This allows the DPP Configuration Object from a Configurator to be
extended with 3rd party information. This information can be provided as
a part of the existing configuration specification mechanisms with the
new extra_name=<string> and extra_value=<hexdump encoded JSON>.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This allows the DPP Configuration Request Object from an Enrollee to be
extended with 3rd party information. The new dpp_extra_conf_req_name and
dpp_extra_conf_req_value configuration parameters specify the name of
the added JSON node and its contents. For example:
dpp_extra_conf_req_name=org.example
dpp_extra_conf_req_value={"a":1,"b":"test"}
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add a new vendor subcommand QCA_NL80211_VENDOR_SUBCMD_SCS_RULE_CONFIG
for configuration event of Stream Classification Service (SCS) rule.
Also define the attributes present in this subcommand.
Signed-off-by: Harsh Kumar Bijlani <quic_hbijlani@quicinc.com>
Add a new vendor attribute QCA_WLAN_VENDOR_ATTR_CONFIG_DBAM to
configure Dedicated Bluetooth Antenna Mode (DBAM). It is used to
switch between dedicated antenna mode for BT and COEX shared
antenna mode for WLAN and BT.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This extends Relay functionality to allow a Controller to intitiate a
new DPP exchange in addition to the previously supported case where the
exchange was initiated through a DPP Public Action frame.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Allow the Responder/Initiator hash values to be corrupted in Push Button
Presence Announcement messages for testing purposes.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add support to use a push button -based bootstrap mechanism with DPP.
The new DPP_PUSH_BUTTON control interface command enables this mode on
the AP/hostapd and station/wpa_supplicant. This goes through the
following sequence of events: a suitable peer in active push button mode
is discovered with session overlap detection, PKEX is executed with
bootstrap key hash validation, DPP authentication and configuration
exchanges are performed.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add feature capability indication for P802.11az security for the drivers
to advertise capabilities such as secure LTF support, secure RTT
measurement exchange support, and protection of range negotiation and
measurement management frames for station and AP interfaces
independently. This allows a more fine-tuned capability indication as an
alternative to the upstream nl80211 mechanism that is not specific to
the operating mode.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add vendor command QCA_NL80211_VENDOR_SUBCMD_COAP_OFFLOAD to
enable/disable offload processing in firmware for CoAP messages
(RFC7252: The Constrained Application Protocol) or fetch the
CoAP messages cached during offload processing.
Signed-off-by: Yu Wang <quic_yyuwang@quicinc.com>
Add the following two vendor attributes to send TIM beacon
statistics to userspace which can be used for power saving:
QCA_WLAN_VENDOR_ATTR_LL_STATS_TIM_BEACON
QCA_WLAN_VENDOR_ATTR_LL_STATS_TIM_BEACON_ERR
Signed-off-by: Jingxiang Ge <quic_jge@quicinc.com>
Define QCA vendor interface for PASN offload to userspace from the driver.
The driver can send this command as an event to a userspace component to
perform PASN authentication with a list of peers with which the driver
needs to do ranging. The userspace component, if capable of performing
PASN handshake, can perform PASN handshake with all the peer devices and
set the relevant keys by sending the
QCA_NL80211_VENDOR_SUBCMD_SECURE_RANGING_CONTEXT command for each peer
to the driver.
Once PASN handshake is completed with all requested peers, the userspace
component sends consolidated status for all the peers to the driver. The
consolidated report is required for the driver to understand that the
PASN handshake process is complete and whether it succeeded/failed for
each of the peers it was requested for. The secure ranging context is
configured only for the peers with which the PASN handshake succeeded.
When the driver requests PASN keys, the userspace component can set the
keys from its cache if those keys have not already expired and were
derived with the same source MAC address that is requested by the driver
instead of doing the full PASN handshake again.
If the driver detects that current keys of a peer are not valid anymore,
it sends a notification to userspace using the
QCA_NL80211_VENDOR_SUBCMD_PASN command and setting the action to
QCA_WLAN_VENDOR_PASN_ACTION_DELETE_SECURE_RANGING_CONTEXT. The userspace
component should delete the corresponding keys from its cache.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add a new QCA vendor attribute
QCA_WLAN_VENDOR_ATTR_CONCURRENT_POLICY_AP_CONFIG to
QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_POLICY sub command to set the
concurrency policy for AP interface.
QCA_WLAN_VENDOR_ATTR_CONCURRENT_POLICY_AP_CONFIG uses the values
defined in enum qca_wlan_concurrent_ap_policy_config to specify
concurrency policy.
Signed-off-by: Purushottam Kushwaha <quic_pkushwah@quicinc.com>
Rename QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_MULTI_STA_POLICY to
QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_POLICY to allow extension for other
interface type(s). A subsequent commit will extend the renamed
definitions in a manner that is inconsistent with the current naming.
This is a precursor for AP/P2P concurrency policy configuration support
via updated vendor command QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_POLICY.
Signed-off-by: Purushottam Kushwaha <quic_pkushwah@quicinc.com>
Move most of CHANWIDTH_* definitions from ieee80211_defs.h to defs.h as
the definitions are getting used mostly for internal purpose only. Also
change prefix of the definitions to CONF_OPER_CHWIDTH_* and update in
all the files accordingly.
Leave the couple of VHT-specific exceptions to use the old defines (the
reason why they were originally added as VHT values), to avoid use of
clearly marked configuration values in information elements. In
addition, use the defines instead of magic values where appropriate.
Signed-off-by: Aleti Nageshwar Reddy <quic_anageshw@quicinc.com>
Add QCA vendor event to indicate user space that the driver recovery is
completed after the internal failure reported with
QCA_NL80211_VENDOR_SUBCMD_HANG.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Add a new QCA vendor attribute
QCA_WLAN_VENDOR_ATTR_CONFIG_AUDIO_DATA_PATH to
QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION to configure audio data
path.
Possible audio data paths are defined in enum qca_wlan_audio_data_path.
Signed-off-by: Purushottam Kushwaha <quic_pkushwah@quicinc.com>
Vendor command to get the WLAN radio combinations matrix supported by
the device which provides the device simultaneous radio configurations
such as standalone, dual band simultaneous, and single band
simultaneous.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The initial OCV implementation validating this field in the OCI element
for both the 80+80 MHz and 160 MHz cases. However, IEEE Std 802.11-2020,
12.2.9 ("Requirements for Operating Channel Validation") limitis that
verification step for the 80+80 MHz case: "Verifying that, if operating
an 80+80 MHz operating class, the frequency segment 1 channel number ...
is equal to the Frequency Segment 1 Channel Number field of the OCI."
Remove this check for the 160 MHz case since there has been incorrect
interpretation on how the Frequency Segment 1 Channel Number field of
the OCI element is set in this case (using VHT rules for CCFS2). The
modified validation step is meets the real need here, is compliant with
the standard, and avoids potential interoperability issues when using
contiguous 160 MHz channels.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add QCA_ATTR_ROAM_CONTROL_RX_LINKSPEED_THRESHOLD value as the RX link
speed threshold to disable roaming. If the current link speed is above
the threshold, there is no need to roam.
Signed-off-by: Jianmin Zhu <quic_jianminz@quicinc.com>
Add a new QCA vendor attribute
QCA_WLAN_VENDOR_ATTR_ACS_LAST_SCAN_AGEOUT_TIME to
QCA_NL80211_VENDOR_SUBCMD_DO_ACS and opportunistically optimize time
taken for ACS scan. Avoid scanning the channels which were scanned
within last QCA_WLAN_VENDOR_ATTR_ACS_LAST_SCAN_AGEOUT_TIME milliseconds
and use scan results from the scan results cache for ACS scoring. For
other channels, perform ACS scan and use the received scan results.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
A few of the comments in the QCA vendor commands have a space
character before a tab. That is pointless, and some code style
checkers may complain about it, so remove the spaces.
Signed-off-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Parse the host information, if present, in bootstrapping URI and allow
such information to be added when generating the URI.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Use local variables and common checking of the selector (or vendor
specific IE header) to make the bounds checking easier to understand.
