Commit graph

18618 commits

Author SHA1 Message Date
Jouni Malinen
bc0268d053 wlantest: Guess SAE/OWE group from EAPOL-Key length mismatch
The MIC length depends on the negotiated group when SAE-EXT-KEY or OWE
key_mgmt is used. wlantest can determine the group if the capture file
includes the group negotiation, i.e., the initial association when a PMK
was created. However, if the capture file includes only an association
using PMKSA caching, the group information is not available. This can
result in inability to be able to process the EAPOL-Key frames (e.g.,
with the "Truncated EAPOL-Key from" message).

If the negotiated group is not known and an EAPOL-Key frame length does
not seem to match the default expectations for group 19, check whether
the alternative lengths for group 20 or 21 would result in a frame that
seems to have valid length. If so, update the STA entry with the guessed
group and continue processing the EAPOL-Key frames based on this.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-11 20:35:34 +03:00
Ilan Peer
bd209633eb AP: Use is_zero_ether_addr() to check if BSSID is NULL
Use helper function is_zero_ether_addr() for checking empty bssid
value in hostapd_driver_init().

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-off-by: Manaswini Paluri <quic_mpaluri@quicinc.com>
2023-08-11 12:13:20 +03:00
Ilan Peer
763a19286e AP: Add configuration option to specify the desired MLD address
Add mld_addr configuration option to set the MLD MAC address.
The already existing bssid configuration option can be used to
control the AP MLD's link addresses.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-off-by: Manaswini Paluri <quic_mpaluri@quicinc.com>
2023-08-11 12:12:43 +03:00
Allen.Ye
2763d1d97e hostapd: Fix AID assignment in multiple BSSID
When STAs connect to transmitted BSS and nontransmitted BSS, the
AP should assign the aIDs from the same pool.

Use the transmitted BSS AID pool to assign AIDs when the AP enables
multiple BSSID.

Signed-off-by: Allen.Ye <allen.ye@mediatek.com>
2023-08-11 12:04:59 +03:00
Michael Lee
bc0636841a wpa_supplicant: Fix configuration parsing error for tx_queue_*
In the original flow, after hostapd_config_tx_queue() successfully
parses a tx_queue variable, wpa_config_process_global() would not return
immediately. Then it would print out "unknown global field" later and set
return val to -1.

Return success (0) after hostapd_config_tx_queue() successfully parses a
tx_queue variable to fix this.

Fixes: 790026c3da ("Allow TX queue parameters to be configured for wpa_supplicant AP/P2P GO")
Signed-off-by: Michael Lee <michael-cy.lee@mediatek.com>
2023-08-11 11:53:16 +03:00
Felix Fietkau
a685d84139 BSS coloring: Fix CCA with multiple BSS
Pass bss->ctx instead of drv->ctx in order to avoid multiple reports for
the first bss. The first report would otherwise clear hapd->cca_color and
subsequent reports would cause the iface bss color to be set to 0.
In order to avoid any issues with cancellations, only overwrite the color
based on hapd->cca_color if it was actually set.

Fixes: 33c4dd26cd ("BSS coloring: Handle the collision and CCA events coming from the kernel")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-11 11:50:34 +03:00
Henry Ptasinski
34841cfd9a Minor formatting changes to CCMP test vectors
Signed-off-by: Henry Ptasinski <henry@e78com.com>
2023-08-11 11:46:37 +03:00
Henry Ptasinski
30771e6e05 Include PTID in PV1 nonce construction for CCMP test vector
Includ the PTID in the PV1 nonce construction.

Signed-off-by: Henry Ptasinski <henry@e78com.com>
2023-08-11 11:46:29 +03:00
Henry Ptasinski
232667eafe Fix CCMP test vector issues
Commit b20991da69 introduced errors in
the order of arguments to the calls of ccmp_decrypt() and
ccmp_256_decrypt(). Correct the order of arguments.

