Commit graph

19100 commits

Author SHA1 Message Date
Jouni Malinen
c73f9cde8b nl80211: Remove send_and_recv_msgs_connect_handle()
This is not really that helpful as a separate helper function, so get
rid of one of the many send_and_recv() variants.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-12-19 00:38:11 +02:00
Jouni Malinen
d2e6a395cc nl80211: Do not set socket owner for NL80211_CMD_LEAVE_IBSS
This operation terminates the IBSS and as such, does not really use
NL80211_ATTR_SOCKET_OWNER.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-12-19 00:28:30 +02:00
Jouni Malinen
35e58b7415 nl80211: Remove send_and_recv_msgs_owner()
This is not helpful as a separate helper function anymore, so get rid of
one of the many send_and_recv() variants.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-12-19 00:26:32 +02:00
Jouni Malinen
9823f43053 nl80211: Move control port attribute adding into more accurate location
This is independent of the NL80211_ATTR_SOCKET_OWNER use, so add these
attributes from a separate helper function that is called only from
locations that actually start an operation that uses EAPOL frames.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-12-19 00:20:16 +02:00
Jouni Malinen
0d619df8b3 nl80211: Use bss->nl_connect unconditionally
Doing this based on driver support for control port RX or SAE seems like
undesired extra complexity. Just use this in all cases where the special
handle for a longer term operation, like connection or AP mode
operation, is needed.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-12-18 23:45:09 +02:00
Jouni Malinen
da0d51fee7 nl80211: Use socket cb instead of global->nl_cb in send_and_recv()
This is a step towards cleaning up all the workarounds that have showed
up over the years and made the design difficult to understand. This
removes use of the separate registration of process_bss_event() as
NL_CB_VALID for the individual commands since the use of the appropriate
cb (i.e., the one from nl80211_init_bss() in these cases) will already
point to the correct handler.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-12-18 21:41:32 +02:00
Jouni Malinen
84fdc8cd8b nl80211: Accept NL80211_CMD_FRAME events in global context
This is a workaround for some race conditions where the hardcoded use of
global->nl_cb in send_and_recv() ends up getting events delivered
through unexpected context when they happen to arrive at the time when a
command is being processed.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-12-18 21:08:26 +02:00
Jouni Malinen
79db4092c4 tests: Fix a typo in an error message
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-12-18 20:36:19 +02:00
Jouni Malinen
4ec67d514f tests: Make DPP mutual authentication cases more robust
Wait a bit between the DPP-SCAN-PEER-QR-CODE event and reporting of the
QR Code to avoid a race condition.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-12-18 20:35:21 +02:00
Jouni Malinen
808eea4856 tests: Avoid race condition in owe_transition_mode_ifname_acs
AP1 might take longer time than AP2, so add some more wait here.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-12-18 20:30:11 +02:00
Jouni Malinen
ee5ababa1d tests: Make dpp_controller_init_through_relay* more robust
Avoid a race condition that could result in the relay (hostapd)
maintaining STA association with PMF and discarding of the GAS frames.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-12-18 20:09:26 +02:00
Jouni Malinen
94cb040021 tests: Make p2p_channel_avoid* more robust
Terminate the group explicitly before cleanup to avoid a race condition
between an automatically started scan to find the GO again and the scan
started to clear the scan cache.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-12-18 17:12:30 +02:00
Jouni Malinen
48797ff87c tests: Avoid a race condition in DPP retry validation
Wait a bit to allow stopping of the DPP_LISTEN operation to be completed
before issuing the DPP_QR_CODE command that would send the frame that
these test cases expect to not get ACKed.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-12-18 17:00:55 +02:00
Jouni Malinen
d6509ffb92 tests: AP MLD protocol testing
Signed-off-by: Jouni Malinen <j@w1.fi>
2023-12-17 21:56:36 +02:00
Jouni Malinen
828311ef31 AP MLD: More careful checking of Multi-Link element length fields
Avoid potential read of one or two octets beyond the end of the
subelement when verifying that there is sufficient amount of data
included in each subelement/element within the MLE in Association
Request frames.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-12-17 21:55:10 +02:00
Jouni Malinen
38a5ed5fda AP MLD: Skip unknown Multi-Link element subelements
Instead of rejecting the Multi-Link element, skip unknown subelements to
be less likely to cause interop issues for future. IEEE P802.11be/D5.0
allows other optional subelements to be included here.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-12-17 21:53:52 +02:00
Jouni Malinen
d1a2d9bbcb tests: Include MACsec in example configuration
Signed-off-by: Jouni Malinen <j@w1.fi>
2023-12-17 18:35:48 +02:00
Jouni Malinen
8b9603c3d1 tests: Include Suite B 192-bit support in the example configuration
Signed-off-by: Jouni Malinen <j@w1.fi>
2023-12-17 18:34:45 +02:00
Jouni Malinen
9398586129 tests: Include DPP3 support in the example configuration
Signed-off-by: Jouni Malinen <j@w1.fi>
2023-12-17 18:33:52 +02:00
Jouni Malinen
62141825f6 tests: PASN authentication using driver event as trigger
Signed-off-by: Jouni Malinen <j@w1.fi>
2023-12-17 18:03:56 +02:00
Jouni Malinen
fe61861984 tests: SCS and QoS characteristics
Signed-off-by: Jouni Malinen <j@w1.fi>
2023-12-17 17:26:21 +02:00
Jouni Malinen
7626635ff4 tests: More robust sigma_dut_dpp_qr_mutual_init_enrollee_pending
Wait some time between the first DPP Authentication Response that
indicates the response is not yet available and the second DPP
Authentication Response to make this sequence a bit more realistic and
less likely to hit race conditions with UML time-travel.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-12-17 17:02:34 +02:00
Jouni Malinen
2ab56694f6 Split ap_sta_set_authorized() into two steps
This function is both updating the hostapd-internal sta->flags value and
sending out the AP-STA-CONNECTED control interface message. When
authorizing a STA, the call to this function is followed by a driver
command to update the flags of the STA entry in the driver. That has a
race condition at least for UML time-travel since the AP-STA-CONNECTED
event is used as a message to wait for before running a connectivity
test or some other operation that depends on the data connection being
in working condition.

