Advertise vendor specific Multi-AP IE in (Re)Association Request frames
and process Multi-AP IE from (Re)Association Response frames if the user
enables Multi-AP fuctionality. If the (Re)Association Response frame
does not contain the Multi-AP IE, disassociate.
This adds a new configuration parameter 'multi_ap_backhaul_sta' to
enable/disable Multi-AP functionality.
Enable 4-address mode after association (if the Association Response
frame contains the Multi-AP IE). Also enable the bridge in that case.
This is necessary because wpa_supplicant only enables the bridge in
wpa_drv_if_add(), which only gets called when an interface is added
through the control interface, not when it is configured from the
command line.
Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org>
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The purpose of Multi-AP specification is to enable inter-operability
across Wi-Fi access points (APs) from different vendors.
This patch introduces one new configuration parameter 'multi_ap' to
enable Multi-AP functionality and to configure the BSS as a backhaul
and/or fronthaul BSS.
Advertise vendor specific Multi-AP capabilities in (Re)Association
Response frame, if Multi-AP functionality is enabled through the
configuration parameter.
A backhaul AP must support receiving both 3addr and 4addr frames from a
backhaul STA, so create a VLAN for it just like is done for WDS, i.e.,
by calling hostapd_set_wds_sta(). Since Multi-AP requires WPA2 (never
WEP), we can safely call hostapd_set_wds_encryption() as well and we can
reuse the entire WDS condition.
To parse the Multi-AP Extension subelement, we use get_ie(): even though
that function is meant for parsing IEs, it works for subelements.
Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org>
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Include and verify the OCI element in WNM-Sleep Exit Request and
Response frames. In case verification fails, the frame is silently
ignored.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
After the network changed to a new channel, perform an SA Query with the
AP after a random delay if OCV was negotiated for the association. This
is used to confirm that we are still operating on the real operating
channel of the network. This commit is adding only the station side
functionality for this, i.e., the AP behavior is not changed to
disconnect stations with OCV that do not go through SA Query.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.
On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.
Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.
As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
Include and verify the the OCI element in (Re)Association Request and
Response frames of the FT handshake. In case verification fails, the
handshake message is silently ignored.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
Verify the received OCI element in the 4-way and group key handshakes.
If verification fails, the handshake message is silently dropped.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
Use the information elements that were present in the (Re)Association
Request frame to derive the maximum bandwidth the AP will use to
transmit frames to a specific STA. By using this approach, we don't need
to query the kernel for this information, and avoid having to add a
driver API for that.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
ocv_verify_tx_params() verifies that the receive OCI element includes
field values that are compatible with the local channel configuration.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
If Operating Channel Verification is negotiated, include the OCI KDE
element in EAPOL-Key msg 2/4 and 3/4 of the 4-way handshake and both
messages of the group key handshake.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
Set the OCV bit in RSN capabilities (RSNE) based on AP mode
configuration. Do the same for OSEN since it follows the RSNE field
definitions.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
APs and mesh peers use the VHT Operation element to advertise certain
channel properties (e.g., the bandwidth of the channel). Save this
information element so we can later access this information.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
This adds two utility functions to convert both operating classes and
and the chan_width enum to an integer representing the channel
bandwidth. This can then be used to compare bandwidth parameters in an
uniform manner.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
This function can be used to easily convert the parameters returned
by the channel_info driver API, into their corresponding operating
class and channel number.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
This adds the necessary functions and callbacks to make the channel_info
driver API available to the authenticator state machine that implements
the 4-way and group key handshake. This is needed for OCV.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
This adds the necessary functions and callbacks to make the channel_info
driver API available to the supplicant state machine that implements the
4-way and group key handshake. This is needed for OCV.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
This adds driver API functions to get the current operating channel
parameters. This encompasses the center frequency, channel bandwidth,
frequency segment 1 index (for 80+80 channels), and so on.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
This adds support for hostapd-as-RADIUS-authentication-server to request
subscription remediation for SIM-based credentials. The new hostapd.conf
parameter hs20_sim_provisioning_url is used to set the URL prefix for
the remediation server for SIM provisioning. The random
hotspot2dot0-mobile-identifier-hash value will be added to the end of
this URL prefix and the same value is stored in a new SQLite database
table sim_provisioning for the subscription server implementation to
use.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Expose EAP method and IMSI from the completed (or ongoing) EAP
authentication session. These are needed for implementing Hotspot 2.0
SIM provisioning.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The new hostapd configuration parameter hs20_release can be used to
configure the AP to advertise a specific Hotspot 2.0 release number
instead of the latest supported release. This is mainly for testing
purposes.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
It is better not to process a new (most likely repeated) FILS HLP
request if a station retransmits (Re)Association Request frame before
the previous HLP response has either been received or timed out. The
previous implementation ended up doing this and also ended up
rescheduling the fils_hlp_timeout timer in a manner that prevented the
initial timeout from being reached if the STA continued retransmitting
the frame. This could result in failed association due to a timeout on
the station side.
