Commit graph

17441 commits

Author SHA1 Message Date
Kees Cook
f332f69513 wpa_supplicant: Try all drivers by default
Some distros carry patches to specify driver fallback, but only in
specific conditions (e.g. the systemd service definition[1]). This leaves
other wpa_supplicant instances needing to define fallback themselves,
which leads to places where wpa_supplicant thinks it can't find a
driver[2]. Instead, when -D is not specified, have wpa_supplicant try
all the drivers it was built with in an attempt to find a working one
instead of just giving up if the first doesn't work.

[1] https://salsa.debian.org/debian/wpa/-/blob/debian/unstable/debian/patches/networkd-driver-fallback.patch
[2] https://bugs.launchpad.net/netplan/+bug/1814012

Signed-off-by: Kees Cook <kees@ubuntu.com>
2021-10-15 23:33:11 +03:00
Veerendranath Jakkam
4775a5f827 Add support to reconfigure or flush PMKSA cache on interface enable
Update PMKSA cache when interface is disabled and then enabled based on
the new MAC address. If the new MAC address is same as the previous MAC
address, the PMKSA cache entries are valid and hence update the PMKSA
cache entries to the driver. If the new MAC address is not same as the
previous MAC address, the PMKSA cache entries will not be valid anymore
and hence delete the PMKSA cache entries.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2021-10-15 19:23:14 +03:00
Veerendranath Jakkam
6f634b0032 PMKSA: Make sure reauth time is not greater than expiration time
While creating a cloned PMKSA entry for OKC both expiration and
reauth_time values are set to maximum values, but later only the
expiration time is copied from the old PMKSA entry to the new PMKSA
entry. Due to this there is a possibility of reauth_time becoming
greater than expiration time in some cloned entries. To avoid this copy
reauth_time also to the cloned entry.

Also, add check to reject control interface commands with reauth time
greater than expiration time.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2021-10-15 19:16:37 +03:00
Jouni Malinen
2fdd40ae2d tests: AP configuration attempt using wps_config when WPS is disabled
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-10-14 16:38:40 +03:00
Masashi Honma
973f3e244f Fix hostapd segfault on WPS_CONFIG control interface command to non-WPS AP
Execution of "hostapd_cli wps_config" to non-WPS AP causes segmentation
fault in hostapd.

$ hostapd_cli wps_config test WPA2PSK CCMP 12341234

wlp11s0: interface state UNINITIALIZED->COUNTRY_UPDATE
wlp11s0: interface state COUNTRY_UPDATE->ENABLED
wlp11s0: AP-ENABLED
WPA_TRACE: eloop SIGSEGV - START
[1]: ./git/hostap/hostapd/hostapd(+0x6c196) [0x55b270245196]
     eloop_sigsegv_handler() ../src/utils/eloop.c:123
[2]: /lib/x86_64-linux-gnu/libc.so.6(+0x46210) [0x7f87574a7210]
[3]: ./git/hostap/hostapd/hostapd(hostapd_wps_config_ap+0x1a9) [0x55b2702ce349]
     hostapd_wps_config_ap() ../src/ap/wps_hostapd.c:1970
[4]: ./git/hostap/hostapd/hostapd(+0x90a9f) [0x55b270269a9f]
     hostapd_ctrl_iface_receive_process() ctrl_iface.c:3606
[5]: ./git/hostap/hostapd/hostapd(+0x94069) [0x55b27026d069]
     hostapd_ctrl_iface_receive() ctrl_iface.c:4093
[6]: ./git/hostap/hostapd/hostapd(+0x6c6d3) [0x55b2702456d3]
     eloop_sock_table_dispatch() ../src/utils/eloop.c:606
[7]: ./git/hostap/hostapd/hostapd(eloop_run+0x251) [0x55b2702461c1]
     eloop_sock_table_dispatch() ../src/utils/eloop.c:597
     eloop_run() ../src/utils/eloop.c:1229
[8]: ./git/hostap/hostapd/hostapd(main+0xd53) [0x55b270205773]
     hostapd_global_run() main.c:447
     main() main.c:892
[9]: /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf3) [0x7f87574880b3]
[10]: ./git/hostap/hostapd/hostapd(_start+0x2e) [0x55b2702058fe]
     _start() (null):0
WPA_TRACE: eloop SIGSEGV - END
Aborted

Reported-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2021-10-14 16:37:49 +03:00
Jouni Malinen
22828b6dba wlantest: Fix PMK length and passphrase-based key derivation for FT
The change to support variable length PMK in wlantest missed couple of
places where the PMK length did not get used or set properly. In
particular, this ended up breaking FT key derivation for the case where
a passphrase was used to derive a potential per-BSS PMK. Fix this by
setting and using the PMK length properly.

