Allow background radar detection flag to be set when specifying a
channel. This is a preliminary change to introduce radar/CAC background
detection support.
Tested-by: Owen Peng <owen.peng@mediatek.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Add the capability to specify all 3 channel type possibilities in
dfs_downgrade_bandwidth(). This is a preliminary change to introduce
radar/CAC background detection support.
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
RSA low-level routines were deprecated in OpenSSL 3.0.
EVP_PKEY_get_bits(), or its older and more backwards compatible name
EVP_PKEY_bits() can be used here instead.
Signed-off-by: Jouni Malinen <j@w1.fi>
EVP_PKEY_get0_EC_KEY() and EC_KEY_get0_group() were deprecated in
OpenSSL 3.0. Add a version of this by determining the group without
fetching the EC_KEY itself from an EVP_PKEY.
Signed-off-by: Jouni Malinen <j@w1.fi>
EC_GROUP_get_curve_GFp() was deprecated in OpenSSL 3.0.
EC_GROUP_get_curve() can be used to do the exact same thing. Add a
backwards compatibility wrapper for older OpenSSL versions to be able to
use this newer function.
Signed-off-by: Jouni Malinen <j@w1.fi>
OpenSSL 3.0 deprecated EVP_PKEY_cmp() and replaced it with EVP_PKEY_eq()
which is not available in older versions.
Signed-off-by: Jouni Malinen <j@w1.fi>
There can be some discrepancy between the theorical dfs cac end (as
computed with the cac duration and cac start) and the actual cac end as
reported by the driver. During that window, the value of remaining time
outputed by the status command on the socket control interface will
display an overflowed, invalid value.
To mitigate this lets compute the remaining time as signed and display
it only when positive, otherwise defaulting it to 0.
Status command shows something like that when polling every seconds:
state=DFS
cac_time_seconds=60
cac_time_left_seconds=1
...
state=DFS
cac_time_seconds=60
cac_time_left_seconds=0
...
state=DFS
cac_time_seconds=60
cac_time_left_seconds=4294967294
...
state=DFS
cac_time_seconds=60
cac_time_left_seconds=4294967293
...
state=DFS
cac_time_seconds=60
cac_time_left_seconds=4294967292
...
state=ENABLED
cac_time_seconds=60
cac_time_left_seconds=N/A
Signed-off-by: Nicolas Escande <nico.escande@gmail.com>
The current code generates a warning when compiled by Clang, because if
we goto 'fail:', password_len can be uninitialised when we pass it in to
bin_clear_free().
Note that the actual usage is safe, because bin_clear_free() ignores
the second argument if the first argument is NULL, but it still seems
worth cleaning up.
Signed-off-by: Alasdair Mackintosh <alasdair at google.com>
This makes it easier for non-SOAP cases to validate HTTP server name
(from the URL) match against the certificate.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add QCA_WLAN_TWT_NOTIFY command type to send event to userspace when AP
changes TWT required bit field in its capabilities.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add support for new QCA nested attributes to pass the AFC channel
information as part of the external ACS request command,
EXTERNAL_ACS_EVENT_CHAN_INFO.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is mainly for testing purposes to allow a Configurator to the curve
between provisioning cases. This would not work for real deployement
cases unless every Enrollee were reconfigured.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
DPP network introduction requires all devices to use the same curve for
netAccessKey. Enforce that this happens based on hardcoding the curve
based on the first successful configuration object generation if no
explicit configuration of the curve was used.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is not properly defined in the technical specification and will
need to be clarified there. Change the implementation to use a design
that is more likely to be used in the cleaned up tech spec.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Allow the Configurator to be configured to use a specific curve for the
netAccessKey so that it can request the Enrollee to generate a new key
during the configuration exchange to allow a compatible Connector to be
generated when the network uses a different curve than the protocol keys
used during the authentication exchange.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The encoded CSR could have been leaked if another memory allocation were
to fail in this function. Use a shared return path to free the allocated
temporary buffers to avoid this.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Extend dpp_test testing functionality to allow the Protocol Version
attribute to be removed or modified to invalid value in Reconfig
Authentication Request.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Allow PKEX v1-only or v2-only behavior to be specific for the Responder
role. This is mainly for testing purposes.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add a QCA vendor attribute to enable FFT recapture on user trigger.
Enable FFT recapture only when spectral scan period is greater than 52
us.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Allow the first Tunnel-Password RADIUS entry to be used for SAE in
addition to the sae_password entries and wpa_passphrase parameters from
the static configuration file.
Signed-off-by: Mario Hros <git@reversity.org>
Report background radar/CAC detection capability if supported
by the underlying driver/hardware.