Make this more robust by processing (and relaying to the server) the HLP
request once and then ignoring any new HLP request while the response
for the relayed request is still pending. The new (Re)Association
Request frames are otherwise processed, but they do not result in actual
state change on the AP side before the HLP process from the first
pending request is completed.
This fixes hwsim test case fils_sk_hlp_oom failures with unmodified
mac80211 implementation (i.e., with a relatively short retransmission
timeout for (Re)Association Request frame).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The NFC connection handover specific case of WPS public key generation
did not verify whether the two wpabuf_dup() calls succeed. Those may
return NULL due to an allocation failure and that would result in a NULL
pointer dereference in dh5_init_fixed().
Fix this by checking memory allocation results explicitly. If either of
the allocations fail, do not try to initialize wps->dh_ctx and instead,
report the failure through the existing error case handler below.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org
This allows EAP user database entries for "cert-<serial number>" to be
used for client certificate based parameters when using EAP-TLS. This
commit addresses only the full authentication case and TLS session
resumption is not yet covered.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Also add the ChangeLog entries for both hostapd and wpa_supplicant to
describe main changes between v2.6 and v2.7.
Signed-off-by: Jouni Malinen <j@w1.fi>
If association failed for any non-OWE specific reason, the previous
implementation tried to add the OWE related IEs into the (Re)Association
Response frame. This is not needed and could actually result in
dereferencing a NULL pointer. Fix this by adding those OWE related IEs
only for successful association and only if the RSN state machine has
been initialized.
Signed-off-by: Jouni Malinen <j@w1.fi>
Some mac80211_hwsim test cases have failed with mysterious sequence
where mac80211 has claimed the parameters are invalid ("wlan3: invalid
CW_min/CW_max: 9484/40"). Those values look strange since they are not
from hostapd configuration or default values.. hostapd is seeing TX
queue parameter set failing for queues 0, 1, and 3 (but not 2) for these
cases. Add debug prints to hostapd to get more details on what exactly
is happening if such error cases can be reproduced.
Signed-off-by: Jouni Malinen <j@w1.fi>
The reverse case (local identifier configured but no identifier
received) was already covered, but PKEX is not going to complete
successfully if there is any difference in identifier configuration, so
ignore this other case as well. This avoids unnecessary responses to
PKEX requests with identifier from a device that is ready for PKEX in
general, but not for that particular request.
Signed-off-by: Jouni Malinen <j@w1.fi>
Both handle_action() and hostapd_action_rx() are used for processing
received Action frames depending on what type of driver architecture is
used (MLME in hostapd vs. driver) and which build options were used to
build hostapd. These functions had a bit different sequence for checking
the frame and printing debug prints. Make those more consistent by
checking that the frame includes the category-specific action field and
some payload. Add a debug print for both functions to make it easier to
see which path various Action frames use.
Signed-off-by: Jouni Malinen <j@w1.fi>
Avoid smatch warning on this even thought the only caller of the
function uses a non-NULL pointer in all cases.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The currently unused conf_offset parameter used a mismatching type (enum
vs. unsigned int) compared to the prototype.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Instead of going through the configuration exchange, reject invalid
legacy configurator parameters explicitly. Previously, configuring
legacy (psk/sae) parameters without psk/pass resulted in a config object
that used a zero length passphrase. With this change, that config object
is not sent and instead, either the initialization attempts is rejected
or the incoming initialization attempt is ignored.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The new conf variable was used only within the CONFIG_TESTING_OPTIONS
block and as such, added a warning about unused variable into
non-testing builds. Fix that by using that variable outside the
conditional block as well.
Fixes: a22e235fd0 ("OWE: Add testing RSNE for OWE assoc response with driver SME/MLME")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit enhances QCA_NL80211_VENDOR_SUBCMD_LINK_PROPERTIES to
also be an event, aimed to notify the link status (EX: connected
stations status on an AP link).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
When external authentication is used, a specific netlink socket is used
to send the connect command. If the same socket is not used for
disconnect command, cfg80211 will discard the command. This constraint
was added into the kernel in commit bad292973363 ("nl80211: Reject
disconnect commands except from conn_owner"). That requires an update
for the hostap.git commit 40a68f3384 ("nl80211: Create a netlink
socket handle for the Connect interface").
