Introduce a new vendor command
QCA_NL80211_VENDOR_SUBCMD_RATEMASK_CONFIG. This is used to set the rate
mask config to be used in MCS rate selection per PHY type.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Currently the moderate latency level is not used. Rename the moderate
latency level to XR latency level to be used in XR (extended reality)
applications.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
DPP Enrollee might wait for the configuration for 60 seconds, so
increase the DPP Configurator timeout for the GAS server operation to 60
seconds to cover that full wait time. This is needed for cases where
user interaction can take significant amount of time before the
configuration response can be generated.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This provides an alternative mechanism for upper layer components to
control configuration parameters to be used by the local Configurator.
Instead of the previously used design where the Configurator parameters
had to be provided before initiating the DPP Authentication exchange,
the new alternative approach allows the DPP Authentication exchange to
be started before any Configurator parameters have been determined and
wpa_supplicant will then request the parameters once the DPP
Configuration Request has been received from the Enrollee. This allows
the Config Request information to be used at upper layers to determine
how the Enrollee should be configured.
For example for an Initiator:
CTRL: DPP_QR_CODE <URI from Responder/Enrollee>
CTRL: DPP_AUTH_INIT peer=1 conf=query
<3>DPP-CONF-NEEDED peer=1 src=02:00:00:00:00:00 net_role=sta name="Test" opclass=81,82,83,84,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130 mud_url=N/A
(upper layer processing; potentially including user interaction)
CTRL: DPP_CONF_SET peer=1 conf=sta-sae ssid=736165 pass=70617373776f7264
<3>DPP-CONF-SENT
For example for a Responder:
CTRL: SET dpp_configurator_params conf=query
CTRL: DPP_LISTEN 2412 role=configurator
<3>DPP-CONF-NEEDED peer=2 src=02:00:00:00:01:00 net_role=sta name="Test" opclass=81,82,83,84,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130 mud_url=N/A
(upper layer processing; potentially including user interaction)
CTRL: DPP_CONF_SET peer=2 conf=sta-sae ssid=736165 pass=70617373776f7264
<3>DPP-CONF-SENT
For example for an Initiator that can act both as a Configurator and an
Enrollee in a case where the Initiator becomes the Enrollee:
CTRL: DPP_AUTH_INIT peer=1 role=either conf=query
<3>DPP-CONF-RECEIVED
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Extend the GAS server functionality to allow a request handler to return
the initial comeback delay with a later callback instead of having to
indicate the comeback delay when returning from the handler function.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The TCP code path did not handle the postponed connection attempt on TX
status and the following result message from the Enrollee to the
Configurator. Fix this by adding TCP-versions of these operations to
match the way wpa_supplicant implemented this for the Public Action
frames.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This extends dpp_test functionality to allow DPP Network Introduction
exchanges to use an incorrect value in the Protocol Version attribute.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Use a separate ver=<1|2> parameter to DPP_PKEX_ADD instead of
overloading init=1 with version indication. This allows additional
options for forcing v1-only and v2-only in addition to automatic mode
(start with v2 and fall back to v1, if needed).
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Extend the peer queue flush command with following attributes
1. Enable to flush per TID peer queue
2. Enable to configure when to flush the peer/TID queue
Signed-off-by: Madhvapathi Sriram <quic_msriram@quicinc.com>
Replace the word "blacklist" with the inclusive word "denylist" and add
aliases for backward compatibility.
Signed-off-by: Arowa Suliman <arowa@chromium.org>
Replace the word "whitelist" with the inclusive word "allowlist" and add
aliases for backward compatibility.
Signed-off-by: Arowa Suliman <arowa@chromium.org>
Update the version number for the build and also add the ChangeLog
entries for both hostapd and wpa_supplicant to describe main changes
between v2.9 and v2.10.
Signed-off-by: Jouni Malinen <j@w1.fi>
The crypto_ec_point_solve_y_coord() wrapper function might not use
constant time operations in the crypto library and as such, could leak
side channel information about the password that is used to generate the
PWE in the hunting and pecking loop. As such, calculate the two possible
y coordinate values and pick the correct one to use with constant time
selection.
Signed-off-by: Jouni Malinen <j@w1.fi>
This implementation within SSWU can be helpful for other users of the
dragonfly design, so move it into a shared helper function.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add a QCA vendor netlink interface to start/stop periodic TSF sync
feature and also support configuration of interval value as part of TSF
sync start command. In addition, improve documentation for the related
attributes and values.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add QCA_WLAN_VENDOR_ATTR_ACS_EHT_ENABLED flag attribute to conduct ACS
for EHT mode. The driver can consider EHT specific parameters such as
puncture pattern for ACS when this flag attribute is indicated by
userspace.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Add additional attributes in
QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY_EXT vendor sub command to
avoid usage of unsafe frequencies on wifi interfaces sent from userspace
to the driver/firmware. The driver/firmware shall use restrictions and
power cap accordingly to restrict the usage of these frequencies on
operating interface(s).
