This reverts commit 81322fa43d ("tests: Copy A3 into NAN SDF
Follow-up") to allow simplification of the control interface by removing
the external A3 copying.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Wi-Fi Aware spec v4.0 was not clear on all cases and used a bit unclear
definition of A3 use in Table 5 (Address field definiton for NAN SDF
frames in USD). That resulted in the initial implementation using
Wildcard BSSID to comply with the IEEE 802.11 rules on Public Action
frame addressing.
For USD to have chances of working with synchronized NNA devices, A3
needs to be set to the NAN Cluster ID when replying to a frame received
from a synchronized NAN device. While there is no cluster ID for USD,
this can be done by copying the A3 from the received frame. For the
cases where sending out an unsolicited multicast frame, the NAN Network
ID should be used instead of the Wildcard BSSID.
While this behavior is not strictly speaking compliant with the IEEE
802.11 standard, this is the expected behavior for NAN devices, so
update the USD implementation to match.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is needed for cases that are not compliant with the IEEE 802.11
standard rules for Public Action frame addressing. For example, NAN USD
needs this.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
hostapd did not accept NAN SDFs that used NAN Network ID instead of
Wildcard BSSID in A3. Extend this to process NAN Network ID just like
Wildcard BSSID for these frames to allow the specific group address to
be used.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
IEEE P802.11be requires H2E to be used whenever SAE is used for ML
association. However, some early Wi-Fi 7 APs enable MLO without H2E.
Recognize this special case based on the fixed length Basic Multi-Link
element being at the end of the data that would contain the unknown
variable length Anti-Clogging Token field. The Basic Multi-Link element
in Authentication frames include the MLD MAC addreess in the Common Info
field and all subfields of the Presence Bitmap subfield of the
Multi-Link Control field of the element zero and consequently, has a
fixed length of 12 octets.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
When FT is used, reauthentication to generate a new PMK-R0 would be
complicated since the current AP might not be the one with which the
currently used PMK-R0 was generated. IEEE Std 802.11-2020, 13.4.2 (FT
initial mobility domain association in an RSN) mandates STA to perform a
new FT initial mobility domain association whenever its Supplicant would
trigger sending of an EAPOL-Start frame.
Discard received EAPOL-Start frames from STAs that use FT to avoid
unexpected behavior. This is important in particular if a driver were to
allow unprotected EAPOL-Start frames to be processed when TK has been
configured.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Remove nl_msg_free() after send failure for NAN USD commands. Freeing
the nl_msg is already taken care as part of send_and_recv_cmd() for both
success and failure cases.
Fixes: 58f04221fd ("nl80211: NAN USD commands for offloading")
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
The recently added calls to src/ap/pmksa_cache_auth.c needs to be faked
to allow pasn-resp to be built without having to pull in multiple
additional files from src/ap.
Fixes: b7de417c8a ("PASN: Define PMKSA helper functions for initiator and responder")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Addition of the new argument to handle_auth_pasn_1() forgot to update
testing code.
Fixes: 8f21cdf9d7 ("PASN: Add support to reject PASN auth 1 based on user input")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is needed for P2P2 pairing using PASN. The actual processing will
be covered in separate commits.
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
Some of the cleanup changes had lost the "goto fail" and broken the
logic. Restore correct behavior.
Fixes: 58f04221fd ("nl80211: NAN USD commands for offloading")
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
This is needed to derive the PTK correct when Secure LTF support is used
and the additional KDK component needs to be considered.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Fix the placement of documentation of attribute used for the
QCA_NL80211_VENDOR_SUBCMD_CONNECT_EXT command.
Fixes: 97c6ef2588 ("QCA vendor interface to set the P2P mode configuration")
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
Include src/common/nan.h file into src/drivers/driver.h to resolve the
compilation issue "ISO C++ forbids forward references to 'enum' types"
by pulling in the full definition of enum nan_service_protocol_type.
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
This recently added instance did not verify that parsing of nested
attributes succeeded.
Fixes: 15bf093b5b ("hostapd: Fetch multiple radios information from the driver")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The check against MAX_NUM_MLD_LINKS was off by one for the loop that
goes through hapd->partner_links[]. It does not look like this would
actually result in any real issues since the loop is on own set of
configured links. Anyway, it is better to have the bounds checking
accurate.
Fixes: 2042cae9b3 ("AP MLD: Generate and keep per STA profiles for each link")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
There is no need to make a copy of the full struct csa_settings for
this.
Fixes: 5cb6747f97 ("Add support to switch channel when CAC is in progress")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add a new QCA vendor subcommand QCA_NL80211_VENDOR_SUBCMD_CHAN_USAGE_REQ
to support Channel Usage Request. It carries channel usage information
for BSSs that are not infrastructure BSSs or an off channel TDLS direct
link.
