Commit graph

17804 commits

Author SHA1 Message Date
Jouni Malinen
682fce579f OpenSSL: Fix compressed form encoding for subjectPublicKey with 3.0
It looks like EC_KEY_set_conv_form() for the EC_KEY within the EVP_PKEY
does not take effect for i2d_PUBKEY() with OpenSSL 3.0, so allocate a
new wrapper EVP_PKEY after the conversion format change to be able to
return the correctly encoded (compressed) value here. This is required
for DPP to work correctly.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-01-11 17:40:06 +02:00
Jouni Malinen
ff2eccbdf9 OpenSSL: Load legacy provider when needed for OpenSSL 3.0
Number of the older algorithms have now been moved into a separate
provider in OpenSSL 3.0 and they are not available by default.
Explicitly load the legacy provider when such an algorithm is needed for
the first time.

In addition, at least for now, load the legacy providers when initiating
TLS context to maintain existing functionality for various private key
formats.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-01-11 17:40:06 +02:00
Jouni Malinen
ddcdd62866 OpenSSL: Clean up EVP_PKEY_get{0,1}_EC_KEY() use
Use get1 whenever actually modifying the EC_KEY parameters and mark the
variable used with get0 const to be compatible with OpenSSL 3.0.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-01-11 17:40:06 +02:00
Jouni Malinen
384aa245ef OpenSSL: Speed up crypto_ec_point_compute_y_sqr()
Optimize the calculation by computing (x^2 + a) first to get rid of one
separate multiplication by x.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-01-11 17:40:06 +02:00
Chenming Huang
b26f5c0fe3 DPP: Remove dpp-listen radio work when stopping
The radio work starting may be delayed. If the DPP listen operation is
stopped before the radio work starts, the pending dpp-listen radio work
won't get cleaned up, which might lead to failing to start the next DPP
listen operation.

Issue scenario: DPP start -> dpp-listen radio work added but not started
-> DPP stop, pending radio work not cleaned up -> radio work start ->
trying to start DPP but failing because a dpp-listen work already
exists.

This commit removes the potential pending dpp-listen radio
work when DPP stops.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2021-12-21 00:09:28 +02:00
Shivani Baranwal
3f8c83a65e SAE: Make sure BSS entry is available to determine RSNXE information
wpa_supplicant may use wrong SAE authentication method if it doesn't
have the scan result for the target BSS since RSNXE information is not
available.

For example, STA might use the hunting-and-pecking loop method for SAE
authentication even though AP supports SAE H2E and STA is configured
with sae_pwe=2.

This is possible in cases like EXTERNAL_AUTH triggered by the driver
during roaming. To avoid this update scan results to fetch the target
BSS scan result from the driver.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2021-12-21 00:06:19 +02:00
Mukul Sharma
43f600a1f7 Add new vendor attributes to avoid coex unsafe frequencies
Add additional attributes in
QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY_EXT vendor sub command to
avoid usage of unsafe frequencies on wifi interfaces sent from userspace
to the driver/firmware. The driver/firmware shall use restrictions and
power cap accordingly to restrict the usage of these frequencies on
operating interface(s).

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2021-12-21 00:04:26 +02:00
Jouni Malinen
bb6fa62b3f tests: Fix DPP PKEXv2 capability checks
At least for the time being PKEXv2 needs CONFIG_DPP3=y to work in a
testable manner. Couple of the test cases did not cover this correctly
and resulted in failures (instead of skipping the tests) when the
default build configuration was used. Fix that by checking for DPP
version 3.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2021-12-14 19:45:43 +02:00
Jouni Malinen
cab51021c6 DPP3: Update version capability indication for hostapd
The "GET_CAPABILITY dpp" command in wpa_supplicant was already extended
to cover DPP version 3, but the matching change for hostapd was
forgotten. Add that now.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2021-12-14 19:45:43 +02:00
peterhuang
bc24a8a09e Update supported channel width set (HT40) after channel switch
hostapd should update Supported Channel Width Set of HT Capability
Information field after channel switching done. Otherwise, it would
continue to use the old setting.

