Commit graph

9332 commits

Author SHA1 Message Date
Andrei Otcheretianski
137b855092 MLO: Mechanism for fetching group key information for the links
Allow RSN authenticator to fetch the current group key information with
the keys and the last used PN/IPN/BIPN for MLO specific KDEs.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-14 11:34:58 +03:00
Ilan Peer
eb28ee20e7 MLO: Validate MLO Link KDEs in EAPOL-Key msg 2/4
Verify that the affiliated link information matches between association
(unprotected) and 4-way handshake (protected).

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-14 11:34:54 +03:00
Ilan Peer
151ac359dd MLO: Add MAC Address KDE to EAPOL-Key msg 1/4 for MLO association
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-14 11:34:12 +03:00
Andrei Otcheretianski
3102d7676b MLO: Store MLO link information in RSN Authentication
Make the MLO related information available for the RSN Authenticator
state machine to be able to perform steps needed on an AP MLD. The
actual use of this information will be in the following commits.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-14 11:34:07 +03:00
Andrei Otcheretianski
cb130bbcb9 AP: MLO: Forward link specific events to the identified link
Process Management and EAPOL frames on the correct link.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-12 23:19:14 +03:00
Andrei Otcheretianski
3613c8a96f nl80211: Use frequency to determine MLD link for MLME events
This is needed since link_id is not always available. In addition,
recognize the link address as a known address.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-12 23:13:21 +03:00
Ilan Peer
d3e20b2113 AP/driver: Add link id to the set_tx_queue_params() callback
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2023-06-12 16:34:08 +03:00
Ilan Peer
fbbca2bf16 AP: Provide the link ID for an MLD setting when setting VLAN
This is a required modification to the driver interface and driver
nl80211.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2023-06-12 16:31:00 +03:00
Andrei Otcheretianski
172b0a9a2b AP/driver: Add link ID to send EAPOL callbacks
EAPOL frames may need to be transmitted from the link address and not
MLD address. For example, in case of authentication between AP MLD and
legacy STA. Add link_id parameter to EAPOL send APIs.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-12 16:26:56 +03:00
Andrei Otcheretianski
c5271faf55 AP: Print MLD info in STATUS command
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-12 16:26:56 +03:00
Ilan Peer
d75ebe23d8 AP: Handle Management frame TX status for AP MLD address
This allows proper TX status handling when MLD addressing is used for
Management frames. Note, that the statuses are still not forwarded to
the correct link BSS. This will be handled in later commits.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2023-06-12 16:26:56 +03:00
Ilan Peer
7a9ae9f43e AP: Do not prune station when adding a link station
As otherwise the original station would be pruned.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2023-06-12 16:26:56 +03:00
Ilan Peer
5a61644fff driver: Specify link ID for 'send_mlme' and 'sta_deauth' callbacks
This is needed for the driver to know on which link it should transmit
the frames in MLO cases.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-12 16:26:49 +03:00
Jouni Malinen
64d9ba3e6e Use a shared function for setting port authorization changes
Get rid of the duplicated code for setting IEEE 802.1X port
authorization for MLD and non-MLD cases.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-06-12 15:42:52 +03:00
Ilan Peer
edacd72d95 AP: MLO: Handle IEEE 802.1X port authorization
Handle IEEE 802.1X port authorization in the context of MLO.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-12 15:36:54 +03:00
Ilan Peer
5650205342 AP: MLO: Handle deauthentication/disassociation of MLD station
When a non-AP MLD is deauthenticated/disassociated from an MLD AP, make
sure to clean up its state from all links.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-12 13:58:06 +03:00
Ilan Peer
ced69780c1 AP: Cleanup coding style for deauth/disassoc handling
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-12 13:51:01 +03:00
Ilan Peer
62fcfe8d28 AP: Move deauthentication/disassociation steps into helper functions
This is a step towards handling of deauthentication/disassociation from
an MLD AP.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-12 13:45:41 +03:00
Ilan Peer
55038680a6 AP: MLO: Handle association callback
Handle association request callback in the context of MLO.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-12 13:12:15 +03:00
Andrei Otcheretianski
408b2a5625 AP: MLO: Add Multi-Link element to (Re)Association Response frame
Add the full station profile to the Multi-Link element in the
(Re)Association Response frame. In addition, use the AP MLD's MLD MAC
address as SA/BSSID once the non-AP MLD has been added to the driver to
use address translation in the driver.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-08 23:45:15 +03:00
Andrei Otcheretianski
5f5db9366c AP: MLO: Process Multi-Link element from (Re)Association Request frame
Implement processing of the Multi-Link element in the (Re)Association
Request frame, including processing of the Per-STA Profile subelement.

After handling the basic parsing of the element and extracting the
information about the requested links, handle the link specific
processing for each link:

- Find the interface with the corresponding link ID.
- Process the station profile in the interface.
- Prepare the Per-STA Profile subelement to be included in the
  Multi-Link element in the (Re)Association Response frame.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-08 20:31:20 +03:00
Andrei Otcheretianski
d924be3bd0 AP: AID allocation for MLD
Find an AID that is unused on all the affiliated links when assigning an
AID to a non-AP MLD.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-08 18:20:04 +03:00
Andrei Otcheretianski
11a607d121 AP: Fill MLO information in struct hostapd_sta_add_params
Provide MLO information when adding a new station to the driver.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-07 21:12:47 +03:00
Andrei Otcheretianski
bcbe80a66a AP: MLO: Handle Multi-Link element during authentication
In case the AP is an AP MLD, parse the Multi-Link element from the
Authentication frame, store the relevant information, and prepare the
response Multi-Link element.

If the AP is not an AP MLD or the parsing of the element fails, continue
the authentication flow without MLD support.

For SAE, it is needed to skip various fixed fields in
the Authentication frame. Implement it for SAE with H2E.

TODO: This should be extended to other authentication algorithms which
are allowed for MLD connections and have fixed fields in the
Authentication frames, according to IEEE P802.11-REVme/D3.0, Table 9-69
(Presence of fields and elements in Authentications frames).

This commit doesn't support FILS, FT, etc.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-07 20:53:50 +03:00
Andrei Otcheretianski
f540d078c9 AP: Support building Basic Multi-Link element
Define a struct to hold MLD station info and implement publishing of the
Basic Multi-Link element. Add it into Beacon and Probe Response frames.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-07 20:23:21 +03:00
Ilan Peer
79a9df6e88 AP: Match received Management frames against MLD address
Once a station is added to the underlying driver, the driver is expected
to do address translation and use MLD addresses. Thus, when handling a
received Management frame, match it against the MLD address.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2023-06-07 20:23:21 +03:00
Ilan Peer
a213fee11d AP: MLO: Make IEEE 802.1X SM, authserv, and RADIUS client singletons
To simplify the handling of MLD stations, assume that all
interfaces/BSSs use the same IEEE 802.1X authenticator, the same RADIUS
server instance, and the same RADIUS client.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-07 20:22:46 +03:00
Andrei Otcheretianski
7b45c2e6bc nl80211: Select frame TX frequency according to the transmitting link
In MLO, multiple BSSs can transmit on different frequencies. Select
link frequencies according to the transmitter address.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-07 10:50:19 +03:00
Ilan Peer
2b541601da AP: Include an RNR element in Beacon frames for AP MLD
- Include RNR element in Beacon frames of AP MLDs.
- Whenever a new interface is added to an AP MLD, reconfigure
  the Beacon frame templates for all other interfaces, to allow
  updating their RNR elements.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2023-06-06 21:13:31 +03:00
Andrei Otcheretianski
0c6c948047 nl80211: Support setting up an AP on a specified link
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-06 20:57:03 +03:00
Andrei Otcheretianski
df3fe12c9b nl80211: Move nl80211_put_freq_params()
Move this static function to an earlier place within the file.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-06 20:52:46 +03:00
Ilan Peer
e3605e8093 driver: Allow to provide a link ID when setting a channel
This includes:

- Modifications of the driver API, to include the link ID as part
  of 'struct hostapd_freq_params'.
- Modifications to nl80211 driver.
- Modifications for the driver wrappers.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-06 20:44:25 +03:00
Andrei Otcheretianski
be44a7afd5 driver: Add MLD link id to AP parameters
To be used in later patches, e.g., for link tracking etc.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2023-06-06 20:37:07 +03:00
Andrei Otcheretianski
7fa99b3246 AP: Allow starting multiple interfaces within single MLD
Add support for including multiple hostapd interfaces in the same AP
MLD, i.e., all using the same underlying driver network interface.

To do so, when a new hostapd interface is added, if there is already
another interface using the same underlying network interface, associate
the new interface with the same private data object, instead of creating
a new one.

As some of the BSSs are non-first BSSs, meaning that they reuse the
drv_priv of the initial BSS, make sure not to double free it.

Currently multiple BSS entries are not supported so always use bss[0]
for MLD.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2023-06-06 20:30:47 +03:00
Andrei Otcheretianski
f2dd75093f AP: Add some basic MLD configuration options
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-06 20:17:23 +03:00
Benjamin Berg
1b14b38b11 nl80211: Fetch EML/MLD capabilities
Retrieve the EML capabilities as well as the MLD capabilities and ops
from nl80211 and expose them using the new driver interface
get_mld_capa().

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2023-06-06 20:11:06 +03:00
Benjamin Berg
8dffa0ccb1 AP: MLO: Retrieve EML and MLD capabilities from driver
Add a new driver API get_mld_capab() and and use it to fetch MLD and EML
capabilities.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2023-06-06 20:11:06 +03:00
Benjamin Berg
4697887df9 nl80211: Rename the per iface-type capabilities struct
We will start using this structure to also track MLD related
capabilities instead of just extended capabilities. As such, give the
structure a more generic name.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2023-06-06 20:11:06 +03:00
Pooventhiran G
0837863fbc AP: Handle 6 GHz AP state machine with NO_IR flags
AP cannot come up in channels that are marked as NO_IR. If AP moves to
HAPD_IFACE_DISABLED state, it will deinitialize the nl80211 driver
interface and sockets.

Hence, introduce a new state called HAPD_IFACE_NO_IR, for 6 GHz APs to
handle NO_IR scenarios, such as AFC, where the channels not allowed by
AFC will have HOSTAPD_CHAN_NO_IR flag set. In this state, AP is still
kept in a non-operational state (stopped) without deinitializing the
nl80211 driver interface. wiphy reg change event can then update the
channels and bring up the AP in a valid channel.

Signed-off-by: Pooventhiran G <quic_pooventh@quicinc.com>
2023-06-05 11:18:39 +03:00
Kiran Kumar Lokere
d3ed34bacd Define a QCA vendor command to configure MLO link id for TDLS
Define a QCA vendor command to configure MLO link id to the driver on
which the TDLS discovery response frame needs to be transmitted when the
local station is connected in MLO mode. This command is configured to
the driver the prior to every TDLS discover frame transmission when the
station is connected in MLO mode. If the station is connected in non-MLO
mode this command is not configured to the driver for TDLS discovery
frame transmission.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-06-01 18:36:37 +03:00
Veerendranath Jakkam
8e16372cff Indicate link reconfiguration with QCA vendor interface
Add support to indicate link reconfiguration event reported by the QCA
vendor interface to the wpa_supplicant control interface.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-06-01 18:21:13 +03:00
Shivani Baranwal
7b9070229d Indicate TID to link mapping changes with QCA vendor interface
Add support to indicate TID-to-link mapping changes reported by the QCA
vendor interface to the wpa_supplicant control interface.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2023-06-01 18:12:03 +03:00
Sai Pratyusha Magam
4120f9d7ab PASN: Introduce configuration option to allow/deny PASN-UNAUTH
Per IEEE P802.11az/D7.0, 12.12.3.2 (PASN Frame Construction and
Processing), responder should REFUSE PASN authentication frame 1 with
Base AKM as PASN AKM if dot11NoAuthPASNActivated is false. That
configuration was not previously available and hostapd was hardcoded
with dot11NoAuthPASNActivated being true.

Allow this to be configured and reject PASN authentication frame 1 from
initiator if pasn_noauth=0 and Base AKM in RSNE of this frame is PASN.
The default value for pasn_noauth is 1 to maintain previous
functionality even though the dot11NoAuthPASNActivated is defined to
have default value of false.

Signed-off-by: Sai Pratyusha Magam <quic_smagam@quicinc.com>
2023-05-25 22:54:12 +03:00
Ainy Kumari
fc681995cf Increase MAX_NL80211_NOISE_FREQS in survey dump handler for 6 GHz
The current value of 50 is not sufficient for getting survey info for
all the frequencies when the 6 GHz band is enabled. Increase the limit
to 100 to be able to receive survey info for 6 GHz frequencies also.

Signed-off-by: Ainy Kumari <quic_ainykuma@quicinc.com>
2023-05-25 18:58:20 +03:00
Shivani Baranwal
57386a647a Add QCA vendor command to indicate STA MLD setup links removal
Add a new vendor command and attributes to indicate STA MLD setup links
removal.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2023-05-25 17:27:27 +03:00
Shivani Baranwal
527cf095fe Add QCA vendor command to notify TID-to-Link mapping changes
Add a new vendor command and attributes to notify TID-to-link mapping
changes to the userspace.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2023-05-25 17:22:04 +03:00
Sathishkumar Muruganandam
a1601aaa66 WPS: Fix multi-ap fronthaul association
Setting 4addr mode on fronthaul BSS breaks WPS association on backhaul
STA which is still on 3addr mode.

Fix the interop issue by not setting 4addr mode on fronthaul BSS with
WPS instead of setting by default for multi-ap case.

Fronthaul BSS for non-WPS STA shall continue to use 4addr mode.

Signed-off-by: Sathishkumar Muruganandam <quic_murugana@quicinc.com>
2023-05-25 17:16:31 +03:00
Adil Saeed Musthafa
2885660318 Store pmk_r1_name derived with wpa_ft_local_derive_pmk_r1() properly
The parameter req_pmk_r1_name was not used at all in the function
wpa_ft_local_derive_pmk_r1(). In addition, the PMK-R1-NAME should be
updated in this function along with the PMK-R1. This means the parameter
should change from "req_pmk_r1_name" to "out_pmk_r1_name" to match the
design used for other paths that derive the PMK-R1.

sm->pmk_r1_name needs to be properly updated when pmk_r1_name is derived
from the local pmk_r0.

Signed-off-by: Adil Saeed Musthafa <quic_adilm@quicinc.com>
2023-05-25 17:11:59 +03:00
Adil Saeed Musthafa
e978072baa Do prune_association only after the STA is authorized
Prune-associations should be done only after the new station is
authorized. Otherwise any STA can cause denial of service to connected
stations in PMF case when more than a single interface is being
controlled by the same hostapd process.

Signed-off-by: Adil Saeed Musthafa <quic_adilm@quicinc.com>
2023-05-25 17:08:57 +03:00
Kiran Kumar Lokere
a2c09eb95e Define a QCA vendor attribute to update the CTS channel width
Define a new QCA vendor attribute to configure channel bandwidth to the
driver for CTS frame transmission. This is used for testing purposes.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-05-22 20:05:48 +03:00
Purushottam Kushwaha
e49c3df630 Add a new driver feature flag for enhanced audio experience over WLAN
Add QCA_WLAN_VENDOR_FEATURE_ENHANCED_AUDIO_EXPERIENCE_OVER_WLAN in
enum qca_wlan_vendor_features to indicate the device supports enhanced
audio experience over WLAN feature.