Split the function into two steps so that the driver STA entry update
can be done between those two steps for the cases where it matters for
the race condition. In other words, send the AP-STA-CONNECTED message
only after having authorized the STA in the driver.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-12-17 14:09:57 +02:00
Jouni Malinen
52e869032a tests: Avoid race condition in autogo_passphrase_len
Wait for 4-way handshake to complete on the GO before the connectivity
test between two P2P clients.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-12-17 13:52:42 +02:00
Jouni Malinen
fc995d3130 tests: Avoid race condition in WPS ER tests
Wait for hostapd to complete STA authorization before running the
connectivity test between two associated STAs.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-12-17 12:48:31 +02:00
Jouni Malinen
da8a38fecb Remove unused assignment from Country element generation
This looks confusing and can cause warnings from static analyzers.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-12-17 12:17:43 +02:00
Jouni Malinen
33b5fc0763 PKCS#1: Do not use pointer value after freeing
The check for extra data was not dereferencing the pointer, but avoid
complaints about such uses by freeing the decrypted data only after the
check. The hexdump could have read freed memory, so that needs to be
before the freeing.

Fixes: 54ac6ff8c4 ("PKCS 1: Add function for checking v1.5 RSA signature")
Signed-off-by: Jouni Malinen <j@w1.fi>
2023-12-17 12:17:10 +02:00
Jouni Malinen
231d86ef91 OpenSSL: Check EVP_MAC_update() return value more consistently
Check this in crypto_hash_update() to be more consistent and report any
error in crypto_hash_finish().

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-12-17 12:06:04 +02:00
Jouni Malinen
a92694b001 OpenSSL: Check EVP_CIPHER_CTX_set_padding() return value more consistently
Even though this function is documented to always return 1, be more
consistent in checking that to avoid warnings from static analyzers.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-12-17 11:58:48 +02:00
Jouni Malinen
88bc6711a7 TDLS: Avoid unnecessary copying of the Link Identifier element
This memcpy was causing warnings from static analyzers since it is being
misinterpreted as copying all the data into the lnkid.bssid[] array
instead of that and the following arrays. Since the copy is not needed
at all, just use the original pointer to get rid of these warnings.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-12-17 11:51:35 +02:00
Jouni Malinen
656cf50d8b More consistent sta pointer checks in handle_assoc()
Verify that sta is not NULL before calling
hostapd_process_assoc_ml_info() that references this parameter. In
theory, sta might be NULL here if addition of the STA entry failed in
the 60 GHz case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-12-17 00:12:59 +02:00
Jouni Malinen
29f38ebcf6 ACS: Check whether iface->current_mode is NULL before use
This line seemed to trigger SIGSEGV in some code coverage testing cases.
It is not exactly clear how that was possible, but just in case, check
that iface->current_mode is set before using it here.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-12-17 00:02:43 +02:00
Jouni Malinen
ae20eb1d27 tests: Make p2p_msg_go_neg_both_start more robust
Use same listen channel on both devices to make this test somewhat more
likely to succeed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-12-16 22:59:50 +02:00
Jouni Malinen
406bc79763 tests: Make EAP-IKEv2 protocol tests more robust
Wait a bit more between removal of the network and the next attempt to
avoid race conditions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-12-16 22:37:36 +02:00
Andrei Otcheretianski
7fa840309a WNM: Skip current connection BSS when disassociate imminent is set
During scan results matching for connection skip BSS entries for the
current connection if disassociation imminent is set.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-12-16 20:40:23 +02:00
Ilan Peer
6ced33b43f tests: Verify BTM request with link removal imminent flow
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2023-12-16 20:40:23 +02:00
Jouni Malinen
7a873c81ee AP MLD: Do not schedule disconnection on BSS TM Request link removal
If the BSS TM Request for imminent BSS temoval is for a non-AP MLD that
has multiple affiliated links, do not schedule full disconnection since
other links remain associated.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-12-16 19:46:41 +02:00
Ilan Peer
ec70d14f7c AP: MLD: Extend BSS transition management request for link removal
Allow link removal imminent indication to be added with the new
link_removal_imminent=1 parameter to BSS_TM_REQ.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2023-12-16 19:46:41 +02:00
Jouni Malinen
09988c4356 WNM: Accept link removal BSS TM Request
Instead of rejecting the request, accept it since the AP MLD is in
control of which links are available and we are not being fully
disconnected in this case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-12-16 19:46:41 +02:00
Ilan Peer
80810929a4 WNM: Handle BTM request with Link Removal Imminent field set to 1
Based on IEEE P802.11be/D5.0, when a station is non-AP MLD with more
than one link the combination of the Link Removal Imminent field set to
1 and the BSS Termination Included field set to 1 means than only one of
the links is removed while the other links will remains associated.
Handle this case without starting a scan to find another BSS.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-12-16 19:12:23 +02:00
Ilan Peer
31e025c033 AP: When sending Action frames, use the AP MLD MAC address if needed
When the AP MLD sends an Action frame to a non-AP MLD, use the AP MLD
MAC address instead of the local AP address (BSSID).

