Introduce a new attribute to configure access category
override for UDP frames of BE/BK category. Unlike, the
earlier attribute QCA_WLAN_VENDOR_ATTR_CONFIG_UDP_QOS_UPGRADE
which will override for all UDP frames, this attribute is
for overriding only for BE/BK based UDP frames.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Use a full list of AKM suite selectors that can use SAE authentication
when checking for authentication trigger from the driver.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This allows the P2P client to fast associate if the GO is already in the
scan cache without doing a full scan.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
AKM suite selector check was initially implemented with incorrect byte
swapping of the value from the driver (nl80211). Fix this and leave a
workaround option for any potentially deployed device where the driver
might be using the swapped byte order.
Fixes: 5ff39c1380 ("SAE: Support external authentication offload for driver-SME cases")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Figure out the correct hash algorithm based on which MIC field length
assumption results in successful parsing. This is needed since the key
length is not yet known at this point on the AP when using the new
FT-SAE-EXT-KEY AKM.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Provide AKM, key length, and information about needed subelements to the
parser function so that the variable length MIC field cases can be
recognized for FT-SAE-EXT-KEY. Knowledge about R0KH-ID/R1KH-ID being
needed is required to be able to iterate over possible MIC field lengths
for the case where the AP does not yet know the correct key length at
the beginning of FT protocol.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Provide AKM to the helper function so that the new SHA256 and SHA512
options can be covered for FT-SAE-EXT-KEY.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Provide key length instead of SHA384/SHA256 selection to the helper
function so that the new SHA512 option can be covered for
FT-SAE-EXT-KEY.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Provide enough information to allow the FTE to be built using the
correct MIC field length based on the used AKM and key length.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add service class id attribute
QCA_WLAN_VENDOR_ATTR_SCS_RULE_CONFIG_SERVICE_CLASS_ID in SCS rule
configuration vendor subcommand
QCA_NL80211_VENDOR_SUBCMD_SCS_RULE_CONFIG.
Signed-off-by: Harsh Kumar Bijlani<quic_hbijlani@quicinc.com>
This can be helpful in trying to figure out unexpected behavior even
though we do not currently really do anything with the inner method
type.
Signed-off-by: Chaoli Zhou <quic_zchaoli@quicinc.com>
Move from this type of constructions:
switch (val) {
case 1:
something;
break;
}
default-action;
into following:
switch (val) {
case 1:
something;
break;
default:
default-action;
break
}
for cases where the switch statement is not expected to contain a full
set of enum values and as such, does not lose value from not having the
default target.
This makes the intent of default behavior clearer for static analyzers like
gcc with -Wswitch-default.
Signed-off-by: Chaoli Zhou <quic_zchaoli@quicinc.com>
Do not include 6 GHz channels in the ACS possible channel list if
neither HE (ieee80211ax=1) nor EHT (ieee80211be=1) is enabled since
those channels cannot be used in such combination.
Signed-off-by: Vishal Miskin <quic_vmiskin@quicinc.com>
Information from both NL80211_CMD_ROAM and
QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH events is required for
processing the roam events correctly, especially to get the newly
connected BSS details. Indicate the roam event to private libraries only
after NL80211_CMD_ROAM and QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH
events are received.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Extend wlantest capabilities to cover the new SAE-EXT-KEY AKM and
variable length MIC field and key lengths for it based on the used SAE
group.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Since NetworkManager doesn't support setting ieee80211w to
wpa_supplicant and only support pmf, so override ieee80211w from pmf for
AP mode if ieee80211w not configurated. Do not change behavior for the
P2P GO cases.
Signed-off-by: Chaoli Zhou <quic_zchaoli@quicinc.com>
This makes sigma_dut_ap_dpp_qr* test cases with SAE more robust by
avoiding unexpected behavior. This was found with the following test
sequence:
mesh_sae_anti_clogging sigma_dut_ap_dpp_qr_sae
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
While the IEEE 802.11 standard does not require MFPR=1, WPA3-Personal
requires PMF to be used with SAE. Use the stronger MFPR=1 configuration
for SAE-without-PSK case, i.e., interpret that as "WPA3-Personal only"
configuration.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is needed to avoid surprises in the following test cases. This was
found with a failure in the following test sequence:
wpas_ap_vendor_elems p2p_ext_discovery_go
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Clear the dpp_connector_privacy_default parameter value that sigma_dut
set in wpa_supplicant at the end of the test case to avoid surprising
behavior for the following test cases. This was found with a failure in
the following test sequence:
sigma_dut_dpp_qr_mutual_resp_enrollee_connector_privacy
sigma_dut_dpp_proto_peer_disc_req
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Do not try to use variables that are not defined without
CONFIG_IEEE80211R=y and add the forgotten "inline" for the function
wrapper.
Fixes: 5c65ad6c0b ("PASN: Support PASN with FT key derivation")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add support to parse MLO connection information from
QCA_WLAN_VENDOR_ATTR_ROAM_AUTH_MLO_LINKS for
QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH event.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Update bss entries for all affiliated links whenever learning
GTK/IGTK/BIGTK from EAPOL-Key msg 3/4 or group msg 1/2.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Allow a single STA entry to be found for a non-AP MLD regardless of
which link MAC address was used to transmit/receive it.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Update STA state tracking for SAE authentication as well as the previous
covered Open System algorithm.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Check the Beacon/Probe Response frame RSNE against the RSNE within the
MLO Link KDE for the current affiliated link instead of RSNE when
processing the EAPOL-Key msg 3/4 Key Data field.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This makes the debug message more useful for determining whether an
expected BIGTK has been derived.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add support for parsing MLO KDEs as defined in Table 12-10 (KDE
selectors) in IEEE P802.11be/D2.0.
Signed-off-by: Rohan Dutta <quic_drohan@quicinc.com>
Co-authored-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Make this easier to understand by using the appropriately named function
to parse KDEs/IEs in the Key Data field of EAPOL-Key frames instead of
using the wrapper function that is there just to provide the old
function name for wpa_supplicant.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
rx_mgmt_beacon() was skipping all steps after a Probe Response frame
from the AP had been processed. This is expected for the parts that were
updating the bss entry information, but the checks for beacon protection
should not be skipped in this manner.
Skip onlu the updating parts while checking that beacon protection is
used correctly to make this more useful.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>