Also, update the documentation where other subcommand(s) or attribute(s)
require this new feature flag. These subcommand(s) and attributes are
under development and would be restricted to the supported drivers
advertising QCA_WLAN_VENDOR_FEATURE_ENHANCED_AUDIO_EXPERIENCE_OVER_WLAN.
As such, it is still acceptable to introduce a new requirement for the
previously defined interface.

Signed-off-by: Purushottam Kushwaha <quic_pkushwah@quicinc.com>
2023-05-22 20:02:01 +03:00
Gururaj Pandurangi
cc8a09a48a Add vendor attributes for forcing MLO power save and STR TX
Add vendor attributes for EHT testbed STA configuration.
This includes enabling STR MLMR mode and forcing power save
on active MLO links for a defined number of beacon periods.

Signed-off-by: Gururaj Pandurangi <quic_panduran@quicinc.com>
2023-05-04 18:20:59 +03:00
Gururaj Pandurangi
c0e12a5183 Add vendor attributes for EHT OM control, EMLSR padding delay
Add vendor attributes related to MLO and EMLSR mode
capability configuration for EHT testbed STA. It includes
EHT OM control support and EMLSR padding delay configuration.
Also, generalise the naming of HE OMI control enumeration to
OMI control as it now consists of both HE and EHT OMI control
fields.

Signed-off-by: Gururaj Pandurangi <quic_panduran@quicinc.com>
2023-05-04 18:02:02 +03:00
Jouni Malinen
386d59e00d Do not disconnect EAPOL-Logoff before authentication
Some station devices are apparently sending the EAPOL-Logoff message in
some cases before the initial authentication for WPA2/WPA3-Enterprise.
hostapd would have forced a "post EAP-Failure" disconnection in 10 ms
for such cases while still allowing the EAP authentication to try to
complete.

This is not ideal and could result in interoperability issues, so skip
the forced disconnection in the particular case where the EAPOL-Logoff
message is received before the first authentication is completed.

In addition, disconnect the STA without starting new EAP authentication
and the 10 ms delay if an EAPOL-Logoff message is received after
authentication has been completed successfully. This results in cleaner
behavior by avoiding the extra start of a new EAP authentication in a
case where the STA is going to be disconnected shortly.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-05-04 11:10:16 +03:00
Gururaj Pandurangi
397d432f60 Add vendor attributes for MLO link active, EMLSR entry/exit
Add vendor attributes related to MLO and EMLSR mode
capability configuration for EHT DUT. This includes forcing
active MLO links and invoking EMLSR mode entry or exit.

Signed-off-by: Gururaj Pandurangi <quic_panduran@quicinc.com>
2023-04-28 10:39:55 +03:00
Jouni Malinen
5d285040d6 Rename VHT elements to match the standard
Some of the information elements added in IEEE Std 802.11ax-2013 for VHT
purposes have since then been taken into use for other cases and renamed
to remove the "VHT" prefix in the standard. Update the defines for those
elements in the implementation to match the names used in the current
standard.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-04-26 23:10:03 +03:00
Ramya Gnanasekar
8f8f68ba67 hostapd: Support channel switch to 320 MHz channels
Add validatation of center frequency, and filling of appropriate
bandwidth in the channel switch wrapper when the channel switch is done
to a 320 MHz channel.

Signed-off-by: Ramya Gnanasekar <quic_rgnanase@quicinc.com>
2023-04-26 23:10:03 +03:00
Jouni Malinen
4d0743d5e5 Fix file mode bits
The execute bits were not supposed to be added to a source code file.

Fixes: 927dbfb453 ("Fix 40 MHz channel bringup with ACS on the 6 GHz band")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-04-26 23:10:03 +03:00
Jouni Malinen
d930211bdd Select 6 GHz mode correctly for ACS cases
Use the op_class configuration to determine whether to select the 5 GHz
or 6 GHz mode for ACS. Without this, the first mode (5 GHz in most
cases) would have been selected regardless of the op_class value.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-04-25 17:29:46 +03:00
Hari Chandrakanthan
927dbfb453 Fix 40 MHz channel bringup with ACS on the 6 GHz band
When AP is brought up in HE40/EHT40 with ACS, the AP comes up with 20
MHz bandwidth. It is expected to come up with 40 MHz bandwidth.

conf->secondary_channel does not hold the correct value and it leads to
choosing 20 MHz in hostapd_set_freq_params(). conf->secondary_channel is
filled using the hostapd config he_oper_centr_freq_seg0_idx. When AP is
configured to use ACS, the hostapd config he_oper_centr_freq_seg0_idx is
not valid as the channel is not known during bring up. So using the
config he_oper_centr_freq_seg0_idx to fill the conf->secondary_channel
does not work with ACS.

Use op_class to determine the bandwidth and based on the bandwidth fill
the conf->secondary_channel to address this ACS case.

Signed-off-by: Hari Chandrakanthan <quic_haric@quicinc.com>
2023-04-25 17:05:52 +03:00
Jouni Malinen
566ab39a72 tests: KDK derivation based on Secure LTF capability
This adds more production-like testing coverage for KDK derivation. Both
SAE and OWE transition mode are covered. The latter has some corner
cases that did not work correctly previously.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-04-25 12:08:12 +03:00
Xinyue Ling
f54ce74335 Fix determining mode for 6 GHz band when using hw_mode=any
When 6 GHz band is specified and hw_mode parameter is set to any,
hostapd_determine_mode() may determine the wrong mode because there are
two hw modes (5 GHz and 6 GHz) with HOSTAPD_MODE_IEEE80211A. This will
cause 6 GHz AP to fail to start. Fix this by adding a check similar to
the changes in commit 99cd453720 ("hw_feature: Correctly select mode
in case of the 6 GHz band") into hostapd_determine_mode().

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-04-21 21:15:00 +03:00
Shivani Baranwal
5b568b21ae Add support to fetch link layer stats per MLO link
IEEE 802.11be enables multiple links between STA and AP. Each of the
link has its own set of statistics. Add additional attributes required
to fetch link layer statistics per MLO link.

For MLO connection, per MLO link statistics will be sent with the new
attribute QCA_WLAN_VENDOR_ATTR_LL_STATS_MLO_LINK. Also, cumulative
statistics of all the MLO links will be sent outside
QCA_WLAN_VENDOR_ATTR_LL_STATS_MLO_LINK to be compatible with legacy user
space.

For non-MLO connection, the statistics will be sent without being nested
inside QCA_WLAN_VENDOR_ATTR_LL_STATS_MLO_LINK attribute.

Co-authored-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2023-04-20 10:55:50 +03:00
Shivani Baranwal
6422b0d72d Fix vendor attribute numbering and relocate attribute accordingly
The attributes QCA_WLAN_VENDOR_ATTR_LL_STATS_PAD and
QCA_WLAN_VENDOR_ATTR_LL_STATS_IFACE_NF_CAL_VAL were allocated the same
attribute number in error. QCA_WLAN_VENDOR_ATTR_LL_STATS_PAD attribute
is known to not be used; thus, it is safe to be renumbered.

Fixes: 1491fc64a8 ("Define QCA vendor per-enum 64-bit pad attributes")
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2023-04-20 10:44:24 +03:00
Chunquan Luo
c858a6360b Add a vendor specific roam status of background scan abort
When user space triggers a scan, the firmware aborts background scan,
and uses the roam status QCA_ROAM_FAIL_REASON_CURR_AP_STILL_OK instead
of "Invalid roam failures reason".

Signed-off-by: Chunquan Luo <quic_chunquan@quicinc.com>
2023-04-20 10:37:52 +03:00
Aditya Kodukula
b171c5e4d5 Update QCA LL_STATS vendor command
Define bitmap values used by LL_STATS vendor command
and update the corresponding kernel documentation.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-04-19 11:56:56 +03:00
Xin Deng
f8931fcbaf hostapd: Restore the flow of set beacon and WPA key init
hostapd start AP flow changed in commit 931e5d4f9e. However, that
could cause a regression in a legacy AP driver where the set key
operation for GTK, IGTK, and BIGTK before AP start (set beacon) would
cause the driver to ignore the key set command. Restore the flow of the
set beacon and WPA key init operations to make sure drivers can receive
and set group keys correctly.

Fixes: 931e5d4f9e ("mbssid: Configure all BSSes before beacon setup")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-04-19 11:47:52 +03:00
Veerendranath Jakkam
9932ff30c4 Allowed frequency list configuration for AP operation
Add support to configure the allowed frequency list for AP operation
using a QCA vendor interface before NL80211_CMD_NEW_BEACON/
NL80211_CMD_START_AP. hostapd generates the allowed frequency list by
intersecting user configured frequency list and all the frequencies
advertised by the driver including disabled channels. If user doesn't
specify allowed frequency list, all the frequencies advertised by the
driver, including disabled channels, will be configured.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-04-19 11:32:07 +03:00
Jouni Malinen
07a7bcd7ea WMM: Advertise support for 16 PTKSA replay counters for non-AP STA
In theory, each device that supports WMM (or the IEEE 802.11 QoS for
that matter) is expected to advertise how many replay counters it
supports and the peer device is supposed to use that information to
restrict the total number of different MSDU priorities (AC/UP) that
might be used. In practice, this is not really done in deployed devices
and instead, it is just assumed that everyone supports the eight
different replay counters so that there is no need to restrict which
MSDU priorities can be used.

hostapd implementation of WMM has advertised support for 16 PTKSA replay
counters from the beginning while wpa_supplicant has not had any code
for setting the supported replay counter fields in RSNE, i.e., has left
the value to 0 which implies that only a single replay counter is
supported. While this does not really result in any real issues with
deployed devices, this is not really correct behavior based on the
current IEEE 802.11 standard and the WMM specification.

Update wpa_supplicant to use similar design to the hostapd RSNE
generation by setting the number of supported PTKSA replay counters to
16 whenever WMM is enabled. For now, this is done based on the
association being for HT/VHT/HE/EHT and also based on the AP supporting
WMM since it is much more likely for the local device to support WMM and
eight replay counters (which can be indicated only with the value that
implies support for 16 counters since there is no separate value for 8).

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-04-18 11:40:10 +03:00
Aloka Dixit
ac54b61273 nl80211: Support for RNR elements
Add new nested netlink attribute, NL80211_ATTR_EMA_RNR_ELEMS, to send
the reduced neighbor report (RNR) elements to the driver when EMA is
enabled. This attribute includes the count of RNR elements and data at
each index. While generating EMA beacons, the driver will include RNR
group at a given index along with MBSSID group. The last element, if
present, has RNR data common for all EMA beacons such as neighbor APs.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
2023-04-18 11:39:32 +03:00
Aloka Dixit
5d06acefdd RNR: Add elements by default for EMA AP
As per IEEE Std 802.11ax-2021, 11.1.3.8.3 Discovery of
a nontransmitted BSSID profile, an EMA AP that transmits a Beacon
frame carrying a partial list of nontransmitted BSSID profiles
should include in the frame a Reduced Neighbor Report element
carrying information for at least the nontransmitted BSSIDs that
are not present in the Multiple BSSID element carried in that frame.

Add this support by splitting the reduced neighbor report (RNR) in as
many elements as the number of multiple BSSID elements. Each RNR element
excludes the non-transmitting profiles already included in the MBSSID
element at the same index. If present, the last additional group will
have the data common for all EMA beacons such as neighbor AP information
gathered through neighbor reports.

The hwsim test case he_ap_ema demonstrates this support.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
2023-04-18 11:35:06 +03:00
Aloka Dixit
8f1d384197 RNR: Skip interfaces on the same radio for MBSSID
Do not include interfaces on the same radio in reduced neighbor
report elements (RNR) as multiple BSSID elements from the same
management frame already include these if MBSSID feature is enabled.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
2023-04-18 11:14:07 +03:00
Jouni Malinen
921f82cf18 Sync with wireless-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2023-03-30.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-04-06 13:03:23 +03:00
Veerendranath Jakkam
302d761a85 Add QCA vendor feature flag for allowed frequency list
Add a vendor feature flag for the driver to indicate support for allowed
frequency configuration in AP mode.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-04-03 23:09:07 +03:00
Ainy Kumari
44c38af04f Add QCA vendor interface to get connected channels utilization
Add a new vendor command to trigger computation of connected channel
statistics such as channel utilization in STA mode.

Signed-off-by: Ainy Kumari <quic_ainykuma@quicinc.com>
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-04-03 23:04:13 +03:00
Veerendranath Jakkam
bb4560252d Add QCA vendor attribute to configure list of allowed frequencies for AP
Define a new attribute QCA_WLAN_VENDOR_ATTR_CONFIG_AP_ALLOWED_FREQ_LIST
to configure the full list of allowed frequencies for the AP operation.
The configuration is valid only from the next BSS start until the BSS is
stopped. The drivers shall filter out channels on top of this list of
channels based on regulatory or other constraints. This can be used to
specify user's choice of frequencies, allowed list of channels with
static puncturing feature, etc.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-04-03 23:00:00 +03:00
Jouni Malinen
0059fa5bae 6 GHz: Fix secondary channel setting
center_idx_to_bw_6ghz() does not return the bandwidth in MHz and as
such, the check here against 20 (MHz) is never true. The returned value
is greater than 0 for the over 20 MHz cases.

Fixes: 15742566fd ("6 GHz: Fix operating class in Supported Operating Classes element")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-03-29 18:25:37 +03:00
Jouni Malinen
d17fca576c OpenSSL: Add TLS 1.3 signature algorithms for Suite B
These are needed to allow the Suite B 192-bit negotiation to succeed
when using TLS 1.3 (which is still disabled by default).

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-03-22 23:58:47 +02:00
Ainy Kumari
cf8f13ac85 Add support to send 320 MHz bandwidth through vendor subcmd
Extend QCA_WLAN_VENDOR_ATTR_CONFIG_CHANNEL_WIDTH to configure 320 MHz
bandwidth to the driver/firmware.

Signed-off-by: Ainy Kumari <quic_ainykuma@quicinc.com>
2023-03-22 16:31:36 +02:00
Aloka Dixit
a0403c0239 EHT: Validate the puncturing bitmap for ACS
Validate the generated puncturing bitmap against non-OFDMA patterns.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
2023-03-17 19:49:57 +02:00
Aloka Dixit
af0f60e7dd EHT: Calculate puncturing bitmap for ACS
Generate puncturing bitmap after the ideal channel selection using
the threshold.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
2023-03-17 19:49:57 +02:00
Aloka Dixit
f3206fbe94 EHT: Configuration option for ACS puncturing threshold
Add a new option 'punct_acs_threshold' where the value indicates
the percentage of ideal channel average interference factor above
which a channel should be punctured. Default is set to 0 which disables
the puncturing for ACS.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
2023-03-17 19:49:57 +02:00
Aloka Dixit
e3621867c5 EHT: Process puncturing bitmap from channel switch event
Retrieve the puncturing bitmap sent by the driver in channel switch
events and add a new member punct_bitmap in struct ch_switch to store
it.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
2023-03-17 19:49:57 +02:00
Aloka Dixit
e277e577c8 nl80211: Send EHT puncturing bitmap to the driver for switch command
Propagate puncturing bitmap from the channel switch command to the driver.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
2023-03-17 19:49:57 +02:00
Aloka Dixit
29a882bed3 EHT: Configure puncturing bitmap during channel switch
Parse, validate, and configure puncturing bitmap if provided in the
channel switch command.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
2023-03-17 19:49:54 +02:00
Aloka Dixit
4942b19fff EHT: Send puncturing bitmap to the driver for AP bring up
Send the user configured puncturing bitmap to the driver.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Muna Sinada <quic_msinada@quicinc.com>
2023-03-17 19:46:24 +02:00
Muna Sinada
f9fc2eabbd EHT: Add puncturing bitmap to EHT Operation element
Add preamble puncturing bitmap to the EHT Operation element as per IEEE
P802.11be/D3.0, Figure 9-1002c (EHT Operation Information field format).
Bits set to 1 indicate that the subchannel is punctured, otherwise
active.

