Commit graph

17230 commits

Author SHA1 Message Date
Sreeramya Soratkal
9f2217c513 P2P: Consider p2p_no_go_freq for GO preferred frequency
Currently while selecting a preferred frequency when no preference is
known, p2p_no_go_freq is not considered for 5 GHz and 60 GHz channels.
This results in starting GO on the channels that are configured not to
allow the local device as GO.

Use wpas_p2p_supported_freq_go api to check if the p2p_no_go_freq
configuration before selecting the preferred frequency for GO.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2021-08-26 15:46:58 +03:00
Sreeramya Soratkal
882c53be50 P2P: Avoid integer overflow in channel
For some 6 GHz operating class like 134, there is a possibility where
the ch variable used for channel iterator overflows when it is
incremented. Fix this by updating the datatype of ch variable to
avoid integer overflow while incrementing.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2021-08-26 15:32:56 +03:00
Vinita S. Maloo
a58f7e61c1 Add QCA vendor interface to configure allowed bands for roaming
Add a QCA vendor attribute to configure the driver/firmware the allowed
bands for roaming by userpace. This attribute is also used to get the
configured roam bands from the driver.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-08-26 15:27:51 +03:00
Mathew Hodson
be81bbdc3b doc: Fix grammar in wpa_supplicant overview
Signed-off-by: Mathew Hodson <mathew.hodson@gmail.com>
2021-08-25 16:20:17 +03:00
Johannes Berg
fde38cac8a tests: test_fst_config: Convert FstLauncher to context manager
Using __del__ for any kind of cleanup is not a good idea
as it's not guaranteed to be called at any particular time,
it's only called whenever the next garbage collect cycle
kicks in.

Use a context manager instead, which basically removes the
need for the try/finally and fixes the reliance on __del__.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2021-08-25 16:20:17 +03:00
Johannes Berg
c8e2fc1fd5 tests: fst_test_common: Remove dead code from HapdRegCtrl
Since refcnt is never incremented, this is dead code, just remove it.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2021-08-25 16:20:17 +03:00
Cy Schubert
362d9a49d4 utils: FreeBSD supports fdatasync(2)
FreeBSD supports fdatasync(2). Enable it in os_unix.c.

Signed-off-by: Cy Schubert <cy@FreeBSD.org>
2021-08-25 16:20:17 +03:00
Ajay Singh
9bd9434108 nl80211: Fix send_mlme to use monitor interface only for AP interface
Use monitor interface to send_mlme only when the interface is configured
in AP mode. In multiple interface setup, one interface can be configured
in AP mode using monitor interface and another interface in station
mode. The station interface may also require sending the management
frames without using monitor interface, e.g., support external SAE
authentication to send Authentication frames without monitor interface.
This change allows sending management frames to the driver for a station
interface where the AP interface uses monitor interface.

Additionally, the monitor interface is only valid for AP mode
(nl80211_create_monitor_interface() is called in nl80211_setup_ap) so
interface type check ensures to use monitor interface only when required
by the specific interface.

Signed-off-by: Ajay Singh <ajay.kathat@microchip.com>
Signed-off-by: Peter Reen <peter.reen@microchip.com>
2021-08-25 16:20:17 +03:00
Shay Bar
f02ac5140c HE: Option to disable HE ER SU in HE operation in AP mode
Add option to disable 242-tone HE ER SU PPDU reception by the AP
in HE operation IE.

Signed-off-by: Shay Bar <shay.bar@celeno.com>
2021-08-25 12:45:14 +03:00
Gokul Sivakumar
63f043f4fd Generalize the function name as it is not dealing with only TX & RX params
For the function hostapd_get_sta_tx_rx(), the name
hostapd_get_sta_info() is more appropriate as it is also responsible for
getting many other STA specific params like RSSI, inactive milliseconds
along with TX and RX bytes.

Signed-off-by: Gokul Sivakumar <gokulkumar792@gmail.com>
2021-08-25 12:27:17 +03:00
Jouni Malinen
0cc9d7fb12 tests: connected_time for mesh peer
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-08-25 12:26:30 +03:00
Gokul Sivakumar
3cdc6d381a mesh: Show peer connected time in the wpa_cli STA cmd output for Mesh mode
When a Mesh interface is managed by wpa_supplicant, include the peer
link connected time (secs) in the output of "sta <addr>", "all_sta"
wpa_cli cmds for each peer. This will be helpful to find when the peer
link connection got established. The NL80211_STA_INFO_CONNECTED_TIME
netlink attribute data is used for this purpose if available.

$ wpa_cli -i mesh0 all_sta
02:00:00:00:02:00
flags=[ASSOC][WMM][HT]
aid=1
capability=0x0
listen_interval=0
supported_rates=82 84 8b 96 8c 12 98 24 b0 48 60 6c
timeout_next=NULLFUNC POLL
rx_packets=77
tx_packets=3
rx_bytes=8510
tx_bytes=284
inactive_msec=104
signal=-30
rx_rate_info=65 mcs 0
tx_rate_info=65 mcs 0
ht_mcs_bitmask=ffff0000000000000000
connected_time=24
ht_caps_info=0x103c

The connected_time field in the output of "hostapd_cli -i ap0 all_sta"
cmd is not affected and it will continue to show the connected time
maintained by hostapd for each STA.