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This reverts commit 3af78a4e04.
This commit prepares a refactor for another patch, which is being
reverted.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
Add support for PKEXv2 core protocol. This defines a new PKEX Exchange
Request message type with protocol negotiation and different rules for
key derivation with PKEXv2 or newer is used.
This does not change existing behavior for PKEX, i.e., the PKEXv1
variant will still be used by default.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Allow the dpp_test parameter to be used to request the Protocol Version
attributed to be omitted from the Peer Discovery Request/Response
message.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Verify that the Protocol Version attribute is used appropriate in Peer
Discovery Request/Response messages in cases where the signed Connector
includes the version information.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Generate Peer Discovery Request/Response messages using the protected
version from the Connector, if present, instead of the currently
supported protocol version which might be higher than the one that got
included into the signed Connector during provisioning earlier.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Indicate the protocol version number that the Enrollee used during the
DPP exchange that resulted in the generation of the Connector.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
CONFIG_DPP3=y can now be used to configure hostapd and wpa_supplicant
builds to include DPP version 3 functionality. This functionality is
still under design and the implementation is experimental and not
suitable to be enabled in production uses before the specification has
been finalized.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add a QCA vendor attribute to indicate the puncture pattern derived
by the automatic channel selection algorithm.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add definitions for the fields described in IEEE Std 802.11-2020 and
IEEE Std 802.11ax-2021, 9.4.2.170 Reduced Neighbor Report element.
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Muna Sinada <msinada@codeaurora.org>
Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
As BoringSSL version of i2d_PUBKEY() doesn't respect the
POINT_CONVERSION_COMPRESSED flag redefine a specific
crypto_ec_key_get_subject_public_key() version for BoringSSL based on
dpp_bootstrap_key_der().
The only other user of crypto_ec_key_get_subject_public_key() is SAE-PK
for which the public key should also be formatted using compressed
format.
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Use crypto.h API to implement ECDH in DPP. This needs a new
initialization function in crypto.h to initialize an ECDH with a given
EC key.
Using crypto_ecdh_set_peerkey() to generate the ECDH secret in an
intermediate and dynamically allocated buffer removed the need for the
DPP-specific workaround for inconsistent length returned by
EVP_PKEY_derive() since that crypto_ecdh_set_peerkey() implementation
already had functionality for covering the changing secret_len value
from commit d001fe31ab ("OpenSSL: Handle EVP_PKEY_derive() secret_len
changes for ECDH").
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Keep the locally defined ASN.1 sequence DPP_BOOTSTRAPPING_KEY for now to
avoid losing a workaround for BoringSSL from commit 746c1792ac ("DPP:
Build bootstrapping key DER encoding using custom routine").
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Instead of generating EC point with random coordinates, generate a
valid EC point and then corrupt the coordinates after exporting them
in binary format.
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Remove one more direct call to OpenSSL using crypto_ec_key_group() to
compare group of c-sign-key and ppKey when creating Configurator from
backup data.
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Rewrite functions related to reconfig feature using EC point/bignum
primitives defined in crypto.h API.
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Add two new functions in crypto.h that "wrap" around already defined
signing function with (r,s) interface instead of DER Ecdsa-Sig-Value.
Using those functions implies to compute the hash to sign manually
before.
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Rewrite dpp_auth_derive_l_responder/initiator() using EC point/bignum
primitives defined in crypto.h API.
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Rewrite EC point/bignum computation done in PKEX protocol using EC
point/bignum primitives already defined in crypto.h and couple of small
new helper functions.
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Function crypto_ec_key_parse_priv() already parses ASN.1 ECPrivateKey so
use it when possible.
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
The extra validation steps through the OpenSSL X509 API are not really
necessary here and they most duplicate checks that happen implicitly
within d2i_PUBKEY() and the EVP_PKEY_get0_EC_KEY() checks in
crypto_ec_key_parse_pub().
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Move code of dpp_set_pubkey_point_group() into crypto.h API. This
function initializes an EC public key using coordinates of the EC point
in binary format.
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Move code of dpp_get_pubkey_point() to a crypto library specific
function crypto_ec_key_get_pubkey_point().
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