Add a new flag into struct i802_bss to indicate if the special
nl_connect socket was used for the connect command. When sending
disconnect command this flag is tested to select the correct socket.
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Add documentation to the wpa_signal_info structure.
Add a define for an invalid noise value.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
BSS additional/removal cases were not considered at all in the previous
implementation of hostapd configuration file reloading on SIGHUP. Such
changes resulted in num_bss values getting out of sync in runtime data
and configuration data and likely dereferencing of freed memory (e.g.,
when removing a BSS).
Fix this by forcing a full disable/enable sequence for the interface if
any BSS entry is added/removed or if an interface name changes between
the old and the new configuration.
Signed-off-by: Jouni Malinen <j@w1.fi>
A local memory allocation failuring during GAS Comeback Response frame
generation could result in freeing the response context without removing
it from the list. This would result in dereferencing freed memory when
processing the next comeback request.
Signed-off-by: Jouni Malinen <j@w1.fi>
If local memory allocation for the GAS response failed, couple of error
paths ended up leaking some memory maintaining the state for the
exchange. Fix that by freeing the context properly.
Signed-off-by: Jouni Malinen <j@w1.fi>
Back in December 2017, Jouni fixed the output side since that was
causing a kernel message to be printed, but the input side should
also be fixed, otherwise it will not work correctly on big-endian
platforms.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Parse the OSEN IE from the AP to determine values used in the AssocReq
instead of using hardcoded cipher suites. This is needed to be able to
set the group cipher based on AP advertisement now that two possible
options exists for this (GTK_NOT_USED in separate OSEN BSS; CCMP or
GTK_NOT_USED in shared BSS case). Furthermore, this is a step towards
allowing other ciphers than CCMP to be used with OSEN.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add QCA_NL80211_VENDOR_SUBCMD_COEX_CONFIG vendor command
to set the priorities among different types of traffic of
WLAN/BT/Zigbee during coex scenarios.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add interface for drivers to report changes in TX/RX throughput
dynamically to user space. This information can be used by userspace
tools to tune kernel's TCP parameters in order to achieve peak
throughput. The driver may optionally provide guidance on which TCP
parameters to be configured for optimal performance along with the
values to be configured.
The TCP parameters that need to be tuned for peak performance are not
interface specific. Based on the guidance from the driver and
considering the other interfaces that may be affected with the new
configurations, a userspace tool has to choose the values to be
configured for these parameters to achieve optimal performance across
interfaces.
The throughput levels informed by the driver with this event are only
for providing guidance on TCP parameter tuning from userspace. The
driver may change the thresholds used to decide low or medium or high
throughput levels based on several parameters based on the PHY layer
capacity in the current connection, the number of packets being
dispatched per second, or the number of packets pending in queues, etc.
The throughput levels may not be consistent with the actual throughput
of the link.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add a new wifi test config QCA vendor attribute to configure action
frame transmission in HE trigger based PPDU.
This is used for testbed configuration.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add a new wifi test config QCA vendor attribute to configure HE
single user PPDU transmission.
This is used for testbed configuration.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add a new wifi test config QCA vendor attributes to configure HE
operating mode control field bandwidth, number of spatial streams, and
UL MU disable configuration. Define a new attribute to clear the
previously set HE OM control field configuration. This is used for
testbed configuration.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Do not try to determine the length of the T&C Server URL before checking
that the URL is available. This got broken in a change to move the
handling to the AS. hostapd could potentially have hit a NULL pointer
dereference if the authentication server sent an unconsistent set of T&C
information.
Fixes: d4e39c51f8 ("HS 2.0: Move Terms and Conditions Server URL generation from AP to AS")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Earlier, the OCE flags were checked during hostapd initialization. This
doesn't address few cases like for example when the interface is added
from control interface. Move the OCE flag checks to the functions that
are forming the MBO/OCE IEs to cover all the different paths for
enabling a BSS. Also use macros as appropriate for readability.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add support for negotiating WNM Collocated Interference Reporting. This
allows hostapd to request associated STAs to report their collocated
interference information and wpa_supplicant to process such request and
reporting. The actual values (Collocated Interference Report Elements)
are out of scope of hostapd and wpa_supplicant, i.e., external
components are expected to generated and process these.
For hostapd/AP, this mechanism is enabled by setting
coloc_intf_reporting=1 in configuration. STAs are requested to perform
reporting with "COLOC_INTF_REQ <addr> <Automatic Report Enabled> <Report
Timeout>" control interface command. The received reports are indicated
as control interface events "COLOC-INTF-REPORT <addr> <dialog token>
<hexdump of report elements>".
