Commit graph

16740 commits

Author SHA1 Message Date
Ilan Peer
a4e3691616 WPA: Add PTKSA cache implementation
In order to be able to perform secure LTF measurements, both the
initiator and the responder need to first derive TK and KDK and store
them, so they would later be available for the secure LTF negotiation.

Add a basic implementation of a PTKSA cache that stores derived TK/KDK
which can later be used for secure LTF negotiation, and add it to the
build configuration.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 18:36:40 +02:00
Ilan Peer
a84ba92fa0 WPA: Add a function to get PMKSA cache entry
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 18:36:40 +02:00
Ilan Peer
6709b4ceb8 common: Add PASN parsing to ieee802_11_parse_extension()
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 18:36:40 +02:00
Ilan Peer
46bfc3a849 tests: Add module tests for PASN PTK derivation
Based on tests vectors taken from IEEE P802.11az/D2.6.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 18:36:40 +02:00
Ilan Peer
9ce123cdbf PASN: Add common Authentication frame build/validation functions
Add helper functions to construct a PASN Authentication frame and
validate its content, which are common to both wpa_supplicant and
hostapd.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 18:36:40 +02:00
Ilan Peer
c6d1a33bb0 PASN: Add functions to compute PTK, MIC and hash
1. Add a function to derive the PTK from a PMK and additional data.
2. Add a function to calculate the MIC for a PASN frames.
3. Add a function to compute the hash of an authentication frame body.

The above are built only in case that CONFIG_PASN is enabled at build
time.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 18:36:40 +02:00
Ilan Peer
d87f4aea11 FILS: Extend the fils_pmk_to_ptk() function to also derive KDK
Extend the fils_pmk_to_ptk() to also derive Key Derivation
Key (KDK) which can later be used for secure LTF measurements.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 18:36:40 +02:00
Ilan Peer
6e834db74e FT: Extend the wpa_pmk_r1_to_ptk() function to also derive KDK
Extend the wpa_pmk_r1_to_ptk() to also derive Key Derivation
Key (KDK), which can later be used for secure LTF measurements.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 18:36:40 +02:00
Ilan Peer
46c232eb76 WPA: Extend the wpa_pmk_to_ptk() function to also derive KDK
Extend the wpa_pmk_to_ptk() to also derive Key Derivation
Key (KDK), which can later be used for secure LTF measurements.

Update the wpa_supplicant and hostapd configuration and the
corresponding WPA and WPA Auth state machine, to allow enabling of KDK
derivation. For now, use a testing parameter to control whether KDK is
derived.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 18:36:40 +02:00
Ilan Peer
019507e10e common: Allow WPA_CIPHER_GTK_NOT_USED as a valid group management cipher
PASN authentication requires that group management cipher suite
would be set to 00-0F-AC:7 in the RSNE, so consider it as a valid
group management cipher and adjust the code accordingly.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 18:35:50 +02:00
Ilan Peer
2447212214 nl80211: Always register for RX authentication frames with PASN
Register a filter that only requests PASN Authentication frames
to be passed to user space.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 18:35:50 +02:00
Ilan Peer
a728449a04 nl80211: Allow off-channel of PASN authentication frames in send_mlme()
As part of the support needed for PASN.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 18:35:50 +02:00
Ilan Peer
8d4dce244d wlantest: Include PASN into build
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 18:35:50 +02:00
Ilan Peer
367e79231c PASN: Add some specification definitions
Based on IEEE P802.11az/D2.6.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 18:35:50 +02:00
Sreeramya Soratkal
833cdbe97d Add support for new 5 GHz channels 173 and 177
Add support for new channels 173 and 177 in the operating classes 125 to
130 as defined in draft IEEE P802.11ax/D8.0.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2021-01-22 19:18:10 +02:00
Sreeramya Soratkal
21fdb454df P2P: Fix channel selection for operating class 129
The operating class 129 includes channels with a maximum bandwidth of
160 MHz with center frequency index 50 and 114. The previous definition
of operating class 129 considered the center frequency index as actual
channels resulting in incorrect channel setup for the operating class.

