Commit graph

18676 commits

Author SHA1 Message Date
Yichen Yu
a678a510fb dbus: Add D-Bus signal for PSK mismatch heuristics
As a workup action during disassociation, wpa_supplicant checks if the
disconnection could have been caused by PSK mismatch during WPA 4-way
handshake with function could_be_psk_mismatch() in event.c. A MSG_INFO
message will be sent on the control interface when there could be a PSK
mismatch, and this heuristic can be useful to indicate if the
disconnection is caused by a wrong passphrase provided by the user.
Here, propagate a new D-Bus signal 'PskMismatch' to notify other
applicantions.

Signed-off-by: Yichen Yu <yichenyu@chromium.org>
2023-02-21 11:24:06 +02:00
Ayala Beker
691f729d5d P2P: Make invitation flow less aggressive
Currently invitation request wait time is very long and not needed for
sending a single Action frame only. To not interfere with other parallel
channel activities, decrease the wait time to to 150 ms in case of an
active P2P GO on the system.

In addition, if a P2P GO tries to invite a client that doesn't respond,
it will attempt to invite again after 100 ms. This is too aggressive and
may result in missing beacon transmission and affecting GO activity on
its operating channel. Increase the timeout to 120 ms, to allow enough
time for beacon transmission.

Signed-off-by: Ayala Beker <ayala.beker@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-02-21 11:19:15 +02:00
Nicolas Cavallari
f4a7e2a07c Rework IBSS/mesh 80 MHz channel selection
- Do not try to enable 80 MHz if 40 MHz is disabled or not selected (e.g.,
  due to obss_scan).
- If it is not possible to use 80 HMz or even 40 MHz, still attempt to
  configure HE40/VHT40/HE20/VHT20 instead of bailing out.
- When bailing out, also disable HE.

Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
2023-02-21 00:32:37 +02:00
Nicolas Cavallari
f91f971bde Fix creating 6 GHz IBSS/mesh on 5/6 GHz-capable PHYs
If the PHY supports both 5 GHz and 6 GHz bands, there will be two
different struct hostapd_hw_modes with mode HOSTAPD_MODE_IEEE80211A,
one for each band, with potentially different capabilities.

Check that the struct hostapd_hw_modes actually contains the frequency
before selecting it.

Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
2023-02-21 00:32:10 +02:00
Nicolas Cavallari
c623cee421 Make arrays static const in ibss_mesh_select_*()
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
2023-02-21 00:32:08 +02:00
Nicolas Cavallari
64043e6156 Split ibss_mesh_setup_freq() into multiple functions
ibss_mesh_setup_freq() has become a 342 line function with 23 local
variables, 1 or 2 goto labels depending on ifdefs and its logic is
quite unpredictable.

Split it into multiple functions. No functional change intended, it
should be bug-compatible with the original code, except for some log
messages that are skipped more often.

Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
2023-02-21 00:28:11 +02:00
Jouni Malinen
1cde2549ec tests: WPA2-PSK and STA using 4addr mode
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-21 00:12:34 +02:00
Konstantinos Natsakis
8085a7e656 wpa_supplicant: Add option to explicitly set 4addr mode
Add a new network profile option enable_4addr_mode=1 that puts an
interface in 4addr mode, for interfaces meant to be added to a bridge.

Signed-off-by: Konstantinos Natsakis <infradead.org@aleph-0.net>
2023-02-21 00:00:07 +02:00
Kaidong Wang
1ffc7d1c65 Apply bias towards 6 GHz in roaming
wpa_supplicant_need_to_roam_within_ess() applies bias to the minimum
difference of the signal level required to roam if the roam is from 2.4
GHz to higher band, but doesn't apply bias if the roam is from a lower
band to 6 GHz. Add bias towards 6 GHz, as 6 GHz networks usually provide
higher throughput.

Signed-off-by: Kaidong Wang <kaidong@chromium.org>
2023-02-20 23:52:18 +02:00
Jouni Malinen
217d5e4796 tests: WNM event report
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-20 22:00:16 +02:00
Yi-Chia Hsieh
faa4102926 WNM: Event report handling for BSS color collision and in-use
Add support for WNM event report handling for the BSS color collision
and in use events.

