Commit graph

8144 commits

Author SHA1 Message Date
Jouni Malinen
947272febe P2P: Fix copying of secondary device types for P2P group client
Parsing and copying of WPS secondary device types list was verifying
that the contents is not too long for the internal maximum in the case
of WPS messages, but similar validation was missing from the case of P2P
group information which encodes this information in a different
attribute. This could result in writing beyond the memory area assigned
for these entries and corrupting memory within an instance of struct
p2p_device. This could result in invalid operations and unexpected
behavior when trying to free pointers from that corrupted memory.

Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27269
Fixes: e57ae6e19e ("P2P: Keep track of secondary device types for peers")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-02-04 00:25:40 +02:00
Jouni Malinen
25df656a8a Remove pointless defines for ext capab bits
These were copy-pasted templates that were forgotten to be removed when
defining the bits.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-02-04 00:23:14 +02:00
Aloka Dixit
630b1fdba8 AP: Add 6 GHz security constraints
Add security constraints for the 6 GHz band as given in IEEE
P802.11ax/D8.0, 12.12.2.

Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
2021-02-02 23:39:31 +02:00
Ilan Peer
24f0507af4 WPA: Support deriving KDK based on capabilities (Authenticator)
Derive the KDK as part of PMK to PTK derivation if forced by
configuration or in case both the local AP and the peer station declare
support for secure LTF.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-26 23:09:39 +02:00
Ilan Peer
dccb6cde03 WPA: Support deriving KDK based on capabilities
Derive the KDK as part of PMK to PTK derivation if forced by
configuration or in case both the local station and the AP declare
support for secure LTF.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-26 23:09:39 +02:00
Ilan Peer
9e7b980d65 PASN: Include RSNXE in the PASN negotiation
IEEE P802.11az/D2.6 added definitions to include RSNXE in the PASN
negotiation. Implement the new functionality in both wpa_supplicant and
hostapd.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-26 23:09:36 +02:00
Ilan Peer
d8cd20e37b RSN: Add RSNXE new definitions
IEEE P802.11az/D2.6 defines the following additional capabilities to
RSNXE:

- Secure LTF support
- Secure RTT support
- Protection of range negotiation and measurement management frames.

Add support for advertising the new capabilities.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-26 23:08:27 +02:00
Ilan Peer
2eb2fb8bd4 AP: Support PASN with FT key derivation
Note that the implementation is not complete as it is missing support
for the FT wrapped data which is optional for the station, but must be
supported by the AP in case the station included it.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-26 17:49:00 +02:00
Ilan Peer
5c65ad6c0b PASN: Support PASN with FT key derivation
Add support for PASN authentication with FT key derivation:

- As IEEE P802.11az/D2.6 states that wrapped data is optional and
  is only needed for further validation of the FT security parameters,
  do not include them in the first PASN frame.

- PASN with FT key derivation requires knowledge of the PMK-R1 and
  PMK-R1-Name for the target AP. As the WPA state machine stores PMK-R1,
  etc. only for the currently associated AP, store the mapping of
  BSSID to R1KH-ID for each previous association, so the R1KH-ID
  could be used to derive PMK-R1 and PMK-R1-Name. Do so instead
  of storing the PMK-R1 to avoid maintaining keys that might not
  be used.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-26 17:38:30 +02:00
Ilan Peer
62edb79a0c AP: Support PASN with FILS key derivation
As the PASN FILS authentication is only defined for FILS SK without PFS,
and to support PASN authentication with FILS, implement the PASN with
FILS processing as part of the PASN handling and not as part of the WPA
Authenticator state machine.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 20:28:33 +02:00
Ilan Peer
da35e1214d AP: Support PASN with SAE key derivation
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 20:27:14 +02:00
Ilan Peer
a93ec28d10 PASN: Support PASN with SAE key derivation
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 20:27:14 +02:00
Ilan Peer
3040c8a2da AP: Add support for PASN processing to the SME
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 20:27:12 +02:00
Ilan Peer
f2f8e4f458 Add PTKSA cache to hostapd
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 19:15:47 +02:00
Ilan Peer
2c963a117a AP: Add support for configuring PASN
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 19:15:47 +02:00
Ilan Peer
363768c8ac PASN: Add support for PASN processing to wpa_supplicant
Add PASN implementation to wpa_supplicant

1. Add functions to initialize and clear PASN data.
2. Add functions to construct PASN Authentication frames.
3. Add function to process PASN Authentication frame.
4. Add function to handle PASN frame TX status.
5. Implement the station side flow processing for PASN.

The implementation is missing support for wrapped data and PMKSA
establishment for base AKMs, and only supports PASN authentication or
base AKM with PMKSA caching.

The missing parts will be added in later patches.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 19:15:44 +02:00
Ilan Peer
d70060f966 WPA: Add PTKSA cache to wpa_supplicant for PASN
PASN requires to store the PTK derived during PASN authentication
so it can later be used for secure LTF etc. This is also true
for a PTK derived during regular connection.

Add an instance of a PTKSA cache for each wpa_supplicant
interface when PASN is enabled in build configuration.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 18:36:40 +02:00
Ilan Peer
a4e3691616 WPA: Add PTKSA cache implementation
In order to be able to perform secure LTF measurements, both the
initiator and the responder need to first derive TK and KDK and store
them, so they would later be available for the secure LTF negotiation.

Add a basic implementation of a PTKSA cache that stores derived TK/KDK
which can later be used for secure LTF negotiation, and add it to the
build configuration.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 18:36:40 +02:00
Ilan Peer
a84ba92fa0 WPA: Add a function to get PMKSA cache entry
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 18:36:40 +02:00
Ilan Peer
6709b4ceb8 common: Add PASN parsing to ieee802_11_parse_extension()
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 18:36:40 +02:00
Ilan Peer
46bfc3a849 tests: Add module tests for PASN PTK derivation
Based on tests vectors taken from IEEE P802.11az/D2.6.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 18:36:40 +02:00
Ilan Peer
9ce123cdbf PASN: Add common Authentication frame build/validation functions
Add helper functions to construct a PASN Authentication frame and
validate its content, which are common to both wpa_supplicant and
hostapd.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 18:36:40 +02:00
Ilan Peer
c6d1a33bb0 PASN: Add functions to compute PTK, MIC and hash
1. Add a function to derive the PTK from a PMK and additional data.
2. Add a function to calculate the MIC for a PASN frames.
3. Add a function to compute the hash of an authentication frame body.

The above are built only in case that CONFIG_PASN is enabled at build
time.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 18:36:40 +02:00
Ilan Peer
d87f4aea11 FILS: Extend the fils_pmk_to_ptk() function to also derive KDK
Extend the fils_pmk_to_ptk() to also derive Key Derivation
Key (KDK) which can later be used for secure LTF measurements.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 18:36:40 +02:00
Ilan Peer
6e834db74e FT: Extend the wpa_pmk_r1_to_ptk() function to also derive KDK
Extend the wpa_pmk_r1_to_ptk() to also derive Key Derivation
Key (KDK), which can later be used for secure LTF measurements.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 18:36:40 +02:00
Ilan Peer
46c232eb76 WPA: Extend the wpa_pmk_to_ptk() function to also derive KDK
Extend the wpa_pmk_to_ptk() to also derive Key Derivation
Key (KDK), which can later be used for secure LTF measurements.