Fix the definition of operating class 129 to consider channels with the
center frequency index of 50 and 114.

Also update the comment that describes the channel selection for
operating 128, 129, and 130 which mentions wpas_p2p_allow_channel()
verifies the channels while wpas_p2p_verify_channel() takes care of it.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2021-01-22 19:18:10 +02:00
Jouni Malinen
995ee4c94b tests: DPP Responder behavior on missing Auth Confirm
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-01-22 19:18:10 +02:00
Purushottam Kushwaha
959af4f576 DPP: Abort authentication if no Auth Confirm is received within a second
After sending DPP Auth Response, the Responder might not receive the
Auth Confirm either due to the Initiator not sending it or the reception
of the frame failing for some reason (e.g., Responder having already
left the negotiation channel). If this happens, following initiation
attempts would fail since the consecutive Auth Request would get
discarded since the previous authentication is still in progress.

Terminate DPP authentication on Responder, if no Auth Confirm is
received within one second of successfully sending Auth Response. This
allows the Responder to accept start of a new exchange.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-01-22 19:18:10 +02:00
Sunil Dutt
62657365f8 Add a configuration to disconnect on deinit if WoWLAN is enabled
Commit 02c21c02d0 ("wpa_supplicant: Do not disconnect on deinit if
WoWLAN is enabled") prevents the disconnection on deinit if the driver
indicates that WoWLAN is enabled. This is not the expected behavior in
some earlier use cases where the wpa_supplicant process is left running
when going to sleep and killing of the wpa_supplicant process is used
only when there is an expectation of Wi-Fi connection being disabled.

To support the use cases which require the WLAN to disconnect on deinit
even if WoWLAN is enabled, introduce a configuration parameter
wowlan_disconnect_on_deinit. This is set to 0 by default thereby not
impacting the functionality in the above mentioned commit. Setting it to
1 restores the old behavior before the commit identified above.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-01-21 18:21:30 +02:00
Jouni Malinen
f34493f2a8 tests: Fix rfkill testing with updated kernel
Kernel commit 14486c82612a ("rfkill: add a reason to the HW rfkill
state") added an extra byte to the end of the rfkill events and that
confused the read loop here since python tried to buffer the results
from multiple read() calls into the local buffer that then delivered the
extra octets in consecutive events. Fix this by disabling buffering for
these reads.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-01-15 18:10:34 +02:00
Antonio Cardace
8f58972942 dbus: Export new 'suiteb192' capability
Export a new 'suiteb192' capability to indicate that wpa_supplicant was
built with WPA-EAP-SUITE-B-192 support and accepts
'key_mgmt=WPA-EAP-SUITE-B-192'.

Signed-off-by: Antonio Cardace <acardace@redhat.com>
2021-01-15 12:24:26 +02:00
Brian Norris
9cdcc88238 DBus: Add 'owe' to interface Capabilities
Signed-off-by: Brian Norris <briannorris@chromium.org>
2021-01-15 12:22:47 +02:00
Andrei Otcheretianski
03125c9ddc tests: Fix ap_ft_eap_pull_wildcard_multi_bss
Python enumerates dictionaries in an arbitrary order, thus the resulting
configuration file will have the parameters shuffled randomly. This may
cause the test to fail when, for example, auth_server_addr is placed
after auth_server_port. Fix this by enforcing some of the fields to be
placed before the others.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2021-01-15 12:20:49 +02:00
Berkay Ercan
8e8406469e wpa_cli: Add WPS_EVENT_OVERLAP to action scripts
WPS_EVENT_OVERLAP case was missing on wpa_cli_action_process function in
wpa_cli.c, so when the overlap event occurs, there was no event message
sent to the action script. Add this event case to the function.

Signed-off-by: Berkay Ercan <berkay.ercan@airties.com>
Signed-off-by: Veli Demirel <veli.demirel@airties.com>
2021-01-15 12:18:37 +02:00
Janusz Dziedzic
cb9cc66b35 tests: remote: Allow shuffle
With -S option we will run tests in random order.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
2021-01-15 12:17:05 +02:00
Janusz Dziedzic
3c6468a7f3 tests: remotehost: Add missed select import
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
2021-01-15 12:16:55 +02:00
Janusz Dziedzic
b02a56bedb tests: remotehost: Remove wait_execute_complete
Today we have thread_wait().

