Commit graph

19493 commits

Author SHA1 Message Date
Jouni Malinen
f7a903654f Extend mechanism to distinguish EAPOL-Key msg 2/4 from 4/4
The initial Authenticator implementation depended on the Key Data field
being empty for EAPOL-Key msg 4/4. This worked fine for years in
practice, but in theory, vendor specific elements or KDEs could have
been added inti EAPOL-Key msg 4/4 and that would have broken this
design. In addition, the MLD case did introduce a KDE into EAPOL-Key msg
4/4 and required changes here.

As an initial step to make this more robust for future extensions,
recognize a received EAPOL-Key message as msg 4/4 if it is for RSN
(i.e., not WPAv1), has Secure=1, contains an unencrypted Key Data field,
and does not include RSNE.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-16 15:52:34 +02:00
Jouni Malinen
8afeb0760d tests: Supplicant protocol testing for EAPOL-Key msg 1/4 and 3/4
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-16 13:06:49 +02:00
Jouni Malinen
3547ed403d Authenticator side testing functionality for EAPOL-Key Key Data field
Allow additional elements and KDEs to be added to EAPOL-Key msg 1/4 and
3/4 and allow EAPOL-Key msg 3/4 Key Data field to be not encrypted.
These are for testing purposes to enable a convenient mechanism for
testing supplicant behavior with either potential future extensions or
incorrect Authenticator behavior.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-16 13:04:59 +02:00
Jouni Malinen
2a61071182 tests: Make wpas_ap_wps more robust
Avoid race conditions (especially with UML time travel) between AP
completion of 4-way handshake and traffic test.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-14 21:27:38 +02:00
Jouni Malinen
38719f113e Verify center frequency seg0/seg1 mapping result before use
Handle the center frequency to channel mapping more cleanly by skipping
the cases where the center frequencies are not set and verifying that
the mapping succeeds when they are set.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-14 21:14:42 +02:00
Baligh Gasmi
acea0654f0 Initialize the variables before using it in channel update
seg0 and seg1 variables can have any initial value, but they may cause
the BSS to have a wrong configuration later on in cases where the
separate center frequencies are not set.

Signed-off-by: Baligh Gasmi <gasmibal@gmail.com>
2024-01-14 21:13:24 +02:00
Jouni Malinen
97403b7fef tests: Longer association comeback time
Verify functionality with 10000 TU comeback time in addition to the
hostapd default of 1000 TU.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-14 21:13:24 +02:00
朱海
af6e21faa0 P2P: Fix a logical error of workaround of extended listen failure
When p2p->state == P2P_LISTEN_ONLY, the statement before it
'p2p->cfg->is_p2p_in_progress(p2p->cfg->cb_ctx)' will be true, too, so
this function will print a message "Operation in progress" and return;
the workaround to handle listen failure will be never reached.

I met such an error when the 'remain-on-channel' command failed, then
the function p2p_ext_listen_timeout() just printed 'Operation in
progress' again and again, and the listen operation was not started
anymore.

