEEE80211_MODE_MESH;
+ }
+}
+
+
int wpas_network_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid);
int wpas_get_ssid_pmf(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid);
diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c
index 449e04a..62af7f6 100644
--- a/wpa_supplicant/wpas_glue.c
+++ b/wpa_supplicant/wpas_glue.c
@@ -464,7 +464,7 @@
}
-static void _wpa_supplicant_deauthenticate(void *wpa_s, int reason_code)
+static void _wpa_supplicant_deauthenticate(void *wpa_s, u16 reason_code)
{
wpa_supplicant_deauthenticate(wpa_s, reason_code);
/* Schedule a scan to make sure we continue looking for networks */
@@ -1017,15 +1017,12 @@
}
-static void wpa_supplicant_cert_cb(void *ctx, int depth, const char *subject,
- const char *altsubject[], int num_altsubject,
- const char *cert_hash,
- const struct wpabuf *cert)
+static void wpa_supplicant_cert_cb(void *ctx, struct tls_cert_data *cert,
+ const char *cert_hash)
{
struct wpa_supplicant *wpa_s = ctx;
- wpas_notify_certification(wpa_s, depth, subject, altsubject,
- num_altsubject, cert_hash, cert);
+ wpas_notify_certification(wpa_s, cert, cert_hash);
}