Commit graph

19429 commits

Author SHA1 Message Date
Jouni Malinen
06edbdf4da tests: Downgrade to 20 MHz due to regdb constraints
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-02-02 11:16:21 +02:00
Chenming Huang
e650fa4d79 ACS: Handle ACS channel selected event in specified link
When ACS offloaded to the driver, the channel selected event carries
link id to specify the link if operating as AP MLD.

Find the specified link to handle this event.

Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
2024-02-02 10:48:10 +02:00
Chenming Huang
0e91a86ec5 ACS: Add link id if operating as an AP MLD
ACS is triggered per link, so link id is needed for the driver to handle
when the ACS operation is offloaded.

Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
2024-02-02 10:44:46 +02:00
Jouni Malinen
1abdeaa412 wlantest: Fix TK iteration based on the PTK file
Use of ptk_len is not valid here to check what is the length of the
actual TK. Fix this by using ptk->tk_len instead so that the appropriate
decryption function can be selected for cases where the TKs are
configured through the PTK file.

Fixes: ce7bdb54e5 ("wlantest: Extend Management frame decryption to support GCMP and CCMP-256")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-02-01 19:51:56 +02:00
Jouni Malinen
dfaedb2095 tests: Remove WpaSupplicant control interface workarounds
Now that run-tests.py closes the control interface sockets explicitly,
there is no need to try to avoid using dev[] within the D-Bus test
cases.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-31 12:27:48 +02:00
Jouni Malinen
eb1542c8e4 tests: Close wpa_supplicant control interface sockets at the end
Close all the control interface sockets and delete the client socket
files explicitly at the end of the test loop. This removes needs for
various workarounds that tried to force WpaSupplicant and Ctrl class
__del__() to remove the sockets.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-31 12:16:36 +02:00
Johannes Berg
6777ff621a test: dbus: Wait for connection before disconnect (again)
The same thing as we did previously in dbus_p2p_autogo_pbc
can evidently also happen in dbus_p2p_autogo.

The test here wants to connect and then disconnect again,
but it's driven only by the GO side, so the client may end
up (with UML time-travel) not fully connecting, and then
it all fails. Wait for the client to have connected first.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2024-01-31 12:00:27 +02:00
Jouni Malinen
13837a031a tests: AP MLD behavior with multiple STAs
In particular, verify AID assignment by AP MLD to both non-AP MLDs and
non-MLD STAs.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-30 11:56:31 +02:00
Harish Rachakonda
f972420e82 AP MLD: Fix AID allocation for legacy STA
Currently, AID is not allocated properly in hostapd for legacy non-MLD
STA in case of an AP MLD. All such stations have same AID.

Fix this issue by allocating AID properly in hostapd when operating as
an AP MLD and the STA is not an MLD.

Fixes: d924be3bd0 ("AP: AID allocation for MLD")
Signed-off-by: Harish Rachakonda <quic_rachakon@quicinc.com>
2024-01-30 11:50:21 +02:00
Muna Sinada
fe36750b39 Add QCA vendor command to disassociate with peer
This is an event indicating to the user space to disassociate with
peer based on the peer MAC address provided.