Signed-off-by: Jouni Malinen <j@w1.fi>
The EHT changes made this checking inconsistent. If he_cap can be NULL
in case of EHT being enabled, better make sure it does not get
dereferenced without an explicit check.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is testing code, but it's better to check the return value
explicitly even if this were not really able to fail in practice.
Signed-off-by: Jouni Malinen <j@w1.fi>
This information was already available from the nl80211 control port RX
path, but it was not provided to upper layers within wpa_supplicant and
hostapd. It can be helpful, so parse the information from the driver
event.
Signed-off-by: Jouni Malinen <j@w1.fi>
Do not consider optional octets maximum lengths when validating EHT
fixed fields length. Furthermore, do not use the first two octets of the
PPE Thresholds field without explicitly confirming that these octets
were included in the element and fix PPE Thresholds field length
calculation.
Fixes: a6d1b4c46c ("EHT: Process (Re)Association Request frame capabilities")
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Modify hostapd_set_freq_params() to include EHT parameters and update
the calling functions to match.
Signed-off-by: Muna Sinada <quic_msinada@quicinc.com>
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
Set bit 21 in the neighbor report for an EHT AP as described in IEEE
P802.11be/D1.5, 9.4.2.36. Also move the check for HE outside the check
for HT as neither HT nor VHT are enabled in the 6 GHz band.
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
Parse and store pointers to EHT Capabilities and Operation elements
received in Management frames.
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
Define the following fields described in IEEE P802.11be/D1.5:
- 9.4.2.311 EHT Operation element
- 9.4.2.313 EHT Capabilities element
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
Add QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_11BE_EMLSR_MODE value to allow
or disallow eMLSR hardware mode for IEEE 802.11be MLO capable devices.
If this attribute is set to 1, and if the firmware supports this
capability too, the STA advertises this capability to the AP over
Association Request frame. This attribute will not have any effect on
legacy devices with no IEEE 802.11be support.
Signed-off-by: Gururaj Pandurangi <quic_panduran@quicinc.com>
EINTR will cause the loop to restart, which means that the total
time could be significantly longer than 10 seconds.
Signed-off-by: Alan DeKok <aland@deployingradius.com>
This information element is similar to the CSA one. It contains a
counter and the target color. Once the counter expired, the change to
the new color happens.
Just note the current implementation is based on CCA counter attributes
that only take Beacon and Probe Response framesinto account.
(Re)Association Response frames do not currently have kernel APIs to
decrement the CCA counter since mediatek mcu firmware does not support
it yet and it will be added in future firmware release.
Tested-by: Peter Chiu <chui-hao.chiu@mediatek.com>
Co-developed-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Add the core code for handling BSS color collision events and triggering
CCA inside the kernel. The caller of hostapd_switch_color() will be
added in the following commits.
Tested-by: Peter Chiu <chui-hao.chiu@mediatek.com>
Co-developed-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
The new DPP_BOOTSTRAP_GEN command parameter supported_curves can be used
to specify a colon separated list of supported curves. Information from
a parsed URI shows this information with a new supp_curves line in the
DPP_BOOTSTRAP_INFO output.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add support to reset eLNA bypass configuration to default behavior.
If value of 2 is configured, the driver can choose either to
disable/enable eLNA bypass control and there is no enforcement
from userspace.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add Transmit Power Envelope element for 6 GHz per IEEE Std
802.11ax-2021.
Currently, this uses hard coded EIRP/PSD limits which are applicable to
6 GHz operation in United states, Japan, and Korea. Support to extract
power limits from kernel data will be added after complete regulatory
support is added for the 6 GHz band.
Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
Add new field definitions for the 6 GHz Operation Information field in
the HE Operation element per IEEE Std 802.11ax-2021, 9.4.2.249. These
will be used for TPC operation in the 6 GHz band.
Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
Add a QCA_WLAN_VENDOR_FEATURE_USE_ADD_DEL_VIRTUAL_INTF_FOR_NDI
flag to indicate that the driver requires add/del virtual interface
path using the generic nl80211 commands for NDP interface create/delete
and to register/unregister of netdev instead of creating/deleting
the NDP interface using vendor commands.
With the latest Linux kernel (5.12 version onward), interface
creation/deletion is not allowed using vendor commands as it leads to a
deadlock while acquiring the RTNL_LOCK during the register/unregister of
netdev. Create and delete NDP interface using NL80211_CMD_NEW_INTERFACE
and NL80211_CMD_DEL_INTERFACE commands respectively if the driver
advertises this capability.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This makes the debug log clearer for one of the more likely cases of
"invalid group cipher" preventing RSNE parsing.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This allows upper layers to learn about associated stations requesting
BSS transition management from the AP.
Signed-off-by: Chaoli Zhou <quic_zchaoli@quicinc.com>
dpp_configurator_params changes were taken into use in the
non-TCP/Controller case immediately on change, but that was not the case
for the Controller where this was updated only when explicitly starting
it. Change this to update dpp_configurator_params for the Controller as
well even if it is already running.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
PKEX Exchange Request handling in Controller used incorrect msg_ctx
pointer and that could result in event messages causing unexpected
behavior. Fix this by registering the correct msg_ctx pointer for these
cases.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The current code generates a warning when compiled by Clang, because if
we goto 'fail:', password_len can be uninitialised when we pass it in to
bin_clear_free().
Note that the actual usage is safe, because bin_clear_free() ignores
the second argument if the first argument is NULL, but it still seems
worth cleaning up.
Signed-off-by: Alasdair Mackintosh <alasdair at google.com>
Add QCA_WLAN_TWT_NOTIFY command type to send event to userspace when AP
changes TWT required bit field in its capabilities.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add support for new QCA nested attributes to pass the AFC channel
information as part of the external ACS request command,
EXTERNAL_ACS_EVENT_CHAN_INFO.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is mainly for testing purposes to allow a Configurator to the curve
between provisioning cases. This would not work for real deployement
cases unless every Enrollee were reconfigured.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
DPP network introduction requires all devices to use the same curve for
netAccessKey. Enforce that this happens based on hardcoding the curve
based on the first successful configuration object generation if no
explicit configuration of the curve was used.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is not properly defined in the technical specification and will
need to be clarified there. Change the implementation to use a design
that is more likely to be used in the cleaned up tech spec.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Allow the Configurator to be configured to use a specific curve for the
netAccessKey so that it can request the Enrollee to generate a new key
during the configuration exchange to allow a compatible Connector to be
generated when the network uses a different curve than the protocol keys
used during the authentication exchange.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The encoded CSR could have been leaked if another memory allocation were
to fail in this function. Use a shared return path to free the allocated
temporary buffers to avoid this.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Extend dpp_test testing functionality to allow the Protocol Version
attribute to be removed or modified to invalid value in Reconfig
Authentication Request.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Allow PKEX v1-only or v2-only behavior to be specific for the Responder
role. This is mainly for testing purposes.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add a QCA vendor attribute to enable FFT recapture on user trigger.
Enable FFT recapture only when spectral scan period is greater than 52
us.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add a NAN NDP attribute QCA_WLAN_VENDOR_ATTR_NDP_SERVICE_ID which
indicates service id with 6 bytes of length and it's derived from the
SHA-256 hash of the NAN service name. As per Wi-Fi Aware Specfication
version 3.2, this service ID is used to calculate the NAN PMK.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add the enum qca_wlan_vendor_attr_pcl elements to mark the maximum value
of the defined attributes for the preferred channel list. This is
helpful for nla_parse().
Signed-off-by: Sreeramya Soratkal <quic_ssramya@quicinc.com>
Add QCA_NL80211_VENDOR_SUBCMD_MCC_QUOTA. When two or more interfaces are
active on the same band and two different home channels (MCC), the
target may allocate quota of "on channel" time for each home channel.
The target will indicate the quota information to application layer with
this event. Application may do TX bitrate control based on the
information. The user may also set the MCC quota for an interface by
using this command.