Fixes: 11b3af3dad ("tests: remotehost: Use correct name")
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
2021-01-15 12:15:59 +02:00
hongwang.li
41fae6e0bb nl80211: Add missing WPA3-SAE auth_data in auth retry case
When wpa_supplicant sends NL80211_CMD_AUTHENTICATE to kernel, it is
possible that the cfg80211 in kernel has expired the BSS entry that
we are trying to auth with. Then cfg80211 will reject the auth cmd.
In this case, wpa_supplicant will trigger a single channel scan to
refresh cfg80211 BSS entry, and retry the auth when scan is finished.

When this case happens, wpa_supplicant makes a copy of auth params,
such as frequency, bssid, ssid, ie and so on. So when we retry auth,
the copy of these params will be used. The problem is, a param named
auth_data is missed when making the copy. The auth_data is used by
NL80211_ATTR_SAE_DATA which is a mandatory field for WPA3-SAE auth.
In WPA3-SAE case the auth retry will always fail because auth_data is
missing. This patch fixes the issue.

Signed-off-by: hongwang.li <hongwang.li@sonos.com>
2021-01-15 12:14:17 +02:00
Shiva Sankar Gajula
71718b628b FT: Update key mgmt properly in RSNE during roaming
When STA is performing roam from WPA3 AP to WPA2 AP, the STA was
including key mgmt FT-SAE instead of FT-PSK in FT Authentication request
RSNE when using driver-based SME. This is because the RSNE/MDE/FTE were
updated and forwarded to the driver using the NL80211_CMD_UPDATE_FT_IES
command before updating key mgmt properly. Because of this, the AP is
rejecting FT Authentication request with WLAN_REASON_UNSPECIFIED reason
code which is due to the invalid keymgmt in RSNE.

Fix this by reordering IE population to happen earlier in the sequence
so that the updated key mgmt information can be provided when using
NL80211_CMD_UPDATE_FT_IES.

Signed-off-by: Shiva Sankar Gajula <sgajula@codeaurora.org>
2021-01-15 12:10:10 +02:00
Jouni Malinen
694722516e tests: FT reassociation SAE-PSK-SAE
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-01-15 12:00:57 +02:00
Vinita S. Maloo
ea77568d8f Add user configured vendor IEs to default scan IEs
Add user configured vendor IEs for Probe Request frames to default scan
IEs so that these IEs will be included in the Probe Request frames for
the scans issued also by components other than wpa_supplicant.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-01-15 11:45:13 +02:00
Jouni Malinen
581dfcc413 tests: Fix p2p fuzzer build after API change
Commit 7b121af26a ("P2P: Delay P2P scan when an external scan is in
progress") added a new argument to p2p_scan_res_handled(), but did not
update this test tool. Fix this by using hardcoded value 0 for the new
delay argument.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-12-23 14:09:52 +02:00
Sunil Dutt
b6947f01a1 Android: Pass the vendor events to $(BOARD_WPA_SUPPLICANT_PRIVATE_LIB)
Android has a mechanism to extend the driver interface in vendor
specific ways. This implementation of the vendor interface is done in
$(BOARD_WPA_SUPPLICANT_PRIVATE_LIB). Extend this to allow the vendor
events to be provided to this library to facilitate the event
processing.

