Derive the KDK as part of PMK to PTK derivation if forced by
configuration or in case both the local station and the AP declare
support for secure LTF.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
IEEE P802.11az/D2.6 added definitions to include RSNXE in the PASN
negotiation. Implement the new functionality in both wpa_supplicant and
hostapd.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Add support for PASN authentication with FT key derivation:
- As IEEE P802.11az/D2.6 states that wrapped data is optional and
is only needed for further validation of the FT security parameters,
do not include them in the first PASN frame.
- PASN with FT key derivation requires knowledge of the PMK-R1 and
PMK-R1-Name for the target AP. As the WPA state machine stores PMK-R1,
etc. only for the currently associated AP, store the mapping of
BSSID to R1KH-ID for each previous association, so the R1KH-ID
could be used to derive PMK-R1 and PMK-R1-Name. Do so instead
of storing the PMK-R1 to avoid maintaining keys that might not
be used.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
As the PASN FILS authentication is only defined for FILS SK without PFS,
and to support PASN authentication with FILS, implement the PASN with
FILS processing as part of the PASN handling and not as part of the WPA
state machine.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Add PASN implementation to wpa_supplicant
1. Add functions to initialize and clear PASN data.
2. Add functions to construct PASN Authentication frames.
3. Add function to process PASN Authentication frame.
4. Add function to handle PASN frame TX status.
5. Implement the station side flow processing for PASN.
The implementation is missing support for wrapped data and PMKSA
establishment for base AKMs, and only supports PASN authentication or
base AKM with PMKSA caching.
The missing parts will be added in later patches.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
PASN requires to store the PTK derived during PASN authentication
so it can later be used for secure LTF etc. This is also true
for a PTK derived during regular connection.
Add an instance of a PTKSA cache for each wpa_supplicant
interface when PASN is enabled in build configuration.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
1. Add a function to derive the PTK from a PMK and additional data.
2. Add a function to calculate the MIC for a PASN frames.
3. Add a function to compute the hash of an authentication frame body.
The above are built only in case that CONFIG_PASN is enabled at build
time.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Extend the wpa_pmk_to_ptk() to also derive Key Derivation
Key (KDK), which can later be used for secure LTF measurements.
Update the wpa_supplicant and hostapd configuration and the
corresponding WPA and WPA Auth state machine, to allow enabling of KDK
derivation. For now, use a testing parameter to control whether KDK is
derived.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Add support for new channels 173 and 177 in the operating classes 125 to
130 as defined in draft IEEE P802.11ax/D8.0.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
After sending DPP Auth Response, the Responder might not receive the
Auth Confirm either due to the Initiator not sending it or the reception
of the frame failing for some reason (e.g., Responder having already
left the negotiation channel). If this happens, following initiation
attempts would fail since the consecutive Auth Request would get
discarded since the previous authentication is still in progress.
Terminate DPP authentication on Responder, if no Auth Confirm is
received within one second of successfully sending Auth Response. This
allows the Responder to accept start of a new exchange.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Commit 02c21c02d0 ("wpa_supplicant: Do not disconnect on deinit if
WoWLAN is enabled") prevents the disconnection on deinit if the driver
indicates that WoWLAN is enabled. This is not the expected behavior in
some earlier use cases where the wpa_supplicant process is left running
when going to sleep and killing of the wpa_supplicant process is used
only when there is an expectation of Wi-Fi connection being disabled.
To support the use cases which require the WLAN to disconnect on deinit
even if WoWLAN is enabled, introduce a configuration parameter
wowlan_disconnect_on_deinit. This is set to 0 by default thereby not
impacting the functionality in the above mentioned commit. Setting it to
1 restores the old behavior before the commit identified above.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Export a new 'suiteb192' capability to indicate that wpa_supplicant was
built with WPA-EAP-SUITE-B-192 support and accepts
'key_mgmt=WPA-EAP-SUITE-B-192'.
Signed-off-by: Antonio Cardace <acardace@redhat.com>
WPS_EVENT_OVERLAP case was missing on wpa_cli_action_process function in
wpa_cli.c, so when the overlap event occurs, there was no event message
sent to the action script. Add this event case to the function.
Signed-off-by: Berkay Ercan <berkay.ercan@airties.com>
Signed-off-by: Veli Demirel <veli.demirel@airties.com>
When STA is performing roam from WPA3 AP to WPA2 AP, the STA was
including key mgmt FT-SAE instead of FT-PSK in FT Authentication request
RSNE when using driver-based SME. This is because the RSNE/MDE/FTE were
updated and forwarded to the driver using the NL80211_CMD_UPDATE_FT_IES
command before updating key mgmt properly. Because of this, the AP is
rejecting FT Authentication request with WLAN_REASON_UNSPECIFIED reason
code which is due to the invalid keymgmt in RSNE.
