IEEE Std 802.11ax-2021 added channel 177 into global operating class 125
and consequently channel 173 in global operating class 126 (HT40+) and
channel 177 in global operating class 127 (HT40-).
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Skip the test of HE PHY capability bit "Support for a 40 MHz and 80 MHz
channel width" when starting an AP with a 20 MHz channel on the 5 GHz
band.
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Currently while selecting a preferred frequency when no preference is
known, p2p_no_go_freq is not considered for 5 GHz and 60 GHz channels.
This results in starting GO on the channels that are configured not to
allow the local device as GO.
Use wpas_p2p_supported_freq_go api to check if the p2p_no_go_freq
configuration before selecting the preferred frequency for GO.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
For some 6 GHz operating class like 134, there is a possibility where
the ch variable used for channel iterator overflows when it is
incremented. Fix this by updating the datatype of ch variable to
avoid integer overflow while incrementing.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
Add a QCA vendor attribute to configure the driver/firmware the allowed
bands for roaming by userpace. This attribute is also used to get the
configured roam bands from the driver.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Using __del__ for any kind of cleanup is not a good idea
as it's not guaranteed to be called at any particular time,
it's only called whenever the next garbage collect cycle
kicks in.
Use a context manager instead, which basically removes the
need for the try/finally and fixes the reliance on __del__.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Use monitor interface to send_mlme only when the interface is configured
in AP mode. In multiple interface setup, one interface can be configured
in AP mode using monitor interface and another interface in station
mode. The station interface may also require sending the management
frames without using monitor interface, e.g., support external SAE
authentication to send Authentication frames without monitor interface.
This change allows sending management frames to the driver for a station
interface where the AP interface uses monitor interface.
Additionally, the monitor interface is only valid for AP mode
(nl80211_create_monitor_interface() is called in nl80211_setup_ap) so
interface type check ensures to use monitor interface only when required
by the specific interface.
Signed-off-by: Ajay Singh <ajay.kathat@microchip.com>
Signed-off-by: Peter Reen <peter.reen@microchip.com>
For the function hostapd_get_sta_tx_rx(), the name
hostapd_get_sta_info() is more appropriate as it is also responsible for
getting many other STA specific params like RSSI, inactive milliseconds
along with TX and RX bytes.
Signed-off-by: Gokul Sivakumar <gokulkumar792@gmail.com>
When a Mesh interface is managed by wpa_supplicant, include the peer
link connected time (secs) in the output of "sta <addr>", "all_sta"
wpa_cli cmds for each peer. This will be helpful to find when the peer
link connection got established. The NL80211_STA_INFO_CONNECTED_TIME
netlink attribute data is used for this purpose if available.
$ wpa_cli -i mesh0 all_sta
02:00:00:00:02:00
flags=[ASSOC][WMM][HT]
aid=1
capability=0x0
listen_interval=0
supported_rates=82 84 8b 96 8c 12 98 24 b0 48 60 6c
timeout_next=NULLFUNC POLL
rx_packets=77
tx_packets=3
rx_bytes=8510
tx_bytes=284
inactive_msec=104
signal=-30
rx_rate_info=65 mcs 0
tx_rate_info=65 mcs 0
ht_mcs_bitmask=ffff0000000000000000
connected_time=24
ht_caps_info=0x103c
The connected_time field in the output of "hostapd_cli -i ap0 all_sta"
cmd is not affected and it will continue to show the connected time
maintained by hostapd for each STA.
