Commit graph

5877 commits

Author SHA1 Message Date
Xin Deng
47a65ccbfd P2P: Clean wpa_s->last_ssid when removing a temporary group network
wpa_supplicant could crash due to dereferencing freed memory in a corner
case. When a reestablished P2P GO group gets removed because the
hardware mode is not supported when switching from 2.4 to 5 GHz. Group
removal in wpas_p2p_group_delete() forget to clean wpa_s->last_ssid due
to the missing wpas_notify_network_removed() call before removing the
network with wpa_config_remove_network().

That could cause a crash when flushing old BSSs which age out in
wpa_bss_flush_by_age() which uses wpa_s->last_ssid in some cases.

Fix this by invoking wpas_notify_network_removed() to clean
wpa_s->last_ssid when removing a temporary P2P group network.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-18 20:29:18 +03:00
Michael Lee
bc0636841a wpa_supplicant: Fix configuration parsing error for tx_queue_*
In the original flow, after hostapd_config_tx_queue() successfully
parses a tx_queue variable, wpa_config_process_global() would not return
immediately. Then it would print out "unknown global field" later and set
return val to -1.

Return success (0) after hostapd_config_tx_queue() successfully parses a
tx_queue variable to fix this.

Fixes: 790026c3da ("Allow TX queue parameters to be configured for wpa_supplicant AP/P2P GO")
Signed-off-by: Michael Lee <michael-cy.lee@mediatek.com>
2023-08-11 11:53:16 +03:00
Chien Wong
8f148d5132 Fix a compiler warning on prototype mismatch
Fix the warning:
wpa_supplicant.c:2257:5: warning: conflicting types for
‘wpas_update_random_addr’ due to enum/integer mismatch; have ‘int(struct
wpa_supplicant *, enum wpas_mac_addr_style,  struct wpa_ssid *)’
[-Wenum-int-mismatch]
 2257 | int wpas_update_random_addr(struct wpa_supplicant *wpa_s,
      |     ^~~~~~~~~~~~~~~~~~~~~~~
In file included from wpa_supplicant.c:32:
wpa_supplicant_i.h:1653:5: note: previous declaration of
‘wpas_update_random_addr’ with type ‘int(struct wpa_supplicant *, int, 
struct wpa_ssid *)’
 1653 | int wpas_update_random_addr(struct wpa_supplicant *wpa_s, int
style,
      |     ^~~~~~~~~~~~~~~~~~~~~~~

Fixes: 1d4027fdbe ("Make random MAC address style parameters use common enum values")
Signed-off-by: Chien Wong <m@xv97.com>
2023-08-11 11:25:36 +03:00
Veerendranath Jakkam
d320692d91 AP MLD: Handle new STA event when using SME offload to the driver
Parse link id and station MLD address received from the driver in the
NL80211_CMD_NEW_STA event.

Set MLO information of the station to the sta_info and wpa_sm.

Co-authored-by: Manaswini Paluri <quic_mpaluri@quicinc.com>
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-07-21 19:57:25 +03:00
Kiran Kumar Lokere
4636476b7f Set RRM used config if the (Re)Association Request frame has RRM IE
Set the sme RRM used config if the RRM element is present in the
(Re)Association Request frame sent in association event to cover the
cases where the driver SME takes care of negotiating RRM capabilities.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-07-18 16:40:59 +03:00
Jouni Malinen
8e6485a1bc PEAP client: Update Phase 2 authentication requirements
The previous PEAP client behavior allowed the server to skip Phase 2
authentication with the expectation that the server was authenticated
during Phase 1 through TLS server certificate validation. Various PEAP
specifications are not exactly clear on what the behavior on this front
is supposed to be and as such, this ended up being more flexible than
the TTLS/FAST/TEAP cases. However, this is not really ideal when
unfortunately common misconfiguration of PEAP is used in deployed
devices where the server trust root (ca_cert) is not configured or the
user has an easy option for allowing this validation step to be skipped.

Change the default PEAP client behavior to be to require Phase 2
authentication to be successfully completed for cases where TLS session
resumption is not used and the client certificate has not been
configured. Those two exceptions are the main cases where a deployed
authentication server might skip Phase 2 and as such, where a more
strict default behavior could result in undesired interoperability
issues. Requiring Phase 2 authentication will end up disabling TLS
session resumption automatically to avoid interoperability issues.

Allow Phase 2 authentication behavior to be configured with a new phase1
configuration parameter option:
'phase2_auth' option can be used to control Phase 2 (i.e., within TLS
tunnel) behavior for PEAP:
 * 0 = do not require Phase 2 authentication
 * 1 = require Phase 2 authentication when client certificate
   (private_key/client_cert) is no used and TLS session resumption was
   not used (default)
 * 2 = require Phase 2 authentication in all cases

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-07-17 21:09:26 +03:00
Jouni Malinen
aa4b8492e4 AP MLD: Provide Link ID when requesting current seqnum for a group key
This is needed to match the key configuration design with a single
netdev and the nl80211 driver interface.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-06-15 17:43:17 +03:00
Andrei Otcheretianski
172b0a9a2b AP/driver: Add link ID to send EAPOL callbacks
EAPOL frames may need to be transmitted from the link address and not
MLD address. For example, in case of authentication between AP MLD and
legacy STA. Add link_id parameter to EAPOL send APIs.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-12 16:26:56 +03:00
Ilan Peer
5a61644fff driver: Specify link ID for 'send_mlme' and 'sta_deauth' callbacks
This is needed for the driver to know on which link it should transmit
the frames in MLO cases.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-12 16:26:49 +03:00
Ilan Peer
e3605e8093 driver: Allow to provide a link ID when setting a channel
This includes:

- Modifications of the driver API, to include the link ID as part
  of 'struct hostapd_freq_params'.
- Modifications to nl80211 driver.
- Modifications for the driver wrappers.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-06 20:44:25 +03:00
Veerendranath Jakkam
8e16372cff Indicate link reconfiguration with QCA vendor interface
Add support to indicate link reconfiguration event reported by the QCA
vendor interface to the wpa_supplicant control interface.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-06-01 18:21:13 +03:00
Shivani Baranwal
7b9070229d Indicate TID to link mapping changes with QCA vendor interface
Add support to indicate TID-to-link mapping changes reported by the QCA
vendor interface to the wpa_supplicant control interface.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2023-06-01 18:12:03 +03:00
Veerendranath Jakkam
df2f22faf9 MLD STA: Use AP MLD address as previous BSSID for reassociation requests
The Linux kernel expects to use the AP MLD address in
NL80211_ATTR_PREV_BSSID for reassociation requests when the current
association is MLO capable.

Previously, wpa_supplicant was using the BSSID value in
NL80211_ATTR_PREV_BSSID even if the connection is MLO capable. Fix this
by sending the AP MLD address in NL80211_ATTR_PREV_BSSID for
reassociation requests when MLO is used.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-05-25 18:06:50 +03:00
Veerendranath Jakkam
199b44213c MLD STA: Allow auth frames without ML IE for failure status codes
In some cases like unknown-group rejection, AP MLD can't parse the
received Authentication frame to the point of the Multi-Link element if
the group used by the peer is unknown to the AP MLD.

In such cases, AP MLD not including Multi-Link element in rejection
Authentication frames can be considered as standard compliant since AP
MLD doesn't know whether the received Authentication frame has
Multi-Link element or not.

To avoid connection issues in such cases, don't reject Authentication
frames without Multi-Link element when status code is other than
WLAN_STATUS_SUCCESS, WLAN_STATUS_SAE_HASH_TO_ELEMENT,
WLAN_STATUS_SAE_PK, and WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-05-25 18:03:58 +03:00
Jintao Lin
7337232203 wpa_supplicant: Skip scan before starting a BSS in AP mode
When starting a new BSS as AP mode, the network configs have been passed
in from the BSS config. There is no need to scan before creating a new
BSS. Reuse connect_without_scan structure member to bypass scan when the
mode is WPAS_MODE_AP.

Signed-off-by: Jintao Lin <jintaolin@chromium.org>
2023-04-28 21:06:10 +03:00
Nick Hainke
f45cf609c7 wpa_supplicant: Fix compiling without IEEE8021X_EAPOL
If IEEE8021X_EAPOL is not defined wpa_supplicant will not compile with
following error:

  events.c: In function 'wpa_supplicant_connect':
  events.c:1827:14: warning: implicit declaration of function 'eap_is_wps_pbc_enrollee' [-Wimplicit-function-declaration]
   1827 |         if ((eap_is_wps_pbc_enrollee(&ssid->eap) &&
        |              ^~~~~~~~~~~~~~~~~~~~~~~
  events.c:1827:43: error: 'struct wpa_ssid' has no member named 'eap'
   1827 |         if ((eap_is_wps_pbc_enrollee(&ssid->eap) &&
        |                                           ^~

Add ifdef statements around the calling function to fix the issue.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-04-28 20:59:30 +03:00
Benjamin Poirier
c62e94d793 Add missing driver entries to wpa_supplicant documentation
There are possible more entries missing but I added only the ones I was
actually able to build.

Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com>
2023-04-28 20:53:24 +03:00
Jouni Malinen
5d285040d6 Rename VHT elements to match the standard
Some of the information elements added in IEEE Std 802.11ax-2013 for VHT
purposes have since then been taken into use for other cases and renamed
to remove the "VHT" prefix in the standard. Update the defines for those
elements in the implementation to match the names used in the current
standard.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-04-26 23:10:03 +03:00
Veerendranath Jakkam
8bc84fceeb Allow MLO disabled connection to legacy open/WPA2-Personal-only AP MLDs
wpa_supplicant was skipping MLD APs from network selection when the AP
advertise legacy open, WPA2-Personal-only (PSK without SAE), or PMF
disabled. However, there are already some early Wi-Fi 7 APs in the
market which advertise legacy open, WPA2-Personal-only, or PMF disabled
even though these combinations are unlikely to be allowed for Wi-Fi 7 in
the end.

To avoid connectivity issues with such APs, allow stations to connect
with MLO disabled when an AP MLD is detected to advertise legacy open,
WPA2-Personal-only (PSK without SAE), or PMF disabled.

This reverts commit 7d8b96dcfd ("wpa_supplicant: Apply same
restrictions for MLD as for 6 GHz BSS") except WEP and TKIP checks,
i.e., AP MLDs which advertise only WEP or TKIP are still skipped from
network selection.

For the SME-in-wpa_supplicant case, skip configuring MLD parameters to
the driver if the STA can connect only in legacy open,
WPA2-Personal-only, or PMF disabled mode. For the SME-in-driver case, it
is the driver's responsibility to initiate connection with MLO disabled
with such APs.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-04-25 17:04:44 +03:00
Jouni Malinen
b9c3b57a99 Update AP RSNE/RSNXE to RSN state machine on driver-selected BSS cases
The driver-initiated BSS selection case and the "Network configuration
found for the current AP" case ended up clearing the RSN state machine
information on AP RSNE/RSNXE. That could result in incorrect behavior if
some key management operations depended on accurate information. For
example, this could result in not deriving the KDK as part of the PTK
derivation and failing to complete 4-way handshake if both the AP and
the STA indicated support for Secure LTF.

If the scan results for the selected BSS are available, use those to
update the RSN state machine AP RSNE/RSNXE similarly to the way this is
done with wpa_supplicant selects the BSS instead of clearing that
information in the RSN state machine.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-04-25 13:30:08 +03:00
Jouni Malinen
6972b0fa2b OWE: Update transition mode information on selecting a new BSS
It is possible for a new BSS entry to be added for the
hidden-SSID-OWE-BSS when running a new scan after having previously
learned the hidden SSID during a previous OWE connection attempt. That
new entry would not necessarily have the WPA_BSS_OWE_TRANSITION flag set
and that would result in not being able to recognize the appropriate OWE
profile when checking the association event against the transition mode
configuration.

Fix this by updating the BSS entry for OWE transition mode information
for the cases where this might happen.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-04-25 12:04:01 +03:00
Veerendranath Jakkam
6002fe87d8 SAE: Fix expected AP MLD address info in a debug print
Print correct expected AP MLD address information when the AP MLD
address validation fails in Authentication frames during external
authentication.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-04-19 11:51:43 +03:00
Veerendranath Jakkam
c70405cef6 MLD STA: Do not fail on unknown IEs in Authentication frames
Fail MLD address validation only if Authentication frames IE parsing
actually failed, i.e., ignore all unknown IEs.

This is needed to avoid authentication failure when the Authentication
frames include IEs which are not handled by ieee802_11_parse_elems(),
e.g., AKM Suite Selector IE.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-04-19 11:50:55 +03:00
Chaoli Zhou
e8912452ed Export wpa_supplicant config item 'he' for external configuration
Export the "he" network profile item to be configurable from external
client side, like wpa_cli or NetworkManager. This follows the earlier
changes to allow the previously internal-only parameter (e.g., vht) to
be used for additional purposes for AP mode.