Co-developed-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Yi-Chia Hsieh <yi-chia.hsieh@mediatek.com>
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
2023-02-20 22:00:13 +02:00
Remco Rijnders
97405be969 Small textual improvements to wpa_supplicant man page
Signed-off-by: Remco Rijnders <remco@webconquest.com>
2023-02-20 19:38:02 +02:00
Antonio Prcela
ec02a0e936 hostapd: Output hw_mode when using STATUS
Adding the hw_mode config parameter to the STATUS output to easier
determine the current hw_mode of an hostapd access-point. Currently
neither STATUS, GET hw_mode, nor GET_CONFIG output it.

Useful if the hostapd access point has been created with
wpa_ctrl_request() without using a *.conf file, like hostapd.conf.

Signed-off-by: Antonio Prcela <antonio.prcela@gmail.com>
Signed-off-by: Antonio Prcela <antonio.prcela@sartura.hr>
2023-02-20 19:38:02 +02:00
Yihong Wu
390e24c6cb EAP-TTLS server: Add Ident field to MS-CHAP-Error
Per RFC 2548, 2.1.5, MS-CHAP-Error contains an Ident field of one octet
followed by an ASCII message. Add the missing Ident field.

Signed-off-by: Yihong Wu <wu@domosekai.com>
2023-02-20 19:38:02 +02:00
Hu Wang
4ae798a22c P2P: Pick the best driver pref freq for invitation process
Move the logic of picking the best driver pref freq into a separate
function, and use this to extend the functionality for invitation
process.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-20 19:37:26 +02:00
Jouni Malinen
351761e994 tests: Ignore dpp-ca.py in git status
Some of the test cases can use dpp-ca.py symlink to sigma-dut.git. That
symlink is not in the repository, so ignore it explicitly in git status.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-17 16:25:33 +02:00
Jouni Malinen
1bc93b7fe3 tests: Clear SAE groups for dpp_ap_config_sae
This is needed to avoid failures due to previously executed test cases.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-17 16:20:20 +02:00
Hari Chandrakanthan
6c75f1dfaf Send broadcast Probe Response frames on the 6 GHz band
Change Probe Response frames to be sent as broadcast for 6 GHz band per
IEEE Std 802.11ax‐2021, 26.17.2.3.2: "If a 6 GHz AP receives a Probe
Request frame and responds with a Probe Response frame (per 11.1.4.3.4),
the Address 1 field of the Probe Response frame shall be set to the
broadcast address, unless the AP is not indicating its actual SSID in
the SSID element of its Beacon frames."

Signed-off-by: Hari Chandrakanthan <quic_haric@quicinc.com>
2023-02-17 16:05:37 +02:00
Veerendranath Jakkam
edfcb2f1a9 MLD STA: Indicate MLO support in NL80211_CMD_CONNECT
Send NL80211_ATTR_MLO_SUPPORT flag in NL80211_CMD_CONNECT to indicate
wpa_supplicant has support to handle MLO connection for SME-in-driver
case.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-02-15 23:50:03 +02:00
Veerendranath Jakkam
c91852044d MLD STA: Add support for SAE external authentication offload to userspace
Enable MLO for SAE authentication when the driver indicates the AP MLD
address in an external authentication request. The MAC address of the
interface on which the external authentication request received will be
used as the own MLD address.

This commit does below for enabling MLO during external SAE
authentication:
- Use MLD addresses for SAE authentication.
- Add Basic Multi-Link element with the own MLD address in SAE
  Authentication frames.
- Send SAE Authentication frames with the source address as the own MLD
  address, destination address and BSSID as the AP MLD address to the
  driver.
- Validate the MLD address indicated by the AP in SAE Authentication
  frames against the AP MLD address indicated in external authentication
  request.
- Store the PMKSA with the AP MLD address after completing SAE
  authentication.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-02-15 23:49:59 +02:00
Liangwei Dong
575712450a qca-vendor: Add QCA_WLAN_VENDOR_MCC_QUOTA_TYPE_LOW_LATENCY
Add QCA_WLAN_VENDOR_MCC_QUOTA_TYPE_LOW_LATENCY attribute
to enable/disable Multi-Channel concurrency low latency mode.
The firmware will do optimization of channel time quota for
low latency in Multi-Channel concurrency state if enabled.