Signed-off-by: Gokul Sivakumar <gokulkumar792@gmail.com>
../src/ap/ieee802_11.c: In function ‘pasn_wd_handle_sae_commit’:
../src/ap/ieee802_11.c:2401:60: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 3 has type ‘size_t’ {aka ‘unsigned int’} [-Wformat=]
wpa_printf(MSG_DEBUG, "PASN: SAE buffer too short. len=%lu",
~~^
%u
buf_len);
~~~~~~~
../src/ap/ieee802_11.c: In function ‘pasn_wd_handle_sae_confirm’:
../src/ap/ieee802_11.c:2477:60: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 3 has type ‘size_t’ {aka ‘unsigned int’} [-Wformat=]
wpa_printf(MSG_DEBUG, "PASN: SAE buffer too short. len=%lu",
~~^
%u
buf_len);
~~~~~~~
../src/ap/ieee802_11.c: In function ‘pasn_wd_handle_fils’:
../src/ap/ieee802_11.c:2707:62: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 3 has type ‘size_t’ {aka ‘unsigned int’} [-Wformat=]
wpa_printf(MSG_DEBUG, "PASN: FILS: Buffer too short. len=%lu",
~~^
%u
buf_len);
~~~~~~~
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
The number of nlctrl name resolution calls required to connect to a
WPA2-PSK AP is 12. And each nlctrl name resolution call spends 55 micro
seconds on a lower spec CPU like Intel Atom N270. Reduce the number of
nctrl name resolution calls from 12 to 1 by caching the results of nctrl
name resolution calls on int size memory to speed up the connection
process a little bit.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Try to parse the private_key blob as private key in PEM format encoded
PKCS#8. PEM format is already supported for private_key file and is now
also supported for private_key blob.
Signed-off-by: Wolfgang Steinwender <wsteinwender@pcs.com>
Generate an event on the control socket interface when a network is
added or removed. The event name CTRL-EVENT-NETWORK-<ADDED|REMOVED>
is followed by the network entry identifier. The event matches the
corresponding Network<Added|Removed> signal on the d-bus interface.
Signed-off-by: Andrew Beltrano <anbeltra@microsoft.com>
The --conf option specifies a file containing a list of options
to configure the network used for running the test which will be
used in place of the defaults built into the script.
Signed-off-by: Nick Porter <nick@portercomputing.co.uk>
==19798==ERROR: AddressSanitizer: heap-use-after-free on address 0x6110000663f8 at pc 0x55a2c485a232 bp 0x7ffeb42dcaf0 sp 0x7ffeb42dcae0
READ of size 8 at 0x6110000663f8 thread T0
Connect STA wlan0 to AP
#0 0x55a2c485a231 in ptksa_cache_add ../src/common/ptksa_cache.c:310
#1 0x55a2c4398045 in hostapd_store_ptksa ../src/ap/wpa_auth_glue.c:943
#2 0x55a2c4430980 in wpa_auth_store_ptksa ../src/ap/wpa_auth.c:232
#3 0x55a2c44578e1 in sm_WPA_PTK_PTKINITDONE_Enter ../src/ap/wpa_auth.c:3650
#4 0x55a2c44578e1 in sm_WPA_PTK_Step ../src/ap/wpa_auth.c:3798
#5 0x55a2c44578e1 in wpa_sm_step ../src/ap/wpa_auth.c:4437
#6 0x55a2c445d99d in wpa_receive ../src/ap/wpa_auth.c:1411
#7 0x55a2c43e7747 in ieee802_1x_receive ../src/ap/ieee802_1x.c:1118
#8 0x55a2c43bbf73 in hostapd_event_eapol_rx ../src/ap/drv_callbacks.c:1542
#9 0x55a2c43bbf73 in wpa_supplicant_event ../src/ap/drv_callbacks.c:1932
#10 0x55a2c466cb2d in drv_event_eapol_rx ../src/drivers/driver.h:6074
#11 0x55a2c466cb2d in nl80211_control_port_frame ../src/drivers/driver_nl80211_event.c:2822
#12 0x55a2c466cb2d in process_bss_event ../src/drivers/driver_nl80211_event.c:3194
#13 0x7feed9e90b9b in nl_cb_call ./include/netlink-private/netlink.h:145
#14 0x7feed9e90b9b in recvmsgs ./lib/nl.c:1006