Fixes: b20991da69 ("wlantest: MLD MAC Address in CCMP/GCMP AAD/nonce")
Signed-off-by: Henry Ptasinski <henry@e78com.com>
2023-08-11 11:46:22 +03:00
Ilan Peer
b7db495ad9 AP: Fix ieee802_1x_ml_set_sta_authorized()
One of the conditions in the function should be inverted. Fix it.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2023-08-11 11:27:02 +03:00
Chien Wong
8f148d5132 Fix a compiler warning on prototype mismatch
Fix the warning:
wpa_supplicant.c:2257:5: warning: conflicting types for
‘wpas_update_random_addr’ due to enum/integer mismatch; have ‘int(struct
wpa_supplicant *, enum wpas_mac_addr_style,  struct wpa_ssid *)’
[-Wenum-int-mismatch]
 2257 | int wpas_update_random_addr(struct wpa_supplicant *wpa_s,
      |     ^~~~~~~~~~~~~~~~~~~~~~~
In file included from wpa_supplicant.c:32:
wpa_supplicant_i.h:1653:5: note: previous declaration of
‘wpas_update_random_addr’ with type ‘int(struct wpa_supplicant *, int, 
struct wpa_ssid *)’
 1653 | int wpas_update_random_addr(struct wpa_supplicant *wpa_s, int
style,
      |     ^~~~~~~~~~~~~~~~~~~~~~~

Fixes: 1d4027fdbe ("Make random MAC address style parameters use common enum values")
Signed-off-by: Chien Wong <m@xv97.com>
2023-08-11 11:25:36 +03:00
Jouni Malinen
011775af94 tests: Check for beacon loss when using beacon protection
This extends testing coverage to detect an issue that was fixed in
commit bf9cbb462f ("Fix writing of BIGTK in FT protocol").

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-10 21:28:14 +03:00
Jouni Malinen
bf9cbb462f Fix writing of BIGTK in FT protocol
A copy-paste issue in wpa_ft_bigtk_subelem() ended up encoding the IGTK
value instead of the BIGTK when providing the current BIGTK to the STA
during FT protocol. Fix this to use the correct key to avoid issues when
beacon protection is used with FT.

