Commit graph

5551 commits

Author SHA1 Message Date
Jouni Malinen
0658a22ef1 GAS: Try to make buffer length determination easier for static analyzers
The received frame buffer was already verified to be long enough to
include the Advertisement Protocol element and that element was verified
to have a valid length value, but use of adv_proto[1] in another
function may have been too difficult to figure out for analyzers.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-07 14:02:28 +02:00
Veerendranath Jakkam
08512e5f35 MLD STA: Extend key configuration functions to support Link ID
Add support to specify a Link ID for set key operation for MLO
connection. This does not change the existing uses and only provides the
mechanism for extension in following commits.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-11-06 23:36:49 +02:00
Veerendranath Jakkam
472a0b8d60 MLD STA: Set MLO connection info to wpa_sm
Update the following MLO connection information to wpa_sm:
- AP MLD address and link ID of the (re)association link.
- Bitmap of requested links and accepted links
- Own link address for each requested link
- AP link address, RSNE and RSNXE for each requested link

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-11-06 18:04:09 +02:00
Beniamino Galvani
f899d7f378 dbus: Apply PMK properties immediately
Currently, PMK parameters in the WPA state machine are set from
configuration only when the interface is initialized. If those
parameters are changed later via D-Bus, the new values don't have any
effect.

Call wpa_sm_set_param() when PMK-related D-Bus properties are changed
to immediately apply the new value; the control interface also does
something similar.

Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
2022-11-05 17:49:41 +02:00
Jeffery Miller
c6f8af507e Add option to disable SAE key_mgmt without PMF
Add the `sae_check_mfp` global option to limit SAE when PMF will
not be selected for the connection.
With this option SAE is avoided when the hardware is not capable
of PMF due to missing ciphers.
With this option SAE is avoided on capable hardware when the AP
does not enable PMF.

Allows falling back to PSK on drivers with the
WPA_DRIVER_FLAGS_SAE capability but do not support the BIP cipher
necessary for PMF. This enables configurations that can fall back
to WPA-PSK and avoid problems associating with APs configured
with `sae_require_mfp=1`.

Useful when `pmf=1` and `sae_check_mfp=1` are enabled and networks
are configured with ieee80211w=3 (default) and key_mgmt="WPA-PSK SAE".
In this configuration if the device is unable to use PMF due to
lacking BIP group ciphers it will avoid SAE and fallback to
WPA-PSK for that connection.

Signed-off-by: Jeffery Miller <jefferymiller@google.com>
2022-11-05 17:48:17 +02:00
Jouni Malinen
6527a76566 DPP: Stop listen mode for chirp-initiated Authentication exchange
Stop listen mode if there is not sufficient time remaining to complete
the Authentication exchange within the current remain-on-channel
operation. This speeds up the operation and avoids some timeouts that
could prevent the provisioning step from completing. This addresses an
issue that was found in the following test case sequence:
dpp_controller_relay_discover dpp_chirp_ap_5g

Similar mechanism was already used for Reconfig Announcement frames, so
reuse that for this case with Presence Announcement frames.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-05 17:25:15 +02:00
Matthew Wang
2e73394426 P2P: Discount current operating frequency when scanning new connection
When scanning for a new connection, we currently optimize by scanning
all frequencies only when our MCC capabilities will allow an additional
operating frequency, and scan only the existing operating frequencies
otherwise. This is problematic when there the current operating
frequency singularly accounts for one of the shared radio frequencies
because we should be able to switch operating frequencies without adding
to the channel count. Fix this.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2022-11-05 13:43:06 +02:00
김우용
00a762c26e Do not drop connection attempt when reconnecting to the same ESS
Connection attempt could have been intermittently drop when reconnecting
to the same ESS due the current BSS entry getting removed immediately
after the disconnection for the purpose of reconnecting to the same ESS.

Avoid this by not removing a BSS entry for the same ESS when in this
special state of trying to reconnect to the same ESS.