Signed-off-by: Liangwei Dong <quic_liangwei@quicinc.com>
Signed-off-by: Madhvapathi Sriram <quic_msriram@quicinc.com>
Introduce a new vendor command
QCA_NL80211_VENDOR_SUBCMD_RATEMASK_CONFIG. This is used to set the rate
mask config to be used in MCS rate selection per PHY type.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Currently the moderate latency level is not used. Rename the moderate
latency level to XR latency level to be used in XR (extended reality)
applications.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
DPP Enrollee might wait for the configuration for 60 seconds, so
increase the DPP Configurator timeout for the GAS server operation to 60
seconds to cover that full wait time. This is needed for cases where
user interaction can take significant amount of time before the
configuration response can be generated.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This provides an alternative mechanism for upper layer components to
control configuration parameters to be used by the local Configurator.
Instead of the previously used design where the Configurator parameters
had to be provided before initiating the DPP Authentication exchange,
the new alternative approach allows the DPP Authentication exchange to
be started before any Configurator parameters have been determined and
wpa_supplicant will then request the parameters once the DPP
Configuration Request has been received from the Enrollee. This allows
the Config Request information to be used at upper layers to determine
how the Enrollee should be configured.
For example for an Initiator:
CTRL: DPP_QR_CODE <URI from Responder/Enrollee>
CTRL: DPP_AUTH_INIT peer=1 conf=query
<3>DPP-CONF-NEEDED peer=1 src=02:00:00:00:00:00 net_role=sta name="Test" opclass=81,82,83,84,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130 mud_url=N/A
(upper layer processing; potentially including user interaction)
CTRL: DPP_CONF_SET peer=1 conf=sta-sae ssid=736165 pass=70617373776f7264
<3>DPP-CONF-SENT
For example for a Responder:
CTRL: SET dpp_configurator_params conf=query
CTRL: DPP_LISTEN 2412 role=configurator
<3>DPP-CONF-NEEDED peer=2 src=02:00:00:00:01:00 net_role=sta name="Test" opclass=81,82,83,84,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130 mud_url=N/A
(upper layer processing; potentially including user interaction)
CTRL: DPP_CONF_SET peer=2 conf=sta-sae ssid=736165 pass=70617373776f7264
<3>DPP-CONF-SENT
For example for an Initiator that can act both as a Configurator and an
Enrollee in a case where the Initiator becomes the Enrollee:
CTRL: DPP_AUTH_INIT peer=1 role=either conf=query
<3>DPP-CONF-RECEIVED
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Extend the GAS server functionality to allow a request handler to return
the initial comeback delay with a later callback instead of having to
indicate the comeback delay when returning from the handler function.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The TCP code path did not handle the postponed connection attempt on TX
status and the following result message from the Enrollee to the
Configurator. Fix this by adding TCP-versions of these operations to
match the way wpa_supplicant implemented this for the Public Action
frames.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This extends dpp_test functionality to allow DPP Network Introduction
exchanges to use an incorrect value in the Protocol Version attribute.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Use a separate ver=<1|2> parameter to DPP_PKEX_ADD instead of
overloading init=1 with version indication. This allows additional
options for forcing v1-only and v2-only in addition to automatic mode
(start with v2 and fall back to v1, if needed).
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Extend the peer queue flush command with following attributes
1. Enable to flush per TID peer queue
2. Enable to configure when to flush the peer/TID queue
Signed-off-by: Madhvapathi Sriram <quic_msriram@quicinc.com>
Replace the word "blacklist" with the inclusive word "denylist" and add
aliases for backward compatibility.
Signed-off-by: Arowa Suliman <arowa@chromium.org>
Replace the word "whitelist" with the inclusive word "allowlist" and add
aliases for backward compatibility.
Signed-off-by: Arowa Suliman <arowa@chromium.org>
Update the version number for the build and also add the ChangeLog
entries for both hostapd and wpa_supplicant to describe main changes
between v2.9 and v2.10.
Signed-off-by: Jouni Malinen <j@w1.fi>
The crypto_ec_point_solve_y_coord() wrapper function might not use
constant time operations in the crypto library and as such, could leak
side channel information about the password that is used to generate the
PWE in the hunting and pecking loop. As such, calculate the two possible
y coordinate values and pick the correct one to use with constant time
selection.
Signed-off-by: Jouni Malinen <j@w1.fi>
This implementation within SSWU can be helpful for other users of the
dragonfly design, so move it into a shared helper function.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add a QCA vendor netlink interface to start/stop periodic TSF sync
feature and also support configuration of interval value as part of TSF
sync start command. In addition, improve documentation for the related
attributes and values.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add QCA_WLAN_VENDOR_ATTR_ACS_EHT_ENABLED flag attribute to conduct ACS
for EHT mode. The driver can consider EHT specific parameters such as
puncture pattern for ACS when this flag attribute is indicated by
userspace.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Add additional attributes in
QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY_EXT vendor sub command to
avoid usage of unsafe frequencies on wifi interfaces sent from userspace
to the driver/firmware. The driver/firmware shall use restrictions and
power cap accordingly to restrict the usage of these frequencies on
operating interface(s).
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This reverts commit 3af78a4e04.
This commit prepares a refactor for another patch, which is being
reverted.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
Add support for PKEXv2 core protocol. This defines a new PKEX Exchange
Request message type with protocol negotiation and different rules for
key derivation with PKEXv2 or newer is used.
This does not change existing behavior for PKEX, i.e., the PKEXv1
variant will still be used by default.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Allow the dpp_test parameter to be used to request the Protocol Version
attributed to be omitted from the Peer Discovery Request/Response
message.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Verify that the Protocol Version attribute is used appropriate in Peer
Discovery Request/Response messages in cases where the signed Connector
includes the version information.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Generate Peer Discovery Request/Response messages using the protected
version from the Connector, if present, instead of the currently
supported protocol version which might be higher than the one that got
included into the signed Connector during provisioning earlier.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Indicate the protocol version number that the Enrollee used during the
DPP exchange that resulted in the generation of the Connector.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
CONFIG_DPP3=y can now be used to configure hostapd and wpa_supplicant
builds to include DPP version 3 functionality. This functionality is
still under design and the implementation is experimental and not
suitable to be enabled in production uses before the specification has
been finalized.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add a QCA vendor attribute to indicate the puncture pattern derived
by the automatic channel selection algorithm.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add definitions for the fields described in IEEE Std 802.11-2020 and
IEEE Std 802.11ax-2021, 9.4.2.170 Reduced Neighbor Report element.
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Muna Sinada <msinada@codeaurora.org>
Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
As BoringSSL version of i2d_PUBKEY() doesn't respect the
POINT_CONVERSION_COMPRESSED flag redefine a specific
crypto_ec_key_get_subject_public_key() version for BoringSSL based on
dpp_bootstrap_key_der().
The only other user of crypto_ec_key_get_subject_public_key() is SAE-PK
for which the public key should also be formatted using compressed
format.
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Use crypto.h API to implement ECDH in DPP. This needs a new
initialization function in crypto.h to initialize an ECDH with a given
EC key.
Using crypto_ecdh_set_peerkey() to generate the ECDH secret in an
intermediate and dynamically allocated buffer removed the need for the
DPP-specific workaround for inconsistent length returned by
EVP_PKEY_derive() since that crypto_ecdh_set_peerkey() implementation
already had functionality for covering the changing secret_len value
from commit d001fe31ab ("OpenSSL: Handle EVP_PKEY_derive() secret_len
changes for ECDH").
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Keep the locally defined ASN.1 sequence DPP_BOOTSTRAPPING_KEY for now to
avoid losing a workaround for BoringSSL from commit 746c1792ac ("DPP:
Build bootstrapping key DER encoding using custom routine").
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Instead of generating EC point with random coordinates, generate a
valid EC point and then corrupt the coordinates after exporting them
in binary format.
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Remove one more direct call to OpenSSL using crypto_ec_key_group() to
compare group of c-sign-key and ppKey when creating Configurator from
backup data.
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Rewrite functions related to reconfig feature using EC point/bignum
primitives defined in crypto.h API.
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Add two new functions in crypto.h that "wrap" around already defined
signing function with (r,s) interface instead of DER Ecdsa-Sig-Value.
Using those functions implies to compute the hash to sign manually
before.
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Rewrite dpp_auth_derive_l_responder/initiator() using EC point/bignum
primitives defined in crypto.h API.
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Rewrite EC point/bignum computation done in PKEX protocol using EC
point/bignum primitives already defined in crypto.h and couple of small
new helper functions.
