Commit graph

19511 commits

Author SHA1 Message Date
Aloka Dixit
1dfcafff36 FILS: EHT additions
Add support for EHT phy index and maximum NSS as per IEEE P802.11be/D4.0,
9.6.7.36 and 9.4.2.313.4.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
2023-09-29 18:33:24 +03:00
Aloka Dixit
26f29ef46d FILS: Fix NSS calculation for HE mode
Maximum NSS calculation for HE mode checks if both Tx and Rx support
a given NSS. Modify it to instead check if either of these two support
the given NSS.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
2023-09-29 18:03:39 +03:00
Aloka Dixit
fcbb643ff3 FILS: Rename local variable to indicate HE mode
Rename the local variable mcs_nss_size to he_mcs_nss_size in
hostapd_fils_discovery_cap() and hostapd_gen_fils_discovery_nss()
to limit its usage to HE mode.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
2023-09-29 17:59:13 +03:00
Aloka Dixit
dcf66d2f42 FILS: Move maximum NSS determination to a new function
Create a separate function to set the maximum number of spatial streams
in FILS discovery frames.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
2023-09-29 17:56:43 +03:00
Aloka Dixit
24e0938b37 FILS: Move phy index determination to new function
Move the phy index determination for FILS discovery frames to a new
function without changing the functionality. HE support is mandatory for
operating in the 6 GHz band hence the phy index will always be set to
FD_CAP_PHY_INDEX_HE for this band.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
2023-09-29 17:51:21 +03:00
Jouni Malinen
015af1beea DPP: Use CONFIG_SAE consistently to avoid a compiler warning
The sae_password_entry is used in this function only if CONFIG_SAE is
defined, so declare this variable only under the same condition.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-09-29 17:12:13 +03:00
Aloka Dixit
55ea12bb77 AP MLD: Add missing CONFIG_SAE checks
Fix the compilation errors caused by missing checks for CONFIG_SAE.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
2023-09-29 17:11:32 +03:00
Yuvarani V
ef8d48c4cf Update Wide Bandwidth Channel Switch element
Update Wide Bandwidth Channel Switch element as per IEEE
P802.11-REVme/D4.0, 9.4.2.159 (Wide Bandwidth Channel Switch element)
and Table 9-314 (VHT Operation Information subfields).

Update New Channel Width, New Channel Center Frequency Segment 0, and
New Channel Center Frequency Segment 1 fields as per IEEE
P802.11-REVme/D4.0 for 160 MHz and 80+80 MHz bandwidth. This replaces
the use of now deprecated Channel Width 2 and 3 values with a more
backwards compatible design.

Signed-off-by: Yuvarani V <quic_yuvarani@quicinc.com>
2023-09-29 12:27:26 +03:00
Veerendranath Jakkam
c4c5c991da SAE: Do not reject reauth threshold passed PMKSA in association event
Do not reject reauth threshold passed PMKSA indicated in successful
association event since the PMKSA is still valid.

Additionally, remove the reauth threshold passed PMKSA entry from the
driver to prevent using it further in the driver.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-09-28 18:57:50 +03:00
Vinay Gannevaram
7a9587ceef PASN: Copy PMK to PASN context on responder
Wi-Fi Aware pairing responder needs to forward the derive PMK to the
framework on successful pairing setup. The framework will set
corresponding PMK while a pairing verification is initiated by the
paired peer. Since the PMK is not updated for responder's PASN context,
framework does not have a valid PMK and verification fails. Hence copy
the derived PMK to PASN context.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-09-28 18:43:56 +03:00
Aditya Kumar Singh
e59d2a31cf hostapd: Fix premature beacon set during association handling
Currently, during association handling, if any of the iface parameters
changes due to some reason, it calls ieee802_11_set_beacons() function.
This function sets beacon for the all the BSSes in that iface even if
the beacon was not set already. This leads to setting the beacon
prematurely for some BSSes which was intentionally not started.

Fix the above issue by calling ieee802_11_update_beacons() function
instead. This function only updates the beacon if it was already set.

