Add support for Authentication negotiated over IEEE Std 802.1X
with key derivation function using SHA-384.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
There is a delay between sending Association Response frame after having
received Association Request frame, due to the fact that between
receiving the request and sending the response the Beacon frame contents
is updated, after analyzing inputs from the STA. There may be several
updates if multiple fields need to change. This can cause issues with
some devices in noisy environments with many BSSs and connected STAs.
Optimize this by updating the beacon only once, even if there are
multiple reasons for updates.
Signed-off-by: Jurijs Soloveckis <jsoloveckis@maxlinear.com>
If the number of TBTT info is greater than RNR_TBTT_INFO_COUNT_MAX, the
new Neighbor AP Information field would need to be added in the RNR
element. However, the condition of adding Neighbor AP Information field
does not consider number of TBTT info. That would cause invalid Neighbor
AP Information field (the while loop will fill data by eid pointer) when
setting RNR element.
Signed-off-by: Allen.Ye <allen.ye@mediatek.com>
When it comes to set some BSS's beacon, there are two reasons to
update the beacon of co-located hostapd_iface(s) at the same time:
1. 6 GHz out-of-band discovery
2. MLD operational parameters update
BSS load update is unrelated with the above two reasons, and therefore
is not the case to update beacon for co-location. Moreover, updating
beacon for co-location when BSS load update makes hostapd set beacon too
frequently, which makes hostapd busy setting beacon in a multi-BSS case.
Add a new function to update beacon only for current BSS and use the
function during BSS load update.
Signed-off-by: Michael Lee <michael-cy.lee@mediatek.com>
Signed-off-by: Money Wang <money.wang@mediatek.com>
From IEEE 802.11:
The DSSS Parameter Set element is present within Beacon frames
generated by STAs using Clause 15, Clause 16, and Clause 18
PHYs.
The element is present within Beacon frames generated by STAs
using a Clause 19 PHY in the 2.4 GHz band.
Same is applied to the Probe Response frame.
Do not include the DSSS Parameters Set element when operating on other
bands.
Signed-off-by: Jurijs Soloveckis <jsoloveckis@maxlinear.com>
This is needed to avoid generating an nontransmitted BSS profile that
would claim the Extended Rates element to be non-inherited.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The List of Element ID Extensions field is not an optional field, so
include it in the Non-Inheritance element with Length=0 to indicate that
there is no Element ID Extension List.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
To support Opportunistic Key Caching for Suite B key management, KCK
needs to be stored on PMKSA to derive the new PMKID correctly when
processing reassociation from a STA to a new AP.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Make the current HE BSS color available in STATUS command output since
this can change dynamically based on color collisions.
Signed-off-by: Antonio Prcela <antonio.prcela@gmail.com>
Signed-off-by: Antonio Prcela <antonio.prcela@sartura.hr>
The range for the 5 GHz channel 118 was encoded with an incorrect
channel number.
Fixes: ed8e13decc (ACS: Extract bw40/80/160 freqs out of acs_usable_bwXXX_chan())
Signed-off-by: Michael Lee <michael-cy.lee@mediatek.com>
It is valid to configure an AP to be both backhaul and
fronthaul (multi_ap=3), so we should not test for a missing
fronthaul flag but instead test directly for backhaul capability.
Signed-off-by: Stefan Schake <stefan.schake@devolo.de>
The way these checks were done for WPS enabled APs were unnecessarily
complex and missed one of the cases. Simplify this by doing the check
only once and do that earlier in the process to minimize changes to STA
state.
Fixes: a7f55f7f68 ("WPS: Enable SA Query checks for WPS AP")
Signed-off-by: Jouni Malinen <j@w1.fi>
Currently if ch_switch_vht_config is present, only ieee80211ac config
will be updated in hostapd_config and ieee80211ax/ieee80211be config may
be wrong. Fix this by adding handlings for ch_switch_he_config and
ch_switch_eht_config as well.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
free_cb can be NULL during the pmksa_cache_auth_init() from the modules
using libpasn.so. So check it explicitly before dereferencing.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Increase the first group rekey timeout from 500 ms to 1000 ms when the
number of associated stations is greater than 100. This is to avoid
client disconnections due to group handshake timeout in multiclient
scenarios where it might take more than 500 ms to be able deliver Group
Key msg 1/2 to all associated STAs.