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Function crypto_ec_key_parse_priv() already parses ASN.1 ECPrivateKey so
use it when possible.
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
The extra validation steps through the OpenSSL X509 API are not really
necessary here and they most duplicate checks that happen implicitly
within d2i_PUBKEY() and the EVP_PKEY_get0_EC_KEY() checks in
crypto_ec_key_parse_pub().
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Move code of dpp_set_pubkey_point_group() into crypto.h API. This
function initializes an EC public key using coordinates of the EC point
in binary format.
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Move code of dpp_get_pubkey_point() to a crypto library specific
function crypto_ec_key_get_pubkey_point().
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Add crypto_ec_key_get_ecprivate_key() function in crypto.h and use it
when possible in DPP code.
This function converts a struct crypto_ec_key into a DER encoded ASN.1
ECPrivateKey.
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
To remove direct dependency to OpenSSL in DPP replace EVP_PKEY
by struct crypto_ec_key in all structures and function prototypes.
All direct calls to EVP_PKEY_free() are replaced by calls to
crypto_ec_key_deinit().
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Add the attribute QCA_WLAN_VENDOR_ATTR_SCAN_PRIORITY to configure the
priority of vendor scan relative to other scan requests. Add the valid
values that this attribute can take.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
These code paths on the Controller were calling dpp_connection_remove()
twice for the same connection in the error cases. That would result in
double-freeing of the memory, so fix this by remove the
dpp_connection_remove() call from the called function and instead,
remove the connection in dpp_controller_rx() error handling.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Stop the DPP Controller instance, if one is started, when the hostapd
interface that was used to start that Controller is removed. This is
needed to remove the control pointers that point to the soon-to-be-freed
hostapd structures. This fixes an issue where a Controller operation
with multiple interfaces could have resulted in references to freed
memory if an interface is removed without explicitly stopping the DPP
Controller.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Existing logic to disable HE in hostapd_set_freq_params() is to check
he_cap != NULL, but this is not correct as he_cap is defined as a stack
member of hostapd_hw_modes which can't be NULL. Add one more check
!he_cap->he_supported to make sure HE can be disabled if the driver not
support it.
This fixes a case where a driver does not support HE, but hostapd.conf
enables HE/HT40 on the 2.4 GHz band and hostapd failed to start with
error '40 MHz channel width is not supported in 2.4 GHz'.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add a QCA vendor attribute to indicate agile spectral scan support for
320 MHz mode. Add another attribute to indicate the number of detectors
used for spectral scan in 320 MHz mode.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Introduce a new vendor command QCA_NL80211_VENDOR_SUBCMD_ROAM_EVENTS
that aims to configure/trigger the roam events from the driver.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Indicate DSCP Policy capability by including a WFA Capabilities element
containing the relevant bit set to 1 in the (Re)Association Request
frames when enabled by user.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
Add support to parse received DSCP Policy Request frames and send the
request details as control interface events.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
This new vendor command aims to indicate the driver to enable the
monitor mode for an interface on which this command is issued. Once
enabled, the frames (both TX and RX) on this interface are sent to an
active coexisting monitor interface.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add new attributes for supporting MBSSID multi groups notifications
to qca_wlan_vendor_attr_mbssid_tx_vdev_status
(QCA_NL80211_VENDOR_SUBCMD_MBSSID_TX_VDEV_STATUS).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
QCA_ROAM_REASON_USER_TRIGGER was wrongly documented as
QCA_ROAM_REASON_EXPLICIT_REQUEST, so correct it.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Enhance the P2P_GROUP_ADD command to support DFS channel with 80 and 160
MHz bandwidth to be used for autonomous GO when using offloaded DFS.
For example, 'P2P_GROUP_ADD freq=5500 max_oper_chwidth=80 ht40 vht'
- Previous behavior: AP fallback to channel 100 using 20 MHz with
"No VHT higher bandwidth support for the selected channel 100"
- Enhanced behavior: AP starts on channel 100 using 80 MHz with
"VHT center channel 106 for 80 or 80+80 MHz bandwidth"
This functionality is on top of the driver's capability to offload DFS,
which is advertized through WPA_DRIVER_FLAGS_DFS_OFFLOAD.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add QCA vendor interface support for configuring background scan related
parameters to the driver/firmware.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Commit 45c3e72952 ("Add frequency to operating class determination
for 5 GHz 100..140") extends ieee80211_freq_to_channel_ext() with
knowledge of the operating classes for the 5 GHz channels 100..140.
Per "Table E-4 - Global operating classes" in IEEE Std 802.11-2020, 5
GHz channel 144 also maps to same operating classes, so update hostapd
code to reflect the change.
This issue is found when OCV enabled and 4-way-handshake failed due
to client OCI includes op_class 0 for channel 144. This showed
up in following manner in the debug log:
WPA: OCI KDE in EAPOL-Key - hexdump(len=9): dd 07 00 0f ac 0d 00 90 00
Error interpreting OCI: unrecognized opclass/channel pair (0/144)
Signed-off-by: Hu Wang <huw@codeaurora.org>
Enable support for P2P connection in 6 GHz with the channel width of 40
MHz, 80 MHz, and 160 MHz. The flag max_oper_chwidth is used to configure
the maximum channel width for P2P connection in 6 GHz with the commands
P2P_CONNECT, P2P_INVITE, and P2P_GROUP_ADD.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
Current definition of wpas_p2p_get_ht40_mode() determines secondary
offset in the 5 GHz band. Enhance the functionality of this function to
determine offset to support 6 GHz channels also.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
Add a new attribute into qca_wlan_vendor_attr_ll_stats_results to
support getting interface time slicing duty cycle info.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
IEEE Std 802.11ax-2021 added channel 177 into global operating class 125
and consequently channel 173 in global operating class 126 (HT40+) and
channel 177 in global operating class 127 (HT40-).
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Skip the test of HE PHY capability bit "Support for a 40 MHz and 80 MHz
channel width" when starting an AP with a 20 MHz channel on the 5 GHz
band.
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Add a QCA vendor attribute to configure the driver/firmware the allowed
bands for roaming by userpace. This attribute is also used to get the
configured roam bands from the driver.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Generate an event on the control socket interface when a network is
added or removed. The event name CTRL-EVENT-NETWORK-<ADDED|REMOVED>
is followed by the network entry identifier. The event matches the
corresponding Network<Added|Removed> signal on the d-bus interface.
