Commit graph

18225 commits

Author SHA1 Message Date
Jouni Malinen
883e33594d FT: Authentication request frame processing for FT-SAE-EXT-KEY
Figure out the correct hash algorithm based on which MIC field length
assumption results in successful parsing. This is needed since the key
length is not yet known at this point on the AP when using the new
FT-SAE-EXT-KEY AKM.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-16 17:43:15 +03:00
Jouni Malinen
879363bbc1 FT: Reassociation Request frame parsing for FT-SAE-EXT-KEY
Handle the new MIC field length option for the SHA512-based variant.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-16 17:43:15 +03:00
Jouni Malinen
e8f23c9480 FT: Association Response frame FTE generation for FT-SAE-EXT-KEY
Add the SHA512-based variant.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-16 17:43:15 +03:00
Jouni Malinen
a76a314c15 FT: Extend PMK-R0 derivation for FT-SAE-EXT-KEY
Provide AKM to the helper function to cover the SHA512-based derivation
case.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-16 17:43:11 +03:00
Jouni Malinen
79cd846b2e FT: Extend PTK derivation for FT-SAE-EXT-KEY
Cover the SHA512-based derivation case.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-16 17:24:25 +03:00
Jouni Malinen
39b60f3348 FT: Extend PMK-R1 derivation for FT-SAE-EXT-KEY
Cover the SHA512-based derivation case.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-16 17:22:47 +03:00
Jouni Malinen
fb4fc704c0 FT: Debug print FTE subelements during parsing
This can be helpful in trying to figure out issues with determination of
the MIC field length.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-16 17:20:19 +03:00
Jouni Malinen
25b52e5f83 FT: Extend FTE parsing for FT-SAE-EXT-KEY
Provide AKM, key length, and information about needed subelements to the
parser function so that the variable length MIC field cases can be
recognized for FT-SAE-EXT-KEY. Knowledge about R0KH-ID/R1KH-ID being
needed is required to be able to iterate over possible MIC field lengths
for the case where the AP does not yet know the correct key length at
the beginning of FT protocol.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-16 17:17:49 +03:00
Jouni Malinen
4f58afee9a FT: Extend MIC derivation for FT-SAE-EXT-KEY
Provide AKM to the helper function so that the new SHA256 and SHA512
options can be covered for FT-SAE-EXT-KEY.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-16 17:07:54 +03:00
Jouni Malinen
dcd46edf5f FT: Extend PMKR1Name derivation for FT-SAE-EXT-KEY
Provide key length instead of SHA384/SHA256 selection to the helper
function so that the new SHA512 option can be covered for
FT-SAE-EXT-KEY.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-16 17:03:10 +03:00
Jouni Malinen
9fd2455642 FT: Support longer SAE PMK for FT in INITPSK AP
This is needed for the new FT-SAE-EXT-KEY AKM that uses variable length
PMK.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-16 16:54:21 +03:00
Jouni Malinen
c41bd98be3 FT: AP mode FTE writing to support FT-SAE-KEY-EXT
Provide enough information to allow the FTE to be built using the
correct MIC field length based on the used AKM and key length.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-16 16:51:12 +03:00
Jouni Malinen
efa0f51d33 FT: Accept 512-bit PMK-R1 from RRB
This will be needed for FT-SAE-KEY-EXT.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-16 16:41:12 +03:00
Harsh Kumar Bijlani
eb0821c90c Add service class id attribute in SCS rule config vendor subcommand
Add service class id attribute
QCA_WLAN_VENDOR_ATTR_SCS_RULE_CONFIG_SERVICE_CLASS_ID in SCS rule
configuration vendor subcommand
QCA_NL80211_VENDOR_SUBCMD_SCS_RULE_CONFIG.

Signed-off-by: Harsh Kumar Bijlani<quic_hbijlani@quicinc.com>
2022-10-14 16:35:29 +03:00
Chaoli Zhou
5607abe2e8 WNM: Print unsupported neighbor report subelements in debug log
This can be helpful in trying to figure out what might need to be added
in the future.