Signed-off-by: Muna Sinada <quic_msinada@quicinc.com>
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Balamurugan Mahalingam <quic_bmahalin@quicinc.com>
2023-03-17 19:46:24 +02:00
Aloka Dixit
46a5d989d4 EHT: Downgrade bandwidths for VHT and HE when using puncturing
Legacy modes (VHT, HE) should advertise downgraded bandwidth if
RU puncturing is enabled in EHT mode. This is required for the legacy
stations which cannot parse the EHT Operation elements hence do not
support EHT RU puncturing.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Ramanathan Choodamani <quic_rchoodam@quicinc.com>
2023-03-17 19:46:24 +02:00
Aloka Dixit
7618269ec6 EHT: Validate puncturing bitmap
Validate preamble puncturing bitmap.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
2023-03-17 18:54:50 +02:00
Muna Sinada
9102fda31f EHT: Add configuration option for puncturing in AP mode
Add a new option to configure the disabled subchannel bitmap as per
IEEE P802.11be/D3.0, Figure 9-1002c (EHT Operation Information
field format).

Signed-off-by: Muna Sinada <quic_msinada@quicinc.com>
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
2023-03-17 11:06:20 +02:00
Aloka Dixit
9e79439fcb nl80211: Retrieve driver support for EHT puncturing
Retrieve the driver support for preamble puncturing.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Muna Sinada <quic_msinada@quicinc.com>
2023-03-15 22:07:29 +02:00
Jouni Malinen
507be376cd Sync with wireless-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2023-03-07.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-03-15 11:46:03 +02:00
Aloka Dixit
591256a8c6 FILS: 320 MHz support in FD frame
Indicate 320 MHz channel width in FILS discovery frame if applicable.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
2023-03-14 11:27:43 +02:00
Aloka Dixit
903e3a1e62 FILS: Fix maximum NSS calculation for FD frame
Maximum NSS calculation assumed the host to be little endian while
retrieving MCS values from HE capabilities which is incorrect. Use
WPA_GET_LE16() instead.

Add a check for HE as the current NSS calculation assumes HE support.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
2023-03-14 11:27:00 +02:00
Aloka Dixit
ecae45ff66 FILS: Make HE a requirement for FILS discovery
FILS discovery frame generation currently assumes HE support for
calculating the number of spatial streams. Add a check to reject
the configuration if the feature is enabled without enabling HE.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
2023-03-14 11:15:06 +02:00
Pooventhiran G
4e86692ff1 AP: Fix 6 GHz AP setup after disable-enable
Once ACS picks a channel, iface->freq and iface->conf->channel are
updated. So, AP comes up in the last operating channel when 'ENABLED'
after 'DISABLED' though ACS is configured.

But this will fail for 6 GHz APs since configured_fixed_chan_to_freq()
checks if iface->conf->channel is filled or not irrespective of ACS
configuration, and the checks inside configured_fixed_chan_to_freq()
fail the AP setup. Fix this by clearing iface->freq and
iface->conf->channel in AP setup for ACS configuration.

Fixes: bb781c763f ("AP: Populate iface->freq before starting AP")
Signed-off-by: Pooventhiran G <quic_pooventh@quicinc.com>
2023-03-09 21:00:43 +02:00
Chenming Huang
a34b8477a7 ml80211: Put wiphy idx to obtain correct country code
If wiphy idx not provided, kernel returns global reg domain when
processing NL80211_CMD_GET_REG. To obtain the correct country code for
the self-managed regulatory cases, put wiphy idx into nl_msg when
sending this command to kernel.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-03-09 20:59:20 +02:00
Jeff Johnson
1491fc64a8 Define QCA vendor per-enum 64-bit pad attributes
When writing 64-bit attributes into the netlink buffer, senders may
add a padding attribute to allow the payload of the 64-bit attribute
to be 64-bit aligned. For QCA vendor attributes, currently the
attribute QCA_WLAN_VENDOR_ATTR_PAD in enum qca_wlan_vendor_attr is
defined for this purpose.

Unfortunately, when adding attributes to the netlink buffer, all
attributes at a given level of nesting must be defined in the same
enum so that they can be unambiguously parsed. This means that
QCA_WLAN_VENDOR_ATTR_PAD can only be used to pad 64-bit attributes
defined in enum qca_wlan_vendor_attr.

There are many other QCA vendor enums which define 64-bit attributes,
so add a pad attribute to all of them so that the 64-bit attributes
can be unambiguously padded.

Signed-off-by: Jeff Johnson <quic_jjohnson@quicinc.com>
2023-03-09 20:56:20 +02:00
Jingxiang Ge
55e31699e9 qca-vendor: Add QCA_WLAN_VENDOR_ATTR_LL_STATS_IFACE_NF_CAL_VAL
Add QCA_WLAN_VENDOR_ATTR_LL_STATS_IFACE_NF_CAL_VAL attribute
for noise floor calibration value.

Signed-off-by: Jingxiang Ge <quic_jge@quicinc.com>
2023-03-09 20:43:36 +02:00
Shivani Baranwal
b1f85957c4 Add QCA vendor commands to set and get MLO links state information
Add a new vendor command and attributes to control and fetch the state
information of the MLO links affiliated with a specific interface.

This will enable user space to dynamically control the MLO links states
based on the latency, throughput and power save requirements.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2023-03-09 20:43:14 +02:00
Ilan Peer
c4cb62ca8e WPA_AUTH: MLO: Add functions to get the AA and SPA
As a preparation to use AP MLD address and non-AP MLD address
in the RSN Authenticator state machine, add utility functions to
get the current AA and SPA.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-03-07 23:54:50 +02:00
Ilan Peer
cab963e9f8 AP: Split check_assoc_ies()
As a preparation for processing an association request with
ML element, split the function such that the elements checking
would be separate from parsing.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-03-07 23:46:18 +02:00
Ilan Peer
7a7a2256c0 common: Support parsing link specific association request
An association request in the context of an MLO connection can
contain an ML element that holds the per station profile for
the additional links negotiated. To support this, add a function
to parse the per station profile.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-03-07 22:03:40 +02:00
Ilan Peer
b39e356931 common: Add support for clearing elements
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2023-03-07 21:48:22 +02:00
Ilan Peer
0b2fc42686 common: Split ieee8021_parse_elems()
As a preparation to parse management frames that include ML elements
with per station profiles, split the function to a helper function that
would not memset() the elements structure.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2023-03-07 21:46:09 +02:00
Andrei Otcheretianski
df6561ec06 nl80211: AP MLD support for adding multi link stations
Multi link stations are represented in the kernel using a single
station with multiple links and the first ADD_STA command also
creates the first link. Subsequent links should be added with
LINK_ADD commands.

Implement this logic and provide the required MLD information per
station/link.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-03-07 21:43:41 +02:00
Andrei Otcheretianski
b8b4ceb8d6 nl80211: Properly stop and deinit MLO AP
Delete all the links and stop beaconing on all the links on AP
deinit/stop.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-03-07 21:35:06 +02:00
Andrei Otcheretianski
2f8fc46ede nl80211: Provide link_id in EAPOL_RX and RX_MGMT events
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-03-07 21:28:49 +02:00
Ilan Peer
821374d43a nl80211: Introduce and implement a callback to add an MLO link for AP MLD
Add a driver callback to add a link to an AP interface.
As the kernel removes all links on underline interface removal, there
is currently no need to support individual link removal.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-03-07 21:15:00 +02:00
Ilan Peer
47269be36e nl80211: Refactor i802_bss to support multiple links
Refactor struct i802_bss to support multiple links as a
preparation to support MLD AP.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2023-03-07 21:06:25 +02:00
Anthony Refuerzo
eb146ee804 AP: Add some bridge port attribute settings
"multicast_to_unicast" and "hairpin_mode" are usually set outside of
hostapd. However, DFS channel change events pull the BSS out of the
bridge causing these attributes to be lost. Make these settings tunable
within hostapd so they are retained after the BSS is brought up again.

Signed-off-by: Anthony Refuerzo <anthony96922@gmail.com>
2023-03-01 10:50:07 +02:00
Jouni Malinen
f628e6b30e nl80211: Make sure scan frequency debug buffer is NUL terminated
In theory, os_snprintf() could have filled the buffer to the end and
while the pos variable would not have been incremented beyond that,
there would not necessarily be a NUL termination at the end. Force the
array to end in NUL just in case.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-03-01 10:38:02 +02:00
Avraham Stern
41d23254b9 nl80211: Fix frequencies array boundary check for scanned frequencies
The number of frequencies is increased before the boundary check,
thus it should be allowed to be equal to the number of elements in
the array. Update the limit to allow the full array to be used.

In addition, add the missing byte for the NULL terminator for the debug
print to be able to fit all values (assuming they are <= 9999 MHz).

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2023-03-01 10:36:04 +02:00
Jouni Malinen
bfd236df21 webkit2: Avoid deprecated function call
webkit_web_context_set_tls_errors_policy() has been deprecated. Use its
replacement webkit_website_data_manager_set_tls_errors_policy() when
building against sufficiently recent version of webkit2.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-23 16:30:04 +02:00
Shivani Baranwal
2c32026827 P2P: Filter out 6 GHz frequencies if not allowed for P2P connection
Add check to filter out 6 GHz frequencies from the local driver
frequency preference list when 6 GHz is not allowed for the P2P
connection. Earlier, 6 GHz frequency channels were included in the
preferred list if the p2p_6ghz_disable parameter was not set
irrespective of the allow_6ghz parameter.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2023-02-23 13:20:50 +02:00
Avraham Stern
6b9c86466c nl80211: Replace the channel flags for VHT support
The flags that indicate that a channel is allowed for 80/160 MHz use
are divided according to the position of the control channel (e.g.,
HOSTAPD_CHAN_VHT_10_70, HOSTAPD_CHAN_VHT_30_50, etc.).

However, the position of the control channel does not add any extra
regulatory information because when trying to use a 80/160 MHz channel
all the desired bandwidth has to be allowed for 80/160 MHz use,
regardless of the control channel position.

In addition, these flags are set only if the driver reports one
regulatory rule that allows the entire 80/160 MHz bandwidth.
However, even when a 80/160 MHz channel is allowed, in some cases the
bandwidth will be split into several regulatory rules because
different segments of the bandwidth differ in other flags (that don't
affect the use of the bandwidth for VHT channels). So, in such cases
these flags will not be set, although VHT channels are allowed.

As the result, VHT channels will not be used although they are allowed
by the regulatory domain.

Fix this by introducing new flags that indicate if a 2 0MHz channel is
allowed to be used as a part of a wider (80/160 MHz) channel.
The new flags are set for each 20 MHz channel independently and thus
will be set even if the regulatory rules for the bandwidth are split.

A 80/160 MHz channel is allowed if all its 20 MHz sub-channels are
allowed for 80/160 MHz usage.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-02-22 21:44:09 +02:00
Jouni Malinen
6f63aca7b1 DPP: Allow both STA and AP configObject to be set
Extend @CONF-OBJ-SEP@ behavior to allow the second entry to be used for
different netRole. In other words, allow both the AP and STA netRole
(though, only a single one per netRole) configuration to be set.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-22 17:07:07 +02:00
Jouni Malinen
7292e30b7f DPP: Fix @CONF-OBJ-SEP@ parsing for multiple configs
The first call to dpp_configuration_parse_helper() was supposed to use
the separately prepared tmp string with only the first configuration
entry, but it ended up using the full string that included both
configuration entries. This could result in the first configObject
getting a mix of parameters from both entries.

Fix the parsing to use only the text before the @CONF-OBJ-SEP@ separator
for the first entry.

Fixes: 7eb06a3369 ("DPP2: Allow multiple Config Objects to be build on Configurator")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-22 17:01:58 +02:00
Harshitha Prem
b3921db426 nl80211: Add frequency info in start AP command
When ACS is configured in multiple BSS case, sometimes a virtual AP
interface does not come up as the channel context information between
different BSSs of the same band does not match.

Same behavior is observed in case of multiple band/hardware under a
single wiphy, when we bring up multiple virtual interface in various
bands simultaneously and the kernel maps a random channel as it has more
than one channel context, e.g., say a 2.4 GHz channel to a 5 GHz virtual
AP interface when the start AP command is sent. This is because the
frequency information is not present in the command.

Add the frequency information into the start AP netlink command so that
the kernel maps the appropriate channel context by parsing it instead of
using a previous set channel information.

Signed-off-by: Harshitha Prem <quic_hprem@quicinc.com>
2023-02-22 13:10:49 +02:00
Emeel Hakim
40c1396644 macsec_linux: Add support for MACsec hardware offload
This uses libnl3 to communicate with the macsec module available on
Linux. A recent enough version of libnl is needed for the hardware
offload support.

Signed-off-by: Emeel Hakim <ehakim@nvidia.com>
2023-02-21 19:26:59 +02:00
Emeel Hakim
6d24673ab8 mka: Allow configuration of MACsec hardware offload
Add new configuration parameter macsec_offload to allow user to set up
MACsec hardware offload feature.

Signed-off-by: Emeel Hakim <ehakim@nvidia.com>
2023-02-21 19:26:47 +02:00
Antonio Prcela
3081a9cb62 hostapd: Output country_code and country3 when using STATUS
Add the country_code and country3 config parameter to the STATUS output
to easier determine the current values for each of an hostapd
access point. Currently neither STATUS, GET [country_code/country3] nor
GET_CONFIG output it.

This is useful if the hostapd access point has been created with
wpa_ctrl_request() without using a *.conf file (like hostapd.conf).

Signed-off-by: Antonio Prcela <antonio.prcela@gmail.com>
Signed-off-by: Antonio Prcela <antonio.prcela@sartura.hr>
2023-02-21 17:33:03 +02:00
Jouni Malinen
91ad7a3098 FT: Store PTKSA entry for the correct BSSID in the FT protocol case
sm->bssid has not yet been updated here, so use the provided bssid
instead. This avoids replacing the PTKSA entry for the previous AP when
a new PTKSA is being stored while using the FT protocol.

Fixes: d70060f966 ("WPA: Add PTKSA cache to wpa_supplicant for PASN")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-21 17:27:29 +02:00
Jouni Malinen
3f3e356fa0 Mark addr argument to storing PTKSA const
This is not being modified, so mark it const to be more flexible for the
caller.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-21 17:27:29 +02:00
Jouni Malinen
242c3ad990 FT: Store PTKSA from FT protocol
PTKSA was stored for the 4-way handshake and FILS cases, but not when it
was being derived through the use of the FT protocol.

