The initial Authenticator implementation depended on the Key Data field
being empty for EAPOL-Key msg 4/4. This worked fine for years in
practice, but in theory, vendor specific elements or KDEs could have
been added inti EAPOL-Key msg 4/4 and that would have broken this
design. In addition, the MLD case did introduce a KDE into EAPOL-Key msg
4/4 and required changes here.
As an initial step to make this more robust for future extensions,
recognize a received EAPOL-Key message as msg 4/4 if it is for RSN
(i.e., not WPAv1), has Secure=1, contains an unencrypted Key Data field,
and does not include RSNE.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Allow additional elements and KDEs to be added to EAPOL-Key msg 1/4 and
3/4 and allow EAPOL-Key msg 3/4 Key Data field to be not encrypted.
These are for testing purposes to enable a convenient mechanism for
testing supplicant behavior with either potential future extensions or
incorrect Authenticator behavior.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Avoid race conditions (especially with UML time travel) between AP
completion of 4-way handshake and traffic test.
Signed-off-by: Jouni Malinen <j@w1.fi>
Handle the center frequency to channel mapping more cleanly by skipping
the cases where the center frequencies are not set and verifying that
the mapping succeeds when they are set.
Signed-off-by: Jouni Malinen <j@w1.fi>
seg0 and seg1 variables can have any initial value, but they may cause
the BSS to have a wrong configuration later on in cases where the
separate center frequencies are not set.
Signed-off-by: Baligh Gasmi <gasmibal@gmail.com>
When p2p->state == P2P_LISTEN_ONLY, the statement before it
'p2p->cfg->is_p2p_in_progress(p2p->cfg->cb_ctx)' will be true, too, so
this function will print a message "Operation in progress" and return;
the workaround to handle listen failure will be never reached.
I met such an error when the 'remain-on-channel' command failed, then
the function p2p_ext_listen_timeout() just printed 'Operation in
progress' again and again, and the listen operation was not started
anymore.
Fixes: 0f1034e388 ("P2P: Refrain from performing extended listen during P2P connection")
Signed-off-by: zhuhai <zhuhai.mail@163.com>
There are multiple redundant MIN macro declarations, some of which are
not protecting against side effects. Move it to common.h instead.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
There is currently a bias towards moving to higher bands but not one
against moving away from them. Fix that.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
Decrease the roam difficulty when roaming across the short background
scan threshold (i.e., when the current BSS RSSI is below the threshold
and the selected BSS RSSI is above the threshold). This tends to happen
in normal roaming scenarios when moving from the domain of one AP to
the domain of another.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
The test cases that used country code ZA for the actual test on the 5
GHz band ended up failing in some cases due to various race conditions
with the initial AP start on the 5 GHz band using country code US.
Reduce the risk for that type of failures by using the same country code
ZA for both AP starts.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add a test that runs the cfg80211/mac80211 kunit tests (they must be
built as modules to run at this point), and checks the results. The test
is skipped if all the modules fail to load.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
These updates do not cause the PMKSA cache to become invalid. As such,
allow setting any of bssid_hint, bssid_ignore, and bssid_accept without
clearing the cache and causing the current connection to be dropped
immediately.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
If the Authentication frame response did not contain the expected ML
element (or it was invalid), we cannot continue with the ML association.
As such, the only choice we have in this case is to abort the
association.
If we do continue, we would end up sending the Association Request frame
with our MLD MAC address.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
The previous implementation would find the correct TBTT record in the
RNR but then always copied the BSSID from the first record out. Fix this
to copy the BSSID from the current position.
Fixes: de5e01010c ("wpa_supplicant: Support ML probe request")
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Compare the BSSID against the BSSIDs on the affiliated APs for which
there is a valid link in case of an ML association.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
The kernel will reject commands if newer attributes are included even
though they should not be. Add appropriate checks in set_ap().
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Older kernel versions may not support all attributes and may refuse
commands that include them. To avoid sending too new attributes query
the highest supported attribute. This allows adding appropriate checks
where needed.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Previously, we would only pass the event to the first interface that
matches. However, one wiphy can have multiple interfaces and each one
needs to get the event delivered. Without this, it could e.g. happen
that a radar detection event is forwarded to p2p-dev-wlan0 and not to
the wlan0 interface which actually needs it.
