Commit graph

19807 commits

Author SHA1 Message Date
Shivani Baranwal
5b0112a185 P2P2: Add DIRA attributes to P2P2 IE of NAN SDFs
Add DIRA attribute in P2P2 IE of NAN Subscribe and Publish frames
to enable support for device identity of paired peers.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2024-08-27 10:51:56 +03:00
Shivani Baranwal
29f70292e5 P2P2: Add PCEA and PBMA attributes to P2P2 IE of NAN SDFs
Add PCEA and PBMA attribute in P2P2 IE of NAN Subscribe and Publish frames
to include the P2P2 capabilities and bootstrapping methods.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2024-08-27 10:51:56 +03:00
Shivani Baranwal
a58b2ba2fc P2P2: Allow P2P IE to be added into NAN SDFs
Extend the NAN Subscribe and Publish methods to allow p2p=1 to be
specified to include P2P attributes in a P2P IE to be added into the NAN
Element Container attribute. In addition, use the P2P Device Address for
the NAN SDFs for the P2P cases.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2024-08-27 10:51:56 +03:00
Shivani Baranwal
ae221945f6 P2P2: New element and attribute definitions
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2024-08-27 10:51:53 +03:00
Shivani Baranwal
633e969311 NAN: Option to offload NAN DE for USD into the driver
Support implementation architecture where the NAN discovery engine is
located in the driver/firmware instead of wpa_supplicant.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2024-08-27 00:26:46 +03:00
Jouni Malinen
87c6b322ee tests: AP MLD and RSN overriding with too long elements
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-23 18:42:55 +03:00
Jouni Malinen
d984172189 RSNO: Check that RSNOE/RSNO2E/RSNXOE fit into RSN Override Link KDE
While these elements fit without issue in production use cases, it is
possible to override the elements for testing purposes and if such
overridden elements are overly long, they would nto fit into the maximum
length RSN Override Link KDE. This could result in difficult to debug
failure cases, so check for this explicitly and instead of sending out
the invalid M3, report the internal issue in the debug log and do not
send M3.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-23 18:40:53 +03:00
Jouni Malinen
c6a8db47c3 tests: RSNXE extensibility
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-23 10:09:10 +03:00
Jouni Malinen
c03edfd5bd Allow IE overriding to use maximum element length
Elements can actually be 257 octets long (2 octets of header followed by
255 octets of payload). The maximum length for various IE override
testing parameters had somehow ended up being one octet too short to
cover the maximum. Increase this to allow the maximum element length to
be reached for testing purposes.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-23 10:07:19 +03:00
Jouni Malinen
7683ce1cff tests: Fix EHT 320 MHz tests to clear sae_groups
These test cases could fail if they happened to be executed after a test
case that set a specific SAE group.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-22 12:09:20 +03:00
Shivam Rai
d9bb64914a PASN: Add a function to configure noauth variable
When the PASN implementation is used as a library for Wi-Fi Aware
applications there is need to allow the Responder to set the noauth
parameter to support opportunistic pairing method using PASN AKMP. Add
pasn_set_noauth() to address this.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-22 11:36:02 +03:00
Shivam Rai
8f21cdf9d7 PASN: Add support to reject PASN auth 1 based on user input
When the PASN implementation is used as a library for Wi-Fi Aware
applications there is need to reject the PASN auth 1 frame based on the
user input. Add support to send PASN auth 2 with failure status for
auth 1 frame received to address this need.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-22 11:28:19 +03:00
Jouni Malinen
18116e38a2 tests: DPP and SAE with short password
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-22 11:27:00 +03:00
Jouni Malinen
882bd2edd5 DPP: Do not restrict SAE password length on Enrollee
The restriction of the passphrase length to 8..63 characters is only
applicable for WPA2-Personal (PSK). Remove this constraint when
processing a configuration object that includes SAE without PSK.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-22 11:26:53 +03:00
Jouni Malinen
503e22025b DPP: Do not restrict SAE password length on Configurator
The restriction of the passphrase length to 8..63 characters is only
applicable for WPA2-Personal (PSK). Remove this constraint when
provisioning a configuration object that includes SAE without PSK.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-22 11:20:20 +03:00
Jouni Malinen
064a46b478 tests: RSN overriding and WPA3-Personal Compatibility Mode
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-20 19:31:00 +03:00
Jouni Malinen
9da9e41612 tests: RSN overriding enabled only on the STA
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-15 20:45:55 +03:00
Veerendranath Jakkam
df8c5e22d7 RSNO: Always enable SNonce cookie and RSN Override elements validation
Always set SNonce cookie and enable RSN Override elements validation
irrespective of the RSN Selection element usage in (Re)Association
Request frame when RSN overriding supported.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2024-08-15 20:45:55 +03:00
Veerendranath Jakkam
bbb55af8c3 RSNO: Skip validating RSN Override elements with MLO when RSN overriding not used
STA needs to skip validating RSN Override elements when RSN overriding
is not used since AP will not send RSN Override elements in EAPOL-Key
message 3/4. This is handled correctly in non-MLO case but in MLO case
wpa_supplicant always validates RSN Override link KDEs. Fix validating
RSN Override elements in MLO case as well.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2024-08-15 20:45:55 +03:00
Jouni Malinen
66d8ac8ccc RSNO: Do not enforce SNonce cookie and RSN Selection match if RSNO not used
A STA that supports RSN overriding will always use the SNonce cookie. An
AP that does not advertise RSN overriding elements must not enforce that
SNonce cookie is used with RSN Selection element since a STA includes
the latter only when it sees the AP advertising RSN overriding elements.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-15 20:45:55 +03:00
Veerendranath Jakkam
70b8f64faf RSNO: Update RSN overriding capability indication to the driver
Modify wpa_supplicant code based on the updated driver interface for RSN
overriding capability indication.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2024-08-14 00:47:31 +03:00
Jouni Malinen
5fd3d05a40 More detailed documentation for QCA_NL80211_VENDOR_SUBCMD_GET_FEATURES
Be more specific on how the QCA_WLAN_VENDOR_ATTR_FEATURE_FLAGS attribute
is used in the response.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-14 00:47:31 +03:00
Veerendranath Jakkam
fd72d395db QCA vendor interface for indicating supplicant support for RSN overriding
Add QCA_NL80211_VENDOR_SUBCMD_CONNECT_EXT to send additional information
such as RSN overriding support of the supplicant for the (re)association
attempts with NL80211_CMD_CONNECT.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2024-08-14 00:47:31 +03:00
Veerendranath Jakkam
88150522ce Use QCA_WLAN_VENDOR_FEATURE_RSN_OVERRIDE_STA only for indicating driver support
Use separate interfaces for indicating driver and supplicant RSN
overriding support. Modifying this interface is fine since this feature
is still under development.