Tested-by: Owen Peng <owen.peng@mediatek.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Introduce type parameter to dfs_get_valid_channel() routine to allow
selection of a radar-only channel where the CAC detection has not been
performed yet. This is a preliminary patch to enable background
radar/CAC detection.
Tested-by: Owen Peng <owen.peng@mediatek.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
This is a preliminary change to introduce radar/CAC background detection
support.
Tested-by: Owen Peng <owen.peng@mediatek.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Do not use the first octet of the PPE Thresholds field without
explicitly confirming that that octet was included in the element.
Furthermore, allow the received element to have additional octets in the
end since IEEE Std 802.11ax-2021 defines this to be an extensible
element and new fields could be added to the end of it in the future.
Fixes: 0497e41481 ("HE: Fix HE Capabilities element size")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The previously used calculation was not correct for the cases where the
extra padding field was needed. Fix this by properly calculating the
number of full octets in the field.
Fixes: 0497e41481 ("HE: Fix HE Capabilities element size")
Signed-off-by: Shiva Sankar Gajula <quic_sgajula@quicinc.com>
Couple of the WPS/P2P/RADIUS-PSK cases were freeing heap memory
allocations without explicitly clearing the PSK value. Add such clearing
for these to avoid leaving the PSK in memory after it is not needed
anymore.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Unlike the other keys that were cleared here, the PMK is available
without FT support built into hostapd and as such, should be cleared in
all cases.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This makes it easier to scan process memory for key information that is
not supposed to remain there after the last use.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The current operating frequency information was already cleared when
stopping other modes, but the cases for stopping AP mode were not
covered. Clear bss->freq in wpa_driver_nl80211_del_beacon() to cover
these cases. In addition, move clearing of bss->beacon_set there to
avoid having to clear that in all callers separately.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add a NAN NDP attribute QCA_WLAN_VENDOR_ATTR_NDP_SERVICE_ID which
indicates service id with 6 bytes of length and it's derived from the
SHA-256 hash of the NAN service name. As per Wi-Fi Aware Specfication
version 3.2, this service ID is used to calculate the NAN PMK.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Set the cipher suite for the link. Unlike the other parameters, this
needs to be done with the first rtnl_link_add() call (NLM_F_CREATE))
instead of the update in try_commit() since the kernel is rejecting
changes to the cipher suite after the link is first added.
Signed-off-by: leiwei <quic_leiwei@quicinc.com>
Allow macsec_csindex to be configured and select the cipher suite when
the participant acts as a key server.
Signed-off-by: leiwei <quic_leiwei@quicinc.com>
If the TX frame operation does not request any wait time, there is not
going to be any pending wait that could be cancelled later. As such,
there is no need to store the cookie value for these cases. This removes
unnecessary cancel-TX-wait operations that would result in some extra
latency and confusing debug log entries.
This was found with the following hwsim test case sequence where the
second test was failing due to the extra latency and this commit gets
rid of that failure:
rrm_ftm_range_req_timeout dpp_qr_code_auth_neg_chan
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
drv->send_frame_cookies[] was already cleared, but
dev->send_frame_cookie was not. This resulted in unnecessary attempts of
canceling the TX wait for a wait that had already expired. While this
does not really result in real issues, it is cleaner to get rid of the
error messages from the debug log by skipping the unnecessary
operations.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add the enum qca_wlan_vendor_attr_pcl elements to mark the maximum value
of the defined attributes for the preferred channel list. This is
helpful for nla_parse().
Signed-off-by: Sreeramya Soratkal <quic_ssramya@quicinc.com>
That wpa_supplicant header file is not needed for driver_atheros.c and
maybe was never really needed, so do not include it here to avoid
potentially conflicting C preprocessor defines.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is helpful for understanding why an assocation attempt takes
unexpectedly long time to complete.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Check driver support for SA Query offload in AP mode and skip starting
SA Query timer on CSA for OCV enabled STAs when the driver indicates
support for offloading SA Query procedures.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This brings in nl80211 definitions as of 2022-01-04. In addition, update
nl80211_command_to_string() to cover the new defined commands.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add QCA_NL80211_VENDOR_SUBCMD_MCC_QUOTA. When two or more interfaces are
active on the same band and two different home channels (MCC), the
target may allocate quota of "on channel" time for each home channel.
The target will indicate the quota information to application layer with
this event. Application may do TX bitrate control based on the
information. The user may also set the MCC quota for an interface by
using this command.
Signed-off-by: Liangwei Dong <quic_liangwei@quicinc.com>
Signed-off-by: Madhvapathi Sriram <quic_msriram@quicinc.com>
