Commit graph

18932 commits

Author SHA1 Message Date
Jouni Malinen
50ee26fc70 P2P: Check p2p_channel_select() return value
Verify that the operation succeeds before a debug print indicating that
it did. This was already done in most callers, so be more consistent and
do it here as well.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-07-18 16:15:01 +03:00
Jouni Malinen
fb2b7858a7 FILS: Fix HE MCS field initialization
The second argument to memset() is only eight bits, so there is no point
in trying to set 0xffff values for an array of 16-bit fields. 0xff will
do the exact same thing without causing static analyzes warnings about
truncated value.

Fixes: 903e3a1e62 ("FILS: Fix maximum NSS calculation for FD frame")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-07-18 16:11:08 +03:00
Jouni Malinen
f80d833688 ACS: Remove invalid debug print
ideal_chan is NULL here, so it is not really valid to try to debug print
something from it due to the implied NULL pointer dereferencing.

Fixes: af0f60e7dd ("EHT: Calculate puncturing bitmap for ACS")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-07-18 16:08:44 +03:00
Jouni Malinen
7a37a94eaa Check whether element parsing has failed
Check the ieee802_11_parse_elems() return code and do not proceed in
various cases if parsing failed. Previously, these cases would have been
allowed to continue by ignoring whatever might have followed in the IE
buffer after the first detected parsing failure. This is not really an
issue in practice, but it feels cleaner to explicitly stop when
receiving an invalid set of IEs.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-07-18 16:05:17 +03:00
Jouni Malinen
a4c133ea73 WPS: Optimize attribute parsing workaround
Optimize the search for nonzero octets when checking for the need to
work around WPS M1 padding. The previous implementation was really
inefficient (O(n^2)) and while that was likely sufficiently fast for the
cases where the MMPDU size limit prevents long buffers (e.g., all P2P
Action frames), it might be able to take tens of seconds on low-end CPUs
with maximum length EAP-WSC messages during WPS provisioning. More
visibly, this was causing OSS-Fuzz to time out a test case with
unrealisticly long data (i.e., almost 10 times the maximum EAP-WSC
buffer length).

Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60039
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-07-18 11:46:57 +03:00
Jouni Malinen
518ae8c7cc P2P: Do not print control characters in debug
Do not print the received country code as characters if it includes
control characters.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-07-18 11:15:15 +03:00
Jouni Malinen
b2a1e7fe7a tests: PEAP and TTLS phase2_auth behavior
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-07-17 21:25:06 +03:00
Jouni Malinen
de9a11f4dd TTLS client: Support phase2_auth=2
Allow the phase2_auth=2 parameter (in phase1 configuration item) to be
used with EAP-TTLS to require Phase 2 authentication. In practice, this
disables TLS session resumption since EAP-TTLS is defined to skip Phase
2 when resuming a session.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-07-17 21:25:06 +03:00
Jouni Malinen
8e6485a1bc PEAP client: Update Phase 2 authentication requirements
The previous PEAP client behavior allowed the server to skip Phase 2
authentication with the expectation that the server was authenticated
during Phase 1 through TLS server certificate validation. Various PEAP
specifications are not exactly clear on what the behavior on this front
is supposed to be and as such, this ended up being more flexible than
the TTLS/FAST/TEAP cases. However, this is not really ideal when
unfortunately common misconfiguration of PEAP is used in deployed
devices where the server trust root (ca_cert) is not configured or the
user has an easy option for allowing this validation step to be skipped.

Change the default PEAP client behavior to be to require Phase 2
authentication to be successfully completed for cases where TLS session
resumption is not used and the client certificate has not been
configured. Those two exceptions are the main cases where a deployed
authentication server might skip Phase 2 and as such, where a more
strict default behavior could result in undesired interoperability
issues. Requiring Phase 2 authentication will end up disabling TLS
session resumption automatically to avoid interoperability issues.