Introduce a new board configuration via
$(BOARD_WPA_SUPPLICANT_PRIVATE_LIB_EVENT) rather than reusing
$(BOARD_WPA_SUPPLICANT_PRIVATE_LIB) to enable this event handling in the
private library. This is to avoid compilation issues for
wpa_driver_nl80211_driver_event() with the already existing private
library implementations defined with
$(BOARD_WPA_SUPPLICANT_PRIVATE_LIB).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-12-21 23:22:56 +02:00
Purushottam Kushwaha
7b121af26a P2P: Delay P2P scan when an external scan is in progress
When an external scan is in progress on the same radio, delay the P2P
search operation based on configuration parameter p2p_search_delay. The
"search_delay" configuration done through p2p_find always takes
precedence over this delay value set due to an external scan trigger.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-12-21 23:22:51 +02:00
Sunil Dutt
f39d6aacbb P2P: Recover p2p_find operation in case of failure to fetch scan results
Add a handler to notify failures to fetch the scan results and provide
an option to override default behavior of requesting a new scan in one
second in such an error condition. Use this new handler mechanism to
continue the p2p_find operation (by invoking p2p_scan_res_handled) for
an interim scenario where the p2p_scan attempt fails to get the scan
results from the driver which can happen, e.g., if there are parallel
updates to the cfg80211 scan results.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-12-21 23:04:54 +02:00
Purushottam Kushwaha
74818ca63f Process QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH after NL80211_CMD_ROAM
NL80211_CMD_ROAM indication is scheduled via a kernel work queue, while
QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH is a vendor event from the
driver. Thus, a race condition can exist wherein the vendor event is
received prior to the NL80211_CMD_ROAM indication.

The processing of this vendor event depends on the NL80211_CMD_ROAM
indication to update the roamed BSS/BSSID information and thus the out
of sequence processing of these events would result in not updating the
right BSS information.

This commit adds a workaround to hold the pending
QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH event for up to 100 ms in
case NL80211_CMD_ROAM is not received first.

Signed-off-by: Purushottam Kushwaha <pkushwah@codeaurora.org>
2020-12-21 22:57:42 +02:00
Vamsi Krishna
b4a41abad4 nl80211: Do not ignore disconnection event after a connection event
After a disconnect command is issued, wpa_supplicant generates a
disconnection event to self and ignores the next disconnection event
coming from the driver.  In a race condition in which the driver
generates a connected event due to roaming just before receiving the
disconnect command from userspace, wpa_supplicant processes the
connected event after processing the self-generated disconnection event
and enters WPA_COMPLETED state. The driver sends a disconnection event
after processing the disconnect command sent by wpa_supplicant but the
disconnection event is ignored by wpa_supplicant as the disconnection
event is considered to be a result of locally generated disconnect
command. Thus, wpa_supplicant continues to be in the connected
(WPA_COMPLETED) state though the driver is in disconnected state.

Fix this out-of-sync behavior between the driver and wpa_supplicant by
not ignoring the disconnection event from the driver because of the
locally generated disconnect command sent to the driver if there is a
connection event received after issuing the disconnect command to the
driver.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-12-21 15:51:32 +02:00
Jouni Malinen
b3f88b15fb tests: Update ap_open_unexpected_assoc_event to match implementation
Now that wpa_supplicant ignores the unexpected association event in
disconnected-not-trying-to-connect state, this test cases needs to be
modified to avoid incorrect failures.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-12-21 15:51:32 +02:00
Vamsi Krishna
084b3d2f8a Drop unexpected connection event while disconnected
If there is a disconnect command from wpa_supplicant immediately after
the driver sends a connection event to userspace but before that event
is received and processed by wpa_supplicant, wpa_supplicant processes
the disconnect command and a self-generated disconnected event first
followed by the connected event received from the driver. As a result
wpa_supplicant moves to the WPA_COMPLETED state.  Whereas the driver
processes the disconnect command received from wpa_supplicant after it
sends the connected event and moves to the disconnected state. Due to
this race between the disconnect command from wpa_supplicant and the
connected event from the driver, wpa_supplicant is moving to the
connected state though the driver is moving to the disconnected state
which results in abnormal functionality.

Ignore the connection event coming from the driver when wpa_supplicant
is not trying to connect after a disconnect command is issued but before
the next connect command is issued to fix the above mentioned race
condition.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-12-21 14:06:52 +02:00
Sunil Dutt
73c7c2da99 Vendor feature capability to notify TWT asynchronous response support
The response for the respective TWT operations can either be synchronous
or asynchronous (wherever specified). If synchronous, the response to
this operation is obtained in the corresponding vendor command reply to
the user space. For asynchronous case, the response is obtained as an
event with the same operation type.