Fix this by reordering IE population to happen earlier in the sequence
so that the updated key mgmt information can be provided when using
NL80211_CMD_UPDATE_FT_IES.
Signed-off-by: Shiva Sankar Gajula <sgajula@codeaurora.org>
Add user configured vendor IEs for Probe Request frames to default scan
IEs so that these IEs will be included in the Probe Request frames for
the scans issued also by components other than wpa_supplicant.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Android has a mechanism to extend the driver interface in vendor
specific ways. This implementation of the vendor interface is done in
$(BOARD_WPA_SUPPLICANT_PRIVATE_LIB). Extend this to allow the vendor
events to be provided to this library to facilitate the event
processing.
Introduce a new board configuration via
$(BOARD_WPA_SUPPLICANT_PRIVATE_LIB_EVENT) rather than reusing
$(BOARD_WPA_SUPPLICANT_PRIVATE_LIB) to enable this event handling in the
private library. This is to avoid compilation issues for
wpa_driver_nl80211_driver_event() with the already existing private
library implementations defined with
$(BOARD_WPA_SUPPLICANT_PRIVATE_LIB).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
When an external scan is in progress on the same radio, delay the P2P
search operation based on configuration parameter p2p_search_delay. The
"search_delay" configuration done through p2p_find always takes
precedence over this delay value set due to an external scan trigger.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add a handler to notify failures to fetch the scan results and provide
an option to override default behavior of requesting a new scan in one
second in such an error condition. Use this new handler mechanism to
continue the p2p_find operation (by invoking p2p_scan_res_handled) for
an interim scenario where the p2p_scan attempt fails to get the scan
results from the driver which can happen, e.g., if there are parallel
updates to the cfg80211 scan results.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
If there is a disconnect command from wpa_supplicant immediately after
the driver sends a connection event to userspace but before that event
is received and processed by wpa_supplicant, wpa_supplicant processes
the disconnect command and a self-generated disconnected event first
followed by the connected event received from the driver. As a result
wpa_supplicant moves to the WPA_COMPLETED state. Whereas the driver
processes the disconnect command received from wpa_supplicant after it
sends the connected event and moves to the disconnected state. Due to
this race between the disconnect command from wpa_supplicant and the
connected event from the driver, wpa_supplicant is moving to the
connected state though the driver is moving to the disconnected state
which results in abnormal functionality.
Ignore the connection event coming from the driver when wpa_supplicant
is not trying to connect after a disconnect command is issued but before
the next connect command is issued to fix the above mentioned race
condition.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Replace the implicit boolean checks that used int variables with use of
a more explicit bool variable type.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Support possible band combinations of 2.4 GHz, 5 GHz, and 6 GHz with
QCA_WLAN_VENDOR_ATTR_SETBAND_MASK attribute. Ensure backwards
compatibility with old drivers that are using
QCA_WLAN_VENDOR_ATTR_SETBAND_VALUE attribute and supporting only 2.4 GHz
and 5 GHz bands.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
This functionality was repeated for couple of times. Use a shared helper
function to avoid code duplication.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
When the driver sends a CQM RSSI threshold event, wpa_supplicant queries
the driver for the signal and noise values. However, it is possible that
by that time the station has already disconnected from the AP, so these
values are no longer valid. In this case, indicate that these values are
invalid by setting them to WPA_INVALID_NOISE.
Previously a value of 0 would be reported, which may be confusing as
this is a valid value.
Since nl80211_get_link_signal() and nl80211_get_link_noise() already set
invalid values for a case of failure, just use the value set by these
functions even if they fail.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Brian Norris <briannorris@chromium.org>
Add initial_freq_list to wpa_supplicant configuration. This option
allows wpa_supplicant to scan a smaller list of frequencies when it
starts. This in turn allows for a faster connection to an already known
network. This limit applies only for the initial scan operation and does
not restrict other channels from being used in consecutive scans.
Tests have shown this to reduce the amount of time for connecting to a
network from roughly 3 seconds to roughly 0.1 second.
Signed-off-by: Frederik Juul <frederik.juul@3shape.com>
The hostapd DFS code deinitializes and initializes the AP interface, if
a clean channel switch is not possible. In this case the AP code paths
would deinit the driver, for example nl80211, without wpa_supplicant
code paths getting notice of this.
Therefore add callbacks for wpa_supplicant mesh methods, which are
called on init/deinit of the AP BSS. These callbacks are then used to
handle the reset in the mesh code.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Send mesh group started notification after join completion
callback is called.