Fixes: 6c29d95a90 ("wlantest: Support variable length PMK")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-10-14 16:28:02 +03:00
Gaurav Sharma
9ef8491d97 Add TWT attribute to configure TWT related parameters
Add QCA_WLAN_TWT_SET_PARAM TWT attribute to configure TWT related
parameters.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-10-11 22:46:02 +03:00
Arowa Suliman
321dc403e1 Replace "dummy" with "stub" in crypto/random
Replace the word "dummy" with the inclusive word "stub".

Signed-off-by: Arowa Suliman <arowa@chromium.org>
2021-10-11 20:57:06 +03:00
Arowa Suliman
95e140e20f Replace "dummy" with "stub" in NDIS driver interface
Replace the word "dummy" with the inclusive word "stub".

Signed-off-by: Arowa Suliman <arowa@chromium.org>
2021-10-11 20:56:56 +03:00
Arowa Suliman
c53fa92251 Replace "dummy" with "stub" in EAP-TEAP testing
Replace the word "dummy" with the inclusive word "stub".

Signed-off-by: Arowa Suliman <arowa@chromium.org>
2021-10-11 20:56:54 +03:00
Arowa Suliman
c025504487 Replace "dummy" with "stub" in VLAN testing ifname
Replace the word "dummy" with the inclusive word "stub".

Signed-off-by: Arowa Suliman <arowa@chromium.org>
2021-10-11 20:56:28 +03:00
Arowa Suliman
e2c31050b4 Replace "dummy" with "stub" in WPS testing
Replace the word "dummy" with the inclusive word "stub".

Signed-off-by: Arowa Suliman <arowa@chromium.org>
2021-10-11 20:53:24 +03:00
Arowa Suliman
7b365376fd Replace "dummy" with "stub" in wlantest injection
Replace the word "dummy" with the inclusive word "stub".

Signed-off-by: Arowa Suliman <arowa@chromium.org>
2021-10-11 20:53:11 +03:00
Arowa Suliman
575dc1f3b2 Replace "dummy" with "stub" in preauth_test
Replace the word "dummy" with the inclusive word "stub".

Signed-off-by: Arowa Suliman <arowa@chromium.org>
2021-10-11 20:53:03 +03:00
Arowa Suliman
ed5e1b7223 Replace "dummy" with "stub" in comments/documentation
Replace the word "dummy" with the inclusive word "stub".

Signed-off-by: Arowa Suliman <arowa@chromium.org>
2021-10-11 20:52:50 +03:00
Arowa Suliman
3955d2af73 Replace "dummy" with "stub" in wps_testing_dummy_cred
Replace the word "dummy" with the inclusive word "stub".

Signed-off-by: Arowa Suliman <arowa@chromium.org>
2021-10-11 20:52:21 +03:00
Arowa Suliman
77dd712432 Replace "dummy" with "stub" in Authenticator group keys
Replace the word "dummy" with the inclusive word "stub".

Signed-off-by: Arowa Suliman <arowa@chromium.org>
2021-10-11 20:52:06 +03:00
Arowa Suliman
fb1bae2a71 Replace "dummy" with "stub" in SAE
Replace the word "dummy" with the inclusive word "stub".

Signed-off-by: Arowa Suliman <arowa@chromium.org>
2021-10-11 20:51:44 +03:00
Arowa Suliman
e69ea242af hostap: Remove unused driver enum values with "master" in them
Get rid of some more used of the word "master".

Signed-off-by: Arowa Suliman <arowa@chromium.org>
2021-10-11 20:33:50 +03:00
Arowa Suliman
7b50f2f04c Replace "sanity" with "validity"
Replaced the word "sanity" with the inclusive word "validity". The
comment in acs_survey_interference_factor() was referring a function
that does not exist, so remove it instead of trying rename the function.

Signed-off-by: Arowa Suliman <arowa@chromium.org>
2021-10-11 20:25:21 +03:00
Sreeramya Soratkal
891bb1305b P2P: Enforce SAE-H2E for P2P GO in 6 GHz
Allow sae_pwe parameter to be configured per-network and enforce the
SAE hash-to-element mechanism for the P2P GO if it is started on
a 6 GHz channel.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2021-10-08 00:10:44 +03:00
Veerendranath Jakkam
afcadbbf4e wpa_cli: Add support for SCS, MSCS, and DSCP commands
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2021-10-07 23:46:28 +03:00
Hu Wang
bcaa1ea084 HE: Disable HE in hostapd_set_freq_params() if driver does not support
Existing logic to disable HE in hostapd_set_freq_params() is to check
he_cap != NULL, but this is not correct as he_cap is defined as a stack
member of hostapd_hw_modes which can't be NULL. Add one more check
!he_cap->he_supported to make sure HE can be disabled if the driver not
support it.