Fixes: f2f8e4f458 ("Add PTKSA cache to hostapd")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-21 17:21:52 +02:00
Jouni Malinen
ba6954874e Mark wpa_auth_remove_ptksa() static
This function is not used outside wpa_auth.c and it is not mentioned in
any header file either, so it should have been marked static.

Fixes: f2f8e4f458 ("Add PTKSA cache to hostapd")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-21 17:21:52 +02:00
Shiva Sankar Gajula
3b1ad1334a FT: Include KDK in FT specific PTK derivation on the AP
FT AP was silently ignoring EAPOL-Key msg 2/4 due to Key MIC mismatch
when the STA advertises support for Secure LTF and derives the KDK while
the AP implementation did not derive KDK.

Fix this to include KDK while deriving PTK for FT cases on the AP.

Signed-off-by: Shiva Sankar Gajula <quic_sgajula@quicinc.com>
2023-02-21 16:54:10 +02:00
David Ruth
870a5bdc07 nl80211: Report guard interval and dual carrier modulation
Allows collecting and exposing more information about the station's
current connection from the kernel to the connection manager.

* Add an enum to represent guard interval settings to driver.h.
* Add fields for storing guard interval and dual carrier modulation
  information into the hostap_sta_driver_data struct.
* Add bitmask values indicating the presence of fields.
  * STA_DRV_DATA_TX_HE_DCM
  * STA_DRV_DATA_RX_HE_DCM
  * STA_DRV_DATA_TX_HE_GI
  * STA_DRV_DATA_RX_HE_GI
* Retrieve NL80211_RATE_INFO_HE_GI and NL80211_RATE_INFO_HE_DCM in
  get_sta_handler(), and set appropriate flags.

Signed-off-by: David Ruth <druth@chromium.org>
2023-02-21 14:01:47 +02:00
Ayala Beker
691f729d5d P2P: Make invitation flow less aggressive
Currently invitation request wait time is very long and not needed for
sending a single Action frame only. To not interfere with other parallel
channel activities, decrease the wait time to to 150 ms in case of an
active P2P GO on the system.

In addition, if a P2P GO tries to invite a client that doesn't respond,
it will attempt to invite again after 100 ms. This is too aggressive and
may result in missing beacon transmission and affecting GO activity on
its operating channel. Increase the timeout to 120 ms, to allow enough
time for beacon transmission.

Signed-off-by: Ayala Beker <ayala.beker@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-02-21 11:19:15 +02:00
Yi-Chia Hsieh
faa4102926 WNM: Event report handling for BSS color collision and in-use
Add support for WNM event report handling for the BSS color collision
and in use events.

Co-developed-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Yi-Chia Hsieh <yi-chia.hsieh@mediatek.com>
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
2023-02-20 22:00:13 +02:00
Antonio Prcela
ec02a0e936 hostapd: Output hw_mode when using STATUS
Adding the hw_mode config parameter to the STATUS output to easier
determine the current hw_mode of an hostapd access-point. Currently
neither STATUS, GET hw_mode, nor GET_CONFIG output it.

Useful if the hostapd access point has been created with
wpa_ctrl_request() without using a *.conf file, like hostapd.conf.

Signed-off-by: Antonio Prcela <antonio.prcela@gmail.com>
Signed-off-by: Antonio Prcela <antonio.prcela@sartura.hr>
2023-02-20 19:38:02 +02:00
Yihong Wu
390e24c6cb EAP-TTLS server: Add Ident field to MS-CHAP-Error
Per RFC 2548, 2.1.5, MS-CHAP-Error contains an Ident field of one octet
followed by an ASCII message. Add the missing Ident field.

Signed-off-by: Yihong Wu <wu@domosekai.com>
2023-02-20 19:38:02 +02:00
Hari Chandrakanthan
6c75f1dfaf Send broadcast Probe Response frames on the 6 GHz band
Change Probe Response frames to be sent as broadcast for 6 GHz band per
IEEE Std 802.11ax‐2021, 26.17.2.3.2: "If a 6 GHz AP receives a Probe
Request frame and responds with a Probe Response frame (per 11.1.4.3.4),
the Address 1 field of the Probe Response frame shall be set to the
broadcast address, unless the AP is not indicating its actual SSID in
the SSID element of its Beacon frames."

Signed-off-by: Hari Chandrakanthan <quic_haric@quicinc.com>
2023-02-17 16:05:37 +02:00
Veerendranath Jakkam
edfcb2f1a9 MLD STA: Indicate MLO support in NL80211_CMD_CONNECT
Send NL80211_ATTR_MLO_SUPPORT flag in NL80211_CMD_CONNECT to indicate
wpa_supplicant has support to handle MLO connection for SME-in-driver
case.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-02-15 23:50:03 +02:00
Veerendranath Jakkam
c91852044d MLD STA: Add support for SAE external authentication offload to userspace
Enable MLO for SAE authentication when the driver indicates the AP MLD
address in an external authentication request. The MAC address of the
interface on which the external authentication request received will be
used as the own MLD address.

This commit does below for enabling MLO during external SAE
authentication:
- Use MLD addresses for SAE authentication.
- Add Basic Multi-Link element with the own MLD address in SAE
  Authentication frames.
- Send SAE Authentication frames with the source address as the own MLD
  address, destination address and BSSID as the AP MLD address to the
  driver.
- Validate the MLD address indicated by the AP in SAE Authentication
  frames against the AP MLD address indicated in external authentication
  request.
- Store the PMKSA with the AP MLD address after completing SAE
  authentication.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-02-15 23:49:59 +02:00
Liangwei Dong
575712450a qca-vendor: Add QCA_WLAN_VENDOR_MCC_QUOTA_TYPE_LOW_LATENCY
Add QCA_WLAN_VENDOR_MCC_QUOTA_TYPE_LOW_LATENCY attribute
to enable/disable Multi-Channel concurrency low latency mode.
The firmware will do optimization of channel time quota for
low latency in Multi-Channel concurrency state if enabled.

Signed-off-by: Liangwei Dong <quic_liangwei@quicinc.com>
2023-02-15 23:31:07 +02:00
Jouni Malinen
ba150059d1 FT: Store PMK-R0/PMK-R1 after EAPOL-Key msg 2/4 MIC validation
hostapd was previously storing the derived PMK-R0 and PMK-R1 as soon as
these keys were derived. While that is fine for most purposes, it is
unnecessary to do that so quickly and if anything were to fail before
the supplicant is able to return a valid EAPOL-Key msg 2/4, there would
not really be any real use for the derived keys.

For the special case of FT-PSK and VLAN determination based on the
wpa_psk file, the VLAN information is set in the per-STA data structures
only after the EAPOL-Key msg 2/4 MIC has been verified. This ended up
storing the PMK-R0/PMK-R1 entries without correct VLAN assignment and as
such, any use of the FT protocol would not be able to transfer the VLAN
information through RRB.

Split local storing of the FT key hierarchy for the cases using the FT
4-way handshake so that PMK-R0 and PMK-R1 are first derived and then
stored as a separate step after having verified the MIC in the EAPOL-Key
msg 2/4 (i.e., after having confirmed the per-STA passphrase/PSK was
selected) and VLAN update. This fixes VLAN information for the
wpa_psk_file cases with FT-PSK.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-14 11:47:25 +02:00
Chunquan Luo
56662f36da Refine vendor subcmd QCA_NL80211_VENDOR_SUBCMD_ROAM_STATS
During implementation of commit 257b119c2d ("QCA vendor attribute of
update roaming cached statistics info") some deficiencies were noted as
listed below, so fix them. Since these are pre-implementation changes,
no ABI breakage is introduced.

1) Change all RSSI values to be signed values.
2) Add enums for scan type and dwell type instead of documenting
   their values with comments
3) Add missing QCA_ROAM_REASON_STA_KICKOUT to enum qca_roam_reason

Signed-off-by: Chunquan Luo <quic_chunquan@quicinc.com>
2023-02-10 13:23:44 +02:00
Jouni Malinen
72b8193f41 MACsec: Remove EAP Session-Id length constraint
The initial MACsec implementation required the EAP Session-Id to be at
least 65 octets long and by truncating the value to that length, the
practical limit of functional cases was limited to that exact length of
65 octets. While that happens to work with EAP method that use TLS, it
does not work with most other EAP methods.

Remove the EAP Session-Id length constraint and allow any length of the
Session-Id as long as the EAP method provides one. In addition, simplify
this be removing the unnecessary copying of the Session Id into a new
allocated buffer.

Fixes: dd10abccc8 ("MACsec: wpa_supplicant integration")
Fixes: a93b369c17 ("macsec: Support IEEE 802.1X(EAP)/PSK MACsec Key Agreement in hostapd")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-10 12:31:01 +02:00
Shivani Baranwal
2e47ea22cc P2P: Fix handling Service Discovery Response received by GO device
The received Service Discovery Response frame follows the ap_mgmt_rx()
path in P2P GO mode. If gas_query_rx_frame() doesn't process the frame,
call the Public Action frame callbacks if any are registered for further
processing of the RX frame.

Fixes: 9c2b8204e6 ("DPP: Integration for hostapd")
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2023-01-25 23:47:33 +02:00
chunquan
257b119c2d QCA vendor attribute of update roaming cached statistics info
Add vendor subcmd QCA_NL80211_VENDOR_SUBCMD_ROAM_STATS and attribute id
in enum qca_wlan_vendor_attr_roam_cached_stats for collecting roaming
statistics information when diagnosing roaming behavior.

Signed-off-by: Chunquan Luo <quic_chunquan.quicinc.com>
2023-01-13 18:09:20 +02:00
Purushottam Kushwaha
18436f393d Enhance QCA vendor interface for Concurrent AP Policy for XR
Add new AP concurrency policy QCA_WLAN_CONCURRENT_AP_POLICY_XR to
configure interface for eXtended Reality (XR) requirements.

Signed-off-by: Purushottam Kushwaha <quic_pkushwah@quicinc.com>
2023-01-13 12:27:14 +02:00
Asutosh Mohapatra
58fba11e1d Enhance QCA vendor interface with new hang reason codes
Add more hang reason codes for the hang reason in the
qca_wlan_vendor_hang_reason enum.

Signed-off-by: Asutosh Mohapatra <quic_asutmoha@quicinc.com>
2023-01-13 12:22:06 +02:00
Shivani Baranwal
8b36248cd2 Add QCA vendor command to get the monitor mode status
Add a new vendor command QCA_NL80211_VENDOR_SUBCMD_GET_MONITOR_MODE to
get the local packet capture status in the monitor mode. Add required
attributes to respond with status of the monitor mode. The monitor mode
can be started/configured by using the
QCA_NL80211_VENDOR_SUBCMD_SET_MONITOR_MODE subcommand.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2022-12-19 21:00:44 +02:00
Kiran Kumar Lokere
0dd8bcef83 QCA vendor attributes for MLO and EHT capabilities
Add new QCA vendor attributes to configure the driver for EHT
capabilities and multi link configuration.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-12-19 19:10:53 +02:00
Kiran Kumar Lokere
e5602989cf QCA vendor attributes to configure EHT capabilities
Add new QCA vendor attributes to configure the driver for EHT
capabilities. These attributes are used for testing purposes.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-12-19 19:02:39 +02:00
Michal Kazior
d9d5e55c54 DPP: Respond to GAS on the same channel it was received on
When I was testing dpp_auth_init on an AP with Enrollee on a different
channel from the AP I was getting failures. This happened on hwsim in
UML with time-travel for me. I don't recall seeing this with real
devices, presumably because of lax offchan implementation.

The DPP authentication would succeed. However the station would then try
to get configuration through a GAS request and fail.

The AP reported the following logs (grepped):

> 1614762426.860212: RX_ACTION category 4 action 10 sa 02:00:00:00:01:00 da 02:00:00:00:00:00 len 227 freq 2412
> 1614762426.860212: wlan0: GAS: GAS Initial Request from 02:00:00:00:01:00 (dialog token 239)
> 1614762426.860233: DPP: Wait for Configuration Result
> 1614762426.860234: nl80211: Send Action frame (ifindex=5, freq=2462 MHz wait=0 ms no_cck=0 offchanok=0)
> 1614762428.861186: DPP: Timeout while waiting for Configuration Result
> 1614762428.861186: wlan0: DPP-CONF-FAILED

While the STA reported the following logs (grepped):

> 1614762426.860193: wlan1: DPP-AUTH-SUCCESS init=0
> 1614762426.860195: DPP: Stop listen on 2412 MHz
> 1614762426.860202: wlan1: GAS-QUERY-START addr=02:00:00:00:00:00 dialog_token=239 freq=2412
> 1614762428.861185: GAS: No response received for query to 02:00:00:00:00:00 dialog token 239
> 1614762428.861189: DPP: GAS query did not succeed
> 1614762428.861189: wlan1: DPP-CONF-FAILED

AP would still receive the GAS request on ch1 but would then try to
respond on ch11 while STA was waiting on ch1.

Signed-off-by: Michal Kazior <michal@plume.com>
2022-12-18 21:07:56 +02:00
Jouni Malinen
651c9e9578 Add new status code strings
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-18 21:07:56 +02:00
Jouni Malinen
3a2d275522 Make MFPR value from an associated STA available as hostapdMFPR
This can be helpful for testing purposes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-18 21:07:56 +02:00
Jouni Malinen
f4096e7cd5 EHT: Update EHT Operation element to P802.11be/D2.3 in AP settings
IEEE P802.11be/D2.0 added a 4-octet Basic EHT-MCS And Nss Set field into
the EHT Operation element. cfg80211 is now verifying that the EHT
Operation element has large enough payload and that check is failing
with the previous version. This commit does not really set the correct
Basic EHT-MCS And Nss Set values, but the IE length check is now passing
to allow initial mac80211_hwsim testing to succeed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-17 20:32:15 +02:00
Andrei Otcheretianski
694a1c6873 SAE: Make sme_sae_auth() return IE offset
Authentication frames include several fixed body parts (see Table 9-68
(Authentication frame body) and Table 9-69 (Presence of fields and
elements in Authentication frames) in IEEE P802.11-REVme/D2.0).

To be able to parse the IE part, these fields need to be skipped. Since
SAE logic already implements this parsing, change SAE authentication
handling functions to return the offset to the IE part. This preparation
is needed for future MLD patches that need to parse out the ML related
elements in the Authentication frames.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-17 17:11:16 +02:00
Vinayak Yadawad
870edfd67e WPA3: Update transition disable bitmap based on port authorized event
In case of drivers that offload the 4-way handshake to the driver, there
was no way of updating wpa_supplicant about the transition disable
bitmap received as a part of EAPOL-Key msg 3/4.

With latest provisions in cfg80211_port_authorized(), the TD bitmap can
be sent to the upper layer. Parse that as a part of the port authorized
event and set the transition disable information accordingly.

Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>
2022-12-17 14:21:54 +02:00
Jouni Malinen
8fdf3c4473 Sync with wireless-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2022-10-07.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-17 14:12:39 +02:00
Jintao Lin
f9804e3067 nl80211: Enforce unique address for AP iftype
Some Wi-Fi SoCs do not ensure unique MAC address for the new virtual
interface. Enforce unique address is used for the created AP interface
similarly to other previously address interface types.