Signed-off-by : WooYong Kim <wykim@newratek.com>
2022-11-05 12:36:56 +02:00
Shivani Baranwal
368de263bc P2P: Skip Extended Listen timeout to allow scans during group formation
Scans are allowed on the current interface for group formation only when
in the P2P_SEARCH, P2P_IDLE, or P2P_PROVISIONING state. But Extended
Listen timeout being enabled moves to the P2P_LISTEN_ONLY state. Due to
this P2P connection fails if the GO is not found with scans triggerred
before Extended Listen timeout. To avoid this skip Extended Listen
timeout to allow scans during group formation on the current interface.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2022-11-05 12:17:21 +02:00
Veerendranath Jakkam
cff55f3482 P2P: Clone sae_pwe config to new group interface config
Clone sae_pwe configuration value when creating a new P2P group
interface. This is needed to avoid P2P connection failure at the P2P
Client side due to SAE H2E being disabled in the 6 GHz band operation
when a new group interface is created for the connection.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-11-05 12:13:03 +02:00
Hu Wang
ae517789fa P2P: Allow PSC channel to be used for 6 GHz BW40
For the 6 GHz opclass 132, ch for loop only allows non-PSC channels { 1,
9, 17, 25, 33, 41, 49,... } to be used. This does not match the IEEE Std
802.11ax-2021 expectation of a 6 GHz-only AP "should set up the BSS with
a primary 20 MHz channel that coincides with a preferred scanning
channel".

Increase ch by 4 to allow PSC channel to be used for 6 GHz BW40.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-05 12:09:34 +02:00
Vinay Gannevaram
ea241cbe9d PASN: Rename struct wpas_pasn to pasn_data
struct wpas_pasn is common to both initiator and responder, so rename it
to pasn_data to avoid the "wpas_" prefix that could be seen as a
reference to wpa_supplicant (PASN initiator).

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 12:59:29 +02:00
Vinay Gannevaram
08abcdf4e7 PASN: Makefile and Android.mk changes for libpasn.so
The wpa_s and hapd context are isolated from the PASN initiator and
responder code and this functionality is now in the separate src/pasn
directory. Add option to build libpasn.so with this functionality. This
library can be used by a Wi-Fi Aware component to support NAN pairing
with other devices.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 11:42:24 +02:00
Vinay Gannevaram
78c5bb7f50 PASN: Move responder functionality into a separate file
PASN responder validates auth 1 frame and sends auth 2 frame to the
initiator. It analyses the auth 3 frame and verifies successful
authentication. Wi-Fi Aware modules can reuse this functionality through
a shared library libpasn.so generated from this code. Move the PASN
functionality that is now decoupled from the hapd context into a
separate file in a common directory to make it easier to build such a
library.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:52:17 +02:00
Vinay Gannevaram
c7edfce79a PASN: Move initiator changes into a separate file
PASN initiator functionality builds auth 1 and auth 3 frames, and
processes auth 2 frame received from the responder. Wi-Fi Aware modules
can reuse this functionality through a shared library libpasn.so
generated from this code. Move the PASN functionality that is now
decoupled from the wpa_s context into a separate file in a common
directory to make it easier to build such a library.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:52:17 +02:00
Vinay Gannevaram
975b7a02cb Move SAE comeback token functionality into a separate file
This is helpful in being able to get the functionality needed for SAE
into a separate library (libpasn.so) without needing all of the
ieee802_11.c functionality.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:52:17 +02:00
Vinay Gannevaram
1711fe9121 PASN: Compute MIC from RSNE and RSNXE of the frame for Wi-Fi Aware
Wi-Fi Aware R4 specification defines Beacon RSNE/RSNXE to be same as
RSNE/RSNXE present in Auth2 frame. So, MIC validation should be done
with the RSNE and RSNXE received in Auth2 frame.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:52:17 +02:00
Vinay Gannevaram
6f80014b10 PASN: Allow custom PMKID in Authentication frames for Wi-Fi Aware
Wi-Fi Aware R4 specification introduces a custom PMKID derived from
Nonce and TAG. This custom PMKID is included in PASN Authentication
frames during pairing verification. So, allow use of a custom PMKID in
PASN frames and validate it using a function handler. Wi-Fi Aware
component that uses libpasn.so should take care of validating the custom
PMKID.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:52:17 +02:00
Vinay Gannevaram
4022ffc5db PASN: Store AKMP in the PTKSA cache
PTK is stored in the PTKSA cache following a successful PASN handshake,
however AKMP is removed upon a WPA PASN reset. The PASN handshake is
used in the Wi-Fi Aware R4 specification to define the pairing setup
process. KDK is used to generate a new set of keys, while AKMP is
required for key derivation for pairing. So, keep AKMP in the PTKSA
cache.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:52:17 +02:00
Vinay Gannevaram
c55eadede7 PASN: Remove hapd dependency in processing PASN Authentication frames
Remove hapd dependency in processing PASN M1/M3 frames and build PASN M2
frame. Initialize required pasn parameters from hapd before passing
Authentication frames.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:52:17 +02:00
Vinay Gannevaram
1fa266e99d PASN: Remove hapd dependency for SAE and FILS wrapped data
This makes hostapd use the struct defines from pasn_common.h so that the
same struct is shared with wpa_supplicant.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:52:17 +02:00
Vinay Gannevaram
14b5ebce73 PASN: Add a common header file for initiator and responder
This is a step towards decoupling the PASN initiator and responder
implemenentation is decoupled from the wpa_s and hapd contexts and
moving to a common folder for better abstraction. Move the struct
wpas_pasn definition to a common file for initiator and responder. The
idea is to provide a library libpasn.so from PASN common code. Include
C++ compatibilty wrapper to extend libpasn.so support for modules using
cpp code base.