Signed-off-by: Chaoli Zhou <quic_zchaoli@quicinc.com>
2023-04-19 11:34:38 +03:00
Jouni Malinen
07a7bcd7ea WMM: Advertise support for 16 PTKSA replay counters for non-AP STA
In theory, each device that supports WMM (or the IEEE 802.11 QoS for
that matter) is expected to advertise how many replay counters it
supports and the peer device is supposed to use that information to
restrict the total number of different MSDU priorities (AC/UP) that
might be used. In practice, this is not really done in deployed devices
and instead, it is just assumed that everyone supports the eight
different replay counters so that there is no need to restrict which
MSDU priorities can be used.

hostapd implementation of WMM has advertised support for 16 PTKSA replay
counters from the beginning while wpa_supplicant has not had any code
for setting the supported replay counter fields in RSNE, i.e., has left
the value to 0 which implies that only a single replay counter is
supported. While this does not really result in any real issues with
deployed devices, this is not really correct behavior based on the
current IEEE 802.11 standard and the WMM specification.

Update wpa_supplicant to use similar design to the hostapd RSNE
generation by setting the number of supported PTKSA replay counters to
16 whenever WMM is enabled. For now, this is done based on the
association being for HT/VHT/HE/EHT and also based on the AP supporting
WMM since it is much more likely for the local device to support WMM and
eight replay counters (which can be indicated only with the value that
implies support for 16 counters since there is no separate value for 8).

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-04-18 11:40:10 +03:00
Seevalamuthu Mariappan
bb945b98fe Add 40 and 80 MHz channels 165 and 173 for 5 GHz IBSS/mesh
Add the channels 165 and 173 in allowed channels for ht40_plus. Also add
the allowed frequency 5825 (channel 165; channel center frequency index
171) for 80 MHz bandwidth.

Signed-off-by: Seevalamuthu Mariappan <quic_seevalam@quicinc.com>
Signed-off-by: Raj Kumar Bhagat <quic_rajkbhag@quicinc.com>
2023-03-29 18:37:31 +03:00
Hari Chandrakanthan
5349a45d32 Set interface state as inactive if mesh bringup fails
The STATUS command showed the interface state as SCANNING even if mesh
bringup fails. This incorrect interface status can mislead
scripts/applications that rely on interface status to bring up different
type of virtual interfaces (AP/MESH) on a single radio.

Fix this by setting the interface status as INACTIVE if mesh bringup
fails.

Signed-off-by: Hari Chandrakanthan <quic_haric@quicinc.com>
2023-03-29 18:09:06 +03:00
Aloka Dixit
e3621867c5 EHT: Process puncturing bitmap from channel switch event
Retrieve the puncturing bitmap sent by the driver in channel switch
events and add a new member punct_bitmap in struct ch_switch to store
it.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
2023-03-17 19:49:57 +02:00
Sathishkumar Muruganandam
44b32a7526 mesh: Add EHT support
Add mesh_eht_enabled and eht ssid configuration parameters to include
EHT Capability and EHT Operation elements in mesh PLINK Action frames.

Update mesh_eht_enabled from EHT capability advertised for mesh mode.

Signed-off-by: Sathishkumar Muruganandam <quic_murugana@quicinc.com>
Signed-off-by: Ramya Gnanasekar <quic_rgnanase@quicinc.com>
2023-03-09 16:19:09 +02:00
Andrei Otcheretianski
df6561ec06 nl80211: AP MLD support for adding multi link stations
Multi link stations are represented in the kernel using a single
station with multiple links and the first ADD_STA command also
creates the first link. Subsequent links should be added with
LINK_ADD commands.

Implement this logic and provide the required MLD information per
station/link.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-03-07 21:43:41 +02:00
Hu Wang
a9012070a6 Android: Add wowlan_disconnect_on_deinit to template configuration
Add wowlan_disconnect_on_deinit=1 to wpa_supplicant_template, as
Android expects STA to be disconnected when wpa_supplicant is
terminated.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-27 21:02:09 +02:00
Veerendranath Jakkam
b2bf7e39ec Update PMK in wpa_sm when roam+auth event indicated with authorized flag
Currently, the PMK used by the driver is not updated to wpa_sm when
roaming is completed by the driver with the cached PMKSA and the
roam+auth event is indicated with the authorized flag.

To fix this, identify the PMKSA entry from the PMKID sent in
Reassociation Request frame and update the correct PMK to wpa_sm from
the PMKSA entry.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-02-23 13:16:52 +02:00
Avraham Stern
6b9c86466c nl80211: Replace the channel flags for VHT support
The flags that indicate that a channel is allowed for 80/160 MHz use
are divided according to the position of the control channel (e.g.,
HOSTAPD_CHAN_VHT_10_70, HOSTAPD_CHAN_VHT_30_50, etc.).

However, the position of the control channel does not add any extra
regulatory information because when trying to use a 80/160 MHz channel
all the desired bandwidth has to be allowed for 80/160 MHz use,
regardless of the control channel position.

In addition, these flags are set only if the driver reports one
regulatory rule that allows the entire 80/160 MHz bandwidth.
However, even when a 80/160 MHz channel is allowed, in some cases the
bandwidth will be split into several regulatory rules because
different segments of the bandwidth differ in other flags (that don't
affect the use of the bandwidth for VHT channels). So, in such cases
these flags will not be set, although VHT channels are allowed.

As the result, VHT channels will not be used although they are allowed
by the regulatory domain.

Fix this by introducing new flags that indicate if a 2 0MHz channel is
allowed to be used as a part of a wider (80/160 MHz) channel.
The new flags are set for each 20 MHz channel independently and thus
will be set even if the regulatory rules for the bandwidth are split.

A 80/160 MHz channel is allowed if all its 20 MHz sub-channels are
allowed for 80/160 MHz usage.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-02-22 21:44:09 +02:00
Jouni Malinen
c31600ce12 P2P: Allow GO BSSID to be specified for P2P_GROUP_ADD commands
This allows the control interface to be used similarly to the way D-Bus
interface was extended to force a specific GO BSSID for optimizing
scanning.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-22 14:11:17 +02:00
Matthew Wang
0430756e65 P2P: Optimize join scan frequency
Allow clients to specify the BSSID of an auto GO. If the auto GO has been
discovered on another interface, optimize scan frequency by performing
a single channel scan first. Android and ChromeOS use this to streamline
auto GO discovery.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2023-02-22 13:40:21 +02:00
Emeel Hakim
6d24673ab8 mka: Allow configuration of MACsec hardware offload
Add new configuration parameter macsec_offload to allow user to set up
MACsec hardware offload feature.

Signed-off-by: Emeel Hakim <ehakim@nvidia.com>
2023-02-21 19:26:47 +02:00
Jouni Malinen
3f3e356fa0 Mark addr argument to storing PTKSA const
This is not being modified, so mark it const to be more flexible for the
caller.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-21 17:27:29 +02:00
David Ruth
edcad193ae dbus: Add inactive time to D-Bus signal info
This enables connection managers to receive and use this information in
the same manner that other station information is exposed.

Signed-off-by: David Ruth <druth@chromium.org>
2023-02-21 13:51:24 +02:00
Yichen Yu
a678a510fb dbus: Add D-Bus signal for PSK mismatch heuristics
As a workup action during disassociation, wpa_supplicant checks if the
disconnection could have been caused by PSK mismatch during WPA 4-way
handshake with function could_be_psk_mismatch() in event.c. A MSG_INFO
message will be sent on the control interface when there could be a PSK
mismatch, and this heuristic can be useful to indicate if the
disconnection is caused by a wrong passphrase provided by the user.
Here, propagate a new D-Bus signal 'PskMismatch' to notify other
applicantions.

Signed-off-by: Yichen Yu <yichenyu@chromium.org>
2023-02-21 11:24:06 +02:00
Nicolas Cavallari
f4a7e2a07c Rework IBSS/mesh 80 MHz channel selection
- Do not try to enable 80 MHz if 40 MHz is disabled or not selected (e.g.,
  due to obss_scan).
- If it is not possible to use 80 HMz or even 40 MHz, still attempt to
  configure HE40/VHT40/HE20/VHT20 instead of bailing out.
- When bailing out, also disable HE.

Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
2023-02-21 00:32:37 +02:00
Nicolas Cavallari
f91f971bde Fix creating 6 GHz IBSS/mesh on 5/6 GHz-capable PHYs
If the PHY supports both 5 GHz and 6 GHz bands, there will be two
different struct hostapd_hw_modes with mode HOSTAPD_MODE_IEEE80211A,
one for each band, with potentially different capabilities.

Check that the struct hostapd_hw_modes actually contains the frequency
before selecting it.

Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
2023-02-21 00:32:10 +02:00
Nicolas Cavallari
c623cee421 Make arrays static const in ibss_mesh_select_*()
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
2023-02-21 00:32:08 +02:00
Nicolas Cavallari
64043e6156 Split ibss_mesh_setup_freq() into multiple functions
ibss_mesh_setup_freq() has become a 342 line function with 23 local
variables, 1 or 2 goto labels depending on ifdefs and its logic is
quite unpredictable.

Split it into multiple functions. No functional change intended, it
should be bug-compatible with the original code, except for some log
messages that are skipped more often.

Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
2023-02-21 00:28:11 +02:00
Konstantinos Natsakis
8085a7e656 wpa_supplicant: Add option to explicitly set 4addr mode
Add a new network profile option enable_4addr_mode=1 that puts an
interface in 4addr mode, for interfaces meant to be added to a bridge.

Signed-off-by: Konstantinos Natsakis <infradead.org@aleph-0.net>
2023-02-21 00:00:07 +02:00
Kaidong Wang
1ffc7d1c65 Apply bias towards 6 GHz in roaming
wpa_supplicant_need_to_roam_within_ess() applies bias to the minimum
difference of the signal level required to roam if the roam is from 2.4
GHz to higher band, but doesn't apply bias if the roam is from a lower
band to 6 GHz. Add bias towards 6 GHz, as 6 GHz networks usually provide
higher throughput.

Signed-off-by: Kaidong Wang <kaidong@chromium.org>
2023-02-20 23:52:18 +02:00
Remco Rijnders
97405be969 Small textual improvements to wpa_supplicant man page
Signed-off-by: Remco Rijnders <remco@webconquest.com>
2023-02-20 19:38:02 +02:00
Hu Wang
4ae798a22c P2P: Pick the best driver pref freq for invitation process
Move the logic of picking the best driver pref freq into a separate
function, and use this to extend the functionality for invitation
process.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-20 19:37:26 +02:00
Veerendranath Jakkam
c91852044d MLD STA: Add support for SAE external authentication offload to userspace
Enable MLO for SAE authentication when the driver indicates the AP MLD
address in an external authentication request. The MAC address of the
interface on which the external authentication request received will be
used as the own MLD address.

This commit does below for enabling MLO during external SAE
authentication:
- Use MLD addresses for SAE authentication.
- Add Basic Multi-Link element with the own MLD address in SAE
  Authentication frames.
- Send SAE Authentication frames with the source address as the own MLD
  address, destination address and BSSID as the AP MLD address to the
  driver.
- Validate the MLD address indicated by the AP in SAE Authentication
  frames against the AP MLD address indicated in external authentication
  request.
- Store the PMKSA with the AP MLD address after completing SAE
  authentication.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-02-15 23:49:59 +02:00
Jouni Malinen
72b8193f41 MACsec: Remove EAP Session-Id length constraint
The initial MACsec implementation required the EAP Session-Id to be at
least 65 octets long and by truncating the value to that length, the
practical limit of functional cases was limited to that exact length of
65 octets. While that happens to work with EAP method that use TLS, it
does not work with most other EAP methods.

Remove the EAP Session-Id length constraint and allow any length of the
Session-Id as long as the EAP method provides one. In addition, simplify
this be removing the unnecessary copying of the Session Id into a new
allocated buffer.

Fixes: dd10abccc8 ("MACsec: wpa_supplicant integration")
Fixes: a93b369c17 ("macsec: Support IEEE 802.1X(EAP)/PSK MACsec Key Agreement in hostapd")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-10 12:31:01 +02:00
Mordechay Goodstein
2cff340d17 utils: Move log2pcap to python3
python2 is deprecated so move script to python3.
While at it, make some minor adjustments.

Signed-off-by: Mordechay Goodstein <mordechay.goodstein@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-02-01 18:34:57 +02:00
Krishna T
12de8112b7 Fix BSS age underflow
While checking for stale BSSes, the current time is used as a basis and
then based on age the stale check time is calculated, but if this is
done too early in the boot and if either BOOTTIME/MONOTONIC (the one
Zephyr uses by default) are used then the stale check time underflows
and goes to future causing active BSS entries in the scan to be treated
as stale and flushed.

Fix this by adding a check before calculating stale time and ignore this
check till the system reaches the BSS expiration time (this would never
happen with REALTIME clock).

Signed-off-by: Krishna T <krishna.t@nordicsemi.no>
Signed-off-by: Sridhar Nuvusetty <sridhar.nuvusetty@nordicsemi.no>
2023-02-01 18:30:27 +02:00
Krishna
d31c2b43aa Fix segfault in case of an invalid configuration
The RO variable is being assigned before the SSID is NULL checked, so,
any invalid configuration leads to a segmentation fault.

Fixes: d8d2b3a338 ("Implement read-only mode for SSIDs from the additional config (-I)")
Signed-off-by: Chaitanya Tata <chaitanya.tk17@gmail.com>
2023-02-01 18:24:13 +02:00
Veerendranath Jakkam
a32b424a3d MLD STA: Use AP MLD address in PMKSA cache attempts for driver-SME case
The previous implementation handles PMKSA cache attempts with AP MLD
address only for SME-in-wpa_supplicant cases since wpa_s->valid_links
wouldn't be set for SME-in-driver cases.