Update the wpa_supplicant and hostapd configuration and the
corresponding WPA and WPA Auth state machine, to allow enabling of KDK
derivation. For now, use a testing parameter to control whether KDK is
derived.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 18:36:40 +02:00
Ilan Peer
019507e10e common: Allow WPA_CIPHER_GTK_NOT_USED as a valid group management cipher
PASN authentication requires that group management cipher suite
would be set to 00-0F-AC:7 in the RSNE, so consider it as a valid
group management cipher and adjust the code accordingly.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 18:35:50 +02:00
Ilan Peer
2447212214 nl80211: Always register for RX authentication frames with PASN
Register a filter that only requests PASN Authentication frames
to be passed to user space.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 18:35:50 +02:00
Ilan Peer
a728449a04 nl80211: Allow off-channel of PASN authentication frames in send_mlme()
As part of the support needed for PASN.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 18:35:50 +02:00
Ilan Peer
367e79231c PASN: Add some specification definitions
Based on IEEE P802.11az/D2.6.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 18:35:50 +02:00
Sreeramya Soratkal
833cdbe97d Add support for new 5 GHz channels 173 and 177
Add support for new channels 173 and 177 in the operating classes 125 to
130 as defined in draft IEEE P802.11ax/D8.0.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2021-01-22 19:18:10 +02:00
Sreeramya Soratkal
21fdb454df P2P: Fix channel selection for operating class 129
The operating class 129 includes channels with a maximum bandwidth of
160 MHz with center frequency index 50 and 114. The previous definition
of operating class 129 considered the center frequency index as actual
channels resulting in incorrect channel setup for the operating class.

Fix the definition of operating class 129 to consider channels with the
center frequency index of 50 and 114.

Also update the comment that describes the channel selection for
operating 128, 129, and 130 which mentions wpas_p2p_allow_channel()
verifies the channels while wpas_p2p_verify_channel() takes care of it.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2021-01-22 19:18:10 +02:00
Purushottam Kushwaha
959af4f576 DPP: Abort authentication if no Auth Confirm is received within a second
After sending DPP Auth Response, the Responder might not receive the
Auth Confirm either due to the Initiator not sending it or the reception
of the frame failing for some reason (e.g., Responder having already
left the negotiation channel). If this happens, following initiation
attempts would fail since the consecutive Auth Request would get
discarded since the previous authentication is still in progress.

Terminate DPP authentication on Responder, if no Auth Confirm is
received within one second of successfully sending Auth Response. This
allows the Responder to accept start of a new exchange.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-01-22 19:18:10 +02:00
hongwang.li
41fae6e0bb nl80211: Add missing WPA3-SAE auth_data in auth retry case
When wpa_supplicant sends NL80211_CMD_AUTHENTICATE to kernel, it is
possible that the cfg80211 in kernel has expired the BSS entry that
we are trying to auth with. Then cfg80211 will reject the auth cmd.
In this case, wpa_supplicant will trigger a single channel scan to
refresh cfg80211 BSS entry, and retry the auth when scan is finished.

When this case happens, wpa_supplicant makes a copy of auth params,
such as frequency, bssid, ssid, ie and so on. So when we retry auth,
the copy of these params will be used. The problem is, a param named
auth_data is missed when making the copy. The auth_data is used by
NL80211_ATTR_SAE_DATA which is a mandatory field for WPA3-SAE auth.
In WPA3-SAE case the auth retry will always fail because auth_data is
missing. This patch fixes the issue.

Signed-off-by: hongwang.li <hongwang.li@sonos.com>
2021-01-15 12:14:17 +02:00
Sunil Dutt
b6947f01a1 Android: Pass the vendor events to $(BOARD_WPA_SUPPLICANT_PRIVATE_LIB)
Android has a mechanism to extend the driver interface in vendor
specific ways. This implementation of the vendor interface is done in
$(BOARD_WPA_SUPPLICANT_PRIVATE_LIB). Extend this to allow the vendor
events to be provided to this library to facilitate the event
processing.

Introduce a new board configuration via
$(BOARD_WPA_SUPPLICANT_PRIVATE_LIB_EVENT) rather than reusing
$(BOARD_WPA_SUPPLICANT_PRIVATE_LIB) to enable this event handling in the
private library. This is to avoid compilation issues for
wpa_driver_nl80211_driver_event() with the already existing private
library implementations defined with
$(BOARD_WPA_SUPPLICANT_PRIVATE_LIB).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-12-21 23:22:56 +02:00
Purushottam Kushwaha
7b121af26a P2P: Delay P2P scan when an external scan is in progress
When an external scan is in progress on the same radio, delay the P2P
search operation based on configuration parameter p2p_search_delay. The
"search_delay" configuration done through p2p_find always takes
precedence over this delay value set due to an external scan trigger.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-12-21 23:22:51 +02:00
Purushottam Kushwaha
74818ca63f Process QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH after NL80211_CMD_ROAM
NL80211_CMD_ROAM indication is scheduled via a kernel work queue, while
QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH is a vendor event from the
driver. Thus, a race condition can exist wherein the vendor event is
received prior to the NL80211_CMD_ROAM indication.

The processing of this vendor event depends on the NL80211_CMD_ROAM
indication to update the roamed BSS/BSSID information and thus the out
of sequence processing of these events would result in not updating the
right BSS information.

This commit adds a workaround to hold the pending
QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH event for up to 100 ms in
case NL80211_CMD_ROAM is not received first.

Signed-off-by: Purushottam Kushwaha <pkushwah@codeaurora.org>
2020-12-21 22:57:42 +02:00
Vamsi Krishna
b4a41abad4 nl80211: Do not ignore disconnection event after a connection event
After a disconnect command is issued, wpa_supplicant generates a
disconnection event to self and ignores the next disconnection event
coming from the driver.  In a race condition in which the driver
generates a connected event due to roaming just before receiving the
disconnect command from userspace, wpa_supplicant processes the
connected event after processing the self-generated disconnection event
and enters WPA_COMPLETED state. The driver sends a disconnection event
after processing the disconnect command sent by wpa_supplicant but the
disconnection event is ignored by wpa_supplicant as the disconnection
event is considered to be a result of locally generated disconnect
command. Thus, wpa_supplicant continues to be in the connected
(WPA_COMPLETED) state though the driver is in disconnected state.

Fix this out-of-sync behavior between the driver and wpa_supplicant by
not ignoring the disconnection event from the driver because of the
locally generated disconnect command sent to the driver if there is a
connection event received after issuing the disconnect command to the
driver.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-12-21 15:51:32 +02:00
Sunil Dutt
73c7c2da99 Vendor feature capability to notify TWT asynchronous response support
The response for the respective TWT operations can either be synchronous
or asynchronous (wherever specified). If synchronous, the response to
this operation is obtained in the corresponding vendor command reply to
the user space. For asynchronous case, the response is obtained as an
event with the same operation type.