Signed-off-by: peterhuang <peterhuang@realtek.com>
2021-12-12 22:53:22 +02:00
peterhuang
ff7e403f06 Fix channel switch wrapper when switching from HT to VHT/HE
Because ieee80211ac and ieee80211ax were not updated before channel
switch is done, hostapd didn't build the Channel Switch Wrapper element
when it switched from HT to bandwidth more than 40 MHz of VHT/HE. fix
this by allowing hostapd_eid_wb_chsw_wrapper() to determine internally
when the element needs to be added based on the new channel instead of
the old configuration.

Signed-off-by: peterhuang <peterhuang@realtek.com>
2021-12-12 22:42:59 +02:00
peterhuang
5606ede121 Update ieee80211ac when channel switching
hostapd will build wrong beacon_after in hostapd_fill_csa_settings() if
it doesn't update ieee80211ac when channel switching.

Signed-off-by: peterhuang <peterhuang@realtek.com>
2021-12-12 22:36:51 +02:00
Daniel Golle
e6db1bc5da mesh: Make forwarding configurable
Allow mesh_fwding (dot11MeshForwarding) to be specified in a mesh BSS
config, pass that to the driver (only nl80211 implemented for now) and
announce forwarding capability accordingly.

Signed-off-by: José Pekkarinen <jose.pekkarinen@unikie.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-12-12 22:31:13 +02:00
Alan Young
5ef9277d0b ACS/DFS: Support min_tx_power configuration
If min_tx_power is specified (default 0 dBm, i.e., no constraint), ACS
and DFS will not consider channels whose available max_tx_power is less
than the configured value.

This may be useful to exclude SRD (Short Range Device) channels which
may be limited to 13.9 dBm (25 mW) in some regulatory domains.

Signed-off-by: Alan Young <consult.awy@gmail.com>
2021-12-12 22:20:18 +02:00
Janusz Dziedzic
a6422a860d tests: remotehost: Disable pipe buffering
Before, we could loose some events because of pipe buffering. I saw this
problem when running "ubus listen" or "logread -f" and waiting some
specific events. After disabling buffering this works much better.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
2021-12-12 22:12:02 +02:00
Janusz Dziedzic
5530688b92 MBO: Fix the allowed range of mbo_assoc_disallow values
This parameter was added with the commit message indicating the valid
reason code values to be 1-5, but with the implementation allowed only
1. There are five defined reason code values for the Association
Disallowed attribute, so extend the allowed range to cover all those
values.

Fixes: fb9a1c3e28 ("hostapd: Add MBO IE to Beacon, Probe Response, Association Response")
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
2021-12-12 22:07:19 +02:00
Damien Dejean
c8e4283f90 D-Bus: Interworking network selection
Add the "InterworkingSelect" method to the DBus API to trigger an
Interworking scan with ANQP fetches. When a BSS that matches a
configured credential is found, the result is emitted using the signal
"InterworkingAPAdded". Completion of the full InterworkingSelect
operation is indicated with the "InterworkingSelectDone" signal.

Signed-off-by: Damien Dejean <damiendejean@chromium.org>
2021-12-12 17:51:46 +02:00
Damien Dejean
b44e199676 D-Bus: Interworking/Hotspot 2.0 credential operations
Add "AddCred", "RemoveCred", and "RemoveAllCreds" methods to the D-Bus
API of the network interface to allow the caller to manipulate a set of
Interworking credentials similarly to the way this was enabled through
the control interface.

Signed-off-by: Damien Dejean <damiendejean@chromium.org>
2021-12-12 17:32:51 +02:00
Damien Dejean
4262e6ca49 Move credential removal operations into helper functions
This allows the same functions to be used for both the control interface
and the D-Bus interface.

Signed-off-by: Damien Dejean <damiendejean@chromium.org>
2021-12-12 17:10:05 +02:00
Damien Dejean
e232d97776 HS 2.0: Crypto engine support for creds
Add the support of engine, engine_id, ca_cert_id, cert_id, and key_id
parameters to credential blocks for Hotspot 2.0.

Signed-off-by: Damien Dejean <damiendejean@chromium.org>
2021-12-12 16:47:47 +02:00
Jouni Malinen
9c352a45c6 tests: Fix a typo in a couple of error messages
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-12-12 16:47:47 +02:00
Gokul Sivakumar
a9ec233624 wlantest: Add the missing command line option -W to the usage text
Signed-off-by: Gokul Sivakumar <gokulkumar792@gmail.com>
2021-12-11 21:54:39 +02:00
Gokul Sivakumar
2ac53e48d5 wlantest: Delete each entry from the WEP list before freeing the entry
To be consistent with how all the other dl lists like passphrase, PMK,
and PTK lists are freed, delete each entry from the WEP list before
freeing the entry.