Fix SME-in-driver behavior by enabling PMKSA cache attempts with AP MLD
address when driver supports MLO and SME offload to driver.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-01-31 11:20:18 +02:00
Veerendranath Jakkam
8c4790cef8 MLD STA: Store PMKSA with AP MLD address for MLO connection event
Store PMKSA with AP MLD address while processing connect event for OWE
and FILS when the connection is MLO capable.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-01-31 11:19:41 +02:00
Jouni Malinen
bf124a03d5 SAE: Update PT value at later point for SME cases, if needed
It was possible to hit a case where the SAE PT had not yet been derived,
e.g., when using P2P group re-invocation. Update PT use at the time
authentication is started, if needed, to avoid this. While this is not
really ideal from the externally observable timing view point, this is
done only for the case where there is no other option available with a
dynamically changing network configuration for P2P. Similar design was
already in place for the SAE offload-from-driver (external auth) case.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-30 23:23:22 +02:00
Qiwei Cai
1aadcca0a7 P2P: Enable SAE-H2E for client when joining a 6 GHz group
Both P2P GO and client always save key_mgmt = WPA_KEY_MGMT_PSK in the
configuration when storing a persistent group. Next time, when a GO is
started as an autonomous GO on a 6 GHz channel, it will change key_mgmt
to SAE and use hash-to-element mechanism, but the P2P client doesn't
change the parameter even if the group it wants to join is operating on
a 6 GHz channel. The P2P connection will be failed due to reason 'reject
due to mismatch with WPA/WPA2'.

Enable SAE-H2E for P2P client in this case.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-30 23:21:33 +02:00
Jouni Malinen
37f8257c4f SAE: Extend automatic enabling of H2E on 6 GHz to additional cases
Commit 3a0edb2cd8 ("SAE: Enable H2E for 6 GHz BSS") started enabling
H2E automatically for SAE use on the 6 GHz band, but it did not update
these steps in verifying whether the STA has matching configuration for
a BSS that mandates use of H2E and whether to use PT for SAE in SME.
Update these to be aware of automatic H2E enabling.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-30 23:21:06 +02:00
Jouni Malinen
89377c6b9c OCV: Fix build without CONFIG_OCV=y
ssid->ocv is defined within CONFIG_OCV block, so the use for it needs to
match.

Fixes: dc7e330e0b ("Set OCV capability based on Association Request frame RSNE")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-30 11:23:35 +02:00
Aleti Nageshwar Reddy
dc7e330e0b Set OCV capability based on Association Request frame RSNE
Currently, OCV self-capability is being set into the RSN supplicant
state machine only during the initial connection and never getting
updated. But for the driver-SME cases the driver may enable/disable OCV
in (Re)Association Request frame RSNE based on the AP chosen to roam.
This will lead to missing synchronization between wpa_supplicant and the
driver. Thus, update OCV self-capability in the wpa_supplicant RSN state
machine based on the (Re)Association Request frame RSNE indicated in the
connect response.

Signed-off-by: Aleti Nageshwar Reddy <quic_anageshw@quicinc.com>
2023-01-25 23:47:33 +02:00
Jouni Malinen
831be65149 WPS: Do not indicate incorrect PBC overlap based on partner link
The check for PBC overlap on a partner link should not be done unless
the current interface is actually in active PBC mode. Furthermore, the
wpa_s->wps_overlap variable needs to be cleared in additional places to
avoid leaving it set indefinitely.

This was found with the following test case sequence:
dbus_wps_pbc_overlap dbus_p2p_two_groups

Fixes: b43e19f3f3 ("WPS: Cross band overlap detection with multiple interfaces")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-20 19:08:07 +02:00
Jouni Malinen
c9fc124256 P2P: Make wpas_p2p_notif_pbc_overlap() static
Commit ace0fbdb69 ("P2P: Fix segfault when PBC overlap is detected")
removed the external calls to this function, but did not mark it static.
Mark it static now to clarify expected uses through the
wpas_p2p_pbc_overlap_cb() timer handler.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-20 18:02:26 +02:00
Jouni Malinen
0f3f9cdcab dpp-nfc: Try to request with alternative URL in additional cases
There was a race condition between the NFC handover requester and
selector role processing that ended up not sending out the alternative
proposal in some cases. Catch those at the end of
run_dpp_handover_client() processing (or immediately after returning
from that function without having sent out the alternative proposal).

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-12-20 17:29:19 +02:00
Jouni Malinen
546debd5ef Force MFPR=1 to be used on the 6 GHz band
IEEE Std 802.11ax-2021, 12.12.2 requires this, so force MFPR=1 when
associating on the 6 GHz band so that ieee80211w=1 (i.e., MFPC=1 MFPR=0)
configuration can be used to get MFPC=1 behavior on other bands and
MFPR=1 on the 6 GHz band.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-18 21:07:48 +02:00
Matthew Wang
f9c6ab834d P2P: Support preferred GO band based optimization for scanning
Allow specifying preferred GO band in addition to frequency. If a band
is specified, the first two scans will be limited to only non-DFS
channels to shorten scan times, and the next two will scan the entire
band.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2022-12-18 18:33:44 +02:00
Matthew Wang
093bedc059 P2P: Allow persistent group join retry limit to be configured via D-Bus
Android and ChromeOS use this to limit retries for auto GO join
operation.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2022-12-18 17:37:08 +02:00
Jouni Malinen
8717110db1 Do not flush PMKSA cache on restoring dedicated per-ESS MAC address
Now that we check in PMKSA cache code whether the entry was created for
the same local address, it is fine to leave the old entries in the cache
even if we have changed addresses. This allows a valid PMKSA cache entry
to be used when restoring the same MAC address for the same ESS.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-18 12:33:16 +02:00
Jouni Malinen
1d4027fdbe Make random MAC address style parameters use common enum values
This makes the implementation more readable by sharing the same set of
enum values for all the parameters related to what kind of random MAC
addresses are used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-18 12:33:16 +02:00
Jouni Malinen
681856c355 Check both sec and usec values to see if MAC address was changed
wpa_s->last_mac_addr_change.sec might be zero in the special case of UML
testing with time travel since it would be possible to complete the test
case steps within one second of the system start.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-18 12:33:16 +02:00
Andrzej Ostruszka
bdbb6e0035 wpa_supplicant: Handle MAC address randomization changes for same ESS
When MAC address randomization settings change we should use a new MAC
address even if we are associating to the same ESS.

For example, consider this scenario:
- hardware MAC is being used,
- we disconnect from the network,
- policy/style is changed via D-Bus to turn randomization on,
- we reconnect to the same network.

In the last step a randomized MAC address should be used.

Changes to the randomization settings include both changes to the
policy/style to be used and changes to the pregenerated MAC address
value in case of mac_addr==3.

Signed-off-by: Andrzej Ostruszka <amo@semihalf.com>
2022-12-18 12:33:02 +02:00
Jintao Lin
4bd1efe073 dbus: Do not bring down primary interface when removing created AP interface
If the CreateInterface command was used to create a virtual AP
interface, deleting this interface using the RemoveInterface command was
also bringing down the primary interface.

wpa_supplicant never uses hostapd style multi-BSS setup with
type=WPA_IF_AP_BSS and setup_ap=1 to if_add() when creating an AP
interface in wpa_driver_nl80211_if_add(), so it should not go through
the multi-BSS tear down procedure in wpa_driver_nl80211_if_remove(). The
virtual AP resources init and deinit are well handled in
wpa_driver_nl80211_init() and wpa_driver_nl80211_deinit().

Collapse the interface type to WPA_IF_STATION for the D-Bus interface to
skip the multi-BSS cleanup procedure. This is inline with the control
interface design. Add comments before the code to avoid confusion.

Signed-off-by: Jintao Lin <jintaolin@chromium.org>
2022-12-18 11:04:18 +02:00
Andrei Otcheretianski
e869fdfeef wpa_supplicant: Use MLD address in SAE authentication
Use MLD address in SAE commit derivation and PMKSA storing.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-17 17:47:34 +02:00
Andrei Otcheretianski
8c0f83ae88 SME: Accept Authentication frame from an MLD AP
The driver is expected to translate the link addresses to MLD addresses
when processing an Authentication frame from a MLD AP. Thus, accept
Authentication frame when the peer matches the expected MLD address.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-17 17:38:03 +02:00
Andrei Otcheretianski
23039f5e4a SME: Add support for handling association with MLD
In case both the local driver and the AP support MLD, request an MLD
association from the driver.

When processing the association event from the driver verify that the
multi link information in the (Re)Association Response frame ML element
matches the links on which the association was expected.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-17 17:33:11 +02:00
Andrei Otcheretianski
8f89661df5 SME: Add support for handling authentication with MLD
In case both the local driver and the AP support MLD, request an MLD
authentication from the driver. When processing the authentication event
from the driver verify that the MLD address in the authentication data
matches that of the requested AP.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-17 17:31:41 +02:00
Andrei Otcheretianski
694a1c6873 SAE: Make sme_sae_auth() return IE offset
Authentication frames include several fixed body parts (see Table 9-68
(Authentication frame body) and Table 9-69 (Presence of fields and
elements in Authentication frames) in IEEE P802.11-REVme/D2.0).

To be able to parse the IE part, these fields need to be skipped. Since
SAE logic already implements this parsing, change SAE authentication
handling functions to return the offset to the IE part. This preparation
is needed for future MLD patches that need to parse out the ML related
elements in the Authentication frames.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-17 17:11:16 +02:00
Vinayak Yadawad
870edfd67e WPA3: Update transition disable bitmap based on port authorized event
In case of drivers that offload the 4-way handshake to the driver, there
was no way of updating wpa_supplicant about the transition disable
bitmap received as a part of EAPOL-Key msg 3/4.

With latest provisions in cfg80211_port_authorized(), the TD bitmap can
be sent to the upper layer. Parse that as a part of the port authorized
event and set the transition disable information accordingly.

Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>
2022-12-17 14:21:54 +02:00
Jintao Lin
87bad8afad dbus: Pass in MAC address in CreateInterface method
chromeOS uses random generated MAC address for AP interface so that the
device could remain anonymous and untrackable. Add an address parameter
for CreateInterface method to pass in OS managed MAC address.

Signed-off-by: Jintao Lin <jintaolin@chromium.org>
2022-12-17 12:11:15 +02:00
Jintao Lin
b0722cf75e dbus: Fix a memory leak on error path in CreateInterface method
Fix a potential memory leak in CreateInterface method.

Fixes: 0ba266d86c ("dbus: Add virtual interface create/remove logic to be inline with ctrl_iface")
Signed-off-by: Jintao Lin <jintaolin@chromium.org>
2022-12-17 12:11:15 +02:00
Andrei Otcheretianski
3d798ff2a4 PASN: Align RSNXE with IEEE P802.11az/D7.0 definitions
RSNXE bits were modified, so update the relevant places accordingly.
Please note, WLAN_RSNX_CAPAB_PROT_RANGE_NEG was renamed to
WLAN_RSNX_CAPAB_URNM_MFPR and the bit position is changed to 15 instead
of 10, while BIT 10 is used for WLAN_RSNX_CAPAB_URNM_MFPR_X20 and is not
supported yet.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-16 22:35:19 +02:00
Johannes Berg
ed0a7b4809 wpa_supplicant: Implement HE membership selector check
Check the HE membership selector and don't use the BSS
if required but not supported by HW.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-16 20:31:14 +02:00
Veerendranath Jakkam
23e31eb68e SAE: Support cross AKM roaming between SAE AKMs in external auth case
Add support to handle external authentication request with a different
SAE AKM suite compared to the current connection AKM suite. This is
needed to support cross AKM roaming between SAE and SAE-EXT-KEY AKM
suites.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-12-15 18:36:26 +02:00
Vinay Gannevaram
a170267076 PASN: Avoid clearing secure context for the PASN deauthentication event
PASN deauthentication event is sent by the underlying driver to delete
the keys in wpa_supplicant PTKSA cache. So don't send clear secure
context command to the driver again as it is already aware of it.

Fixes: 74d894a2 ("PASN: Offload handshake for multiple peers from the driver")
Signed-off-by: Vinay Gannevaram <quic_vganneva@quicinc.com>
2022-12-15 18:30:04 +02:00
Andrei Otcheretianski
7d8b96dcfd wpa_supplicant: Apply same restrictions for MLD as for 6 GHz BSS
Though not explicitely forced by IEEE 802.11be draft yet, it makes sense
to apply the same logic for MLD as for 6 GHz BSSs. Change
wpa_supplicant_ssid_bss_match() accordingly.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-03 17:43:46 +02:00
Andrei Otcheretianski
32b7454485 wpa_supplicant: Make valid_links u16
MAX_NUM_MLD_LINKS is 15, thus u8 isn't enough for the bitmap. Fix it.
While at it, clean MLO information better.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-03 17:20:13 +02:00
Ilan Peer
e3e68668c1 ctrl_iface: Report RNR and ML in BSS command
Add the required ML and RNR definitions and report the information in
BSS command.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-03 11:47:07 +02:00
David Ruth
7a7ce95746 dbus: Emit more information over D-Bus
Allows informing the connection manager of additional information on CQM
events. Allows the connection manager to request the same information
on demand by using the existing "SignalPoll" method.

