Commit graph

18537 commits

Author SHA1 Message Date
Qiwei Cai
1aadcca0a7 P2P: Enable SAE-H2E for client when joining a 6 GHz group
Both P2P GO and client always save key_mgmt = WPA_KEY_MGMT_PSK in the
configuration when storing a persistent group. Next time, when a GO is
started as an autonomous GO on a 6 GHz channel, it will change key_mgmt
to SAE and use hash-to-element mechanism, but the P2P client doesn't
change the parameter even if the group it wants to join is operating on
a 6 GHz channel. The P2P connection will be failed due to reason 'reject
due to mismatch with WPA/WPA2'.

Enable SAE-H2E for P2P client in this case.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-30 23:21:33 +02:00
Jouni Malinen
37f8257c4f SAE: Extend automatic enabling of H2E on 6 GHz to additional cases
Commit 3a0edb2cd8 ("SAE: Enable H2E for 6 GHz BSS") started enabling
H2E automatically for SAE use on the 6 GHz band, but it did not update
these steps in verifying whether the STA has matching configuration for
a BSS that mandates use of H2E and whether to use PT for SAE in SME.
Update these to be aware of automatic H2E enabling.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-30 23:21:06 +02:00
Jouni Malinen
89377c6b9c OCV: Fix build without CONFIG_OCV=y
ssid->ocv is defined within CONFIG_OCV block, so the use for it needs to
match.

Fixes: dc7e330e0b ("Set OCV capability based on Association Request frame RSNE")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-30 11:23:35 +02:00
Jouni Malinen
d44a7e38d1 tests: Use nproc for determining how many parallel jobs to use (fuzz)
This was already done in tests/hwsim/build.sh, but the fuzzing
build-test.sh can do same instead of using the hardcoded value 8.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-30 11:21:45 +02:00
Shivani Baranwal
bf931c5f8d tests: P2P Service Discovery initiated from Go device.
Add a new P2P Service Discovery test to verify the handling of the
SD response frame received by the GO device.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2023-01-25 23:47:33 +02:00
Shivani Baranwal
2e47ea22cc P2P: Fix handling Service Discovery Response received by GO device
The received Service Discovery Response frame follows the ap_mgmt_rx()
path in P2P GO mode. If gas_query_rx_frame() doesn't process the frame,
call the Public Action frame callbacks if any are registered for further
processing of the RX frame.

Fixes: 9c2b8204e6 ("DPP: Integration for hostapd")
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2023-01-25 23:47:33 +02:00
Aleti Nageshwar Reddy
dc7e330e0b Set OCV capability based on Association Request frame RSNE
Currently, OCV self-capability is being set into the RSN supplicant
state machine only during the initial connection and never getting
updated. But for the driver-SME cases the driver may enable/disable OCV
in (Re)Association Request frame RSNE based on the AP chosen to roam.
This will lead to missing synchronization between wpa_supplicant and the
driver. Thus, update OCV self-capability in the wpa_supplicant RSN state
machine based on the (Re)Association Request frame RSNE indicated in the
connect response.

Signed-off-by: Aleti Nageshwar Reddy <quic_anageshw@quicinc.com>
2023-01-25 23:47:33 +02:00
Jouni Malinen
e8706c109e tests: Work around pyrad issues with octet strings that start with "0x"
pyrad's tools.py EncodeOctets() uses a design that tries to
automatically determine when the octetstring is a hex string based on
the binary data starting with "0x". That is not really nice since it
will result in failing one out of 65536 possible random inputs with
"binascii.Error: Non-hexadecimal digit found" when trying to decode an
actual (non-hex) binary string as a hexstring.