For wpa_supplicant/STA, this mechanism is enabled by setting
coloc_intf_reporting=1 in configuration and setting Collocated
Interference Report Elements as a hexdump with "SET coloc_intf_elems
<hexdump>" control interface command. The hexdump can contain one or
more Collocated Interference Report Elements (each including the
information element header). For additional testing purposes, received
requests are reported with "COLOC-INTF-REQ <dialog token> <automatic
report enabled> <report timeout>" control interface events and
unsolicited reports can be sent with "COLOC_INTF_REPORT <hexdump>".
This commit adds support for reporting changes in the collocated
interference (Automatic Report Enabled == 1 and partial 3), but not for
periodic reports (2 and other part of 3).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
If driver supports self-managed regulatory domain, read reg-domain
information for that specific wiphy interface instead the global
information which may be different which such drivers. This fixes issues
where a regulatory update with a self-managed regulatory domain driver
ended up building incorrect list of supported channels for upper layer
hostapd/wpa_supplicant operations.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add a flag indicating if the device has the self-managed regulatory
support. Set the flag if NL80211_ATTR_WIPHY_SELF_MANAGED_REG attribute
is set when reading wiphy info.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
On Linux this flag will make sure that no file descriptor is
accidentally leaked into potential child processes. While this is not a
problem right now, it is considered to be good practice these days when
dealing with file descriptors on Linux.
Signed-off-by: Karol Babioch <karol@babioch.de>
Previously the file permissions for the debug log file were not
explicitly set. Instead it was implicitly relying on a secure umask,
which in most cases would result in a file that is world-readable. This
is a violation of good practices, since not every user should have
access to sensitive information that might be contained in the debug log
file.
Explicitly set sane default file permissions in case the file is newly
created.
Unfortunately the fopen(3) function does not provide such a facility, so
the approach needs to be changed in the following way:
1) The file descriptor needs to be created manually using the open(3)
function with the correct flags and the desired mode set.
2) fdopen(3) can then be used on the file descriptor to associate a file
stream with it.
Note: This modification will not change the file permissions of any
already existing debug log files, and only applies to newly created
ones.
Signed-off-by: Karol Babioch <karol@babioch.de>
In case the protocol used for the BSS is WPA, the WPA vendor IE should
be placed after all the non vendor IEs. Fix this for Beacon and Probe
Response frames.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Previously, when an AP interface was disabled through a control
interface DISABLE command during a channel switch window, the interface
could not be reenabled due to beacon setup failure (which validates if
CSA is in progress).
Fix this by clearing channel switch parameters while disabling the
hostapd interface.
Signed-off-by: Sriram R <srirrama@codeaurora.org>
Add NAN NDP attribute QCA_WLAN_VENDOR_ATTR_PEER_NDPE_SUPPORT which
indicates if NDP remote peer supports NDPE attribute or not.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is something useful to know and also eliminates format truncation
warnings.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
hash variable is allocated memory using eap_pwd_h_init(), but there are
couple of error case code paths which skips deallocation of hash. The
memory of hash is deallocated using eap_pwd_h_final(). Fix this by
calling eap_pwd_h_final() at the end of the function if execution got
there through one of those error cases.
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
When moving a 5 GHz VHT AP to 2.4 GHz band with VHT disabled through the
hostapd control interface DISABLE/reconfig/ENABLE commands, enabling of
the AP on 2.4 GHz failed due to the previously configured VHT capability
being compared with hardware VHT capability on 2.4 GHz band:
hw vht capab: 0x0, conf vht capab: 0x33800132
Configured VHT capability [VHT_CAP_MAX_MPDU_LENGTH_MASK] exceeds max value supported by the driver (2 > 0)
ap: interface state DISABLED->DISABLED
Since VHT (ieee80211ac) config is already disabled for the 2.4 GHz band,
add fix this by validating vht_capab only when VHT is enabled.
Fixes: c781eb8428 ("hostapd: Verify VHT capabilities are supported by driver")
Signed-off-by: Sathishkumar Muruganandam <murugana@codeaurora.org>
Previous implementation ended up triggering PMF check for previous
association and SA Query procedure incorrectly in cases where there is a
STA entry in hostapd, but that STA is not in associated state. This
resulted in undesired temporary rejection of the association with status
code 30.
This ended up breaking OWE group negotiation when PMF is in use since
the check for the OWE group would have happened only after this earlier
PMF check and rejection (i.e., the station got status code 30 instead of
the expected 77).
