add test-crypto_module.c to run crypto_module_tests()
adjust some tests/hwsim/*.py for mbed TLS (work in progress)
option to build and run-tests with CONFIG_TLS=internal # (default)
$ cd tests; make clean
$ make run-tests
option to build and run-tests with CONFIG_TLS=gnutls
$ cd tests; make clean CONFIG_TLS=gnutls
$ make run-tests CONFIG_TLS=gnutls
option to build and run-tests with CONFIG_TLS=mbedtls
$ cd tests; make clean CONFIG_TLS=mbedtls
$ make run-tests CONFIG_TLS=mbedtls
option to build and run-tests with CONFIG_TLS=openssl
$ cd tests; make clean CONFIG_TLS=openssl
$ make run-tests CONFIG_TLS=openssl
option to build and run-tests with CONFIG_TLS=wolfssl
$ cd tests; make clean CONFIG_TLS=wolfssl
$ make run-tests CONFIG_TLS=wolfssl
RFE: Makefile logic for crypto objects should be centralized
instead of being duplicated in hostapd/Makefile,
wpa_supplicant/Makefile, src/crypto/Makefile,
tests/Makefile, ...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
The code for hostapd-mbedtls did not work when used for OWE association.
When handling association requests, the buffer offsets and length
assumptions were incorrect, leading to never calculating the y point,
thus denying association.
Also when crafting the association response, the buffer contained the
trailing key-type.
Fix up both issues to adhere to the specification and make
hostapd-mbedtls work with the OWE security type.
Upgrading wpa_supplicant from 2.9 to 2.10 breaks broadcom-wl
based adapters. The reason for it is hostapd tries to install additional
IEs for scanning while the driver does not support this.
The kernel indicates the maximum number of bytes for additional scan IEs
using the NL80211_ATTR_MAX_SCAN_IE_LEN attribute. Save this value and
only add additional scan IEs in case the driver can accommodate these
additional IEs.
Reported-by: Étienne Morice <neon.emorice@mail.com>
Tested-by: Étienne Morice <neon.emorice@mail.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
Commit e978072baa ("Do prune_association only after the STA is
authorized") causes issues when an STA roams from one interface to
another interface on the same PHY. The mt7915 driver is not able to
handle this properly. While the commits fixes a DoS, there are other
devices and drivers with the same limitation, so revert to the orginal
behavior for now, until we have a better solution in place.
Ref: https://github.com/openwrt/openwrt/issues/13156
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
This patch uses a deterministic channel on DFS channel switch
in mesh networks. Otherwise, when switching to a usable but not
available channel, no CSA can be sent and a random channel is choosen
without notification of other nodes. It is then quite likely, that
the mesh network gets disconnected.
Fix this by using a deterministic number, based on the sha256 hash
of the mesh ID, in order to use at least a different number in each
mesh network.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Note: DFS is assumed to be usable if a country code has been set
Signed-off-by: Benjamin Berg <benjamin@sipsolutions.net>
Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
USD had a control interface commands and events defined for it. Extend
this by providing similar USD methods through the dbus control
interface.
Signed-off-by: Lo,Chin-Ran <chin-ran.lo@nxp.com>
USD had a control interface events defined for it. Extend this by
providing similar USD signals through the dbus control interface.
Signed-off-by: Lo,Chin-Ran <chin-ran.lo@nxp.com>
This was supposed to call wpa_drv_nan_update_publish() instead of
wpa_drv_nan_cancel_publish().
Fixes: 633e969311 ("NAN: Option to offload NAN DE for USD into the driver")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
There is no need to copy the A3 value for follow-up frames through the
control interface events and commands since it can be handled internally
in the service with sufficient accuracy. More parallel operations with
multiple peers might need per-peer information, but that can be extended
in the future, if that level of complexity is really needed in practice.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This reverts commit 81322fa43d ("tests: Copy A3 into NAN SDF
Follow-up") to allow simplification of the control interface by removing
the external A3 copying.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Wi-Fi Aware spec v4.0 was not clear on all cases and used a bit unclear
definition of A3 use in Table 5 (Address field definiton for NAN SDF
frames in USD). That resulted in the initial implementation using
Wildcard BSSID to comply with the IEEE 802.11 rules on Public Action
frame addressing.
For USD to have chances of working with synchronized NNA devices, A3
needs to be set to the NAN Cluster ID when replying to a frame received
from a synchronized NAN device. While there is no cluster ID for USD,
this can be done by copying the A3 from the received frame. For the
cases where sending out an unsolicited multicast frame, the NAN Network
ID should be used instead of the Wildcard BSSID.