Work around this by convering the special cases where the
Message-Authenticator binary value happens to start with b"0x" to a
hexstring.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-25 23:47:33 +02:00
Jouni Malinen
85ac165d64 tests: Allow some more time for a scan in discovery_group_client
This makes the test case a bit more likely to be able to complete with
S1G being enabled in mac80211_hwsim. However, the 15 second P2P protocol
timeout itself can be hit in this type of a case and the test case will
still fail every now and then if all mac80211_hwsim supported channels
are included.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-25 23:47:33 +02:00
Jouni Malinen
d5b7560de5 tests: Clear sae_groups in pasn_sae_kdk
This test case could have failed when executed after a test case that
had forced a specific set of SAE groups.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-25 23:47:33 +02:00
Jouni Malinen
a70a4672d8 tests: Allow more VMs to be used that there are screen lines
curses prints were causing parallel-vm.py to terminate if there were too
many VMs to fit into the screen. For now, simply hide any VMs from the
live status if there is not sufficient room for them.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-25 23:47:33 +02:00
Jouni Malinen
831be65149 WPS: Do not indicate incorrect PBC overlap based on partner link
The check for PBC overlap on a partner link should not be done unless
the current interface is actually in active PBC mode. Furthermore, the
wpa_s->wps_overlap variable needs to be cleared in additional places to
avoid leaving it set indefinitely.

This was found with the following test case sequence:
dbus_wps_pbc_overlap dbus_p2p_two_groups

Fixes: b43e19f3f3 ("WPS: Cross band overlap detection with multiple interfaces")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-20 19:08:07 +02:00
Jouni Malinen
48cb42182f tests: Disable both APs before flushing PBC state
One of the PBC APs was left running at the end of the tet case with
active PBC. Stop that AP as well before flushing scan information on the
STA.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-20 19:06:25 +02:00
Jouni Malinen
c9fc124256 P2P: Make wpas_p2p_notif_pbc_overlap() static
Commit ace0fbdb69 ("P2P: Fix segfault when PBC overlap is detected")
removed the external calls to this function, but did not mark it static.
Mark it static now to clarify expected uses through the
wpas_p2p_pbc_overlap_cb() timer handler.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-20 18:02:26 +02:00
Jouni Malinen
ec277b5237 tests: Make ap_roam_open work with S1G channels
If mac80211_hwsim has S1G channels enabled, the 15 second timeout was
not sufficiently long for full scan while connected.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-16 23:06:38 +02:00
Jouni Malinen
415458e2b3 tests: Make wext_pmksa_cache work with S1G channels
If mac80211_hwsim has S1G channels enabled, the 15 second timeout was
not sufficiently long for full scan while connected.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-16 12:40:46 +02:00
Jouni Malinen
19d3e0383f tests: Make ap_wps_iteration_error work with S1G channels
If mac80211_hwsim has S1G channels enabled, the 15 second timeout was
not long enough to allow two scan iterations to be completed.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-16 12:40:41 +02:00
chunquan
257b119c2d QCA vendor attribute of update roaming cached statistics info
Add vendor subcmd QCA_NL80211_VENDOR_SUBCMD_ROAM_STATS and attribute id
in enum qca_wlan_vendor_attr_roam_cached_stats for collecting roaming
statistics information when diagnosing roaming behavior.

Signed-off-by: Chunquan Luo <quic_chunquan.quicinc.com>
2023-01-13 18:09:20 +02:00
Purushottam Kushwaha
18436f393d Enhance QCA vendor interface for Concurrent AP Policy for XR
Add new AP concurrency policy QCA_WLAN_CONCURRENT_AP_POLICY_XR to
configure interface for eXtended Reality (XR) requirements.

Signed-off-by: Purushottam Kushwaha <quic_pkushwah@quicinc.com>
2023-01-13 12:27:14 +02:00
Asutosh Mohapatra
58fba11e1d Enhance QCA vendor interface with new hang reason codes
Add more hang reason codes for the hang reason in the
qca_wlan_vendor_hang_reason enum.

