Commit graph

18592 commits

Author SHA1 Message Date
Jouni Malinen
053bd8af8e Recognize FTE MLO subelements
Recognize the new MLO GTK/IGTK/BIGTK subelements when parsing an FTE.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-10 12:14:14 +03:00
Jouni Malinen
605034240e wlantest: Support multiple input files
Allow the -r<file> command line argument to be used multiple times to
read more than a single capture file for processing. This reduces need
for external tools to be used first to merge capture files for wlantest.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-08 11:00:42 +03:00
Jouni Malinen
c3f465c56c wlantest: Handle variable length MIC field in EAPOL-Key with OWE
The Key MIC field is of variable length when using OWE, so determine the
correct length based on which group was negotiated for OWE during
association.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-08 10:30:10 +03:00
Jouni Malinen
faee8b99e9 tests: Fix eht_mld_sae_legacy_client to restore sae_pwe
Changing sae_pwe and leaving the modified value for the following test
cases can result in failures.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-07-21 20:17:53 +03:00
Veerendranath Jakkam
d320692d91 AP MLD: Handle new STA event when using SME offload to the driver
Parse link id and station MLD address received from the driver in the
NL80211_CMD_NEW_STA event.

Set MLO information of the station to the sta_info and wpa_sm.

Co-authored-by: Manaswini Paluri <quic_mpaluri@quicinc.com>
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-07-21 19:57:25 +03:00
Manaswini Paluri
96deacf5d7 nl80211: Skip STA MLO link channel switch handling in AP mode
Add check to skip the STA mode specific MLO link channel switch handling
in AP mode. Commit 1b6f3b5850 ("MLD STA: Indicate per link channel
switch") added this indication only for STA mode.

Signed-off-by: Manaswini Paluri <quic_mpaluri@quicinc.com>
2023-07-19 19:43:00 +03:00
Manaswini Paluri
99a96b2f9d AP MLD: OWE when SME is offloaded to the driver
Add support to parse association link id and MLD address from the
NL80211_CMD_UPDATE_OWE_INFO event.

Set MLO information of the station to the sta_info and wpa_sm.

Use station association link address for sending DH IE info to the
driver.

Signed-off-by: Manaswini Paluri <quic_mpaluri@quicinc.com>
2023-07-19 19:39:50 +03:00
Manaswini Paluri
e53d44ac63 AP MLD: Use STA assoc link address in external auth status to the driver
Use station association link address for sending SAE authentication
status to the driver in AP mode external authentication status.

Signed-off-by: Manaswini Paluri <quic_mpaluri@quicinc.com>
2023-07-19 19:28:44 +03:00
Kiran Kumar Lokere
4636476b7f Set RRM used config if the (Re)Association Request frame has RRM IE
Set the sme RRM used config if the RRM element is present in the
(Re)Association Request frame sent in association event to cover the
cases where the driver SME takes care of negotiating RRM capabilities.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-07-18 16:40:59 +03:00
Vishal Miskin
a50d1ea6a2 Add QCA vendor attributes for user defined power save parameters
Extend QCA_WLAN_VENDOR_ATTR_CONFIG_OPTIMIZED_POWER_MANAGEMENT
attribute to support enum qca_wlan_vendor_opm_mode.

Add QCA vendor attribute QCA_WLAN_VENDOR_ATTR_CONFIG_OPM_ITO and
QCA_WLAN_VENDOR_ATTR_CONFIG_OPM_SPEC_WAKE to configure inactivity
timeout and speculative wake interval in User defined optimized
power save mode.

Signed-off-by: Vishal Miskin <quic_vmiskin@quicinc.com>
2023-07-18 16:37:27 +03:00
Jouni Malinen
50ee26fc70 P2P: Check p2p_channel_select() return value
Verify that the operation succeeds before a debug print indicating that
it did. This was already done in most callers, so be more consistent and
do it here as well.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-07-18 16:15:01 +03:00
Jouni Malinen
fb2b7858a7 FILS: Fix HE MCS field initialization
The second argument to memset() is only eight bits, so there is no point
in trying to set 0xffff values for an array of 16-bit fields. 0xff will
do the exact same thing without causing static analyzes warnings about
truncated value.

Fixes: 903e3a1e62 ("FILS: Fix maximum NSS calculation for FD frame")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-07-18 16:11:08 +03:00
Jouni Malinen
f80d833688 ACS: Remove invalid debug print
ideal_chan is NULL here, so it is not really valid to try to debug print
something from it due to the implied NULL pointer dereferencing.