#15 0x7feed9e90b9b in nl_recvmsgs_report ./lib/nl.c:1057
#16 0x7feed9e91058 in nl_recvmsgs ./lib/nl.c:1081
#17 0x55a2c45f2e8c in wpa_driver_nl80211_event_receive ../src/drivers/driver_nl80211.c:1782
#18 0x55a2c44b9afa in eloop_sock_table_dispatch ../src/utils/eloop.c:603
#19 0x55a2c44be122 in eloop_run ../src/utils/eloop.c:1228
#20 0x55a2c43360bf in hostapd_global_run /home/mbr/hostapd/hostapd/main.c:451
#21 0x55a2c43360bf in main /home/mbr/hostapd/hostapd/main.c:898
#22 0x7feed8ce20b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
#23 0x55a2c432f3fd in _start (/home/mbr/hostapd/hostapd/hostapd+0x9f23fd)
0x6110000663f8 is located 184 bytes inside of 216-byte region [0x611000066340,0x611000066418)
freed by thread T0 here:
#0 0x7feeda1477cf in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x10d7cf)
#1 0x55a2c44ce56b in os_free ../src/utils/os_unix.c:773
#2 0x55a2c451a986 in radius_msg_free ../src/radius/radius.c:137
#3 0x55a2c4527104 in radius_client_msg_free ../src/radius/radius_client.c:261
#4 0x55a2c452f53c in radius_client_list_add ../src/radius/radius_client.c:715
#5 0x55a2c452f53c in radius_client_send ../src/radius/radius_client.c:807
#6 0x55a2c453b24c in accounting_sta_report ../src/ap/accounting.c:352
#7 0x55a2c453d6e9 in accounting_sta_stop ../src/ap/accounting.c:384
#8 0x55a2c44190fd in ap_free_sta ../src/ap/sta_info.c:194
#9 0x55a2c4934530 in handle_deauth ../src/ap/ieee802_11.c:6035
#10 0x55a2c4934530 in ieee802_11_mgmt ../src/ap/ieee802_11.c:6399
#11 0x55a2c43bf114 in hostapd_mgmt_rx ../src/ap/drv_callbacks.c:1468
#12 0x55a2c43bf114 in wpa_supplicant_event ../src/ap/drv_callbacks.c:1912
#13 0x55a2c465faf7 in mlme_event_mgmt ../src/drivers/driver_nl80211_event.c:823
#14 0x55a2c4661774 in mlme_event ../src/drivers/driver_nl80211_event.c:1135
#15 0x55a2c466c43b in process_bss_event ../src/drivers/driver_nl80211_event.c:3177
#16 0x7feed9e90b9b in nl_cb_call ./include/netlink-private/netlink.h:145
#17 0x7feed9e90b9b in recvmsgs ./lib/nl.c:1006
#18 0x7feed9e90b9b in nl_recvmsgs_report ./lib/nl.c:1057
previously allocated by thread T0 here:
#0 0x7feeda147bc8 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8)
#1 0x55a2c44cd387 in os_malloc ../src/utils/os_unix.c:715
#2 0x55a2c44ceb7f in os_zalloc ../src/utils/os_unix.c:779
#3 0x55a2c451a9f2 in radius_msg_new ../src/radius/radius.c:109
#4 0x55a2c4539a6e in accounting_msg ../src/ap/accounting.c:46
#5 0x55a2c453be15 in accounting_report_state ../src/ap/accounting.c:439
#6 0x55a2c453d91d in accounting_init ../src/ap/accounting.c:534
#7 0x55a2c4378952 in hostapd_setup_bss ../src/ap/hostapd.c:1333
#8 0x55a2c4382530 in hostapd_setup_interface_complete_sync ../src/ap/hostapd.c:2094
#9 0x55a2c4382815 in hostapd_setup_interface_complete ../src/ap/hostapd.c:2229
#10 0x55a2c4384100 in setup_interface2 ../src/ap/hostapd.c:1726
#11 0x55a2c4386b58 in setup_interface ../src/ap/hostapd.c:1628
#12 0x55a2c4386b58 in hostapd_setup_interface ../src/ap/hostapd.c:2318
#13 0x55a2c4387a57 in hostapd_enable_iface ../src/ap/hostapd.c:2730
#14 0x55a2c455d723 in hostapd_ctrl_iface_enable /home/mbr/hostapd/hostapd/ctrl_iface.c:1606
#15 0x55a2c455d723 in hostapd_ctrl_iface_receive_process /home/mbr/hostapd/hostapd/ctrl_iface.c:3607
#16 0x55a2c456821e in hostapd_ctrl_iface_receive /home/mbr/hostapd/hostapd/ctrl_iface.c:4018
#17 0x55a2c44b9afa in eloop_sock_table_dispatch ../src/utils/eloop.c:603
#18 0x55a2c44be122 in eloop_run ../src/utils/eloop.c:1228