Subsequent commit will define the interface for indicating supplicant
RSN overriding support to the driver.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2024-08-14 00:47:28 +03:00
Aditya Kumar Singh
bc5d3bf623 tests: Enable MLD GTK rekey test
Now that MLO GTK rekey support is added, enable the test case fully.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-08-13 19:24:12 +03:00
Aditya Kumar Singh
8c9b9ccb49 AP MLD: Fix PN/IPN/BIPN for group rekeying
wpa_auth_get_seqnum() for ML group rekeying needs to be skipped in the
same way as it is done for non-ML cases to avoid indicating old values
and resulting in group frames being dropped as replays. The simple check
for gsm->wpa_group_state != WPA_GROUP_SETKEYS (as is done for non-ML) is
not sufficient for this since the per-link Authenticator states are not
strictly synchronized and the state change happens in the middle of this
step.

Fixes: 137b855092 ("MLO: Mechanism for fetching group key information for the links")
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-08-13 19:24:12 +03:00
Rameshkumar Sundaram
7275b65149 AP MLD: Fix ML STA wpa_group update during rekey
At present, group key update is not confined only on the association
link as originally intended. Hence, ensure now that the group key update
is only performed on the association link for non-AP MLDs.

This was missed during adding support for group rekeying for MLO.

Fixes: 12acda633b ("AP MLD: Support group rekeying for MLO")
Signed-off-by: Rameshkumar Sundaram <quic_ramess@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-08-13 12:59:40 +03:00
Jouni Malinen
5dbbca24ea tests: Group rekeying with VLANs
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-13 12:58:45 +03:00
Jouni Malinen
19e12d5e2d Fix GKeyDoneStations tracking for VLAN
The AP MLD change to use a helper function for this broke the design
that depends on the value for sm->group (i.e., the currently assigned
VLAN) being used instead of the sm->wpa_auth->group. Restore previous
behavior to fix GKeyDoneStations tracking when VLANs are used.

Fixes: 78adbf2c08 ("AP MLD: Mark GKeyDone completed for STAs in a helper function")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-13 12:58:45 +03:00
Jouni Malinen
189972d129 tests: Fix duplicate test case name
The new test case for an AP MLD in a bridge was supposed to use a unique
test name to avoid hiding an existing test case.

