Commit graph

19832 commits

Author SHA1 Message Date
Sergey Matyukevich
809d9d8172 macsec_linux: Hardware offload requires Linux headers >= v5.7
Hardware offload in Linux macsec driver is enabled in compile time if
libnl version is >= v3.6. This is not sufficient for successful build
since enum 'macsec_offload' has been added to Linux header if_link.h
in kernels v5.6 and v5.7, see commits:
- 21114b7fee
- 76564261a7

New libnl with older Linux headers is a valid combination. This is how
hostapd build failure has been detected by Buildroot autobuilder, see:
- http://autobuild.buildroot.net/results/b59d5bc5bd17683a3a1e3577c40c802e81911f84/

Extend compile time condition for the enablement of the macsec hardware
offload adding Linux headers version check.

Fixes: 40c1396644 ("macsec_linux: Add support for MACsec hardware offload")
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
2024-09-01 16:36:11 +03:00
Jouni Malinen
3ab781fb29 tests: DPP and SAE password identifier
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-09-01 16:33:26 +03:00
Jouni Malinen
0012c4433c DPP: Support for provisioning SAE password identifiers (Configurator)
Allow SAE password identifiers to be provisioned to Enrollees that
indicate support for this capability.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-09-01 16:32:39 +03:00
Dan Harkins
782c89c359 DPP: Support for provisioning SAE password identifiers (Enrollee)
DPP supports provisioning of SAE password identifiers to uniquely
identify a password if the enrollee indicates support for them. Indicate
Enrollee support for that and add the received value into the network
profile.

I put everything under defines for CONFIG_DPP3 as this is a bleeding
edge feature in DPP.

This was tested against my DPP reference implementation acting as the
Configurator.

Signed-off-by: Dan Harkins <dharkins@lounge.org>
2024-09-01 16:06:18 +03:00
Cermak Dominik
de40e08f70 nl80211: Pass "global" events to all interfaces
We got connection failures because of outdated channel information.
That's because the NL80211_CMD_REG_CHANGE event is important for all
interfaces.

Commit f136837202 ("nl80211: Pass wiphy events to all affected
interfaces") skips the early termination for events directed to a wiphy,
but that doesn't cover the regulatory change event because it doesn't
have a wiphy set either. Therefore the early termination still kicks in
and from three interfaces, only one got the updated channel list.

Fix this by changing the early termination logic to only apply to events
directed either to a specific interface index for wdev.

Signed-off-by: Dominik Cermak <dominik.cermak@joynext.com>
2024-09-01 15:39:36 +03:00
Jouni Malinen
c3ee46bcbe AP MLD: Check SAE message length without depending on pointer arithemetic
The way this was checked previously used pointer arithmetic could result
in undefined behavior due to the pointer ending up pointing more than
one byte beyond the end of the buffer. Avoid this by checking the buffer
length before incrementing the pointer.

Fixes: bcbe80a66a ("AP: MLO: Handle Multi-Link element during authentication")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-09-01 13:24:29 +03:00
Jouni Malinen
63df62c6c0 AP MLD: Work around delayed STA entry addition for SAE confirm
The driver is expected to have an STA entry for a non-AP MLD ready to
translate the address fields for SAE confirm messages. However, there is
at least a theoretical race condition in a case where the peer sends the
SAE confirm message quickly enough for the driver translation mechanism
to not be available to update the SAE confirm message addresses. Work
around that by searching for the STA entry using the link address of the
non-AP MLD if no match is found based on the MLD MAC address.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-09-01 13:14:12 +03:00
Aditya Kumar Singh
f3fd2f699f tests: AP MLD control socket connectivity test case
Add a simple test case to bring up a two link AP MLD and get the status
of each link via the MLD level control socket.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-09-01 12:09:46 +03:00
Aditya Kumar Singh
14cb3906af AP MLD: Introduce MLD level control interface socket
With MLO, each link have socket created with "<ifname>_link<link id>"
under the control interface directory.

Introduce a MLD level socket "<ifname>" as well under the same control
interface directory. This socket can be used to pass the command to its
partner links directly instead of using the link level socket. Link ID
needs to be passed with the command in a prefix way. If no Link ID is
provided the first link ID is selected.

