This allows ERP keys to be managed by external entities, e.g., when
offloading FILS shared key authentication to a driver.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add support for setting and deleting PMKSA cache entries based on FILS Cache
Identifer. Also additionally add support for sending PMK as part of
SET_PMKSA to enable driver to derive keys in case of FILS shared key
offload using PMKSA caching.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is needed for configuring PMKSA cache entries to the driver with
the FILS Cache Identifier and SSID.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add support for FILS shared key offload for drivers which advertize
FILS shared key support using NL80211_CMD_CONNECT.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add new vendor commands for starting and stoppping spectral scan. Add
vendor attributes for configuring spectral scan parameters as part of
the start command.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
MDE was already added with RSNE, but FTE needed to be added to the FILS
Authentication frame for the FT initial mobility domain association
using FILS authentication case.
Signed-off-by: Jouni Malinen <j@w1.fi>
When using FILS for FT initial mobility domain association, add MDE to
the Authentication frame from the STA to indicate this special case for
FILS authentication.
Signed-off-by: Jouni Malinen <j@w1.fi>
The last SD Response frame fragment is not going to be followed by
another Action frame from the peer, so remove the 200 ms wait time from
the offchannel TX command in that case. This avoids leaving a 200 ms
lock on the radio to remain on the channel unnecessarily.
This is similar to commit 7655bd7388
('P2P: Do not use wait_time for SD Response TX without fragmentation').
Signed-off-by: Jouni Malinen <j@w1.fi>
With AP-AP communication, when hapd0 sends a packet, hapd1 can receive
it immediately and send a response. But hapd0 will only read and process
the response after it has returned from the sending context, that is
entered eloop again. So one does not need to consider the RX function of
the reply to run for the request sending hapd before the send calling
function has returned.
Previously, with intra-process communication, the packet is not
scheduled through eloop. Thus the RX handler of the reply might be run
while the sending context of the original request has not returned.
This might become problematic, e.g., when deferring a management frame
processing until an RRB response is received and then have the request
restarted and finished before the original request handling has been
stopped.
I'm not aware of any concrete bug this is currently triggering but came
across it while thinking of FT RRB AP-AP sequence numbering.
I think the non-eloop scheduling approach might be error-prone and thus
propose to model it more closely to the way the message would be
received from a socket. Additionally, this ensures that the tests model
AP-AP communication more closely to real world.
Solution: queue these packets through eloop.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
With multiple interface like AP and station which is already
associated to some other AP, when we try to do channel switch
for the AP mode (different from the operation channel support of
station) and if the AP channel switch fails continously (including
the fallback channel switch), results in a crash due to NULL pointer
dereference. This is because hostapd_deinit_driver() assigns the
driver context (drv_priv) to NULL as we are not able to bring up
the interface with a new channel
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qti.qualcomm.com>
Add attribute for TA max duration after last TA received. So that local
time is synchromous to other communicating OCB STAs. If the duration
expires, OCB STA without UTC time source is not in sync to other STAs
and stop scheduling DSRC channel switch after max duration.
Signed-off-by: Zhaoyang Liu <zhaoyang@codeaurora.org>
Signed-off-by: Ferry Zhou <tianguiz@codeaurora.org>
Document QCA vendor OCB commands about IEEE Std 802.11 communication
outside the context of a basic service set. Also define all attributes
for the specific OCB commands.
Signed-off-by: Zhaoyang Liu <zhaoyang@codeaurora.org>
Signed-off-by: Ferry Zhou <tianguiz@codeaurora.org>
This change fixes the following compilation error:
wpa.c:2465: error: undefined reference to 'crypto_ecdh_deinit'
in builds where CONFIG_ECC does not get defined.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This fixes the following compiler warning:
wpa_auth.c:4249:34: error: address of array 'a->conf.fils_cache_id'
will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion]
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Do not accept a link-local IPv4 address when waiting for a valid DHCP
address. This helps with hs20-osu-client use cases where DHCP response
has not yet been received.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, the Value node was not added if value of a node could not be
fetched. This can cause interoperability issues, so address that in the
same way as an empty length value, i.e., by adding a Value node with
zero-length contents.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
In case wpa_supplicant is using driver_macsec_linux, but macsec module
is not (yet) loaded in the kernel, nl_socket_alloc() fails and drv->sk
is NULL. In this case, don't call libnl functions rntl_link_add() or
rtnl_link_change() using such NULL pointer, to prevent program from
getting segmentation faults like:
Program received signal SIGSEGV, Segmentation fault.