Signed-off-by: Asutosh Mohapatra <quic_asutmoha@quicinc.com>
2023-01-13 12:22:06 +02:00
Jouni Malinen
c1ce0c3587 wlantest: Use AP MLD address in CCMP/GCMP AAD for A3
Commit b20991da69 ("wlantest: MLD MAC Address in CCMP/GCMP AAD/nonce")
updated AAD and nonce construction to use MLD addresses in AAD for A1
and A2. IEEE P802.11be has additional cases where A3 in AAD is set to
the AP MLD address, so cover those as well.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-10 12:38:59 +02:00
Jouni Malinen
5c86622175 wlantest: Select BSS more carefully for MLO EAPOL-Key cases
Prefer a BSS entry that has a matching STA entry when processing
EAPOL-Key frames. This avoids issues where some combination of MLD
and/or link addresses are used in a sequence that could end up
generating two separate STA entries for the same non-AP MLD.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-10 12:00:59 +02:00
Jouni Malinen
0ba17557ea wlantest: Print BSSID for EAPOL-Key frames
The BSSID (RA/TA) might differ from SA/DA for the AP, so print it as
well in the debug entry for EAPOL-Key frames.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-10 11:50:40 +02:00
Jouni Malinen
0f3f9cdcab dpp-nfc: Try to request with alternative URL in additional cases
There was a race condition between the NFC handover requester and
selector role processing that ended up not sending out the alternative
proposal in some cases. Catch those at the end of
run_dpp_handover_client() processing (or immediately after returning
from that function without having sent out the alternative proposal).

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-12-20 17:29:19 +02:00
Shivani Baranwal
8b36248cd2 Add QCA vendor command to get the monitor mode status
Add a new vendor command QCA_NL80211_VENDOR_SUBCMD_GET_MONITOR_MODE to
get the local packet capture status in the monitor mode. Add required
attributes to respond with status of the monitor mode. The monitor mode
can be started/configured by using the
QCA_NL80211_VENDOR_SUBCMD_SET_MONITOR_MODE subcommand.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2022-12-19 21:00:44 +02:00
Kiran Kumar Lokere
0dd8bcef83 QCA vendor attributes for MLO and EHT capabilities
Add new QCA vendor attributes to configure the driver for EHT
capabilities and multi link configuration.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-12-19 19:10:53 +02:00
Kiran Kumar Lokere
e5602989cf QCA vendor attributes to configure EHT capabilities
Add new QCA vendor attributes to configure the driver for EHT
capabilities. These attributes are used for testing purposes.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-12-19 19:02:39 +02:00
Jouni Malinen
2377d817da tests: DPP QR Code and hostapd as initiator/Configurator (offchannel)
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-18 21:07:56 +02:00
Michal Kazior
d9d5e55c54 DPP: Respond to GAS on the same channel it was received on
When I was testing dpp_auth_init on an AP with Enrollee on a different
channel from the AP I was getting failures. This happened on hwsim in
UML with time-travel for me. I don't recall seeing this with real
devices, presumably because of lax offchan implementation.

The DPP authentication would succeed. However the station would then try
to get configuration through a GAS request and fail.

The AP reported the following logs (grepped):

> 1614762426.860212: RX_ACTION category 4 action 10 sa 02:00:00:00:01:00 da 02:00:00:00:00:00 len 227 freq 2412
> 1614762426.860212: wlan0: GAS: GAS Initial Request from 02:00:00:00:01:00 (dialog token 239)
> 1614762426.860233: DPP: Wait for Configuration Result
> 1614762426.860234: nl80211: Send Action frame (ifindex=5, freq=2462 MHz wait=0 ms no_cck=0 offchanok=0)
> 1614762428.861186: DPP: Timeout while waiting for Configuration Result
> 1614762428.861186: wlan0: DPP-CONF-FAILED

While the STA reported the following logs (grepped):

> 1614762426.860193: wlan1: DPP-AUTH-SUCCESS init=0
> 1614762426.860195: DPP: Stop listen on 2412 MHz
> 1614762426.860202: wlan1: GAS-QUERY-START addr=02:00:00:00:00:00 dialog_token=239 freq=2412
> 1614762428.861185: GAS: No response received for query to 02:00:00:00:00:00 dialog token 239
> 1614762428.861189: DPP: GAS query did not succeed
> 1614762428.861189: wlan1: DPP-CONF-FAILED

AP would still receive the GAS request on ch1 but would then try to
respond on ch11 while STA was waiting on ch1.