Implement outstanding TODO, to leave the mesh network on deinit.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Only change freq params, if ifmsh->freq is set initially, which only
happens if hostapd_get_hw_features in setup_interface2 succeeds.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
The kernel requires indication of DFS handler residing in user space
(NL80211_ATTR_HANDLE_DFS) to enable DFS channels.
Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
Mesh interface would have used its channel parameters that were
configured during initialization even after channel switch due to DFS
radar detection during CAC which could result in a channel switch error.
Fix the error by updating the channel parameters when channel has been
changed from the initial one.
Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
ssid->frequency is one of the variables used to get the channel number
from a given frequency. Leaving it as unchanged when pri/sec channel
switch will cause picking up a wrong channel number after applying the
secondary channel offset for HT40 and leads to failing interface
bring-up.
Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
Mesh join function is the last function to be called during mesh join
process, but it's been called a bit earlier than it's supposed to be, so
that some mesh parameter values such as VHT capabilities were not
applied correct when mesh join is in process. Moreover, the current
design of mesh join that is called directly after mesh initialization
isn't suitable for DFS channels to use, since mesh join process should
be paused until DFS CAC is done and resumed after it's done.
The callback will be called by hostapd_setup_interface_complete_sync().
There is a possibility that completing mesh init fails, so add error
handling codes for that.
Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
If the maximum operating channel width for AP/P2P GO is not specified,
it is auto-selected during configuration. While selecting the channel
width, if VHT is supported and 160 MHz channels are available, 160 MHz
channel width is preferred to 80 MHz.
During the selection of the channel width, the corresponding driver
capabilities were not checked. As a result, the AP/P2P GO configuration
was set to use the available 160 MHz channels even if the driver did not
have capability to support the 160 MHz channel width causing failure to
start the AP/P2P GO.
Fix this by checking the driver support for the 160 MHz channel width
while selecting the channel width for AP/P2P GO.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
Store information on whether extra ANQP elements were received using the
protection alternative (protected GAS during an association using PMF)
and make this available through the control interface BSS command.
For example:
anqp[277]=<hexdump>
protected-anqp-info[277]=1
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Replace the previously used design "(u8 *) (bss + 1)" with a variable
length array at the end of struct wpa_bss bss->ies[] in hopes of making
this easier to understand for static analyzers.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This makes it easier to change the internal struct wpa_bss design for
storing the variable length IE buffers.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This removes need from the callers to know the struct wpa_bss details
for the location of the memory area for storing the IEs.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Use NL80211_ATTR_SAE_PWE attribute to indicate the sae_pwe value
to the driver during the NL80211_CMD_START_AP and NL80211_CMD_CONNECT
in WPA3-Personal networks which are using SAE authentication.
Signed-off-by: Rohan Dutta <drohan@codeaurora.org>
Previously, the configuration to disable the 6 GHz band remained local
to the P2P interface. With this there is a possibility of 6 GHz channels
being included in the channel list when the channel list needs to be
updated if the state changes on one of the interfaces.
Include the configuration to disable the 6 GHz band for P2P as a global
configuration value to prevent the inclusion of 6 GHz channels in the
channel list for P2P when the channel list needs to be updated during
the state change in one of the interfaces.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
Add support to report a vendor specific connect fail reason code fetched
from the driver to users by adding the reason code to the event
CTRL-EVENT-ASSOC-REJECT. Fetch the connect fail reason code when the
driver sends a failure connection result and append the reason code, if
available, to assoc reject event.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The newer kernel versions enforce strict netlink attribute policy
validation and will cause cfg80211 to reject vendor commands with
NL80211_ATTR_VENDOR_DATA if NLA_F_NESTED attribute is not set but
if the vendor command is expecting nested data within
NL80211_ATTR_VENDOR_DATA attribute.
Most of the earlier instances were addressed by adding NLA_F_NESTED
flag in nla_nest_start(). This commit addresses the remaining
instance in which NL80211_ATTR_VENDOR_DATA is populated using data
set by user through the control interface.
Enhance the control interface VENDOR command to indicate whether the
vendor subcommand uses nested attributes within NL80211_ATTR_VENDOR_DATA
attribute or not.
Set NLA_F_NESTED flag for existing QCA vendor commands which use nested
attributes within the NL80211_ATTR_VENDOR_DATA attributes so that the
old frameworks implementations for already existing commands work
without any issues.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Use the common IE parsing routine in hope of trying to make the length
checks easier for static analyzers. In addition, try to make the
*_vendor_ie_multi() cases easier to analyze as well even though they
cannot use for_each_element_id().
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Report failures at lower layer to the upper layer D-Bus handling of
socket registration to allow failures to be addressed more cleanly.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Use the common IE parsing routine in hope of trying to make the length
checks easier for static analyzers.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>