Fixes: 0f1034e388 ("P2P: Refrain from performing extended listen during P2P connection")
Signed-off-by: zhuhai <zhuhai.mail@163.com>
2024-01-14 21:13:24 +02:00
Andrei Otcheretianski
abc239a0b0 Get rid of multiple MIN macros
There are multiple redundant MIN macro declarations, some of which are
not protecting against side effects. Move it to common.h instead.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2024-01-14 20:13:20 +02:00
Matthew Wang
5290523db3 Apply a symmetrical bias against moving away from higher bands
There is currently a bias towards moving to higher bands but not one
against moving away from them. Fix that.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2024-01-14 20:07:25 +02:00
Matthew Wang
05474b34bf Decrease cross-threshold roam difficulty with bgscan_simple
Decrease the roam difficulty when roaming across the short background
scan threshold (i.e., when the current BSS RSSI is below the threshold
and the selected BSS RSSI is above the threshold). This tends to happen
in normal roaming scenarios when moving from the domain of one AP to
the domain of another.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2024-01-14 20:03:31 +02:00
Jouni Malinen
9aa82da229 tests: Make ACS tests more reliable
The test cases that used country code ZA for the actual test on the 5
GHz band ended up failing in some cases due to various race conditions
with the initial AP start on the 5 GHz band using country code US.
Reduce the risk for that type of failures by using the same country code
ZA for both AP starts.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-14 19:42:23 +02:00
Johannes Berg
c0674fb4f4 tests: Add a test for kernel KUnit tests
Add a test that runs the cfg80211/mac80211 kunit tests (they must be
built as modules to run at this point), and checks the results. The test
is skipped if all the modules fail to load.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2024-01-14 17:54:27 +02:00
Benjamin Berg
73f06af143 wpa_supplicant: Do not invalidate PMKSA cache for bssid_* updates
These updates do not cause the PMKSA cache to become invalid. As such,
allow setting any of bssid_hint, bssid_ignore, and bssid_accept without
clearing the cache and causing the current connection to be dropped
immediately.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2024-01-14 17:50:17 +02:00
Benjamin Berg
05c167eb0a MLD: Fail connection if ML Authentication frame could not be parsed
If the Authentication frame response did not contain the expected ML
element (or it was invalid), we cannot continue with the ML association.
As such, the only choice we have in this case is to abort the
association.

If we do continue, we would end up sending the Association Request frame
with our MLD MAC address.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2024-01-14 17:47:48 +02:00
Benjamin Berg
a80dcf0e24 MLD: Read the correct BSSID from the RNR
The previous implementation would find the correct TBTT record in the
RNR but then always copied the BSSID from the first record out. Fix this
to copy the BSSID from the current position.

Fixes: de5e01010c ("wpa_supplicant: Support ML probe request")
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2024-01-14 17:43:00 +02:00
Ilan Peer
906dade4f9 RRM: Handle scan TSF BSSID matching in context of MLD
Compare the BSSID against the BSSIDs on the affiliated APs for which
there is a valid link in case of an ML association.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2024-01-14 17:37:40 +02:00
Jouni Malinen
12cdeb5016 nl80211: Print driver name in debug output
This can be helpful in debugging some driver specific issues.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-14 17:32:22 +02:00
Jouni Malinen
197b440c49 nl80211: Print kernel version in debug output
This can be helpful in debugging some kernel specific issues.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-14 17:18:57 +02:00
Benjamin Berg
5ae010aae5 nl80211: Avoid sending unsupported attributes
The kernel will reject commands if newer attributes are included even
though they should not be. Add appropriate checks in set_ap().

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2024-01-14 17:13:37 +02:00
Benjamin Berg
7fec9e7bc1 nl80211: Retrieve maxattr via genl for nl80211
Older kernel versions may not support all attributes and may refuse
commands that include them. To avoid sending too new attributes query
the highest supported attribute. This allows adding appropriate checks
where needed.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2024-01-14 17:11:24 +02:00
Benjamin Berg
f136837202 nl80211: Pass wiphy events to all affected interfaces
Previously, we would only pass the event to the first interface that
matches. However, one wiphy can have multiple interfaces and each one
needs to get the event delivered. Without this, it could e.g. happen
that a radar detection event is forwarded to p2p-dev-wlan0 and not to
the wlan0 interface which actually needs it.

As such, keep iterating if we are processing a wiphy match and send the
event to all affected BSSs.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2024-01-14 17:03:06 +02:00
Jouni Malinen
44b233b641 tests: Increase timeout for dpp_qr_code_auth_broadcast
This allows another initiation round to be executed if the first
broadcast frame fails to get through.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-14 12:44:15 +02:00
Jouni Malinen
f9b3ecb0ad DPP: Work arouind missing Auth Confirm ACK for testing
The dpp_test DPP_TEST_STOP_AT_AUTH_CONF case is supposed to prevent the
GAS exchange from happening. It was possible to bypass that testing
functionality if the TX status event for the Authentication Confirm
message was lost or delayed long enough for the GAS Request to be
proessed first. This could happen at least with UML time travel.