Fixes: af0f60e7dd ("EHT: Calculate puncturing bitmap for ACS")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-07-18 16:08:44 +03:00
Jouni Malinen
7a37a94eaa Check whether element parsing has failed
Check the ieee802_11_parse_elems() return code and do not proceed in
various cases if parsing failed. Previously, these cases would have been
allowed to continue by ignoring whatever might have followed in the IE
buffer after the first detected parsing failure. This is not really an
issue in practice, but it feels cleaner to explicitly stop when
receiving an invalid set of IEs.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-07-18 16:05:17 +03:00
Jouni Malinen
a4c133ea73 WPS: Optimize attribute parsing workaround
Optimize the search for nonzero octets when checking for the need to
work around WPS M1 padding. The previous implementation was really
inefficient (O(n^2)) and while that was likely sufficiently fast for the
cases where the MMPDU size limit prevents long buffers (e.g., all P2P
Action frames), it might be able to take tens of seconds on low-end CPUs
with maximum length EAP-WSC messages during WPS provisioning. More
visibly, this was causing OSS-Fuzz to time out a test case with
unrealisticly long data (i.e., almost 10 times the maximum EAP-WSC
buffer length).

Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60039
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-07-18 11:46:57 +03:00
Jouni Malinen
518ae8c7cc P2P: Do not print control characters in debug
Do not print the received country code as characters if it includes
control characters.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-07-18 11:15:15 +03:00
Jouni Malinen
b2a1e7fe7a tests: PEAP and TTLS phase2_auth behavior
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-07-17 21:25:06 +03:00
Jouni Malinen
de9a11f4dd TTLS client: Support phase2_auth=2
Allow the phase2_auth=2 parameter (in phase1 configuration item) to be
used with EAP-TTLS to require Phase 2 authentication. In practice, this
disables TLS session resumption since EAP-TTLS is defined to skip Phase
2 when resuming a session.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-07-17 21:25:06 +03:00
Jouni Malinen
8e6485a1bc PEAP client: Update Phase 2 authentication requirements
The previous PEAP client behavior allowed the server to skip Phase 2
authentication with the expectation that the server was authenticated
during Phase 1 through TLS server certificate validation. Various PEAP
specifications are not exactly clear on what the behavior on this front
is supposed to be and as such, this ended up being more flexible than
the TTLS/FAST/TEAP cases. However, this is not really ideal when
unfortunately common misconfiguration of PEAP is used in deployed
devices where the server trust root (ca_cert) is not configured or the
user has an easy option for allowing this validation step to be skipped.

Change the default PEAP client behavior to be to require Phase 2
authentication to be successfully completed for cases where TLS session
resumption is not used and the client certificate has not been
configured. Those two exceptions are the main cases where a deployed
authentication server might skip Phase 2 and as such, where a more
strict default behavior could result in undesired interoperability
issues. Requiring Phase 2 authentication will end up disabling TLS
session resumption automatically to avoid interoperability issues.

Allow Phase 2 authentication behavior to be configured with a new phase1
configuration parameter option:
'phase2_auth' option can be used to control Phase 2 (i.e., within TLS
tunnel) behavior for PEAP:
 * 0 = do not require Phase 2 authentication
 * 1 = require Phase 2 authentication when client certificate
   (private_key/client_cert) is no used and TLS session resumption was
   not used (default)
 * 2 = require Phase 2 authentication in all cases

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-07-17 21:09:26 +03:00
Jouni Malinen
599d00be9d wlantest: Support HT Control field in Robust Management frames
Check the +HTC bit in FC to determine if the HT Control field is present
when decrypting Robust Management frames. This was already done for QoS
Data frames, but the Management frame case had not been extended to
cover this option.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-06-22 22:44:51 +03:00
Veerendranath Jakkam
30f5bdc34c Add support to configure per-MLO link maximum supported channel width
Update documentation of the QCA_WLAN_VENDOR_ATTR_CONFIG_CHANNEL_WIDTH
and QCA_WLAN_VENDOR_ATTR_CONFIG_CHAN_WIDTH_UPDATE_TYPE attributes to
indicate support for per-MLO link configuration.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-06-22 22:32:42 +03:00
Veerendranath Jakkam
3d1ec9d0af Add QCA vendor interface to support per-MLO link configurations
Add support for per-MLO link configurations in
QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION and
QCA_NL80211_VENDOR_SUBCMD_GET_WIFI_CONFIGURATION commands.