Allow Phase 2 authentication behavior to be configured with a new phase1
configuration parameter option:
'phase2_auth' option can be used to control Phase 2 (i.e., within TLS
tunnel) behavior for PEAP:
 * 0 = do not require Phase 2 authentication
 * 1 = require Phase 2 authentication when client certificate
   (private_key/client_cert) is no used and TLS session resumption was
   not used (default)
 * 2 = require Phase 2 authentication in all cases

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-07-17 21:09:26 +03:00
Jouni Malinen
599d00be9d wlantest: Support HT Control field in Robust Management frames
Check the +HTC bit in FC to determine if the HT Control field is present
when decrypting Robust Management frames. This was already done for QoS
Data frames, but the Management frame case had not been extended to
cover this option.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-06-22 22:44:51 +03:00
Veerendranath Jakkam
30f5bdc34c Add support to configure per-MLO link maximum supported channel width
Update documentation of the QCA_WLAN_VENDOR_ATTR_CONFIG_CHANNEL_WIDTH
and QCA_WLAN_VENDOR_ATTR_CONFIG_CHAN_WIDTH_UPDATE_TYPE attributes to
indicate support for per-MLO link configuration.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-06-22 22:32:42 +03:00
Veerendranath Jakkam
3d1ec9d0af Add QCA vendor interface to support per-MLO link configurations
Add support for per-MLO link configurations in
QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION and
QCA_NL80211_VENDOR_SUBCMD_GET_WIFI_CONFIGURATION commands.

Additionally, add documentation for
QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION and
QCA_NL80211_VENDOR_SUBCMD_GET_WIFI_CONFIGURATION commands.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-06-22 22:32:33 +03:00
Vamsi Krishna
f83cc05aa4 Reserve QCA vendor sub command id 232
This is reserved for QCA use.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-06-22 22:00:34 +03:00
Kiran Kumar Lokere
82db29c37e QCA vendor test config attribute for MLO link powersave
Define a new QCA vendor test config attribute to configure powersave
on MLO links.

This attribute is used for testing purposes.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-06-22 21:58:36 +03:00
Paul Zhang
f37a7dec3d Add vendor attributes for EPCS feature
Add vendor attribute QCA_WLAN_VENDOR_ATTR_CONFIG_EPCS_CAPABILITY
to set EPCS (Emergency Preparedness Communications Service)
feature capability.

Add vendor attribute QCA_WLAN_VENDOR_ATTR_CONFIG_EPCS_FUNCTION
to enable/disable EPCS priority access.

These are for testing purposes.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-06-22 21:55:08 +03:00
Ainy Kumari
a8c66bbb7a QCA vendor interface to control maximum allowed bandwidth update type
Add support to control maximum allowed bandwidth update type for
the current connection.

Signed-off-by: Ainy Kumari <quic_ainykuma@quicinc.com>
2023-06-22 21:38:03 +03:00
Aleti Nageshwar Reddy
19e880d1f8 Add support to get the TDLS wider bandwidth capability
Extend bitwise mask in enum qca_wlan_tdls_caps_features_supported to get
the TDLS wider bandwidth capability from the driver.

Signed-off-by: Aleti Nageshwar Reddy <quic_anageshw@quicinc.com>
2023-06-22 21:31:33 +03:00
Aleti Nageshwar Reddy
a8a112d4d1 Add documentation and nested attribute enums for existing QCA TDLS commands
Add missing documentation and nested attribute enums for the existing
QCA TDLS vendor commands.

Signed-off-by: Aleti Nageshwar Reddy <quic_anageshw@quicinc.com>
2023-06-22 21:29:07 +03:00
Nirav Shah
91783b21be Define a QCA vendor attribute to configure UL MU transmission
Define a new QCA vendor attribute to enable/suspend trigger
based UL MU transmission.