Signed-off-by: Andrew Beltrano <anbeltra@microsoft.com>
==19798==ERROR: AddressSanitizer: heap-use-after-free on address 0x6110000663f8 at pc 0x55a2c485a232 bp 0x7ffeb42dcaf0 sp 0x7ffeb42dcae0
READ of size 8 at 0x6110000663f8 thread T0
Connect STA wlan0 to AP
#0 0x55a2c485a231 in ptksa_cache_add ../src/common/ptksa_cache.c:310
#1 0x55a2c4398045 in hostapd_store_ptksa ../src/ap/wpa_auth_glue.c:943
#2 0x55a2c4430980 in wpa_auth_store_ptksa ../src/ap/wpa_auth.c:232
#3 0x55a2c44578e1 in sm_WPA_PTK_PTKINITDONE_Enter ../src/ap/wpa_auth.c:3650
#4 0x55a2c44578e1 in sm_WPA_PTK_Step ../src/ap/wpa_auth.c:3798
#5 0x55a2c44578e1 in wpa_sm_step ../src/ap/wpa_auth.c:4437
#6 0x55a2c445d99d in wpa_receive ../src/ap/wpa_auth.c:1411
#7 0x55a2c43e7747 in ieee802_1x_receive ../src/ap/ieee802_1x.c:1118
#8 0x55a2c43bbf73 in hostapd_event_eapol_rx ../src/ap/drv_callbacks.c:1542
#9 0x55a2c43bbf73 in wpa_supplicant_event ../src/ap/drv_callbacks.c:1932
#10 0x55a2c466cb2d in drv_event_eapol_rx ../src/drivers/driver.h:6074
#11 0x55a2c466cb2d in nl80211_control_port_frame ../src/drivers/driver_nl80211_event.c:2822
#12 0x55a2c466cb2d in process_bss_event ../src/drivers/driver_nl80211_event.c:3194
#13 0x7feed9e90b9b in nl_cb_call ./include/netlink-private/netlink.h:145
#14 0x7feed9e90b9b in recvmsgs ./lib/nl.c:1006
#15 0x7feed9e90b9b in nl_recvmsgs_report ./lib/nl.c:1057
#16 0x7feed9e91058 in nl_recvmsgs ./lib/nl.c:1081
#17 0x55a2c45f2e8c in wpa_driver_nl80211_event_receive ../src/drivers/driver_nl80211.c:1782
#18 0x55a2c44b9afa in eloop_sock_table_dispatch ../src/utils/eloop.c:603
#19 0x55a2c44be122 in eloop_run ../src/utils/eloop.c:1228
#20 0x55a2c43360bf in hostapd_global_run /home/mbr/hostapd/hostapd/main.c:451
#21 0x55a2c43360bf in main /home/mbr/hostapd/hostapd/main.c:898
#22 0x7feed8ce20b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
#23 0x55a2c432f3fd in _start (/home/mbr/hostapd/hostapd/hostapd+0x9f23fd)
0x6110000663f8 is located 184 bytes inside of 216-byte region [0x611000066340,0x611000066418)
freed by thread T0 here:
#0 0x7feeda1477cf in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x10d7cf)
#1 0x55a2c44ce56b in os_free ../src/utils/os_unix.c:773
#2 0x55a2c451a986 in radius_msg_free ../src/radius/radius.c:137
#3 0x55a2c4527104 in radius_client_msg_free ../src/radius/radius_client.c:261
#4 0x55a2c452f53c in radius_client_list_add ../src/radius/radius_client.c:715
#5 0x55a2c452f53c in radius_client_send ../src/radius/radius_client.c:807
#6 0x55a2c453b24c in accounting_sta_report ../src/ap/accounting.c:352
#7 0x55a2c453d6e9 in accounting_sta_stop ../src/ap/accounting.c:384
#8 0x55a2c44190fd in ap_free_sta ../src/ap/sta_info.c:194
#9 0x55a2c4934530 in handle_deauth ../src/ap/ieee802_11.c:6035
#10 0x55a2c4934530 in ieee802_11_mgmt ../src/ap/ieee802_11.c:6399
#11 0x55a2c43bf114 in hostapd_mgmt_rx ../src/ap/drv_callbacks.c:1468
#12 0x55a2c43bf114 in wpa_supplicant_event ../src/ap/drv_callbacks.c:1912
#13 0x55a2c465faf7 in mlme_event_mgmt ../src/drivers/driver_nl80211_event.c:823
#14 0x55a2c4661774 in mlme_event ../src/drivers/driver_nl80211_event.c:1135
#15 0x55a2c466c43b in process_bss_event ../src/drivers/driver_nl80211_event.c:3177
#16 0x7feed9e90b9b in nl_cb_call ./include/netlink-private/netlink.h:145
#17 0x7feed9e90b9b in recvmsgs ./lib/nl.c:1006
#18 0x7feed9e90b9b in nl_recvmsgs_report ./lib/nl.c:1057
previously allocated by thread T0 here:
#0 0x7feeda147bc8 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8)
#1 0x55a2c44cd387 in os_malloc ../src/utils/os_unix.c:715
#2 0x55a2c44ceb7f in os_zalloc ../src/utils/os_unix.c:779
#3 0x55a2c451a9f2 in radius_msg_new ../src/radius/radius.c:109
#4 0x55a2c4539a6e in accounting_msg ../src/ap/accounting.c:46
#5 0x55a2c453be15 in accounting_report_state ../src/ap/accounting.c:439
#6 0x55a2c453d91d in accounting_init ../src/ap/accounting.c:534
#7 0x55a2c4378952 in hostapd_setup_bss ../src/ap/hostapd.c:1333
#8 0x55a2c4382530 in hostapd_setup_interface_complete_sync ../src/ap/hostapd.c:2094
#9 0x55a2c4382815 in hostapd_setup_interface_complete ../src/ap/hostapd.c:2229
#10 0x55a2c4384100 in setup_interface2 ../src/ap/hostapd.c:1726
#11 0x55a2c4386b58 in setup_interface ../src/ap/hostapd.c:1628
#12 0x55a2c4386b58 in hostapd_setup_interface ../src/ap/hostapd.c:2318
#13 0x55a2c4387a57 in hostapd_enable_iface ../src/ap/hostapd.c:2730
#14 0x55a2c455d723 in hostapd_ctrl_iface_enable /home/mbr/hostapd/hostapd/ctrl_iface.c:1606
#15 0x55a2c455d723 in hostapd_ctrl_iface_receive_process /home/mbr/hostapd/hostapd/ctrl_iface.c:3607
#16 0x55a2c456821e in hostapd_ctrl_iface_receive /home/mbr/hostapd/hostapd/ctrl_iface.c:4018
#17 0x55a2c44b9afa in eloop_sock_table_dispatch ../src/utils/eloop.c:603
#18 0x55a2c44be122 in eloop_run ../src/utils/eloop.c:1228
#19 0x55a2c43360bf in hostapd_global_run /home/mbr/hostapd/hostapd/main.c:451
#20 0x55a2c43360bf in main /home/mbr/hostapd/hostapd/main.c:898
#21 0x7feed8ce20b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
SUMMARY: AddressSanitizer: heap-use-after-free ../src/common/ptksa_cache.c:310 in ptksa_cache_add
Shadow bytes around the buggy address:
0x0c2280004c20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2280004c30: 00 00 fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2280004c40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2280004c50: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
0x0c2280004c60: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
=>0x0c2280004c70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]
0x0c2280004c80: fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2280004c90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2280004ca0: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa
0x0c2280004cb0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c2280004cc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==19798==ABORTING
Fixes: a4e3691616 ("WPA: Add PTKSA cache implementation")
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Add support to receive and process SCS Response frames from the AP and
indicate the status to upper layers.
Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
Add QCA new status vendor attribute
QCA_WLAN_VENDOR_TWT_STATUS_POWER_SAVE_EXIT_TERMINATE
to indicate the TWT session termination due to power save
exit request from userspace.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add the following vendor attribute to indicate the bandwidth to be used
for spectral scan operation:
- QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_BANDWIDTH
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Enhance QCA_NL80211_VENDOR_SUBCMD_THERMAL_CMD to fetch thermal
statistics for different temperature levels from the driver to
userspace. The statistics will be stored in the driver/firmware for
predefined temperature levels and will be reported to userspace when
QCA_NL80211_VENDOR_SUBCMD_THERMAL_CMD is sent with the command type
QCA_WLAN_VENDOR_ATTR_THERMAL_CMD_TYPE_GET_THERMAL_STATS.
The thermal statistics can be cleared from userspace by sending a
QCA_NL80211_VENDOR_SUBCMD_THERMAL_CMD command with the type
QCA_WLAN_VENDOR_ATTR_THERMAL_CMD_TYPE_CLEAR_THERMAL_STATS.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Determine if the TDLS peer supports TDLS in 6 GHz band based on the HE 6
GHz Band Capabilities element received in the TDLS Setup Response frame.
Indicate the peer's HE 6 GHz capabilities to the driver through
sta_add().
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add QCA vendor attributes to configure the driver to enable/disable the
Broadcast TWT support and Rx Control Frame To MultiBSS support in HE
capabilities information field. This attribute is used for testing
purposes.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Update QCA_WLAN_VENDOR_ATTR_TWT_SETUP_WAKE_TIME_TSF
TWT attribute to use it in TWT setup command to pass TSF value.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add new QCA vendor attribute to configure the driver to enable/disable
the BSS max idle period support. This attribute is used for testing
purposes.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add a QCA vendor attribute to configure the driver to use scan
request BSSID value in Probe Request frame RA(A1) for scan.
This attribute is used for testing purpose.
The driver saves this configuration and applies this setting to all user
space scan requests until the setting is cleared. If this configuration
is set, the driver uses the BSSID value from the scan request to set the
RA(A1) in the Probe Request frames during the scan, else the broadcast
address is set in the Probe Request frames RA(A1).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Extend the previously 5 GHz specific 80 and 160 MHz channels helper
functions to support 6 GHz channels.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
Introduce P2P 6 GHz band capable information in Device Capability
Bitmap of P2P Capability sub-attribute.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
Add QCA vendor interface to configure the driver which transport mode to
use for sending CFR data to userspace. Currently, relayfs and netlink
event modes are supported.