Signed-off-by: Chaoli Zhou <quic_zchaoli@quicinc.com>
2022-10-14 16:14:47 +03:00
Chaoli Zhou
fcdd76fa28 Interworking: Print unsupported inner EAP-TTLS method in debug log
This can be helpful in trying to figure out unexpected behavior even
though we do not currently really do anything with the inner method
type.

Signed-off-by: Chaoli Zhou <quic_zchaoli@quicinc.com>
2022-10-14 16:13:24 +03:00
Chaoli Zhou
f8a05de669 Move default action from after switch to within
Move from this type of constructions:

switch (val) {
case 1:
	something;
	break;
}
default-action;

into following:

switch (val) {
case 1:
	something;
	break;
default:
	default-action;
	break
}

for cases where the switch statement is not expected to contain a full
set of enum values and as such, does not lose value from not having the
default target.

This makes the intent of default behavior clearer for static analyzers like
gcc with -Wswitch-default.

Signed-off-by: Chaoli Zhou <quic_zchaoli@quicinc.com>
2022-10-14 16:08:20 +03:00
Vishal Miskin
7614fcebe0 ACS: Filter out 6 GHz channels if HE or EHT is not enabled
Do not include 6 GHz channels in the ACS possible channel list if
neither HE (ieee80211ax=1) nor EHT (ieee80211be=1) is enabled since
those channels cannot be used in such combination.

Signed-off-by: Vishal Miskin <quic_vmiskin@quicinc.com>
2022-10-13 21:21:51 +03:00
Swarn Singh
1864664ca3 Android: Delay QCA roam+auth event until NL80211_CMD_ROAM is received
Information from both NL80211_CMD_ROAM and
QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH events is required for
processing the roam events correctly, especially to get the newly
connected BSS details. Indicate the roam event to private libraries only
after NL80211_CMD_ROAM and QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH
events are received.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-13 18:34:26 +03:00
Jouni Malinen
7f20a0a0bc wlantest: Key derivation for SAE-EXT-KEY
Extend wlantest capabilities to cover the new SAE-EXT-KEY AKM and
variable length MIC field and key lengths for it based on the used SAE
group.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-12 22:33:27 +03:00
Jouni Malinen
2e0400061f tests: wpa_supplicant AP mode with pmf=1/2
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-10 12:34:04 +03:00
Chaoli Zhou
5f3cdc0648 Override ieee80211w from pmf for AP mode in wpa_supplicant
Since NetworkManager doesn't support setting ieee80211w to
wpa_supplicant and only support pmf, so override ieee80211w from pmf for
AP mode if ieee80211w not configurated. Do not change behavior for the
P2P GO cases.

Signed-off-by: Chaoli Zhou <quic_zchaoli@quicinc.com>
2022-10-10 12:30:30 +03:00
Jouni Malinen
97104a6588 tests: Clear sae_groups when SAE could be used
This makes sigma_dut_ap_dpp_qr* test cases with SAE more robust by
avoiding unexpected behavior. This was found with the following test
sequence:
mesh_sae_anti_clogging sigma_dut_ap_dpp_qr_sae

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-07 20:59:34 +03:00
Jouni Malinen
2b972a35b3 DPP: Require PMF when profile is for SAE without PSK
While the IEEE 802.11 standard does not require MFPR=1, WPA3-Personal
requires PMF to be used with SAE. Use the stronger MFPR=1 configuration
for SAE-without-PSK case, i.e., interpret that as "WPA3-Personal only"
configuration.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-07 19:56:30 +03:00
Jouni Malinen
db46138de4 tests: sigma_dut DPP reconfiguration using SAE (Enrollee)
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-07 19:44:48 +03:00
Jouni Malinen
5007766d78 tests: Clear vendor elements at the end of wpas_ap_vendor_elems
This is needed to avoid surprises in the following test cases. This was
found with a failure in the following test sequence:
wpas_ap_vendor_elems p2p_ext_discovery_go

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-05 00:22:52 +03:00
Jouni Malinen
56321c0ac2 tests: Make sigma_dut_dpp_qr_mutual_resp_enrollee_connector_privacy more robust
Clear the dpp_connector_privacy_default parameter value that sigma_dut
set in wpa_supplicant at the end of the test case to avoid surprising
behavior for the following test cases. This was found with a failure in
the following test sequence:
sigma_dut_dpp_qr_mutual_resp_enrollee_connector_privacy
sigma_dut_dpp_proto_peer_disc_req

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-05 00:22:27 +03:00
Jouni Malinen
8219d2b7dd PASN: Fix CONFIG_PASN=y build without CONFIG_IEEE80211R=y
Do not try to use variables that are not defined without
CONFIG_IEEE80211R=y and add the forgotten "inline" for the function
wrapper.