Drivers shall support either of these modes but not both simultaneously.
The support for asynchronous mode is advertised through the new flag
QCA_WLAN_VENDOR_FEATURE_TWT_ASYNC_SUPPORT. If the driver does not
include this flag, it shall support synchronous mode.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-12-21 13:09:30 +02:00
Sunil Dutt
a337c1d7c9 New TWT operations and attributes to TWT Setup and Nudge
Define the following additional TWT operations:
QCA_WLAN_TWT_GET_STATS, QCA_WLAN_TWT_CLEAR_STATS,
QCA_WLAN_TWT_GET_CAPABILITIES, QCA_WLAN_TWT_SETUP_READY_NOTIFY.

Also define new attributes to qca_wlan_vendor_attr_twt_setup
and qca_wlan_vendor_attr_twt_nudge.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-12-16 18:04:15 +02:00
Jouni Malinen
6ead8b897f Use bool for is_6ghz variables and functions
Replace the implicit boolean checks that used int variables with use of
a more explicit bool variable type.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-12-11 19:56:14 +02:00
Veerendranath Jakkam
7131fede34 Extend the setband support for 6 GHz and band combinations
Support possible band combinations of 2.4 GHz, 5 GHz, and 6 GHz with
QCA_WLAN_VENDOR_ATTR_SETBAND_MASK attribute. Ensure backwards
compatibility with old drivers that are using
QCA_WLAN_VENDOR_ATTR_SETBAND_VALUE attribute and supporting only 2.4 GHz
and 5 GHz bands.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-12-11 19:56:14 +02:00
Jouni Malinen
bba926350a Fix gcc-10 build with -Werror=array-bounds and dl_list_for_each()
The earlier workaround for UBSAN issues in commit 3b6b3ae581 ("Modify
dl_list_for_each() to not use unaligned access with WPA_TRACE") ended up
using a construction in which the type cast to the containing structure
was compared instead of the struct dl_list pointers. While that worked
around the UBSAN issue, it resulted in a comparison that gcc-10
interprets as being out of bounds for struct dl_list (which it obviously
is since this is to find the start of the containing structure).

Revert that workaround and instead, mark the struct dl_list used within
struct os_alloc_trace to have matching 16 octet alignment as the
containing structure. This is also restoring consistent design for
dl_list_for_each*().

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-12-04 13:59:37 +02:00
Juliusz Sosinowicz
0225301fde wolfSSL: Client cert loading API fix
Client cert loading API should check equality to SSL_SUCCESS for
success.

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2020-12-04 12:42:17 +02:00
Avraham Stern
297050b460 nl80211: Report invalid signal and noise when info is unavailable
When the driver sends a CQM RSSI threshold event, wpa_supplicant queries
the driver for the signal and noise values. However, it is possible that
by that time the station has already disconnected from the AP, so these
values are no longer valid. In this case, indicate that these values are
invalid by setting them to WPA_INVALID_NOISE.

Previously a value of 0 would be reported, which may be confusing as
this is a valid value.

Since nl80211_get_link_signal() and nl80211_get_link_noise() already set
invalid values for a case of failure, just use the value set by these
functions even if they fail.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Brian Norris <briannorris@chromium.org>
2020-12-04 12:42:15 +02:00
Thomas Pedersen
be96f4e8d2 wlantest: Allow missing RSNE in S1G beacon
S1G beacons save a few bytes by not requiring the RSNE in beacon if RSN
BSS is configured. Handle this in wlantest by only clearing RSNE from
the BSS info if frame is a Probe Response frame.

Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
2020-12-04 12:01:54 +02:00
John Crispin
d83eaa351e Add option to ignore Probe Request frames when RSSI is too low
Add a new hostapd configuration parameters rssi_ignore_probe_request to
ignore Probe Request frames received with too low RSSI.

Signed-off-by: John Crispin <john@phrozen.org>
2020-12-02 17:14:39 +02:00
David Bauer
4683b72183 DFS: Enter DFS state if no available channel is found
Previously hostapd would not stop transmitting when a DFS event was
detected and no available channel to switch to was available.

Disable and re-enable the interface to enter DFS state. This way, TX
does not happen until the kernel notifies hostapd about the NOP
expiring.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-12-02 16:49:29 +02:00
Shay Bar
eee0d242bb hostapd: Add ability to disable HT/VHT/HE per BSS
Add the ability to disable HT/VHT/HE for specific BSS from hostapd.conf.

- Add disable_11ax boolean to hostapd_bss_config.
- Change disable_11n and disable_11ac to bool in hostapd_bss_config.
- Add configuration option to set these disable_11* parameters
  (which were previously used only automatically based on incompatible
  security parameters to disable HT/VHT).

Signed-off-by: Shay Bar <shay.bar@celeno.com>
2020-12-02 13:41:18 +02:00
Markus Theil
7c2cad969a mesh: Fix DFS deinit/init
The hostapd DFS code deinitializes and initializes the AP interface, if
a clean channel switch is not possible. In this case the AP code paths
would deinit the driver, for example nl80211, without wpa_supplicant
code paths getting notice of this.

Therefore add callbacks for wpa_supplicant mesh methods, which are
called on init/deinit of the AP BSS. These callbacks are then used to
handle the reset in the mesh code.

Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-12-01 00:31:56 +02:00
Peter Oh
12ae3e3dba mesh: Inform kernel driver about DFS handler in userspace
The kernel requires indication of DFS handler residing in user space
(NL80211_ATTR_HANDLE_DFS) to enable DFS channels.

Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
2020-12-01 00:14:07 +02:00
Peter Oh
8725909789 nl80211: Do not set offchanok on DFS channels in non-ETSI for mesh
mac80211 does not allow mgmt tx to use off channel on
DFS channels in non-ETSI domain, because it will invalidate
CAC result on current operating channel.
(mac80211 commit: 34373d12f3cbb74960a73431138ef619d857996f)
Hence don't set offchanok for mgmt tx in case of DFS channels
in non-ETSI.

Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
2020-11-30 20:12:08 +02:00
Peter Oh
f1df4fbfc7 mesh: Use setup completion callback to complete mesh join
Mesh join function is the last function to be called during mesh join
process, but it's been called a bit earlier than it's supposed to be, so
that some mesh parameter values such as VHT capabilities were not
applied correct when mesh join is in process. Moreover, the current
design of mesh join that is called directly after mesh initialization
isn't suitable for DFS channels to use, since mesh join process should
be paused until DFS CAC is done and resumed after it's done.

The callback will be called by hostapd_setup_interface_complete_sync().
There is a possibility that completing mesh init fails, so add error
handling codes for that.

Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
2020-11-30 11:57:37 +02:00
Sachin Ahuja
3c9abc7858 QCA vendor attributes to configure TX and RX NSS
Define QCA vendor attributes to dynamically configure TX NSS and RX NSS
to be used with QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION and
QCA_NL80211_VENDOR_SUBCMD_GET_WIFI_CONFIGURATION commands.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-27 19:34:26 +02:00
Arun Kumar Khandavalli
5b782ff620 Add bus failure reason code to vendor indication
Add bus failure hang reason code in enum qca_wlan_vendor_hang_reason.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-23 20:37:44 +02:00
Srinivas Girigowda
90ca804e47 Add vendor attributes for TWT nudge request
TWT nudge is a combination of suspend and resume in a single request.
Add TWT nudge operation and QCA vendor attributes to support
the TWT nudge request.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-17 19:49:23 +02:00
Hai Shalom
2a7023ba6f Change list arguments to const where possible
Change struct dl_list pointer argument to const in list functions that
do not manipulate the list: dl_list_len() and dl_list_empty().