* Add new property "SignalChange"
        * Add storage for wpa_signal_info into wpa_supplicant context
          object
        * Copy memory from event to context object on CQM Event
* Write a common conversion method to be used by both "SignalPoll" and
  this property

Signed-off-by: David Ruth <druth@chromium.org>
2022-12-03 10:59:44 +02:00
David Ruth
ad4fa5dd3c Add more nl80211 info to struct wpa_signal_info
Facilitate emitting more station information over D-Bus for use by the
connection manager.

* Add storage for more NL80211_STA_INFO_* fields to data structures, and
  move them through the system.
* Reorder NL80211_STA_INFO_* fields in driver_nl80211.c to match the
  ordering in nl80211.h.
* Convert signal field to an integer to support holding WPA_INVALID_NOISE
  and avoid changing logging.

* Add fields to hostap_sta_driver_data to capture more information
	* fcs_error_count
	* beacon_loss_count
	* expected_throughput
	* rx_drop_misc
	* rx_mpdus
	* rx_hemcs
	* tx_hemcs
	* rx_he_nss
	* tx_he_nss
	* avg_signal
	* avg_beacon_signal
	* avg_ack_signal
* Add struct hostap_sta_driver_data to struct wpa_signal_info and remove
  redundant fields and redundant attribute parsing
	* Change logging when printing txrate to handle unsigned long
	  value

Signed-off-by: David Ruth <druth@chromium.org>
2022-12-03 10:42:16 +02:00
Andrzej Ostruszka
1897abad94 dbus: Add D-Bus property for current MAC address
Since wpa_supplicant can change MAC address of the interface on its own
(with randomization enabled) it makes sense to introduce MACAddress as a
property of the interface and send notifications about its change.

This allows other applications to just use D-Bus instead of both
communicating over D-Bus with wpa_supplicant and listening to Netlink
notifications for MAC changes.

Signed-off-by: Andrzej Ostruszka <amo@semihalf.com>
2022-12-02 12:55:45 +02:00
Ayala Beker
9a2781f243 wpa_supplicant: Support throughput estimation for EHT rates
Add support to consider EHT rates while calculating the estimated
throughput for scan results.

- The estimated EHT throughput uses the HE 0.8 usec GI rates from the
  relevant EHT-MCS tables from IEEE P802.11be/D2.0, 36.5.
- The minimum SNR values for EHT rates (4096-QAM) are derived by adding
  the existing minimum SNR values of 1024-QAM rates from HE tables and
  the difference between the values of minimum sensitivity levels of
  1024-QAM rates and 4096-QAM rates defined in Table 36-67 (Receiver
  minimum input level sensitivity) in IEEE P802.11be/D2.0.

Signed-off-by: Ayala Beker <ayala.beker@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-11-30 19:23:14 +02:00
Micha Hashkes
755aaeb97f wpa_supplicant: Add missing memory allocation checks
There are several cases where memory allocations are not
checked for success. Add conditions and error messages, as some
analyzers complain about that.

Signed-off-by: Micha Hashkes <micha.hashkes@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-11-30 19:14:02 +02:00
Jouni Malinen
bbd5a4689b SAE: Add an enum for defining sae_pwe parameter values
Make this more readable by replacing magic numbers with enum values.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-29 20:37:23 +02:00
Jimmy Chen
3a0edb2cd8 SAE: Enable H2E for 6 GHz BSS
Even if the use of H2E isn't strictly mandatory when using SAE on 6 GHz,
WPA3-Personal pushes it on 6 GHz, so enable H2E automatically when
connecting to a BSS on the 6 GHz band if it was not enabled in the
configuration.

Signed-off-by: Jimmy Chen <jimmycmchen@google.com>
2022-11-29 19:45:12 +02:00
Sai Pratyusha Magam
b43e19f3f3 WPS: Cross band overlap detection with multiple interfaces
When WPS is running simultaneously on multiple per-band radios (e.g., a
separate 2.4 GHz and 5 GHz band radios in an AP device), handle
synchronization of scan results, detect PBC session overlap, and cancel
WPS for enrollees on both interface, if the UUID of the registrars on
different bands differ.

Signed-off-by: Sai Pratyusha Magam <quic_smagam@quicinc.com>
2022-11-29 17:05:21 +02:00
Michal Kazior
043dedee83 DPP: Expose enrollee pubkey hash for identification
Just like with WPA-PSK and keyids it may be desired to identify
connecting clients to provide additional network filtering.

This does:

 - extend DPP_EVENT_AUTH_SUCCESS to expose public
   key hash of the peer so the system can pick it
   up and use for identification later

 - store public key hash in PMKSA from DPP Network
   Intro for later use

 - extend sta mib to print out the dpp_pkhash
   from PMKSA if present

 - extend AP_STA_CONNECTED to include the
   dpp_pkhash from PMKSA if present

Signed-off-by: Michal Kazior <michal@plume.com>
2022-11-29 13:55:53 +02:00
Michal Kazior
2d8974e314 DPP: Move DPP_EVENT_AUTH_SUCCESS to a helper
This event is generated in a couple of places. It'll be easier to extend
the event with additional metadata if it's generated in a single place.

Signed-off-by: Michal Kazior <michal@plume.com>
2022-11-29 13:55:36 +02:00
Maximilian Bosch
d8d2b3a338 Implement read-only mode for SSIDs from the additional config (-I)
On NixOS[1] - a Linux distribution which allows to configure a full OS
declaratively - it's possible to configure SSIDs for `wpa_supplicant`
like this:

    networking.wireless.networks = {
      myssid = {
        pskRaw = "<redacted>";
      };
    };

It's also possible to add networks "imperatively" using `wpa_gui` or
`wpa_cli`. However it's not possible to do both because if the first
option is used, NixOS creates a read-only symlink at
`/etc/wpa_supplicant.conf` and then it's not possible for
`wpa_supplicant` anymore to write to it.

This patch aims to help us changing this: while "declarative" SSID
configuration can be quite useful, it's a bad idea for e.g. sensitive
stuff like a WPA2 enterprise network.

The original idea was to use `-I`[2] for immutable configs (including
"declarative" networks) on NixOS and `-c /etc/wpa_supplicant.conf` for
anything "imperative".

However this doesn't really work out because if a wifi network from a
config file specified with `-I` is changed by e.g. `wpa_gui`, it's
silently overwritten in `/etc/wpa_supplicant.conf` (specified with
`-c`) which is IMHO unintuitive (in our case at least). This patch
basically declares each network defined in a config file passed via `-I`
to `wpa_supplicant` as "read-only" and doesn't write these "read-only"
networks to `/etc/wpa_supplicant.conf`.

A bit more context can be found on GitHub in the PR where I implemented
this[3].

[1] https://nixos.org/
[2] Added in e6304cad47
[3] https://github.com/NixOS/nixpkgs/pull/113716

Signed-off-by: Maximilian Bosch <maximilian@mbosch.me>
2022-11-29 12:55:47 +02:00
Andrzej Ostruszka
9025def55c wpa_supplicant: Add support for pregenerated MAC
Add new 'mac_addr' policy (3) with which supplicant expects to also
obtain 'mac_value' with pregenerated value of MAC address to be used for
given SSID.

The main difference between this policy and policy 1 is the ability to
control persistence of the MAC address used.  For example if there is
a requirement to always use the same (but random) MAC address for given
SSID (even if user removes/forgets the network) this could be handled
outside of the wpa_supplicant by using some SSID based hashing scheme to
generate MAC (or by just storing the randomly generated one) and
providing it to wpa_supplicant together with mac_addr=3 policy.

Signed-off-by: Andrzej Ostruszka <amo@semihalf.com>
2022-11-28 19:05:26 +02:00
Sharadanand Karanjkar
5da3e1ca44 mesh: Do not allow open mode key in 6 GHz
IEEE Std 802.11ax-2021, 12.12 explicitly disallows use of Open System
authentication without encryption on the 6 GHz band.

Signed-off-by: Sharadanand Karanjkar <skaranjkar@datto.com>
2022-11-28 18:43:19 +02:00
Ilan Peer
50a9b7d3d3 P2P: Include only 6 GHz PSCs in full scan
As P2P GOs are not expected to be collocated, i.e., they are not
expected to be announced in the RNR element of other APs, they can
operate only on preferred scanning channels (PSCs).

When performing a full scan for P2P discovery, include only the 6 GHz
PSCs (if supported) to avoid scanning channels on which P2P GOs are not
expected to reside.

While at it also fix couple of places that missed including 60 GHz
channels in P2P full scan.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2022-11-28 18:37:06 +02:00
Vinay Gannevaram
46e6b72b7b Add a callback to notify added PMKSA cache entry details
Add a callback handler to notify details of a PMKSA cache entry when it
is added to the PMKSA cache. This can be used to provide external
components more convenient access to the PMKSA cache contents.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-28 11:39:06 +02:00
xinpeng wang
2afb9b1a58 dbus: Add dbus notify when wpa_s->key_mgmt changes
For WPA2/WPA3 authentication mode, wpa_supplicant needs to notify
CurrentAuthMode property change when wpa_s->key_mgmt changes, so
NetworkManager can judge whether it needs to request a password based on
this.

Call wpas_notify_auth_changed() when starting a new connection item,
i.e., after having updated wpa_s->key_mgmt.

Signed-off-by: xinpeng wang <wangxinpeng@uniontech.com>
2022-11-27 14:18:53 +02:00
Kaidong Wang
87ffa1bec6 wpa_supplicant: Convert SSID into printable form before printing
SSID may include unprintable characters. This change converts
unprintable characters into printable form before printing SSID in the
function wpas_send_ctrl_req(). The conversion is based on the function
wpa_ssid_txt().

Signed-off-by: Kaidong Wang <kaidong@chromium.org>
2022-11-27 14:18:53 +02:00
Vinayak Yadawad
4163860605 Mark authorization completed on driver indication during 4-way HS offload
In case of drivers supporting 4-way handshake offload, mark port
authorized and state completion only if the driver advertizes authorized
state in the connect event. Otherwise there are fair chances of the
driver port authorization API getting called while 4-way handshake is in
progress at the lower layer.

In order to avoid this possible race condition always update port
authorization and supplicant state WPA_COMPLETED setting from
EVENT_PORT_AUTHORIZED context when the driver is done with the 4-way
handshake.

Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>
2022-11-27 14:18:53 +02:00
Jouni Malinen
da2ec9459c D-Bus: Split set_cred_properties() into two functions
Reduce the number of intentation levels here and make this a bit more
readable.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-27 14:18:53 +02:00
Damien Dejean
f5ce680ee6 D-Bus: Hotspot 2.0 credentials with multiple domains
Add the support of multiple domains for interworking credentials in
D-Bus API AddCred() using an array of strings.

Signed-off-by: Damien Dejean <damiendejean@chromium.org>
2022-11-27 14:18:53 +02:00
Janusz Dziedzic
2f739c71ce ctrl: Fix compilation with UDP control interface
Fix compilation issue when using the following build parameter:
CONFIG_CTRL_IFACE=udp-remote

Fixes: 0aae045af0 ("ctrl: Print the source address of the received commands")
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
2022-11-27 14:18:53 +02:00
Damien Dejean
58eb905ad3 HS20: Support credentials with multiple home OIs
Until now Hotspot 2.0 credentials were only supporting one home OI (with
roaming_consortium option) and one required home OI (with
required_roaming_consortium option). To improve the compliance with
Passpoint specification, add the support for multiple home and required
OIs.

The lists of OIs are provided using two new configuration options
home_ois and required_home_ois that expect a list of OIs formatted as
the roaming_consortiums list. It allows to keep the old options to avoid
breaking currently running configurations and better fits the vocabulary
used in the spec.

The OI match algorithm is updated to implement the behavior described in
Passpoint specification v3.2 section 9.1.2 (Home OIs nodes description
PerProviderSubscription/<X+>/HomeSP/HomeOIList/<X+>).

Signed-off-by: Damien Dejean <damiendejean@chromium.org>
2022-11-26 17:58:54 +02:00
Jintao Lin
0ba266d86c dbus: Add virtual interface create/remove logic to be inline with ctrl_iface
There is no way to create or remove a virtual interface with
wpa_supplicant dbus methods. The platform has to use out-of-band methods
to manage the virtual interfaces.

This change adds virtual interface create/remove logic to the dbus
methods CreateInterface and RemoveInterface to achieve similar
functionalities as wpa_cli commands interface_add and interface_remove.

Signed-off-by: Jintao Lin <jintaolin@chromium.org>
2022-11-25 18:57:51 +02:00
Abhiram V
5102d7411f wpa_passphrase: Disable terminal echo when reading from stdin
Disable terminal echo using tcgetattr() and tcsetattr() when reading a
passphrase from stdin.

Signed-off-by: Abhiram V <abhi.raa.man.v@gmail.com>
2022-11-25 18:35:53 +02:00
Vinay Gannevaram
86ab282170 PASN: Fix passing own address and peer address to pasn_deauthenticate()
Need to copy own address and peer address locally and pass them to
pasn_deauthenticate(), because this pointer data will be flushed from
the PTKSA cache before sending the Deauthentication frame and these
pointers to then-freed memory would be dereferenced.

Fixes: 24929543 ("PASN: Deauthenticate on PTKSA cache entry expiration")
Signed-off-by: Vinay Gannevaram <quic_vganneva@quicinc.com>
2022-11-25 16:47:42 +02:00
Veerendranath Jakkam
a9062432e2 wpa_cli: Fix PASN control interface commands
Map to correct control interface commands for PASN start and stop.

