Commit graph

17296 commits

Author SHA1 Message Date
Jouni Malinen
04283cf36b Add REKEY_PTK to allow upper layer request to force PTK rekeying
"REKEY_PTK <STA MAC address>" can now be used to force rekeying of the
PTK for the specified associated STA.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-05-11 21:13:56 +03:00
Jouni Malinen
ced15c8ba8 wlantest: TKIP frame reassembly for Michael MIC check in fragmented case
Reassemble the full MSDU when processing TKIP protected fragmented
frames so that the Michael MIC can be validated once the last fragment
has been received.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-05-11 21:13:56 +03:00
Jouni Malinen
3332657d69 wlantest: Report decrypted TKIP frames even if cannot check Michael MIC
This can be useful for debugging, so return successfully decrypted TKIP
frame even if the Michael MIC cannot be verified (fragment reassembly
not yet supported) or if the Michael MIC value is incorrect. Add a note
in the frame to point out that the Michael MIC was not verified or is
incorrect.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-05-11 21:13:56 +03:00
Jouni Malinen
81169ebc48 tests: WPA2-PSK AP and GTK rekey request from multiple stations
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-05-11 01:05:22 +03:00
Jouni Malinen
82d8d631ec Skip GTK rekeying request if rekeying already in process
Do not start yet another rekeying of GTK when receiving an EAPOL-Key
request frame at the point when the GTK is already being rekeyed. This
fixes issues where the AP might end up configuring a different GTK than
the one it sends to the associated stations.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-05-11 01:03:57 +03:00
Hu Wang
de4d62dbcd Add QCA vendor definitions for DFS radar history
Introduce definitions for QCA vendor specific subcommands and attributes
to report DFS radar history.

Signed-off-by: Hu Wang <huw@codeaurora.org>
2021-05-07 13:10:52 +03:00
Jouni Malinen
2b6915a139 tests: Extend estimated throughput testing
Cover VHT160 and HE cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-05-07 13:05:58 +03:00
Vamsi Krishna
46f8976196 Prefer 6 GHz APs for connection in BSS selection
Prefer 6 GHz APs when estimated throughputs are equal with APs from the
2.4/5 GHz bands while selecting APs for connection. Also add a 6 GHz
specific noise floor default value for the 6 GHz band (with the same
value as was used for 5 GHz previously) to make this step clearer.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-05-07 13:05:58 +03:00
Vamsi Krishna
84008457ed Add support to calculate estimated throughputs for HE rates
Add support to consider HE rates while estimating throughputs for the
scan results from HE enabled APs. HE 0.8 usec GI rates are used in all
tables. The minimum SNR values for HE rates (1024-QAM) are derived by
adding the existing minimum SNR values of 256-QAM rates from VHT tables
and the difference between the values of minimum sensitivity levels of
256-QAM rates and 1024-QAM rates defined in Table 27-51 (Receiver
minimum input level sensitivity) in IEEE P802.11ax/D8.0.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-05-07 13:05:58 +03:00
Vamsi Krishna
658b6a0b08 Add support to estimate throughput for VHT 160/80+80 MHz supporting APs
Add support to calculate estimated throughputs for APs which support the
160 MHz (including 80+80 MHz) mode in VHT. The minimum SNR values for
VHT 160 MHz mode are derived from minimum SNR values used for VHT 80 MHz
mode + 3 dBm. The min-SNR values are derived relatively based on the
information that the minimum sensitivity levels defined in Table 21-25
(Receiver minimum input level sensitivity) in IEEE Std 802.11-2020 for
the 160 MHz mode are higher by 3 dBm compared to the values of the 80
MHz mode for each rate.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-05-07 12:28:46 +03:00
Vamsi Krishna
1d2118b509 Check local supported features for estimating BSS throughputs accurately
Add checks for features supported by the specific hardware mode of the
local device that has the channel for which the throughput is being
estimated instead of assuming the local device supports all optional
features. This is more accurate for cases where the local capabilities
might differ based on the band. In addition, this is in preparation for
extending rate estimates to cover optional VHT and HE features.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-05-07 12:27:21 +03:00
Jouni Malinen
3cefdf0d4a tests: Fix eap_proto_sake_server with Session ID = 255
Need to wrap back to 0 when changing value 255 to avoid generating a too
large value to fit an octet field. This was resulting in errors due to a
python exception (likely for about every 256th run).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-05-06 23:49:12 +03:00
Jouni Malinen
73f65cc6c4 wlantest: Support HT Control field in QoS Data frames
Extend Data frame processing (and decryption) to handle +HTC frames by
skipping the HT Control field at the end of the frame header. While this
is not an exact match of the rules in IEEE Std 802.11-2020 for when the
HT Control field is present in frames (e.g., no check of the TXVECTOR
value), this is good enough to cover the most likely used cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-05-06 23:32:54 +03:00
Jouni Malinen
2950851ace Rename the Frame Control field subfield Order define to +HTC
This moves the implementation closer to the current IEEE 802.11 standard
since B15 of Frame Control field was renamed to +HTC to match it newer
uses.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-05-06 12:12:51 +03:00
Vamsi Krishna
11821ab3d1 Add QCA vendor interface to query usable channels
Add QCA vendor interface for userspace to get information of usable
channels for different interface types from the driver/firmware.