Signed-off-by: Hai Shalom <haishalom@google.com>
2020-11-16 15:50:44 +02:00
Rohan Dutta
fdf114641f nl80211: Send the sae_pwe value to the driver
Use NL80211_ATTR_SAE_PWE attribute to indicate the sae_pwe value
to the driver during the NL80211_CMD_START_AP and NL80211_CMD_CONNECT
in WPA3-Personal networks which are using SAE authentication.

Signed-off-by: Rohan Dutta <drohan@codeaurora.org>
2020-11-16 15:50:44 +02:00
Vamsi Krishna
2576f27e04 P2P: Disable P2P in the 6 GHz band for now
P2P usage in the 6 GHz band is not standardized yet by WFA. Disable P2P
operations in the 6 GHz band to avoid potential interop issues with
existing P2P devices in production. P2P operations in the 6 GHz band can
be reenabled later after defining standard ways to address potential
interop issues with existing P2P devices.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-16 13:15:28 +02:00
Sreeramya Soratkal
2ffd3bb4b6 P2P: Include p2p_6ghz_disable in global configuration
Previously, the configuration to disable the 6 GHz band remained local
to the P2P interface. With this there is a possibility of 6 GHz channels
being included in the channel list when the channel list needs to be
updated if the state changes on one of the interfaces.

Include the configuration to disable the 6 GHz band for P2P as a global
configuration value to prevent the inclusion of 6 GHz channels in the
channel list for P2P when the channel list needs to be updated during
the state change in one of the interfaces.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2020-11-16 13:15:28 +02:00
Vinita S. Maloo
60c902f408 Add connect fail reason code from the driver to assoc reject event
Add support to report a vendor specific connect fail reason code fetched
from the driver to users by adding the reason code to the event
CTRL-EVENT-ASSOC-REJECT. Fetch the connect fail reason code when the
driver sends a failure connection result and append the reason code, if
available, to assoc reject event.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-16 13:15:28 +02:00
Sunil Dutt
7423fa6e8f Vendor feature capability to support concurrent sessions on Wi-Fi bands
Introduces a vendor specific feature capability
QCA_WLAN_VENDOR_FEATURE_CONCURRENT_BAND_SESSIONS to know if the device
supports concurrent network sessions on different Wi-Fi bands. This feature
capability is attributed to the hardware's capability to support the same
(e.g., DBS).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-16 13:15:28 +02:00
Nandha Kishore Easwaran
1934ad9b23 Add extra parameters to vendor command GPIO attribute
Add extra parameters mux_config, drive, and init_enable
to the GPIO config command.

Signed-off-by: Nandha Kishore Easwaran <nandhaki@codeaurora.org>
2020-11-16 13:15:28 +02:00
Jouni Malinen
d0e0d2283e Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2020-11-11.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-11-16 13:15:21 +02:00
Vinita S. Maloo
c2c4686228 Set NLA_F_NESTED flag with NL80211_ATTR_VENDOR_DATA conditionally
The newer kernel versions enforce strict netlink attribute policy
validation and will cause cfg80211 to reject vendor commands with
NL80211_ATTR_VENDOR_DATA if NLA_F_NESTED attribute is not set but
if the vendor command is expecting nested data within
NL80211_ATTR_VENDOR_DATA attribute.

Most of the earlier instances were addressed by adding NLA_F_NESTED
flag in nla_nest_start(). This commit addresses the remaining
instance in which NL80211_ATTR_VENDOR_DATA is populated using data
set by user through the control interface.

Enhance the control interface VENDOR command to indicate whether the
vendor subcommand uses nested attributes within NL80211_ATTR_VENDOR_DATA
attribute or not.

Set NLA_F_NESTED flag for existing QCA vendor commands which use nested
attributes within the NL80211_ATTR_VENDOR_DATA attributes so that the
old frameworks implementations for already existing commands work
without any issues.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-10 23:48:00 +02:00
Srinivas Girigowda
cd3aa54a37 Add test configuration attr to enable/disable full bandwidth UL MU-MIMO
Define a QCA vendor attribute
QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_FULL_BW_UL_MU_MIMO to
enable/disable full bandwidth UL MU-MIMO subfield in the HE PHY
capabilities information field for testing purposes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-10 20:10:59 +02:00
Jouni Malinen
ec1f4f3c81 Make GTK length validation for RSN Group 1/2 easier to analyze
This extends the changes in commit c397eff828 ("Make GTK length
validation easier to analyze") to cover the RSN case as well as the WPA.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-03 21:10:01 +02:00
Jouni Malinen
c42d41bf35 EAP-IKEv2: Try to make transform parser simpler to understand
Use a local variable to try to make ikev2_parse_proposal() easier for
static analyzers to understand. Bounds checking in the loop is really
done by the ikev2_parse_transform() function, so the p->num_transforms
value itself is of no importance for that part and even that was already
implicitly limited in range.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-03 21:03:30 +02:00
Jouni Malinen
05962099c3 TDLS: Fix error path for TPK M1 send failure in testing functionality
The previous fix did not actually address this testing functionality
case correctly. Clear the peer pointer to avoid double freeing.

Fixes: a86078c876 ("TDLS: Fix error path handling for TPK M1 send failures")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-03 19:45:36 +02:00
Jouni Malinen
a9fed5f5b5 Avoid undefined behavior with memcpy PMK/PSK update
When SAE is used, the local pointer pmk may point to sm->PMK. Skip the
memcpy operation in such a case since it is not really needed and use of
overlapping memory buffers is undefined behavior for memcpy().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-02 18:46:35 +02:00
Jouni Malinen
c643c39287 nl80211: Fix filtering of unsupported bands/modes
The loop for removing unsupported bands was assuming there is always
exactly one band/mode following the removed band. That was not at all
correct, so fix this by dynamically determining how many (if any) bands
need to be moved.

Fixes: 106d67a93c ("nl80211: Filter out unsupported bands")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-02 18:38:41 +02:00
Jouni Malinen
a86078c876 TDLS: Fix error path handling for TPK M1 send failures
Local allocation error or failure to get a random number could have
resulted in the peer entry getting freed and couple of the error path
cases in callers could have tried to reference or delete the peer after
that. Fix this by tracking the errors where the peer is freed.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-02 17:26:04 +02:00
Jouni Malinen
3d490296bc DPP2: Fix error path handling in enterprise provisioning
The allocated memory pointed by the pem pointer was freed on an error
path without clearing the pointer to NULL before returning it from the
function. This could have resulted in use of freed memory in an error
case. Fix this by clearing the pointer so that the function returns NULL
properly in the case of this error.

Fixes: ace3723d98 ("DPP2: Enterprise provisioning (Enrollee)")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-02 16:52:01 +02:00
Jouni Malinen
589bf1f7a9 DPP2: Fix ppkey parsing
DPP_CONFIGURATOR_ADD processing of the new ppkey parameter had a
copy-paste error in determining the correct length of this parameter.
Fix that by referencing the correct pointer.

Fixes: 9c1fbff074 ("DPP2: Generate a privacy protection key for Configurator")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-02 16:31:02 +02:00
Veerendranath Jakkam
79e3f08d3c 6 GHz: Add support for missing 6 GHz operating classes
Add support for missing 6 GHz operating classes as defined in
IEEE P802.11ax/D7.0.