Signed-off-by: Gokul Sivakumar <gokulkumar792@gmail.com>
2021-12-11 21:53:40 +02:00
Gokul Sivakumar
d9d0b94e3b wlantest: Replace the duplicate functions with reuse of cli.h
The definitions of max_args, get_cmd_arg_num(), and tokenize_cmd() are
already shared by the hostapd_cli and wpa_cli commands by including the
cli.h header. So follow the same for wlantest_cli and remove the
duplicate function defitions.

Signed-off-by: Gokul Sivakumar <gokulkumar792@gmail.com>
2021-12-11 21:50:41 +02:00
Gokul Sivakumar
daea5ceada wlantest: Add new cli "help" command
Having a help cli command to view all the supported commands is helpful
when running the wlantest_cli manually instead via the python test
scripts.

$ wlantest_cli help
commands:
  ping = test connection to wlantest
  terminate = terminate wlantest
  list_bss = get BSS list
  list_sta <BSSID> = get STA list
  flush = drop all collected BSS data
  clear_sta_counters <BSSID> <STA> = clear STA counters
  clear_bss_counters <BSSID> = clear BSS counters
  get_sta_counter <counter> <BSSID> <STA> = get STA counter value
  get_bss_counter <counter> <BSSID> = get BSS counter value
  inject <frame> <prot> <sender> <BSSID> <STA/ff:ff:ff:ff:ff:ff>
  send <prot> <raw frame as hex dump>
  version = get wlantest version
  add_passphrase <passphrase> = add a known passphrase
  add_wepkey <WEP key> = add a known WEP key
  info_sta <field> <BSSID> <STA> = get STA information
  info_bss <field> <BSSID> = get BSS information
  clear_tdls_counters <BSSID> <STA1> <STA2> = clear TDLS counters
  get_tdls_counter <counter> <BSSID> <STA1> <STA2> = get TDLS counter value
  get_bss_counter <counter> <BSSID> = get BSS counter value
  relog = re-open log-file (allow rolling logs)
  get_tx_tid <BSSID> <STA> <TID> = get STA TX TID counter value
  get_rx_tid <BSSID> <STA> <TID> = get STA RX TID counter value
  help = show this usage help

$ wlantest_cli help add_passphrase
commands:
  add_passphrase <passphrase> = add a known passphrase

Signed-off-by: Gokul Sivakumar <gokulkumar792@gmail.com>
2021-12-11 21:44:21 +02:00
Gokul Sivakumar
30cf0d107f wlantest: Properly free allocated memory on error exit paths
In the cases when a failure is experienced, the value "-1" was returned
from the main() function without doing any cleanup or deinit.

For example, if wlantest was started with the following set of command
line arguments then later when returning after a failure from main()
function, the memory allocated as part of handling the "-p" getopt
command line option was not freed. To fix memory leaks in this case,
properly free the previously allocated memory with the help of
wlantest_deinit() before returning from main().

$ sudo valgrind --leak-check=full --show-leak-kinds=all --verbose \
> --track-origins=yes --log-file=valgrind-out.txt \
> ./wlantest -i hwsim0 -dd -c -p "asdfasdfasdfasdf" -W "abcd"
Invalid WEP key 'abcd'

Memory leak reported by Valgrind when running wlantest as mentioned above.

==513454== HEAP SUMMARY:
==513454==     in use at exit: 128 bytes in 1 blocks
==513454==   total heap usage: 4 allocs, 3 frees, 5,720 bytes allocated
==513454==
==513454== Searching for pointers to 1 not-freed blocks
==513454== Checked 76,936 bytes
==513454==
==513454== 128 bytes in 1 blocks are definitely lost in loss record 1 of 1
==513454==    at 0x483DD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==513454==    by 0x1396CA: os_zalloc (in /home/ubuntu/hostap/wlantest/wlantest)
==513454==    by 0x10C345: add_passphrase (wlantest.c:125)
==513454==    by 0x10C345: main (wlantest.c:425)
==513454==
==513454== LEAK SUMMARY:
==513454==    definitely lost: 128 bytes in 1 blocks
==513454==    indirectly lost: 0 bytes in 0 blocks
==513454==      possibly lost: 0 bytes in 0 blocks
==513454==    still reachable: 0 bytes in 0 blocks
==513454==         suppressed: 0 bytes in 0 blocks
==513454==
==513454== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)

Signed-off-by: Gokul Sivakumar <gokulkumar792@gmail.com>
2021-12-11 21:37:06 +02:00
Hassoubi, Hicham
97607de5e6 D-Bus: Capture group ifname before switching to global P2P instance
The P2P DBus interface was using the wrong interface name when calling
wpas_p2p_invite_group(). Capture the group interface name before calling
the method to fix this.