While at it, do the same while freeing STA entry.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2023-09-26 11:41:53 +03:00
Shuibing Dai
ae928e67a1 Add channel 144 (5720 MHz) into operating class conversion tables
Based on IEEE Std 802.11-2020 Table E-3 (Operating classes in Japan) and
Table E-4 (Global operating classes), we update channel 144 for those
corresponding operating classes.

The changes applicable to the global operating classes fixes an issue of
P2P GO not starting on channel 144 (frequency 5720 MHz) in cases where
the driver supports DFS operations.

Signed-off-by: Shuibing Dai <shuibing@google.com>
2023-09-26 11:41:09 +03:00
Chunquan Luo
c80ded25c2 Refine roam stats frame subtypes in a QCA vendor attribute
Enumeration qca_wlan_roam_stats_frame_subtype defines the various frame
subtypes which may be collected by the driver and reported via the
QCA_WLAN_VENDOR_ATTR_ROAM_STATS_FRAME_SUBTYPE attribute.

Two of the enumerators are:
* QCA_WLAN_ROAM_STATS_FRAME_SUBTYPE_PREAUTH
* QCA_WLAN_ROAM_STATS_FRAME_SUBTYPE_REASSOC

These were initially defined and used to respectively report
Authentication Response and Reassociation Response frames.

Now there is a requirement to also report Authentication Request and
Reassociation Request frames. In order to satisfy this requirement,
add two new enumerators:
* QCA_WLAN_ROAM_STATS_FRAME_SUBTYPE_AUTH_REQ
* QCA_WLAN_ROAM_STATS_FRAME_SUBTYPE_REASSOC_REQ

Note that the first of these uses the standard term "AUTH" instead of
the confusing term "PREAUTH" used previously.

And to align with that naming, and in order to clearly show the usage
of the original enumerators, rename them to:
* QCA_WLAN_ROAM_STATS_FRAME_SUBTYPE_AUTH_RESP
* QCA_WLAN_ROAM_STATS_FRAME_SUBTYPE_REASSOC_RESP

Furthermore, Authentication Request/Response frame refers to the
Authentication frames sent by the non-AP STA and AP, respectively.

And finally, to support backward compatibility with applications using
the original enumerators, redefine those in terms of the new names.

Signed-off-by: Chunquan Luo <quic_chunquan@quicinc.com>
2023-09-22 11:20:18 +03:00
Chunquan Luo
ed89ab429f Update roam stats of AP BSSID to user space in a QCA vendor attribute
Fetch AP BSSID from each roam connection frame and cache the info in the
WLAN driver. When user space gets roam stats by
QCA_WLAN_VENDOR_ATTR_ROAM_STATS_INFO, user space can now collect the AP
BSSID info for roam issue.

Signed-off-by: Chunquan Luo <quic_chunquan@quicinc.com>
2023-09-22 11:15:25 +03:00
Jouni Malinen
881cb4198b EAP-SIM/AKA peer: Simplify identity selection for MK derivation
Redesign the identity selection for MK derivation to be done explicitly
based on the last indicated identity (whether it is from
EAP-Response/Identity or method specific AT_IDENTITY) during the current
exchange. This makes the implementation cleaner and avoids cases were
more or less duplicated selection steps ended up being slightly
different. This is not as clean as it could otherwise be due to the
exception needed for the IMSI privacy case where the identity used in MK
derivation is actually not the one exchanged in the EAP messages.