Signed-off-by: Jintao Lin <jintaolin@chromium.org>
2022-12-17 12:11:15 +02:00
Micha Hashkes
a7f6b85180 crypto: Check if crypto_bignum_to_bin() is successful
Return value of crypto_bignum_to_bin() wasn't always checked, resulting
in potential access to uninitialized values. Fix it, as some analyzers
complain about it.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-off-by: Micha Hashkes <micha.hashkes@intel.com>
2022-12-17 12:11:13 +02:00
David Ruth
2749a2c6bf nl80211: Actually get and store TX retries
Fix an issue that results in TX failures being stored where TX retries
belongs.

Fixes: ad4fa5dd3c ("Add more nl80211 info to struct wpa_signal_info")
Signed-off-by: David Ruth <druth@chromium.org>
2022-12-16 22:50:48 +02:00
Andrei Otcheretianski
998aeca3c8 crypto: Clear secrets from stack in hmac_sha256_vector()
k_pad and tk were not cleared in internal HMAC-SHA256 implementation.
Clear them to avoid leaving secret material in temporary stack
variables.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-16 22:49:07 +02:00
Andrei Otcheretianski
af0ab435af PASN: Use the assigned status code from IEEE P802.11az/D7.0
Use more specific status code values to report error cases.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-16 22:36:10 +02:00
Andrei Otcheretianski
3d798ff2a4 PASN: Align RSNXE with IEEE P802.11az/D7.0 definitions
RSNXE bits were modified, so update the relevant places accordingly.
Please note, WLAN_RSNX_CAPAB_PROT_RANGE_NEG was renamed to
WLAN_RSNX_CAPAB_URNM_MFPR and the bit position is changed to 15 instead
of 10, while BIT 10 is used for WLAN_RSNX_CAPAB_URNM_MFPR_X20 and is not
supported yet.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-16 22:35:19 +02:00
Jouni Malinen
ab2cb379db Define all assigned BSS membership selector values
Add the assigned values based on IEEE P802.11-REVme/D2.0. In addition,
sort these definitions in ascending order.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-12-16 20:31:14 +02:00
Johannes Berg
ed0a7b4809 wpa_supplicant: Implement HE membership selector check
Check the HE membership selector and don't use the BSS
if required but not supported by HW.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-16 20:31:14 +02:00
Johannes Berg
054fcfab6f hostapd: Add require_he configuration
Add the ability to require HE, advertising that via the
BSS membership selector as well as rejecting association
without HE.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-16 20:31:14 +02:00
Qiwei Cai
c46351d10e DFS: Clear cac_started when AP is disabled
When AP is started on a DFS channel and DFS is offloaded to the driver,
AP setup will be separated to two stages. In the first stage, hostapd
will set frequency and initialize BSS, then waits the driver CAC to
complete. Once CAC done, in the second stage,
hostapd_setup_interface_complete() will be called again from a callback
to continue AP/channel setup.

But the driver will fail to restart AP if it is disabled/reenabled
during a driver CAC procedure because some steps such as setting
freq/beacon in the first stage are skipped due to cac_started not
cleared when the AP is disabled.

Avoid this by clearing cac_started when the AP is disabled.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-12-15 18:43:43 +02:00
Aloka Dixit
3df42cf3c7 EHT: Use HE operating channel width in MCS length calculation
Channel width in HE Capabilities element added to management frames is
calculated in hostapd_eid_he_capab() by intersecting the driver
capabilities and the operating channel width. Kernel uses this value
from the Beacon frames to verify EHT capabilities length. However, EHT
MCS length calculation uses only the driver capabilities which results
in EHT AP bring up failure in some cases dues to different lengths.

Modify the EHT code to use the HE operating channel width as well to
determine matching length for the information.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
2022-12-15 18:41:31 +02:00
Harsh Kumar Bijlani
75a9c4bd4d Add new attributes in SCS rule config QCA vendor subcommand
Add new attributes for the destination MAC address and netdev index in
SCS rule config subcommand.

Signed-off-by: Harsh Kumar Bijlani<quic_hbijlani@quicinc.com>
2022-12-15 18:12:53 +02:00
Andrei Otcheretianski
7216f79b94 nl80211: Support get_sta_mlo_info for SME-in-wpa_supplicant drivers
Query updated MLO information using NL80211_CMD_GET_INTERFACE command.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-03 17:31:50 +02:00
Ilan Peer
06eb608d54 nl80211: Handle scan results with MLD connection
With an MLD connection the BSSID reported in the association
event is the MLD AP address, while the association state reported
in the scan results relates to the MLD AP specific link. In such a
case do not disconnect.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-03 17:27:54 +02:00
Ilan Peer
033a57d262 nl80211: Get MLO support capability
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-03 17:25:33 +02:00
Ilan Peer
a2c4c0b1b6 nl80211: Support MLD association request
Define additional association parameters for MLD to be able to indicate
information for all the requested links and fill these into nl80211
attributes.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-03 17:19:00 +02:00
Ilan Peer
a134b4dc5c nl80211: Add support for MLD authentication
Set MLO attributes for NL80211_CMD_AUTHENTICATE and make sure that MLD
configuration is preserved between authentication retries.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-03 13:59:19 +02:00
Ilan Peer
e3e68668c1 ctrl_iface: Report RNR and ML in BSS command
Add the required ML and RNR definitions and report the information in
BSS command.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-03 11:47:07 +02:00
Andrei Otcheretianski
5f17763ad4 common: Combine definitions for Multi-Link and per STA profile control
The control fields are 16 bit wide. Combine the per byte definitions to
make it more convenient.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-03 11:11:34 +02:00
David Ruth
ad4fa5dd3c Add more nl80211 info to struct wpa_signal_info
Facilitate emitting more station information over D-Bus for use by the
connection manager.

* Add storage for more NL80211_STA_INFO_* fields to data structures, and
  move them through the system.
* Reorder NL80211_STA_INFO_* fields in driver_nl80211.c to match the
  ordering in nl80211.h.
* Convert signal field to an integer to support holding WPA_INVALID_NOISE
  and avoid changing logging.

* Add fields to hostap_sta_driver_data to capture more information
	* fcs_error_count
	* beacon_loss_count
	* expected_throughput
	* rx_drop_misc
	* rx_mpdus
	* rx_hemcs
	* tx_hemcs
	* rx_he_nss
	* tx_he_nss
	* avg_signal
	* avg_beacon_signal
	* avg_ack_signal
* Add struct hostap_sta_driver_data to struct wpa_signal_info and remove
  redundant fields and redundant attribute parsing
	* Change logging when printing txrate to handle unsigned long
	  value

Signed-off-by: David Ruth <druth@chromium.org>
2022-12-03 10:42:16 +02:00
Jouni Malinen
090f0f8c70 mbssid: Indicate MBSSID information in RNR
Indicate whether the collocated BSS in the RNR is a part of a multiple
BSSID set and whether it is a transmited BSSID.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-12-02 23:06:32 +02:00
Aloka Dixit
a1c4adda13 mbssid: Add nl80211 support
Send MBSSID and EMA configuration parameters to the kernel.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Co-developed-by: John Crispin <john@phrozen.org>
Signed-off-by: John Crispin <john@phrozen.org>
2022-12-02 20:52:08 +02:00
Aloka Dixit
54b1352efd mbssid: Make the AID space shared
As described in IEEE Std 802.11-2020, 11.1.3.8 Multiple BSSID procedure,
set the lowest AID value assigned to any client equal to 2^n, where n is
the maximum BSSID indicator of the MBSSID set.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Co-developed-by: John Crispin <john@phrozen.org>
Signed-off-by: John Crispin <john@phrozen.org>
2022-12-02 20:47:49 +02:00
Aloka Dixit
10749c3c48 mbssid: Process Known BSSID element
Process the Known BSSID elements if included by non-AP stations. The
format is described in IEEE Std 802.11ax-2021, 9.4.2.261.

Non-AP stations may include this element in directed Probe Request
frames to indicate which of the multiple BSSIDs they have already
discovered. AP should exclude these profiles from the Probe Response
frame.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
2022-12-02 20:45:05 +02:00
Aloka Dixit
15690faada mbssid: Add MBSSID Configuration element
Add Multiple BSSID Configuration element data per IEEE Std
802.11ax-2021, 9.4.2.260 when enhanced multiple BSSID advertisement
(EMA) is enabled. This element informs the stations about the EMA
profile periodicity of the multiple BSSID set.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
2022-12-02 20:37:33 +02:00
Aloka Dixit
fc2e4bac5a mbssid: Set extended capabilities
Set extended capabilities as described in IEEE Std 802.11ax-2021,
9.4.2.26. Reset the capability bits to 0 explicitly if MBSSID and/or EMA
is not enabled because otherwise some client devices fail to associate.

Bit 80 (complete list of non-tx profiles) is set for all Probe Response
frames, but for Beacon frames it is set only if EMA is disabled or if
EMA profile periodicity is 1.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Co-developed-by: John Crispin <john@phrozen.org>
Signed-off-by: John Crispin <john@phrozen.org>
2022-12-02 20:21:11 +02:00
Aloka Dixit
a004bf2cd0 mbssid: Configure parameters and element data
Add helper functions to retrieve the context for the transmitting
interfaces of the MBSSID set and the index of a given BSS.

Set device parameters: BSS index and the transmitting BSS.

Include Multiple BSSID elements in Beacon and Probe Response frames.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Co-developed-by: John Crispin <john@phrozen.org>
Signed-off-by: John Crispin <john@phrozen.org>
2022-12-02 19:53:15 +02:00
Aloka Dixit
c5a09b051a mbssid: Add Non-Inheritance element
Add data per IEEE Std 802.11-2020, 9.4.2.240. Current implementation is
added for the security and extended supported rates only.

For the Extended rates element, add a new member 'xrates_supported'
which is set to 1 only if hostapd_eid_ext_supp_rates() returns success.
Without this change, there are cases where this function returns before
adding the element for the transmitting interface resulting in incorrect
addition of this element inside the MBSSID Non-Inheritance element.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Co-developed-by: John Crispin <john@phrozen.org>
Signed-off-by: John Crispin <john@phrozen.org>
Co-developed-by: Sowmiya Sree Elavalagan <quic_ssreeela@quicinc.com>
Signed-off-by: Sowmiya Sree Elavalagan <quic_ssreeela@quicinc.com>
2022-12-02 19:40:49 +02:00
Aloka Dixit
920b56322d mbssid: Functions for building Multiple BSSID elements
Add Multiple BSSID element data per IEEE Std 802.11ax-2021, 9.4.2.45.
Split the BSSes into multiple elements if the data does not fit in
the 255 bytes allowed for a single element.

Store the total count of elements created and the offset to the start
of each element in the provided buffer.

Set the DTIM periods of non-transmitted profiles equal to the EMA
profile periodicity if those are not a multiple of the latter already as
recommended in IEEE Std 802.11ax-2021, Annex AA (Multiple BSSID
configuration examples).

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Co-developed-by: John Crispin <john@phrozen.org>
Signed-off-by: John Crispin <john@phrozen.org>
2022-12-02 19:25:40 +02:00
Aloka Dixit
931e5d4f9e mbssid: Configure all BSSes before beacon setup
When multiple BSSID advertisement feature is enabled in IEEE 802.11ax
mode or later, Beacon frames are not transmitted per interface, instead
only one of the interfaces transmits Beacon frames that include one or
more Multiple BSSID elements with configuration for the remaining
interfaces on the same radio.

Change the existing logic such that all configuration details for all
the interfaces are available while building the Beacon frame template
for the transmitting interface itself.

Do not change the flow for the cases where multiple BSSID advertisement
is not enabled.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
2022-12-02 19:05:11 +02:00
Aloka Dixit
78d0b98995 mbssid: Retrieve driver capabilities
Retrieve driver capabilities for the maximum number of interfaces for
MBSSID and the maximum allowed profile periodicity for enhanced MBSSID
advertisement.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
2022-12-02 16:43:59 +02:00
Aloka Dixit
7452e54477 mbssid: Add new configuration option
Add configuration option 'mbssid' used to enable multiple BSSID (MBSSID)
and enhanced multiple BSSID advertisements (EMA) features.

Reject the configuration if any of the BSSes have hidden SSID enabled.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Co-developed-by: John Crispin <john@phrozen.org>
Signed-off-by: John Crispin <john@phrozen.org>
2022-12-02 16:36:19 +02:00
Daniel Gabay
bb67d5b52b AP: Add testing option to delay EAPOL Tx
Add a testing option to delay EAPOL-Key messages 1/4 and 3/4. By setting
delay_eapol_tx=1, the actual EAPOL Tx will occur on the last possible
attempt (wpa_pairwise_update_count) thus all previous attempts will fail
on timeout which is the wanted delay.

In addition, add an hwsim test that uses this testing option to verify
that non protected Robust Action frames are dropped prior to keys
installation in MFP.

Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-02 13:07:03 +02:00
Jouni Malinen
1a800a9400 EAP-TEAP server: Allow tunneled EAP method sequence to be optimized
Include the start of the next EAP method in an EAP Payload TLV in the
same message with the Crypto-Binding TLV for the previous EAP method to
get rid of one roundtrip when using more than a single EAP
authentication method within the tunnel. The previous, not optimized,
sequence can still be used with eap_teap_method_sequence=1 for more
complete testing coverage.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-12-01 17:53:05 +02:00
Jouni Malinen
f791b5bbc7 EAP-TEAP peer: Process Crypto-Binding TLV before EAP Payload TLV
When using the optimized EAP method sequence within the tunnel, crypto
binding for the previous EAP method can be performed in the same message
with the start of the next EAP method. The Crypto-Binding TLV needs to
be processed before moving to the next EAP method for IMSK to be derived
correctly, so swap the order of these processing steps.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-12-01 17:53:05 +02:00
Jouni Malinen
5a9bd8a06a EAP-TEAP: Use EAP-FAST-MSCHAPv2 in the tunnel
While RFC 7170 does not describe this, EAP-TEAP has been deployed with
implementations that use the EAP-FAST-MSCHAPv2, instead of the
EAP-MSCHAPv2, way of deriving the MSK for IMSK. Use that design here to
interoperate with other implementations since that seems to be direction
that IETF EMU WG is likely to go with an RFC 7170 update.

This breaks interoperability with earlier hostapd/wpa_supplicant
versions.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-12-01 17:53:05 +02:00
Jouni Malinen
364b6500b8 EAP-FAST: Move EAP-MSCHAPv2 special MSK handling into MSCHAPv2
EAP-FAST uses a special variant of EAP-MSHCAPv2 called EAP-FAST-MSCHAPv2
in RFC 5422. The only difference between that and EAP-MSCHAPv2 is in how
the MSK is derived. While this was supposed to be specific to EAP-FAST,
the same design has ended up getting deployed with EAP-TEAP as well.
Move this special handling into EAP-MSCHAPv2 implementation so that it
can be shared for both needs.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-12-01 17:53:05 +02:00
Avraham Stern
81dedfbd77 nl80211: Increase the scan frequencies buffer
With the UHB enabled, the number of scanned frequencies may exceed
the buffer size. Increase it.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-01 15:17:14 +02:00
Ayala Beker
9a2781f243 wpa_supplicant: Support throughput estimation for EHT rates
Add support to consider EHT rates while calculating the estimated
throughput for scan results.