Signed-off-by: Liangwei Dong <quic_liangwei@quicinc.com>
2023-02-15 23:31:07 +02:00
Jouni Malinen
9f5f066d27 tests: Clear SAE groups before the HE 6 GHz test cases
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-14 13:55:36 +02:00
Jouni Malinen
641f2868de tests: FT and VLAN in wpa_psk file
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-14 11:47:25 +02:00
Jouni Malinen
ba150059d1 FT: Store PMK-R0/PMK-R1 after EAPOL-Key msg 2/4 MIC validation
hostapd was previously storing the derived PMK-R0 and PMK-R1 as soon as
these keys were derived. While that is fine for most purposes, it is
unnecessary to do that so quickly and if anything were to fail before
the supplicant is able to return a valid EAPOL-Key msg 2/4, there would
not really be any real use for the derived keys.

For the special case of FT-PSK and VLAN determination based on the
wpa_psk file, the VLAN information is set in the per-STA data structures
only after the EAPOL-Key msg 2/4 MIC has been verified. This ended up
storing the PMK-R0/PMK-R1 entries without correct VLAN assignment and as
such, any use of the FT protocol would not be able to transfer the VLAN
information through RRB.

Split local storing of the FT key hierarchy for the cases using the FT
4-way handshake so that PMK-R0 and PMK-R1 are first derived and then
stored as a separate step after having verified the MIC in the EAPOL-Key
msg 2/4 (i.e., after having confirmed the per-STA passphrase/PSK was
selected) and VLAN update. This fixes VLAN information for the
wpa_psk_file cases with FT-PSK.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-14 11:47:25 +02:00
Jouni Malinen
e4d1000cac tests: Verify hostapd STA vlan_id value
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-13 23:22:10 +02:00
Jouni Malinen
4994fa9e59 wlantest: Parse Multi-Link element in (re)association frames
Print the details from the Multi-Link elements from the association
exchange.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-13 21:34:58 +02:00
Chunquan Luo
56662f36da Refine vendor subcmd QCA_NL80211_VENDOR_SUBCMD_ROAM_STATS
During implementation of commit 257b119c2d ("QCA vendor attribute of
update roaming cached statistics info") some deficiencies were noted as
listed below, so fix them. Since these are pre-implementation changes,
no ABI breakage is introduced.

1) Change all RSSI values to be signed values.
2) Add enums for scan type and dwell type instead of documenting
   their values with comments
3) Add missing QCA_ROAM_REASON_STA_KICKOUT to enum qca_roam_reason

Signed-off-by: Chunquan Luo <quic_chunquan@quicinc.com>
2023-02-10 13:23:44 +02:00
Jouni Malinen
eff82f93af tests: Make pmksa_cache_and_cui more robust
Make sure hostapd has had time to complete 4-way handshake processing
before initiating reauthentication from wpa_supplicant. There is a small
window for race condition here when testing with UML and time travel.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-10 13:11:54 +02:00
Jouni Malinen
2d3afc273d tests: MACsec with EAP-PSK
This verifies use of a shorter than 65 octet EAP Session-Id.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-10 12:41:03 +02:00
Jouni Malinen
72b8193f41 MACsec: Remove EAP Session-Id length constraint
The initial MACsec implementation required the EAP Session-Id to be at
least 65 octets long and by truncating the value to that length, the
practical limit of functional cases was limited to that exact length of
65 octets. While that happens to work with EAP method that use TLS, it
does not work with most other EAP methods.

Remove the EAP Session-Id length constraint and allow any length of the
Session-Id as long as the EAP method provides one. In addition, simplify
this be removing the unnecessary copying of the Session Id into a new
allocated buffer.

Fixes: dd10abccc8 ("MACsec: wpa_supplicant integration")
Fixes: a93b369c17 ("macsec: Support IEEE 802.1X(EAP)/PSK MACsec Key Agreement in hostapd")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-10 12:31:01 +02:00
Raphaël Mélotte
3915e8834e hostapd: Report error on unknown ACCEPT_ACL/DENY_ACL commands
Currently when using ACCEPT_ACL or DENY_ACL, no error is reported if
the rest of the command is unknown (e.g. 'ACCEPT_ACL FOOBAR' reports
'OK').