Furthermore, this moves the somewhat confusing EAP method specific
tracking of the lasgt EAP-Response/Identity value from EAP-SIM/AKA into
the main EAP peer implementation.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-09-21 11:55:49 +03:00
Jouni Malinen
71b26a7675 tests: Adding EAP-SIM/AKA coverage for ID selection
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-09-21 11:55:49 +03:00
Jouni Malinen
ec6acdbb6b EAP-SIM/AKA server: Configurable limit to fast re-authentication
Allow the EAP-SIM/AKA server to be configured to use a smaller limit for
the number of times fast re-authentication can be used before falling
back to running full authentication. This is particularly useful for EAP
peer testing to cover cases when falling back from fast
re-authentication to full authentication in various different cases.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-09-21 11:55:49 +03:00
Jouni Malinen
c6268e103f EAP-SIM/AKA server: Allow method specific identity exchange to be skipped
While the EAP-SIM/AKA RFCs recommend against doing this, some deployed
authentication servers use the identity from the EAP-Response/Identity
directly without using an EAP method specific indication (AT_IDENTITY).
Having a capability to configure hostapd EAP server to behave in this
manner helps in increasing testing coverage for the EAP peer
implementation.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-09-21 11:55:49 +03:00
Jouni Malinen
40af6560ba EAP-SIM/AKA peer: Fix identity selection for MK derivation with AT_IDENTITY
A case was missing in the way wpa_supplicant was tracking the identity
that is used when deriving MK if the EAP server does not follow the RFC
guidance on using EAP method specific identity determination (i.e.,
AT_IDENTITY for EAP-SIM/AKA) combined with a fallback from fast
re-authentication to full authentication. wpa_supplicant ended up using
the actual identity instead of the last identity included in an EAP
message even though MK derivation is supposed to use the identity that
was included in the last AT_IDENTITY or in the EAP-Response/Identity if
AT_IDENTITY was not used. This resulted in such an authentication
attempt failing due to incorrect MK being derived and AT_MAC validation
resulting in an mismatch.

Fix this by checking for the case where fast re-authentication is
attempted and the server recognizes the fast re-auth identity, but
decides to fall back to full authentication without a separate EAP
method specific identity exchange using AT_IDENTITY. This allows the
fast re-auth identity from EAP-Response/Identity to be used in MK
derivation in such cases.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-09-21 11:55:49 +03:00
Shailendra Singh
bc9256980e Define a QCA vendor attribute to set traffic shaping policy
Define a new QCA vendor attribute to configure traffic
shaping policy applied during coex scenarios.

Signed-off-by: Shailendra Singh <quic_shasing@quicinc.com>
2023-09-19 23:47:00 +03:00
Adil Saeed Musthafa
dec5ab645c Add _IS_ML flag attribute to the ADD_STA_NODE QCA vendor command
Add an attribute QCA_WLAN_VENDOR_ATTR_ADD_STA_NODE_IS_ML to the
ADD_STA_NODE command. If this attribute is set, it implies that the node
being added is an MLD node.

Signed-off-by: Adil Saeed Musthafa <quic_adilm@quicinc.com>
2023-09-19 23:41:48 +03:00
Veerendranath Jakkam
0d65e27fb2 Extend maximum allowed bandwidth update type QCA vendor interface
Extend QCA_WLAN_VENDOR_ATTR_CONFIG_CHAN_WIDTH_UPDATE_TYPE attribute to
support handling interoperability issues with APs which don't handle
the maximum bandwidth change indication correctly.

Additionally define an enum for possible values of
QCA_WLAN_VENDOR_ATTR_CONFIG_CHAN_WIDTH_UPDATE_TYPE.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-09-19 23:32:49 +03:00
mukul sharma
e510a3badc Add QCA vendor attributes to indicate MLO capabilities
Add QCA vendor attributes to indicate various MLO capabilities supported
by the WLAN driver to userspace. These capabilities are usually reported
by the firmware during the initial bootup handshake with the driver.

Signed-off-by: Mukul Sharma <quic_mukul@quicinc.com>
2023-09-19 23:26:56 +03:00
Yu Wang
e5ccbfc69e Split long comment lines in QCA vendor related definitions
Fix one of the style problems in qca-vendor.h.

Signed-off-by: Yu Wang <quic_yyuwang@quicinc.com>
2023-09-08 19:57:00 +03:00
Yu Wang
4c9af238c1 Fix inconsistent whitespace use in QCA vendor related definitions
Fix one of the style problems in qca-vendor.h.

Signed-off-by: Yu Wang <quic_yyuwang@quicinc.com>
2023-09-08 19:55:35 +03:00
Yu Wang
af6e0306b2 Fix typos in QCA vendor related definitions
Signed-off-by: Yu Wang <quic_yyuwang@quicinc.com>
2023-09-08 19:54:27 +03:00
Yu Wang
dd25885a9d Remove space-before-tab in QCA vendor related definitions
Fix one of the style problems in qca-vendor.h.