This fixes a case where a driver does not support HE, but hostapd.conf
enables HE/HT40 on the 2.4 GHz band and hostapd failed to start with
error '40 MHz channel width is not supported in 2.4 GHz'.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-10-07 23:43:16 +03:00
Shiva Krishna Pittala
fe1d743a13 Add QCA vendor attributes to indicate 320 MHz spectral scan capabilities
Add a QCA vendor attribute to indicate agile spectral scan support for
320 MHz mode. Add another attribute to indicate the number of detectors
used for spectral scan in 320 MHz mode.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-10-07 23:40:24 +03:00
Vinay Gannevaram
2b3e64a0fb Update ciphers to address GTK renewal failures while roaming
After roaming from WPA2-AP (group=CCMP) to WPA-AP (group=TKIP) using
driver-based SME and roaming trigger, GTK renewal failures are observed
for the currently associated WPA-AP because of group cipher mismatch,
resulting in deauthentication with the AP.

Update the group cipher and pairwise cipher values in wpa_sm from
association event received from the driver in case of SME offload to the
driver to address GTK renewal failures (and similar issues) that could
happen when the driver/firmware roams between APs with different
security profiles.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-10-06 21:13:19 +03:00
Jouni Malinen
19307ef69a tests: WPA2/WPA-PSK cfg80211 connect command to trigger roam
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-10-06 20:56:24 +03:00
Sunil Dutt
9cf4bb0ef0 Vendor command to configure/trigger the roam events
Introduce a new vendor command QCA_NL80211_VENDOR_SUBCMD_ROAM_EVENTS
that aims to configure/trigger the roam events from the driver.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-10-05 16:06:04 +03:00
Gaurav Sharma
dd3a2960aa Add TWT vendor attribute to configure announce timeout value
Add QCA_WLAN_VENDOR_ATTR_TWT_SETUP_ANNOUNCE_TIMEOUT attribute to
configure announce timeout value for announce TWT session.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-10-04 23:53:06 +03:00
Jouni Malinen
afa0b9b6c5 P2P: Make p2p_check_pref_chan_no_recv() easier for static analyzers
Add an explicit check for msg->channel_list != NULL instead of depending
on msg->channel_list_len > 0 implying that. This is to silence invalid
static analyzer reports.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-09-30 18:27:37 +03:00
Jouni Malinen
857c4dfa83 Make get_mode() easier for static analyzers
Add an explicit check for modes != NULL instead of depending on
num_modes > 0 implying that. This is to silence invalid static analyzer
reports.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-09-30 18:23:26 +03:00
Jouni Malinen
9e46b31273 tests: wpa_supplicant AP mode and vendor elements
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-09-30 18:20:49 +03:00
Chaoli Zhou
9651deba52 Support vendor element configuration for AP mode from wpa_supplicant
Support adding/deleting vendor elements dynamically for AP mode while it
is started by wpa_supplicant instead of hostapd which already supported
this. This adds ap_assocresp_elements global parameter and UPDATE_BEACON
control interface command to take the changed values into effect.

Usage in wpa_cli:
Add vendor IE for (Re)Association Response frames
> set ap_assocresp_elements=xxxx
Add vendor IE for Beacon/Probe Response frames
> set ap_vendor_elements=xxxx

Delete vendor IE from (Re)Association Response frames
> set ap_assocresp_elements
Delete vendor IE from Beacon/Probe Response frames
> set ap_vendor_elements

To make vendor IE changes take effect
> update_beacon

Signed-off-by: Chaoli Zhou <zchaoli@codeaurora.org>
2021-09-30 18:16:11 +03:00
Jouni Malinen
7dc0e9cf47 tests: Extend DSCP testing coverage
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-09-30 17:53:43 +03:00
Shivani Baranwal
2b4b1742ea tests: DSCP policy
Signed-off-by: Shivani Baranwal <shivbara@codeaurora.org>
2021-09-30 16:56:58 +03:00
Veerendranath Jakkam
d144b7f34c DSCP: Add support to send DSCP Policy Query frame
Add support to send DSCP Policy Query frame using a new control
interface command DSCP_QUERY. This includes support for a wildcard DSCP
query and a DSCP query with a single Domain Name attribute.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2021-09-30 16:56:56 +03:00
Veerendranath Jakkam
c903257fb1 DSCP: Parse WFA Capabilities element in (Re)Association Response frame
Add support to parse WFA Capabilities element from the (Re)Association
Response frame. Also register a timeout for the station to wait before
sending a new DSCP query if requested by AP.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2021-09-29 17:18:48 +03:00
Veerendranath Jakkam
a4aae9f9b8 DSCP: Indicate DSCP Policy support in (Re)Association Request frame
Indicate DSCP Policy capability by including a WFA Capabilities element
containing the relevant bit set to 1 in the (Re)Association Request
frames when enabled by user.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2021-09-29 17:09:01 +03:00
Veerendranath Jakkam
d57456c1ff DSCP: Allow DSCP Policy Response Action frame to be sent
Add support to prepare and send DSCP response action frame to the
connected AP in response to a new control interface command DSCP_RESP.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2021-09-29 17:01:34 +03:00
Veerendranath Jakkam
2033e318e6 DSCP: Parsing and processing of DSCP Policy Request frames
Add support to parse received DSCP Policy Request frames and send the
request details as control interface events.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2021-09-29 00:20:42 +03:00
Veerendranath Jakkam
fe2a44485e DSCP: DSCP policy capability configuration
The DSCP policy capability is disabled by default. The user frameworks
which have support for handling DSCP policy request messages need to
enable this capability explicitly to allow wpa_supplicant to advertise
the capability to the AP and allow the related frames to be processed.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2021-09-28 11:07:21 +03:00
Jouni Malinen
8471d940e3 Move pmf_in_use() into a more generic file
This function is not specific to GAS, so make it available throughout
wpa_supplicant without requiring CONFIG_GAS.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-09-28 11:07:21 +03:00
Hu Wang
41ec97cd09 HE: Use a random BSS Color if not defined in the config file
Commit 0cb39f4fd5 ("HE: Extend BSS color support") sets the BSS Color
default value to 1 as "Interoperability testing showed that stations
will require a BSS color to be set even if the feature is disabled."