Signed-off-by: Michal Kazior <michal@plume.com>
2022-12-18 21:07:56 +02:00
Jouni Malinen
651c9e9578 Add new status code strings
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-18 21:07:56 +02:00
Jouni Malinen
6bc9ce67b2 tests: HE on 6 GHz and automatic security settings on STA
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-18 21:07:56 +02:00
Jouni Malinen
3a2d275522 Make MFPR value from an associated STA available as hostapdMFPR
This can be helpful for testing purposes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-18 21:07:56 +02:00
Jouni Malinen
546debd5ef Force MFPR=1 to be used on the 6 GHz band
IEEE Std 802.11ax-2021, 12.12.2 requires this, so force MFPR=1 when
associating on the 6 GHz band so that ieee80211w=1 (i.e., MFPC=1 MFPR=0)
configuration can be used to get MFPC=1 behavior on other bands and
MFPR=1 on the 6 GHz band.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-18 21:07:48 +02:00
Matthew Wang
f9c6ab834d P2P: Support preferred GO band based optimization for scanning
Allow specifying preferred GO band in addition to frequency. If a band
is specified, the first two scans will be limited to only non-DFS
channels to shorten scan times, and the next two will scan the entire
band.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2022-12-18 18:33:44 +02:00
Matthew Wang
093bedc059 P2P: Allow persistent group join retry limit to be configured via D-Bus
Android and ChromeOS use this to limit retries for auto GO join
operation.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2022-12-18 17:37:08 +02:00
Jouni Malinen
007a43ac59 tests: Per-ESS MAC address and PMKSA caching
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-18 12:33:16 +02:00
Jouni Malinen
8717110db1 Do not flush PMKSA cache on restoring dedicated per-ESS MAC address
Now that we check in PMKSA cache code whether the entry was created for
the same local address, it is fine to leave the old entries in the cache
even if we have changed addresses. This allows a valid PMKSA cache entry
to be used when restoring the same MAC address for the same ESS.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-18 12:33:16 +02:00
Jouni Malinen
1d4027fdbe Make random MAC address style parameters use common enum values
This makes the implementation more readable by sharing the same set of
enum values for all the parameters related to what kind of random MAC
addresses are used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-18 12:33:16 +02:00
Jouni Malinen
681856c355 Check both sec and usec values to see if MAC address was changed
wpa_s->last_mac_addr_change.sec might be zero in the special case of UML
testing with time travel since it would be possible to complete the test
case steps within one second of the system start.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-18 12:33:16 +02:00
Andrzej Ostruszka
bdbb6e0035 wpa_supplicant: Handle MAC address randomization changes for same ESS
When MAC address randomization settings change we should use a new MAC
address even if we are associating to the same ESS.

For example, consider this scenario:
- hardware MAC is being used,
- we disconnect from the network,
- policy/style is changed via D-Bus to turn randomization on,
- we reconnect to the same network.

In the last step a randomized MAC address should be used.

Changes to the randomization settings include both changes to the
policy/style to be used and changes to the pregenerated MAC address
value in case of mac_addr==3.