This is needed to avoid OCV failures on the 6 GHz band when the channel
width is larger than 20 MHz.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-10-30 22:52:47 +02:00
Veerendranath Jakkam
66bed14b22 6 GHz: Fix opclasses mapping in ieee80211_freq_to_channel_ext()
Previously only primary channel number used to calculate 6GHz operating
class in ieee80211_freq_to_channel_ext() and it is always giving 131
operating class. Fix this by mapping operating class using chanwidth and
sec_channel also.

This is needed to avoid OCV failures on the 6 GHz band when the channel
width is larger than 20 MHz.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-10-30 14:20:50 +02:00
Hai Shalom
5e779873ed EAP-SIM peer: Send AT_IDENTITY first
For EAP-SIM connections, reorder the order of the attributes in
EAP-Response/SIM/Start message: Send AT_IDENTITY first, then
AT_NONCE and AT_VERSION instead of AT_IDENTITY last. Even though there
is no order requirements in the RFC, some implementations expect the
order of the attributes to be exactly as described in the RFC figures.

Peer                                      Authenticator
|                                                 |
|                      +------------------------------+
|                      | Server does not have a       |
|                      | Subscriber identity available|
|                      | When starting EAP-SIM        |
|                      +------------------------------+
|                                                 |
|          EAP-Request/SIM/Start                  |
|          (AT_ANY_ID_REQ, AT_VERSION_LIST)       |
|<------------------------------------------------|
|                                                 |
|                                                 |
| EAP-Response/SIM/Start                          |
| (AT_IDENTITY, AT_NONCE_MT,                      |
|  AT_SELECTED_VERSION)                           |
|------------------------------------------------>|
|                                                 |

Signed-off-by: Hai Shalom <haishalom@google.com>
2020-10-30 13:59:49 +02:00
Pooventhiran G
0577e8e679 nl80211: Check for proper nlmsg allocation in send_and_recv_msgs_owner()
When nlmsg allocation fails, nl80211_drv_msg() returns NULL and the call
to send_and_recv_msgs_owner() from nl80211_leave_ibss() could have ended
up dereferencing a NULL pointer. Fix this by make
send_and_recv_msgs_owner() more consistent with other send_and_recv*()
cases that check msg == NULL internally.

Fixes: 12ea7dee31 ("nl80211: Use nl80211 control port for receiving EAPOL frames")
Signed-off-by: Pooventhiran G <pooventh@codeaurora.org>
2020-10-27 11:39:45 +02:00
Disha Das
02289ab537 DPP2: Explicitly check EC_KEY before dereferencing it
In theory, the EVP_PKEY_get0_EC_KEY() could fail, so verify that it
succeeds before using the pointer to get the group.

Fixes: 65e94351dc ("DPP2: Reconfig Authentication Request processing and Response generation")
Signed-off-by: Disha Das <dishad@codeaurora.org>
2020-10-27 11:33:15 +02:00
Jouni Malinen
106d67a93c nl80211: Filter out unsupported bands
If the driver indicates capability for a band that
hostapd/wpa_supplicant does not support, the struct hostapd_hw_modes
array of bands got an empty entry for that with NUM_HOSTAPD_MODES as the
mode. This resulted in various issues, e.g., with fst_hw_mode_to_band()
hitting a WPA_ASSERT(0).

Fix this by filtering out unsupported bands from the internal data
structures.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-26 22:34:07 +02:00
Sunil Dutt
8f0ed71ffe Vendor specific feature capability for Adaptive 11r
Add feature capability indication for Adaptive 11r for the drivers
to advertize support for this.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-22 23:51:34 +03:00
Arun Kumar Khandavalli
45ae6ae8e1 Add additional vendor specific hang reason codes
Add additional hang reason codes in enum qca_wlan_vendor_hang_reason to
address potential internal failure cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-22 23:47:12 +03:00
Jouni Malinen
d2190cdc65 DPP2: Update the default port number for DPP-over-TCP
IANA assigned the TCP port 8908 for DPP, so update the implementation to
match the formal assignment.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-21 00:29:38 +03:00
Jouni Malinen
5d988b4a5b Fix couple more typos
Couple of similar cases that were not included in the previous commit.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-20 00:37:01 +03:00
Jouni Malinen
183e72ae13 SAE-PK: Do not accept SAE-PK status code when no PK is configured
Make sae_status_success() more explicit by rejecting SAE-PK status code
when the AP is not configured with PK.

Fixes: 20ccf97b3d ("SAE-PK: AP functionality")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-20 00:37:01 +03:00
Andrei Otcheretianski
80662accb5 SAE: Don't use potentially uninitialized keys
If SAE_CONFIG_PK is not defined and sae->pk isn't zero (which is
possible as it is controlled by the commit message status code),
sae_derive_keys() may end up deriving PMK and KCK from an
uninitialized array. Fix that.

Fixes: 6b9e99e571 ("SAE-PK: Extend SAE functionality for AP validation")
Fixes: 20ccf97b3d ("SAE-PK: AP functionality")
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2020-10-20 00:37:01 +03:00
Pooventhiran G
e364a34c69 OpenSSL: Make openssl_debug_dump_certificate() more robust
SSL_CTX_get0_certificate() returns NULL if no certificate is installed.
While this should not be the case here due to the loop in
openssl_debug_dump_certificate_chains() proceeding only if the
SSL_CTX_set_current_cert() returns success, it is safer to make
openssl_debug_dump_certificate() explicitly check against NULL before
trying to dump details about the certificate.

Signed-off-by: Pooventhiran G <pooventh@codeaurora.org>
2020-10-19 22:57:24 +03:00
Johannes Berg
d68c0dd4d4 build: lib.rules: Add common-clean
During the build reshuffling, I missed this, so doing
'make clean' in a certain src/lib folder doesn't clean
up everything anymore. Fix that.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-16 12:51:12 +03:00
Johannes Berg
4c66894fab eap_peer: Add .gitignore with *.so
If wpa_supplicant is built with dynamic EAP methods,
the *.so files land here. Add them to .gitignore.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-16 12:34:16 +03:00
Hu Wang
13256b8cf3 P2P: Stop old listen radio work before go to WAIT_PEER_IDLE state
P2P goes to Listen state while waiting for the peer to become ready for
GO Negotiation. If old listen radio work has not been completed, P2P
fails to go to listen state. This could happen in cases where P2P Action
frame transmission reused ongoing p2p-listen radio work.

p2p0: Add radio work 'p2p-listen'@0x
P2P-FIND-STOPPED
p2p0: Starting radio work 'p2p-listen'@0x after 0.010644 second wait
P2P: Use ongoing radio work for Action frame TX
P2P: Use ongoing radio work for Action frame TX
P2P: State CONNECT -> CONNECT
P2P: State CONNECT -> WAIT_PEER_IDLE
P2P: State WAIT_PEER_IDLE -> WAIT_PEER_CONNECT
P2P: Reject start_listen since p2p_listen_work already exists
P2P: Failed to start listen mode

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-14 23:16:16 +03:00
Vamsi Krishna
cc3d6efa8b Add QCA interface for driver to report various connect fail reason codes
The connection process fails for several reasons and the status codes
defined in IEEE Std 802.11 do not cover the locally generated reason
codes. Add an attribute to QCA_NL80211_VENDOR_SUBCMD_GET_STA_INFO vendor
sub command which can be used by the driver/firmware to report various
additional reason codes for connection failures.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-14 23:06:47 +03:00
Jouni Malinen
39748963d7 build: Fix libeap_peer.a build
The install target at the beginning of src/eap_peer/Makefile was
confusing make about the build rules for libeap_peer.a and overriding of
the install target between src/eap_peer/Makefile and src/lib.rules was
breaking installation of dynamic EAP peer *.so files.