This library can be used in applications implementing protocols based on
the PASN handshake.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:52:15 +02:00
Vinay Gannevaram
af5eec3b37 PASN: Function handler to transmit Authentication frames
Introduce a function handler to transmit PASN Authentication frames to
the driver. This removes the wpa_s dependency from PASN functionality
for sending the frames.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:41:59 +02:00
Vinay Gannevaram
629bbc91b1 PASN: Remove dependency of wpa_ssid for initiator
Get ssid and derive required information for SAE and FILS tunneled PASN
authentication to remove struct wpa_ssid dependency for PASN initiator.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:41:59 +02:00
Vinay Gannevaram
e7f45ca11d PASN: Remove wpa_s dependency for wpas_pasn_start()
Before invoking wpas_pasn_start(), derive KDK and secure LTF flags.
Instead of using network id for pasn_start(), use a pointer to the
struct wpa_ssid.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:41:59 +02:00
Vinay Gannevaram
0be131265a PASN: Remove wpa_s dependency for wpas_pasn_build_auth_1()
Obtain RSNXE capabilities from the driver flags as well and save them in
the wpas_pasn structure.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:41:59 +02:00
Vinay Gannevaram
086ccdc598 PASN: Remove wpa_s dependency for the functions processing RX frames
Remove wpa_s dependency for processing PASN M2 frame and preparing M3
frame. To hold the context of wpa_s when transmitting M3 frame, add cb
ctx.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:41:59 +02:00
Vinay Gannevaram
e2e87b90bf PASN: Remove wpa_s dependency for wpas_pasn_auth_tx_status()
This is a step towards allowing the PASN implementation to be used
outside the context of wpa_supplicant.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:41:59 +02:00
Vinay Gannevaram
de4b73a36a PASN: Remove wpa_s dependency for FILS wrapped data
To avoid reuse without struct wpa_supplicant, add new parameters to
struct wpas_pasn for FILS.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:41:59 +02:00
Vinay Gannevaram
90bb73c518 PASN: Remove wpa_sm dependency to add an entry to PMKSA cache
Store PMKSA cache entry in wpas_pasn and remove wpa_sm dependency to add
an entry to PMKSA cache. This is a step towards allowing the PASN
implementation to be used outside the context of wpa_supplicant.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:41:56 +02:00
Vinay Gannevaram
5313e5a790 PASN: Remove unused wpa_s parameter for wpas_pasn_sae_setup_pt()
This removes unnecessary struct wpa_supplicant dependency for
wpas_pasn_sae_setup_pt().