Implementation and scheduling of Channel Usage frames are present in the
driver/firmware. One of the key reason for this is that the TSF
timestamp required to be filled in these frames is available only in the
firmware. So, this interface is used to configure the required
parameters to the driver/firmware for Channel Usage Request frame.
This uses attributes defined in enum
qca_wlan_vendor_attr_chan_usage_req.
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
Add QCA vendor test configuration interface to add random PMKIDs in the
RSNE of the (Re)Association Request frames.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Add the PASN Encrypted Data element from IEEE P802.11bh/D6.0 into the
element parser. This is needed for P2P2.
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
Configure the capability flag based on the nl80211 feature advertisement
for NAN USD offload support.
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
Add driver nl80211 support for the NAN USD flush, publish, subscribe,
update publish, cancel publish and cancel subscribe commands for cases
where these operations are offloaded to the driver
(WPA_DRIVER_FLAGS2_NAN_OFFLOAD).
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
Add a function to fragment P2P/P2P2 IE exceeding 255 bytes in size and
use this for P2P IE in GO Negotiation frames in preparation for P2P2.
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
Support generation of the GO Negotiation frames with contents that is
needed for P2P2 wrapped case.
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
It is clearer to use enum p2p_status_code instead of u8 when processing
and passing the P2P Status Code to other components.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add wrapper functions to process and prepare a response for GO
Negotiation and Invitation frames. Send the response Action frames in
handle_ functions. This is in preparation for encapsulating these
messages within PASN Authentication frames for P2P2.
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
Define helper functions to init, add, get, remove, flush, and deinit
PMKSA cache for PASN initiator and responder. P2P devices can be in
a role of pairing initiator and responder. Hence define a cache for
each role separately.
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
Add support to derive KEK in PTK per IEEE P802.11bh/D6.0. This can be
used to encrypt keys and passwords in opportunistic P2P pairing defined
in P2P2.
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
Add a new method "pair" to indicate the connect request perform the
Wi-Fi Direct R2 methods like bootstrapping and pairing for connection.
This fixes control interface command parsing which expects method as
mandatory.
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
If the secondary channel is punctured, the HT operation in the Beacon
frames should not indicate a secondary channel offset.
Co-developed-by: Money Wang <money.wang@mediatek.com>
Signed-off-by: Michael-CY Lee <michael-cy.lee@mediatek.com>
Hardware offload in Linux macsec driver is enabled in compile time if
libnl version is >= v3.6. This is not sufficient for successful build
since enum 'macsec_offload' has been added to Linux header if_link.h
in kernels v5.6 and v5.7, see commits:
- 21114b7fee
- 76564261a7
New libnl with older Linux headers is a valid combination. This is how
hostapd build failure has been detected by Buildroot autobuilder, see:
- http://autobuild.buildroot.net/results/b59d5bc5bd17683a3a1e3577c40c802e81911f84/
Extend compile time condition for the enablement of the macsec hardware
offload adding Linux headers version check.
Fixes: 40c1396644 ("macsec_linux: Add support for MACsec hardware offload")
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Allow SAE password identifiers to be provisioned to Enrollees that
indicate support for this capability.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
DPP supports provisioning of SAE password identifiers to uniquely
identify a password if the enrollee indicates support for them. Indicate
Enrollee support for that and add the received value into the network
profile.
I put everything under defines for CONFIG_DPP3 as this is a bleeding
edge feature in DPP.
This was tested against my DPP reference implementation acting as the
Configurator.
Signed-off-by: Dan Harkins <dharkins@lounge.org>
We got connection failures because of outdated channel information.
That's because the NL80211_CMD_REG_CHANGE event is important for all
interfaces.
Commit f136837202 ("nl80211: Pass wiphy events to all affected
interfaces") skips the early termination for events directed to a wiphy,
but that doesn't cover the regulatory change event because it doesn't
have a wiphy set either. Therefore the early termination still kicks in
and from three interfaces, only one got the updated channel list.
Fix this by changing the early termination logic to only apply to events
directed either to a specific interface index for wdev.
Signed-off-by: Dominik Cermak <dominik.cermak@joynext.com>
The way this was checked previously used pointer arithmetic could result
in undefined behavior due to the pointer ending up pointing more than
one byte beyond the end of the buffer. Avoid this by checking the buffer
length before incrementing the pointer.
Fixes: bcbe80a66a ("AP: MLO: Handle Multi-Link element during authentication")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The driver is expected to have an STA entry for a non-AP MLD ready to
translate the address fields for SAE confirm messages. However, there is
at least a theoretical race condition in a case where the peer sends the
SAE confirm message quickly enough for the driver translation mechanism
to not be available to update the SAE confirm message addresses. Work
around that by searching for the STA entry using the link address of the
non-AP MLD if no match is found based on the MLD MAC address.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add a simple test case to bring up a two link AP MLD and get the status
of each link via the MLD level control socket.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