Signed-off-by: Yu Wang <quic_yyuwang@quicinc.com>
2023-09-08 19:53:17 +03:00
Kiran Kumar Lokere
f429064189 TDLS: Set EHT/MLO information for TDLS STA into the driver
Add the copied EHT capabilities into the sta_add() call when adding a
TDLS peer.

The mld_link_id value was previously only for AP mode, but it can now be
used for TDLS links as well to indicate the link on which a
single-link-TDLS direct link is negotiated.

Signed-off-by: Jouni Malinen <quic_klokere@quicinc.com>
2023-09-08 13:20:31 +03:00
Kiran Kumar Lokere
940ef9a05c TDLS: Use link-specific BSSID instead of sm->bssid for MLO cases
When the current association is with an AP MLD, the BSSID for TDLS
operations needs to be selected based on which link is used to transmit
the frames.

Signed-off-by: Jouni Malinen <quic_klokere@quicinc.com>
2023-09-08 13:20:31 +03:00
Kiran Kumar Lokere
5f30f62eea TDLS: Reply to Discovery Request on the link with matching BSSID
When the current association is with an AP MLD, the Discovery Response
needs to be sent using the link that matches the indicated BSSID.

Signed-off-by: Jouni Malinen <quic_klokere@quicinc.com>
2023-09-08 13:20:31 +03:00
Kiran Kumar Lokere
626501434b TDLS: Learn MLD link ID from TDLS Discovery Response
This is needed to be able to determine which link is used for TDLS setup
when the current association is with an AP MLD.

Signed-off-by: Jouni Malinen <quic_klokere@quicinc.com>
2023-09-08 13:13:24 +03:00
Kiran Kumar Lokere
a41c8dbdd8 TDLS: Copy peer's EHT capabilities
This is needed to be able to configure the STA entry into the driver
with the information for EHT.

Signed-off-by: Jouni Malinen <quic_klokere@quicinc.com>
2023-09-08 12:54:29 +03:00
Kiran Kumar Lokere
c7561502f2 nl80211: Use a QCA vendor command to set the link for TDLS Discovery Response
For now, only a vendor command is available for this functionality that
is needed to implement single-link TDLS during an MLO association.

Signed-off-by: Jouni Malinen <quic_klokere@quicinc.com>
2023-09-08 12:52:41 +03:00
Kiran Kumar Lokere
e3a68081bc driver: Add option for link ID to be specified for send_tdls_mgmt()
This is needed to allow the driver to know on which operating channel
(as specified by the link that is affiliated with AP MLD for the current
association) is used for transmitting TDLS Discovery Response. This
commit adds the link_id parameter to various functions, but does not
implement the driver interface change itself.

Signed-off-by: Jouni Malinen <quic_klokere@quicinc.com>
2023-09-08 12:51:37 +03:00
Kiran Kumar Lokere
f85b2b2dee Extend wpa_parse_kde_ies() to include EHT capabilities
This is needed for TDLS.

Signed-off-by: Jouni Malinen <quic_klokere@quicinc.com>
2023-09-08 12:51:30 +03:00
Jouni Malinen
3e71516936 Document per-ESS MAC address (mac_addr=3 and mac_value)
Commit 9025def55c ("wpa_supplicant: Add support for pregenerated MAC")
added this capability, but did not update wpa_supplicant.conf to
document it. Add such documentation to match the information in
config_ssid.h.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-09-07 18:28:24 +03:00
Jouni Malinen
b46c4b9a91 tests: Beacon protection and reconnection
Regression test case for the issue fixed in the previous commit.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-09-05 20:38:47 +03:00
Veerendranath Jakkam
ba1579f3bf Clear BIGTK values from wpa_supplicant state machine when not needed
wpa_supplicant does not configure BIGTK(s) to the driver when the STA
reconnects to the same AP after disconnect due to not clearing the last
configured BIGTK values during disconnect. To avoid such issues clear
the BIGTK values while clearing PTK and other group keys.