Signed-off-by: Prasanna JS <quic_pjs@quicinc.com>
2023-06-22 21:15:43 +03:00
Chenming Huang
05a2f4c4f8 EHT: Process puncturing bitmap from channel select driver event for ACS
Retrieve the puncturing bitmap sent by the driver in channel select
events for ACS when using the QCA vendor specific event.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-06-22 17:49:10 +03:00
Veerendranath Jakkam
9b233e9f0a nl80211: Always return NL_SKIP from survey dump handler
Previously, NL_STOP was returned from the survey dump handler if the
maximum number of frequencies was reached for storing survey
information, but this is causing wpa_supplicant context getting stuck if
the current SKB returned by the kernel itself ends with NLMSG_DONE type
message. This is due to libnl immediately stopping processing the
current SKB upon receiving NL_STOP and not being able to process
NLMSG_DONE type message, and due to this wpa_supplicant's
finish_handler() not getting called. Fix this by returning NL_SKIP
instead while still ignoring all possible additional frequencies.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-06-22 17:28:38 +03:00
Xinyue Ling
3a995cb5a9 Determine current hw mode before channel switch
There are two hw modes (5 GHz and 6 GHz) with HOSTAPD_MODE_IEEE80211A
and the current hw mode may be wrong after one channel switch to 6 GHz.
This will cause hostapd_set_freq_params() to return -1 when saving
previous state and the second channel switch to fail. Fix this by adding
hostapd_determine_mode() before every channel switch.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-06-22 17:20:44 +03:00
Shivani Baranwal
a786c9b4a0 Enhance QCA_WLAN_VENDOR_ATTR_CONFIG_EHT_MLO_MAX_NUM_LINKS
Use zero value with QCA_WLAN_VENDOR_ATTR_CONFIG_EHT_MLO_MAX_NUM_LINKS to
restore the device default maximum number of allowed MLO links
capability.

Also, as per IEEE 802.11be/D3.0, the maximum number of allowed links for
an MLO connection is 15. Update the documentation of the attribute to
indicate the same.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2023-06-20 23:58:17 +03:00
Jouni Malinen
aa4b8492e4 AP MLD: Provide Link ID when requesting current seqnum for a group key
This is needed to match the key configuration design with a single
netdev and the nl80211 driver interface.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-06-15 17:43:17 +03:00
Jouni Malinen
19b6a1513f tests: Additional EHT MLD AP coverage
Verify behavior in SAE/PSK transition mode and PTK rekeying.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-06-15 17:34:02 +03:00
Andrei Otcheretianski
f5592e2d5e tests: Add basic MLD hwsim tests
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-15 17:34:02 +03:00
Andrei Otcheretianski
5199cff4c7 AP/MLO: Forward received EAPOL frames to correct BSS
In case of MLO AP and legacy client, make sure received EAPOL frames are
processed on the correct BSS.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-15 17:34:02 +03:00
Andrei Otcheretianski
5c6cad01fd AP/MLO: Forward Management frame TX status to correct BSS
In case of MLO AP and legacy client, make sure Management frame TX
status is processed on the correct BSS.

Since there's only one instance of i802_bss for all BSSs in an AP MLD in
the nl80211 driver interface, the link ID is needed to forward the
status to the correct BSS. Store the link ID when transmitting
Managements frames and report it in TX status.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-15 17:34:02 +03:00
Andrei Otcheretianski
996759ccf7 AP/MLO: Forward EAPOL TX status to correct BSS
In case of MLO AP and legacy client, make sure EAPOL TX status is
processed on the correct BSS.