- The estimated EHT throughput uses the HE 0.8 usec GI rates from the
  relevant EHT-MCS tables from IEEE P802.11be/D2.0, 36.5.
- The minimum SNR values for EHT rates (4096-QAM) are derived by adding
  the existing minimum SNR values of 1024-QAM rates from HE tables and
  the difference between the values of minimum sensitivity levels of
  1024-QAM rates and 4096-QAM rates defined in Table 36-67 (Receiver
  minimum input level sensitivity) in IEEE P802.11be/D2.0.

Signed-off-by: Ayala Beker <ayala.beker@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-11-30 19:23:14 +02:00
Andrei Otcheretianski
69725c4cf7 OpenSSL: Fix BN_rshift() argument order
The arguments were swapped. Apparently all the calls to this function
use the same value for both input and output parameters, so it went
unnoticed. Fix it.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-11-30 19:06:30 +02:00
Jouni Malinen
e9b4ad2364 OpenSSL: Apply connection flags before reading certificates
This is needed to be able to drop the OpenSSL security level, if
necessary, for cases where old certificates (e.g., something using SHA-1
signatures) are still needed. openssl_ciphers="DEFAULT@SECLEVEL=0" can
achieve this, but only if applied before attempting to load the
certificates.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-30 14:01:55 +02:00
Jouni Malinen
bbd5a4689b SAE: Add an enum for defining sae_pwe parameter values
Make this more readable by replacing magic numbers with enum values.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-29 20:37:23 +02:00
Nicolas Escande
20bfd4feb3 AP: Enable H2E on 6 GHz when SAE is used
Even if the use of H2E isn't strictly mandatory when using SAE on 6 GHz,
WPA3-Personal pushes it on 6 GHz. So lets automatically enable it by
setting sae_pwe=2. This will allow both the hunting-and-pecking and
hash-to-element to work (and be backward compatible).

Signed-off-by: Nicolas Escande <nico.escande@gmail.com>
2022-11-29 18:56:47 +02:00
Michal Kazior
e2d88f86ee DPP: Expose own and peer bootstrap info ids on authentication success
The system may be interested in knowing which bootstrap information
entries are being exercised. This could be used for statistics or
completion signaling to upper application layer outside of hostapd,
along with the public key hash.

Signed-off-by: Michal Kazior <michal@plume.com>
2022-11-29 16:17:14 +02:00
Michal Kazior
043dedee83 DPP: Expose enrollee pubkey hash for identification
Just like with WPA-PSK and keyids it may be desired to identify
connecting clients to provide additional network filtering.

This does:

 - extend DPP_EVENT_AUTH_SUCCESS to expose public
   key hash of the peer so the system can pick it
   up and use for identification later

 - store public key hash in PMKSA from DPP Network
   Intro for later use

 - extend sta mib to print out the dpp_pkhash
   from PMKSA if present

 - extend AP_STA_CONNECTED to include the
   dpp_pkhash from PMKSA if present

Signed-off-by: Michal Kazior <michal@plume.com>
2022-11-29 13:55:53 +02:00
Michal Kazior
2d8974e314 DPP: Move DPP_EVENT_AUTH_SUCCESS to a helper
This event is generated in a couple of places. It'll be easier to extend
the event with additional metadata if it's generated in a single place.

Signed-off-by: Michal Kazior <michal@plume.com>
2022-11-29 13:55:36 +02:00
Nicolas Escande
4cb23b66d6 ACS: Allow selecting a better channel when using 40/80/160 MHz
When considering a channel for a bandwidth of 40/80/160 MHZ on the 5 GHz
or 6 GHz band, allow selecting one of the other channels in the segment
instead of the first one. This is done only if the other channel's
interference_factor is lower than the first one's.

Signed-off-by: Nicolas Escande <nico.escande@gmail.com>
2022-11-28 23:31:33 +02:00
Nicolas Escande
472101684b ACS: introduce acs_adjust_secondary
When using 40/80/160 MHz bandwidth on the 5 GHz or 6 GHz band, enforce
the secondary channel to be the other channel of the corresponding 40
MHz segment.

Even if this is useless for now, this is preparatory work to allow ACS
to select a primary channel which is not the first of its segment.

Signed-off-by: Nicolas Escande <nico.escande@gmail.com>
2022-11-28 23:23:13 +02:00
Nicolas Escande
60e2934cbf ACS: Introduce acs_get_bw_center_chan()
When using 40/80/160 MHz bandwidth, instead of computing the index of
the segment center freq based on the selected channel, lets look it up
in the bw_desc[] table.

This is preparative work to allow selecting a primary channel which is
not the first of the segment.

Signed-off-by: Nicolas Escande <nico.escande@gmail.com>
2022-11-28 23:22:35 +02:00
Nicolas Escande
ed8e13decc ACS: Extract bw40/80/160 freqs out of acs_usable_bwXXX_chan()
This extracts the 3 lists of allowed channels for 40/80/160 MHz
bandwidth out of their respective functions. It also adds for each
segment the frequency of the segment's last channel and the index of the
segment's "center" channel.

This is preparative work to allow selecting a channel which is not the
first of its segment for 40/80/160 MHz. In addition, this adds the 5 GHz
160 MHz channel defined for 5735-5895 MHz (channels 149-177).

Signed-off-by: Nicolas Escande <nico.escande@gmail.com>
2022-11-28 23:22:30 +02:00
Jouni Malinen
0d6cd88eed DPP: Use existing TCP connection to replay duplicate Presence Announcement
Instead of opening a new TCP connection for each received Presence
Announcement from the same Enrollee from the Relay to the Controller,
use an existing connection if it is still waiting for Authentication
Response. This avoids opening multiple parallel sessions between the
same Controller and Enrollee.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-28 16:35:01 +02:00
Eliot Lear
6af717f73b DPP: Don't close TCP connection for duplicate Presence Announcements
If wpa_supplicant receives a duplicate DPP chirp over a TCP connection
this causes the connection (and all of its state) to be torn down.
Such a tear-down means that the authentication request state is discarded.
That in turn will cause any otherwise valid authentication response
to not succeed.

This commit addresses that problem. It also does not attempt to check
for duplicates until at least we know that we have an appropriate hash.

Signed-off-by: Eliot Lear <lear@lear.ch>
2022-11-28 15:50:00 +02:00
Vinay Gannevaram
46e6b72b7b Add a callback to notify added PMKSA cache entry details
Add a callback handler to notify details of a PMKSA cache entry when it
is added to the PMKSA cache. This can be used to provide external
components more convenient access to the PMKSA cache contents.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-28 11:39:06 +02:00
Raphaël Mélotte
af1528a128 hostapd: Add RELOAD_BSS
When using multiple BSSes on a single radio, it is sometimes desirable
to reconfigure one BSS, without disconnecting the stations already
connected to other BSSes on the same radio.

When a BSS is reconfigured using the SET command, there is no "old"
configuration we can compare to (so we cannot compare a hash of the
configuration for example).

One possible solution would be to make the current RELOAD command
reload only the current BSS. However, that could break the workflow of
existing users. Instead, introduce a new RELOAD_BSS command, which
reloads only the current BSS.

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
2022-11-27 15:49:48 +02:00
Raphaël Mélotte
b37c3fbad4 hostapd: Add config_id parameter
Add a new configuration parameter: config_id.

If set, only do hostapd_clear_old() for the BSSes for which the
config_id changed.

This makes it possible to reconfigure specific BSSes on a radio,
without disconnecting clients connected to other, unchanged BSSes of
the same radio.

This patch adapted from a patch authored by John Crispin in the
OpenWrt repository:
https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob;f=package/network/services/hostapd/patches/700-wifi-reload.patch;h=c5ba631a0fc02f70714cb081b42fcf6cb9694450;hb=60fb4c92b6b0d1582d31e02167b90b424185f3a2

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
2022-11-27 15:41:19 +02:00
Raphaël Mélotte
46f6a32775 Split BSS-specific hostapd_clear_old_bss() from hostapd_clear_old()
In hostapd_clear_old() multiple steps are needed to clear a BSS.
There are some places where it would be desirable to clear only some
BSSes and not all.

To make it easier to clear only some BSSes, split hostapd_clear_old()
with hostapd_clear_old_bss(), which does the same actions but on a
single BSS.

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
2022-11-27 15:35:26 +02:00
Andrzej Ostruszka
98e9d553f2 nl80211: Check previous MAC address for locally-generated-deauth
When using MAC randomization wpa_supplicant can change the local MAC
address during roaming scenario:

1. We attach to AP1 (with MAC1/SSID1).
2. Roaming to AP2 (with MAC2/SSID2) is started:
  a) we send DEAUTH(for AP1, with MAC1)
  b) we change MAC to MAC2 due to randomization
  c) we start authentication for AP2
  d) we get notification about DEAUTH for AP1 (which we ignore)
  e) we complete association with AP2

In point 2d we completely ignore the notification which later causes
problems. This happens if the deauthentication event is generated by the
local driver (e.g., due to beacon loss) instead of AP2 sending an
explicit Deauthentication frame.

The intended behavior is as follows: during roaming we generate DEAUTH
(2a) and signal this event right away. To protect from handling of our
own DEAUTH for the 2nd time supplicant marks 'ignore_next_local_deauth'
variable.  In point 2d we should receive this notification and clear the
flag but this does not happen because MAC1 in the notification is not
the current MAC address (it has been changed in 2b) so this notification
is ignored as a one with a "foreign" address.

So we end up successfully at AP2 but with 'ignore_next_local_deauth'
still set which causes problems.  For example if AP2 shuts down it has
been observed on some drivers that the DEAUTH notification is generated
as a local one and since we have flag to ignore it nothing is reported
over D-Bus.

To address the problem let's store the previously used MAC address and
use it for checking for foreign address (in combination with the current
one).

Signed-off-by: Andrzej Ostruszka <amo@semihalf.com>
2022-11-27 14:18:53 +02:00
Jouni Malinen
6d45481870 RSN: Split EAPOL-Key msg 3/4 processing for WPA(v1)
Separate more of WPA(v1) functionality away from the RSN processing
code path.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-27 14:18:53 +02:00
Jouni Malinen
5b7957b7ee RSN: Split EAPOL-Key msg 1/4 processing for WPA(v1)
Separate more of WPA(v1) functionality away from the RSN processing
code path.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-27 14:18:53 +02:00
Jouni Malinen
e5dfce38f7 RSN: Split EAPOL-Key group msg 1/2 processing more completely for WPA(v1)
Separate more of WPA(v1) functionality away from the RSN processing
code path.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-27 14:18:53 +02:00
Jouni Malinen
5ab43c738e RSN: Split WPA(v1) processing of EAPOL-Key frames into a separate function
This is a step in separating RSN and WPA(v1) processing of EAPOL-Key
frames into separate functions. This allows the implementation to be
simplified and potentially allows the validation rules to be made
stricter more easily. This is also a step towards allowing WPA(v1)
functionality to be removed from the build in the future.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-27 08:30:58 +02:00
Jouni Malinen
f7fd891c70 Fix a typo in driver ops poll() documentation
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-26 20:48:21 +02:00
Norman Hamer
0143dc1cb6 OpenSSL: Load OpenSSL 3.0 legacy provider but let default be loaded
The default provider is being loaded here explicitly only because
OSSL_PROVIDER_load() disables the fallback provider loading (on either
success or failure). If the legacy provider fails to load, which it may
in some configurations, it will never load the default provider.

Just use the formulation which attempts to load without changing the
fallback behavior.

"default" will still be/only be loaded if no other provider (notably
FIPS) is loaded to provide algorithms.

Signed-off-by: Norman Hamer <nhamer@absolute.com>
2022-11-26 12:29:14 +02:00
Norman Hamer
fef4c6cb0d OpenSSL: Don't provide implementation of DES/RC4 for FIPS builds
DES and RC4 are not allowed in such builds, so comment out des_encrypt()
and rc4_skip() from the build to force compile time failures for cases
that cannot be supported instead of failing the operations at runtime.
This makes it easier to detect and fix accidental cases where DES/RC4
could still be used in some older protocols.

Signed-off-by: Norman Hamer <nhamer@absolute.com>
2022-11-26 11:34:30 +02:00
Jouni Malinen
1d42dafce6 RSN: Do not include RC4 use in FIPS builds
CONFIG_NO_RC4=y could have been used to remove this functionality, but
it might as well be done automatically based on CONFIG_FIPS=y as well.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-26 11:34:30 +02:00
Jouni Malinen
b6d3fd05e3 FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)
PMKSA caching for the FT initial mobility domain association was fully
defined in IEEE Std 802.11-2020. The state before that was unclear and
there has been interoperability issues in this area, so use of PMKSA
caching with FT-EAP has been disabled in wpa_supplicant by default.

The wpa_supplicant and hostapd implementation of PMKSA caching for FT
ended up using an earlier default mechanism (SHA-1) for deriving the
PMKID when using the FT-EAP. This does not match what got defined in
IEEE Std 802.11-2020, 12.11.2.5.2 (SHA256). It is not really desirable
to use SHA-1 for anything with FT since the initial design of FT was
based on SHA256. Furthermore, it is obviously not good to differ in
behavior against the updated standard. As such, there is sufficient
justification to change the implementation to use SHA256 here even
though this ends up breaking backwards compatibility for PMKSA caching
with FT-EAP.

As noted above, this is still disabled in wpa_supplicant by default and
this change results in PMKSA caching not working only in cases where it
has been enabled explicitly with ft_eap_pmksa_caching=1. Those cases
recover by falling back to full EAP authentication.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-25 09:37:17 +02:00
Mukul Sharma
ef70f814a7 Add a new QCA vendor attribute to configure wifi calling (wfc) state
Add QCA_WLAN_VENDOR_ATTR_CONFIG_WFC_STATE vendor attribute. Userspace
uses this attribute to configure wfc state to the driver/firmware. The
driver/firmware uses this information to optimize power savings, rate
adaption, roaming, etc.

Signed-off-by: Mukul Sharma <quic_mukul@quicinc.com>
2022-11-24 20:23:23 +02:00
Mert Ekren
c823197bde SAE: Use Challenge Failure status code in confirm message failure cases
IEEE Std 802.11-2020, 12.4.7.6 says that status code CHALLENGE_FAILURE,
needs to be sent in case the verification action fails for SAE Confirm
message frame from a STA: "An SAE Confirm message, with a status code
not equal to SUCCESS, shall indicate that a peer rejects a previously
sent SAE Confirm message. An SAE Confirm message that was not
successfully verified is indicated with a status code of
CHALLENGE_FAILURE."

hostapd, however, did not use this status code for this case. In
ieee802_11.c the function sae_check_confirm() is called and in case of
verification failure (-1 is returned), the response is set to
WLAN_STATUS_UNSPECIFIED_FAILURE (status code = 1). Fix this to use
CHALLENGE_FAILURE.

Signed-off-by: Koen Van Oost <koen.vanoost@airties.com>
Signed-off-by: Mert Ekren <mert.ekren@airties.com>
2022-11-24 12:09:38 +02:00
Jouni Malinen
e91ac53d53 DFS: Do not allow channel checks to go beyond the channel list
Explicitly check for invalid cases where the configured channel and
bandwidth might result in the full channel number range going beyond the
list of supported channels to avoid reading beyond the end of the
channel buffer.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-23 22:51:50 +02:00
Vinay Gannevaram
91d148f508 PASN: Fix is_pasn_auth_frame() for mgmt tx status frames
The SA/DA checks needs to be reversed for the TX case.

