Commit graph

19296 commits

Author SHA1 Message Date
Jouni Malinen
3a5d1a7e6d NAN: USD in hostapd
Add hostapd support for interacting with the NAN discovery engine to
allow single-channel (i.e., the AP's operating channel) USD as Publisher
or Subscriber.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-02-15 19:54:17 +02:00
Jouni Malinen
e3f9ab3c3a NAN: USD in wpa_supplicant
Add wpa_supplicant support for interacting with the NAN discovery engine
to allow USD as Publisher or Subscriber.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-02-15 19:54:17 +02:00
Jouni Malinen
9eb0bc1f0a NAN: Unsynchronized service discovery (USD)
Add NAN discovery engine and wpa_supplicant interface to use it for the
subset of NAN functionality that is needed for USD.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-02-15 19:54:14 +02:00
Jouni Malinen
f2ea8791c0 NAN: Protocol definitions
Add NAN protocol definitions that are needed for USD based on Wi-Fi
Aware specification v4.0.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-02-15 11:36:09 +02:00
Jouni Malinen
4f557c5947 Add os_reltime helpers to work with milliseconds
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-02-15 11:36:09 +02:00
Jouni Malinen
0b5d370c00 DPP: Fix DPP Action frame check for EVENT_RX_MGMT events
This was missing a check for the Category field and could have matched
other Action frames than Public Action frames.

Fixes: 9c2b8204e6 ("DPP: Integration for hostapd")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-02-14 01:01:07 +02:00
Jouni Malinen
8270afcdee tests: FT and prepending PMKR1NAme to EAPOL-Key msg 2/4
Signed-off-by: Jouni Malinen <j@w1.fi>
2024-02-03 20:58:01 +02:00
Jouni Malinen
8fa52a7974 FT: Allow wpa_supplicant to be configured to prepend PMKR1Name
The standard is somewhat unclear on whether the PMKIDs used in
(Re)Association Request frame (i.e., potential PMKIDs that could be used
for PMKSA caching during the initial mobility domain association) are to
be retained or removed when generating EAPOL-Key msg 2/4.

wpa_supplicant has replaced the PMKID List contents from (Re)Association
Request frame with PMKR1Name when generating EAPOL-Key msg 2/4 for FT.
Allow it to be configured (ft_prepend_pmkid=1) to prepend the PMKR1Name
without removing the PMKIDs from (Re)Association Request frame.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-02-03 20:58:01 +02:00
Jouni Malinen
9929426b92 FT: Allow PMKIDs from AssocReq to be in EAPOL-Key msg 2/4
The standard is somewhat unclear on whether the PMKIDs used in
(Re)Association Request frame (i.e., potential PMKIDs that could be used
for PMKSA caching during the initial mobility domain association) are to
be retained or removed when generating EAPOL-Key msg 2/4.

hostapd used to require that only the PMKR1Name is included in the PMKID
List of RSNE in EAPOL-Key msg 2/4. Extend this to allow the PMKIDs that
were included in the (Re)Association Request frame to be present as long
as the correct PMKR1Name is also present. This would allow PMKSA caching
to be used in initial mobility domain association with supplicant
implementations that insert the PMKR1Name without removing the PMKIDs
used in the (Re)Association Request frame. wpa_supplicant did not use to
that, but other implementations might.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-02-03 20:43:24 +02:00
Chenming Huang
5603899976 AP MLD: Handle EAPOL only on the association link
For some implementation, there is no link id in EAPOL event, e.g., use
drv_event_eapol_rx for receiving. Current design for such case is switch
to a link that stores the peer. However, this is error-prone because for
non-AP MLD case, sta_info is stored in all valid links but EAPOL sm is
only initialized in the association link. If EAPOL RX event is handled
in a non-association link, it will be discarded and this leads to EAPOL
timeout.

So find the association link to handle received EAPOL frame in such
case. This replaces the previously used workaround for RSN/wpa_sm for
the no link id specified case.

Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
2024-02-02 23:01:57 +02:00
Chenming Huang
7ba039ba11 AP MLD: Do not allow disabling first interface affiliated with an AP MLD
Disabling the first interface calls hapd_deinit(), which causes some
issues, e.g., failure when trying to disable other interfaces due to
NULL drv_priv.

So check that all other interfaces are already disabled before disable
the first interface.

Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
2024-02-02 22:54:44 +02:00
Jouni Malinen
e3d16575c4 tests: AP MLD with two links and disabling/enabling full AP MLD
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-02-02 22:52:50 +02:00
Chenming Huang
9a47ede871 AP MLD: Add support for hostapd_cli to disable/enable AP MLD
Existing commands ENABLE/DISABLE only enable/disable the corresponding
link. To disable all links, multiple calls from different control
interfaces would be needed.

Add new commands "disable_mld" and "enable_mld" for hostapd_cli to
support disabling/enabling AP MLD for convenience.

Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
2024-02-02 22:47:03 +02:00
Jouni Malinen
0102c5c606 hostapd: Do not use prefix matching for ENABLE/RELOAD/DISABLE
These control interface commands do not take any parameters and as such,
do not need to use a prefix match. Replace that with an exact string
match to avoid matching other potential command strings.

Fixes: 7554565299 ("hostapd: Add ctrl_iface for enabling/reloading/disabling interface")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-02-02 22:28:29 +02:00
Chenming Huang
03e89de47b AP MLD: Process link info when handling new STA event with driver SME
When association is handled in hostapd, a non-AP MLD's info is stored in
all valid links. This should be the same when SME is offloaded to the
driver.

Also skip some operations that are already done by the driver
when SME is offloaded.

Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
2024-02-02 20:06:49 +02:00
Jouni Malinen
6a91e3608f tests: 40 MHz HT40 plus/minus to 20 MHz downgrade
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-02-02 17:54:03 +02:00
Jouni Malinen
d3d59967af Handle both HT40+ and HT40- allowed consistently in channel check
Return the result from the first hostapd_is_usable_chan() call instead
of the following attempts in case of ht40_plus_minus_allowed to have
consistent behavior with the case where only one option is specified.
This allows the fallback to 20 MHz to work in additional cases.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-02-02 17:50:40 +02:00
Jouni Malinen
06edbdf4da tests: Downgrade to 20 MHz due to regdb constraints
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-02-02 11:16:21 +02:00
Chenming Huang
e650fa4d79 ACS: Handle ACS channel selected event in specified link
When ACS offloaded to the driver, the channel selected event carries
link id to specify the link if operating as AP MLD.

Find the specified link to handle this event.

Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
2024-02-02 10:48:10 +02:00
Chenming Huang
0e91a86ec5 ACS: Add link id if operating as an AP MLD
ACS is triggered per link, so link id is needed for the driver to handle
when the ACS operation is offloaded.

Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
2024-02-02 10:44:46 +02:00
Jouni Malinen
1abdeaa412 wlantest: Fix TK iteration based on the PTK file
Use of ptk_len is not valid here to check what is the length of the
actual TK. Fix this by using ptk->tk_len instead so that the appropriate
decryption function can be selected for cases where the TKs are
configured through the PTK file.

Fixes: ce7bdb54e5 ("wlantest: Extend Management frame decryption to support GCMP and CCMP-256")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-02-01 19:51:56 +02:00
Jouni Malinen
dfaedb2095 tests: Remove WpaSupplicant control interface workarounds
Now that run-tests.py closes the control interface sockets explicitly,
there is no need to try to avoid using dev[] within the D-Bus test
cases.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-31 12:27:48 +02:00
Jouni Malinen
eb1542c8e4 tests: Close wpa_supplicant control interface sockets at the end
Close all the control interface sockets and delete the client socket
files explicitly at the end of the test loop. This removes needs for
various workarounds that tried to force WpaSupplicant and Ctrl class
__del__() to remove the sockets.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-31 12:16:36 +02:00
Johannes Berg
6777ff621a test: dbus: Wait for connection before disconnect (again)
The same thing as we did previously in dbus_p2p_autogo_pbc
can evidently also happen in dbus_p2p_autogo.