Signed-off-by: Vamsi Krishna <vamsin@codeaurora.org>
Add a QCA vendor attribute to configure the driver to use Data or
Management frames for keep alive data. This attribute is used for
testing purpose.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add QCA vendor attribute to configure the driver to transmit the
Data frames with ER SU PPDU type format. This attribute is used
for testing purpose.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add QCA vendor attribute QCA_WLAN_VENDOR_ATTR_CONFIG_FT_OVER_DS
to configure FT over DS to the driver/firmware.
Signed-off-by: Vinita S. Maloo<vmaloo@codeaurora.org>
Add QCA interface to specify the RSSI thresholds separately for candidate
APs from different bands.
Signed-off-by: Vamsi Krishna <vamsin@codeaurora.org>
Mention that for AP mode this attribute is required in
response for TWT SET, TWT GET, TWT SUSPEND, and TWT
TERMINATE. And is required in request for TWT GET, and
TWT TERMINATE.
For STA mode, the usage of this attribute remains unchanged.
Signed-off-by: Mohammad Asaad Akram <asadkrm@codeaurora.org>
This moves the implementation closer to the current IEEE 802.11 standard
since B15 of Frame Control field was renamed to +HTC to match it newer
uses.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add QCA vendor interface for userspace to get information of usable
channels for different interface types from the driver/firmware.
Signed-off-by: Vamsi Krishna <vamsin@codeaurora.org>
Get the DPP Relay Controller context from the list of configured
Controllers based on the correct hostapd callback context. This is
needed to pick the correct hostapd interface for sending out the
response over air, e.g., when the same hostapd process controls a 2.4
GHz only and a 5 GHz only interface.
Signed-off-by: Disha Das <dishad@codeaurora.org>
The firmware rejects the TWT setup request when scan is in
progress. Extend enum qca_wlan_vendor_twt_status to represent new
reason code for it.
Signed-off-by: Mohammad Asaad Akram <asadkrm@codeaurora.org>
Define a new reason code in enum qca_wlan_vendor_hang_reason,
QCA_WLAN_TASKLET_CREDIT_LATENCY_DETECT, for tasklet/credit latency
detection.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Introduce a QCA vendor command to configure the concurrent connection
policies when multiple STA interfaces are (getting) active.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add timeout to close incomplete DPP relay connections. This is needed to
avoid getting stuck with old entries that prevent new connections from
getting started.
Signed-off-by: Disha Das <dishad@codeaurora.org>
Simplify the implementation by using shared functions for parsing the
capabilities instead of using various similar but not exactly identical
checks throughout the implementation.
Signed-off-by: Jouni Malinen <j@w1.fi>
IEEE Std 802.11-2020 mandates H2E to be used whenever an SAE password
identifier is used. While this was already covered in the
implementation, the sae_prepare_commit() function still included an
argument for specifying the password identifier since that was used in
an old test vector. Now that that test vector has been updated, there is
no more need for this argument anymore. Simplify the older non-H2E case
to not pass through a pointer to the (not really used) password
identifier.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Define the new TWT attributes for configuring the broadcast TWT
parameters in enum qca_wlan_vendor_attr_twt_setup.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The firmware rejects the TWT setup request when roaming and channel
switch is in progress. Extend enum qca_wlan_vendor_twt_status to
represent new reason codes for these cases.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This changes the Send-Confirm value for the first SAE Confirm message to
be 1 instead of 0 for all cases to match the design shown in IEEE Std
802.11-2020, Figure 12-4 (SAE finite state machine).
Sc is defined to be "the number of SAE Confirm messages that have been
sent" which is a bit vague on whether the current frame is included in
the count or not. However, the state machine is showing inc(Sc)
operation in all cases before the "2" event to build the Confirm.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The firmware sends new reason codes to indicate TWT teardown due to
single channel and multi channel concurrency. Update the enum
qca_wlan_vendor_twt_status to represent new reason code.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
When a public key is included in the PASN Parameters element, it should
be encoded using the RFC 5480 conventions, and thus the first octet of
the Ephemeral Public Key field should indicate whether the public key is
compressed and the actual key part starts from the second octet.
Fix the implementation to properly adhere to the convention
requirements for both wpa_supplicant and hostapd.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
The 6 GHz band operating class 136 is defined to use 20 MHz bandwidth.
Return the value accordingly from center_idx_to_bw_6ghz() to cover this
special case.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Define the following additional TWT attribute for
qca_wlan_vendor_attr_twt_setup:
QCA_WLAN_VENDOR_ATTR_TWT_SETUP_WAKE_INTVL2_MANTISSA to configure the
mantissa in microseconds.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This adds new control interface commands TWT_SETUP and TWT_TEARDOWN. For
now, these are only for testing purposes to be able to trigger
transmission of the TWT Action frames without configuring any local
behavior for TWT in the driver.
Signed-off-by: Ben Greear <greearb@candelatech.com>
It is more convenient to see the exact error in the debug log instead of
getting noted that something was invalid.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add a QCA vendor attribute to configure the driver to allow the 6 GHz
connection with all security types. This attribute is used for testing
purposes.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add a QCA vendor attribute to ignore SAE H2E requirement mismatch for 6
GHz connection. This attribute is used for testing purposes.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is an attempt of making the code easier to understand for static
analyzers. The helper functions were already verifying that these IEs
are fully within the memory buffer, but that may not have been clear
enough for automated analysis.
Signed-off-by: Jouni Malinen <j@w1.fi>
BRCM vendor command used to trigger ACS scan. After ACS finished,
DHD driver will send results by event BRCM_VENDOR_EVENT_ACS.
Signed-off-by: Xinrui Sun <xinrui.sun@broadcom.com>
Determine if the TDLS peer is HE capable based on HE Capability element
received in the TDLS Setup Response frame. Indicate the peer's HE
capabilities to the driver through sta_add().
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
Add a QCA vendor attribute to enable/disable the Punctured Preamble Rx
support in HE PHY capabilities.
This attribute is used for testing purposes.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add a QCA vendor attribute to configure the driver to disable data and
management response frame transmission to test the BSS max idle period
feature.
This attribute is used for testing purposes.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add a QCA vendor attribute to configure the driver/firmware to use only
RU 242 tone for data frame transmission.
This attribute is used for testing purposes.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add a QCA vendor attribute to configure the driver with a specific BSS
max idle period value to advertise in (Re)Association Request frames.
This attribute is used for testing purposes.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The TX event for the next frame in the sequence might be received before
the TX status for the final GAS response frame is processed. This used
to result in the Config Result getting discarded and the negotiation not
completing successfully on the Configurator side.
Accept the Config Result message as an indication of the final GAS
response frame having went through fine even if the TX status has not
yet been processed to avoid this issue from a potential race condition
on kernel events.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add additional attributes for the QCA vendor command
QCA_NL80211_VENDOR_SUBCMD_GET_STA_INFO to get finer details on roaming
behavior, TSF out of sync count, and the latest TX rate, Rate Index used
for the transmission.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add definitions from IEEE Std 802.11ai-2016, 9.6.8.36 FILS discovery
frame format and extensions for the 6 GHz band from IEEE P802.11ax/D8.0.
Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
According to latest IEEE 802.11 standard, Transmit Power Envelope
element is also relevant to IEEE 802.11ax and is no longer called VHT
Transmit Power Envelope. Remove the VHT naming from the element and move
hostapd_eid_txpower_envelope() from ieee802_11_vht.c to ieee802_11.c in
preparation of using it with HE.
Signed-off-by: Shay Bar <shay.bar@celeno.com>
There are 2 HW modes with IEEE80211_MODE_A: one for the 5 GHz channels
and one for 6 GHz channels. Since hw_get_chan() checks all the
compatible hw modes, eventually, an incorrect hw mode is selected.