Fixes: 5c65ad6c0b ("PASN: Support PASN with FT key derivation")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-04 20:41:54 +03:00
Jouni Malinen
ca94fd70c8 tests: sigma_dut and DPP AP provisioning with SAE
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-03 19:20:21 +03:00
Jouni Malinen
14cc63295e tests: DPP AP configuration for SAE-only
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-03 12:34:16 +03:00
Veerendranath Jakkam
61c6e7c62c nl80211: Parsing of MLO connection info from roam+auth event
Add support to parse MLO connection information from
QCA_WLAN_VENDOR_ATTR_ROAM_AUTH_MLO_LINKS for
QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH event.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-09-29 13:26:53 +03:00
Jouni Malinen
18f75df416 wlantest: Learn group keys for other MLO affiliated links
Update bss entries for all affiliated links whenever learning
GTK/IGTK/BIGTK from EAPOL-Key msg 3/4 or group msg 1/2.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-29 13:13:19 +03:00
Jouni Malinen
228420e2d9 wlantest: Find a STA entry based on MLO affiliated link addresses
Allow a single STA entry to be found for a non-AP MLD regardless of
which link MAC address was used to transmit/receive it.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-29 13:08:37 +03:00
Jouni Malinen
5d5c2cb2be wlantest: Recognize SAE case for moving from State 1 to 2
Update STA state tracking for SAE authentication as well as the previous
covered Open System algorithm.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-29 11:59:54 +03:00
Jouni Malinen
ac6baf0bcd wlantest: Use RSNE from MLO Link KDE, if present, for validation
Check the Beacon/Probe Response frame RSNE against the RSNE within the
MLO Link KDE for the current affiliated link instead of RSNE when
processing the EAPOL-Key msg 3/4 Key Data field.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-29 11:50:28 +03:00
Jouni Malinen
8c1231c05a wlantest: Print the TA of a Beacon frame for which there is no BIGTK
This makes the debug message more useful for determining whether an
expected BIGTK has been derived.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-29 00:03:27 +03:00
Jouni Malinen
26cf43dd5d wlantest: Learn GTK/IGTK/BIGTK for the current link in MLO case
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-29 00:00:45 +03:00
Rohan Dutta
3d842d9108 MLD STA: Add support for parsing MLO KDEs
Add support for parsing MLO KDEs as defined in Table 12-10 (KDE
selectors) in IEEE P802.11be/D2.0.

Signed-off-by: Rohan Dutta <quic_drohan@quicinc.com>
Co-authored-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-09-28 23:24:36 +03:00
Jouni Malinen
e2a434d57d wlantest: Use wpa_parse_kde_ies() directly
Make this easier to understand by using the appropriately named function
to parse KDEs/IEs in the Key Data field of EAPOL-Key frames instead of
using the wrapper function that is there just to provide the old
function name for wpa_supplicant.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-28 23:07:08 +03:00
Jouni Malinen
dc8a756ce4 wlantest: Verify Beacon frame MME even after Probe Response reception
rx_mgmt_beacon() was skipping all steps after a Probe Response frame
from the AP had been processed. This is expected for the parts that were
updating the bss entry information, but the checks for beacon protection
should not be skipped in this manner.

Skip onlu the updating parts while checking that beacon protection is
used correctly to make this more useful.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-28 23:02:31 +03:00
Rachit Kankane
e1105bab89 Add QCA vendor interface support for Spatial Reuse (SR) feature
Add a new vendor sub-command to implement Spatial Reuse feature.
Userspace enables SR feature with specific configuration parameters. The
driver/firmware upon receiving the command, enables the SR feature if it
is supported by the currently connected AP. The driver may reject the
command if it cannot enable the SR with the configured parameters. The
driver sends events to userspace to indicate when SR feature is enabled
or disabled internally. Userspace can also query SR feature related
parameters and statistics from the driver/firmware as needed.