The structure of the command is -
 "LINKID <link id> <COMMAND APPLICABALE FOR THE LINK>"

Directory looks something like this -
  $ ls /var/run/hostapd/
    wlan0
    wlan0_link0
    wlan0_link1

wlan0 here is the MLD level socket. Rest are each link level sockets.

This also helps to maintain backwards compatibility with applications
which looks for <ifname> under the control interface directory.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-09-01 11:49:00 +03:00
Aditya Kumar Singh
757d8d9aac tests: MLO: Use link ID to access control sockets
With MLO, each BSS will create sockets under the given ctrl_iface
directory with the socket name being '<ifname>_link<link_ID>'.

Make necessary changes in MLO related test cases so that it can access
the new socket and proceed further as expected.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-09-01 11:17:11 +03:00
Karthikeyan Kathirvel
61dfd7ae35 AP MLD: Create link based hostapd control sockets
Create link based control sockets to access the link based commands
through hostapd_cli. This will create the link interfaces in the name of
<ifname>_link<X>

Example:
To fetch link 0 status from wlan0, below command can be used -
    $ hostapd_cli -i wlan0 -l 0 status

On failure of link/interface selection, below error will be observed
    $ hostapd_cli -i wlan0 -l 2 status
    Failed to connect to hostapd - wpa_ctrl_open: No such file or directory

Signed-off-by: Karthikeyan Kathirvel <quic_kathirve@quicinc.com>
Co-developed-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-09-01 11:17:03 +03:00
Jouni Malinen
8625001ce5 tests: Clear scan cache in wifi_display_parsing
This is needed to avoid false failures if an old BSS entry is still
present for dev[0]. This could happen, e.g., with the following test
case sequence: wpas_mesh_max_peering wifi_display_parsing

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-29 20:21:31 +03:00
Shivani Baranwal
b7963348cd Add QCA vendor attribute to disable channel switch initiation
Add a test config u8 attribute to disable the channel switch
initiation in P2P GO mode.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2024-08-29 20:11:06 +03:00
Jouni Malinen
d15403aefb tests: Make rsn_override_mld_too_long_elems more robust
Wait longer for the disconnection event since the previous wait was
exactly the same length as the authentication timeout in wpa_supplicant
and as such, subject to race conditions.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-29 20:10:22 +03:00
Jouni Malinen
3935d78e7b tests: More robust error handling for wifi_display_parsing
Check explicitly that wfd_subelems is present in the dict instead of
failing on a key error when trying to fetch it.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-29 20:10:22 +03:00
Lo,Chin-Ran
2b7277d3f0 USD: Move control interface events to notify.c
This separates the control interface specific generation of a text event
message away from the main implementation of USD and makes it more
convenient to add support for other control interface mechanisms like
dbus.

Signed-off-by: Lo,Chin-Ran <chin-ran.lo@nxp.com>
2024-08-28 11:24:11 +03:00
Vinay Gannevaram
97c6ef2588 QCA vendor interface to set the P2P mode configuration
Add the QCA_NL80211_VENDOR_SUBCMD_SET_P2P_MODE for setting the P2P mode
in which the P2P Group Owner (GO) should be brought up. These modes
include Wi-Fi Direct R1 only, Wi-Fi Direct R2 only, and P2P Connection
Compatibility Mode, which supports both R1 and R2. These modes are
defined in the enum qca_wlan_vendor_p2p_mode.

Signed-off-by: Vinay Gannevaram <quic_vganneva@quicinc.com>
2024-08-28 00:11:42 +03:00
Kiran Kumar Lokere
e33acc2178 Add QCA vendor attribute to change P2P GO beacon interval
Add new QCA vendor attribute to configure the P2P GO beacon interval
dynamically while the BSS continues operating.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-28 00:05:12 +03:00
Shivani Baranwal
59299a8a7d P2P2: Add bootstrapping support with PD frames
Add support for P2P2 bootstrapping with comeback mechanism using
Provision Discovery frames. Extend the control interface command
P2P_CONNECT to allow P2P2 bootstrapping handshake.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2024-08-27 23:50:20 +03:00
Shivani Baranwal
6aa9ad8f8f P2P2: Refactor provision discovery request/response processing
Parse the P2P IEs in functions that handle provision discovery request
and response. Process the frames based on the IEs received in the PD
frames. This makes it easier to extend PD for P2P2 cases.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2024-08-27 10:51:56 +03:00
Shivani Baranwal
b4f9742ee2 P2P2: Process Element container attribute from NAN SDFs
Process the Element Container attribute from NAN SDF frames and check if
P2P attributes are present. Add a P2P peer device entry if the NAN SDF
frame has matching service and P2P capabilities.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2024-08-27 10:51:56 +03:00
Shivani Baranwal
fa389f2a3b P2P2: Parse P2P2 IE
Add parsing of the P2P2 IE similarly to the way the P2P IE is parsed.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2024-08-27 10:51:56 +03:00
Shivani Baranwal
25c6598f30 NAN USD: Add publishChannelList option for Subscriber
Add frequency list to active NAN USD Subscriber to search for a
Publisher on multiple channels. This is the publish channel list used by
the Subscriber to periodically search for a service on these channels.
publishChannelList was already supported in the Publisher and this
commit extends that to the Subscriber.