Fixes: c4f9279267 ("tests: AP MLD with two links in a bridge")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-13 11:44:09 +03:00
Radha Krishna Simha Jiguru
43943ea5b3 nl80211: Add AP_VLAN interface to bridge after interface is up
In the current hostapd flow, AP_VLAN net device is added to a bridge
before the interface is brought up.

Interface up event is used in mac80211 layer for setting device context
in the driver. Vendor specific datapath offload configurations for net
device might also be set up in interface up event context. Adding
AP_VLAN interface to a bridge before the UP event could cause
inconsistent state for datapath offload context setup in a vendor
driver.

Change the sequence to add AP_VLAN interface to a bridge after the
interface is set up. This makes the interface up and bridge add sequence
for AP_VLAN to be consistent with that of a regular AP interface.

Signed-off-by: Radha Krishna Simha Jiguru <quic_rjiguru@quicinc.com>
2024-08-12 12:40:03 +03:00
Jouni Malinen
c4f9279267 tests: AP MLD with two links in a bridge
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-12 12:11:39 +03:00
Karthikeyan Kathirvel
7e7e43d6b3 AP MLD: Add links to bridge FDB for FT roaming
During FT, RRB messages are getting dropped at bridge on an AP MLD since
bridge doesn't know all the link address, so roaming gets failed.

Add AP MLD's each link address to the bridge FDB, so that RRB frames
get forwarded through bridge to hostapd.

Co-developed-by: Rameshkumar Sundaram <quic_ramess@quicinc.com>
Signed-off-by: Rameshkumar Sundaram <quic_ramess@quicinc.com>
Signed-off-by: Karthikeyan Kathirvel <quic_kathirve@quicinc.com>
2024-08-12 12:02:00 +03:00
Jouni Malinen
1282787878 tests: hostapd error path on driver interface initialization failure
Signed-off-by: Jouni Malinen <j@w1.fi>
2024-08-10 11:12:07 +03:00
Jintao Lin
015f6a5a0c nl80211: NULL pointer check for link before use
bss->flink could be NULL when wpa_driver_nl80211_del_beacon() is called
if wpa_driver_nl80211_drv_init() fails early through the 'failed' label
and jumps to wpa_driver_nl80211_deinit() with bss->flink unset.

Fixes: 47269be36e ("nl80211: Refactor i802_bss to support multiple links")
Signed-off-by: Jintao Lin <jintaolin@chromium.org>
2024-08-10 11:11:53 +03:00
Aditya Kumar Singh
3e2758b19a hostapd: Avoid channel selection across underlying hardware index
Currently, channel is selected from the current hw_mode. However, not
all channels under current hw_mode might be available for the current
operating underlying hardware.

Add logic to check if the selected channel falls under the current
operating hardware index and only if so, continue with the selected
channel.

Co-developed-by: Harshitha Prem <quic_hprem@quicinc.com>
Signed-off-by: Harshitha Prem <quic_hprem@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-08-09 22:25:02 +03:00
Aditya Kumar Singh
15bf093b5b hostapd: Fetch multiple radios information from the driver
When a driver consolidates several hardware components under a single
radio, it provides details about these components via the
NL80211_CMD_GET_WIPHY command.

Parse this information and store it. A subsequent change will use this
information for validation in certain scenarios.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-08-09 22:20:24 +03:00
Jouni Malinen
c43e1e5a5f Sync with wireless-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2024-07-09.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-08-09 21:58:05 +03:00
Ganesh Kariganuru Mahabalesh
c3beaf6b86 nl80211: MLD: Fix is_shared_drv ops logic when num links is one
Whenever there is only one BSS left and if the number of links is one,
is_shared_drv() returns false assuming no one else is sharing the driver
interface. However, when the number of links is one, this does not
guarantee that the caller's link ID is the only active link ID. If this
is not the case and false is returned, the caller calls hapd_deinit()
which will free the driver interface. However, when the actual active
link_id reaches deinit path, this leads to dereferencing a NULL pointer
ultimately leading to segmentation fault.

To prevent this, pass the link ID into the is_drv_shared() ops and match
it with only with active link IDs. Only return false if they are same.

Signed-off-by: Ganesh Kariganuru Mahabalesh <quic_gkarigan@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-08-09 10:05:39 +03:00
Aditya Kumar Singh
3e420372e7 nl80211: Remove unused function argument from is_drv_shared() ops
The bss_ctx argument was never used and can be removed.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-08-09 09:56:51 +03:00
Naveen S
c6ff28cb63 AP MLD: Handle garbage pointer after MLD interface is deleted
In function driver_nl80211_link_remove(), when there is no active links,
interface is removed. This will free the BSS pointer. A copy of the BSS
pointer is also stored in each of the affiliated links' hapd->drv_priv
member.

driver_nl80211_link_remove() is called via multiple paths, e.g., via
NL80211_CMD_STOP_AP and via driver_nl80211_ops. When called when
handling an nl80211 event, links will be removed and when count reaches
zero, the interface will be removed. However, core hostapd will be
unaware of this removal. Hence, if it tries to access its drv_priv
pointer, this can lead to segmentation fault at times since the pointer
is now pointing to freed memory.