Fixes: 16889aff40 ("Add BIGTK KDE and subelement similarly to IGTK")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-10 21:17:40 +03:00
Vinay Gannevaram
084745ffc5 Add QCA vendor attributes for NDP setup
QCA vendor extension is used for NDP setup. This defines the new
attributes QCA_WLAN_VENDOR_ATTR_NDP_CSIA_CAPABILITIES and
QCA_WLAN_VENDOR_ATTR_NDP_GTK_REQUIRED to support GTKSA, IGTKSA, and
BIGTKSA for NDP setup.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-10 18:22:36 +03:00
Jouni Malinen
770760454f wlantest: Do not update BSS entries for other AP MLDs in PTK cloning
The new PTK migth need to be copied to another MLO STA entry, but that
operation should not modify the MLD MAC address of unrelated AP MLDs.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-10 12:37:47 +03:00
Jouni Malinen
709d46da73 wlantest: Do not claim update to AP MD MAC address if no change
The "Updated AP MLD MAC Address from EAPOL-Key 1/4" can be confusing
when there is actually no change.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-10 12:37:47 +03:00
Jouni Malinen
a19fcf685c wlantest: Include the MLD MAC address of the AP MLD in new-STA prints
This makes the "Discovered new STA" entries in the debug log easier to
use when analyzing roaming cases with MLO.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-10 12:37:47 +03:00
Jouni Malinen
5434a42ec6 wlantest: Search for FT Target AP using MLD MAC address as well
When FT over-the-DS is used with MLO, the Target AP Address field is
expected to identify the AP MLD using its MLD MAC address.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-10 12:37:43 +03:00
Jouni Malinen
49bf9f2df9 wlantest: Use the MLD MAC address as well for matching STA entries
Allow either a link address or the MLD MAC address of a non-AP MLD to
match the MAC address that is being used to identify a source or
destination of a frame for the MLO cases.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-10 12:14:31 +03:00
Jouni Malinen
4e8e515f92 wlantest: Use MLO search for the STA in reassociation
FT over-the-DS might have created the new STA entry on another
affiliated BSS during the FT Request/Response exchange, so use a wider
search to locate the correct STA entry when processing the Reassociation
Request/Response frames.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-10 12:14:31 +03:00
Jouni Malinen
1ffabd697c wlantest: Learn non-AP MLD MAC address from (Re)Association Request frames
Use the Basic Multi-Link element in (Re)Association Request frames to
learn the non-AP MLD MAC address instead of having to wait until this
address is included in an EAPOL-Key frame. This is needed for FT
protocol (where 4-way handshake is not used) and it is also convenient
to have the MLD MAC address available as soon as possible to be able to
decrypt frames and even to recognize some special AP vs. STA cases when
either the BSSID or the AP MLD MAC address might be used.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-10 12:14:31 +03:00
Jouni Malinen
7447275858 wlantest: Recognize non-AP MLD based on any link address for decryption
Compare A1 against all the link addresses of a non-AP MLD when
determining whether a Data frame is from the non-AP MLD or the AP MLD
during a decryption attempt.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-10 12:14:31 +03:00
Jouni Malinen
a5a0b2cf7b wlantest: Find non-AP MLD only from affiliated BSSs of the AP MLD
Make sta_find_mlo() more accurate by searching a non-AP MLD only from
the affialiated BSSs of the AP MLD instead of from any BSS. This might
help in some roaming cases where both the old and the new AP MLD have
their affiliated links in the BSS table.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-10 12:14:31 +03:00
Jouni Malinen
74e4a0a6f1 wlantest: Learn AP MLD MAC address from Beacon frames
Use the Basic Multi-Link element in Beacon frames (and Probe Response
frames for that matter) to learn the AP MLD MAC address instead of
having to wait until this address is included in an EAPOL-Key frame.
This is needed for FT protocol (where 4-way handshake is not used) and
it is also convenient to have the MLD MAC address available as soon as
possible to be able to decrypt frames and even to recognize some special
AP vs. STA cases when either the BSSID or the AP MLD MAC address might
be used.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-10 12:14:31 +03:00
Jouni Malinen
3973300b8d FTE protected element check for MLO Reassociation Response frame
The set of protected elements in the FTE in Reassociation Response frame
is different for MLO. Count RSNE and RSNXE separately for each link.
This implementation uses the number of links for which a GTK was
provided which does not fully match the standard ("requested link") and
a more accurate implementation is likely needed, but that will require
some more complexity and state information.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-10 12:14:31 +03:00
Jouni Malinen
43b5f11d96 Defragmentation of FTE
Defragment the FTE if it was fragmented. This is needed for MLO when the
FTE in Reassociation Response frame might be longer than 255 octets to
include all the group keys for all the links.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-10 12:14:31 +03:00
Jouni Malinen
053bd8af8e Recognize FTE MLO subelements
Recognize the new MLO GTK/IGTK/BIGTK subelements when parsing an FTE.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-10 12:14:14 +03:00
Jouni Malinen
605034240e wlantest: Support multiple input files
Allow the -r<file> command line argument to be used multiple times to
read more than a single capture file for processing. This reduces need
for external tools to be used first to merge capture files for wlantest.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-08 11:00:42 +03:00
Jouni Malinen
c3f465c56c wlantest: Handle variable length MIC field in EAPOL-Key with OWE
The Key MIC field is of variable length when using OWE, so determine the
correct length based on which group was negotiated for OWE during
association.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-08 10:30:10 +03:00
Jouni Malinen
faee8b99e9 tests: Fix eht_mld_sae_legacy_client to restore sae_pwe
Changing sae_pwe and leaving the modified value for the following test
cases can result in failures.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-07-21 20:17:53 +03:00
Veerendranath Jakkam
d320692d91 AP MLD: Handle new STA event when using SME offload to the driver
Parse link id and station MLD address received from the driver in the
NL80211_CMD_NEW_STA event.

Set MLO information of the station to the sta_info and wpa_sm.

