Commit graph

18018 commits

Author SHA1 Message Date
Jouni Malinen
25b52e5f83 FT: Extend FTE parsing for FT-SAE-EXT-KEY
Provide AKM, key length, and information about needed subelements to the
parser function so that the variable length MIC field cases can be
recognized for FT-SAE-EXT-KEY. Knowledge about R0KH-ID/R1KH-ID being
needed is required to be able to iterate over possible MIC field lengths
for the case where the AP does not yet know the correct key length at
the beginning of FT protocol.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-16 17:17:49 +03:00
Jouni Malinen
4f58afee9a FT: Extend MIC derivation for FT-SAE-EXT-KEY
Provide AKM to the helper function so that the new SHA256 and SHA512
options can be covered for FT-SAE-EXT-KEY.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-16 17:07:54 +03:00
Jouni Malinen
dcd46edf5f FT: Extend PMKR1Name derivation for FT-SAE-EXT-KEY
Provide key length instead of SHA384/SHA256 selection to the helper
function so that the new SHA512 option can be covered for
FT-SAE-EXT-KEY.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-16 17:03:10 +03:00
Jouni Malinen
9fd2455642 FT: Support longer SAE PMK for FT in INITPSK AP
This is needed for the new FT-SAE-EXT-KEY AKM that uses variable length
PMK.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-16 16:54:21 +03:00
Jouni Malinen
c41bd98be3 FT: AP mode FTE writing to support FT-SAE-KEY-EXT
Provide enough information to allow the FTE to be built using the
correct MIC field length based on the used AKM and key length.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-16 16:51:12 +03:00
Jouni Malinen
efa0f51d33 FT: Accept 512-bit PMK-R1 from RRB
This will be needed for FT-SAE-KEY-EXT.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-16 16:41:12 +03:00
Harsh Kumar Bijlani
eb0821c90c Add service class id attribute in SCS rule config vendor subcommand
Add service class id attribute
QCA_WLAN_VENDOR_ATTR_SCS_RULE_CONFIG_SERVICE_CLASS_ID in SCS rule
configuration vendor subcommand
QCA_NL80211_VENDOR_SUBCMD_SCS_RULE_CONFIG.

Signed-off-by: Harsh Kumar Bijlani<quic_hbijlani@quicinc.com>
2022-10-14 16:35:29 +03:00
Chaoli Zhou
5607abe2e8 WNM: Print unsupported neighbor report subelements in debug log
This can be helpful in trying to figure out what might need to be added
in the future.

Signed-off-by: Chaoli Zhou <quic_zchaoli@quicinc.com>
2022-10-14 16:14:47 +03:00
Chaoli Zhou
fcdd76fa28 Interworking: Print unsupported inner EAP-TTLS method in debug log
This can be helpful in trying to figure out unexpected behavior even
though we do not currently really do anything with the inner method
type.

Signed-off-by: Chaoli Zhou <quic_zchaoli@quicinc.com>
2022-10-14 16:13:24 +03:00
Chaoli Zhou
f8a05de669 Move default action from after switch to within
Move from this type of constructions:

switch (val) {
case 1:
	something;
	break;
}
default-action;

into following:

switch (val) {
case 1:
	something;
	break;
default:
	default-action;
	break
}

for cases where the switch statement is not expected to contain a full
set of enum values and as such, does not lose value from not having the
default target.

This makes the intent of default behavior clearer for static analyzers like
gcc with -Wswitch-default.

Signed-off-by: Chaoli Zhou <quic_zchaoli@quicinc.com>
2022-10-14 16:08:20 +03:00
Vishal Miskin
7614fcebe0 ACS: Filter out 6 GHz channels if HE or EHT is not enabled
Do not include 6 GHz channels in the ACS possible channel list if
neither HE (ieee80211ax=1) nor EHT (ieee80211be=1) is enabled since
those channels cannot be used in such combination.