This is needed for a P2P2 seeker that is an active subscriber looking
for an advertiser on a list of publish channels.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2024-08-27 10:51:56 +03:00
Shivani Baranwal
bcab29a78c P2P2: Device Identity Key generation and storage in configuration
Generate a random device identity key and save it to the config file.
Use the same identity key from config to derive DIRA for NAN SDF frames.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2024-08-27 10:51:56 +03:00
Shivani Baranwal
58ba550c53 FT: Fix writing of ft_prepend_pmkid configuration parameter
This was missing a newline at the end of the line.

Fixes: 8fa52a7974 ("FT: Allow wpa_supplicant to be configured to prepend PMKR1Name")
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2024-08-27 10:51:56 +03:00
Shivani Baranwal
5b0112a185 P2P2: Add DIRA attributes to P2P2 IE of NAN SDFs
Add DIRA attribute in P2P2 IE of NAN Subscribe and Publish frames
to enable support for device identity of paired peers.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2024-08-27 10:51:56 +03:00
Shivani Baranwal
29f70292e5 P2P2: Add PCEA and PBMA attributes to P2P2 IE of NAN SDFs
Add PCEA and PBMA attribute in P2P2 IE of NAN Subscribe and Publish frames
to include the P2P2 capabilities and bootstrapping methods.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2024-08-27 10:51:56 +03:00
Shivani Baranwal
a58b2ba2fc P2P2: Allow P2P IE to be added into NAN SDFs
Extend the NAN Subscribe and Publish methods to allow p2p=1 to be
specified to include P2P attributes in a P2P IE to be added into the NAN
Element Container attribute. In addition, use the P2P Device Address for
the NAN SDFs for the P2P cases.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2024-08-27 10:51:56 +03:00
Shivani Baranwal
ae221945f6 P2P2: New element and attribute definitions
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2024-08-27 10:51:53 +03:00
Shivani Baranwal
633e969311 NAN: Option to offload NAN DE for USD into the driver
Support implementation architecture where the NAN discovery engine is
located in the driver/firmware instead of wpa_supplicant.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2024-08-27 00:26:46 +03:00
Jouni Malinen
87c6b322ee tests: AP MLD and RSN overriding with too long elements
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-23 18:42:55 +03:00
Jouni Malinen
d984172189 RSNO: Check that RSNOE/RSNO2E/RSNXOE fit into RSN Override Link KDE
While these elements fit without issue in production use cases, it is
possible to override the elements for testing purposes and if such
overridden elements are overly long, they would nto fit into the maximum
length RSN Override Link KDE. This could result in difficult to debug
failure cases, so check for this explicitly and instead of sending out
the invalid M3, report the internal issue in the debug log and do not
send M3.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-23 18:40:53 +03:00
Jouni Malinen
c6a8db47c3 tests: RSNXE extensibility
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-23 10:09:10 +03:00
Jouni Malinen
c03edfd5bd Allow IE overriding to use maximum element length
Elements can actually be 257 octets long (2 octets of header followed by
255 octets of payload). The maximum length for various IE override
testing parameters had somehow ended up being one octet too short to
cover the maximum. Increase this to allow the maximum element length to
be reached for testing purposes.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-23 10:07:19 +03:00
Jouni Malinen
7683ce1cff tests: Fix EHT 320 MHz tests to clear sae_groups
These test cases could fail if they happened to be executed after a test
case that set a specific SAE group.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-22 12:09:20 +03:00
Shivam Rai
d9bb64914a PASN: Add a function to configure noauth variable
When the PASN implementation is used as a library for Wi-Fi Aware
applications there is need to allow the Responder to set the noauth
parameter to support opportunistic pairing method using PASN AKMP. Add
pasn_set_noauth() to address this.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-22 11:36:02 +03:00
Shivam Rai
8f21cdf9d7 PASN: Add support to reject PASN auth 1 based on user input
When the PASN implementation is used as a library for Wi-Fi Aware