Signed-off-by: Hicham Hassoubi <Hicham_hassoubi@bose.com>
2021-12-11 13:17:47 +02:00
Ernst Sjöstrand
36973aac2c SME: No need for OBSS scan if HT40 is disabled
Signed-off-by: Ernst Sjöstrand <ernst.sjostrand@verisure.com>
2021-12-11 13:10:58 +02:00
Matthew Wang
7db757aac4 Revert "Extract BSS coex 40 MHz check into a separate function"
This reverts commit 3af78a4e04.

This commit prepares a refactor for another patch, which is being
reverted.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2021-12-11 13:06:37 +02:00
Matthew Wang
e480321f8c Revert "STA OBSS: Add check for overlapping BSSs"
This reverts commit 3204795d7a.

The commit adds an additional check that checks for overlapping BSSs in
addition to the existing 40 MHz intolerance subfield checks. The commit
cites IEEE Std 802.11-2016, 11.16.12, which defines the proper behavior
for a 20/40 MHz HT STA and AP, but the standard actually doesn't say
anything about overlapping BSSs. Specifically, the standard states that
the only BSSs that belong in the Intolerant channel report are those
that satisfy trigger event A, defined as channels with BSSs that don't
contain the HT capabilities element (which wpa_supplicant already did
before). Note that we also include channels with BSSs that have the 40
MHz intolerance bit set in the Intolerant channel report.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2021-12-11 13:05:47 +02:00
Jouni Malinen
f373c7b93f tests: DPP PKEXv2
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2021-12-07 23:26:29 +02:00
Jouni Malinen
b57273d069 DPP2: PKEXv2 core protocol changes
Add support for PKEXv2 core protocol. This defines a new PKEX Exchange
Request message type with protocol negotiation and different rules for
key derivation with PKEXv2 or newer is used.

This does not change existing behavior for PKEX, i.e., the PKEXv1
variant will still be used by default.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2021-12-07 23:26:29 +02:00
Jouni Malinen
00b2fb2d04 tests: DPP3 protocol version during network introduction
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2021-12-03 21:24:59 +02:00
Jouni Malinen
b21b310148 DPP: Testing functionality to omit Protocol Version from Peer Discovery
Allow the dpp_test parameter to be used to request the Protocol Version
attributed to be omitted from the Peer Discovery Request/Response
message.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2021-12-03 21:24:59 +02:00
Jouni Malinen
341e7cd664 DPP3: Verify version match during Network Introduction
Verify that the Protocol Version attribute is used appropriate in Peer
Discovery Request/Response messages in cases where the signed Connector
includes the version information.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2021-12-03 21:24:59 +02:00
Jouni Malinen
f26fd5ee6c DPP3: Use Connector version instead of current version in Peer Discovery
Generate Peer Discovery Request/Response messages using the protected
version from the Connector, if present, instead of the currently
supported protocol version which might be higher than the one that got
included into the signed Connector during provisioning earlier.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2021-12-03 21:24:59 +02:00
Jouni Malinen
0cfb726895 DPP3: Add version member to Connector
Indicate the protocol version number that the Enrollee used during the
DPP exchange that resulted in the generation of the Connector.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2021-12-03 21:24:59 +02:00
Jouni Malinen
77ddd38b66 DPP3: Add build option for version 3 functionality
CONFIG_DPP3=y can now be used to configure hostapd and wpa_supplicant
builds to include DPP version 3 functionality. This functionality is
still under design and the implementation is experimental and not
suitable to be enabled in production uses before the specification has
been finalized.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2021-12-03 21:24:59 +02:00
Chaoli Zhou
14ab4a816c Reject ap_vendor_elements if its length is odd
Align the process logic for ap_vendor_elements and ap_assocresp_elements
parsing by using the wpabuf_parse_bin() helper function in both.