Signed-off-by: Vishal Miskin <quic_vmiskin@quicinc.com>
2022-10-13 21:21:51 +03:00
Swarn Singh
1864664ca3 Android: Delay QCA roam+auth event until NL80211_CMD_ROAM is received
Information from both NL80211_CMD_ROAM and
QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH events is required for
processing the roam events correctly, especially to get the newly
connected BSS details. Indicate the roam event to private libraries only
after NL80211_CMD_ROAM and QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH
events are received.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-13 18:34:26 +03:00
Jouni Malinen
7f20a0a0bc wlantest: Key derivation for SAE-EXT-KEY
Extend wlantest capabilities to cover the new SAE-EXT-KEY AKM and
variable length MIC field and key lengths for it based on the used SAE
group.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-12 22:33:27 +03:00
Jouni Malinen
2e0400061f tests: wpa_supplicant AP mode with pmf=1/2
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-10 12:34:04 +03:00
Chaoli Zhou
5f3cdc0648 Override ieee80211w from pmf for AP mode in wpa_supplicant
Since NetworkManager doesn't support setting ieee80211w to
wpa_supplicant and only support pmf, so override ieee80211w from pmf for
AP mode if ieee80211w not configurated. Do not change behavior for the
P2P GO cases.

Signed-off-by: Chaoli Zhou <quic_zchaoli@quicinc.com>
2022-10-10 12:30:30 +03:00
Jouni Malinen
97104a6588 tests: Clear sae_groups when SAE could be used
This makes sigma_dut_ap_dpp_qr* test cases with SAE more robust by
avoiding unexpected behavior. This was found with the following test
sequence:
mesh_sae_anti_clogging sigma_dut_ap_dpp_qr_sae

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-07 20:59:34 +03:00
Jouni Malinen
2b972a35b3 DPP: Require PMF when profile is for SAE without PSK
While the IEEE 802.11 standard does not require MFPR=1, WPA3-Personal
requires PMF to be used with SAE. Use the stronger MFPR=1 configuration
for SAE-without-PSK case, i.e., interpret that as "WPA3-Personal only"
configuration.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-07 19:56:30 +03:00
Jouni Malinen
db46138de4 tests: sigma_dut DPP reconfiguration using SAE (Enrollee)
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-07 19:44:48 +03:00
Jouni Malinen
5007766d78 tests: Clear vendor elements at the end of wpas_ap_vendor_elems
This is needed to avoid surprises in the following test cases. This was
found with a failure in the following test sequence:
wpas_ap_vendor_elems p2p_ext_discovery_go

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-05 00:22:52 +03:00
Jouni Malinen
56321c0ac2 tests: Make sigma_dut_dpp_qr_mutual_resp_enrollee_connector_privacy more robust
Clear the dpp_connector_privacy_default parameter value that sigma_dut
set in wpa_supplicant at the end of the test case to avoid surprising
behavior for the following test cases. This was found with a failure in
the following test sequence:
sigma_dut_dpp_qr_mutual_resp_enrollee_connector_privacy
sigma_dut_dpp_proto_peer_disc_req

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-05 00:22:27 +03:00
Jouni Malinen
8219d2b7dd PASN: Fix CONFIG_PASN=y build without CONFIG_IEEE80211R=y
Do not try to use variables that are not defined without
CONFIG_IEEE80211R=y and add the forgotten "inline" for the function
wrapper.

Fixes: 5c65ad6c0b ("PASN: Support PASN with FT key derivation")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-04 20:41:54 +03:00
Jouni Malinen
ca94fd70c8 tests: sigma_dut and DPP AP provisioning with SAE
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-03 19:20:21 +03:00
Jouni Malinen
14cc63295e tests: DPP AP configuration for SAE-only
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-03 12:34:16 +03:00
Veerendranath Jakkam
61c6e7c62c nl80211: Parsing of MLO connection info from roam+auth event
Add support to parse MLO connection information from
QCA_WLAN_VENDOR_ATTR_ROAM_AUTH_MLO_LINKS for
QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH event.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-09-29 13:26:53 +03:00
Jouni Malinen
18f75df416 wlantest: Learn group keys for other MLO affiliated links
Update bss entries for all affiliated links whenever learning
GTK/IGTK/BIGTK from EAPOL-Key msg 3/4 or group msg 1/2.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-29 13:13:19 +03:00
Jouni Malinen
228420e2d9 wlantest: Find a STA entry based on MLO affiliated link addresses
Allow a single STA entry to be found for a non-AP MLD regardless of
which link MAC address was used to transmit/receive it.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-29 13:08:37 +03:00
Jouni Malinen
5d5c2cb2be wlantest: Recognize SAE case for moving from State 1 to 2
Update STA state tracking for SAE authentication as well as the previous
covered Open System algorithm.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-29 11:59:54 +03:00
Jouni Malinen
ac6baf0bcd wlantest: Use RSNE from MLO Link KDE, if present, for validation
Check the Beacon/Probe Response frame RSNE against the RSNE within the
MLO Link KDE for the current affiliated link instead of RSNE when
processing the EAPOL-Key msg 3/4 Key Data field.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-29 11:50:28 +03:00
Jouni Malinen
8c1231c05a wlantest: Print the TA of a Beacon frame for which there is no BIGTK
This makes the debug message more useful for determining whether an
expected BIGTK has been derived.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-29 00:03:27 +03:00
Jouni Malinen
26cf43dd5d wlantest: Learn GTK/IGTK/BIGTK for the current link in MLO case
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-29 00:00:45 +03:00
Rohan Dutta
3d842d9108 MLD STA: Add support for parsing MLO KDEs
Add support for parsing MLO KDEs as defined in Table 12-10 (KDE
selectors) in IEEE P802.11be/D2.0.

