Commit graph

7049 commits

Author SHA1 Message Date
Jouni Malinen
a6ed414c82 TLS: Be more careful in X.509 Time parsing
sscanf() can apparently read beyond the end of the buffer even if the
maximum length of the integer is specified in the format string. Replace
this parsing mechanism with helper functions that use sscanf() with NUL
terminated string to avoid this.

Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15158
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-11 06:34:19 +03:00
Jouni Malinen
d438b4a3ce tests: Fix CFLAGS passing for new fuzzing tools
src/*/Makefile needs to allow additional CFLAGS values to be provided
from the calling Makefiles so that the clang command line arguments to
enable sanitizers consistently. In addition, it can be useful to be able
to provide CC, CFLAGS, and LDFLAGS from external setup while still
requesing LIBFUZZER=y build. Allow that by not overriding these
variables if they are already set.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-11 06:34:19 +03:00
Vamsi Krishna
9c7e4f94de Add a QCA vendor attr to disable auto resume beacon reporting
The driver automatically starts beacon reporting if it pauses the beacon
reporting for any reason other than disconnection. In specific cases,
userspace may not want the beacon reporting to be automatically resumed
after a pause. Add interface support for userspace to specify driver not
to start beacon reporting automatically after a pause.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-05 23:10:56 +03:00
Jouni Malinen
59fcb3f0b1 RADIUS server: Add EAP-Key-Name into Access-Accept
If the EAP Session-ID is available, add it into Access-Accept
(EAP-Key-Name attribute). This is needed for MACsec.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-03 20:27:44 +03:00
Jouni Malinen
b09670abfb macsec_linux: Hook QCA driver wrapper for hostapd MACsec
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-03 20:27:44 +03:00
Jouni Malinen
524dc5bf10 macsec: Do not change eapol_version for non-MACsec cases in hostapd
It is safer to maintain the old EAPOL version (2) in EAPOL frames that
are not related to MACsec and only update the version to 3 for the
MACsec specific cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-03 20:27:44 +03:00
leiwei
a93b369c17 macsec: Support IEEE 802.1X(EAP)/PSK MACsec Key Agreement in hostapd
Signed-off-by: leiwei <leiwei@codeaurora.org>
2019-06-03 20:27:44 +03:00
leiwei
a872bfcf31 macsec: Export eapSessionId
Signed-off-by: leiwei <leiwei@codeaurora.org>
2019-06-03 20:27:44 +03:00
leiwei
0ee6885dae macsec: Store EAP-Key-Name as eapSessionId
Signed-off-by: leiwei <leiwei@codeaurora.org>
2019-06-03 20:27:44 +03:00
leiwei
a90cc1c997 macsec: Note that MKA takes care of EAPOL-MKA processing
Signed-off-by: leiwei <leiwei@codeaurora.org>
2019-06-03 20:27:44 +03:00
leiwei
3e21a47eab macsec_qca: Hook QCA driver wrapper for hostapd MACsec
Signed-off-by: leiwei <leiwei@codeaurora.org>
2019-06-03 20:27:44 +03:00
leiwei
29c832d0ea macsec: Add configuration parameters for hostapd
Signed-off-by: leiwei <leiwei@codeaurora.org>
2019-06-03 20:27:44 +03:00
Jouni Malinen
a1f3f88ac7 tests: New style fuzzing tool for EAP-AKA peer processing
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-06-02 17:02:57 +03:00
Jouni Malinen
23ddc7b810 tests: New style fuzzing tool for EAP-SIM peer processing
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-06-02 16:42:41 +03:00
Shiva Krishna Pittala
1006c4be2d Add QCA vendor attributes for configuring Spectral DMA debug
Add the following vendor attributes under the enum
qca_wlan_vendor_attr_spectral_scan to support the configuration of
Spectral DMA debug.

  1. QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_DMA_RING_DEBUG
	Enable/disable debug of the Spectral DMA ring
  2. QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_DMA_BUFFER_DEBUG
	Enable/disable debug of the Spectral DMA buffers

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-31 23:06:29 +03:00
Edayilliam Jayadev
0fa0858fe7 Add QCA vendor attributes for agile spectral scan
Add QCA vendor attributes to spectral scan related vendor commands to
support agile spectral scan.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-31 23:02:46 +03:00
Hai Shalom
4df4133917 EAP-SIM/AKA: Add support for anonymous@realm
SIM-based EAP authentication with IMSI encryption requires a special EAP
Identity response: anonymous@realm. Then the server sends AKA-Identity
request which is answered with the encrypted IMSI. Add logic that
indicates if the special anonymous identity is used. Otherwise, this
field is used for storing the pseudonym.