Fixes: 8481c750 ("PASN: Fix Authentication frame checks")
Signed-off-by: Vinay Gannevaram <quic_vganneva@quicinc.com>
2022-11-23 18:45:51 +02:00
Qiwei Cai
b6c38cee93 Skip CAC if the driver switches channel to non-DFS
If an AP is started on a DFS channel (or any channels within its
bandwidth require DFS) and DFS is offloaded to the driver, hostapd needs
to wait for CAC to complete. But the driver may not do CAC and just
switches to a non-DFS channel instead. This would result in a failure to
start the AP because hostapd fails to receive a CAC complete event and
cannot finish interface setup.

Skip CAC and complete AP setup in the channel switch event handler for
this case.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-23 18:32:46 +02:00
Sai Pratyusha Magam
080afc03d5 Add hostapd control interface command to stop logging to file
Add CLOSE_LOG command to stop hostapd logging to file. This can be
followed with RELOG to restart logging to the same file path.

Signed-off-by: Sai Pratyusha Magam <quic_smagam@quicinc.com>
2022-11-23 18:24:56 +02:00
Purushottam Kushwaha
0fd13c90eb Add QCA vendor interface for AP doze mode configuration
Add a new subcommand QCA_NL80211_VENDOR_SUBCMD_DOZED_AP to configure
doze mode state on an AP interface. This is also used as an event to
indicate the updated configuration. In doze mode, AP transmits
beacons at higher beacon intervals and RX is disabled.

Uses attributes defined in enum qca_wlan_vendor_attr_dozed_ap.

Signed-off-by: Purushottam Kushwaha <quic_pkushwah@quicinc.com>
2022-11-23 18:16:24 +02:00
Sunil Dutt
4e1f55a113 Roam control configuration for 6 GHz in full scan only on prior discovery
During the roam scan, if there are no desired APs found in the partial
frequency list, an immediate full scan on all the supported frequencies
is initiated as a fallback. This would include the 6 GHz PSC
frequencies. Define an attribute to allow that behavior to be modified
to include PSCs only if 6 GHz use has been detected.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-23 13:03:42 +02:00
Jouni Malinen
34d93b0c9d HS 2.0: Deauthenticate STA on deauth-imminent more quickly if no URL
When the RADIUS server requests a STA to be deauthenticated imminently
without providing a reason URL, there is no need to allow the STA spend
any additional time associated. Deauthenticate the STA immediately after
it has ACK'ed the WNM-Notification frame indicating imminent
deauthentication or at latest two seconds after having processes the
Access-Accept message.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-21 22:57:38 +02:00
Veerendranath Jakkam
2e40f969b1 nl80211: Fix wrong requested links bitmap in sta_mlo_info.req_links
Currently sta_mlo_info.req_links is not getting cleared before
populating the requested links information for a new connection/roam
event. This is causing wrong requested links bitmap in
sta_mlo_info.req_links if there is a change in requested link IDs
between the previous and the new connection. To avoid such issues fully
clear MLO connection information after disconnection and before
populating MLO connection information during (re)association event.

Fixes: cc2236299f ("nl80211: Get all requested MLO links information from (re)association events")
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-11-21 18:31:02 +02:00
Veerendranath Jakkam
b6e226496b MLD STA: Fix IGTK and BIGTK MLO KDEs validation
IGTK and BIGTK MLO KDEs should be validated only when the AP sends them
in EAPOL-Key msg 3/4. Though IEEE P802.11be/D2.2 mandates MLO AP to
enable PMF and Beacon Protection features there is no text to mandate a
STA to discard connection when the MLO AP doesn't send IGTK and BIGTK
MLO KDEs in EAPOL-Key msg 3/4 for a link. Also, fix
wpa_sm->mgmt_group_cipher checks before processing MLO IGTK and BIGTK
MLO KDEs.

Fixes: f15cc834cb ("MLD STA: Processing of EAPOL-Key msg 3/4 frame when using MLO")
Fixes: 8f2e493bec ("MLD STA: Validation of MLO KDEs for 4-way handshake EAPOL-Key frames")
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-11-21 18:27:18 +02:00
Sunil Dutt
2050130bec Add a vendor attribute for roam control configuration for full scan
During the roam scan, if there are no desired APs found in the partial
frequency list, an immediate full scan on all the supported frequencies
is initiated as a fallback. This flag controls the frequency list
creation for full scan on the following lines.
1 - Full scan to exclude the frequencies that were already scanned by
    the previous partial scan.
0 - Full scan to include all the supported frequencies irrespective of
    the ones already scanned by partial scan.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-21 16:49:16 +02:00
Glenn Strauss
12f16c27ba TLS: Fix unsigned int underflow in internal TLS 1.0/1.1 implementation
Taking sizeof(ptr) is incorrect to determine size of passed in hash and
results in hlen getting set to a very large value since MD5_MAC_LEN >
sizeof(ptr). Provide the actual size of the hash buffer from the caller
to fix this.

tls_key_x_server_params_hash() callers src/tls/tlsv1_client_read.c and
src/tls/tlsv1_server_write.c both pass in a large enough hash (hash[64]
or hash[100]) that this does not appear to have an impact, though it is
still wrong.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-11-20 19:11:01 +02:00
Glenn Strauss
802b67bced Update tls_connection_set_verify() documentation to verify_peer=2
This new value was added to verify peer certificate if it is provided,
but not reject the TLS handshake if no peer certificate is provided.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-11-20 18:50:03 +02:00
Jouni Malinen
f723f7f8ad P2P: Check dev pointer consistently when building PD Response
The dev pointer could potentially be NULL here in some P2PS cases, so
check it explicitly before dereferencing it when checking for 6 GHz
capability.

Fixes: b9e2826b9d ("P2P: Filter 6 GHz channels if peer doesn't support them")
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-20 15:15:58 +02:00
Jouni Malinen
30403e9657 WPS: Check NDEF record length fields separately
Try to make the bounds checking easier for static analyzers by checking
each length field separately in addition to checking them all in the end
against the total buffer length.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-20 15:15:58 +02:00
Jouni Malinen
cd0e8653a2 TDLS: Use stored FTE length in MIC calculation
Try to avoid static analyzer warnings due to use of the FTE length
field instead of the separately stored and validated length field value
when deriving FTE MIC.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-20 15:15:58 +02:00
Jouni Malinen
7e85e24f35 TDLS: Use stored peer RSNE length in MIC calculation
Try to avoid static analyzer warnings due to use of the RSNE length
field instead of the separately stored and validated length field value
when deriving FTE MIC.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-20 12:01:36 +02:00
Jouni Malinen
40a42613e6 FT: Simplify FTE parsing for FT-SAE-EXT-KEY using MIC Length subfield
Commit 25b52e5f83 ("FT: Extend FTE parsing for FT-SAE-EXT-KEY") used
possible MIC length iteration to try to figure out the length of the MIC
field in FTE. That was the only option available at the time, but FTE is
now being extended in IEEE 802.11-REVme to explicitly indicate the
length of the MIC field for the new FT-SAE-EXT-KEY AKM to make this
easier.

Use the new design from the approved comment resolution (*) in
REVme/D2.0 ballot CID 3135 to simplify implementation. This gets rid of
the need to pass in key length and the somewhat strange need_{r0kh,r1kh}
parameters to wpa_ft_parse_ies().

(*)
https://mentor.ieee.org/802.11/dcn/22/11-22-1991-02-000m-proposed-resolutions-to-some-lb270-comments.docx

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-20 11:43:53 +02:00
Jouni Malinen
5ea7a2f545 DPP: Drop PMKSA entry if AP reject association due to invalid PMKID
This is needed to avoid trying the subsequent connections with the old
PMKID that the AP claims not to hold and continues connection failures.
This was already handled for the SME-in-the-driver case in commit commit
50b77f50e8 ("DPP: Flush PMKSA if an assoc reject without timeout is
received"), but the wpa_supplicant SME case did not have matching
processing.

Add the needed check to avoid recover from cases where the AP has
dropped its PMKSA cache entry. Do this only based on the specific status
code value (53 = invalid PMKID) and only for the PMKSA entry that
triggered this failure to minimize actions taken based on an unprotected
(Re)Association Response frame.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-20 11:08:26 +02:00
Jouni Malinen
4840b45a26 Fix empty pmksa_cache_get()
The addition of the "spa" argument was missed in the empty inline
function.

Fixes: 9ff778fa4b ("Check for own address (SPA) match when finding PMKSA entries")
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-19 17:19:49 +02:00
Jouni Malinen
3abd0c4719 SAE: Print rejection of peer element clearly in debug log
Depending on the crypto library, crypto_ec_point_from_bin() can fail if
the element is not on curve, i.e., that error may show up before getting
to the explicit crypto_ec_point_is_on_curve() check. Add a debug print
for that earlier call so that the debug log is clearly identifying
reason for rejecting the SAE commit message.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-10 21:31:14 +02:00
Jouni Malinen
9ff778fa4b Check for own address (SPA) match when finding PMKSA entries
This prevents attempts of trying to use PMKSA caching when the existing
entry was created using a different MAC address than the one that is
currently being used. This avoids exposing the longer term PMKID value
when using random MAC addresses for connections.

In practice, similar restriction was already done by flushing the PMKSA
cache entries whenever wpas_update_random_addr() changed the local
address or when the interface was marked down (e.g., for an external
operation to change the MAC address).

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-10 21:13:05 +02:00
Jouni Malinen
9f04a9c8dd Store own MAC address (SPA) in supplicant PMKSA cache entries
This is needed to be able to determine whether a PMKSA cache entry is
valid when using changing MAC addresses. This could also be used to
implement a mechanism to restore a previously used MAC address instead
of a new random MAC address.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-10 21:13:05 +02:00
Vinay Gannevaram
309765eb66 PASN: Use separate variables for BSSID and peer address
Using separate variables for BSSID and peer address is needed to support
Wi-Fi Aware (NAN) use cases where the group address is used as the BSSID
and that could be different from any other peer address. The
infrastructure BSS cases will continue to use the AP's BSSID as both the
peer address and BSSID for the PASN exchanges.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-10 21:12:50 +02:00
Vinay Gannevaram
42f0c44d84 PASN: Use peer address instead of BSSID as the destination for initiator
Rename struct pasn_data::bssid to peer_addr to be better aligned with
different use cases of PASN and its extensions. This is a step towards
having option to use different peer address and BSSID values for NAN use
cases.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-10 21:03:23 +02:00
Veerendranath Jakkam
15583802b9 nl80211: Allow up to 64-byte PMK in NL80211_CMD_SET_PMKSA
Kernel commit 22e76844c566 - ("ieee80211: Increase PMK maximum length to
 64 bytes") increased the maximum allowed length for NL80211_ATTR_PMK to
64 bytes. Thus, allow sending 64 bytes PMK in NL80211_CMD_SET_PMKSA and
if NL80211_CMD_SET_PMKSA fails with ERANGE try NL80211_CMD_SET_PMKSA
again without PMK. Also, skip sending PMK when PMK length is greater
than 64 bytes.

This is needed for some newer cases like DPP with NIST P-521 and
SAE-EXT-KEY with group 21. The kernel change from 48 to 64 octets is
from February 2018, so the new limit should be available in most cases
that might want to use these new mechanisms. Maintain a backwards
compatible fallback option for now to cover some earlier needs for DPP.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-11-09 13:21:46 +02:00
Jouni Malinen
bbe5f0c1eb FT: Do not try to use FT protocol between mobility domains
wpa_supplicant has support for only a single FT key hierarchy and as
such, cannot use more than a single mobility domain at a time. Do not
allow FT protocol to be started if there is a request to reassociate to
a different BSS within the same ESS if that BSS is in a different
mobility domain. This results in the initial mobility domain association
being used whenever moving to another mobility domain.

While it would be possible to add support for multiple FT key hierachies
and multiple mobility domains in theory, there does not yet seem to be
sufficient justification to add the complexity needed for that due to
limited, if any, deployment of such networks. As such, it is simplest to
just prevent these attempts for now and start with a clean initial
mobility domain association.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-09 00:54:41 +02:00
Jouni Malinen
d7febe33f6 MLO: Remove unnecessary debug prints about clearing AP RSNE/RSNXE
There is no help from seeing 32 lines of debug prints about clearing
AP's RSNE/RSNXE information for each potential link when such
information has not been set in the first place. These were printed even
when there is no use of MLO whatsoever, so get rid of the prints for any
case where the value has not yet been set.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-08 14:35:35 +02:00
Rhythm Patwa
16d913bfd8 Define AFC vendor commands and events
Wi-Fi Alliance specification for Automated Frequency Coordination (AFC)
system ensures that the Standard Power Wi-Fi devices can operate in 6
GHz spectrum under favorable conditions, without any interference with
the incumbent devices.

Add support for vendor command/events and corresponding
attributes to define the interface for exchanging AFC requests and
responses between the driver and a userspace application.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-07 21:09:09 +02:00
Jouni Malinen
46f5cf9280 OpenSSL: Fix additional HPKE corner cases
Commit 820211245b ("OpenSSL: Fix HPKE in some corner cases") increased
the buffer size for EVP_PKEY_derive() by 16 octets, but it turns out
that OpenSSL might need significantly more room in some cases. Replace a
fixed length buffer with dynamic query for the maximum size and
allocated buffer to cover that need.

This showed up using the following test case sequence:
dbus_pkcs11 module_wpa_supplicant

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-07 18:01:33 +02:00
Jouni Malinen
a0628f8a50 OpenSSL: Remove unused assignment from HPKE expand
The length of labeled_info is determined separately, so there is no need
to increment the pos pointer after the final entry has been added.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-07 14:02:55 +02:00
Jouni Malinen
3e1a04afa1 nl80211: Check that attribute addition succeeds in offloaded PASN case
Check nla_put_flag() return value to be consistent with other nla_put*()
uses.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-07 14:02:55 +02:00
Jouni Malinen
271ce71c7a FT: Fix PMK-R0 derivation for FT-SAE-EXT-KEY with SHA512
Not only the hash[] array, but also the r0_key_data[] array needs to be
extended in size to fit the longer key and salt.

Fixes: a76a314c15 ("FT: Extend PMK-R0 derivation for FT-SAE-EXT-KEY")
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-07 00:29:39 +02:00
Rohan Dutta
2f61d703a1 MLD STA: Group key handshake processing for GTK/IGTK/BIGTK rekeying
Add support for group rekeying in MLO connection. Parse per link MLO
GTK/IGTK/BIGTK KDEs from Group Key msg 1/2 and configure to the driver.

Signed-off-by: Rohan Dutta <quic_drohan@quicinc.com>
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-11-06 23:36:49 +02:00
Rohan Dutta
f0760aa6dd MLD STA: Use AP MLD address as destination for 4-way handshake EAPOL-Key frames
Use AP MLD address as the destination address for EAPOL-Key 4-way
handshake frames since authenticator/supplicant operates above MLD. The
driver/firmware will use RA/TA based on the link used for transmitting
the EAPOL frames.