Signed-off-by: Rohan Dutta <quic_drohan@quicinc.com>
Co-authored-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-09-28 23:24:36 +03:00
Jouni Malinen
e2a434d57d wlantest: Use wpa_parse_kde_ies() directly
Make this easier to understand by using the appropriately named function
to parse KDEs/IEs in the Key Data field of EAPOL-Key frames instead of
using the wrapper function that is there just to provide the old
function name for wpa_supplicant.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-28 23:07:08 +03:00
Jouni Malinen
dc8a756ce4 wlantest: Verify Beacon frame MME even after Probe Response reception
rx_mgmt_beacon() was skipping all steps after a Probe Response frame
from the AP had been processed. This is expected for the parts that were
updating the bss entry information, but the checks for beacon protection
should not be skipped in this manner.

Skip onlu the updating parts while checking that beacon protection is
used correctly to make this more useful.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-28 23:02:31 +03:00
Rachit Kankane
e1105bab89 Add QCA vendor interface support for Spatial Reuse (SR) feature
Add a new vendor sub-command to implement Spatial Reuse feature.
Userspace enables SR feature with specific configuration parameters. The
driver/firmware upon receiving the command, enables the SR feature if it
is supported by the currently connected AP. The driver may reject the
command if it cannot enable the SR with the configured parameters. The
driver sends events to userspace to indicate when SR feature is enabled
or disabled internally. Userspace can also query SR feature related
parameters and statistics from the driver/firmware as needed.

Signed-off-by: Rachit Kankane <quic_rkankane@quicinc.com>
Signed-off-by: Aleti Nageshwar Reddy <quic_anageshw@quicinc.com>
2022-09-26 12:50:43 +03:00
Chaoli Zhou
1f39f85b72 Fix compiler warning on shift overflow in QCA vendor definitions
Fix the following compiler error:
qca-vendor.h:5892:54: error: result of ‘1 << 31’ requires 33 bits to represent, but ‘int’ only has 32 bits [-Werror=shift-overflow=]
 5892 |  QCA_WLAN_VENDOR_CHANNEL_PROP_FLAG_HE40INTOL     = 1 << 31,

This "1" needs to be marked unsigned for this case of MSB=1.

Signed-off-by: Chaoli Zhou <quic_zchaoli@quicinc.com>
2022-09-23 19:38:07 +03:00
Sunil Ravi
c5b950b6af Fix compilation error due to use of bitwise '&' with boolean operands
Compiler throws a warning for using bitwise operation in
wpa_s_setup_sae_pt() function instead of logical AND operation on two
boolean values.

Fixes: e81ec0962d ("SAE: Use H2E unconditionally with the new AKM suites")
Signed-off-by: Sunil Ravi <sunilravi@google.com>
2022-09-23 00:37:30 +03:00
Sunil
7bdd3f2aa6 P2P: Allow P2P CSA from 5 GHz to 2.4 GHz band
IEEE Std 802.11-2020, 11.8.8 (Selecting and advertising a new channel)
doesn't restrict switching to a channel which is not in the same band as
the current band. But at the same time, there are some issues in
switching between the 2.4/5 GHz bands and the 6 GHz band. So limit the
check to consider the critical use case of switching from a 5 GHz channel
to a 2.4 GHz channel.

Signed-off-by: Sunil Ravi <sunilravi@google.com>
2022-09-23 00:29:24 +03:00
Jouni Malinen
6ef455db67 tests: Automatic channel selection and 2.4 GHz channel 14
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-23 00:25:24 +03:00
Sunil Ravi
a7684a21c7 Update hw mode after ACS selects the channel
hostapd based automatic channel selection doesn't update the hardware
mode after the channel is selected. This change specifically helps
channel 14 which can operate only in IEEE 802.11b mode.