For example, when the AP is configured with OWE group 21 and a station
tries groups 19, 20, and 21 (in this sequence), the first two
Association Request frames should be rejected with status code 77.
However, only the first one got that status code while the second one
got status code 30 due to that issue with PMF existing association
check.
Furthermore, hostapd was continuing with SA Query procedure with
unencrypted Action frames in this type of case even though there was no
existing association (and obviously, not an encryption key either).
Fix this by checking that the STA entry is in associated state before
initiating SA Query procedure based on the PMF rules.
Signed-off-by: Ashok Kumar <aponnaia@codeaurora.org>
Without this patch sae_require_mfp is always activate, when ieee80211w
is set to optional all stations negotiating SAEs are being rejected when
they do not support PMF. With this patch hostapd only rejects these
stations in case sae_require_mfp is set to some value and not null.
Fixes ba3d435fe4 ("SAE: Add option to require MFP for SAE associations")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This message was printed and MSG_INFO level which would be more
reasonable for error cases where hostapd has accepted authentication.
However, this is not really an error case for the cases where
authentication was rejected (e.g., due to MAC ACL). Drop this to use
MSG_DEBUG level.
Signed-off-by: Jouni Malinen <j@w1.fi>
When Probe Request frame handling was extended to use MAC ACL through
ieee802_11_allowed_address(), the MSG_INFO level log print ("Station
<addr> not allowed to authenticate") from that function ended up getting
printed even for Probe Request frames. That was not by design and it can
result in excessive logging and MSG_INFO level if MAC ACL is used.
Fix this by printing this log entry only for authentication and
association frames. In addition, drop the priority of that log entry to
MSG_DEBUG since this is not really an unexpected behavior in most MAC
ACL use cases.
Fixes: 92eb00aec2 ("Extend ACL check for Probe Request frames")
Signed-off-by: Jouni Malinen <j@w1.fi>
With new restriction in Android, if PATH env variable doesn't have
correct path of 'am' binary, execv() fails to launch wpadebug browser
(am starts, but something seems to fail within its internal processing).
This commit is a workaround to use execve() with custom environment PATH
which includes "/system/bin;/vendor/bin" to handle the cases where
hs20-osu-client fails to launch wpadebug browser through /system/bin/am.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add a subcommand for Channel Frequency Response (CFG) Capture
Configuration and define attributes for configuring CFR capture
parameters per peer and enabling/disabling CFR capture.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This extends the last_msk testing functionality in the RADIUS server to
work with EAP-TLS based on "cert-<serial_num>" form user names in the
database.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This can be used to fetch the serial number of the peer certificate in
the EAP server. For now, this is implemented only with OpenSSL.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Extend hostapd to allow the new OSU Provider NAI List ANQP-element to be
advertised in addition to the previously used OSU Providers list
ANQP-element. The new osu_nai2 configurator parameter option is used to
specify the OSU_NAI value for the shared BSS (Single SSID) case while
osu_nai remains to be used for the separate OSU BSS.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Driver/firmware does roam scan when it finds the need to roam to a
different BSS. Add a QCA vendor event to indicate such roam scan events
from driver/firmware to user space.
Please note that some drivers may not send these events in few cases,
e.g., if the host processor is sleeping when this event is generated in
firmware to avoid undesired wakeups.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
PMKID derivation with the Suite B AKMs is a special case compared to
other AKMs since that derivation uses KCK instead of PMK as an input.
This means that the PMKSA cache entry can be added only after KCK has
been derived during 4-way handshake. This also means that PMKID would
change every time 4-way handshake is repeated even when maintaining the
same PMK (i.e., during PTK rekeying and new associations even if they
use PMKSA caching).
wpa_supplicant was previously replacing the PMKSA cache entry whenever a
new PMKID was derived. This did not match hostapd expectations on the AP
side since hostapd did not update the PMKSA cache entry after it was
created. Consequently, PMKSA caching could be used only once (assuming
no PTK rekeying happened before that). Fix this by making wpa_supplicant
behave consistently with hostapd, i.e., by adding the Suite B PMKSA
cache entries with the PMKID from the very first 4-way handshake
following PMK derivation and then not updating the PMKID.
IEEE Std 802.11-2016 is somewhat vague in this area and it seems to
allow both cases to be used (initial PMKID or any consecutive PMKID
derived from the same PMK). While both cases could be supported that
would result in significantly more complex implementation and need to
store multiple PMKID values. It looks better to clarify the standard to
explicitly note that only the first PMKID derived after PMK derivation
is used (i.e., match the existing hostapd implementation).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>