A new interop issue was observed with hardcoded BSS color value of 1:
- REF device using one interface (e.g., wlan0) to connect to an HE
  AP, whose BSS color is enabled and value is 1.
- REF device using another interface (e.g., p2p0) to connect to a
  P2P GO using BSS color default settings.
  (i.e., BSS color disabled and value is 1).
- REF device checks both AP's and P2P GO's BSS Color values even though
  GO's BSS color is disabled. This causes collision of the BSS
  color somehow causing RX problems.

For DUT as a P2P GO, its firmware uses default BSS color value 1 from
wpa_supplicant, then triggers a timer (e.g., 120 s) to update its BSS
color values based on its neighboring BSSes. To reduce the likelihood of
BSS color collision with REF device before that, use a random BSS Color
if not defined in the config file.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-09-28 11:04:08 +03:00
Sunil Dutt
1518638b70 QCA vendor command to configure the parameters for monitor mode
This new vendor command aims to indicate the driver to enable the
monitor mode for an interface on which this command is issued. Once
enabled, the frames (both TX and RX) on this interface are sent to an
active coexisting monitor interface.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-09-24 18:30:55 +03:00
Vikram Kandukuri
8f7b2c898d Add attributes to support MBSSID multi groups notifications
Add new attributes for supporting MBSSID multi groups notifications
to qca_wlan_vendor_attr_mbssid_tx_vdev_status
(QCA_NL80211_VENDOR_SUBCMD_MBSSID_TX_VDEV_STATUS).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-09-20 12:03:42 +03:00
Aleti Nageshwar Reddy
a75fdcdcd1 Extend the roam reason codes in QCA vendor attribute
Add new reason codes to the existing enum qca_roam_reason.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-09-09 18:43:53 +03:00
Aleti Nageshwar Reddy
9ff0c8af5c Correct the documentation in enum qca_roam_reason
QCA_ROAM_REASON_USER_TRIGGER was wrongly documented as
QCA_ROAM_REASON_EXPLICIT_REQUEST, so correct it.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-09-09 18:38:56 +03:00
Hu Wang
ce267f4da9 P2P: DFS offload for the autonomous GO
Enhance the P2P_GROUP_ADD command to support DFS channel with 80 and 160
MHz bandwidth to be used for autonomous GO when using offloaded DFS.

For example, 'P2P_GROUP_ADD freq=5500 max_oper_chwidth=80 ht40 vht'

- Previous behavior: AP fallback to channel 100 using 20 MHz with
  "No VHT higher bandwidth support for the selected channel 100"
- Enhanced behavior: AP starts on channel 100 using 80 MHz with
  "VHT center channel 106 for 80 or 80+80 MHz bandwidth"

This functionality is on top of the driver's capability to offload DFS,
which is advertized through WPA_DRIVER_FLAGS_DFS_OFFLOAD.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-09-07 17:40:25 +03:00
Vamsi Krishna
6ba665c5c3 Reserve QCA vendor sub command id 201
This is reserved for QCA use.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-09-03 21:46:15 +03:00
Aleti Nageshwar Reddy
51d73d9914 Add QCA vendor interface to configure background scan parameters
Add QCA vendor interface support for configuring background scan related
parameters to the driver/firmware.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-09-03 16:36:30 +03:00
Ben Wang
61c0757618 EDMG: Validate pri channel lookup result before using it
At least in theory, hw_get_channel_freq() could return NULL, so add
error handling for that.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-09-02 18:45:09 +03:00