The test here wants to connect and then disconnect again,
but it's driven only by the GO side, so the client may end
up (with UML time-travel) not fully connecting, and then
it all fails. Wait for the client to have connected first.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2024-01-31 12:00:27 +02:00
Jouni Malinen
13837a031a tests: AP MLD behavior with multiple STAs
In particular, verify AID assignment by AP MLD to both non-AP MLDs and
non-MLD STAs.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-30 11:56:31 +02:00
Harish Rachakonda
f972420e82 AP MLD: Fix AID allocation for legacy STA
Currently, AID is not allocated properly in hostapd for legacy non-MLD
STA in case of an AP MLD. All such stations have same AID.

Fix this issue by allocating AID properly in hostapd when operating as
an AP MLD and the STA is not an MLD.

Fixes: d924be3bd0 ("AP: AID allocation for MLD")
Signed-off-by: Harish Rachakonda <quic_rachakon@quicinc.com>
2024-01-30 11:50:21 +02:00
Muna Sinada
fe36750b39 Add QCA vendor command to disassociate with peer
This is an event indicating to the user space to disassociate with
peer based on the peer MAC address provided.

Signed-off-by: Muna Sinada <quic_msinada@quicinc.com>
2024-01-29 18:51:44 +02:00
Johannes Berg
44b7b9178b test: dbus: Wait for connection before disconnect
The test here wants to connect and then disconnect again, but it's
driven only by the GO side, so the client may end up (with UML
time-travel) not fully connecting, and then it all fails. Wait for the
client to have connected first.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2024-01-29 11:05:31 +02:00
Jouni Malinen
9fe2970ff6 OpenSSL: Use library functions for HPKE when possible
OpenSSL 3.2 added support for HPKE. Use that implementation when
possible. At least for now, the internal version needs to be included as
well to be able to cover the special DPP use case with brainpool curves.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-28 20:18:07 +02:00
Jouni Malinen
14c5f401f0 Remove forgotted STAKey related functionality in EAPOL-Key Request
The use of a MAC KDE in the Key Data field of an EAPOL-Key Request frame
was only for the STAKey handshake. That handshake was implemented in
2005 as an experimental functionality and it was then removed in 2006.
However, this part of the functionality was forgotten. This does not do
anything in practice, so simplify the implementation and remove it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-28 19:15:08 +02:00
Jouni Malinen
846534c2a3 tests: FILS SK and STA requesting PTK rekeying
Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-28 19:02:55 +02:00
Jouni Malinen
3f60fcdd88 FILS: Fix EAPOL-Key request generation
The Encrypted Key Data field need to be set to 1 whenever using an AEAD
cipher. Without this, the Authenticator would discard the EAPOL-Key
request frame when using FILS.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-28 18:56:47 +02:00
Jouni Malinen
b27086e6eb Discard EAPOL-Key request without Secure=1
EAPOL-Key request is accepted only if the MIC has been verified, so PTK
must have already been derived and Secure=1 needs to be used. Check the
Secure bit explicitly for completeness even though the MIC verification
is already taking care of validating that the sender is in the
possession of valid keys.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-28 18:41:06 +02:00
Jouni Malinen
0967940885 Discard EAPOL-Key Request frames during 4-way handshake
While the Authenticator state machine conditions are already checking
for sm->EAPOLKeyRequest, it seems clearer to explicitly discard any
EAPOL-Key Request frame that is received unexpectedly during a 4-way
handshake.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-28 18:32:03 +02:00
Jouni Malinen
8037c1ad61 Move Key Replay Counter checks for EAPOL-Key frames to helper functions
This simplifies wpa_receive().

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-28 11:38:45 +02:00
Jouni Malinen
2c6147404e Check Key Descriptor Version value earlier in the process
There is no need to try to process the EAPOL-Key frame if it has an
unexpected Key Descriptor Version value. Move these checks to happen
earlier in the sequence. In adition, use a separate helper function for
this to simplify wpa_receive() a bit.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-28 11:26:16 +02:00
Jouni Malinen
bd1e078996 Reject undefined Key Descriptor Version values explicitly
Check that the EAPOL-Key frame Key Descriptor Version value is one of
the defined values explicitly instead of failing to process the Key Data
field later (or end up ignoring the unexpected value if no processing of
Key Data is needed).