nl_socket_get_local_port (sk=sk@entry=0x0) at socket.c:365
365 if (sk->s_local.nl_pid == 0) {
(gdb) p sk
$1 = (const struct nl_sock *) 0x0
(gdb) bt
#0 nl_socket_get_local_port (sk=sk@entry=0x0) at socket.c:365
#1 0x00007ffff79c56a0 in nl_complete_msg (sk=sk@entry=0x0,
msg=msg@entry=0x55555595a1f0) at nl.c:491
#2 0x00007ffff79c56d1 in nl_send_auto (sk=sk@entry=0x0,
msg=msg@entry=0x55555595a1f0) at nl.c:522
#3 0x00007ffff79c652f in nl_send_sync (sk=sk@entry=0x0,
msg=0x55555595a1f0) at nl.c:556
#4 0x00007ffff755faf5 in rtnl_link_add (sk=0x0,
link=link@entry=0x55555595b0f0, flags=flags@entry=1024) at route/link.c:1548
#5 0x000055555567a298 in macsec_drv_create_transmit_sc (priv=0x55555593b130,
sc=0x55555593b320, conf_offset=<optimized out>) at ../src/drivers/driver_macsec_linux.c:998
Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
ieee802_1x_kay_deinit_transmit_sc() frees the transmit secure channel
data, but secy_delete_transmit_sc() still needs it. Since this functions
are called sequentially, secy_delete_transmit_sc() can be called from
ieee802_1x_kay_deinit_transmit_sc() before txsc is freed.
Fixes: 128f6a98b3 ("mka: Fix the order of operations in secure channel deletion")
Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
ieee802_1x_kay_deinit_receive_sc() frees the receive secure channel data,
but secy_delete_receive_sc() still needs it. Since these two functions
are always called sequentially, secy_delete_receive_sc() can be called
from ieee802_1x_kay_deinit_receive_sc() before rxsc is freed.
Fixes: 128f6a98b3 ("mka: Fix the order of operations in secure channel deletion")
Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
1. Add new attribute to report corresponding antenna information to the
chain RSSI which is used in subcmd
QCA_NL80211_VENDOR_SUBCMD_GET_CHAIN_RSSI.
2. Add a series of attr to support the new wmi interface
WMI_PDEV_PARAM_ANT_DIV_USRCFG which export parameters setting of antenna
diversity algorithm to userspace.
Signed-off-by: Li Feng <lifeng@qti.qualcomm.com>
QCA_WLAN_VENDOR_ATTR_CONFIG_PROPAGATION_ABS_DELAY is added to set
propagation delay's absolute value. This is a more detailed version of
QCA_WLAN_VENDOR_ATTR_CONFIG_PROPAGATION_DELAY.
Signed-off-by: Zhang Qian <zhangq@qti.qualcomm.com>
If a P2P_FIND command is issued for running the initial full scan and
the attempt to start that full scan fails, the previous behavior was to
wait for the ongoing scan to complete and then continue p2p_find scan
iterations. However, this continued with the social channels scan
instead of the initial full scan. This could end up missing the full
scan completely.
Fix this by marking the full scan pending if the new scan cannot be
started immediately. Then start the initial full scan after the ongoing
scan completes before moving to social channel only scan iterations.
This applies both for the P2P_FIND_START_WITH_FULL (no specific
frequency set) and P2P_FIND_PROGRESSIVE cases since both of them start
with a single full scan round.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This makes the "P2P_FIND freq=<MHz>" operation more robust by continuing
to include the specified frequency in the consecutive scan rounds
instead of including it only once in the first scan. In other words, the
first scan is only for the specified frequency just like the previous
behavior, but the following scans include all the social channels and
the specified frequency instead of just the previously used social
channels.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds an option to configure wpa_supplicant to use the perfect
forward secrecy option in FILS shared key authentication. A new build
option CONFIG_FILS_SK_PFS=y can be used to include this functionality. A
new runtime network profile parameter fils_dh_group is used to enable
this by specifying which DH group to use. For example, fils_dh_group=19
would use FILS SK PFS with a 256-bit random ECP group.