Fix this by lib.rules defining a default for the install target so that
src/*/Makefile can override that and by moving the install target for
eap_peer to the end of the Makefile.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-14 22:57:04 +03:00
Markus Theil
c3f37c35f0 DFS: Use helper functions for VHT/HE parameters
This is needed to cover the HE-specific conf->he_oper_chwidth value in
addition to conf->vht_oper_chwidth.

Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-10-14 13:05:11 +03:00
Markus Theil
a72599b319 hw_features: Better debug messages for some error cases
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-10-14 13:05:11 +03:00
Markus Theil
7f8ac02e85 HE/VHT: Fix frequency setup with HE enabled
Some places in the code base were not using the wrappers like
hostapd_set_oper_centr_freq_seg0_idx and friends. This could lead to
errors, for example when joining 80 MHz mesh networks. Fix this, by
enforcing usage of these wrappers.

wpa_supplicant_conf_ap_ht() now checks for HE capability before dealing
with VHT in order for these wrappers to work, as they first check HE
support in the config.

While doing these changes, I've noticed that the extra channel setup
code for mesh networks in wpa_supplicant/mesh.c should not be necessary
anymore and dropped it. wpa_supplicant_conf_ap_ht() should handle this
setup already.

Acked-by: John Crispin <john@phrozen.org>
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-10-14 12:44:09 +03:00
Jouni Malinen
0f07230eb9 DPP2: Add privacyProtectionKey into Configurator backup/restore
This allows the privacyProtectionKey to be transferred to a new
Configurator similarly to the way c-sign-key is transferred.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-13 23:38:47 +03:00
Jouni Malinen
a0ccc4017f DPP2: Use ppKey to decrypt E'-id on Configurator
Use the new privacy protection key to decrypt E'-id from Reconfig
Announcement frames.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-13 23:38:47 +03:00
Jouni Malinen
99d7bf2348 DPP2: Use the new privacy protection key to protect E-id on Enrollee
Use ppKey instead of C-sign-key to encrypted E-id to E'-id into Reconfig
Announcement frame on the Enrollee side.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-13 23:38:47 +03:00
Jouni Malinen
37df40845a DPP2: Copy received ppKey into wpa_supplicant network profile
Store the received privacy protection key from Connector into
wpa_supplicant network profile and indicate it through the control
interface similarly to C-sign-key.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-13 23:38:47 +03:00
Jouni Malinen
a8ee2292bd DPP2: Parse ppKey from Connector
This will be used to protect E-id in Reconfig Announcement frames.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-13 23:38:47 +03:00
Jouni Malinen
2a8c928871 DPP2: Add ppKey into Connector
This provides the new privacy protection key to the Enrollee so that
this can be used to protect E-id in Reconfig Announcement frames.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-13 23:38:47 +03:00
Jouni Malinen
9c1fbff074 DPP2: Generate a privacy protection key for Configurator
Generate a new key for Configurator. This is either generated
automatically for the specified curve or provided from external source
with the new ppkey=<val> argument similarly to the way c-sign-key was
previously generated.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-13 19:59:29 +03:00
Jouni Malinen
1d14758450 DPP: Make dpp_keygen_configurator() a static function
This was not used anywhere outside dpp.c.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-13 19:48:29 +03:00
Johannes Berg
1d0d8888af build: Make more library things common
We don't really need to duplicate more of this, so just
move the lib.rules include to the end and do more of the
stuff that's common anyway there.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-12 20:20:35 +03:00
Johannes Berg
f4b3d14e97 build: Make a common library build
Derive the library name from the directory name, and let each
library Makefile only declare the objects that are needed.

This reduces duplicate code for the ar call. While at it, also
pretty-print that call.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-12 20:20:20 +03:00
Johannes Berg
ac1447ae9d build: Rebuild libs all the time
When files change that go into a static library such as libutils.a, then
libutils.a doesn't get rebuilt from, e.g., wlantest because the
top-level Makefile just calls the library make if the library doesn't
exist yet.

Change that by making the library depend on a phony target (cannot make
it itself phony due to the pattern) so that the build will always
recurse into the library build, and check there if the library needs to
be rebuilt.

While at it, remove the (actually unnecessary) mkdir so it doesn't get
done each and every time you do 'make'.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-12 20:18:02 +03:00
Johannes Berg
154b18d950 build: Fix dependency file inclusion
The objs.mk include changes for archive files broke things
completely and none of the dependency files (*.d) ever got
included, as the expansion there ended up empty.

Clearly, my mistake, I should've tested that better. As we
don't need the %.a files in the list there use filter-out
to remove them, rather than what I had lazily wanted to do,
which was trying to read %.d files for them. The filter-out
actually works, and avoids looking up files that can never
exist in the first place.

Fixes: 87098d3324 ("build: Put archive files into build/ folder too")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-12 11:05:16 +03:00
Ze Gan
79db311e89 macsec_linux: Fix receive-lowest-PN setting
Setting of the PN for the receive SA failed because the SCI wasn't
provided. Fix this by adding the needed attribute to the command.

Signed-off-by: Ze Gan <ganze718@gmail.com>
2020-10-11 20:35:35 +03:00
Johannes Berg
283eee8eed gitignore: Clean up a bit
Now that we no longer leave build artifacts outside the build folder, we
can clean up the gitignore a bit. Also move more things to per-folder
files that we mostly had already anyway.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-11 19:32:50 +03:00
Johannes Berg
87098d3324 build: Put archive files into build/ folder too
This is something I hadn't previously done, but there are
cases where it's needed, e.g., building 'wlantest' and then
one of the tests/fuzzing/*/ projects, they use a different
configuration (fuzzing vs. not fuzzing).

Perhaps more importantly, this gets rid of the last thing
that was dumped into the source directories, apart from
the binaries themselves.

Note that due to the use of thin archives, this required
building with absolute paths.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-11 11:16:00 +03:00
Johannes Berg
00b5e99b65 build: Use the new build system for fuzz tests
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-11 11:15:16 +03:00
Juliusz Sosinowicz
a49f628845 wolfSSL: Fix wrong types in tls_wolfssl.c
wolfSSL_X509_get_ext_d2i() returns STACK_OF(GENERAL_NAME)* for
ALT_NAMES_OID therefore wolfSSL_sk_value needs to expect a
WOLFSSL_GENERAL_NAME*.

In addition, explicitly check for NULL return from wolfSSL_sk_value().

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2020-10-11 10:56:47 +03:00
Thomas Pedersen
52a1b28345 nl80211: Unbreak mode processing due to presence of S1G band
If kernel advertises a band with channels < 2.4 GHz
hostapd/wpa_supplicant gets confused and assumes this is an IEEE
802.11b, corrupting the real IEEE 802.11b band info.

Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
2020-10-10 20:49:59 +03:00
Johannes Berg
ce963433bd build: Allow overriding BUILDDIR from command line
You can now specify BUILDDIR= on the make command line,
e.g., in order to put that into a tmpfs or similar.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-10 13:06:53 +03:00
Johannes Berg
6acda53222 build: Add .config file to dependencies
If the .config file changes, basically everything needs to be
rebuilt since we don't try to detect which symbols changed or
such. Now that the .config file handling is in the common
build system, make everything depend on it if there's one.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-10 12:52:58 +03:00
Johannes Berg
722138cd25 build: Put object files into build/ folder
Instead of building in the source tree, put most object
files into the build/ folder at the root, and put each
thing that's being built into a separate folder.

This then allows us to build hostapd and wpa_supplicant
(or other combinations) without "make clean" inbetween.

For the tests keep the objects in place for now (and to
do that, add the build rule) so that we don't have to
rewrite all of that with $(call BUILDOBJS,...) which is
just noise there.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-10 12:51:39 +03:00
Johannes Berg
0464d5d5d6 build: Move config file handling into build.rules
This will make it easier to split out the handling in
a proper way, and handle common cflags/dependencies.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-10 12:49:31 +03:00
Johannes Berg
0430bc8267 build: Add a common-clean target
Clean up in a more common fashion as well, initially for ../src/.

Also add $(Q) to the clean target in src/

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-10 12:48:41 +03:00
Johannes Berg
06a6adb54e build: Use build.rules in lib.rules
Use the new build.rules in lib.rules and also unify the
clean targets to lib.rules.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-10 12:47:41 +03:00
Johannes Berg
3ff115db6f build: Disable built-in rules
This makes things faster and easier to debug.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-10 12:47:41 +03:00
Johannes Berg
a41a29192e build: Pull common fragments into a build.rules file
Some things are used by most of the binaries, pull them
into a common rule fragment that we can use properly.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-10 12:47:29 +03:00
Thomas Pedersen
a28d127b1a AP: Reflect status code in SAE reflection attack test
When testing SAE reflection, the incoming commit may have the H2E status
code (126) or SAE-PK (127), but the test code in the AP was always
sending back status code 0. The STA would then reject the commit
response due to expecting H2E/SAE-PK status code.

Just reflect the incoming status code so the commit can be rejected
based on the SAE contents regardless of which variant of SAE was used.

Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
2020-10-09 16:50:36 +03:00
Roy Marples
8776551bf8 BSD: don't log SIOCG80211 errors during interface setup
Unless debugging.
wpa_supplicant will log it failed to initialized the driver for the
interface anyway so this just silences some noise for users.

Signed-off-by: Roy Marples <roy@marples.name>
2020-10-09 16:50:36 +03:00
Matthew Wang
922fa09972 Global parser functions to return 1 when property unchanged
Currently, wpa_config_set(), the function that sets wpa_supplicant
per-network properties, returns 1 when a property it attempts to set is
unchanged. Its global parallel, wpa_config_process_global(), doesn't do
this even though much of the code is very similar. Change this, and
several of the parser functions, to resemble the per-network parser and
setter functions.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2020-10-09 16:50:36 +03:00
Beniamino Galvani
1c58317f56 D-Bus: Allow changing an interface bridge via D-Bus
D-Bus clients can call CreateInterface() once and use the resulting
Interface object to connect multiple times to different networks.

However, if the network interface gets added to a bridge, clients
currently have to remove the Interface object and create a new one.

Improve this by supporting the change of the BridgeIfname property of
an existing Interface object.

Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
2020-10-09 15:18:10 +03:00
Veerendranath Jakkam
debf3e2165 OCV: Work around for misbehaving STAs that indicate OCVC=1 without OCI
Some legacy stations copy previously reserved RSN capability bits,
including OCVC, in (Re)Association Request frames from the AP's RSNE but
do not indicate MFP capability and/or do not send OCI in RSN handshakes.
This is causing connection failures with such erroneous STAs.

To improve interoperability with such legacy STAs allow a workaround OCV
mode to be enabled to ignore OCVC=1 from the STA if it does not follow
OCV requirements in the first protected exchange. This covers cases
where a STA claims to have OCV capability, but it does not negotiate use
of management frame protection or does not include OCI in EAPOL Key msg
2/4, FT Reassociation Request frame, or FILS (Re)Association Reqest.

The previous behavior with ocv=1 is maintained, i.e., misbehaving STAs
are not allowed to connect. When the new workaround mode is enabled with
ocv=2, the AP considers STA as OCV capable on below criteria
- STA indicates both OCV and MFP capability
- STA sends OCI during connection attempt in a protected frame

Enabling this workaround mode reduced OCV protection to some extend
since it allows misbehavior to go through. As such, this should be
enabled only if interoperability with misbehaving STAs is needed.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-10-08 18:46:38 +03:00
Shaakir Mohamed
d48a3a6768 FT: Modify status code in FT Reassoc frame for invalid OCI channel info
Modify status code in FT Reassociation Response frame from
WLAN_STATUS_UNSPECIFIED_FAILURE to WLAN_STATUS_INVALID_FTE when replying
to an invalid OCI channel info (subelement of FTE) in FT Reassociation
Request frame.

Signed-off-by: Shaakir Mohamed <smohamed@codeaurora.org>
2020-10-08 00:20:10 +03:00
Andrew Beltrano
980c4da413 DPP2: Presence Announcement notification in AP
Generate a control interface event upon receipt of DPP Presence
Announcement frames. This allows external programs to instrument hostapd
with bootstrapping information on-demand.

Signed-off-by: Andrew Beltrano <anbeltra@microsoft.com>
2020-10-07 21:20:18 +03:00
Andrew Beltrano
8b667bfa14 DPP2: Presence Announcement notification
Define a control event with bootstrap id, frame source, frequency, and
chirp hash for receipt of Presence Announcement (chirp) frames.

Signed-off-by: Andrew Beltrano <anbeltra@microsoft.com>
2020-10-07 21:13:37 +03:00
Andrew Beltrano
cf3d260c39 DPP2: Fix hostapd crash setting global configurator params on chirp RX
When a Presence Announcement frame is received, a check is done to
ensure an ongoing auth is not in progress (!hapd->dpp_auth). A new DPP
auth is then initialized, however, when setting global configurator
params for it, the hapd->dpp_auth pointer is used which was earlier
confirmed as NULL, causing a crash in dpp_set_configurator params when
the pointer is dereferenced.

This only occurs when there are global DPP configurator params to be set
and the peer has no overriding configurator params. If no global DPP
configurator params exist, the call to dpp_set_configurator exits early
and the problem is not observed.

Fix by using the newly init'ed DPP auth structure for setting global
DPP configurator params.

Signed-off-by: Andrew Beltrano <anbeltra@microsoft.com>
2020-10-07 20:57:36 +03:00
Jouni Malinen
88d3f43bd3 DPP2: Replace OneAsymmetricKey version number (v2 to v1)
DPP tech spec was modified to use v1(0) instead of v2(1) for the
OneAsymmetricKey in the Configurator backup structure to match the
description in RFC 5958 Section 2 which indicates v2 to be used when any
items tagged as version 2 are included. No such items are actually
included in this case, so v1 should be used instead.