Work around this by checking for the special dpp_test case within GAS
request handling.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-14 12:10:04 +02:00
Ilan Peer
bcc28d4453 tests: Add couple of MBO and RRM tests with MLD
To validate correct operation when configured as MLD.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2024-01-14 11:48:28 +02:00
Ilan Peer
655794898f RRM: Fix the parsing of the Extended Request subelement in beacon req
The Extended Request subelement of a Beacon Request is expected to also
include the Requested Element ID field (that identifies the Element ID
used to indicated extended elements) which needs to be skipped to get
the Requested Element ID Extensions.

Fixes: 2d4f905214 ("RRM: Add support for including extended ID elements in beacon report")
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2024-01-14 11:42:04 +02:00
Daniel Gabay
75ac1f1ac0 tests: Extend MSCS testing
Add tests for new response handling logic:
1. Verify MSCS change response handling in association / action frame.
2. Verify MSCS unsolicited response handling.

Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
2024-01-14 11:26:56 +02:00
Daniel Gabay
3055838ebe tests: Refactor MSCS
Add helper functions for common logic.

Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
2024-01-14 11:19:43 +02:00
Daniel Gabay
b9983b35db MSCS: Process unsolciited MSCS Response frames
Align MSCS response handling as described in IEEE P802.11-REVme/D4.0,
11.25.3 (MSCS procedures):

AP may send unsolicited MSCS Response frame using dialog_token == 0.
Instead of dropping the frame due to dialog_token mismatch, accept
it and set the status accordingly.

Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
2024-01-14 11:13:02 +02:00
Daniel Gabay
b427683bf0 MSCS: Extend MSCS response handling
Align MSCS response handling as described in IEEE P802.11-REVme/D4.0,
11.25.3 (MSCS procedures):

If an MSCS Descriptor element is present in a MSCS Response
frame that does not indicate a status of "SUCCESS", the request
type field is set to "change" - the element indicates a suggested
set of parameters that could be accepted by the AP in response to a
subsequent request by the non-AP STA.

Handle both MSCS Response frame and (Re)Association Response frame with
change request by extending WPA_EVENT_MSCS_RESULT with the change
values.

Note: since we extend MSCS_RESULT event, move the original event from
both MSCS Response frame and (Re)Association Response frame handlers to
a common function that handles now both 'change' and other response.

Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
2024-01-14 11:12:38 +02:00
Jouni Malinen
db036b5345 MSCS: Use a define for the MSCS Descriptor element fixed field length
Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-14 11:07:34 +02:00
Jouni Malinen
6aa16abbe4 tests: Allow more time for dpp_qr_code_no_chan_list_broadcast
It looks like the first broadcast frame might be missed in some cases,
so increase the timeout here to allow another round of frames to be
attempted.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-14 00:21:57 +02:00
Jouni Malinen
30975951de tests: Skip test cases that need FILS if CONFIG_FILS=y was not used
fils_offload_to_driver2 and wpas_config_file_key_mgmt require
CONFIG_FILS=y, but they did not use check_fils_capa().

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-13 23:48:38 +02:00
Jouni Malinen
2d83d224ff Use ether_addr_equal() to compare whether two MAC addresses are equal
This was done with spatch using the following semantic patch and minor
manual edits to clean up coding style and avoid compiler warnings in
driver_wext.c:

@@
expression a,b;
@@
-	os_memcmp(a, b, ETH_ALEN) == 0
+	ether_addr_equal(a, b)

@@
expression a,b;
@@
-	os_memcmp(a, b, ETH_ALEN) != 0
+	!ether_addr_equal(a, b)

@@
expression a,b;
@@
-	!os_memcmp(a, b, ETH_ALEN)
+	ether_addr_equal(a, b)

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-13 23:47:21 +02:00
Jouni Malinen
58027cfecc WPS: Fix authorized MAC removal
Missing array referencing ended up only the first entry in the list to
be compared.