Fixes: 2d4c78aef7 ("Configure received BIGTK on station/supplicant side")
Fixes: f15cc834cb ("MLD STA: Processing of EAPOL-Key msg 3/4 frame when using MLO")
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-09-05 20:02:18 +03:00
Jouni Malinen
bae1ec693c wlantest: Minimal parsing of Basic MLE STA Profile
Debug print RSNE and RSNXE if they are present in the STA Profile.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-09-01 19:26:41 +03:00
Jouni Malinen
de043ec01a wlantest: Defragment the Per-STA Profile subelement
This subelement within the Basic MLE Link Info can be long enough to
require fragmentation, so defragment it before parsing.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-09-01 19:26:41 +03:00
Jouni Malinen
990600753d wlantest: Defragment Basic MLE before processing
The Basic Multi-Link element is going to be fragmented in many cases, so
defragment it first before trying to parse it.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-09-01 19:26:41 +03:00
Jouni Malinen
528abdeb67 wlantest: Learn group keys from MLO FT Reassociation Response frames
Extend FT Reassociation Response frame processing to support the new MLO
GTK/IGTK/BIGTK subelements similarly to how the MLO group keys were
already learned from EAPOL-Key msg 3/4.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-09-01 11:51:47 +03:00
Jouni Malinen
0cd2bfc8a4 wlantest: Fix FTE MIC calculation for MLO Reassociation Response frames
The AP's RSNE needs to be modified by inserting the PMKR1Name in the
PMKID List field for each affiliated link.

Fixes: 8cf919ffd5 ("wlantest: FTE MIC calculation for MLO Reassociation Response frame")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-09-01 00:03:16 +03:00
Jouni Malinen
a845601ffe wlantest: Derive PTK in MLO using MLD MAC addresses for FT over-the-air
IEEE P802.11be/D4.0 does not seem to have changed the rules for deriving
PTK in FT hierarchy since there were no changes to 12.7.1.6.5 (PTK)
where BSSID and STA-ADDR are used. However, the MLO changes for FT and
for PTK derivation in non-FT cases seem to imply that this FT case is
also supposed to use MLD MAC addresses.

Commit 628b9f1022 ("wlantest: Derive PMK-R1 and PTK using AA/SPA for
MLO FT over-the-DS") did this already for FT over-the-DS, so do the same
for FT over-the-air.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-31 21:10:54 +03:00
Jouni Malinen
d3ab6e001f wlantest: Use non-AP MLD's MLD MAC address in FT over-the-air derivation
S1KH-ID is supposed to be SPA, so learn the MLD MAC address of the
non-AP MLD from the FT Authentication frame and use that instead of the
link address when deriving keys in FT over-the-air case.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-31 20:47:00 +03:00
Kiran Kumar Lokere
377d617b57 Define new BSS command info mask for AP MLD address
The ap_mld_addr entry was added without introducing a new mask bit which
does not follow the expected style for adding new information into the
BSS command and might result in unexpected behavior for external
components. Define a new BSS command information mask bit for this AP
MLD address and print the AP MLD address in the BSS info only if the
mask bit is set.

Fixes: db99e7341a ("Add AP MLD address into BSS command output")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-31 15:23:05 +03:00
Jouni Malinen
770e5a808f wlantest: Determine whether A1 points to STA once in rx_data_bss_prot()
Use the initial BSS/STA routines to determine whether A1 points to STA
instead of maintaining multiple somewhat different ways of doing this.
In addition to making the code easier to maintain, this fixes at least
some cases where incorrect tx/rx_tid or rsc_tods/fromds value was
selected for 4-address frames.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-31 15:02:02 +03:00
Jouni Malinen
850dc14829 wlantest: Remove duplicated A1/A2/A3 override detection for MLO
Use the A1/A2/A3 overrides for MLO determined within rx_data_bss_prot()
in try_ptk_decrypt() to avoid duplicated code in these two functions.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-31 14:44:41 +03:00
Jouni Malinen
6ce745bb87 wlantest: MLO support for decrypting 4-address frames
Search the A1/A2 values in 4-address frames using the MLO enabled
functions to allow appropriate STA entries to be located when these
frames are used with MLO.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-31 14:32:55 +03:00
Jouni Malinen
f6dcd326fe wlantest: Indicate ToDS/FromDS values for BSS DATA entries
This makes it a bit more convenient to debug decryption issues.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-31 12:33:45 +03:00