Signed-off-by: Muna Sinada <quic_msinada@quicinc.com>
2024-01-29 18:51:44 +02:00
Johannes Berg
44b7b9178b test: dbus: Wait for connection before disconnect
The test here wants to connect and then disconnect again, but it's
driven only by the GO side, so the client may end up (with UML
time-travel) not fully connecting, and then it all fails. Wait for the
client to have connected first.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2024-01-29 11:05:31 +02:00
Jouni Malinen
9fe2970ff6 OpenSSL: Use library functions for HPKE when possible
OpenSSL 3.2 added support for HPKE. Use that implementation when
possible. At least for now, the internal version needs to be included as
well to be able to cover the special DPP use case with brainpool curves.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-28 20:18:07 +02:00
Jouni Malinen
14c5f401f0 Remove forgotted STAKey related functionality in EAPOL-Key Request
The use of a MAC KDE in the Key Data field of an EAPOL-Key Request frame
was only for the STAKey handshake. That handshake was implemented in
2005 as an experimental functionality and it was then removed in 2006.
However, this part of the functionality was forgotten. This does not do
anything in practice, so simplify the implementation and remove it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-28 19:15:08 +02:00
Jouni Malinen
846534c2a3 tests: FILS SK and STA requesting PTK rekeying
Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-28 19:02:55 +02:00
Jouni Malinen
3f60fcdd88 FILS: Fix EAPOL-Key request generation
The Encrypted Key Data field need to be set to 1 whenever using an AEAD
cipher. Without this, the Authenticator would discard the EAPOL-Key
request frame when using FILS.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-28 18:56:47 +02:00
Jouni Malinen
b27086e6eb Discard EAPOL-Key request without Secure=1
EAPOL-Key request is accepted only if the MIC has been verified, so PTK
must have already been derived and Secure=1 needs to be used. Check the
Secure bit explicitly for completeness even though the MIC verification
is already taking care of validating that the sender is in the
possession of valid keys.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-28 18:41:06 +02:00
Jouni Malinen
0967940885 Discard EAPOL-Key Request frames during 4-way handshake
While the Authenticator state machine conditions are already checking
for sm->EAPOLKeyRequest, it seems clearer to explicitly discard any
EAPOL-Key Request frame that is received unexpectedly during a 4-way
handshake.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-28 18:32:03 +02:00
Jouni Malinen
8037c1ad61 Move Key Replay Counter checks for EAPOL-Key frames to helper functions
This simplifies wpa_receive().

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-28 11:38:45 +02:00
Jouni Malinen
2c6147404e Check Key Descriptor Version value earlier in the process
There is no need to try to process the EAPOL-Key frame if it has an
unexpected Key Descriptor Version value. Move these checks to happen
earlier in the sequence. In adition, use a separate helper function for
this to simplify wpa_receive() a bit.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-28 11:26:16 +02:00
Jouni Malinen
bd1e078996 Reject undefined Key Descriptor Version values explicitly
Check that the EAPOL-Key frame Key Descriptor Version value is one of
the defined values explicitly instead of failing to process the Key Data
field later (or end up ignoring the unexpected value if no processing of
Key Data is needed).

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-28 11:22:47 +02:00
Jouni Malinen
fff69bba10 Use more generic checks for Key Descriptor Version 2 and 3
IEEE Std 802.11-2020 describes the rule based on not-TKIP for value 2
and no pairwise cipher condition on value 3, so use that set of more
generic rules here.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-28 11:18:40 +02:00
Jouni Malinen
74a25a6602 Remove always true check on EAPOL-Key message in authenticator
This was practically dead code since no other msg value exist anymore.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-28 11:07:55 +02:00
Jouni Malinen
627c3f35dc tests: EAPOL-Key msg 4/4 protocol testing for invalid Key Data encryption
Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-28 11:06:26 +02:00
Jouni Malinen
c579b07e26 tests: Use the provided timeout for P2P peer discovery
p2p_go_neg_init() ignored the provided timeout value and used the
default 15 second timeout in discover_peer(). This did not allow the
recently added go_neg_pbc() timeout increase for concurrent cases to be
used fully.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-27 11:35:31 +02:00
Thirusenthil Kumaran J
9e9afd9569 Extend frequency configuration to handle 6 GHz channel 2
In hostapd_set_freq_params(), if center_segment0 is 2, call
ieee80211_chan_to_freq() with operating class 136 instead of 131.

This is needed because, channel 2 is an exception in the 6 GHz band. It
comes before channel 1 and is part of operating class 136.

Channels order in 6 GHz:
    2 (Operating Class 136)
    1   5   9 ....  (Operating Class 131)

Signed-off-by: Thirusenthil Kumaran J <quic_thirusen@quicinc.com>
2024-01-26 20:08:41 +02:00
Muna Sinada
8677844db8 Add a QCA vendor attribute to determine QCA device
Add a new attribute for
%QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION subcommand. This
attribute is an 8 bit unsigned value used to specify whether an
associated peer is a QCA device.