On the other hand, hostapd_cli makes it possible to use 'accept_acl'
and 'deny_acl' in lowercase, but the rest of the command (i.e. 'SHOW',
'ADD_MAC', 'CLEAR', etc) must be in uppercase.

As a result, the command 'accept_acl clear' could seem valid when
using hostapd_cli (as it reports 'OK'), while it actually does not do
anything (because 'clear' must be in uppercase).

To let users know whether the command really succeeded or not, report
an error when the command was not understood.

Note that this is also consistent with the way it is currently
implemented in wpa_supplicant.

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
2023-02-01 18:38:21 +02:00
Mordechay Goodstein
2cff340d17 utils: Move log2pcap to python3
python2 is deprecated so move script to python3.
While at it, make some minor adjustments.

Signed-off-by: Mordechay Goodstein <mordechay.goodstein@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-02-01 18:34:57 +02:00
Krishna T
12de8112b7 Fix BSS age underflow
While checking for stale BSSes, the current time is used as a basis and
then based on age the stale check time is calculated, but if this is
done too early in the boot and if either BOOTTIME/MONOTONIC (the one
Zephyr uses by default) are used then the stale check time underflows
and goes to future causing active BSS entries in the scan to be treated
as stale and flushed.

Fix this by adding a check before calculating stale time and ignore this
check till the system reaches the BSS expiration time (this would never
happen with REALTIME clock).

Signed-off-by: Krishna T <krishna.t@nordicsemi.no>
Signed-off-by: Sridhar Nuvusetty <sridhar.nuvusetty@nordicsemi.no>
2023-02-01 18:30:27 +02:00
Jouni Malinen
047da5fe3a tests: wpa_supplicant config file parsing of an invalid network
This is a regression test for a NULL pointer dereferencing from commit
d8d2b3a338 ("Implement read-only mode for SSIDs from the additional
config (-I)") .

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-01 18:26:35 +02:00
Krishna
d31c2b43aa Fix segfault in case of an invalid configuration
The RO variable is being assigned before the SSID is NULL checked, so,
any invalid configuration leads to a segmentation fault.

Fixes: d8d2b3a338 ("Implement read-only mode for SSIDs from the additional config (-I)")
Signed-off-by: Chaitanya Tata <chaitanya.tk17@gmail.com>
2023-02-01 18:24:13 +02:00
Jouni Malinen
825a545279 tests: Clear sae_groups in radius_sae_password
This is needed to avoid failures caused by previous test cases having
left behind constraints on the allowed groups.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-31 12:00:18 +02:00
Veerendranath Jakkam
a32b424a3d MLD STA: Use AP MLD address in PMKSA cache attempts for driver-SME case
The previous implementation handles PMKSA cache attempts with AP MLD
address only for SME-in-wpa_supplicant cases since wpa_s->valid_links
wouldn't be set for SME-in-driver cases.

Fix SME-in-driver behavior by enabling PMKSA cache attempts with AP MLD
address when driver supports MLO and SME offload to driver.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-01-31 11:20:18 +02:00
Veerendranath Jakkam
8c4790cef8 MLD STA: Store PMKSA with AP MLD address for MLO connection event
Store PMKSA with AP MLD address while processing connect event for OWE
and FILS when the connection is MLO capable.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-01-31 11:19:41 +02:00
Jouni Malinen
bf124a03d5 SAE: Update PT value at later point for SME cases, if needed
It was possible to hit a case where the SAE PT had not yet been derived,
e.g., when using P2P group re-invocation. Update PT use at the time
authentication is started, if needed, to avoid this. While this is not
really ideal from the externally observable timing view point, this is
done only for the case where there is no other option available with a
dynamically changing network configuration for P2P. Similar design was
already in place for the SAE offload-from-driver (external auth) case.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-30 23:23:22 +02:00
Qiwei Cai
1aadcca0a7 P2P: Enable SAE-H2E for client when joining a 6 GHz group
Both P2P GO and client always save key_mgmt = WPA_KEY_MGMT_PSK in the
configuration when storing a persistent group. Next time, when a GO is
started as an autonomous GO on a 6 GHz channel, it will change key_mgmt
to SAE and use hash-to-element mechanism, but the P2P client doesn't
change the parameter even if the group it wants to join is operating on
a 6 GHz channel. The P2P connection will be failed due to reason 'reject
due to mismatch with WPA/WPA2'.