Prevent this by adding a new notification event
(EVENT_MLD_INTERFACE_FREED). Whenever the interface is freed, this
notification will be sent. hostapd will process this notification and
will set all affliated links' hapd->drv_priv to NULL.

Signed-off-by: Naveen S <quic_naves@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-08-09 09:56:22 +03:00
Aditya Kumar Singh
e1bf37022e nl80211: MLO: Process stop AP event on link basis
Currently, a stop AP event is processed always on the first BSS in the
drv. However, with multi-link operation, it can come on any interface
and there is need to process it for the intended BSS. Also, the event
has a link ID attribute during MLO which is not used and still the event
is passed to the first link BSS.

Process the event for the intended BSS and for the intended link BSS
during MLO.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-08-09 09:49:04 +03:00
Aditya Kumar Singh
f519f472e6 nl80211: Make nl80211_remove_link() non-static
No functionality changes.

This is needed to support STOP_AP events for MLD interface in a
subsequent change.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-08-09 09:44:18 +03:00
Aditya Kumar Singh
2d290f1966 AP MLD: Handle driver events for interface enable/disable
When an interface is enabled, keys are reconfigured, if required, and
beaconing is started again. With MLO, this needs to be done for each of
the affiliated links. Before starting the beaconing, the link needs to
be added back first.

Similarly, when the interface is disabled, hostapd removes the keys and
set the BSS state to disabled. However, for an AP MLD interface, this
needs to be done for each of the affiliated link BSS.

Handle the interface enable/disable driver event for AP MLD.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-08-09 09:42:59 +03:00
Aditya Kumar Singh
e9984e3db2 hostapd: Refactor interface enable/disable into separate helper functions
Driver events for interface enable/disable are currently handled on
interface level with one hostapd_data instance under consideration. In
order to extend it for MLO, this needs to be done for each of the
affiliated links. Hence, refactor the code into a helper function which
can be used later.

No functionality change. Support for MLO will be added in a subsequent
change.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-08-09 09:36:02 +03:00
Veerendranath Jakkam
8324947a67 RSNO: Add debug prints for RSN override elements in EAPOL frames
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2024-08-08 22:39:39 +03:00
Veerendranath Jakkam
abd7f47958 RSNO: Fix storing RSNE/RSNXE variants to wpa_sm from association event
Store the full set of AP's RSNE/RSNXE variants to wpa_sm while
processing association event. Commit 521374b978 did this for the cases
that were needed for SME-in-wpa_supplicant cases, but forgot to update
the cases needed for SME-in-driver. Convert those to the updated
protocol design as well.

Fixes: 521374b978 ("RSNO: Include all RSNE/RSNXE variants in EAPOL-Key message 3/4")
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2024-08-08 22:34:03 +03:00
Yu Zhang(Yuriy)
72ac0ee026 WNM: Extend workaround for broken AP operating class behavior
Some APs do not advertise operating classes correctly for BSS Transition
Management. Try to determine the most likely operating frequency based
on the channel number (1..14 --> 2.4 GHz; 36..177 --> 5 GHz) if invalid
op_class == 255 is received in a BSS Transition Management Request. This
speeds up the following operating by avoiding a full scan due to an
unknown channel.

This extends the workaround that was added in commit 80ce804e88 ("WNM:
Workaround for broken AP operating class behavior") for invalid
operating class 0 to cover another observed case with invalid operating
class 255.

Signed-off-by: Yu Zhang(Yuriy) <quic_yuzha@quicinc.com>
2024-08-08 22:26:53 +03:00
Aditya Kumar Singh
e900bcb149 tests: Add CSA support on non-first link of AP MLD
Currently MLO CSA test case supports CSA only on the first link.
However, now it can be extended to other links as well.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-08-08 22:18:49 +03:00
Aditya Kumar Singh
e33a55d31d nl80211: Sanitize link ID in mlme_event_ch_switch() for AP interface
During channel switch handling for AP MLD, if link ID is incorrect,
there is no point in proceeding till end and failing or returning from
there. Hence sanitize it in the initial time itself and return if it is
incorrect. Throw a warning print if it is not correct as well.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-08-08 22:18:49 +03:00