Test: Connect to Carrier Wi-Fi, verify correct behavior from captures
Test: Connect to non IMSI encrypted EAP-AKA AP, verify pseudonym usage
Signed-off-by: Hai Shalom <haishalom@google.com>
2019-05-31 16:52:15 +03:00
Srinivas Dasari
14d85a5af7 SAE: Do not send PMKID to the driver if PMKSA caching is disabled
External auth status to the driver includes the PMKID derived as part of
SAE authentication, but this is not valid if PMKSA caching is disabled.
Drivers might not be expecting PMKID when it is not valid. Do not send
the PMKID to the driver in such cases.

Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
2019-05-31 16:52:15 +03:00
Ashok Kumar
2552a3735a SAE: Fix external_auth status in driver-SME STA case with AP SME support
A driver that uses internal AP SME may need to be able to use the
external_auth status operation in station mode, so do not skip this
solely based on drv->device_ap_sme; instead, use that condition only
when operating in AP mode.

Fix external_auth status in non SME case.

Signed-off-by: Ashok Kumar <aponnaia@codeaurora.org>
2019-05-31 16:52:15 +03:00
Hu Wang
683f86778d P2P: Send Action frame regardless if p2p_scan in progress
With radio work design, send Action frame request will be queued and
wait for p2p-scan to finish, so there is no need to delay send_action.

This change revisits the logic (added before the radio work framework)
in below commits:

3f9285f P2P: Delay send_action call if p2p_scan is in progress
f44ae20 P2P: Drop pending TX frame on new p2p_connect
9d562b7 P2P: Add p2p_unauthorize command
63a965c P2P: Fix after_scan_tx processing during ongoing operations
9a58e52 P2PS: Callback to create pending group after sending PD Response
3433721 P2P: Continue p2p_find after sending non-success Invitation Response

Signed-off-by: Hu Wang <huw@codeaurora.org>
2019-05-31 16:52:15 +03:00
Haim Dreyfuss
de6aafaa63 AP: Consider regulatory limitation when filling WMM element
In case the current channel has regulatory WMM limitations, take them
into account when filling the WMM element. Also check if the new WMM
element is different from the previous one and if so change the
parameter_set_count to imply stations to look into it.

Signed-off-by: Haim Dreyfuss <haim.dreyfuss@intel.com>
2019-05-28 23:37:25 +03:00
Haim Dreyfuss
636c02c6e9 nl80211: Add regulatory wmm_limit to hostapd_channel_data
ETSI EN 301 893 v2.1.1 (2017-05) standard defines a new channel access
mechanism that all devices (WLAN and LAA) need to comply with.
In previous versions the device was allowed by ETSI to implement
802.11 channel access mechanism based on a set of priority classes
which are taken from 802.11. According of the new standard there
might be some exceptions which require ETSI countries to follow
more restrictive rules. In such a case the AP's wmm IE need to
comply with ETSI limitation. To be able to do so the regulatory
domain passes the new limitation values if needed.
Implement this, by storing it and use it to calculate the new
WMM parameters.

This commit adds determination of regulator limitations to
NL80211_CMD_GET_WIPHY processing so that the information is available
for upper layer implementation to use later when constructing WMM
element.

Signed-off-by: Haim Dreyfuss <haim.dreyfuss@intel.com>
2019-05-28 18:54:05 +03:00
Pradeep Kumar Chitrapu
c36109e4d9 nl80211: Add support to probe specific mesh link by injecting frames
Add support for injecting frames to a given mesh peer, bypassing the
mpath table lookup using PROBE_MESH_LINK command. This helps to send
data frames over unexercised direct mesh path, which is not selected as
next_hop node. This can be helpful in measuring link metrics.

Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
2019-05-28 14:32:23 +03:00
Jouni Malinen
4087957814 Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2019-04-26.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-28 14:31:29 +03:00
Johannes Berg
b6f8b5a964 nl80211: Update freq only when CSA completes
In the case of the ap_csa_disable test, I frequently see
failures due to the kernel *not* having switched, but the
CSA-STARTED event having been processed, and thus the
frequency having been updated already.

This is wrong at least for AP mode, the frequency we store
for this case internally in nl80211 should only be updated
when the channel switch completes, otherwise we end up in
a situation where the switch is aborted and the kernel is
thus on the old channel, but the internal information has
been updated and every subsequent mgmt-frame TX fails due
to being tagged with the wrong channel.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-05-28 13:48:21 +03:00
Santtu Lakkala
8ba809f67b OpenSSL: Allow ca_cert_blob in PEM format
GnuTLS backend already accepts CA cert blobs in both DER and PEM
formats. Implement similar trial-and-error handling in OpenSSL backend.