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds an option to configure hostapd to enable use of perfect
forward secrecy option in FILS shared key authentication. A new build
option CONFIG_FILS_SK_PFS=y can be used to include this functionality. A
new runtime configuration parameter fils_dh_group is used to enable this
by specifying which DH group to use. For example, fils_dh_group=19 would
allow FILS SK PFS to be used with a 256-bit random ECP group.
Signed-off-by: Jouni Malinen <j@w1.fi>
draft-harkins-owe-07.txt does not specify these parameters, so need to
pick something sensible to use for the experimental implementation. The
Suite B 128-bit level AKM 00-0F-AC:11 has reasonable parameters for the
DH group 19 case (i.e., SHA256 hash), so use it for now. This can be
updated if the OWE RFC becomes clearer on the appropriate parameters
(KEK/KCK/MIC length, PRF/KDF algorithm, and key-wrap algorithm).
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds STA side addition of OWE Diffie-Hellman Parameter element into
(Re)Association Request frame and processing it in (Re)Association
Response frame.
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds AP side processing for OWE Diffie-Hellman Parameter element in
(Re)Association Request frame and adding it in (Re)Association Response
frame.
Signed-off-by: Jouni Malinen <j@w1.fi>
The KDF define in RFC 5295 is very similar to HKDF-Expand() defined in
RFC 5869. Allow a NULL label to be used to select the RFC 5869 version
with arbitrary seed (info in RFC 5869) material without forcing the
label and NULL termination to be included. HKDF-Expand() will be needed
for OWE.
Signed-off-by: Jouni Malinen <j@w1.fi>
These allow ECDH to be used with compressed public key encoding (only
x-coordinate). This is needed for FILS PFS and OWE.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add a helper function that parses candidate list from command line
arguments.
This function will be used (in the following commits) to add
a candidate list to BSS transition management query.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
This extends the GAS/ANQP parser in wpa_supplicant to process MBO
ANQP-elements and indicate received Cellular Data Connection Preference
values over the control interface.
When a valid MBO ANQP-element is received, the following control
interface message is sent:
RX-MBO-ANQP <BSSID> cell_conn_pref=<value>
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This extends the GAS server to process MBO ANQP-elements and reply to a
query for the Cellular Data Connection Preference (if configured). The
new configuration parameter mbo_cell_data_conn_pref can be used to set
the value (0, 1, or 255) for the preference to indicate.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
MBO techspec v0.0_r27 changed the MBO ANQP-element format. The MBO
element in ANQP query should now include an MBO Query List element that
contains a list of MBO elements to query.
Add API to add the MBO Query List to an ANQP query.
Format:
ANQP_GET <addr> <info_id>[,<info_id>]...[,mbo:<subtype>...]
Example for querying neighbor report with MBO cellular data
connection preference:
ANQP_GET <bssid> 272,mbo:2
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
As FCC DFS requirement does not explicitly mention about the validity of
the (pre-)CAC when channel is switched, it is safe to assume that the
pre-CAC result will not be valid once the CAC completed channel is
switched or radar detection is not active on the (CAC completed) channel
within a time period which is allowed (10 seconds - channel switch time)
as per FCC DFS requirement.
Use the new driver event to allow the driver to notify expiry of the CAC
result on a channel. Move the DFS state of the channel to 'usable' when
processing pre-CAC expired event. This means any future operation on
that channel will require a new CAC to be completed. This event is
applicable only when DFS is not offloaded to the kernel driver.
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qti.qualcomm.com>
Process the new nl80211 event NL80211_RADAR_PRE_CAC_EXPIRED to allow the
driver to notify expiry of the CAC result on a channel.
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qti.qualcomm.com>
When DFS channel state is shared across multiple radios on the system it
is possible that a CAC completion event is propagated from other radio
to us. When in enabled state, do not proceed with setup completion upon
processing CAC completion event with devices where DFS is not offloaded,
when in state other than enabled make sure the configured DFS channel is
in available state before start the AP.
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qti.qualcomm.com>
The userspace may want to delay the the first scheduled scan.
This enhances sched_scan to add initial delay (in seconds) before
starting first scan cycle. The driver may optionally choose to
ignore this parameter and start immediately (or at any other time).
This uses NL80211_ATTR_SCHED_SCAN_DELAY to add this via user
global configurable option: sched_scan_start_delay.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