As such, keep iterating if we are processing a wiphy match and send the
event to all affected BSSs.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
The dpp_test DPP_TEST_STOP_AT_AUTH_CONF case is supposed to prevent the
GAS exchange from happening. It was possible to bypass that testing
functionality if the TX status event for the Authentication Confirm
message was lost or delayed long enough for the GAS Request to be
proessed first. This could happen at least with UML time travel.
Work around this by checking for the special dpp_test case within GAS
request handling.
Signed-off-by: Jouni Malinen <j@w1.fi>
The Extended Request subelement of a Beacon Request is expected to also
include the Requested Element ID field (that identifies the Element ID
used to indicated extended elements) which needs to be skipped to get
the Requested Element ID Extensions.
Fixes: 2d4f905214 ("RRM: Add support for including extended ID elements in beacon report")
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Add tests for new response handling logic:
1. Verify MSCS change response handling in association / action frame.
2. Verify MSCS unsolicited response handling.
Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
Align MSCS response handling as described in IEEE P802.11-REVme/D4.0,
11.25.3 (MSCS procedures):
AP may send unsolicited MSCS Response frame using dialog_token == 0.
Instead of dropping the frame due to dialog_token mismatch, accept
it and set the status accordingly.
Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
Align MSCS response handling as described in IEEE P802.11-REVme/D4.0,
11.25.3 (MSCS procedures):
If an MSCS Descriptor element is present in a MSCS Response
frame that does not indicate a status of "SUCCESS", the request
type field is set to "change" - the element indicates a suggested
set of parameters that could be accepted by the AP in response to a
subsequent request by the non-AP STA.
Handle both MSCS Response frame and (Re)Association Response frame with
change request by extending WPA_EVENT_MSCS_RESULT with the change
values.
Note: since we extend MSCS_RESULT event, move the original event from
both MSCS Response frame and (Re)Association Response frame handlers to
a common function that handles now both 'change' and other response.
Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
It looks like the first broadcast frame might be missed in some cases,
so increase the timeout here to allow another round of frames to be
attempted.
Signed-off-by: Jouni Malinen <j@w1.fi>
fils_offload_to_driver2 and wpas_config_file_key_mgmt require
CONFIG_FILS=y, but they did not use check_fils_capa().
Signed-off-by: Jouni Malinen <j@w1.fi>
This was done with spatch using the following semantic patch and minor
manual edits to clean up coding style and avoid compiler warnings in
driver_wext.c:
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) == 0
+ ether_addr_equal(a, b)
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) != 0
+ !ether_addr_equal(a, b)
@@
expression a,b;
@@
- !os_memcmp(a, b, ETH_ALEN)
+ ether_addr_equal(a, b)
Signed-off-by: Jouni Malinen <j@w1.fi>
Missing array referencing ended up only the first entry in the list to
be compared.
Fixes: 31fcea931d ("WPS 2.0: Add support for AuthorizedMACs attribute")
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes a code more readable for the large number of cases that use
os_memcmp() to check whether two ethernet addresses are equal.
Signed-off-by: Jouni Malinen <j@w1.fi>
If CONFIG_FILS isn't set, the compiler complains about unused variables.
Fix it.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Fix build of wpa_supplicant if bgscan_simple is enabled while
WNM is not, as in the defconfig.
Fixes: ceb7f65dcc ("bgscan: Allow simple bgscan to do BTM queries")
Signed-off-by: Chien Wong <m@xv97.com>
Fix commit 5545d995b3 which could use undefined symbol
testing_fail_alloc() in os_malloc() if CONFIG_WPA_TRACE=y is used
without CONFIG_WPA_TRACE_BFD=y.
Fixes: 5545d995b3 ("trace: Share common implementation for TEST_FAIL and TEST_ALLOC_FAIL")
Signed-off-by: Jintao Lin <jintaolin@chromium.org>
As otherwise the mld_link_id would be 0, which the driver would
consider a valid link id and would return an error.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
The AP MLD MAC address is meant to be preserved here, but since it's
reset to zeroes before attempting to authenticate in
nl80211_mark_disconnected(), we can't just point to the AP MLD MAC
address in drv->auth_ap_mld_addr. Fix it by using a copy.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Verifying that the station can successfully associate again
after being deauthenticated or disassociated.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
When a station tries to authenticate to an AP that is affiliated with an
AP MLD, we need to remove all station instances from all the APs.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
If the station is not an MLO station do not attempt to find the
association station and return false in the ML specific disconnection
processing.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>