Signed-off-by: Sai Pratyusha Magam <quic_smagam@quicinc.com>
Add support for EHT phy index and maximum NSS as per IEEE P802.11be/D4.0,
9.6.7.36 and 9.4.2.313.4.
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Maximum NSS calculation for HE mode checks if both Tx and Rx support
a given NSS. Modify it to instead check if either of these two support
the given NSS.
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Rename the local variable mcs_nss_size to he_mcs_nss_size in
hostapd_fils_discovery_cap() and hostapd_gen_fils_discovery_nss()
to limit its usage to HE mode.
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Move the phy index determination for FILS discovery frames to a new
function without changing the functionality. HE support is mandatory for
operating in the 6 GHz band hence the phy index will always be set to
FD_CAP_PHY_INDEX_HE for this band.
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
The sae_password_entry is used in this function only if CONFIG_SAE is
defined, so declare this variable only under the same condition.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Update Wide Bandwidth Channel Switch element as per IEEE
P802.11-REVme/D4.0, 9.4.2.159 (Wide Bandwidth Channel Switch element)
and Table 9-314 (VHT Operation Information subfields).
Update New Channel Width, New Channel Center Frequency Segment 0, and
New Channel Center Frequency Segment 1 fields as per IEEE
P802.11-REVme/D4.0 for 160 MHz and 80+80 MHz bandwidth. This replaces
the use of now deprecated Channel Width 2 and 3 values with a more
backwards compatible design.
Signed-off-by: Yuvarani V <quic_yuvarani@quicinc.com>
Currently, during association handling, if any of the iface parameters
changes due to some reason, it calls ieee802_11_set_beacons() function.
This function sets beacon for the all the BSSes in that iface even if
the beacon was not set already. This leads to setting the beacon
prematurely for some BSSes which was intentionally not started.
Fix the above issue by calling ieee802_11_update_beacons() function
instead. This function only updates the beacon if it was already set.
While at it, do the same while freeing STA entry.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Allow the EAP-SIM/AKA server to be configured to use a smaller limit for
the number of times fast re-authentication can be used before falling
back to running full authentication. This is particularly useful for EAP
peer testing to cover cases when falling back from fast
re-authentication to full authentication in various different cases.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The driver might decide to change the operating band on its own, e.g.,
when trying to use a single channel in AP + AP case. A CSA event will be
notified to hostapd to update the channel/frequency, but hw_mode did not
get updated accordingly.
This may cause hostapd interface restarting to fail, e.g., with control
interface DISABLE / ENABLE commands at configured_fixed_chan_to_freq(),
because of the mismatch between conf->channel and conf->hw_mode.
Update hw_mode right after channel change to fix this.
Signed-off-by: ngong <quic_ngong@quicinc.com>
The FTE parser itself used valid data, but the reassembled buffer was
available only during the parser run. That buffer will be needed for the
caller as well since most of the parsed data is used as pointers instead
of copied data.
Store the reassembled buffer in struct wpa_ft_ies and require
wpa_ft_parse_ies() callers to use wpa_ft_parse_ies_free() to free any
possibly allocated temporary data after wpa_ft_parse_ies() calls that
return success (0).
Fixes: 43b5f11d96 ("Defragmentation of FTE")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Extend wpa_ft_mic() to take in an array of link addresses to allow the
FTE MIC to be calculated for Reassociation Request frame as described in
IEEE P802.11be/D4.0, 13.8.4. This commit does not change actual
behavior, i.e., this is just preparing wpa_ft_mic() and the existing
callers with a new argument.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
When a CHANNEL_LIST_CHANGED event is received, memory of
iface->hw_features is freed and allocated again with
hostapd_get_hw_features(), but iface->current_mode still refer to the
original memory address, which is not correct since that memory has been
freed. This could happen in cases where the driver provides channel list
updates during the lifetime of the started BSS.
Fix this by updated iface->current_mode to point to the new array of hw
features.
Fixes: 0837863fbc ("AP: Handle 6 GHz AP state machine with NO_IR flags")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
interfaces.iface[i] might be NULL when going through the cleanup of all
remaining interfaces at the end of the process termination. The changes
for clearing drv_priv in AP MLD cause that cleanup process to crash on
dereferencing a NULL pointer.
Fix this by explicitly checking that the interface context is available
before trying to clear the pointer to driver data.