#19 0x55a2c43360bf in hostapd_global_run /home/mbr/hostapd/hostapd/main.c:451
#20 0x55a2c43360bf in main /home/mbr/hostapd/hostapd/main.c:898
#21 0x7feed8ce20b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
SUMMARY: AddressSanitizer: heap-use-after-free ../src/common/ptksa_cache.c:310 in ptksa_cache_add
Shadow bytes around the buggy address:
0x0c2280004c20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2280004c30: 00 00 fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2280004c40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2280004c50: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
0x0c2280004c60: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
=>0x0c2280004c70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]
0x0c2280004c80: fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2280004c90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2280004ca0: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa
0x0c2280004cb0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c2280004cc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==19798==ABORTING
Fixes: a4e3691616 ("WPA: Add PTKSA cache implementation")
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
according to OpenSSL documentation [1], EVP_CIPHER_CTX_set_padding()
should be called after EVP_EncryptInit_ex(), EVP_DecryptInit_ex(), or
EVP_CipherInit_ex(). Not doing this causes EVP_CIPHER_CTX_set_padding()
to return false on OpenSSL-3.0.0, resulting in the impossibility to
connect in many scenarios. Fix this changing the order of function calls
where needed.
[1] https://www.openssl.org/docs/man1.1.1/man3/EVP_CIPHER_CTX_set_padding.html
Reported-by: Vladimir Benes <vbenes@redhat.com>
Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
NetworkManager-CI detected systematic failures on test scenarios using
MSCHAPv2 when wpa_supplicant uses OpenSSL-3.0.0.
The 'test_module_tests.py' script also fails, and the following log is
shown:
1627404013.761569: generate_nt_response failed
1627404013.761582: ms_funcs: 1 error
It seems that either DES_set_key() or DES_ecb_encrypt() changed their
semantic, but it doesn't make sense to fix them since their use has been
deprecated. Converting des_encrypt() to avoid use of deprecated
functions proved to fix the problem, and removed a couple of build
warnings at the same time.
Reported-by: Vladimir Benes <vbenes@redhat.com>
Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
Found using x86_64-cros-linux-gnu-clang (Chromium OS
12.0_pre416183_p20210305-r3 clang version 12.0.0):
radius_client.c:818:24: warning: cast to smaller integer ...
RadiusType msg_type = (RadiusType) sock_ctx;
Signed-off-by: Joshua Emele <jemele@chromium.org>
"SET disable_mscs_support 1" can be used to disable indication of MSCS
support in the Extended Capabilities element for testing purposes. This
is also disabling addition of the MSCS element even if valid
configuration parameters had been configured.
Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
Add support to receive and process SCS Response frames from the AP and
indicate the status to upper layers.
Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
"SET disable_scs_support 1" can be used to disable indication of SCS
support in the Extended Capabilities element for testing purposes.
Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
Add support to parse SCS control interface command and form the SCS
Request frame to be sent to SCS enabled AP.
Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
Commit 0b8889d8e5 ("P2P: Do not stop Listen state if it is on
correct channel") added a optimization to use Listen state's
remain-on-channel to send out GO Negotiation response frame quickly.
But in Listen state, if GO Negotiation request frame is received before
the remain-on-channel started event from the driver, the above
optimization is not triggered. This showed up in following manner in the
debug log:
p2p0: Starting radio work 'p2p-listen'@0xb4000070ae22d420 after 0.000114 second wait
nl80211: Remain-on-channel cookie 0x100 for freq=2412 MHz duration=204
P2P: Received GO Negotiation Request from 6e:fa:a7:86:e5:e5(freq=2412)
P2P: GO Negotiation with 6e:fa:a7:86:e5:e5
P2P: Stopping find
P2P: Clear timeout (state=WAIT_PEER_CONNECT)
P2P: State WAIT_PEER_CONNECT -> IDLE
nl80211: Cancel remain-on-channel with cookie 0x100
p2p0: Radio work 'p2p-listen'@0xb4000070ae22d420 done in 0.074348 seconds
p2p0: radio_work_free('p2p-listen'@0xb4000070ae22d420): num_active_works --> 0
P2P: State IDLE -> GO_NEG
P2P: Sending GO Negotiation Response
Off-channel: Send action frame: freq=2412 dst=6e:fa:a7:86:e5:e5 src=da:3c:83:7d:70:2b bssid=da:3c:83:7d:70:2b len=196
nl80211: Remain-on-channel event (cancel=0 freq=2412 channel_type=0 duration=400 cookie=0x100 (match))
nl80211: Remain-on-channel event (cancel=1 freq=2412 channel_type=0 duration=0 cookie=0x100 (match))
P2P: GO Negotiation Response (failure) TX callback: success=0
Fix this by adding p2p->pending_listen_freq == freq condition for the
optimization so that the case where the remain-on-channel command has
already been issued to the driver, but the start event has not yet been
received, is covered as well.
Fixes: 0b8889d8e5 ("P2P: Do not stop Listen state if it is on correct channel")
Signed-off-by: Hu Wang <huw@codeaurora.org>
Add QCA new status vendor attribute
QCA_WLAN_VENDOR_TWT_STATUS_POWER_SAVE_EXIT_TERMINATE
to indicate the TWT session termination due to power save
exit request from userspace.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add the following vendor attribute to indicate the bandwidth to be used
for spectral scan operation:
- QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_BANDWIDTH
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Enhance QCA_NL80211_VENDOR_SUBCMD_THERMAL_CMD to fetch thermal
statistics for different temperature levels from the driver to
userspace. The statistics will be stored in the driver/firmware for
predefined temperature levels and will be reported to userspace when
QCA_NL80211_VENDOR_SUBCMD_THERMAL_CMD is sent with the command type
QCA_WLAN_VENDOR_ATTR_THERMAL_CMD_TYPE_GET_THERMAL_STATS.
The thermal statistics can be cleared from userspace by sending a
QCA_NL80211_VENDOR_SUBCMD_THERMAL_CMD command with the type
QCA_WLAN_VENDOR_ATTR_THERMAL_CMD_TYPE_CLEAR_THERMAL_STATS.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Enable (and require) the management frame protection for the P2P GO if
it is started on a 6 GHz channel.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
P2P connections in the 6 GHz band use SAE authentication algorithm after
getting credentials with WPS connection. During WPS connection as it
doesn't use SAE, SAE PT is not derived. After getting SAE credentials,
the STA connects to the same SSID using SAE auth algorithm. Earlier, SAE
H2E PT was not derived while connecting to the same SSID to which the
STA is connected last time. Due to this, the P2P group formation fails
for 6 GHz channels when H2E is enabled as the PT will not be setup by
the P2P client before proceeding to the SAE authentication. Same could
happen with infrastructure WPS when wps_cred_add_sae=1 is used.