Fixes: ad338cfe58 ("ctrl_iface: Add support for PASN authentication")
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-11-25 16:45:51 +02:00
Sai Pratyusha Magam
05ec485688 WPS: Pick WPS AP based on latest received WPS IE
wpa_supplicant used the WPS IE from a Probe Response frame, if one was
received, even if there might have been a more recent Beacon frame with
an updated WPS IE. This could result in using stale information about
active WPS registrar, e.g., when operating on the 6 GHz band.

Prefer WPS IE from a Beacon frame over the default selection of Probe
Response frame (if one has been received) in cases where the Beacon
frame is received more recently than the Probe Response frame and active
WPS Registrar information is being checked. Skip this for the case where
UUID-E is needed since that is not available in the Beacon frame.

Signed-off-by: Sai Pratyusha Magam <quic_smagam@quicinc.com>
2022-11-24 18:50:44 +02:00
Jouni Malinen
ca4fa867d3 Enable PMF automatically if OCV is enabled
OCV cannot be used without PMF and such a configuration were to be used
with wpa_supplicant, the AP would reject the association. hostapd is
already enabling PMF automatically whenever OCV is being enabled, so do
the same with wpa_supplicant.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-24 17:16:26 +02:00
Jouni Malinen
65c8633d90 Allow a lower priority BSS to be tried after network disabling
If a higher priority BSS has invalid security parameters, e.g., an
invalid SAE password, and a lower priority BSS is discovered only after
the local network profile has been temporarily disabled, the BSSID
ignoring mechanism is not sufficient to allow the lower priority BSS to
be tried and all consecutive attempts will continue to use the higher
priority BSS. This might prevent connection in some unexpected cases
with invalid network configuration.

Extend BSSID ignoring mechanism to work in this type of a case by
ignoring the BSSID that resulted in disabling the SSID temporarily
during the first connection attempt after having re-enabled the SSID.
This allows a lower priority BSS, if any is available in scan results,
to be tried next to see if it might have working security parameters.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-24 12:03:01 +02:00
Vinay Gannevaram
f96dfdeef6 PASN: Fix missing libraries for libpasn.so on Android
Fixes: 08abcdf4 ("PASN: Makefile and Android.mk changes for libpasn.so")
Signed-off-by: Vinay Gannevaram <quic_vganneva@quicinc.com>
2022-11-23 18:46:23 +02:00
Glenn Strauss
0202b97741 DPP: Fix memory leak of intro.peer_key in station handling
Fix memory leak of intro.peer_key in wpas_dpp_rx_peer_disc_resp(). The
other code paths were updated to use dpp_peer_intro_deinit(), but this
non-privacy-protection version of the station implementation was missed.

Fixes: 148de3e0dc ("DPP3: Private Peer Introduction protocol")
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-11-20 18:04:08 +02:00
Jouni Malinen
5ea7a2f545 DPP: Drop PMKSA entry if AP reject association due to invalid PMKID
This is needed to avoid trying the subsequent connections with the old
PMKID that the AP claims not to hold and continues connection failures.
This was already handled for the SME-in-the-driver case in commit commit
50b77f50e8 ("DPP: Flush PMKSA if an assoc reject without timeout is
received"), but the wpa_supplicant SME case did not have matching
processing.

Add the needed check to avoid recover from cases where the AP has
dropped its PMKSA cache entry. Do this only based on the specific status
code value (53 = invalid PMKID) and only for the PMKSA entry that
triggered this failure to minimize actions taken based on an unprotected
(Re)Association Response frame.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-20 11:08:26 +02:00
Jouni Malinen
9ff778fa4b Check for own address (SPA) match when finding PMKSA entries
This prevents attempts of trying to use PMKSA caching when the existing
entry was created using a different MAC address than the one that is
currently being used. This avoids exposing the longer term PMKID value
when using random MAC addresses for connections.

In practice, similar restriction was already done by flushing the PMKSA
cache entries whenever wpas_update_random_addr() changed the local
address or when the interface was marked down (e.g., for an external
operation to change the MAC address).

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-10 21:13:05 +02:00
Jouni Malinen
9f04a9c8dd Store own MAC address (SPA) in supplicant PMKSA cache entries
This is needed to be able to determine whether a PMKSA cache entry is
valid when using changing MAC addresses. This could also be used to
implement a mechanism to restore a previously used MAC address instead
of a new random MAC address.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-10 21:13:05 +02:00
Vinay Gannevaram
309765eb66 PASN: Use separate variables for BSSID and peer address
Using separate variables for BSSID and peer address is needed to support
Wi-Fi Aware (NAN) use cases where the group address is used as the BSSID
and that could be different from any other peer address. The
infrastructure BSS cases will continue to use the AP's BSSID as both the
peer address and BSSID for the PASN exchanges.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-10 21:12:50 +02:00
Vinay Gannevaram
42f0c44d84 PASN: Use peer address instead of BSSID as the destination for initiator
Rename struct pasn_data::bssid to peer_addr to be better aligned with
different use cases of PASN and its extensions. This is a step towards
having option to use different peer address and BSSID values for NAN use
cases.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-10 21:03:23 +02:00
Jouni Malinen
bbe5f0c1eb FT: Do not try to use FT protocol between mobility domains
wpa_supplicant has support for only a single FT key hierarchy and as
such, cannot use more than a single mobility domain at a time. Do not
allow FT protocol to be started if there is a request to reassociate to
a different BSS within the same ESS if that BSS is in a different
mobility domain. This results in the initial mobility domain association
being used whenever moving to another mobility domain.

While it would be possible to add support for multiple FT key hierachies
and multiple mobility domains in theory, there does not yet seem to be
sufficient justification to add the complexity needed for that due to
limited, if any, deployment of such networks. As such, it is simplest to
just prevent these attempts for now and start with a clean initial
mobility domain association.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-09 00:54:41 +02:00
Utkarsh Soni
b92f61885c Don't use default RSNE/RSNXE when the driver indicates cross SSID roaming
During cross SSID roaming wpa_supplicant ended up using the default
RSNE/RSNXE in EAPOL-Key msg 2/4 though the driver indicated
(Re)Association Request frame elements without RSNE/RSNXE. This causes
RSNE/RSNXE mismatch between (Re)Association Request frame and EAPOL-Key
msg 2/4.

To avoid this skip copying the default RSNE/RSNXE if the driver
indicates the actually used (Re)Association Request frame elements in
the association event.

Signed-off-by: Utkarsh Soni <quic_usoni@quicinc.com>
2022-11-08 16:01:12 +02:00
Ben Wolsieffer
bdc35acd5a SAE: Allow loading of the password from an external database
There was no support for loading SAE passwords from an external password
database.

Signed-off-by: Ben Wolsieffer <benwolsieffer@gmail.com>
2022-11-07 14:02:55 +02:00
Ben Wolsieffer
48dd8994ac Fix external passwords with 4-way handshake offloading
Passphrases/PSKs from external password databases were ignored if 4-way
handshake offloading was supported by the driver. Split the PSK loading
functionality into a separate function and calls if to get the PSK for
handshake offloading.

I tested connecting to a WPA2-PSK network with both inline and external
passphrases, using the iwlwifi and brcmfmac drivers.

Signed-off-by: Ben Wolsieffer <benwolsieffer@gmail.com>
2022-11-07 14:02:55 +02:00
Gioele Barabucci
e5a7c852cc systemd: Use interface name in description of interface-specific units
In a system with multiple interfaces, the boot messages as well as the
status information provided by `systemctl` can be confusing without
an immediate way to differentiate between the different interfaces.

Fix this by adding the interface name to the unit description.

Signed-off-by: Gioele Barabucci <gioele@svario.it>
2022-11-07 14:02:55 +02:00
Jouni Malinen
0658a22ef1 GAS: Try to make buffer length determination easier for static analyzers
The received frame buffer was already verified to be long enough to
include the Advertisement Protocol element and that element was verified
to have a valid length value, but use of adv_proto[1] in another
function may have been too difficult to figure out for analyzers.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-07 14:02:28 +02:00
Veerendranath Jakkam
08512e5f35 MLD STA: Extend key configuration functions to support Link ID
Add support to specify a Link ID for set key operation for MLO
connection. This does not change the existing uses and only provides the
mechanism for extension in following commits.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-11-06 23:36:49 +02:00
Veerendranath Jakkam
472a0b8d60 MLD STA: Set MLO connection info to wpa_sm
Update the following MLO connection information to wpa_sm:
- AP MLD address and link ID of the (re)association link.
- Bitmap of requested links and accepted links
- Own link address for each requested link
- AP link address, RSNE and RSNXE for each requested link

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-11-06 18:04:09 +02:00
Beniamino Galvani
f899d7f378 dbus: Apply PMK properties immediately
Currently, PMK parameters in the WPA state machine are set from
configuration only when the interface is initialized. If those
parameters are changed later via D-Bus, the new values don't have any
effect.

Call wpa_sm_set_param() when PMK-related D-Bus properties are changed
to immediately apply the new value; the control interface also does
something similar.

Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
2022-11-05 17:49:41 +02:00
Jeffery Miller
c6f8af507e Add option to disable SAE key_mgmt without PMF
Add the `sae_check_mfp` global option to limit SAE when PMF will
not be selected for the connection.
With this option SAE is avoided when the hardware is not capable
of PMF due to missing ciphers.
With this option SAE is avoided on capable hardware when the AP
does not enable PMF.

Allows falling back to PSK on drivers with the
WPA_DRIVER_FLAGS_SAE capability but do not support the BIP cipher
necessary for PMF. This enables configurations that can fall back
to WPA-PSK and avoid problems associating with APs configured
with `sae_require_mfp=1`.

Useful when `pmf=1` and `sae_check_mfp=1` are enabled and networks
are configured with ieee80211w=3 (default) and key_mgmt="WPA-PSK SAE".
In this configuration if the device is unable to use PMF due to
lacking BIP group ciphers it will avoid SAE and fallback to
WPA-PSK for that connection.

Signed-off-by: Jeffery Miller <jefferymiller@google.com>
2022-11-05 17:48:17 +02:00
Jouni Malinen
6527a76566 DPP: Stop listen mode for chirp-initiated Authentication exchange
Stop listen mode if there is not sufficient time remaining to complete
the Authentication exchange within the current remain-on-channel
operation. This speeds up the operation and avoids some timeouts that
could prevent the provisioning step from completing. This addresses an
issue that was found in the following test case sequence:
dpp_controller_relay_discover dpp_chirp_ap_5g

Similar mechanism was already used for Reconfig Announcement frames, so
reuse that for this case with Presence Announcement frames.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-05 17:25:15 +02:00
Matthew Wang
2e73394426 P2P: Discount current operating frequency when scanning new connection
When scanning for a new connection, we currently optimize by scanning
all frequencies only when our MCC capabilities will allow an additional
operating frequency, and scan only the existing operating frequencies
otherwise. This is problematic when there the current operating
frequency singularly accounts for one of the shared radio frequencies
because we should be able to switch operating frequencies without adding
to the channel count. Fix this.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2022-11-05 13:43:06 +02:00
김우용
00a762c26e Do not drop connection attempt when reconnecting to the same ESS
Connection attempt could have been intermittently drop when reconnecting
to the same ESS due the current BSS entry getting removed immediately
after the disconnection for the purpose of reconnecting to the same ESS.

Avoid this by not removing a BSS entry for the same ESS when in this
special state of trying to reconnect to the same ESS.

Signed-off-by : WooYong Kim <wykim@newratek.com>
2022-11-05 12:36:56 +02:00
Shivani Baranwal
368de263bc P2P: Skip Extended Listen timeout to allow scans during group formation
Scans are allowed on the current interface for group formation only when
in the P2P_SEARCH, P2P_IDLE, or P2P_PROVISIONING state. But Extended
Listen timeout being enabled moves to the P2P_LISTEN_ONLY state. Due to
this P2P connection fails if the GO is not found with scans triggerred
before Extended Listen timeout. To avoid this skip Extended Listen
timeout to allow scans during group formation on the current interface.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2022-11-05 12:17:21 +02:00
Veerendranath Jakkam
cff55f3482 P2P: Clone sae_pwe config to new group interface config
Clone sae_pwe configuration value when creating a new P2P group
interface. This is needed to avoid P2P connection failure at the P2P
Client side due to SAE H2E being disabled in the 6 GHz band operation
when a new group interface is created for the connection.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-11-05 12:13:03 +02:00
Hu Wang
ae517789fa P2P: Allow PSC channel to be used for 6 GHz BW40
For the 6 GHz opclass 132, ch for loop only allows non-PSC channels { 1,
9, 17, 25, 33, 41, 49,... } to be used. This does not match the IEEE Std
802.11ax-2021 expectation of a 6 GHz-only AP "should set up the BSS with
a primary 20 MHz channel that coincides with a preferred scanning
channel".

Increase ch by 4 to allow PSC channel to be used for 6 GHz BW40.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-05 12:09:34 +02:00
Vinay Gannevaram
ea241cbe9d PASN: Rename struct wpas_pasn to pasn_data
struct wpas_pasn is common to both initiator and responder, so rename it
to pasn_data to avoid the "wpas_" prefix that could be seen as a
reference to wpa_supplicant (PASN initiator).