To fix this, add a function that checks if a specific mode supports
the requested frequency and if so use it as the current mode.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Allow HE MCS rate to be used for beacon transmission when the driver
advertises the support. The rate is specified with a new beacon_rate
option "he:<HE MCS>" in hostapd configuration.
Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
Use more accurate INTERWORKING_EXCLUDED for this. The actual event
prefix is not changed to remains compatible with external components
using this control interface event message.
Signed-off-by: Jouni Malinen <j@w1.fi>
In some contexts (e.g., Multi-AP) it can be useful to have access to
some of the management frames in upper layers (e.g., to be able to
process the content of association requests externally).
Add 'notify_mgmt_frames'. When enabled, it will notify the ctrl_iface
when a management frame arrives using the AP-MGMT-FRAME-RECEIVED event
message.
Note that to avoid completely flooding the ctrl_iface, not all
management frames are included (e.g., Beacon and Probe Request frames
are excluded).
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Old gcc versions complain about signed/unsigned comparison in
dpp_rx_gas_resp(). Hide it.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
IEEE P802.11az/D2.6 added definitions to include RSNXE in the PASN
negotiation. Implement the new functionality in both wpa_supplicant and
hostapd.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
IEEE P802.11az/D2.6 defines the following additional capabilities to
RSNXE:
- Secure LTF support
- Secure RTT support
- Protection of range negotiation and measurement management frames.
Add support for advertising the new capabilities.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Add PASN implementation to wpa_supplicant
1. Add functions to initialize and clear PASN data.
2. Add functions to construct PASN Authentication frames.
3. Add function to process PASN Authentication frame.
4. Add function to handle PASN frame TX status.
5. Implement the station side flow processing for PASN.
The implementation is missing support for wrapped data and PMKSA
establishment for base AKMs, and only supports PASN authentication or
base AKM with PMKSA caching.
The missing parts will be added in later patches.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
In order to be able to perform secure LTF measurements, both the
initiator and the responder need to first derive TK and KDK and store
them, so they would later be available for the secure LTF negotiation.
Add a basic implementation of a PTKSA cache that stores derived TK/KDK
which can later be used for secure LTF negotiation, and add it to the
build configuration.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Add helper functions to construct a PASN Authentication frame and
validate its content, which are common to both wpa_supplicant and
hostapd.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
1. Add a function to derive the PTK from a PMK and additional data.
2. Add a function to calculate the MIC for a PASN frames.
3. Add a function to compute the hash of an authentication frame body.
The above are built only in case that CONFIG_PASN is enabled at build
time.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Extend the fils_pmk_to_ptk() to also derive Key Derivation
Key (KDK) which can later be used for secure LTF measurements.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Extend the wpa_pmk_r1_to_ptk() to also derive Key Derivation
Key (KDK), which can later be used for secure LTF measurements.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Extend the wpa_pmk_to_ptk() to also derive Key Derivation
Key (KDK), which can later be used for secure LTF measurements.
Update the wpa_supplicant and hostapd configuration and the
corresponding WPA and WPA Auth state machine, to allow enabling of KDK
derivation. For now, use a testing parameter to control whether KDK is
derived.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
PASN authentication requires that group management cipher suite
would be set to 00-0F-AC:7 in the RSNE, so consider it as a valid
group management cipher and adjust the code accordingly.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Add support for new channels 173 and 177 in the operating classes 125 to
130 as defined in draft IEEE P802.11ax/D8.0.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
The operating class 129 includes channels with a maximum bandwidth of
160 MHz with center frequency index 50 and 114. The previous definition
of operating class 129 considered the center frequency index as actual
channels resulting in incorrect channel setup for the operating class.
Fix the definition of operating class 129 to consider channels with the
center frequency index of 50 and 114.
Also update the comment that describes the channel selection for
operating 128, 129, and 130 which mentions wpas_p2p_allow_channel()
verifies the channels while wpas_p2p_verify_channel() takes care of it.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
After sending DPP Auth Response, the Responder might not receive the
Auth Confirm either due to the Initiator not sending it or the reception
of the frame failing for some reason (e.g., Responder having already
left the negotiation channel). If this happens, following initiation
attempts would fail since the consecutive Auth Request would get
discarded since the previous authentication is still in progress.
Terminate DPP authentication on Responder, if no Auth Confirm is
received within one second of successfully sending Auth Response. This
allows the Responder to accept start of a new exchange.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The response for the respective TWT operations can either be synchronous
or asynchronous (wherever specified). If synchronous, the response to
this operation is obtained in the corresponding vendor command reply to
the user space. For asynchronous case, the response is obtained as an
event with the same operation type.
Drivers shall support either of these modes but not both simultaneously.
The support for asynchronous mode is advertised through the new flag
QCA_WLAN_VENDOR_FEATURE_TWT_ASYNC_SUPPORT. If the driver does not
include this flag, it shall support synchronous mode.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Define the following additional TWT operations:
QCA_WLAN_TWT_GET_STATS, QCA_WLAN_TWT_CLEAR_STATS,
QCA_WLAN_TWT_GET_CAPABILITIES, QCA_WLAN_TWT_SETUP_READY_NOTIFY.
Also define new attributes to qca_wlan_vendor_attr_twt_setup
and qca_wlan_vendor_attr_twt_nudge.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Replace the implicit boolean checks that used int variables with use of
a more explicit bool variable type.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Support possible band combinations of 2.4 GHz, 5 GHz, and 6 GHz with
QCA_WLAN_VENDOR_ATTR_SETBAND_MASK attribute. Ensure backwards
compatibility with old drivers that are using
QCA_WLAN_VENDOR_ATTR_SETBAND_VALUE attribute and supporting only 2.4 GHz
and 5 GHz bands.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
S1G beacons save a few bytes by not requiring the RSNE in beacon if RSN
BSS is configured. Handle this in wlantest by only clearing RSNE from
the BSS info if frame is a Probe Response frame.
Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
Define QCA vendor attributes to dynamically configure TX NSS and RX NSS
to be used with QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION and
QCA_NL80211_VENDOR_SUBCMD_GET_WIFI_CONFIGURATION commands.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
TWT nudge is a combination of suspend and resume in a single request.
Add TWT nudge operation and QCA vendor attributes to support
the TWT nudge request.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
P2P usage in the 6 GHz band is not standardized yet by WFA. Disable P2P
operations in the 6 GHz band to avoid potential interop issues with
existing P2P devices in production. P2P operations in the 6 GHz band can
be reenabled later after defining standard ways to address potential
interop issues with existing P2P devices.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Introduces a vendor specific feature capability
QCA_WLAN_VENDOR_FEATURE_CONCURRENT_BAND_SESSIONS to know if the device
supports concurrent network sessions on different Wi-Fi bands. This feature
capability is attributed to the hardware's capability to support the same
(e.g., DBS).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Define a QCA vendor attribute
QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_FULL_BW_UL_MU_MIMO to
enable/disable full bandwidth UL MU-MIMO subfield in the HE PHY
capabilities information field for testing purposes.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The allocated memory pointed by the pem pointer was freed on an error
path without clearing the pointer to NULL before returning it from the
function. This could have resulted in use of freed memory in an error
case. Fix this by clearing the pointer so that the function returns NULL
properly in the case of this error.
Fixes: ace3723d98 ("DPP2: Enterprise provisioning (Enrollee)")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
DPP_CONFIGURATOR_ADD processing of the new ppkey parameter had a
copy-paste error in determining the correct length of this parameter.
Fix that by referencing the correct pointer.
Fixes: 9c1fbff074 ("DPP2: Generate a privacy protection key for Configurator")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add support for missing 6 GHz operating classes as defined in
IEEE P802.11ax/D7.0.
This is needed to avoid OCV failures on the 6 GHz band when the channel
width is larger than 20 MHz.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
Previously only primary channel number used to calculate 6GHz operating
class in ieee80211_freq_to_channel_ext() and it is always giving 131
operating class. Fix this by mapping operating class using chanwidth and
sec_channel also.
This is needed to avoid OCV failures on the 6 GHz band when the channel
width is larger than 20 MHz.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
In theory, the EVP_PKEY_get0_EC_KEY() could fail, so verify that it
succeeds before using the pointer to get the group.