Additionally, add documentation for
QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION and
QCA_NL80211_VENDOR_SUBCMD_GET_WIFI_CONFIGURATION commands.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-06-22 22:32:33 +03:00
Vamsi Krishna
f83cc05aa4 Reserve QCA vendor sub command id 232
This is reserved for QCA use.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-06-22 22:00:34 +03:00
Kiran Kumar Lokere
82db29c37e QCA vendor test config attribute for MLO link powersave
Define a new QCA vendor test config attribute to configure powersave
on MLO links.

This attribute is used for testing purposes.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-06-22 21:58:36 +03:00
Paul Zhang
f37a7dec3d Add vendor attributes for EPCS feature
Add vendor attribute QCA_WLAN_VENDOR_ATTR_CONFIG_EPCS_CAPABILITY
to set EPCS (Emergency Preparedness Communications Service)
feature capability.

Add vendor attribute QCA_WLAN_VENDOR_ATTR_CONFIG_EPCS_FUNCTION
to enable/disable EPCS priority access.

These are for testing purposes.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-06-22 21:55:08 +03:00
Ainy Kumari
a8c66bbb7a QCA vendor interface to control maximum allowed bandwidth update type
Add support to control maximum allowed bandwidth update type for
the current connection.

Signed-off-by: Ainy Kumari <quic_ainykuma@quicinc.com>
2023-06-22 21:38:03 +03:00
Aleti Nageshwar Reddy
19e880d1f8 Add support to get the TDLS wider bandwidth capability
Extend bitwise mask in enum qca_wlan_tdls_caps_features_supported to get
the TDLS wider bandwidth capability from the driver.

Signed-off-by: Aleti Nageshwar Reddy <quic_anageshw@quicinc.com>
2023-06-22 21:31:33 +03:00
Aleti Nageshwar Reddy
a8a112d4d1 Add documentation and nested attribute enums for existing QCA TDLS commands
Add missing documentation and nested attribute enums for the existing
QCA TDLS vendor commands.

Signed-off-by: Aleti Nageshwar Reddy <quic_anageshw@quicinc.com>
2023-06-22 21:29:07 +03:00
Nirav Shah
91783b21be Define a QCA vendor attribute to configure UL MU transmission
Define a new QCA vendor attribute to enable/suspend trigger
based UL MU transmission.

Signed-off-by: Prasanna JS <quic_pjs@quicinc.com>
2023-06-22 21:15:43 +03:00
Chenming Huang
05a2f4c4f8 EHT: Process puncturing bitmap from channel select driver event for ACS
Retrieve the puncturing bitmap sent by the driver in channel select
events for ACS when using the QCA vendor specific event.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-06-22 17:49:10 +03:00
Veerendranath Jakkam
9b233e9f0a nl80211: Always return NL_SKIP from survey dump handler
Previously, NL_STOP was returned from the survey dump handler if the
maximum number of frequencies was reached for storing survey
information, but this is causing wpa_supplicant context getting stuck if
the current SKB returned by the kernel itself ends with NLMSG_DONE type
message. This is due to libnl immediately stopping processing the
current SKB upon receiving NL_STOP and not being able to process
NLMSG_DONE type message, and due to this wpa_supplicant's
finish_handler() not getting called. Fix this by returning NL_SKIP
instead while still ignoring all possible additional frequencies.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-06-22 17:28:38 +03:00
Xinyue Ling
3a995cb5a9 Determine current hw mode before channel switch
There are two hw modes (5 GHz and 6 GHz) with HOSTAPD_MODE_IEEE80211A
and the current hw mode may be wrong after one channel switch to 6 GHz.
This will cause hostapd_set_freq_params() to return -1 when saving
previous state and the second channel switch to fail. Fix this by adding
hostapd_determine_mode() before every channel switch.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-06-22 17:20:44 +03:00
Shivani Baranwal
a786c9b4a0 Enhance QCA_WLAN_VENDOR_ATTR_CONFIG_EHT_MLO_MAX_NUM_LINKS
Use zero value with QCA_WLAN_VENDOR_ATTR_CONFIG_EHT_MLO_MAX_NUM_LINKS to
restore the device default maximum number of allowed MLO links
capability.