Change OneAsymmetricKey generation to use v1(0) instead of v2(1) and
parsing to accept either version to be used. This is not backwards
compatible with the earlier implementation which requires v2(1) when
parsing the received value.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-07 01:04:48 +03:00
Disha Das
5c6c0d569a DPP: Fix GAS fragmentation for DPP Config Response from hostapd
The Query Response Length field was missing from GAS Initial Response
and GAS Comeback Response frames in the DPP specific code path from
hostaps GAS server. This resulted in invalid frames being used when the
DPP Config Response needed fragmentation. Fix this by adding the Query
Response Length fields into these frames.

Signed-off-by: Disha Das <dishad@codeaurora.org>
2020-10-06 23:34:41 +03:00
Disha Das
a7f55f7f68 WPS: Enable SA Query checks for WPS AP
Initiate SA Query for a WPS+MFP AP. STA flag checks for MFP added for
Association Request frames that use WPS IE without RSNE. This is needed
to avoid giving an opportunity to skip the protection against
disconnections when WPS is enabled.

Signed-off-by: Disha Das <dishad@codeaurora.org>
2020-10-06 22:44:43 +03:00
Jouni Malinen
ac882374a5 SAE: Fix error path handling for SSWU
crypto_bignum_init_set() might fail in case of memory allocation
failures. These two cases within sswu() did not handle that properly,
i.e., a memory allocation failure could have resulted in dereferencing a
NULL pointer. Check the return value before proceeding to fix this.

Fixes: aeb022f8e5 ("SAE: Implement hash-to-element PT/PWE crypto routines")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-01 09:35:58 +03:00
Sunil Dutt
fa63284af5 Add additional roam triggers to qca_vendor_roam_triggers
Introduce QCA_ATTR_ROAM_CONTROL_SCAN_SCHEME_TRIGGERS that represents the
triggers for which the scan scheme from enum qca_roam_scan_scheme has to
be applied.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-09-30 09:47:11 +03:00
Rajasekaran Kalidoss
13feeaa104 Add a new status code to represent an already suspended TWT session
The firmware sends a new status code to indicate an already suspended
TWT session. Update the status code enum to represent this state.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-09-23 23:14:53 +03:00
Veerendranath Jakkam
8175c2654b Add test configuration attr to start/stop transmitting FD frames
Define QCA vendor attribute
QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_FILS_DISCOVERY_FRAMES_TX to
dynamically start/stop transmitting FILS discovery frames.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-09-23 23:12:58 +03:00
Jouni Malinen
cab139ebc2 Fix a typo in a comment
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-09-22 23:31:20 +03:00
Karthikeyan Kathirvel
7e20502f7a hostapd: Resolved compiler uninitialized warning
Resolved the below warning
../src/ap/ieee802_11.c:4535:25: warning: 'reply_res' may be used
uninitialized in this function [-Wmaybe-uninitialized]
  if (sta && ((reply_res != WLAN_STATUS_SUCCESS &&
		                           ^
Since reply_res is been assigned inside an if condition and so
compiler treats reply_res as uninitalized variable

Initialize reply_res with WLAN_STATUS_UNSPECIFIED_FAILURE.

Fixes: 5344af7d22 ("FT: Discard ReassocReq with mismatching RSNXE Used value")
Signed-off-by: Karthikeyan Kathirvel <kathirve@codeaurora.org>
2020-09-22 23:29:18 +03:00
Rohan
e3ba0c4cd2 Do not start SA Query procedure without keys
The AP mode condition for initiating the SA Query procedure when
receiving a new (Re)Association Request frame used only association
state and MFP negotiation result without checking that the key exchange
has been completed. This can give rise to a corner case where the SA
Query procedure may get started after open association but before the
4-way handshake has been completed, resulting in open SA query frames
over the air.

Fix this by adding station authorized check in hostapd_notif_assoc() and
check_assoc_ies().

Signed-off-by: Rohan <drohan@codeaurora.org>
2020-09-22 23:11:30 +03:00
Kiran Kumar Lokere
a92660a00e Work around Supported Operating Classes element issues for 6 GHz
IEEE Std 802.11 specifies that the Operating Classes field terminates
immediately before the OneHundredAndThirty Delimiter (i.e., an octet
with value 130). Move the operating class value 130 last in the global
op_class array so that it gets added as the last entry into the
Supported Operating Clases element and the 6 GHz operating class is
parsed in that element by implementation that stop at the assumed
OneHundredAndThirty Delimiter.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-09-22 23:05:13 +03:00
Sunil Dutt
fd4a58ccdc Additional attributes to QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_CONTROL
Add additional attributes to enum qca_vendor_attr_roam_control to
control the roam behavior through QCA_NL80211_VENDOR_SUBCMD_ROAM and
QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_CONTROL.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-09-22 22:53:26 +03:00
Hu Wang
8a6a2894d1 Add new QCA vendor attributes to get thermal level
Add new QCA vendor attributes to get thermal level from the driver. The
driver may return thermal level when userpace requests, or send a
thermal event when thermal level changes.

Signed-off-by: Hu Wang <huw@codeaurora.org>
2020-09-18 20:40:57 +03:00
Shaakir Mohamed
41f8189057 SAE-PK: Add support to skip sae_pk password check for testing purposes
Add support to skip sae_pk password check under compile flag
CONFIG_TESTING_OPTIONS which allows AP to be configured with
sae_pk enabled but a password that is invalid for sae_pk.

Signed-off-by: Shaakir Mohamed <smohamed@codeaurora.org>
2020-09-11 15:45:42 +03:00
Veerendranath Jakkam
a71b100c3b OCV: Allow connecting MFP incapable OCV STA when OCV is disabled in AP
Skip check to mandate MFP capability for OCV enabled STA when OCV is
disabled in AP. This is to improve interoperability with STAs in which
OCV capability is advertised incorrectly without advertising MFP when
OCV is disabled in AP.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-09-11 15:26:31 +03:00
Veerendranath Jakkam
5ecb45a41c OCV: Use more granular error codes for OCI validation failures
Enhance the return values of ocv_verify_tx_params with enum to indicate
different OCI verification failures to caller.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-09-11 15:23:28 +03:00
Jouni Malinen
10c3e58b27 DPP2: Include E-nonce in reconfig ke derivation
This was changed in the protocol design to include nonce from both
devices, so update implementation to match.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-09-09 23:33:58 +03:00
Jouni Malinen
4ae5e459dd DPP2: Move E-nonce to be outside wrapped data in Reconfig Auth Resp
This was changed in the protocol design to allow ke derivation to use
E-nonce, so update implementation to match.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-09-09 23:33:47 +03:00
Jouni Malinen
0ebf5aa346 DPP2: Replace I/R-nonce with C/E-nonce in reconfiguration
These nonces were renamed/replaced in the protocol design, so update
implementation to match.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-09-09 23:24:00 +03:00
Srinivas Pitla
99f8506d30 Add QCA_NL80211_VENDOR_SUBCMD_MBSSID_TX_VDEV_STATUS
This change adds QCA_NL80211_VENDOR_SUBCMD_MBSSID_TX_VDEV_STATUS,
and enum for qca_wlan_vendor_attr_mbssid_tx_vdev_status to notify
Tx VDEV status.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-09-08 19:48:49 +03:00