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2023-12-16 18:54:39 +02:00
Ilan Peer
54e6c56d25 AP: Use AP MLD MAC address for terminating MLO association
Use the AP MLD MAC address when sending Deauthentication and
Disassociation frames to a non-AP MLD.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2023-12-16 18:49:56 +02:00
Ilan Peer
7ee12fca49 WNM: Allow frames from AP MLD
Allow frames where the SA is the AP MLD MAC address as the driver might
have performed address translation.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2023-12-16 18:49:16 +02:00
Ilan Peer
0546f0e1b0 WNM: Use correct address when configured as AP MLD
When the AP is configured to operate as an AP MLD, use the AP MLD MAC
address when needed for transmission of WNM Action frames.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2023-12-16 18:43:18 +02:00
Vinayak Yadawad
1efdba5fdc Handle PMKSA flush in the driver for SAE/OWE offload cases
For wpa_supplicant based SAE/OWE connection, the wpa_supplicant state
machine is aware of the PMKID created for a connection and this gets
removed when "REMOVE_NETWORK all" is called. However, when SAE/OWE
offload is enabled, wpa_supplicant is not aware of the PMKID generated
by the driver/firmware. So add PMKSA del indication to the driver from
remove_network context so that the driver can free PMKs associated with
the SSID.

Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>
2023-12-16 18:25:26 +02:00
Daniel Gabay
6a793c5f24 bgscan: Fix bgscan_init() stub declaration
The bgscan_init() declared wrongly when CONFIG_BGSCAN is not defined,
fix that.

Fixes: 3139270903 ("bgscan: Add global bgscan configuration")
Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
2023-12-16 18:18:38 +02:00
Michael-CY Lee
0af4c1478e hostapd: Check the bridge if ioctl SIOCBRADDIF fails
If ioctl() returns EBUSY on the command SIOCBRADDIF, the interface might
have already been added to the bridge by an external operation (e.g.,
netifd in OpenWrt), and linux_br_add_if() should not indicate an error.

Check whether the interface is correctly brigded when ioctl()
returns EBUSY and if so, report success.

Signed-off-by: Michael-CY Lee <michael-cy.lee@mediatek.com>
2023-12-16 18:16:05 +02:00
Benjamin Berg
1b9006a8cb Use the link BSSID to resolve current BSS for whether to roam check
Otherwise any new scan result (even manual ones if they do not set
use_id=X to a non-zero value), can cause a reconnect to the same BSS
when MLO is used. This is because the current BSS is not detected by
wpa_supplicant_need_to_roam() and it assumes that roaming is needed.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-12-16 18:04:32 +02:00
Andrei Otcheretianski
c4dac077bc wpa_supplicant: Remove redundant CONFIG_WNM in wnm_sta.c
The entire file is compiled only under CONFIG_WNM, remove it.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-12-16 18:00:13 +02:00
Ilan Peer
d43a49a66d Remove a spurious tab in hostapd_eid_rnr()
Remove a spurious \tab char in hostapd_eid_rnr() between arguments to a
function.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-12-16 17:58:33 +02:00