Also, as per IEEE 802.11be/D3.0, the maximum number of allowed links for
an MLO connection is 15. Update the documentation of the attribute to
indicate the same.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2023-06-20 23:58:17 +03:00
Jouni Malinen
aa4b8492e4 AP MLD: Provide Link ID when requesting current seqnum for a group key
This is needed to match the key configuration design with a single
netdev and the nl80211 driver interface.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-06-15 17:43:17 +03:00
Jouni Malinen
19b6a1513f tests: Additional EHT MLD AP coverage
Verify behavior in SAE/PSK transition mode and PTK rekeying.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-06-15 17:34:02 +03:00
Andrei Otcheretianski
f5592e2d5e tests: Add basic MLD hwsim tests
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-15 17:34:02 +03:00
Andrei Otcheretianski
5199cff4c7 AP/MLO: Forward received EAPOL frames to correct BSS
In case of MLO AP and legacy client, make sure received EAPOL frames are
processed on the correct BSS.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-15 17:34:02 +03:00
Andrei Otcheretianski
5c6cad01fd AP/MLO: Forward Management frame TX status to correct BSS
In case of MLO AP and legacy client, make sure Management frame TX
status is processed on the correct BSS.

Since there's only one instance of i802_bss for all BSSs in an AP MLD in
the nl80211 driver interface, the link ID is needed to forward the
status to the correct BSS. Store the link ID when transmitting
Managements frames and report it in TX status.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-15 17:34:02 +03:00
Andrei Otcheretianski
996759ccf7 AP/MLO: Forward EAPOL TX status to correct BSS
In case of MLO AP and legacy client, make sure EAPOL TX status is
processed on the correct BSS.

Since there's only one instance of i802_bss for all BSSs in an AP MLD in
the nl80211 driver interface, the link ID is needed to forward the EAPOL
TX status to the correct BSS. Store the link ID when transmitting EAPOL
frames over control interface and report it in TX status.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-15 17:34:02 +03:00
Andrei Otcheretianski
8b56536693 AP: Use MLD address for traffic tests
In case of MLD use the MLD address.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-15 17:34:02 +03:00
Andrei Otcheretianski
6046aef734 AP: Don't process SAE/OWE association info on MLD links
Only the main link handles SAE authentication and OWE, skip them on
other links.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-15 17:34:02 +03:00
Andrei Otcheretianski
90d819c242 AP: Use MLD address for SAE commit derivation
MLO associations use the MLD address instead of the MAC address in SAE
derivation.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-15 17:34:02 +03:00
Ilan Peer
8b49853f49 AP: Specify the link ID for set_key() callback for group keys
If the AP is part of an AP MLD specify the link ID in the set_key
parameters whenever setting a group key.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-15 17:34:02 +03:00
Ilan Peer
8a8752876a MLO: Get the correct AA and SPA based on MLD operation for RSN authenticator
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2023-06-15 17:34:02 +03:00
Ilan Peer
d5e93c8043 MLO: Add MLO KDEs to EAPOL-Key msg 1/2 of the group handshake
This provides the link specific group keys and last used PN/IPN/BIPN
values to the Supplicant in the MLO KDEs instead of the KDEs used for
non-MLO cases.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2023-06-15 17:34:02 +03:00
Ilan Peer
79212e93f7 MLO: Validate MLO KDEs in EAPOL-Key msg 4/4
Verify that the MLD address in EAPOL-Key msg 4/4 is set correctly for
MLO cases. Note that the mechanism used here for distinguishing between
EAPOL-Key msg 2/4 and 4/4 is not exactly ideal and should be improved in
the future.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-15 17:32:31 +03:00
Andrei Otcheretianski
856d99410f MLO: Add MLO KDEs to EAPOL-Key msg 3/4
This provides the link specific group keys and last used PN/IPN/BIPN
values to the Supplicant in the MLO KDEs instead of the KDEs used for
non-MLO cases.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-14 11:35:04 +03:00
Andrei Otcheretianski
137b855092 MLO: Mechanism for fetching group key information for the links
Allow RSN authenticator to fetch the current group key information with
the keys and the last used PN/IPN/BIPN for MLO specific KDEs.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-14 11:34:58 +03:00
Ilan Peer
eb28ee20e7 MLO: Validate MLO Link KDEs in EAPOL-Key msg 2/4
Verify that the affiliated link information matches between association
(unprotected) and 4-way handshake (protected).

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-14 11:34:54 +03:00
Ilan Peer
151ac359dd MLO: Add MAC Address KDE to EAPOL-Key msg 1/4 for MLO association
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-14 11:34:12 +03:00