Signed-off-by: Santtu Lakkala <santtu.lakkala@jolla.com>
2019-05-28 13:39:01 +03:00
Johannes Berg
d5d156bd92 AP: add station with basic rates configuration
When a new station is added, let it have some supported rates
(they're empty without this change), using the basic rates
that it must support to connect.

This, together with the kernel-side changes for client-side,
lets us finish the complete auth/assoc handshake with higher
rates than the mandatory ones, without any further config.

However, the downside to this is that a broken station that
doesn't check the basic rates are supported before it tries
to connect will possibly not get any response to its auth
frame.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-05-28 13:33:00 +03:00
John Crispin
4f3f33804a HE: Make the basic NSS/MCS configurable
Add a config option to allow setting a custom Basic NSS/MCS set. As a
default we use single stream HE-MCS 0-7.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:45:04 +03:00
John Crispin
63e1940432 HE: Verify supported capabilities
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:42:40 +03:00
John Crispin
0cd5b4ee30 HE: Enable channel switch similarly to VHT
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:42:14 +03:00
John Crispin
958cb34886 HE: Enable DFS similarly to VHT
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:41:49 +03:00
John Crispin
1d2c45ecfc HE: Enable ACS similarly to VHT
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:41:23 +03:00
John Crispin
8b18d2b24e HE: Disable HE on channel 14
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:40:59 +03:00
John Crispin
de21d1d6e2 HE: Handle HE capability in neighbor DB
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:40:33 +03:00
John Crispin
88005ee98d HE: Pass in HE information into hostapd_set_freq_params()
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:33:59 +03:00
John Crispin
ad9a1bfe78 nl80211: Share VHT channel configuration for HE
Set operating channel bandwidth and center frequencies using the same
attributes for VHT and HE.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:03:39 +03:00
John Crispin
78d35b16de HE: Add AP mode MLME/SME handling for HE stations
Process HE information in (Re)Association Request frames and add HE
elements into (Re)Association Response frames when HE is enabled in the
BSS.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:40:48 +03:00
John Crispin
8f5fc369e2 HE: Fix HE Capabilities element variable length encoding
The HE Capibilities element has dynamic size due to the variable length
and optional fields at the end. Mask out the channel width capabilities
that are less than the configured. Only add the MCS/NSS sets for the
announced channel widths and also add the PPET elements.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:30:23 +03:00
John Crispin
0dbc894f46 HE: Fix HE Capabilities indication from driver
The PPE Thresholds information in the end of the HE Capabilities element
is optional and of variable length. struct he_ppe_threshold was not
really used correctly for encoding this, so remove it and just reserve
enough space for the information.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:30:23 +03:00
John Crispin
05b28306f5 HE: Add HE channel management configuration options
These are symmetric with the VHT ones.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:30:05 +03:00
John Crispin
c6b7ac077f HE: Add helpers for getting the channel width parameters
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:30:05 +03:00
John Crispin
39b9d059cd HE: Remove vht_ prefix from acs_adjust_vht_center_freq()
This is used for both VHT and HE, so remove the misleading prefix.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:30:05 +03:00
John Crispin
7118a697f4 HE: Remove vht_ prefix from seg0/seg1_idx in DFS
These are used for both VHT and HE, so remove the misleading prefix.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:30:05 +03:00
John Crispin
f428332d32 HE: Remove vht_ prefix from bw/seg0/seg1_idx in CSA fallback
These are used for both VHT and HE, so remove the misleading prefix.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:30:05 +03:00
John Crispin
f200631c35 HE: Remove vht_ prefix from CSA/bandwidth
Bandwidth is used for both VHT and HE here.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:30:05 +03:00
John Crispin
b04e43086b HE: Remove vht_ prefix from shared set_freq argument
oper_chwidth is used for both VHT and HE here.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:30:05 +03:00
John Crispin
464dcfd030 HE: Remove VHT_ prefix from CHANWITDH_* define
The bandwidth values are shared between VHT and HE mode so remove the
VHT specific prefix.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:27:49 +03:00
John Crispin
846e8396ab HE: Mask out the beamforming capabilities if they are not configured
These bits might be set by the capabilities read from the kernel, so
mask them out if beamforming is not enabled in the local configuration.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:27:41 +03:00
John Crispin
59d9c3a145 nl80211: Allow HE Capability to be set for a STA
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:27:41 +03:00
John Crispin
289a9cf7ae HE: Add HE Operation element to element parser
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:27:41 +03:00