Signed-off-by: Rachit Kankane <quic_rkankane@quicinc.com>
Signed-off-by: Aleti Nageshwar Reddy <quic_anageshw@quicinc.com>
2022-09-26 12:50:43 +03:00
Chaoli Zhou
1f39f85b72 Fix compiler warning on shift overflow in QCA vendor definitions
Fix the following compiler error:
qca-vendor.h:5892:54: error: result of ‘1 << 31’ requires 33 bits to represent, but ‘int’ only has 32 bits [-Werror=shift-overflow=]
 5892 |  QCA_WLAN_VENDOR_CHANNEL_PROP_FLAG_HE40INTOL     = 1 << 31,

This "1" needs to be marked unsigned for this case of MSB=1.

Signed-off-by: Chaoli Zhou <quic_zchaoli@quicinc.com>
2022-09-23 19:38:07 +03:00
Sunil Ravi
c5b950b6af Fix compilation error due to use of bitwise '&' with boolean operands
Compiler throws a warning for using bitwise operation in
wpa_s_setup_sae_pt() function instead of logical AND operation on two
boolean values.

Fixes: e81ec0962d ("SAE: Use H2E unconditionally with the new AKM suites")
Signed-off-by: Sunil Ravi <sunilravi@google.com>
2022-09-23 00:37:30 +03:00
Sunil
7bdd3f2aa6 P2P: Allow P2P CSA from 5 GHz to 2.4 GHz band
IEEE Std 802.11-2020, 11.8.8 (Selecting and advertising a new channel)
doesn't restrict switching to a channel which is not in the same band as
the current band. But at the same time, there are some issues in
switching between the 2.4/5 GHz bands and the 6 GHz band. So limit the
check to consider the critical use case of switching from a 5 GHz channel
to a 2.4 GHz channel.

Signed-off-by: Sunil Ravi <sunilravi@google.com>
2022-09-23 00:29:24 +03:00
Jouni Malinen
6ef455db67 tests: Automatic channel selection and 2.4 GHz channel 14
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-23 00:25:24 +03:00
Sunil Ravi
a7684a21c7 Update hw mode after ACS selects the channel
hostapd based automatic channel selection doesn't update the hardware
mode after the channel is selected. This change specifically helps
channel 14 which can operate only in IEEE 802.11b mode.

Signed-off-by: Sunil Ravi <sunilravi@google.com>
2022-09-23 00:23:56 +03:00
Jouni Malinen
f47d378cea tests: P2P and avoid frequencies preventing 80 MHz on channel 149"
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-23 00:12:33 +03:00
Sunil
768537921e P2P: Set operating class along with operating channel width
While setting up the P2P GO interface, wpa_supplicant sets the operating
channel width to CHANWIDTH_USE_HT in cases where it fails to set 80 MHz
bandwidth. In the same flow, update the operating class, too, according
to the channel width. This is to avoid setting up the operational
channel width back to 80 MHz from hostapd interface setup.

Signed-off-by: Sunil <sunilravi@google.com>
2022-09-23 00:04:30 +03:00
Sunil Ravi
ee7eec5185 P2P: Fix the issue in setting optimized listen channel
wpas_p2p_optimize_listen_channel() checks for the state and current ssid
of the interface calling this function. This check prevents the function
from setting the optimized listen channel. Since the listen channel is
stored in global P2P configuration data, do not check the state and
current interface of the caller.

Signed-off-by: Sunil Ravi <sunilravi@google.com>
2022-09-22 18:35:53 +03:00
Shay Bar
01944c0957 Fix RNR BSSID setting for own interfaces
bss->conf->bssid may be kept unset and will cause an empty BSSID field
in RNR. Fix this to use own_addr instead.

Signed-off-by: Shay Bar <shay.bar@celeno.com>
Signed-off-by: moran.daori <moran.daori@celeno.com>
2022-09-16 22:15:56 +03:00