Co-authored-by: Manaswini Paluri <quic_mpaluri@quicinc.com>
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-07-21 19:57:25 +03:00
Manaswini Paluri
96deacf5d7 nl80211: Skip STA MLO link channel switch handling in AP mode
Add check to skip the STA mode specific MLO link channel switch handling
in AP mode. Commit 1b6f3b5850 ("MLD STA: Indicate per link channel
switch") added this indication only for STA mode.

Signed-off-by: Manaswini Paluri <quic_mpaluri@quicinc.com>
2023-07-19 19:43:00 +03:00
Manaswini Paluri
99a96b2f9d AP MLD: OWE when SME is offloaded to the driver
Add support to parse association link id and MLD address from the
NL80211_CMD_UPDATE_OWE_INFO event.

Set MLO information of the station to the sta_info and wpa_sm.

Use station association link address for sending DH IE info to the
driver.

Signed-off-by: Manaswini Paluri <quic_mpaluri@quicinc.com>
2023-07-19 19:39:50 +03:00
Manaswini Paluri
e53d44ac63 AP MLD: Use STA assoc link address in external auth status to the driver
Use station association link address for sending SAE authentication
status to the driver in AP mode external authentication status.

Signed-off-by: Manaswini Paluri <quic_mpaluri@quicinc.com>
2023-07-19 19:28:44 +03:00
Kiran Kumar Lokere
4636476b7f Set RRM used config if the (Re)Association Request frame has RRM IE
Set the sme RRM used config if the RRM element is present in the
(Re)Association Request frame sent in association event to cover the
cases where the driver SME takes care of negotiating RRM capabilities.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-07-18 16:40:59 +03:00
Vishal Miskin
a50d1ea6a2 Add QCA vendor attributes for user defined power save parameters
Extend QCA_WLAN_VENDOR_ATTR_CONFIG_OPTIMIZED_POWER_MANAGEMENT
attribute to support enum qca_wlan_vendor_opm_mode.

Add QCA vendor attribute QCA_WLAN_VENDOR_ATTR_CONFIG_OPM_ITO and
QCA_WLAN_VENDOR_ATTR_CONFIG_OPM_SPEC_WAKE to configure inactivity
timeout and speculative wake interval in User defined optimized
power save mode.

Signed-off-by: Vishal Miskin <quic_vmiskin@quicinc.com>
2023-07-18 16:37:27 +03:00
Jouni Malinen
50ee26fc70 P2P: Check p2p_channel_select() return value
Verify that the operation succeeds before a debug print indicating that
it did. This was already done in most callers, so be more consistent and
do it here as well.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-07-18 16:15:01 +03:00
Jouni Malinen
fb2b7858a7 FILS: Fix HE MCS field initialization
The second argument to memset() is only eight bits, so there is no point
in trying to set 0xffff values for an array of 16-bit fields. 0xff will
do the exact same thing without causing static analyzes warnings about
truncated value.

Fixes: 903e3a1e62 ("FILS: Fix maximum NSS calculation for FD frame")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-07-18 16:11:08 +03:00
Jouni Malinen
f80d833688 ACS: Remove invalid debug print
ideal_chan is NULL here, so it is not really valid to try to debug print
something from it due to the implied NULL pointer dereferencing.

Fixes: af0f60e7dd ("EHT: Calculate puncturing bitmap for ACS")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-07-18 16:08:44 +03:00
Jouni Malinen
7a37a94eaa Check whether element parsing has failed
Check the ieee802_11_parse_elems() return code and do not proceed in
various cases if parsing failed. Previously, these cases would have been
allowed to continue by ignoring whatever might have followed in the IE
buffer after the first detected parsing failure. This is not really an
issue in practice, but it feels cleaner to explicitly stop when
receiving an invalid set of IEs.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-07-18 16:05:17 +03:00
Jouni Malinen
a4c133ea73 WPS: Optimize attribute parsing workaround
Optimize the search for nonzero octets when checking for the need to
work around WPS M1 padding. The previous implementation was really
inefficient (O(n^2)) and while that was likely sufficiently fast for the
cases where the MMPDU size limit prevents long buffers (e.g., all P2P
Action frames), it might be able to take tens of seconds on low-end CPUs
with maximum length EAP-WSC messages during WPS provisioning. More
visibly, this was causing OSS-Fuzz to time out a test case with
unrealisticly long data (i.e., almost 10 times the maximum EAP-WSC
buffer length).

Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60039
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-07-18 11:46:57 +03:00
Jouni Malinen
518ae8c7cc P2P: Do not print control characters in debug
Do not print the received country code as characters if it includes
control characters.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-07-18 11:15:15 +03:00
Jouni Malinen
b2a1e7fe7a tests: PEAP and TTLS phase2_auth behavior
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-07-17 21:25:06 +03:00
Jouni Malinen
de9a11f4dd TTLS client: Support phase2_auth=2
Allow the phase2_auth=2 parameter (in phase1 configuration item) to be
used with EAP-TTLS to require Phase 2 authentication. In practice, this
disables TLS session resumption since EAP-TTLS is defined to skip Phase
2 when resuming a session.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-07-17 21:25:06 +03:00
Jouni Malinen
8e6485a1bc PEAP client: Update Phase 2 authentication requirements
The previous PEAP client behavior allowed the server to skip Phase 2
authentication with the expectation that the server was authenticated
during Phase 1 through TLS server certificate validation. Various PEAP
specifications are not exactly clear on what the behavior on this front
is supposed to be and as such, this ended up being more flexible than
the TTLS/FAST/TEAP cases. However, this is not really ideal when
unfortunately common misconfiguration of PEAP is used in deployed
devices where the server trust root (ca_cert) is not configured or the
user has an easy option for allowing this validation step to be skipped.

Change the default PEAP client behavior to be to require Phase 2
authentication to be successfully completed for cases where TLS session
resumption is not used and the client certificate has not been
configured. Those two exceptions are the main cases where a deployed
authentication server might skip Phase 2 and as such, where a more
strict default behavior could result in undesired interoperability
issues. Requiring Phase 2 authentication will end up disabling TLS
session resumption automatically to avoid interoperability issues.

Allow Phase 2 authentication behavior to be configured with a new phase1
configuration parameter option:
'phase2_auth' option can be used to control Phase 2 (i.e., within TLS
tunnel) behavior for PEAP:
 * 0 = do not require Phase 2 authentication
 * 1 = require Phase 2 authentication when client certificate
   (private_key/client_cert) is no used and TLS session resumption was
   not used (default)
 * 2 = require Phase 2 authentication in all cases

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-07-17 21:09:26 +03:00
Jouni Malinen
599d00be9d wlantest: Support HT Control field in Robust Management frames
Check the +HTC bit in FC to determine if the HT Control field is present
when decrypting Robust Management frames. This was already done for QoS
Data frames, but the Management frame case had not been extended to
cover this option.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-06-22 22:44:51 +03:00
Veerendranath Jakkam
30f5bdc34c Add support to configure per-MLO link maximum supported channel width
Update documentation of the QCA_WLAN_VENDOR_ATTR_CONFIG_CHANNEL_WIDTH
and QCA_WLAN_VENDOR_ATTR_CONFIG_CHAN_WIDTH_UPDATE_TYPE attributes to
indicate support for per-MLO link configuration.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-06-22 22:32:42 +03:00
Veerendranath Jakkam
3d1ec9d0af Add QCA vendor interface to support per-MLO link configurations
Add support for per-MLO link configurations in
QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION and
QCA_NL80211_VENDOR_SUBCMD_GET_WIFI_CONFIGURATION commands.

Additionally, add documentation for
QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION and
QCA_NL80211_VENDOR_SUBCMD_GET_WIFI_CONFIGURATION commands.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-06-22 22:32:33 +03:00
Vamsi Krishna
f83cc05aa4 Reserve QCA vendor sub command id 232
This is reserved for QCA use.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-06-22 22:00:34 +03:00
Kiran Kumar Lokere
82db29c37e QCA vendor test config attribute for MLO link powersave
Define a new QCA vendor test config attribute to configure powersave
on MLO links.

This attribute is used for testing purposes.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-06-22 21:58:36 +03:00