Signed-off-by: Vamsi Krishna <vamsin@codeaurora.org>
2021-05-04 22:39:44 +03:00
Jouni Malinen
fd4580e1e8 tests: Limit maximum number of frames in fuzzing tests
This limits the EAP-SIM and EAP-AKA tests to 100 test frames to avoid
undesired timeouts in automated fuzz testing. The real world uses are
limited to 50 rounds, so there is not really any point in trying with
thousands of frames.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-05-04 18:19:23 +03:00
Pradeep Kumar Chitrapu
6ae0d78b8e Determine 6 GHz bandwidth in AP mode ACS using op_class parameter
Determine bandwidth from op_class parameter when set in config. When not
configured, use he_oper_chwidth for determining 80 MHz or 160 MHz. When
both are not set, fall back to 20 MHz by default. This helps in removing
the dependency on op_class parameter in 6 GHz ACS.

Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
2021-05-03 23:24:13 +03:00
Pradeep Kumar Chitrapu
0822de037c Add AP mode ACS support for the 6 GHz band
Add support for the 6 GHz frequencies using 40, 80, and 160 MHz
bandwidths in the AP mode ACS.

Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
2021-05-03 23:22:25 +03:00
Pradeep Kumar Chitrapu
bef5eee4f7 Convert channel to frequency based selection for AP mode ACS
Convert channel based selection to frequency based selection for AP mode
ACS to accommodate for the 6 GHz band needs.

Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
2021-05-03 23:19:03 +03:00
Pradeep Kumar Chitrapu
15742566fd 6 GHz: Fix operating class in Supported Operating Classes element
Previously, the secondary channel was set only in presence of HT
capabilities based on HT40+ or HT40-. As HT capabilities and
secondary_channel are not present for the 6 GHz bamd, this causes
incorrect operating class indication in the Supported Operating Classes
element.

Fix this by assigning the secondary channel for bandwidths greater than
20 MHz in the 6 GHz band.

Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
2021-05-03 23:04:55 +03:00
Jouni Malinen
6162890798 tests: Update server and user certificates (2020)
The previous versions expired, so need to re-sign these to fix number of
the EAP test cases. This contains updates from running
tests/hwsim/auth_server/update.sh.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-05-03 20:03:28 +03:00
P Praneesh
79e8f0c164 hostapd: Update 160 MHz center freq calculation in 6 GHz
In the 6 GHz Operation Information field, the Channel Center Frequency
Segment 0 field indicates the channel center frequency index for
the 20 MHz, 40 MHz, 80 MHz, or 80+80 MHz channel on which the
BSS operates in the 6 GHz band. If the BSS channel width is 160 MHz
then the Channel Center Frequency Segment 0 field indicates the
channel center frequency index of the primary 80 MHz.

The Channel Center Frequency Segment 1 field indicates the channel
center frequency index of the 160 MHz channel on which the BSS operates
in the 6 GHz band or the channel center frequency of the secondary 80
MHz for the 80+80 MHz channel.

Since Channel Center Frequency Segment 1 was 0 for 160 MHz, 6 GHz STA
associated using 80 MHz. Update seg0 and seg1 fields per standard (IEEE
P802.11ax/D8.0: 9.4.2.249 HE Operation element).

Signed-off-by: P Praneesh <ppranees@codeaurora.org>
2021-05-03 17:35:59 +03:00
Lavanya Suresh
9c6b0a9416 hostapd: Disable VHT/HE when WMM is not enabled
When WMM is disabled, HT/VHT/HE capabilities should not be used for any
STA. If any STA advertises these capabilities, hostapd AP disables HT
capabilities in STA flags during STA assoc, but VHT/HE was not handled
similarly. This could allow a STA to associate in VHT/HE mode even in
WMM disable case.

To avoid this, disable VHT/HE capabilities similarly to HT during STA
association, if WMM is not enabled by the STA.