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 12:59:29 +02:00
Vinay Gannevaram
08abcdf4e7 PASN: Makefile and Android.mk changes for libpasn.so
The wpa_s and hapd context are isolated from the PASN initiator and
responder code and this functionality is now in the separate src/pasn
directory. Add option to build libpasn.so with this functionality. This
library can be used by a Wi-Fi Aware component to support NAN pairing
with other devices.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 11:42:24 +02:00
Vinay Gannevaram
78c5bb7f50 PASN: Move responder functionality into a separate file
PASN responder validates auth 1 frame and sends auth 2 frame to the
initiator. It analyses the auth 3 frame and verifies successful
authentication. Wi-Fi Aware modules can reuse this functionality through
a shared library libpasn.so generated from this code. Move the PASN
functionality that is now decoupled from the hapd context into a
separate file in a common directory to make it easier to build such a
library.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:52:17 +02:00
Vinay Gannevaram
c7edfce79a PASN: Move initiator changes into a separate file
PASN initiator functionality builds auth 1 and auth 3 frames, and
processes auth 2 frame received from the responder. Wi-Fi Aware modules
can reuse this functionality through a shared library libpasn.so
generated from this code. Move the PASN functionality that is now
decoupled from the wpa_s context into a separate file in a common
directory to make it easier to build such a library.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:52:17 +02:00
Vinay Gannevaram
975b7a02cb Move SAE comeback token functionality into a separate file
This is helpful in being able to get the functionality needed for SAE
into a separate library (libpasn.so) without needing all of the
ieee802_11.c functionality.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:52:17 +02:00
Vinay Gannevaram
1711fe9121 PASN: Compute MIC from RSNE and RSNXE of the frame for Wi-Fi Aware
Wi-Fi Aware R4 specification defines Beacon RSNE/RSNXE to be same as
RSNE/RSNXE present in Auth2 frame. So, MIC validation should be done
with the RSNE and RSNXE received in Auth2 frame.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:52:17 +02:00
Vinay Gannevaram
6f80014b10 PASN: Allow custom PMKID in Authentication frames for Wi-Fi Aware
Wi-Fi Aware R4 specification introduces a custom PMKID derived from
Nonce and TAG. This custom PMKID is included in PASN Authentication
frames during pairing verification. So, allow use of a custom PMKID in
PASN frames and validate it using a function handler. Wi-Fi Aware
component that uses libpasn.so should take care of validating the custom
PMKID.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:52:17 +02:00
Vinay Gannevaram
4022ffc5db PASN: Store AKMP in the PTKSA cache
PTK is stored in the PTKSA cache following a successful PASN handshake,
however AKMP is removed upon a WPA PASN reset. The PASN handshake is
used in the Wi-Fi Aware R4 specification to define the pairing setup
process. KDK is used to generate a new set of keys, while AKMP is
required for key derivation for pairing. So, keep AKMP in the PTKSA
cache.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:52:17 +02:00
Vinay Gannevaram
c55eadede7 PASN: Remove hapd dependency in processing PASN Authentication frames
Remove hapd dependency in processing PASN M1/M3 frames and build PASN M2
frame. Initialize required pasn parameters from hapd before passing
Authentication frames.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:52:17 +02:00
Vinay Gannevaram
1fa266e99d PASN: Remove hapd dependency for SAE and FILS wrapped data
This makes hostapd use the struct defines from pasn_common.h so that the
same struct is shared with wpa_supplicant.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:52:17 +02:00
Vinay Gannevaram
14b5ebce73 PASN: Add a common header file for initiator and responder
This is a step towards decoupling the PASN initiator and responder
implemenentation is decoupled from the wpa_s and hapd contexts and
moving to a common folder for better abstraction. Move the struct
wpas_pasn definition to a common file for initiator and responder. The
idea is to provide a library libpasn.so from PASN common code. Include
C++ compatibilty wrapper to extend libpasn.so support for modules using
cpp code base.

This library can be used in applications implementing protocols based on
the PASN handshake.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:52:15 +02:00
Vinay Gannevaram
af5eec3b37 PASN: Function handler to transmit Authentication frames
Introduce a function handler to transmit PASN Authentication frames to
the driver. This removes the wpa_s dependency from PASN functionality
for sending the frames.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:41:59 +02:00
Vinay Gannevaram
629bbc91b1 PASN: Remove dependency of wpa_ssid for initiator
Get ssid and derive required information for SAE and FILS tunneled PASN
authentication to remove struct wpa_ssid dependency for PASN initiator.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:41:59 +02:00
Vinay Gannevaram
e7f45ca11d PASN: Remove wpa_s dependency for wpas_pasn_start()
Before invoking wpas_pasn_start(), derive KDK and secure LTF flags.
Instead of using network id for pasn_start(), use a pointer to the
struct wpa_ssid.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:41:59 +02:00
Vinay Gannevaram
0be131265a PASN: Remove wpa_s dependency for wpas_pasn_build_auth_1()
Obtain RSNXE capabilities from the driver flags as well and save them in
the wpas_pasn structure.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:41:59 +02:00
Vinay Gannevaram
086ccdc598 PASN: Remove wpa_s dependency for the functions processing RX frames
Remove wpa_s dependency for processing PASN M2 frame and preparing M3
frame. To hold the context of wpa_s when transmitting M3 frame, add cb
ctx.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:41:59 +02:00
Vinay Gannevaram
e2e87b90bf PASN: Remove wpa_s dependency for wpas_pasn_auth_tx_status()
This is a step towards allowing the PASN implementation to be used
outside the context of wpa_supplicant.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:41:59 +02:00
Vinay Gannevaram
de4b73a36a PASN: Remove wpa_s dependency for FILS wrapped data
To avoid reuse without struct wpa_supplicant, add new parameters to
struct wpas_pasn for FILS.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:41:59 +02:00
Vinay Gannevaram
90bb73c518 PASN: Remove wpa_sm dependency to add an entry to PMKSA cache
Store PMKSA cache entry in wpas_pasn and remove wpa_sm dependency to add
an entry to PMKSA cache. This is a step towards allowing the PASN
implementation to be used outside the context of wpa_supplicant.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:41:56 +02:00
Vinay Gannevaram
5313e5a790 PASN: Remove unused wpa_s parameter for wpas_pasn_sae_setup_pt()
This removes unnecessary struct wpa_supplicant dependency for
wpas_pasn_sae_setup_pt().

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:19:14 +02:00
Vinay Gannevaram
f636cbd048 PASN: Remove wpa_s dependency for SAE wrapped data functions
Use struct wpas_pasn (i.e., &wpa_s->pasn) as the function argument for
the SAE functionality that does not need the full struct wpa_supplicant
context. This is a step towards allowing PASN to be used outside the
context of wpa_supplicant.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:19:14 +02:00
Vinay Gannevaram
5535fbcfac PASN: Add wpa_pasn_reset() to eliminate need for struct wpa_supplicant
Split wpas_pasn_reset() so that the main reset steps can be used without
an instance of struct wpa_supplicant. This is needed to allow PASN
implementation to be used for additional purposes outside the context of
wpa_supplicant.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:19:14 +02:00
Qiwei Cai
6f3efa21c2 MLD STA: Fix crash caused by NULL wpa_s->current_ssid
For wpa_supplicant_get_new_bss(), wpa_s->current_ssid can be NULL in
some cases. Add a NULL check before accessing it to avoid NULL pointer
dereference errors.

Fixes: 7784964cbe ("MLD STA: Fetch MLO connection info into core wpa_supplicant")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-03 17:39:49 +02:00
Jouni Malinen
90cef4f211 MLD STA: Fully clear MLO info to avoid use of uninitialized members
The initial wpa_drv_get_mlo_info() implementation cleared only the
valid_links information within struct driver_sta_mlo_info before trying
to fetch the information from the driver. While this is likely going to
work fine in practice, this can result in static analyzer warnings on
use of uninitialized memory (e.g., mlo.assoc_link_id could have been
read if wpa_s->valid_links was set to a nonzero value). In any case, it
is better to avoid such unnecessary warnings by clearing the full data
structure before using it.

Fixes: 7784964cbe ("MLD STA: Fetch MLO connection info into core wpa_supplicant")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-02 11:56:46 +02:00
Veerendranath Jakkam
496a1ced16 MLD STA: Use MLD addresses for sending non-Public Action frames
The Linux kernel expects to use the AP MLD address as destination and
BSSID addresses for non-Public Action frames when the current
association is MLO capable. Use the MLD addresses to support this.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-10-31 17:24:29 +02:00
Veerendranath Jakkam
17ae988736 MLD STA: Support processing of M1 received before association event
EAPOL-Key msg 1/4 indication can be received before association
indication from the driver. For MLO connection, the source address check
of such frames should be against the AP MLD address instead of the
associated link BSSID.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-10-31 17:18:31 +02:00
Veerendranath Jakkam
73f540b6a7 MLD STA: Fetch MLO association Link ID info to core wpa_supplicant
Fetch the MLO association Link ID info from the driver to the
wpa_supplicant instance of the corresponding MLD STA interface. This
info is needed when setting the MLO connection info to wpa_sm.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-10-31 12:07:41 +02:00
Jouni Malinen
e5d15e2254 EHT: Allow EHT to be disabled using disable_eht=1 in wpa_supplicant
This is similar to the previously added disable_ht/vht/he parameters.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-17 11:13:09 +03:00
Jouni Malinen
041f6cea94 SAE: Accept FT and -EXT-KEY AKMs for external auth
Use a full list of AKM suite selectors that can use SAE authentication
when checking for authentication trigger from the driver.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-16 18:35:51 +03:00
Matthew Wang
b72922796a P2P: Get cached scan results on iface creation to avoid scan
This allows the P2P client to fast associate if the GO is already in the
scan cache without doing a full scan.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2022-10-16 18:27:33 +03:00
Jouni Malinen
8392ea9e75 SAE: Fix AKM suite selector check for external authentication
AKM suite selector check was initially implemented with incorrect byte
swapping of the value from the driver (nl80211). Fix this and leave a
workaround option for any potentially deployed device where the driver
might be using the swapped byte order.

Fixes: 5ff39c1380 ("SAE: Support external authentication offload for driver-SME cases")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-16 18:25:11 +03:00
Chaoli Zhou
5607abe2e8 WNM: Print unsupported neighbor report subelements in debug log
This can be helpful in trying to figure out what might need to be added
in the future.

Signed-off-by: Chaoli Zhou <quic_zchaoli@quicinc.com>
2022-10-14 16:14:47 +03:00
Chaoli Zhou
fcdd76fa28 Interworking: Print unsupported inner EAP-TTLS method in debug log
This can be helpful in trying to figure out unexpected behavior even
though we do not currently really do anything with the inner method
type.

Signed-off-by: Chaoli Zhou <quic_zchaoli@quicinc.com>
2022-10-14 16:13:24 +03:00
Chaoli Zhou
f8a05de669 Move default action from after switch to within
Move from this type of constructions:

switch (val) {
case 1:
	something;
	break;
}
default-action;

into following:

switch (val) {
case 1:
	something;
	break;
default:
	default-action;
	break
}

for cases where the switch statement is not expected to contain a full
set of enum values and as such, does not lose value from not having the
default target.

This makes the intent of default behavior clearer for static analyzers like
gcc with -Wswitch-default.

Signed-off-by: Chaoli Zhou <quic_zchaoli@quicinc.com>
2022-10-14 16:08:20 +03:00
Chaoli Zhou
5f3cdc0648 Override ieee80211w from pmf for AP mode in wpa_supplicant
Since NetworkManager doesn't support setting ieee80211w to
wpa_supplicant and only support pmf, so override ieee80211w from pmf for
AP mode if ieee80211w not configurated. Do not change behavior for the
P2P GO cases.

Signed-off-by: Chaoli Zhou <quic_zchaoli@quicinc.com>
2022-10-10 12:30:30 +03:00
Jouni Malinen
2b972a35b3 DPP: Require PMF when profile is for SAE without PSK
While the IEEE 802.11 standard does not require MFPR=1, WPA3-Personal
requires PMF to be used with SAE. Use the stronger MFPR=1 configuration
for SAE-without-PSK case, i.e., interpret that as "WPA3-Personal only"
configuration.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-07 19:56:30 +03:00
Jouni Malinen
8219d2b7dd PASN: Fix CONFIG_PASN=y build without CONFIG_IEEE80211R=y
Do not try to use variables that are not defined without
CONFIG_IEEE80211R=y and add the forgotten "inline" for the function
wrapper.

Fixes: 5c65ad6c0b ("PASN: Support PASN with FT key derivation")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-04 20:41:54 +03:00
Sunil Ravi
c5b950b6af Fix compilation error due to use of bitwise '&' with boolean operands
Compiler throws a warning for using bitwise operation in
wpa_s_setup_sae_pt() function instead of logical AND operation on two
boolean values.

Fixes: e81ec0962d ("SAE: Use H2E unconditionally with the new AKM suites")
Signed-off-by: Sunil Ravi <sunilravi@google.com>
2022-09-23 00:37:30 +03:00
Sunil
7bdd3f2aa6 P2P: Allow P2P CSA from 5 GHz to 2.4 GHz band
IEEE Std 802.11-2020, 11.8.8 (Selecting and advertising a new channel)
doesn't restrict switching to a channel which is not in the same band as
the current band. But at the same time, there are some issues in
switching between the 2.4/5 GHz bands and the 6 GHz band. So limit the
check to consider the critical use case of switching from a 5 GHz channel
to a 2.4 GHz channel.