While this behavior is not strictly speaking compliant with the IEEE
802.11 standard, this is the expected behavior for NAN devices, so
update the USD implementation to match.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is needed for cases that are not compliant with the IEEE 802.11
standard rules for Public Action frame addressing. For example, NAN USD
needs this.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
hostapd did not accept NAN SDFs that used NAN Network ID instead of
Wildcard BSSID in A3. Extend this to process NAN Network ID just like
Wildcard BSSID for these frames to allow the specific group address to
be used.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
IEEE P802.11be requires H2E to be used whenever SAE is used for ML
association. However, some early Wi-Fi 7 APs enable MLO without H2E.
Recognize this special case based on the fixed length Basic Multi-Link
element being at the end of the data that would contain the unknown
variable length Anti-Clogging Token field. The Basic Multi-Link element
in Authentication frames include the MLD MAC addreess in the Common Info
field and all subfields of the Presence Bitmap subfield of the
Multi-Link Control field of the element zero and consequently, has a
fixed length of 12 octets.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
When FT is used, reauthentication to generate a new PMK-R0 would be
complicated since the current AP might not be the one with which the
currently used PMK-R0 was generated. IEEE Std 802.11-2020, 13.4.2 (FT
initial mobility domain association in an RSN) mandates STA to perform a
new FT initial mobility domain association whenever its Supplicant would
trigger sending of an EAPOL-Start frame.
Discard received EAPOL-Start frames from STAs that use FT to avoid
unexpected behavior. This is important in particular if a driver were to
allow unprotected EAPOL-Start frames to be processed when TK has been
configured.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Remove nl_msg_free() after send failure for NAN USD commands. Freeing
the nl_msg is already taken care as part of send_and_recv_cmd() for both
success and failure cases.
Fixes: 58f04221fd ("nl80211: NAN USD commands for offloading")
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
The recently added calls to src/ap/pmksa_cache_auth.c needs to be faked
to allow pasn-resp to be built without having to pull in multiple
additional files from src/ap.
Fixes: b7de417c8a ("PASN: Define PMKSA helper functions for initiator and responder")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Addition of the new argument to handle_auth_pasn_1() forgot to update
testing code.
Fixes: 8f21cdf9d7 ("PASN: Add support to reject PASN auth 1 based on user input")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is needed for P2P2 pairing using PASN. The actual processing will
be covered in separate commits.
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
Some of the cleanup changes had lost the "goto fail" and broken the
logic. Restore correct behavior.
Fixes: 58f04221fd ("nl80211: NAN USD commands for offloading")
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
This is needed to derive the PTK correct when Secure LTF support is used
and the additional KDK component needs to be considered.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Fix the placement of documentation of attribute used for the
QCA_NL80211_VENDOR_SUBCMD_CONNECT_EXT command.
Fixes: 97c6ef2588 ("QCA vendor interface to set the P2P mode configuration")
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
Include src/common/nan.h file into src/drivers/driver.h to resolve the
compilation issue "ISO C++ forbids forward references to 'enum' types"
by pulling in the full definition of enum nan_service_protocol_type.
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
This recently added instance did not verify that parsing of nested
attributes succeeded.
Fixes: 15bf093b5b ("hostapd: Fetch multiple radios information from the driver")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The check against MAX_NUM_MLD_LINKS was off by one for the loop that
goes through hapd->partner_links[]. It does not look like this would
actually result in any real issues since the loop is on own set of
configured links. Anyway, it is better to have the bounds checking
accurate.
Fixes: 2042cae9b3 ("AP MLD: Generate and keep per STA profiles for each link")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
There is no need to make a copy of the full struct csa_settings for
this.
Fixes: 5cb6747f97 ("Add support to switch channel when CAC is in progress")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add a new QCA vendor subcommand QCA_NL80211_VENDOR_SUBCMD_CHAN_USAGE_REQ
to support Channel Usage Request. It carries channel usage information
for BSSs that are not infrastructure BSSs or an off channel TDLS direct
link.
Implementation and scheduling of Channel Usage frames are present in the
driver/firmware. One of the key reason for this is that the TSF
timestamp required to be filled in these frames is available only in the
firmware. So, this interface is used to configure the required
parameters to the driver/firmware for Channel Usage Request frame.
This uses attributes defined in enum
qca_wlan_vendor_attr_chan_usage_req.
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
Add QCA vendor test configuration interface to add random PMKIDs in the
RSNE of the (Re)Association Request frames.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Add the PASN Encrypted Data element from IEEE P802.11bh/D6.0 into the
element parser. This is needed for P2P2.
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
Configure the capability flag based on the nl80211 feature advertisement
for NAN USD offload support.
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
Add driver nl80211 support for the NAN USD flush, publish, subscribe,
update publish, cancel publish and cancel subscribe commands for cases
where these operations are offloaded to the driver
(WPA_DRIVER_FLAGS2_NAN_OFFLOAD).
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