Signed-off-by: Lavanya Suresh <lavaks@codeaurora.org>
2021-05-03 17:27:22 +03:00
Jouni Malinen
15b1831a2c nl80211: Map internal TDLS_PEER_* to NL80211_TDLS_PEER_*
Even though these enum definitions are currently identical, it is better
to explicitly map these bits to the kernel interface instead of using
the internal definition for this. This makes it much clearer that new
enum tdls_peer_capability value needs to be assigned in nl80211 before
they can be added into wpa_supplicant.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-04-23 12:40:07 +03:00
Sreeramya Soratkal
742018f44d Add support to indicate TDLS peer's HE capability to driver
Indicate TDLS peer's capability to driver after processing TDLS setup
response frame. This information can be used by the driver to decide
whether to include HE operation IE in TLDS setup confirmation frame.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2021-04-23 12:32:37 +03:00
Jouni Malinen
2be5777a99 Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2021-04-19.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-04-23 12:31:50 +03:00
Jouni Malinen
d5ce180a60 tests: UPDATE_BEACON on disabled interface
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-04-21 23:24:58 +03:00
Kani M
1f2fbf41d0 Fix UPDATE_BEACON processing when disabled
The hostapd process crashed when the UPDATE_BEACON control interface
command was issue after the interface was disabled. Check for this case
and return an error if the interface is disabled.

Signed-off-by: Kani M <kanisumi@codeaurora.org>
2021-04-21 23:23:54 +03:00
Kani M
b8d337c632 DPP2: Fix channel 6 inclusion for chirping with non-2 GHz interfaces
When the driver provides a list of supported modes, chan6 ended getting
added even if the 2.4 GHz mode was not included. This resulted in
incorrect behavior of trying to transmit on a not supported channel in
case of 5 GHz only radios.

Fix this by adding the channel 6 by default only if the driver does not
provide a list of supported modes. Whenever the supported modes are
available, only add this channel if it is explicitly listed as an
enabled channel.

Fixes: 8e5739c3ac ("DPP2: Check channel 6 validity before adding it to chirp channel list")
Signed-off-by: Kani M <kanisumi@codeaurora.org>
2021-04-21 23:14:04 +03:00
Disha Das
80d9756956 DPP2: Get DPP Relay Controller context based on hostapd callback context
Get the DPP Relay Controller context from the list of configured
Controllers based on the correct hostapd callback context. This is
needed to pick the correct hostapd interface for sending out the
response over air, e.g., when the same hostapd process controls a 2.4
GHz only and a 5 GHz only interface.

Signed-off-by: Disha Das <dishad@codeaurora.org>
2021-04-21 23:06:00 +03:00
Jouni Malinen
622be1e10b tests: SAE and WPA3-Personal transition mode roaming
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-04-21 23:01:10 +03:00
Mohammad Asaad Akram
e63d456905 Add vendor reason code for TWT setup reject due to scan in progress
The firmware rejects the TWT setup request when scan is in
progress. Extend enum qca_wlan_vendor_twt_status to represent new
reason code for it.

Signed-off-by: Mohammad Asaad Akram <asadkrm@codeaurora.org>
2021-04-21 22:44:34 +03:00
Jingxiang Ge
7d513b5b28 Add vendor hang reason code for tasklet/credit latency
Define a new reason code in enum qca_wlan_vendor_hang_reason,
QCA_WLAN_TASKLET_CREDIT_LATENCY_DETECT, for tasklet/credit latency
detection.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-04-21 22:42:51 +03:00
Sunil Dutt
a6cae954ec Vendor command to configure concurrent STA connection policies
Introduce a QCA vendor command to configure the concurrent connection
policies when multiple STA interfaces are (getting) active.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-04-20 00:54:00 +03:00
Jouni Malinen
d961326f19 tests: DPP Relay and incomplete connections
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-04-13 00:31:36 +03:00
Disha Das
c2d7b027b1 DPP2: Close incomplete Relay connections
Add timeout to close incomplete DPP relay connections. This is needed to
avoid getting stuck with old entries that prevent new connections from
getting started.

Signed-off-by: Disha Das <dishad@codeaurora.org>
2021-04-13 00:26:07 +03:00
Wolfgang Steinwender
f91680c15f OpenSSL: Fix compilation for version < 1.1.0 without CONFIG_ECC
When CONFIG_ECC is not defined, openssl/ec.h is not included and EC_KEY
not known. Fix be not defining EVP_PKEY_get0_EC_KEY() when CONFIG_ECC is
not defined.