Signed-off-by: Sunil Ravi <sunilravi@google.com>
2022-09-23 00:29:24 +03:00
Sunil
768537921e P2P: Set operating class along with operating channel width
While setting up the P2P GO interface, wpa_supplicant sets the operating
channel width to CHANWIDTH_USE_HT in cases where it fails to set 80 MHz
bandwidth. In the same flow, update the operating class, too, according
to the channel width. This is to avoid setting up the operational
channel width back to 80 MHz from hostapd interface setup.

Signed-off-by: Sunil <sunilravi@google.com>
2022-09-23 00:04:30 +03:00
Sunil Ravi
ee7eec5185 P2P: Fix the issue in setting optimized listen channel
wpas_p2p_optimize_listen_channel() checks for the state and current ssid
of the interface calling this function. This check prevents the function
from setting the optimized listen channel. Since the listen channel is
stored in global P2P configuration data, do not check the state and
current interface of the caller.

Signed-off-by: Sunil Ravi <sunilravi@google.com>
2022-09-22 18:35:53 +03:00
Clemens Famulla-Conrad
3a7fe1e213 dbus: Omit FT key mgmt capabilities without CONFIG_IEEE80211R
If wpa_supplicant was build without CONFIG_IEEE80211R, the
exposed key-management capabilities should not include one of the
FT protocols. If someone would use a FT protocol in such situation,
it would fail anyway.

Signed-off-by: Clemens Famulla-Conrad <cfamullaconrad@suse.de>
2022-09-16 22:15:56 +03:00
Clemens Famulla-Conrad
d2caf6ef54 dbus: Fix property DebugShowKeys and DebugTimestamp
It is possible to specify -t or -K multiple times. With this the
value isn't boolean anymore and we hit a assert in libdbus
function `dbus_message_iter_append_basic()`, which expect 0 or 1
for DBUS_TYPE_BOOLEAN.

Signed-off-by: Clemens Famulla-Conrad <cfamullaconrad@suse.de>
2022-09-16 22:15:56 +03:00
Robert Hernandez
1f795df7aa wpa_supplicant man page missing -I flag
wpa_supplicant: Missing manpage -I entry

Signed-off-by: Robert James Hernandez <rob@sarcasticadmin.com>
2022-09-16 20:55:45 +03:00
Veerendranath Jakkam
1b6f3b5850 MLD STA: Indicate per link channel switch
Parse link id info from channel switch events and indicate the info to
control interface using new per link channel switch events. If channel
switch happens on the link which used during association both legacy
and new per-link channel switch events will be reported.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-09-15 16:00:51 +03:00
Veerendranath Jakkam
b7f98d92dc MLD STA: Add per-link MLO signal poll
Add support to fetch and indicate per-link MLO signal poll information
via a new control interface command MLO_SIGNAL_POLL.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-09-15 16:00:51 +03:00
Shivani Baranwal
28b2256da2 MLD STA: Add MLO_STATUS control interface command
Add support for MLO_STATUS control interface command to indicate
per-link information.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2022-09-15 16:00:51 +03:00
Aleti Nageshwar Reddy
6ca98040a2 MLD STA: Indicate AP MLD address in STATUS command
Append AP MLD address info into the STATUS control interface command.

Signed-off-by: Aleti Nageshwar Reddy <quic_anageshw@quicinc.com>
2022-09-15 16:00:51 +03:00
Aleti Nageshwar Reddy
22ba81cfed MLD STA: Indicate AP MLD address in CTRL-EVENT-CONNECTED
Append the AP MLD address to CTRL-EVENT-CONNECTED when the current
connection uses MLO.

Signed-off-by: Aleti Nageshwar Reddy <quic_anageshw@quicinc.com>
2022-09-15 16:00:51 +03:00
Aleti Nageshwar Reddy
db99e7341a Add AP MLD address into BSS command output
Indicate AP MLD address in the response to the BSS control interface
command.

Signed-off-by: Aleti Nageshwar Reddy <quic_anageshw@quicinc.com>
2022-09-15 16:00:51 +03:00
Veerendranath Jakkam
4bd3165249 bss: Parse and store MLD address of the AP from Multi-Link element
Parse Multi-Link element received in scan result to get AP MLD address
and cache it in the wpa_bss structure.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-09-15 16:00:51 +03:00
Shivani Baranwal
9a8bd7be0f scan: Helper function to get ML IE of specified type from scan result IEs
Add a helper function to get Multi-Link element of a specified type from
scan result Probe Response frame or Beacon frame elements.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2022-09-15 06:08:20 +03:00
Shivani Baranwal
7784964cbe MLD STA: Fetch MLO connection info into core wpa_supplicant
Add support to fetch MLO connection info from the driver to the
wpa_supplicant instance of corresponding MLD STA interface. In addition,
return true for BSSs associated with MLO links from wpa_bss_in_use() to
avoid getting them cleared from scan results.

Co-authored-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2022-09-15 05:55:40 +03:00
Qiwei Cai
62612dfc1a P2P: Use only PSC for P2P group in the 6 GHz band
P2P connections in the 6 GHz band should be limited to preferred
scanning channels since AP/GO discovery cannot depend on 2.4/5 GHz
discovery.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-14 23:54:20 +03:00
Veerendranath Jakkam
d1a7626ff9 SAE: Use correct SSID profile for SAE auth retries during external auth
Previously, wpa_supplicant was using the current SSID for building the
SAE authentication commit frame for retries during external
authentication. But the external authentication SSID can be different
from the current SSID. Fix this by using the correct SSID profile.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-09-13 05:53:05 +03:00
Jouni Malinen
096feac194 SAE: Include the new -EXT-KEY AKMs in external auth case
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-13 05:12:03 +03:00
Veerendranath Jakkam
76793cbbca SAE: Make sure H2E PT is derived for external auth SSID profile
The driver's SME may choose a BSS of a different ESS (SSID) compared to
the current SSID and trigger external authentication. If the chosen SSID
is not associated/selected before by wpa_supplicant it won't have the
H2E PT derived. Make sure to derive PT for SSID indicated in the
external authentication request.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-09-13 05:10:17 +03:00
Hu Wang
ed442e8dc7 Add p2p_optimize_listen_chan=1 to default Android template
Commit e3bd6e9dc0 ("P2P: Use another interface operating channel as
listen channel") allows P2P listen channel to be selected based on
another interface operating channel if it is one of social channels
(i.e., 2.4 GHz 1, 6, 11).

This optimization is disabled by default due to the technical
specification expectations, but since this can be quite helpful for
optimized behavior, enable it by adding p2p_optimize_listen_chan=1 to
the default Android configuration template.
2022-09-13 04:08:17 +03:00
Vinay Gannevaram
85e28a79ba PASN: Set secure ranging context to driver after association
After the secure association and PTK derivation are completed, if the
device supports LTF keyseed, generate the LTF keyseed using KDK and set
the ranging context to the driver by using the command
QCA_NL80211_VENDOR_SUBCMD_SECURE_RANGING_CONTEXT.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-02 17:07:56 +03:00
Vinay Gannevaram
edd89d6dbb PASN: Set keys from PTKSA cache for a valid PTKSA entry
Set secure ranging context to the driver for a valid PTKSA entry in the
PTKSA cache, if available. When the driver requests for PASN keys,
wpa_supplicant configures the keys from its cache if the keys for the
peer derived with the same own MAC address are available in the cache
instead of doing the full PASN handshake again.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-02 16:18:14 +03:00
Vinay Gannevaram
24929543ba PASN: Deauthenticate on PTKSA cache entry expiration
Add an option for an alternative processing of PTKSA life time expiry.

Register a callback in wpa_supplicant to handle the life time expiry of
the keys in PTKSA cache. Send PASN deauthentication when a PTKSA cache
entry expires.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-02 16:18:14 +03:00
Vinay Gannevaram
74d894a2ea PASN: Offload handshake for multiple peers from the driver
This brings in the functionality to hold multiple peers and perform PASN
authentication with each peer at a time and send the PASN response to
the driver. PASN parameters such as AKMP and cipher suite are obtained
from the BSS information of the cached scan results. Also add
functionality to trigger deauthentication to the peer for which PASN
request with action PASN_ACTION_DELETE_SECURE_RANGING_CONTEXT is
received.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-02 16:18:12 +03:00
Vinay Gannevaram
06317f5e32 PASN: Add driver operation to set secure ranging context and PASN response
This is used to set secure ranging context and send PASN response to the
driver.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-02 15:27:54 +03:00
Vinay Gannevaram
9391f71004 Add own MAC address in PASN supplicant start and deauthentication
The driver requests PASN authentication for a peer with a specified
source (own) MAC address. Use the specified own MAC address for PASN
operations. This is needed to allow random MAC addresses to be used.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-01 19:01:21 +03:00
Vinay Gannevaram
580bd04cf3 Add own MAC address used for key derivation to PTKSA cache
On successful PASN handshake or 4-way handshake with a peer, PTK is
derived using the local and peer MAC addresses as input. Store the own
MAC address that is used for key derivation in PTKSA cache to maintain
that state over potential MAC addresses changes.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-01 19:01:21 +03:00
Vinay Gannevaram
d0d585c481 Store secure ranging driver capabilities in WPA state machine
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-01 18:59:58 +03:00
Vinay Gannevaram
96a604128b Use separate PASN capabilities for AP and STA modes
Use separate capabilities for AP and STA modes for P802.11az security
parameters secure LTF support, secure RTT measurement exchange support,
and protection of range negotiation and measurement management frames
support.

P802.11az security parameters are considered to be supported for both
station and AP modes if the driver sets NL80211_EXT_FEATURE_SECURE_LTF,
NL80211_EXT_FEATURE_SECURE_RTT, and
NL80211_EXT_FEATURE_PROT_RANGE_NEGO_AND_MEASURE flags. The driver can
advertize capabilities specific to each mode using
QCA_WLAN_VENDOR_FEATURE_SECURE_LTF*,
QCA_WLAN_VENDOR_FEATURE_SECURE_RTT*, and
QCA_WLAN_VENDOR_FEATURE_PROT_RANGE_NEGO_AND_MEASURE* flags.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-01 18:59:52 +03:00
Vinayak Yadawad
909fa448e0 EAPOL: Update PMK length in EAPOL callback to support longer keys
With introduction of newer AKMs, there is a need to update the PMK
length plumbed for the driver based 4-way handshake. To support this,
the current update the PMK length to 48, if the key management type uses
SHA-384. This is needed, e.g., for SUITE-B-192.

Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>
2022-08-31 17:23:45 +03:00
Jouni Malinen
723eb4f389 P2P: Fix a typo in a comment about removing 6 GHz channels
This was supposed to be talking about excluding 6 GHz channels, not 5
GHz.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-08-31 17:14:58 +03:00
Hector Jiang
e9627f8c32 P2P: Skip 6 GHz band directly if 6 GHz P2P is disabled
If 6 GHz is supported by the device but 6 GHz P2P is disabled, P2P
invitation would fail if the GO select an operating channel which is not
the preferred channel. The root cause is that the 5 GHz and 6 GHz bands
are both HOSTAPD_MODE_IEEE80211A so the 5 GHz channels would be added
twice for the P2P Client's following scanning frequency list. This will
cause scanning to fail with -EINVAL. Fix this by adding the 5 GHz
channels only once.

Signed-off-by: Hector Jiang <jianghaitao@zeku.com>
2022-08-31 17:12:58 +03:00
Seongsu Choi
03f7f633a2 Fix wrong AKM priority for FILS
According to the OCE specification, the STA shall select the AKM in
priority order from the list below.

1. FT Authentication over FILS (SHA-384) 00-0F-AC:17
2. FILS (SHA-384) 00-0F-AC:15
3. FT Authentication over FILS (SHA-256) 00-0F-AC:16
4. FILS (SHA-256) 00-0F-AC:14
5. FT Authentication using IEEE Std 802.1X (SHA-256) 00-0F-AC:3
6. Authentication using IEEE Std 802.1X (SHA-256) 00-0F-AC:5
7. Authentication using IEEE Std 802.1X 00-0F-AC:1

Move the FT-FILS-SHA256 check to be after the FILS-SHA384 one to match
this.

Signed-off-by: Seongsu Choi <seongsu.choi@samsung.com>
2022-08-31 17:02:03 +03:00
Veerendranath Jakkam
5de45546d5 Add support to send multi AKM connect request when driver's SME in use
Add support to configure SAE, PSK, and PSK-SHA256 AKMs in connect
request when driver's SME in use. This is needed for implementing
WPA3-Personal transition mode correctly with any driver that handles
roaming internally.

Send additional AKMs configured in network block to driver based on
the maximum number of AKMs allowed by driver in connect request. Keep
first AKM in the list AKMs in the connect request as AKM selected by
wpa_supplicant to maintain backwards compatibility.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-08-26 17:54:12 +03:00
Veerendranath Jakkam
0ce1545dcb nl80211: Determine maximum number of supported AKMs
Use the recently added attribute to determine whether the kernel
supports a larger number of AKM suites in various commands.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-08-26 17:27:45 +03:00
Veerendranath Jakkam
48c620829c Update PSK after cross AKM roaming to WPA-PSK when driver's SME in use
4-way handshake was failing after the driver roam from SAE to WPA-PSK
due to wpa_sm having an old PMK which was generated during previous SAE
connection.