Signed-off-by: Muna Sinada <quic_msinada@quicinc.com>
2024-01-26 18:46:10 +02:00
Jouni Malinen
b292b107d6 tests: Make P2P SD multi-query tests more robust
Accept any sequence and number of responses as long as the needed
Bonjour and UPnP services are found.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-26 17:13:37 +02:00
Jouni Malinen
576f462504 P2P: Accept P2P SD response without TX status
If a GAS response is received for a pending SD query, process it even if
the TX status event for the query has not yet been received. It is
possible for the TX status and RX events to be reordered especially when
using UML time-travel, so this is needed to avoid race conditions to
make SD more robust.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-26 17:12:16 +02:00
Jouni Malinen
16a22ef340 nl80211: Increase the hard scan timeout for initial attempt
If both 6 GHz and S1G channels are included, the previously used timeout
was not long enough at least with mac80211_hwsim. Increase the initial
timeout to allow such a scan to be completed.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-26 12:26:36 +02:00
Jouni Malinen
e619dcce31 tests: Allow more time for chirping in dpp_chirp_ap_5g
The full scan at the beginning of the chirping step can take over 15
seconds when 6 GHz and S1G channels are included and the timeout here is
not enough to handle that.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-26 12:18:32 +02:00
Jouni Malinen
30d6231e02 tests: Flush scan cache for rrm_beacon_req_table_detail
Explicitly flush the scan cache in wpa_supplicant and cfg80211 to avoid
test failures here. An additional BSS table entry from a scan based on a
previous test case could result in causing this test case to report
failure since each beacon response could include multiple entries and
the check for the details would fail due to the unexpected data.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-26 12:10:41 +02:00
Jouni Malinen
e41a51285d tests: Make dfs_etsi more robust
Explicitly wait for the STA to complete connection or channel switch
processing before running the second connectivity check.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-26 12:00:24 +02:00
Jouni Malinen
f20ca22dce DFS: Print the random channel list entry selection in debug print
This makes it a bit easier to understand what happens with random
channel selection after radar detection.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-26 11:59:48 +02:00
Jouni Malinen
d88fe8fe5d DFS: Fix a typo in a debug message
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-26 11:42:54 +02:00
Jouni Malinen
2e7b51719b tests: Add more time for concurrent GO group negotiation cases
It is possible for the parallel connection attempt with an AP and P2P
device discovery with P2P search on social channels to take close to the
15 second timeout and these test cases could fail because of that
instead of a real issue. Increase the timeout to make this less likely
to cause test failures. In addition, add a debug entry to the log on the
r_dev timeout to avoid confusing print from the i_dev thread reporting a
timeout even when the first timeout was on the rdev_

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-26 11:18:24 +02:00
Veerendranath Jakkam
e3fb9e6f2d Send actual BTM capability when the driver takes care of BSS selection
wpa_supplicant disables BTM capability in Extended Capabilities element
when wpa_supplicant selects a misbehaving MBO/OCE AP that uses RSN
without PMF, but this is disabling BTM support for whole ESS connection
lifetime though the BTM support can be enabled when the driver takes
care of BSS selection and selects/roams to a BSS which is MBO and OCE
specification compliant. Thus, always set the actual BTM capability in
Extended Capabilities element when the driver takes care of BSS
selection.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2024-01-25 20:11:07 +02:00
Veerendranath Jakkam
2c0cadd6ee wlantest: Adjust kdk_len according to RSNX capability for FT
Commit 0660f31ba0 ("wlantest: wlantest: Adjust kdk_len according to
RSNX capability") added support for PTK derivation and the additional
KDK component when Secure LTF support is used in the non-FT case.