Signed-off-by: Andrzej Ostruszka <amo@semihalf.com>
2022-12-18 12:33:02 +02:00
Jouni Malinen
823cf218e4 tests: Use different mechanism for failing random MAC address change
gas_failures was using an invalid preassoc_mac_addr value 1111 to
trigger a failure. That won't work once wpa_supplicant starts validating
the range of the configuration parameter. Use a different mechanism to
force a failure in the actual random MAC address change functionality.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-18 12:33:02 +02:00
Jouni Malinen
317adf2359 tests: Set address lifetime to be sufficiently large for the test
sta_dynamic_random_mac_addr and sta_dynamic_random_mac_addr_keep_oui
assumed that the same random MAC address remains in use even though it
set the lifetime to 0 seconds. This might have worked in the past by
accident, but set this properly to configure a longer lifetime.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-18 12:24:32 +02:00
Jintao Lin
4bd1efe073 dbus: Do not bring down primary interface when removing created AP interface
If the CreateInterface command was used to create a virtual AP
interface, deleting this interface using the RemoveInterface command was
also bringing down the primary interface.

wpa_supplicant never uses hostapd style multi-BSS setup with
type=WPA_IF_AP_BSS and setup_ap=1 to if_add() when creating an AP
interface in wpa_driver_nl80211_if_add(), so it should not go through
the multi-BSS tear down procedure in wpa_driver_nl80211_if_remove(). The
virtual AP resources init and deinit are well handled in
wpa_driver_nl80211_init() and wpa_driver_nl80211_deinit().

Collapse the interface type to WPA_IF_STATION for the D-Bus interface to
skip the multi-BSS cleanup procedure. This is inline with the control
interface design. Add comments before the code to avoid confusion.

Signed-off-by: Jintao Lin <jintaolin@chromium.org>
2022-12-18 11:04:18 +02:00
Jouni Malinen
3b4a5e58b7 tests: EHT with SAE
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-17 21:07:42 +02:00
Jouni Malinen
f4096e7cd5 EHT: Update EHT Operation element to P802.11be/D2.3 in AP settings
IEEE P802.11be/D2.0 added a 4-octet Basic EHT-MCS And Nss Set field into
the EHT Operation element. cfg80211 is now verifying that the EHT
Operation element has large enough payload and that check is failing
with the previous version. This commit does not really set the correct
Basic EHT-MCS And Nss Set values, but the IE length check is now passing
to allow initial mac80211_hwsim testing to succeed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-17 20:32:15 +02:00
Andrei Otcheretianski
e869fdfeef wpa_supplicant: Use MLD address in SAE authentication
Use MLD address in SAE commit derivation and PMKSA storing.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-17 17:47:34 +02:00
Andrei Otcheretianski
8c0f83ae88 SME: Accept Authentication frame from an MLD AP
The driver is expected to translate the link addresses to MLD addresses
when processing an Authentication frame from a MLD AP. Thus, accept
Authentication frame when the peer matches the expected MLD address.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-17 17:38:03 +02:00
Andrei Otcheretianski
23039f5e4a SME: Add support for handling association with MLD
In case both the local driver and the AP support MLD, request an MLD
association from the driver.

When processing the association event from the driver verify that the
multi link information in the (Re)Association Response frame ML element
matches the links on which the association was expected.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-17 17:33:11 +02:00
Andrei Otcheretianski
8f89661df5 SME: Add support for handling authentication with MLD
In case both the local driver and the AP support MLD, request an MLD
authentication from the driver. When processing the authentication event
from the driver verify that the MLD address in the authentication data
matches that of the requested AP.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-17 17:31:41 +02:00
Andrei Otcheretianski
694a1c6873 SAE: Make sme_sae_auth() return IE offset
Authentication frames include several fixed body parts (see Table 9-68
(Authentication frame body) and Table 9-69 (Presence of fields and
elements in Authentication frames) in IEEE P802.11-REVme/D2.0).

To be able to parse the IE part, these fields need to be skipped. Since
SAE logic already implements this parsing, change SAE authentication
handling functions to return the offset to the IE part. This preparation
is needed for future MLD patches that need to parse out the ML related
elements in the Authentication frames.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-17 17:11:16 +02:00