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:19:14 +02:00
Vinay Gannevaram
f636cbd048 PASN: Remove wpa_s dependency for SAE wrapped data functions
Use struct wpas_pasn (i.e., &wpa_s->pasn) as the function argument for
the SAE functionality that does not need the full struct wpa_supplicant
context. This is a step towards allowing PASN to be used outside the
context of wpa_supplicant.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:19:14 +02:00
Vinay Gannevaram
5535fbcfac PASN: Add wpa_pasn_reset() to eliminate need for struct wpa_supplicant
Split wpas_pasn_reset() so that the main reset steps can be used without
an instance of struct wpa_supplicant. This is needed to allow PASN
implementation to be used for additional purposes outside the context of
wpa_supplicant.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:19:14 +02:00
Qiwei Cai
6f3efa21c2 MLD STA: Fix crash caused by NULL wpa_s->current_ssid
For wpa_supplicant_get_new_bss(), wpa_s->current_ssid can be NULL in
some cases. Add a NULL check before accessing it to avoid NULL pointer
dereference errors.

Fixes: 7784964cbe ("MLD STA: Fetch MLO connection info into core wpa_supplicant")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-03 17:39:49 +02:00
Jouni Malinen
90cef4f211 MLD STA: Fully clear MLO info to avoid use of uninitialized members
The initial wpa_drv_get_mlo_info() implementation cleared only the
valid_links information within struct driver_sta_mlo_info before trying
to fetch the information from the driver. While this is likely going to
work fine in practice, this can result in static analyzer warnings on
use of uninitialized memory (e.g., mlo.assoc_link_id could have been
read if wpa_s->valid_links was set to a nonzero value). In any case, it
is better to avoid such unnecessary warnings by clearing the full data
structure before using it.

Fixes: 7784964cbe ("MLD STA: Fetch MLO connection info into core wpa_supplicant")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-02 11:56:46 +02:00
Veerendranath Jakkam
496a1ced16 MLD STA: Use MLD addresses for sending non-Public Action frames
The Linux kernel expects to use the AP MLD address as destination and
BSSID addresses for non-Public Action frames when the current
association is MLO capable. Use the MLD addresses to support this.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-10-31 17:24:29 +02:00
Veerendranath Jakkam
17ae988736 MLD STA: Support processing of M1 received before association event
EAPOL-Key msg 1/4 indication can be received before association
indication from the driver. For MLO connection, the source address check
of such frames should be against the AP MLD address instead of the
associated link BSSID.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-10-31 17:18:31 +02:00
Veerendranath Jakkam
73f540b6a7 MLD STA: Fetch MLO association Link ID info to core wpa_supplicant
Fetch the MLO association Link ID info from the driver to the
wpa_supplicant instance of the corresponding MLD STA interface. This
info is needed when setting the MLO connection info to wpa_sm.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-10-31 12:07:41 +02:00
Jouni Malinen
e5d15e2254 EHT: Allow EHT to be disabled using disable_eht=1 in wpa_supplicant
This is similar to the previously added disable_ht/vht/he parameters.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-17 11:13:09 +03:00
Jouni Malinen
041f6cea94 SAE: Accept FT and -EXT-KEY AKMs for external auth
Use a full list of AKM suite selectors that can use SAE authentication
when checking for authentication trigger from the driver.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-16 18:35:51 +03:00
Matthew Wang
b72922796a P2P: Get cached scan results on iface creation to avoid scan
This allows the P2P client to fast associate if the GO is already in the
scan cache without doing a full scan.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2022-10-16 18:27:33 +03:00
Jouni Malinen
8392ea9e75 SAE: Fix AKM suite selector check for external authentication
AKM suite selector check was initially implemented with incorrect byte
swapping of the value from the driver (nl80211). Fix this and leave a
workaround option for any potentially deployed device where the driver
might be using the swapped byte order.