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-28 11:22:47 +02:00
Jouni Malinen
fff69bba10 Use more generic checks for Key Descriptor Version 2 and 3
IEEE Std 802.11-2020 describes the rule based on not-TKIP for value 2
and no pairwise cipher condition on value 3, so use that set of more
generic rules here.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-28 11:18:40 +02:00
Jouni Malinen
74a25a6602 Remove always true check on EAPOL-Key message in authenticator
This was practically dead code since no other msg value exist anymore.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-28 11:07:55 +02:00
Jouni Malinen
627c3f35dc tests: EAPOL-Key msg 4/4 protocol testing for invalid Key Data encryption
Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-28 11:06:26 +02:00
Jouni Malinen
c579b07e26 tests: Use the provided timeout for P2P peer discovery
p2p_go_neg_init() ignored the provided timeout value and used the
default 15 second timeout in discover_peer(). This did not allow the
recently added go_neg_pbc() timeout increase for concurrent cases to be
used fully.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-27 11:35:31 +02:00
Thirusenthil Kumaran J
9e9afd9569 Extend frequency configuration to handle 6 GHz channel 2
In hostapd_set_freq_params(), if center_segment0 is 2, call
ieee80211_chan_to_freq() with operating class 136 instead of 131.

This is needed because, channel 2 is an exception in the 6 GHz band. It
comes before channel 1 and is part of operating class 136.

Channels order in 6 GHz:
    2 (Operating Class 136)
    1   5   9 ....  (Operating Class 131)

Signed-off-by: Thirusenthil Kumaran J <quic_thirusen@quicinc.com>
2024-01-26 20:08:41 +02:00
Muna Sinada
8677844db8 Add a QCA vendor attribute to determine QCA device
Add a new attribute for
%QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION subcommand. This
attribute is an 8 bit unsigned value used to specify whether an
associated peer is a QCA device.

Signed-off-by: Muna Sinada <quic_msinada@quicinc.com>
2024-01-26 18:46:10 +02:00
Jouni Malinen
b292b107d6 tests: Make P2P SD multi-query tests more robust
Accept any sequence and number of responses as long as the needed
Bonjour and UPnP services are found.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-26 17:13:37 +02:00
Jouni Malinen
576f462504 P2P: Accept P2P SD response without TX status
If a GAS response is received for a pending SD query, process it even if
the TX status event for the query has not yet been received. It is
possible for the TX status and RX events to be reordered especially when
using UML time-travel, so this is needed to avoid race conditions to
make SD more robust.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-26 17:12:16 +02:00
Jouni Malinen
16a22ef340 nl80211: Increase the hard scan timeout for initial attempt
If both 6 GHz and S1G channels are included, the previously used timeout
was not long enough at least with mac80211_hwsim. Increase the initial
timeout to allow such a scan to be completed.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-26 12:26:36 +02:00
Jouni Malinen
e619dcce31 tests: Allow more time for chirping in dpp_chirp_ap_5g
The full scan at the beginning of the chirping step can take over 15
seconds when 6 GHz and S1G channels are included and the timeout here is
not enough to handle that.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-26 12:18:32 +02:00
Jouni Malinen
30d6231e02 tests: Flush scan cache for rrm_beacon_req_table_detail
Explicitly flush the scan cache in wpa_supplicant and cfg80211 to avoid
test failures here. An additional BSS table entry from a scan based on a
previous test case could result in causing this test case to report
failure since each beacon response could include multiple entries and
the check for the details would fail due to the unexpected data.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-26 12:10:41 +02:00
Jouni Malinen
e41a51285d tests: Make dfs_etsi more robust
Explicitly wait for the STA to complete connection or channel switch
processing before running the second connectivity check.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-26 12:00:24 +02:00
Jouni Malinen
f20ca22dce DFS: Print the random channel list entry selection in debug print
This makes it a bit easier to understand what happens with random
channel selection after radar detection.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-26 11:59:48 +02:00