Set up the SAE H2E PT while connecting to the same SSID again also to
make sure that the H2E PT is set up in the STA to derive the PWE for
successful SAE authentication. The PT derivation will be skipped in
wpa_s_setup_sae_pt() if PT is already available for that SSID.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
Though both 5 GHz channels and 6 GHz channels report the mode as
HOSTAPD_MODE_IEEE80211A, there is a possibility of different HT/VHT/HE
capabilities being available between these bands. Use get_mode() to
obtain correct capabilities to cover cases where the driver reports
different capability values for the 5 GHz and 6 GHz channels.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
When the driver provides a list of supported modes, hostapd ended up
adding channel 6 even if the 2.4 GHz mode was not included. This
resulted in incorrect behavior of trying to transmit on a not supported
channel in case of 5 GHz only radios.
Fix this by adding the channel 6 by default only if the driver does not
provide a list of supported modes. Whenever the supported modes are
available, only add this channel if it is explicitly listed as an
enabled channel.
This is similar to an earlier wpa_supplicant change in commit
8e5739c3ac ("DPP2: Check channel 6 validity before adding it to chirp
channel list").
Signed-off-by: Disha Das <dishad@codeaurora.org>
Determine if the TDLS peer supports TDLS in 6 GHz band based on the HE 6
GHz Band Capabilities element received in the TDLS Setup Response frame.
Indicate the peer's HE 6 GHz capabilities to the driver through
sta_add().
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add QCA vendor attributes to configure the driver to enable/disable the
Broadcast TWT support and Rx Control Frame To MultiBSS support in HE
capabilities information field. This attribute is used for testing
purposes.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Update QCA_WLAN_VENDOR_ATTR_TWT_SETUP_WAKE_TIME_TSF
TWT attribute to use it in TWT setup command to pass TSF value.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
External applications can store PMKSA entries persistently and
reconfigure them to wpa_supplicant after restart. This can result in
wpa_supplicant having a PMKSA for FILS authentication without having
matching ERP keys for it which would prevent the previously added
mechanism for dropping FILS PMKSA entries to recover from rejected
association attempts.
Fix this by clearing PMKSA entries configured by external applications
upon FILS connection failure even when ERP keys are not available.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
wpa_supplicant generates both a PMKSA cache entry and ERP keys upon
successful FILS connection and uses FILS authentication algorithm for
subsequent connections when either ERP keys or a PMKSA cache entry is
available.
In some cases, like AP/RADIUS server restart, both ERP keys and PMKSA
becomes invalid. But currently when an AP rejects an association,
wpa_supplicant marks only ERP keys as failed but not clearing PMKSA.
Since PMKSA is not cleared, consecutive connection attempts are still
happening with FILS authentication algorithm and connection attempts are
failing with the same association rejection again instead of trying to
recover from the state mismatch by deriving a new ERP key hierarchy.
Clear PMKSA entries as well on association rejection from an AP to allow
the following connection attempt to go with open authentication to
re-establish a valid ERP key hierarchy. Also, since clearing PMKSA
entries on unprotected (Re)Association Response frames could allow DoS
attack (reduce usability of PMKSA caching), clear PMKSA entries only
when ERP keys exists.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
Couple of the PASN test cases did not verify whether the wpa_supplicant
build used in the test included PASN support.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
CTRL-EVENT-AUTH-REJECT reporting was previously skipped when going
through SAE-specific Authentication frame handling. Add this event here
as well to be more consistent with control interface events.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
IEEE Std 802.11-2016, 12.4.7.6 specifies:
An SAE Commit message with a status code not equal to SUCCESS shall
indicate that a peer rejects a previously sent SAE Commit message.
An SAE Confirm message, with a status code not equal to SUCCESS, shall
indicate that a peer rejects a previously sent SAE Confirm message.
Thus when SAE authentication failure happens, authentication transaction
sequence number should not be incremented.
Signed-off-by: Jia Ding <jiad@codeaurora.org>