Signed-off-by: Chaoli Zhou <zchaoli@codeaurora.org>
2021-11-26 23:46:06 +02:00
Jouni Malinen
2c2bfebca4 Fix bool type values for setband
wpa_add_scan_freqs_list() was updated to use bool for the is_6ghz
argument, but these callers were missed when updating the values from
0/1 to false/true.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-11-26 23:46:06 +02:00
Sreeramya Soratkal
7dc7b88148 P2P: Remove 6 GHz channels from full scan if 6 GHz not enabled for P2P
The channels included for the scan to connect to a P2P GO are optimized
such that the P2P GO preferred channel and the common channels are
included for the first few scans followed by a full scan in which all
the channels supported by the local device are included. This results in
P2P client including the 6 GHz channels for the full scan after GO
Negotiation even when 6 GHz channels are not used for the P2P
connection.

Exclude the 6 GHz channels from the full scan if 6 GHz channels are
supported but are not used for P2P connection.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2021-11-26 23:45:54 +02:00
Aditya Sathish
147932addd Add a QCA vendor attribute to indicate puncture pattern in ACS
Add a QCA vendor attribute to indicate the puncture pattern derived
by the automatic channel selection algorithm.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-11-18 23:07:12 +02:00
Vinay Gannevaram
0b853303ae Update AKMP, cipher, PMF for driver-based SME while roaming
After roaming to a new AP using driver-based SME and roaming trigger,
update proto type, AKMP suite, and pairwise cipher suite based on the
(Re)Association Request frame. Update PMF, group cipher, and group mgmt
cipher based on the AP's RSNE into wpa_sm. group_mgmt_cipher needs to be
updated based on PMF capabilities of STA and roamed AP.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-11-16 23:50:35 +02:00
Pradeep Kumar Chitrapu
c8b94bc7b3 mesh: Enable 160 MHz bandwidth support for 6 GHz in IEEE 802.11s mesh
Since the 6 GHz band has no DFS channels, enable 6 GHz 160 MHz bandwidth
as the default configuration for IEEE 802.11s mesh.

example:
network={
 ssid="6gmesh160"
 key_mgmt=SAE
 mode=5
 frequency=6275
 psk="1234567890"
}

Signed-off-by: P Praneesh <ppranees@codeaurora.org>
Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
2021-11-09 21:21:42 +02:00
Pradeep Kumar Chitrapu
ab0af709df mesh: Enable MFP by default for 6 GHz 11s mesh
IEEE Std 802.11ax-2021 mandates 6 GHz STA to use Management Frame
Protection (MFP) when RSN is enabled.

Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
2021-11-09 21:08:52 +02:00
Pradeep Kumar Chitrapu
d10a01e221 mesh: Enable 80 MHz support for 11s mesh in 6 GHz
Add support for 80 MHz bandwidth operation in 6 GHz 11s mesh.

example:
    network={
        ssid="6GHz-mesh-node"
        key_mgmt=SAE
        mode=5
        frequency=6195
        psk="1234567890"
    }

Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
2021-11-09 21:06:43 +02:00
Pradeep Kumar Chitrapu
d6c5feb8ce mesh: Change channel to frequency based lookup for starting mesh
Channel numbers of the 6 GHz band overlap those of the 2.4 GHz and 5 GHz
bands. Thus converting to frequency based mesh channel selection helps
accommodate 6 GHz mesh.

Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
2021-11-09 20:42:45 +02:00
Jouni Malinen
844f955de4 tests: RNR element generation
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-11-09 18:24:46 +02:00
Aloka Dixit
b16b88acdb RNR: Do not allow FILS Discovery and unsolicited Probe Response simultaneously
Reduced neighbor report has a field to indicate whether unsolicited
Probe Response transmission is active. Add a check to return failure if
both FILS discovery and unsolicited Probe Response are enabled at the
same time to ensure that RNR includes valid data.

Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
2021-11-09 18:02:02 +02:00
Muna Sinada
15f099ec70 RNR: Allow Probe Response frame for a colocated 6 GHz AP
When a Probe Request frame from a station includes an SSID matching that
of a co-located 6 GHz AP, AP should respond with a Probe Response frame
that includes Reduced Neighbor Report element containing information
regarding the requested BSS.

Signed-off-by: Muna Sinada <msinada@codeaurora.org>
Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
2021-11-09 17:55:45 +02:00