Fixes: 7fa99b3246 ("AP: Allow starting multiple interfaces within single MLD")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add support to obtain the start channel when checking whether DFS
is required when using 320 MHz channels.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Determine the channel width by operating class for the 6 GHz band when
validating puncturing bitmap. This is needed to allow puncturing to be
used with 320 MHz channels.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add mld_addr configuration option to set the MLD MAC address.
The already existing bssid configuration option can be used to
control the AP MLD's link addresses.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-off-by: Manaswini Paluri <quic_mpaluri@quicinc.com>
When STAs connect to transmitted BSS and nontransmitted BSS, the
AP should assign the aIDs from the same pool.
Use the transmitted BSS AID pool to assign AIDs when the AP enables
multiple BSSID.
Signed-off-by: Allen.Ye <allen.ye@mediatek.com>
Pass bss->ctx instead of drv->ctx in order to avoid multiple reports for
the first bss. The first report would otherwise clear hapd->cca_color and
subsequent reports would cause the iface bss color to be set to 0.
In order to avoid any issues with cancellations, only overwrite the color
based on hapd->cca_color if it was actually set.
Fixes: 33c4dd26cd ("BSS coloring: Handle the collision and CCA events coming from the kernel")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
A copy-paste issue in wpa_ft_bigtk_subelem() ended up encoding the IGTK
value instead of the BIGTK when providing the current BIGTK to the STA
during FT protocol. Fix this to use the correct key to avoid issues when
beacon protection is used with FT.
Fixes: 16889aff40 ("Add BIGTK KDE and subelement similarly to IGTK")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The set of protected elements in the FTE in Reassociation Response frame
is different for MLO. Count RSNE and RSNXE separately for each link.
This implementation uses the number of links for which a GTK was
provided which does not fully match the standard ("requested link") and
a more accurate implementation is likely needed, but that will require
some more complexity and state information.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Parse link id and station MLD address received from the driver in the
NL80211_CMD_NEW_STA event.
Set MLO information of the station to the sta_info and wpa_sm.
Co-authored-by: Manaswini Paluri <quic_mpaluri@quicinc.com>
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Add support to parse association link id and MLD address from the
NL80211_CMD_UPDATE_OWE_INFO event.
Set MLO information of the station to the sta_info and wpa_sm.
Use station association link address for sending DH IE info to the
driver.
Signed-off-by: Manaswini Paluri <quic_mpaluri@quicinc.com>
Use station association link address for sending SAE authentication
status to the driver in AP mode external authentication status.
Signed-off-by: Manaswini Paluri <quic_mpaluri@quicinc.com>
The second argument to memset() is only eight bits, so there is no point
in trying to set 0xffff values for an array of 16-bit fields. 0xff will
do the exact same thing without causing static analyzes warnings about
truncated value.
Fixes: 903e3a1e62 ("FILS: Fix maximum NSS calculation for FD frame")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
ideal_chan is NULL here, so it is not really valid to try to debug print
something from it due to the implied NULL pointer dereferencing.
Fixes: af0f60e7dd ("EHT: Calculate puncturing bitmap for ACS")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Check the ieee802_11_parse_elems() return code and do not proceed in
various cases if parsing failed. Previously, these cases would have been
allowed to continue by ignoring whatever might have followed in the IE
buffer after the first detected parsing failure. This is not really an
issue in practice, but it feels cleaner to explicitly stop when
receiving an invalid set of IEs.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Retrieve the puncturing bitmap sent by the driver in channel select
events for ACS when using the QCA vendor specific event.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
There are two hw modes (5 GHz and 6 GHz) with HOSTAPD_MODE_IEEE80211A
and the current hw mode may be wrong after one channel switch to 6 GHz.
This will cause hostapd_set_freq_params() to return -1 when saving
previous state and the second channel switch to fail. Fix this by adding
hostapd_determine_mode() before every channel switch.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is needed to match the key configuration design with a single
netdev and the nl80211 driver interface.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
In case of MLO AP and legacy client, make sure received EAPOL frames are
processed on the correct BSS.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
In case of MLO AP and legacy client, make sure Management frame TX
status is processed on the correct BSS.
Since there's only one instance of i802_bss for all BSSs in an AP MLD in
the nl80211 driver interface, the link ID is needed to forward the
status to the correct BSS. Store the link ID when transmitting
Managements frames and report it in TX status.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