Signed-off-by: Wolfgang Steinwender <wsteinwender@pcs.com>
2021-04-10 12:48:08 +03:00
Jouni Malinen
d675d3b15b Add helper functions for parsing RSNXE capabilities
Simplify the implementation by using shared functions for parsing the
capabilities instead of using various similar but not exactly identical
checks throughout the implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-04-10 12:43:38 +03:00
Jouni Malinen
663e190b72 SAE: Remove now unused password identifier argument from non-H2E case
IEEE Std 802.11-2020 mandates H2E to be used whenever an SAE password
identifier is used. While this was already covered in the
implementation, the sae_prepare_commit() function still included an
argument for specifying the password identifier since that was used in
an old test vector. Now that that test vector has been updated, there is
no more need for this argument anymore. Simplify the older non-H2E case
to not pass through a pointer to the (not really used) password
identifier.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-04-10 12:12:54 +03:00
Ilan Peer
79f87f4734 PASN: Change PASN flows to use SAE H2E only
Do so for both wpa_supplicant and hostapd. While this was not explicitly
required in IEEE P802.11az/D3.0, likely direction for the draft is to
start requiring use of H2E for all cases where SAE is used with PASN.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-04-10 12:12:22 +03:00
Ilan Peer
d9c566b1b8 tests: Update PASN tests with SAE to use sae_pwe=2
As a preparation for changing wpa_supplicant and hostapd
implementation to use SAE H2E only.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-04-10 12:12:22 +03:00
Ilan Peer
09ca9851b3 tests: Use the correct SSID in PASN SAE tests
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-04-10 11:55:55 +03:00
Ilan Peer
ab7109f007 tests: Add coverage for PASN authentication with KDK derivation
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-04-10 11:55:55 +03:00
Ilan Peer
8c786e0687 PASN: Derive KDK only when required
When a PTK derivation is done as part of PASN authentication flow, a KDK
derivation should be done if and only if the higher layer protocol is
supported by both parties.

Fix the code accordingly, so KDK would be derived if and only if both
sides support Secure LTF.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-04-10 11:55:55 +03:00
Kiran Kumar Lokere
655edc19cf Vendor attributes to configure broadcast TWT parameters
Define the new TWT attributes for configuring the broadcast TWT
parameters in enum qca_wlan_vendor_attr_twt_setup.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-04-09 21:51:46 +03:00
Mohammad Asaad Akram
49ad86b0cf Add vendor reason codes for TWT setup reject on roaming/channel switch
The firmware rejects the TWT setup request when roaming and channel
switch is in progress. Extend enum qca_wlan_vendor_twt_status to
represent new reason codes for these cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-04-09 21:51:46 +03:00
Sunil Dutt
0bae161229 Set last_eapol_matches_bssid=1 on a roam+auth indication from driver
Commit 3ab35a6603 ("Extend EAPOL frames processing workaround for
roaming cases") added a work around to address the issue of EAPOL frame
reception after reassociation replied to with an incorrect destination
address (the BSSID of the old AP). This is due to association events and
EAPOL RX events being reordered for the roaming cases with drivers that
perform BSS selection internally.

This mechanism relies on the fact that the driver always forwards the
EAPOL handshake to wpa_supplicant after the roaming (sets
last_eapol_matches_bssid during the EAPOL processing and resets on the
assoc/reassoc indication).

The above approach does not address the case where the driver does the
EAPOL handshake on the roam, indicating the authorized status to
wpa_supplicant but also forwards the EAPOL handshake to wpa_supplicant
for few other roam attempts. This is because the flag
last_eapol_matches_bssid is not set with the roam+authorized event from
the driver. Thus, the next reorder of roam and EAPOL RX events would
miss this workaround.

Address this by setting last_eapol_matches_bssid=1 on a roam+authorized
event from the driver.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-04-09 21:51:46 +03:00
Jouni Malinen
527be9ce72 SAE: Increment the Sc counter before generating each Confirm
This changes the Send-Confirm value for the first SAE Confirm message to
be 1 instead of 0 for all cases to match the design shown in IEEE Std
802.11-2020, Figure 12-4 (SAE finite state machine).

Sc is defined to be "the number of SAE Confirm messages that have been
sent" which is a bit vague on whether the current frame is included in
the count or not. However, the state machine is showing inc(Sc)
operation in all cases before the "2" event to build the Confirm.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-04-09 21:51:46 +03:00
Jouni Malinen
47f51c8ba4 tests: Update SAE test vector to IEEE Std 802.11-2020
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-04-09 21:51:46 +03:00
Yu Wang
5f082c158c nl80211: Support larger number of MAC ACL entries
If the maximum size of MAC ACL entries is large enough, the
configuration message may exceed the default buffer size of a netlink
message which is allocated with nlmsg_alloc(), and result in a failure
when putting the attributes into the message.

To fix this, calculate the required buffer size of the netlink message
according to MAC ACL size and allocate a sufficiently large buffer with
nlmsg_alloc_size().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-03-31 00:30:11 +03:00