Fixes: 65e94351dc ("DPP2: Reconfig Authentication Request processing and Response generation")
Signed-off-by: Disha Das <dishad@codeaurora.org>
IANA assigned the TCP port 8908 for DPP, so update the implementation to
match the formal assignment.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
If SAE_CONFIG_PK is not defined and sae->pk isn't zero (which is
possible as it is controlled by the commit message status code),
sae_derive_keys() may end up deriving PMK and KCK from an
uninitialized array. Fix that.
Fixes: 6b9e99e571 ("SAE-PK: Extend SAE functionality for AP validation")
Fixes: 20ccf97b3d ("SAE-PK: AP functionality")
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
The connection process fails for several reasons and the status codes
defined in IEEE Std 802.11 do not cover the locally generated reason
codes. Add an attribute to QCA_NL80211_VENDOR_SUBCMD_GET_STA_INFO vendor
sub command which can be used by the driver/firmware to report various
additional reason codes for connection failures.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This allows the privacyProtectionKey to be transferred to a new
Configurator similarly to the way c-sign-key is transferred.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Use ppKey instead of C-sign-key to encrypted E-id to E'-id into Reconfig
Announcement frame on the Enrollee side.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Store the received privacy protection key from Connector into
wpa_supplicant network profile and indicate it through the control
interface similarly to C-sign-key.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This provides the new privacy protection key to the Enrollee so that
this can be used to protect E-id in Reconfig Announcement frames.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Generate a new key for Configurator. This is either generated
automatically for the specified curve or provided from external source
with the new ppkey=<val> argument similarly to the way c-sign-key was
previously generated.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
We don't really need to duplicate more of this, so just
move the lib.rules include to the end and do more of the
stuff that's common anyway there.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Derive the library name from the directory name, and let each
library Makefile only declare the objects that are needed.
This reduces duplicate code for the ar call. While at it, also
pretty-print that call.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This is something I hadn't previously done, but there are
cases where it's needed, e.g., building 'wlantest' and then
one of the tests/fuzzing/*/ projects, they use a different
configuration (fuzzing vs. not fuzzing).
Perhaps more importantly, this gets rid of the last thing
that was dumped into the source directories, apart from
the binaries themselves.
Note that due to the use of thin archives, this required
building with absolute paths.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Instead of building in the source tree, put most object
files into the build/ folder at the root, and put each
thing that's being built into a separate folder.
This then allows us to build hostapd and wpa_supplicant
(or other combinations) without "make clean" inbetween.
For the tests keep the objects in place for now (and to
do that, add the build rule) so that we don't have to
rewrite all of that with $(call BUILDOBJS,...) which is
just noise there.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Define a control event with bootstrap id, frame source, frequency, and
chirp hash for receipt of Presence Announcement (chirp) frames.
Signed-off-by: Andrew Beltrano <anbeltra@microsoft.com>
DPP tech spec was modified to use v1(0) instead of v2(1) for the
OneAsymmetricKey in the Configurator backup structure to match the
description in RFC 5958 Section 2 which indicates v2 to be used when any
items tagged as version 2 are included. No such items are actually
included in this case, so v1 should be used instead.
Change OneAsymmetricKey generation to use v1(0) instead of v2(1) and
parsing to accept either version to be used. This is not backwards
compatible with the earlier implementation which requires v2(1) when
parsing the received value.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
crypto_bignum_init_set() might fail in case of memory allocation
failures. These two cases within sswu() did not handle that properly,
i.e., a memory allocation failure could have resulted in dereferencing a
NULL pointer. Check the return value before proceeding to fix this.
Fixes: aeb022f8e5 ("SAE: Implement hash-to-element PT/PWE crypto routines")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Introduce QCA_ATTR_ROAM_CONTROL_SCAN_SCHEME_TRIGGERS that represents the
triggers for which the scan scheme from enum qca_roam_scan_scheme has to
be applied.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The firmware sends a new status code to indicate an already suspended
TWT session. Update the status code enum to represent this state.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
IEEE Std 802.11 specifies that the Operating Classes field terminates
immediately before the OneHundredAndThirty Delimiter (i.e., an octet
with value 130). Move the operating class value 130 last in the global
op_class array so that it gets added as the last entry into the
Supported Operating Clases element and the 6 GHz operating class is
parsed in that element by implementation that stop at the assumed
OneHundredAndThirty Delimiter.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add additional attributes to enum qca_vendor_attr_roam_control to
control the roam behavior through QCA_NL80211_VENDOR_SUBCMD_ROAM and
QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_CONTROL.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add new QCA vendor attributes to get thermal level from the driver. The
driver may return thermal level when userpace requests, or send a
thermal event when thermal level changes.
Signed-off-by: Hu Wang <huw@codeaurora.org>
Enhance the return values of ocv_verify_tx_params with enum to indicate
different OCI verification failures to caller.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
This was changed in the protocol design to include nonce from both
devices, so update implementation to match.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This was changed in the protocol design to allow ke derivation to use
E-nonce, so update implementation to match.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This change adds QCA_NL80211_VENDOR_SUBCMD_MBSSID_TX_VDEV_STATUS,
and enum for qca_wlan_vendor_attr_mbssid_tx_vdev_status to notify
Tx VDEV status.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add a new vendor attribute for GPIO configuration. In addition, document
the previously defined attributes.
Signed-off-by: Chaoli Zhou <zchaoli@codeaurora.org>
These were not really used anymore since the AP/Relay case did not set
msg_ctx or process_conf_obj in the global DPP context. Get the
appropriate pointers more directly from the more specific data
structures instead and remove these global values.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Extend hostapd support for DPP Controller to cover the DPP_CONTROLLER_*
cases that were previously implemented only in wpa_supplicant. This
allows hostapd/AP to be provisioned using DPP over TCP.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Firmware statistics are received in the driver as opaque data. The host
target needs to send this opaque data to userspace wifistats
application. This new event is used to transfer this opaque data to the
application.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add a new QCA vendor attribute to configure the driver/firmware to
ignore SA Query timeout. If this configuration is enabled the
driver/firmware shall not send Deauthentication frame when SA Query
times out. This is required to support STA testbed role.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
These vendor attributes for FT/OCV/SAE testing can be configured only
when the STA is in connected state. Update the documentation of the
attributes to reflect the same.
Fixes: 18f3f99ac4 ("Add vendor attributes to configure testing functionality for FT/OCV/SAE")
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
Add support to get number of MIC errors, missing MME incidents, and
packet replay incidents observed while using IGTK/BIGTK keys when PMF
and/or beacon protection features are enabled.
These counters are applicable only for STA mode and can be fetched
through the QCA_NL80211_VENDOR_SUBCMD_GET_STA_INFO vendor command.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
Add support to parse the (Re)Association Response frames to check if the
AP has accepted/declined the MSCS request in response to the
corresponding (Re)Association Request frame. AP indicates the result by
setting it in the optional MSCS Status subelement of MSCS Descriptor
element in (Re)Association Response frame.
This MSCS Status subelement is defined in the process of being added
into P802.11-REVmd/D4.0 (11-20-0516-17-000m-cr-mscs-and-cid4158).
Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
Add support to receive and process MSCS Response frames from the AP and
indicate the status to upper layers.
Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
Add a QCA vendor subcommand QCA_NL80211_VENDOR_SUBCMD_UPDATE_SSID
to update the new SSID in hostapd. NL80211_ATTR_SSID is used to encapsulate
the new SSID.
Signed-off-by: Pooventhiran G <pooventh@codeaurora.org>
Currently the driver/firmware indicates CCA busy time which includes own
TX and RX time and as such, does not allow the CCA busy time due to
other nodes to be computed. Add separate statistics to indicate own
radio TX time and own radio RX time to facilitate userspace applications
to compute CCA busy time because of traffic unintended to this device.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
All QCA_WLAN_VENDOR_ATTR_LL_STATS_CHANNEL_* attributes are also nested
within QCA_WLAN_VENDOR_ATTR_LL_STATS_CH_INFO, not only
QCA_WLAN_VENDOR_ATTR_LL_STATS_CHANNEL_INFO* attributes in the current
implementation. Fix QCA_WLAN_VENDOR_ATTR_LL_STATS_CH_INFO documentation
accordingly.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