Fixes: 31fcea931d ("WPS 2.0: Add support for AuthorizedMACs attribute")
Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-13 23:47:20 +02:00
Jouni Malinen
95123ab3b3 Introduce ether_addr_equal()
This makes a code more readable for the large number of cases that use
os_memcmp() to check whether two ethernet addresses are equal.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-13 23:47:20 +02:00
Andrei Otcheretianski
76616a46b9 RSN: Fix (B)IGTK MLO KDE length print
Array pointer was mistakenly printed instead of actual length.
Fix it.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2024-01-13 23:47:20 +02:00
Andrei Otcheretianski
f048e66260 wpa_supplicant: Don't assign pointer to bool
As it may result in compilation error.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2024-01-13 23:47:20 +02:00
Jouni Malinen
e0a2b3222d Fix compiler warnings on supplicant build with PASN but no FILS
Get rid of unused variables and functions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-13 23:47:20 +02:00
Andrei Otcheretianski
8e8964cdbd AP: Fix compilation warning in hapd_pasn_update_params()
If CONFIG_FILS isn't set, the compiler complains about unused variables.
Fix it.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2024-01-13 23:47:20 +02:00
Chien Wong
a2fd63964c build: bgscan_simple depends on WNM
Fix build of wpa_supplicant if bgscan_simple is enabled while
WNM is not, as in the defconfig.

Fixes: ceb7f65dcc ("bgscan: Allow simple bgscan to do BTM queries")
Signed-off-by: Chien Wong <m@xv97.com>
2024-01-13 23:47:20 +02:00
Jintao Lin
628f286102 trace: Fix compilation issue due to using an undefined symbol
Fix commit 5545d995b3 which could use undefined symbol
testing_fail_alloc() in os_malloc() if CONFIG_WPA_TRACE=y is used
without CONFIG_WPA_TRACE_BFD=y.

Fixes: 5545d995b3 ("trace: Share common implementation for TEST_FAIL and TEST_ALLOC_FAIL")
Signed-off-by: Jintao Lin <jintaolin@chromium.org>
2024-01-13 23:47:20 +02:00
Ilan Peer
cbcd056ece AP: Fix a typo in function name
Rename hostpad_dfs_update_background_chain() to
hostapd_dfs_update_background_chain().

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2024-01-13 23:47:20 +02:00
Benjamin Berg
594f85e30b mesh: Set the mld_link_id to -1 when adding a station
As otherwise the mld_link_id would be 0, which the driver would
consider a valid link id and would return an error.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2024-01-13 23:47:20 +02:00
Johannes Berg
f40a588335 nl80211: Fix AP MLD MAC address on auth retry
The AP MLD MAC address is meant to be preserved here, but since it's
reset to zeroes before attempting to authenticate in
nl80211_mark_disconnected(), we can't just point to the AP MLD MAC
address in drv->auth_ap_mld_addr. Fix it by using a copy.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2024-01-13 22:33:22 +02:00
Ilan Peer
9dcb72046f tests: Add MLD tests for deauthentication and disassociation
Verifying that the station can successfully associate again
after being deauthenticated or disassociated.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2024-01-13 22:32:04 +02:00
Ilan Peer
38711a011f AP MLD: Remove link stations on a new station authentication
When a station tries to authenticate to an AP that is affiliated with an
AP MLD, we need to remove all station instances from all the APs.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2024-01-13 22:29:21 +02:00
Ilan Peer
c6f519ff15 AP: Support deauthenticate/disassociate with MLD
When requested to deauthenticate/disassociate a station also handle the
corresponding MLD stations.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2024-01-13 22:29:19 +02:00
Ilan Peer
9c937c8891 AP: Move hostapd_ml_get_assoc_sta() to shared
So it could be used from different contexts.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2024-01-13 22:20:30 +02:00
Ilan Peer
ea401c168e AP MLD: Fix station lookup in hostapd_ml_get_assoc_sta()
If the station is not an MLO station do not attempt to find the
association station and return false in the ML specific disconnection
processing.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2024-01-13 22:17:21 +02:00