To fix this update PSK to wpa_sm when AKM changes from SAE to WPA-PSK
for the target AP to have a correct PMK for 4-way handshake. Also,
update PSK to the driver when key management offload is enabled.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-08-26 17:27:45 +03:00
Jouni Malinen
4ae14deeef DPP3: Use chirping channel list in PB discovery
This design was changed in the draft specification, so update
implementation to match the new design. Instead of including all
supported 2.4 and 5 GHz channels, generate the channel list using the
same mechanism that was already used for chirping.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-08-25 15:59:13 +03:00
Jouni Malinen
c58be1d8fd DPP: Channel list generation for presence announcement to helper funcion
This procedure will be used for PB discovery as well, so move the
frequency array generation into a helper function.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-08-25 12:19:58 +03:00
Jouni Malinen
57968faea5 DPP: Do not discard network introduction frames in test mode
dpp_discard_public_action=1 was not supposed to prevent network
introduction, i.e., it was only for frames that could go through the
DPP-over-TCP path. Fix this not to prevent network introduction when
using DPP-over-TCP to configure a DPP AKM profile.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-08-24 18:31:54 +03:00
Jouni Malinen
d72302c6b6 DPP: Do not use 6 GHz channels for push button
For now, do not include 6 GHz channels since finding a Configurator from
a large number of channels would take excessive amount of time.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-08-22 19:09:27 +03:00
Jouni Malinen
89de431f23 DPP: Add config response status value to DPP-CONF-SENT
This can be helpful for upper layers to be able to determine whether the
configuration was rejected.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-29 18:55:37 +03:00
Purushottam Kushwaha
ef4cd8e33c QoS: Use common classifier_mask for ipv4/ipv6
ipv4_params/ip6_params in type4_params maintains separate classifier
mask while type4_params already has a common classifier_mask. Lets
use the common classifier mask for both ipv4/ipv6 params and remove
the redundant params_mask in ipv4_params/ip6_params.

Signed-off-by: Purushottam Kushwaha <quic_pkushwah@quicinc.com>
2022-07-28 12:31:37 +03:00
Jouni Malinen
4cfb484e90 DPP: Allow dpp_controller_start without arguments in CLIs
The DPP_CONTROLLER_START control interface command can be used without
any arguments, so do not force at least a single argument to be included
in wpa_cli and hostapd_cli.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-27 12:33:40 +03:00
Jouni Malinen
c97000933c Fix ifdef condition for imsi_privacy_cert
CRYPTO_RSA_OAEP_SHA256 is not sufficient here since ssid->eap does not
exist without IEEE8021X_EAPOL.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-25 11:12:11 +03:00
Jouni Malinen
e81ec0962d SAE: Use H2E unconditionally with the new AKM suites
The new SAE AKM suites are defined to use H2E, so ignore the sae_pwe
value when these AKM suites are used similarly to the way H2E gets
enabled when SAE Password Identifiers are used.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-25 00:31:51 +03:00
Jouni Malinen
f8eed2e8b8 SAE: Store PMK length and AKM in SAE data
These are needed to be able to support new AKM suites with variable
length PMK.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-25 00:31:51 +03:00
Jouni Malinen
a32ef3cfb2 SAE: Driver capability flags for the new SAE AKM suites
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-25 00:23:31 +03:00
Jouni Malinen
91df8c9c65 SAE: Internal WPA_KEY_MGMT_* defines for extended key AKMs
Define new WPA_KEY_MGMT_* values for the new SAE AKM suite selectors
with variable length keys. This includes updates to various mapping and
checking of the SAE key_mgmt values.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-25 00:23:31 +03:00
Jouni Malinen
5c8a714b18 SAE: Use wpa_key_mgmt_sae() helper
Use the existing helper function instead of maintaining multiple copies
of lists of SAE key management suites.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-25 00:23:31 +03:00
Jouni Malinen
def33101c8 DPP: Clear push button announcement state on wpa_supplicant FLUSH
This was already done in hostapd and same is needed for wpa_supplicant
to avoid testing issues due to session overlap detection from previous
test cases.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-25 00:23:31 +03:00
Jouni Malinen
d2388bcca5 DPP: Strict validation of PKEX peer bootstrapping key during auth
Verify that the peer does not change its bootstrapping key between the
PKEX exchange and the authentication exchange.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-22 21:08:08 +03:00
Jouni Malinen
a7b8cef8b7 DPP3: Fix push button boostrapping key passing through PKEX
When PKEX was started through the push button mechanism, the own
bootstrapping key was not bound correctly to the Authentication phase
information and that ended up in incorrectly generating a new
bootstrapping key for the Authentication exchange. Fix this by added the
needed own=<id> parameter into the cached parameters when using push
button.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-22 21:06:04 +03:00
Jouni Malinen
69d7c8e6bb DPP: Add peer=id entry for PKEX-over-TCP case
The peer=<id> information about the specific boostrapping key provided
through PKEX was added for Public Action frame cases, but the TCP
variant did not do same. Add the same information there to maintain
knowledge of the specific peer bootstrapping key from PKEX to
Authentication exchange.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-22 21:04:08 +03:00
Jouni Malinen
1ff9251a83 DPP3: Push button Configurator in wpa_supplicant
Extend DPP push button support in wpa_supplicant to allow the role of
the Configurator to be used. This provides similar functionality to the
way the DPP_PUSH_BUTTON command in hostapd worked when providing the
configuration parameters with that command (instead of building the
config object based on current AP configuration).

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-22 12:28:18 +03:00
Jouni Malinen
e9137950fa DPP: Recognize own PKEX Exchange Request if it ends up being received
It is possible for a Controller to receive a copy of its own PKEX
Exchange Request in the case where the Controller is initiating a PKEX
exchange through a Relay. The Configurator role in the device would have
a matching PKEX code in that case and the device might reply as a PKEX
responder which would result in going through the exchange with the
Controller device itself. That is clearly not desired, so recognize this
special case by checking whether the Encrypted Key attribute value
matches a pending locally generated one when processing a received PKEX
Exchange Request.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-21 20:30:07 +03:00
Jouni Malinen
6929564467 DPP: Note PKEX code/identifier deletion in debug log
This was already done in hostapd, but not in wpa_supplicant.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-21 17:48:54 +03:00
Jouni Malinen
15af83cf18 DPP: Delete PKEX code and identifier on success completion of PKEX
We are not supposed to reuse these without being explicitly requested to
perform PKEX again. There is not a strong use case for being able to
provision an Enrollee multiple times with PKEX, so this should have no
issues on the Enrollee. For a Configurator, there might be some use
cases that would benefit from being able to use the same code with
multiple Enrollee devices, e.g., for guess access with a laptop and a
smart phone. That case will now require a new DPP_PKEX_ADD command on
the Configurator after each completion of the provisioning exchange.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-19 23:28:33 +03:00
Jouni Malinen
479e412a67 DPP3: Default value for dpp_connector_privacy
The new global configuration parameter
dpp_connector_privacy_default=<0/1> can now be used to set the default
value for the dpp_connector_privacy parameter for all new networks
provisioned using DPP.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-19 00:14:41 +03:00
Jouni Malinen
148de3e0dc DPP3: Private Peer Introduction protocol
Add a privacy protecting variant of the peer introduction protocol to
allow the station device to hide its Connector from 3rd parties. The new
wpa_supplicant network profile parameter dpp_connector_privacy=1 can be
used to select this alternative mechanism to the peer introduction
protocol added in the initial release of DPP.

It should be noted that the new variant does not work with older DPP APs
(i.e., requires support for release 3). As such, this new variant is
disabled by default.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-19 00:14:41 +03:00
Jouni Malinen
0e2217c95b DPP: Allow 3rd party information to be added into config request obj
This allows the DPP Configuration Request Object from an Enrollee to be
extended with 3rd party information. The new dpp_extra_conf_req_name and
dpp_extra_conf_req_value configuration parameters specify the name of
the added JSON node and its contents. For example:
dpp_extra_conf_req_name=org.example
dpp_extra_conf_req_value={"a":1,"b":"test"}

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-16 17:22:23 +03:00
Jouni Malinen
8db786a43b DPP3: Testing functionality for push button announcements
Allow the Responder/Initiator hash values to be corrupted in Push Button
Presence Announcement messages for testing purposes.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-07 12:58:49 +03:00
Jouni Malinen
37bccfcab8 DPP3: Push button bootstrap mechanism
Add support to use a push button -based bootstrap mechanism with DPP.
The new DPP_PUSH_BUTTON control interface command enables this mode on
the AP/hostapd and station/wpa_supplicant. This goes through the
following sequence of events: a suitable peer in active push button mode
is discovered with session overlap detection, PKEX is executed with
bootstrap key hash validation, DPP authentication and configuration
exchanges are performed.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-07 00:31:30 +03:00
Veerendranath Jakkam
085a3fc76e EHT: Add 320 channel width support
Add initial changes to support 320 MHz channel width.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Signed-off-by: Karthikeyan Periyasamy <quic_periyasa@quicinc.com>
2022-06-20 14:39:26 +03:00
Aleti Nageshwar Reddy
bafe35df03 Move CHANWIDTH_* definitions from ieee80211_defs.h to defs.h
Move most of CHANWIDTH_* definitions from ieee80211_defs.h to defs.h as
the definitions are getting used mostly for internal purpose only. Also
change prefix of the definitions to CONF_OPER_CHWIDTH_* and update in
all the files accordingly.

Leave the couple of VHT-specific exceptions to use the old defines (the
reason why they were originally added as VHT values), to avoid use of
clearly marked configuration values in information elements. In
addition, use the defines instead of magic values where appropriate.

Signed-off-by: Aleti Nageshwar Reddy <quic_anageshw@quicinc.com>
2022-06-20 14:39:18 +03:00
Xinyue Ling
6b461f68c7 Set current_ssid before changing state to ASSOCIATING
For hidden GBK encoding of a Chinese SSID, both the UTF-8 and GBK
encoding profiles are added into wpa_supplicant to make sure the
connection succeeds. In this situation, wpa_supplicant_select_network()
will not be called so current_ssid is NULL when association begins.

Android monitors the WPA_EVENT_STATE_CHANGE event to get the SSID and
BSSID. When connecting to a Chinese SSID, in case of association
rejection happens, Android will report null SSID to OEM APP because
current_ssid is updated after wpa_supplicant_set_state(wpa_s,
WPA_ASSOCIATING), which may cause confusion.

Fix this by setting the current_ssid before changing state to
ASSOCIATING.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-06-16 18:02:07 +03:00
Sreeramya Soratkal
4383528e01 P2P: Use weighted preferred channel list for channel selection
Previously, the driver could optionally (using QCA vendor command)
provide a preferred channel list to wpa_supplicant for channel selection
during the GO negotiation. Channel selection process can be more
efficient with the information of weights and flags of the preferred
channel list that can be provided by the driver. Use a weighted
preferred channel list provided by the driver for channel selection
during GO negotiation if such a list is available.

Signed-off-by: Sreeramya Soratkal <quic_ssramya@quicinc.com>
2022-06-02 17:09:10 +03:00
Jouni Malinen
9e305878c0 SAE-PK: Fix build without AES-SIV
CONFIG_SAE_PK=y was not pulling in AES-SIV implementation even though it
needs this.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-26 20:51:23 +03:00
Jouni Malinen
5636991749 EAP-SIM/AKA peer: IMSI privacy attribute
Extend IMSI privacy functionality to allow an attribute (in name=value
format) to be added using the new imsi_privacy_attr parameter.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-25 20:18:40 +03:00
Jouni Malinen
1004fb7ee4 tests: Testing functionality to discard DPP Public Action frames
This can be used to make sure wpa_supplicant does not process DPP
messages sent in Public Action frames when a test setup is targeting
DPP-over-TCP.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-24 23:30:39 +03:00
Jouni Malinen
99165cc4b0 Rename wpa_supplicant imsi_privacy_key configuration parameter
Use imsi_privacy_cert as the name of the configuration parameter for the
X.509v3 certificate that contains the RSA public key needed for IMSI
privacy. The only allowed format for this information is a PEM-encoded
X.509 certificate, so the previous name was somewhat confusing.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-24 00:44:03 +03:00
Jouni Malinen
1328cdeb19 Do not try to use network profile with invalid imsi_privacy_key
Disable a network profile that has set the imsi_privacy_key if a valid
key cannot be read from the specified file. Previously, this check was
done only after having associated, but there is no point in associating
just to see EAP authentication fail in such a case. This is needed for
avoiding connection attempts if the X.509 certificate for IMSI privacy
has expired.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-24 00:34:08 +03:00
Jouni Malinen
ed325ff0f9 DPP: Allow TCP destination (address/port) to be used from peer URI
tcp_addr=from-uri can now be used as a special case for initiating
DPP-over-TCP to the destination indicated in the peer bootstrapping URI.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-19 22:53:36 +03:00
Jouni Malinen
b859b9bcea Simplify wpa_bss_get_vendor_ie_multi_beacon() bounds checking
This makes it easier for static analyzers to understand.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-08 17:28:58 +03:00
Jouni Malinen
63eb98a8ee SAE: Make Anti-Clogging token element parsing simpler
This will hopefully be easier for static analyzers to understand.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-08 17:14:34 +03:00
Jouni Malinen
a6e04a0676 Simplify DSCP policy parsing
Make the bounds checking easier for static analyzers to understand.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-08 17:09:08 +03:00