Enable SAE-H2E for P2P client in this case.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-30 23:21:33 +02:00
Jouni Malinen
37f8257c4f SAE: Extend automatic enabling of H2E on 6 GHz to additional cases
Commit 3a0edb2cd8 ("SAE: Enable H2E for 6 GHz BSS") started enabling
H2E automatically for SAE use on the 6 GHz band, but it did not update
these steps in verifying whether the STA has matching configuration for
a BSS that mandates use of H2E and whether to use PT for SAE in SME.
Update these to be aware of automatic H2E enabling.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-30 23:21:06 +02:00
Jouni Malinen
89377c6b9c OCV: Fix build without CONFIG_OCV=y
ssid->ocv is defined within CONFIG_OCV block, so the use for it needs to
match.

Fixes: dc7e330e0b ("Set OCV capability based on Association Request frame RSNE")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-30 11:23:35 +02:00
Jouni Malinen
d44a7e38d1 tests: Use nproc for determining how many parallel jobs to use (fuzz)
This was already done in tests/hwsim/build.sh, but the fuzzing
build-test.sh can do same instead of using the hardcoded value 8.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-30 11:21:45 +02:00
Shivani Baranwal
bf931c5f8d tests: P2P Service Discovery initiated from Go device.
Add a new P2P Service Discovery test to verify the handling of the
SD response frame received by the GO device.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2023-01-25 23:47:33 +02:00
Shivani Baranwal
2e47ea22cc P2P: Fix handling Service Discovery Response received by GO device
The received Service Discovery Response frame follows the ap_mgmt_rx()
path in P2P GO mode. If gas_query_rx_frame() doesn't process the frame,
call the Public Action frame callbacks if any are registered for further
processing of the RX frame.

Fixes: 9c2b8204e6 ("DPP: Integration for hostapd")
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2023-01-25 23:47:33 +02:00
Aleti Nageshwar Reddy
dc7e330e0b Set OCV capability based on Association Request frame RSNE
Currently, OCV self-capability is being set into the RSN supplicant
state machine only during the initial connection and never getting
updated. But for the driver-SME cases the driver may enable/disable OCV
in (Re)Association Request frame RSNE based on the AP chosen to roam.
This will lead to missing synchronization between wpa_supplicant and the
driver. Thus, update OCV self-capability in the wpa_supplicant RSN state
machine based on the (Re)Association Request frame RSNE indicated in the
connect response.

Signed-off-by: Aleti Nageshwar Reddy <quic_anageshw@quicinc.com>
2023-01-25 23:47:33 +02:00
Jouni Malinen
e8706c109e tests: Work around pyrad issues with octet strings that start with "0x"
pyrad's tools.py EncodeOctets() uses a design that tries to
automatically determine when the octetstring is a hex string based on
the binary data starting with "0x". That is not really nice since it
will result in failing one out of 65536 possible random inputs with
"binascii.Error: Non-hexadecimal digit found" when trying to decode an
actual (non-hex) binary string as a hexstring.

Work around this by convering the special cases where the
Message-Authenticator binary value happens to start with b"0x" to a
hexstring.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-25 23:47:33 +02:00
Jouni Malinen
85ac165d64 tests: Allow some more time for a scan in discovery_group_client
This makes the test case a bit more likely to be able to complete with
S1G being enabled in mac80211_hwsim. However, the 15 second P2P protocol
timeout itself can be hit in this type of a case and the test case will
still fail every now and then if all mac80211_hwsim supported channels
are included.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-25 23:47:33 +02:00
Jouni Malinen
d5b7560de5 tests: Clear sae_groups in pasn_sae_kdk
This test case could have failed when executed after a test case that
had forced a specific set of SAE groups.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-25 23:47:33 +02:00
Jouni Malinen
a70a4672d8 tests: Allow more VMs to be used that there are screen lines
curses prints were causing parallel-vm.py to terminate if there were too
many VMs to fit into the screen. For now, simply hide any VMs from the
live status if there is not sufficient room for them.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-25 23:47:33 +02:00