Signed-off-by: Sunil Ravi <sunilravi@google.com>
2022-09-23 00:23:56 +03:00
Jouni Malinen
f47d378cea tests: P2P and avoid frequencies preventing 80 MHz on channel 149"
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-23 00:12:33 +03:00
Sunil
768537921e P2P: Set operating class along with operating channel width
While setting up the P2P GO interface, wpa_supplicant sets the operating
channel width to CHANWIDTH_USE_HT in cases where it fails to set 80 MHz
bandwidth. In the same flow, update the operating class, too, according
to the channel width. This is to avoid setting up the operational
channel width back to 80 MHz from hostapd interface setup.

Signed-off-by: Sunil <sunilravi@google.com>
2022-09-23 00:04:30 +03:00
Sunil Ravi
ee7eec5185 P2P: Fix the issue in setting optimized listen channel
wpas_p2p_optimize_listen_channel() checks for the state and current ssid
of the interface calling this function. This check prevents the function
from setting the optimized listen channel. Since the listen channel is
stored in global P2P configuration data, do not check the state and
current interface of the caller.

Signed-off-by: Sunil Ravi <sunilravi@google.com>
2022-09-22 18:35:53 +03:00
Shay Bar
01944c0957 Fix RNR BSSID setting for own interfaces
bss->conf->bssid may be kept unset and will cause an empty BSSID field
in RNR. Fix this to use own_addr instead.

Signed-off-by: Shay Bar <shay.bar@celeno.com>
Signed-off-by: moran.daori <moran.daori@celeno.com>
2022-09-16 22:15:56 +03:00
Clemens Famulla-Conrad
3a7fe1e213 dbus: Omit FT key mgmt capabilities without CONFIG_IEEE80211R
If wpa_supplicant was build without CONFIG_IEEE80211R, the
exposed key-management capabilities should not include one of the
FT protocols. If someone would use a FT protocol in such situation,
it would fail anyway.

Signed-off-by: Clemens Famulla-Conrad <cfamullaconrad@suse.de>
2022-09-16 22:15:56 +03:00
Clemens Famulla-Conrad
d2caf6ef54 dbus: Fix property DebugShowKeys and DebugTimestamp
It is possible to specify -t or -K multiple times. With this the
value isn't boolean anymore and we hit a assert in libdbus
function `dbus_message_iter_append_basic()`, which expect 0 or 1
for DBUS_TYPE_BOOLEAN.

Signed-off-by: Clemens Famulla-Conrad <cfamullaconrad@suse.de>
2022-09-16 22:15:56 +03:00
Orr Mazor
a17f9a2d41 Add usage print for -q flag
Signed-off-by: Orr Mazor <o.mazor@genexis.eu>
2022-09-16 21:39:47 +03:00
stijn@linux-ipv6.be
f77c0f914a ACS: Include frequency in info messages
The ACS info messages frequently appear for multiple channels. Without
the actual frequency in the messages, they are not very informative.
Add the frequency to them to improve this.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-09-16 21:39:47 +03:00
Sergey Matyukevich
0c7b3814ca Use a less generic name for IEEE802.11 CRC-32 routine
Hostapd uses 'crc32' name for IEEE802.11 CRC-32 routine. This name is
too generic. Buildroot autobuilder detected build configuration that
failed to build due to the naming conflict: static linking with openssl
using zlib-ng as a zlib provider, e.g. see:
- http://autobuild.buildroot.net/results/9901df820d3afa4cde78e8ad6d62cb8ce7e69fdb/
- http://autobuild.buildroot.net/results/ac19975f0bf77f4a8ca574c374092ba81cd5a332/

Use a less generic name ieee80211_crc32 for IEEE802.11 CRC-32 routine
to avoid such naming conflicts.

Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
2022-09-16 21:39:47 +03:00
Johannes Berg
c52ec086da tests: hwsim: Search for UBSAN in kernel messages
If UBSAN is enabled, flag errors from it.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2022-09-16 21:39:44 +03:00
Johannes Berg
550ab94e83 tests: vm: Simplify parameter passing
Since the kernel  actually passes the command-line parameters
as environment variables to the init script, there's no need
to parse them out of /proc/cmdline.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2022-09-16 21:28:23 +03:00