Drivers shall support either of these modes but not both simultaneously.
The support for asynchronous mode is advertised through the new flag
QCA_WLAN_VENDOR_FEATURE_TWT_ASYNC_SUPPORT. If the driver does not
include this flag, it shall support synchronous mode.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-12-21 13:09:30 +02:00
Sunil Dutt
a337c1d7c9 New TWT operations and attributes to TWT Setup and Nudge
Define the following additional TWT operations:
QCA_WLAN_TWT_GET_STATS, QCA_WLAN_TWT_CLEAR_STATS,
QCA_WLAN_TWT_GET_CAPABILITIES, QCA_WLAN_TWT_SETUP_READY_NOTIFY.

Also define new attributes to qca_wlan_vendor_attr_twt_setup
and qca_wlan_vendor_attr_twt_nudge.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-12-16 18:04:15 +02:00
Disha Das
b709bb40fd DPP2: Add DPP_CONTROLLER commands to hostapd_cli and wpa_cli
Add the DPP control interface DPP_CONTROLLER_START and
DPP_CONTROLLER_STOP commands to the CLIs.

Signed-off-by: Disha Das <dishad@codeaurora.org>
2020-12-16 18:04:15 +02:00
Jouni Malinen
6ead8b897f Use bool for is_6ghz variables and functions
Replace the implicit boolean checks that used int variables with use of
a more explicit bool variable type.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-12-11 19:56:14 +02:00
Jouni Malinen
9a411882bd tests: setband with band combination
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-12-11 19:56:14 +02:00
Veerendranath Jakkam
7131fede34 Extend the setband support for 6 GHz and band combinations
Support possible band combinations of 2.4 GHz, 5 GHz, and 6 GHz with
QCA_WLAN_VENDOR_ATTR_SETBAND_MASK attribute. Ensure backwards
compatibility with old drivers that are using
QCA_WLAN_VENDOR_ATTR_SETBAND_VALUE attribute and supporting only 2.4 GHz
and 5 GHz bands.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-12-11 19:56:14 +02:00
Jouni Malinen
e4c815a77a tests: Update scan_fail to match implementation change
The function name for adding frequency lists changed, so this test case
needs a matching change to avoid failures.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-12-11 19:56:14 +02:00
Veerendranath Jakkam
2a37cda747 scan: Add a helper function to append supported freqs from a given band
This functionality was repeated for couple of times. Use a shared helper
function to avoid code duplication.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-12-11 16:47:43 +02:00
Jouni Malinen
bba926350a Fix gcc-10 build with -Werror=array-bounds and dl_list_for_each()
The earlier workaround for UBSAN issues in commit 3b6b3ae581 ("Modify
dl_list_for_each() to not use unaligned access with WPA_TRACE") ended up
using a construction in which the type cast to the containing structure
was compared instead of the struct dl_list pointers. While that worked
around the UBSAN issue, it resulted in a comparison that gcc-10
interprets as being out of bounds for struct dl_list (which it obviously
is since this is to find the start of the containing structure).

Revert that workaround and instead, mark the struct dl_list used within
struct os_alloc_trace to have matching 16 octet alignment as the
containing structure. This is also restoring consistent design for
dl_list_for_each*().

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-12-04 13:59:37 +02:00
Johannes Berg
d215f42538 tests: HE: Add a test for wifi generation on 2.4 GHz
This was broken in the kernel in mac80211 for a while, until commit
780a8c9efc65 ("mac80211: do not disable HE if HT is missing on 2.4 GHz")
fixed it.

Add a test for wifi generation on 2.4 GHz in addition to the 5 GHz one.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-12-04 12:42:17 +02:00
Juliusz Sosinowicz
0225301fde wolfSSL: Client cert loading API fix
Client cert loading API should check equality to SSL_SUCCESS for
success.

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2020-12-04 12:42:17 +02:00