Cover the same for the FT case to derive the correct PTK and consider
the additional KDK component when Secure LTF support is used.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2024-01-25 20:08:08 +02:00
Jouni Malinen
fee037d70d tests: Enable PSK AKMs in EHT+MLO in WPA3 transition mode test
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-25 19:50:07 +02:00
Jouni Malinen
8356a38f48 tests: Do not enable VHT for EHT test cases on 2.4 GHz
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-25 19:41:33 +02:00
Johannes Berg
bf26920792 tests: proxyarp_errors: Sync carrier before sending frame
Similar to other cases before, this may end up trying to
send the frame before the carrier state is ready. Ensure
it's ready before sending the frame.

To do that, rename the sync_carrier() function and make
the ifname argument optional.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2024-01-25 12:01:19 +02:00
Johannes Berg
b7ed69206d tests: FST: Leave time to process session request
Due to scheduling in UML time-travel, the test may continue
running and find that the failure didn't trigger when really
the frame just didn't make it through to the other side. Add
some time for the necessary processing.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2024-01-25 12:00:59 +02:00
Chenming Huang
6c334d9f04 nl80211: Set allowed frequency list per link for AP MLD
QCA_WLAN_VENDOR_ATTR_CONFIG_AP_ALLOWED_FREQ_LIST needs be to set per
link if operating as an AP MLD.

Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
2024-01-24 18:32:50 +02:00
mukul sharma
42cd2376fd Enhance QCA vendor interface with new SAR version numbers
Add more SAR version numbers in the qca_wlan_vendor_sar_version.

Signed-off-by: Mukul Sharma <quic_mukul@quicinc.com>
2024-01-24 12:47:54 +02:00
Jouni Malinen
5ae8838a06 Make test code easier for static analyzers
The previous os_strncmp() calls have already verified that there is a
space in the string, so this os_strchr() call cannot really return NULL.
Anyway, make this easier for static analyzers to understand.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-22 22:16:49 +02:00
Jouni Malinen
c03377cf27 SAE: Fix resource leak on reading a separate password file
The file needs to be closed on all paths before exiting from the
function.

Fixes: e748e50c62 ("SAE passwords from a separate file")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-22 22:16:46 +02:00
Jouni Malinen
348c047afd ACS: More consistent checking of the best channel pointer
It looks like best might be NULL in some cases, so check for this
explicitly before trying to dereference it for a debug print.

Fixes: 733de85680 ("ACS: Fix not selecting the best channel in the segment")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-22 21:58:06 +02:00
Jouni Malinen
5d54bf6fb6 Fix error path on Key Data field decryption
key_data_buf is already freed on the common exit path, so do not try to
free it here on error.

Fixes: 4abc37e67b ("Support Key Data field decryption for EAPOL-Key msg 2/4 and 4/4")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-22 21:54:34 +02:00
Jouni Malinen
a4d599a53d FT: Fix architecture for RxKH loading from a file
src/ap/ap_config.c is not really supposed to call directly into a
function in hostapd/config_file.c. Furthermore, the wrapper through
ap_config.c did not really have any real value since it just called a
function that is within hostapd/*.c and that wrapper was called from
hostapd/*.c.

Instead of the wrapper, just call the function directly within the
hostapd directory.

Fixes: 392114a179 ("FT: Add dynamic reload of RxKH definitions from file")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-22 21:30:10 +02:00
Jouni Malinen
0b95d1346f OpenSSL: Fix a memory leak on an error path
peerkey from EVP_PKEY_new() needs to be freed on all error paths.

Fixes: b062507670 ("OpenSSL: Implement crypto_ecdh routines without EC_KEY for OpenSSL 3.0")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-22 21:16:47 +02:00
Jouni Malinen
f873abd0d9 tests: Allow valgrind suppressions to be used
This makes valgrind reports somewhat cleaner when external libraries
have memory leaks that are not straighforward to fix. In addition,
increase the number of functions to include backtraces since the default
was not large enough to cover some cases.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-22 21:16:47 +02:00