applications there is need to reject the PASN auth 1 frame based on the
user input. Add support to send PASN auth 2 with failure status for
auth 1 frame received to address this need.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-22 11:28:19 +03:00
Jouni Malinen
18116e38a2 tests: DPP and SAE with short password
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-22 11:27:00 +03:00
Jouni Malinen
882bd2edd5 DPP: Do not restrict SAE password length on Enrollee
The restriction of the passphrase length to 8..63 characters is only
applicable for WPA2-Personal (PSK). Remove this constraint when
processing a configuration object that includes SAE without PSK.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-22 11:26:53 +03:00
Jouni Malinen
503e22025b DPP: Do not restrict SAE password length on Configurator
The restriction of the passphrase length to 8..63 characters is only
applicable for WPA2-Personal (PSK). Remove this constraint when
provisioning a configuration object that includes SAE without PSK.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-22 11:20:20 +03:00
Jouni Malinen
064a46b478 tests: RSN overriding and WPA3-Personal Compatibility Mode
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-20 19:31:00 +03:00
Jouni Malinen
9da9e41612 tests: RSN overriding enabled only on the STA
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-15 20:45:55 +03:00
Veerendranath Jakkam
df8c5e22d7 RSNO: Always enable SNonce cookie and RSN Override elements validation
Always set SNonce cookie and enable RSN Override elements validation
irrespective of the RSN Selection element usage in (Re)Association
Request frame when RSN overriding supported.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2024-08-15 20:45:55 +03:00
Veerendranath Jakkam
bbb55af8c3 RSNO: Skip validating RSN Override elements with MLO when RSN overriding not used
STA needs to skip validating RSN Override elements when RSN overriding
is not used since AP will not send RSN Override elements in EAPOL-Key
message 3/4. This is handled correctly in non-MLO case but in MLO case
wpa_supplicant always validates RSN Override link KDEs. Fix validating
RSN Override elements in MLO case as well.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2024-08-15 20:45:55 +03:00
Jouni Malinen
66d8ac8ccc RSNO: Do not enforce SNonce cookie and RSN Selection match if RSNO not used
A STA that supports RSN overriding will always use the SNonce cookie. An
AP that does not advertise RSN overriding elements must not enforce that
SNonce cookie is used with RSN Selection element since a STA includes
the latter only when it sees the AP advertising RSN overriding elements.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-15 20:45:55 +03:00
Veerendranath Jakkam
70b8f64faf RSNO: Update RSN overriding capability indication to the driver
Modify wpa_supplicant code based on the updated driver interface for RSN
overriding capability indication.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2024-08-14 00:47:31 +03:00
Jouni Malinen
5fd3d05a40 More detailed documentation for QCA_NL80211_VENDOR_SUBCMD_GET_FEATURES
Be more specific on how the QCA_WLAN_VENDOR_ATTR_FEATURE_FLAGS attribute
is used in the response.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-14 00:47:31 +03:00
Veerendranath Jakkam
fd72d395db QCA vendor interface for indicating supplicant support for RSN overriding
Add QCA_NL80211_VENDOR_SUBCMD_CONNECT_EXT to send additional information
such as RSN overriding support of the supplicant for the (re)association
attempts with NL80211_CMD_CONNECT.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2024-08-14 00:47:31 +03:00
Veerendranath Jakkam
88150522ce Use QCA_WLAN_VENDOR_FEATURE_RSN_OVERRIDE_STA only for indicating driver support
Use separate interfaces for indicating driver and supplicant RSN
overriding support. Modifying this interface is fine since this feature
is still under development.

Subsequent commit will define the interface for indicating supplicant
RSN overriding support to the driver.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2024-08-14 00:47:28 +03:00
Aditya Kumar Singh
bc5d3bf623 tests: Enable MLD GTK rekey test
Now that MLO GTK rekey support is added, enable the test case fully.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-08-13 19:24:12 +03:00