Fixes: 5ff39c1380 ("SAE: Support external authentication offload for driver-SME cases")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-16 18:25:11 +03:00
Chaoli Zhou
5607abe2e8 WNM: Print unsupported neighbor report subelements in debug log
This can be helpful in trying to figure out what might need to be added
in the future.

Signed-off-by: Chaoli Zhou <quic_zchaoli@quicinc.com>
2022-10-14 16:14:47 +03:00
Chaoli Zhou
fcdd76fa28 Interworking: Print unsupported inner EAP-TTLS method in debug log
This can be helpful in trying to figure out unexpected behavior even
though we do not currently really do anything with the inner method
type.

Signed-off-by: Chaoli Zhou <quic_zchaoli@quicinc.com>
2022-10-14 16:13:24 +03:00
Chaoli Zhou
f8a05de669 Move default action from after switch to within
Move from this type of constructions:

switch (val) {
case 1:
	something;
	break;
}
default-action;

into following:

switch (val) {
case 1:
	something;
	break;
default:
	default-action;
	break
}

for cases where the switch statement is not expected to contain a full
set of enum values and as such, does not lose value from not having the
default target.

This makes the intent of default behavior clearer for static analyzers like
gcc with -Wswitch-default.

Signed-off-by: Chaoli Zhou <quic_zchaoli@quicinc.com>
2022-10-14 16:08:20 +03:00
Chaoli Zhou
5f3cdc0648 Override ieee80211w from pmf for AP mode in wpa_supplicant
Since NetworkManager doesn't support setting ieee80211w to
wpa_supplicant and only support pmf, so override ieee80211w from pmf for
AP mode if ieee80211w not configurated. Do not change behavior for the
P2P GO cases.

Signed-off-by: Chaoli Zhou <quic_zchaoli@quicinc.com>
2022-10-10 12:30:30 +03:00
Jouni Malinen
2b972a35b3 DPP: Require PMF when profile is for SAE without PSK
While the IEEE 802.11 standard does not require MFPR=1, WPA3-Personal
requires PMF to be used with SAE. Use the stronger MFPR=1 configuration
for SAE-without-PSK case, i.e., interpret that as "WPA3-Personal only"
configuration.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-07 19:56:30 +03:00
Jouni Malinen
8219d2b7dd PASN: Fix CONFIG_PASN=y build without CONFIG_IEEE80211R=y
Do not try to use variables that are not defined without
CONFIG_IEEE80211R=y and add the forgotten "inline" for the function
wrapper.

Fixes: 5c65ad6c0b ("PASN: Support PASN with FT key derivation")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-04 20:41:54 +03:00
Sunil Ravi
c5b950b6af Fix compilation error due to use of bitwise '&' with boolean operands
Compiler throws a warning for using bitwise operation in
wpa_s_setup_sae_pt() function instead of logical AND operation on two
boolean values.

Fixes: e81ec0962d ("SAE: Use H2E unconditionally with the new AKM suites")
Signed-off-by: Sunil Ravi <sunilravi@google.com>
2022-09-23 00:37:30 +03:00
Sunil
7bdd3f2aa6 P2P: Allow P2P CSA from 5 GHz to 2.4 GHz band
IEEE Std 802.11-2020, 11.8.8 (Selecting and advertising a new channel)
doesn't restrict switching to a channel which is not in the same band as
the current band. But at the same time, there are some issues in
switching between the 2.4/5 GHz bands and the 6 GHz band. So limit the
check to consider the critical use case of switching from a 5 GHz channel
to a 2.4 GHz channel.

Signed-off-by: Sunil Ravi <sunilravi@google.com>
2022-09-23 00:29:24 +03:00