Signed-off-by: Rohan Dutta <quic_drohan@quicinc.com>
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-11-06 23:36:49 +02:00
Veerendranath Jakkam
8f2e493bec MLD STA: Validation of MLO KDEs for 4-way handshake EAPOL-Key frames
Validate new KDEs defined for MLO connection in EAPOL-Key msg 1/4 and
3/4 and reject the 4-way handshake frames if any of the new KDE data is
not matching expected key data.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-11-06 23:36:49 +02:00
Veerendranath Jakkam
f15cc834cb MLD STA: Processing of EAPOL-Key msg 3/4 frame when using MLO
Process EAPOL-Key msg 3/4 and configure PTK and per-link GTK/IGTK/BIGTK
keys to the driver when MLO is used.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-11-06 23:36:49 +02:00
Veerendranath Jakkam
08512e5f35 MLD STA: Extend key configuration functions to support Link ID
Add support to specify a Link ID for set key operation for MLO
connection. This does not change the existing uses and only provides the
mechanism for extension in following commits.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-11-06 23:36:49 +02:00
Rohan Dutta
a4adb2f3e1 MLD STA: Configure TK to the driver using AP MLD address
Configure TK to the driver with AP MLD address with MLO is used. Current
changes are handling only EAPOL-Key 4-way handshake and FILS
authentication cases, i.e., FT protocol case needs to be addressed
separately.

Signed-off-by: Rohan Dutta <quic_drohan@quicinc.com>
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-11-06 23:36:49 +02:00
Veerendranath Jakkam
fa5cad61a4 MLD STA: Use AP MLD address in PMKSA entry
Use the AP MLD address instead of the BSSID of a link as the
authenticator address in the PMKSA entry.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-11-06 23:36:36 +02:00
Rohan Dutta
052bf8a51b MLD STA: Use AP MLD address to derive pairwise keys
Use AP MLD address to derive pairwise keys for MLO connection. Current
changes are handling only PTK derivation during EAPOL-Key 4-way
handshake and FILS authentication, i.e., FT protocol case needs to be
addressed separately.

Signed-off-by: Rohan Dutta <quic_drohan@quicinc.com>
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-11-06 18:29:36 +02:00
Veerendranath Jakkam
e784372564 MLD STA: Add MLO KDEs for EAPOL-Key msg 2/4 and 4/4
Add new KDEs introduced for MLO connection as specified in
12.7.2 EAPOL-Key frames, IEEE P802.11be/D2.2.
- Add MAC and MLO Link KDE for each own affliated link (other than the
  link on which association happened) in EAPOL-Key msg 2/4.
- Add MAC KDE in 4/4 EAPOL frame.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-11-06 18:19:22 +02:00
Veerendranath Jakkam
472a0b8d60 MLD STA: Set MLO connection info to wpa_sm
Update the following MLO connection information to wpa_sm:
- AP MLD address and link ID of the (re)association link.
- Bitmap of requested links and accepted links
- Own link address for each requested link
- AP link address, RSNE and RSNXE for each requested link

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-11-06 18:04:09 +02:00
Veerendranath Jakkam
cc2236299f nl80211: Get all requested MLO links information from (re)association events
Currently only accepted MLO links information is getting parsed from
(re)association events. Add support to parse all the requested MLO links
information including rejected links. Get the rejected MLO links
information from netlink attributes if the kernel supports indicating
per link status. Otherwise get the rejected MLO links information by
parsing (Re)association Request and Response frame elements.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-11-06 17:49:09 +02:00
Jouni Malinen
1ca5c2ec2a PASN: Fix spelling of RSNE in debug messages
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-06 17:11:47 +02:00
Jouni Malinen
a43536a72b PASN: Verify explicitly that elements are present before parsing
Make sure the elements were present before trying to parse them. This
was already done for most cases, but be consistent and check each item
explicitly before use.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-06 17:10:45 +02:00
Jouni Malinen
7e38524076 PASN: Fix MIC check not to modify const data
The previous version was using typecasting to ignore const marking for
the input buffer to be able to clear the MIC field for MIC calculation.
That is not really appropriate and could result in issues in the future
if the input data cannot be modified. Fix this by using an allocated
copy of the buffer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-06 16:52:06 +02:00
Jouni Malinen
8481c75091 PASN: Fix Authentication frame checks
The way type and subtype of the FC field was checked does not really
work correctly. Fix those to check all bits of the subfields. This does
not really make any practical difference, though, since the caller was
already checking this.

Furthermore, use a helper function to avoid having to maintain two
copies of this same functionality.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-06 11:42:58 +02:00
Glenn Strauss
7ad757ec01 Document crypto_ec_key_get_subject_public_key() to use compressed format
Document in src/crypto/crypto.h that compressed point format is expected
in DER produced by crypto_ec_key_get_subject_public_key(). This is the
format needed for both SAE-PK and DPP use cases that are the current
users of this function.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-11-05 17:31:51 +02:00
Hu Wang
ae517789fa P2P: Allow PSC channel to be used for 6 GHz BW40
For the 6 GHz opclass 132, ch for loop only allows non-PSC channels { 1,
9, 17, 25, 33, 41, 49,... } to be used. This does not match the IEEE Std
802.11ax-2021 expectation of a 6 GHz-only AP "should set up the BSS with
a primary 20 MHz channel that coincides with a preferred scanning
channel".

Increase ch by 4 to allow PSC channel to be used for 6 GHz BW40.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-05 12:09:34 +02:00
Qiwei Cai
9c830d9178 P2P: Track peer 6 GHz capability more robustly
It's necessary to maintain knowledge of the 6 GHz capability of the
peer. Since the Device Capability field migth change between frames
depending on the context in which they are used, loooking at the last
received message might not always provide accurate information.

Add supports_6ghz bool variable in struct p2p_device, initialize it to
false and set to true if the P2P_DEV_CAPAB_6GHZ_BAND_CAPABLE bit is set
to 1 in any P2P frame that includes the P2P Capability attribute. This
boolean would not be cleared to false at any point in time so that the
info doesn't disappear dynamically.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-05 12:04:09 +02:00
Krunalsinh Padhar
1ca403a8b1 Add QCA vendor subcommand to notify about primary netdev
Add a new vendor subcommand
QCA_NL80211_VENDOR_SUBCMD_MLO_PEER_PRIM_NETDEV_EVENT to send notification
to application layer about primary netdev of an MLO peer association.

Also define the attributes present in this subcommand.

Signed-off-by: Krunalsinh Padhar <quic_kpadhar@quicinc.com>
2022-11-04 15:47:54 +02:00
Sunil Dutt
70d89f90e6 A vendor roam control configuration for delaying hand off for RX
Introduce a run time roam configuration for "hand off delay for RX".
This value, in milliseconds, will delay the hand off for the specified
time to receive pending RX frames from the current BSS.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 15:34:47 +02:00
Vinay Gannevaram
fff81a468f PASN: Change pasn_use_384() to be a non-static function
libpasn.so users, e.g., Wi-Fi Aware module, could use this function
while deriving protocol specific keys using KDK. Move this function to
global scope to allow that.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 13:01:08 +02:00
Vinay Gannevaram
ea241cbe9d PASN: Rename struct wpas_pasn to pasn_data
struct wpas_pasn is common to both initiator and responder, so rename it
to pasn_data to avoid the "wpas_" prefix that could be seen as a
reference to wpa_supplicant (PASN initiator).

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 12:59:29 +02:00
Vinay Gannevaram
6be84343af PASN: Add pairing verification wrapper function for Wi-Fi Aware
Wi-Fi Aware uses PASN handshake to authenticate peer devices. Devices
can simply verify each other for subsequent sessions as long as the keys
remain valid after authentication has been successful and pairing has
been established.

In pairing verification, Wi-Fi Aware devices uses PASN Authentication
frames with custom PMKID and Wi-Fi Aware R4 specific verification IEs.
It does not use wrapped data in the Authentication frames. This function
provides support to construct PASN Authentication frames for pairing
verification.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 12:58:44 +02:00
Jouni Malinen
325236948a PASN: Mark wpas_pasn_start() comeback argument const
Make it clear that this argument is not modified and freed within PASN
processing to be consistent with the only use of it by calling
wpas_pasn_build_auth_1() which has already marked it const.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 12:56:37 +02:00
Vinay Gannevaram
b1ed44b6a6 PASN: Allow extra elements to be added into PASN Authentication frames
Wi-Fi Aware defines protocol specific elements in PASN Authentication
frames for pairing setup. Add an option to add this type of custom
elements into PASN frames. This is mainly for the libpasn.so use cases.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 12:33:38 +02:00
Vinay Gannevaram
78c5bb7f50 PASN: Move responder functionality into a separate file
PASN responder validates auth 1 frame and sends auth 2 frame to the
initiator. It analyses the auth 3 frame and verifies successful
authentication. Wi-Fi Aware modules can reuse this functionality through
a shared library libpasn.so generated from this code. Move the PASN
functionality that is now decoupled from the hapd context into a
separate file in a common directory to make it easier to build such a
library.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:52:17 +02:00
Vinay Gannevaram
c7edfce79a PASN: Move initiator changes into a separate file
PASN initiator functionality builds auth 1 and auth 3 frames, and
processes auth 2 frame received from the responder. Wi-Fi Aware modules
can reuse this functionality through a shared library libpasn.so
generated from this code. Move the PASN functionality that is now
decoupled from the wpa_s context into a separate file in a common
directory to make it easier to build such a library.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:52:17 +02:00
Vinay Gannevaram
975b7a02cb Move SAE comeback token functionality into a separate file
This is helpful in being able to get the functionality needed for SAE
into a separate library (libpasn.so) without needing all of the
ieee802_11.c functionality.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:52:17 +02:00
Vinay Gannevaram
1711fe9121 PASN: Compute MIC from RSNE and RSNXE of the frame for Wi-Fi Aware
Wi-Fi Aware R4 specification defines Beacon RSNE/RSNXE to be same as
RSNE/RSNXE present in Auth2 frame. So, MIC validation should be done
with the RSNE and RSNXE received in Auth2 frame.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:52:17 +02:00
Vinay Gannevaram
6f80014b10 PASN: Allow custom PMKID in Authentication frames for Wi-Fi Aware
Wi-Fi Aware R4 specification introduces a custom PMKID derived from
Nonce and TAG. This custom PMKID is included in PASN Authentication
frames during pairing verification. So, allow use of a custom PMKID in
PASN frames and validate it using a function handler. Wi-Fi Aware
component that uses libpasn.so should take care of validating the custom
PMKID.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:52:17 +02:00
Vinay Gannevaram
e99047da2b PASN: Add a handler func to send mgmt frames to the driver from AP
Introduce a function handler to transmit PASN Authentication frames to
the driver. This removes the hapd dependency for sending the frames.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:52:17 +02:00
Vinay Gannevaram
4022ffc5db PASN: Store AKMP in the PTKSA cache
PTK is stored in the PTKSA cache following a successful PASN handshake,
however AKMP is removed upon a WPA PASN reset. The PASN handshake is
used in the Wi-Fi Aware R4 specification to define the pairing setup
process. KDK is used to generate a new set of keys, while AKMP is
required for key derivation for pairing. So, keep AKMP in the PTKSA
cache.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:52:17 +02:00
Vinay Gannevaram
c55eadede7 PASN: Remove hapd dependency in processing PASN Authentication frames
Remove hapd dependency in processing PASN M1/M3 frames and build PASN M2
frame. Initialize required pasn parameters from hapd before passing
Authentication frames.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:52:17 +02:00
Vinay Gannevaram
6dc833bc5c PASN: Remove hapd dependency for PASN and SAE comeback
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:52:17 +02:00
Vinay Gannevaram
1861f57162 PASN: Remove hapd dependency for pasn_derive_keys()
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:52:17 +02:00
Vinay Gannevaram
1fa266e99d PASN: Remove hapd dependency for SAE and FILS wrapped data
This makes hostapd use the struct defines from pasn_common.h so that the
same struct is shared with wpa_supplicant.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:52:17 +02:00
Vinay Gannevaram
bc9fbe1b24 PASN: Common wpas_pasn structure for initiator and responder
Make struct wpas_pasn common for both the initiator and the responder by
adding required parameters for responder to the existing struct
wpas_pasn. This makes both hostapd and wpa_supplicant share the same
structure definitions in preparation for allowing PASN functionality to
be built into a separate library.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:52:17 +02:00
Vinay Gannevaram
14b5ebce73 PASN: Add a common header file for initiator and responder
This is a step towards decoupling the PASN initiator and responder
implemenentation is decoupled from the wpa_s and hapd contexts and
moving to a common folder for better abstraction. Move the struct
wpas_pasn definition to a common file for initiator and responder. The
idea is to provide a library libpasn.so from PASN common code. Include
C++ compatibilty wrapper to extend libpasn.so support for modules using
cpp code base.

This library can be used in applications implementing protocols based on
the PASN handshake.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:52:15 +02:00
Vinay Gannevaram
90bb73c518 PASN: Remove wpa_sm dependency to add an entry to PMKSA cache
Store PMKSA cache entry in wpas_pasn and remove wpa_sm dependency to add
an entry to PMKSA cache. This is a step towards allowing the PASN
implementation to be used outside the context of wpa_supplicant.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:41:56 +02:00
Vinay Gannevaram
10e455c44a Enable use of PMKSA caching independent of RSN supplicant state machine
Allow PMKSA caching functionality to be used even if sm, current_cb, and
free_cb are uninitialized. This makes RSN supplicant state machine
independent PMKSA caching possible for other modules, enabling
functional reuse.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-04 00:19:14 +02:00
Jouni Malinen
1d0ee1908b Fix the vendor ID assignment for configuring periodic sounding
This was supposed to update the requested value to the next available
one, not to duplicate the already assigned value.

Fixes: b17b86da47 ("QCA vendor attribute to configure periodic sounding")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-03 19:22:53 +02:00
Kiran Kumar Lokere
b17b86da47 QCA vendor attribute to configure periodic sounding
Add a new QCA vendor attribute to configure the periodic sounding
for Tx beamformer functionality.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-03 17:53:32 +02:00
Vinay Gannevaram
ef5a9a009d nl80211: Fix parsing PASN peer and src addresses from vendor nl attributes
Need to copy the actual data of the attribute, not the beginning of the
data structure pointing to the attribute.

Fixes: de3b91a172 ("nl80211: Define vendor interface functions to offload PASN authentication")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-03 17:37:38 +02:00
Jouni Malinen
2c55c9273c More debug prints for EAPOL-Key message generation (Authenticator)
AES-WRAP(KEK) protection of the Key Data field did not include all the
details in the log. Extend that to cover the details that were already
present for the AES-SIV case to make the debug log more useful for
analyzing issues in this area. Furthermore, print the full EAPOL-Key
frame in the log.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-03 12:38:06 +02:00
Veerendranath Jakkam
9dafad1ea3 EHT: Definitions for STA Control fields of Basic Multi-Link element
Define subelement IDs and Per-STA Profile STA control fields of Basic
Multi-Link element as described in IEEE P802.11be/D2.2. Also add define
for Multi-Link Control field length.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-10-31 17:07:38 +02:00
Veerendranath Jakkam
1fbea7d432 EHT: Multi-Link element defragmentation
Add support for element defragmentation of different types of Multi-Link
elements.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-10-31 16:54:45 +02:00
Veerendranath Jakkam
ec03b71ee9 common: Refactor element defragmentation
Instead of saving the pointers to the fragment elements during parsing
of the frame, append all fragments found right after the element to the
element length. Defragmentation of the element can be done by parsing
appended fragment elements. This approach removes the limit on the
maximum number of fragmented elements supported in a frame.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-10-31 12:36:21 +02:00