Since there's only one instance of i802_bss for all BSSs in an AP MLD in
the nl80211 driver interface, the link ID is needed to forward the EAPOL
TX status to the correct BSS. Store the link ID when transmitting EAPOL
frames over control interface and report it in TX status.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-15 17:34:02 +03:00
Andrei Otcheretianski
8b56536693 AP: Use MLD address for traffic tests
In case of MLD use the MLD address.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-15 17:34:02 +03:00
Andrei Otcheretianski
6046aef734 AP: Don't process SAE/OWE association info on MLD links
Only the main link handles SAE authentication and OWE, skip them on
other links.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-15 17:34:02 +03:00
Andrei Otcheretianski
90d819c242 AP: Use MLD address for SAE commit derivation
MLO associations use the MLD address instead of the MAC address in SAE
derivation.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-15 17:34:02 +03:00
Ilan Peer
8b49853f49 AP: Specify the link ID for set_key() callback for group keys
If the AP is part of an AP MLD specify the link ID in the set_key
parameters whenever setting a group key.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-15 17:34:02 +03:00
Ilan Peer
8a8752876a MLO: Get the correct AA and SPA based on MLD operation for RSN authenticator
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2023-06-15 17:34:02 +03:00
Ilan Peer
d5e93c8043 MLO: Add MLO KDEs to EAPOL-Key msg 1/2 of the group handshake
This provides the link specific group keys and last used PN/IPN/BIPN
values to the Supplicant in the MLO KDEs instead of the KDEs used for
non-MLO cases.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2023-06-15 17:34:02 +03:00
Ilan Peer
79212e93f7 MLO: Validate MLO KDEs in EAPOL-Key msg 4/4
Verify that the MLD address in EAPOL-Key msg 4/4 is set correctly for
MLO cases. Note that the mechanism used here for distinguishing between
EAPOL-Key msg 2/4 and 4/4 is not exactly ideal and should be improved in
the future.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-15 17:32:31 +03:00
Andrei Otcheretianski
856d99410f MLO: Add MLO KDEs to EAPOL-Key msg 3/4
This provides the link specific group keys and last used PN/IPN/BIPN
values to the Supplicant in the MLO KDEs instead of the KDEs used for
non-MLO cases.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-14 11:35:04 +03:00
Andrei Otcheretianski
137b855092 MLO: Mechanism for fetching group key information for the links
Allow RSN authenticator to fetch the current group key information with
the keys and the last used PN/IPN/BIPN for MLO specific KDEs.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-14 11:34:58 +03:00
Ilan Peer
eb28ee20e7 MLO: Validate MLO Link KDEs in EAPOL-Key msg 2/4
Verify that the affiliated link information matches between association
(unprotected) and 4-way handshake (protected).

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-14 11:34:54 +03:00
Ilan Peer
151ac359dd MLO: Add MAC Address KDE to EAPOL-Key msg 1/4 for MLO association
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-14 11:34:12 +03:00
Andrei Otcheretianski
3102d7676b MLO: Store MLO link information in RSN Authentication
Make the MLO related information available for the RSN Authenticator
state machine to be able to perform steps needed on an AP MLD. The
actual use of this information will be in the following commits.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-14 11:34:07 +03:00
Andrei Otcheretianski
cb130bbcb9 AP: MLO: Forward link specific events to the identified link
Process Management and EAPOL frames on the correct link.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-12 23:19:14 +03:00
Andrei Otcheretianski
3613c8a96f nl80211: Use frequency to determine MLD link for MLME events
This is needed since link_id is not always available. In addition,
recognize the link address as a known address.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-12 23:13:21 +03:00
Ilan Peer
d3e20b2113 AP/driver: Add link id to the set_tx_queue_params() callback
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2023-06-12 16:34:08 +03:00
Ilan Peer
fbbca2bf16 AP: Provide the link ID for an MLD setting when setting VLAN
This is a required modification to the driver interface and driver
nl80211.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2023-06-12 16:31:00 +03:00
Andrei Otcheretianski
172b0a9a2b AP/driver: Add link ID to send EAPOL callbacks
EAPOL frames may need to be transmitted from the link address and not
MLD address. For example, in case of authentication between AP MLD and
legacy STA. Add link_id parameter to EAPOL send APIs.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-12 16:26:56 +03:00
Andrei Otcheretianski
c5271faf55 AP: Print MLD info in STATUS command
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-12 16:26:56 +03:00
Ilan Peer
d75ebe23d8 AP: Handle Management frame TX status for AP MLD address
This allows proper TX status handling when MLD addressing is used for
Management frames. Note, that the statuses are still not forwarded to
the correct link BSS. This will be handled in later commits.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2023-06-12 16:26:56 +03:00
Ilan Peer
7a9ae9f43e AP: Do not prune station when adding a link station
As otherwise the original station would be pruned.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2023-06-12 16:26:56 +03:00
Ilan Peer
5a61644fff driver: Specify link ID for 'send_mlme' and 'sta_deauth' callbacks
This is needed for the driver to know on which link it should transmit
the frames in MLO cases.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-12 16:26:49 +03:00