Signed-off-by: Gokul Sivakumar <gokulkumar792@gmail.com>
2021-08-25 12:26:25 +03:00
Masashi Honma
eddcd27534 Fix some compiler warnings on 32 bit platform
../src/ap/ieee802_11.c: In function ‘pasn_wd_handle_sae_commit’:
../src/ap/ieee802_11.c:2401:60: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 3 has type ‘size_t’ {aka ‘unsigned int’} [-Wformat=]
   wpa_printf(MSG_DEBUG, "PASN: SAE buffer too short. len=%lu",
                                                          ~~^
                                                          %u
       buf_len);
       ~~~~~~~
../src/ap/ieee802_11.c: In function ‘pasn_wd_handle_sae_confirm’:
../src/ap/ieee802_11.c:2477:60: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 3 has type ‘size_t’ {aka ‘unsigned int’} [-Wformat=]
   wpa_printf(MSG_DEBUG, "PASN: SAE buffer too short. len=%lu",
                                                          ~~^
                                                          %u
       buf_len);
       ~~~~~~~
../src/ap/ieee802_11.c: In function ‘pasn_wd_handle_fils’:
../src/ap/ieee802_11.c:2707:62: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 3 has type ‘size_t’ {aka ‘unsigned int’} [-Wformat=]
   wpa_printf(MSG_DEBUG, "PASN: FILS: Buffer too short. len=%lu",
                                                            ~~^
                                                            %u
       buf_len);
       ~~~~~~~

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2021-08-25 12:03:02 +03:00
Masashi Honma
4c80937c7f nl80211: Reduce the number of nlctrl name resolution calls
The number of nlctrl name resolution calls required to connect to a
WPA2-PSK AP is 12. And each nlctrl name resolution call spends 55 micro
seconds on a lower spec CPU like Intel Atom N270. Reduce the number of
nctrl name resolution calls from 12 to 1 by caching the results of nctrl
name resolution calls on int size memory to speed up the connection
process a little bit.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2021-08-25 12:01:06 +03:00
Jouni Malinen
2bbc5a2b09 tests: wpa_supplicant config blobs and PEM encoding
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-08-19 17:41:13 +03:00
Wolfgang Steinwender
cce33c7e7a openssl: Support private_key blob in PEM encoded PKCS#8 format
Try to parse the private_key blob as private key in PEM format encoded
PKCS#8. PEM format is already supported for private_key file and is now
also supported for private_key blob.

Signed-off-by: Wolfgang Steinwender <wsteinwender@pcs.com>
2021-08-19 17:40:58 +03:00
Andrew Beltrano
0030590fb3 Generate an event when a network is added or removed
Generate an event on the control socket interface when a network is
added or removed. The event name CTRL-EVENT-NETWORK-<ADDED|REMOVED>
is followed by the network entry identifier. The event matches the
corresponding Network<Added|Removed> signal on the d-bus interface.

Signed-off-by: Andrew Beltrano <anbeltra@microsoft.com>
2021-08-19 17:21:06 +03:00
Nick Porter
f238610616 Add a --conf option to eapol_test.py
The --conf option specifies a file containing a list of options
to configure the network used for running the test which will be
used in place of the defaults built into the script.

Signed-off-by: Nick Porter <nick@portercomputing.co.uk>
2021-08-19 16:58:45 +03:00
Michael Braun
99c1789ab1 PASN: Fix ASAN error in ptksa_cache_add()
==19798==ERROR: AddressSanitizer: heap-use-after-free on address 0x6110000663f8 at pc 0x55a2c485a232 bp 0x7ffeb42dcaf0 sp 0x7ffeb42dcae0
READ of size 8 at 0x6110000663f8 thread T0
Connect STA wlan0 to AP
    #0 0x55a2c485a231 in ptksa_cache_add ../src/common/ptksa_cache.c:310
    #1 0x55a2c4398045 in hostapd_store_ptksa ../src/ap/wpa_auth_glue.c:943
    #2 0x55a2c4430980 in wpa_auth_store_ptksa ../src/ap/wpa_auth.c:232
    #3 0x55a2c44578e1 in sm_WPA_PTK_PTKINITDONE_Enter ../src/ap/wpa_auth.c:3650
    #4 0x55a2c44578e1 in sm_WPA_PTK_Step ../src/ap/wpa_auth.c:3798
    #5 0x55a2c44578e1 in wpa_sm_step ../src/ap/wpa_auth.c:4437
    #6 0x55a2c445d99d in wpa_receive ../src/ap/wpa_auth.c:1411
    #7 0x55a2c43e7747 in ieee802_1x_receive ../src/ap/ieee802_1x.c:1118
    #8 0x55a2c43bbf73 in hostapd_event_eapol_rx ../src/ap/drv_callbacks.c:1542
    #9 0x55a2c43bbf73 in wpa_supplicant_event ../src/ap/drv_callbacks.c:1932
    #10 0x55a2c466cb2d in drv_event_eapol_rx ../src/drivers/driver.h:6074
    #11 0x55a2c466cb2d in nl80211_control_port_frame ../src/drivers/driver_nl80211_event.c:2822
    #12 0x55a2c466cb2d in process_bss_event ../src/drivers/driver_nl80211_event.c:3194
    #13 0x7feed9e90b9b in nl_cb_call ./include/netlink-private/netlink.h:145
    #14 0x7feed9e90b9b in recvmsgs ./lib/nl.c:1006
    #15 0x7feed9e90b9b in nl_recvmsgs_report ./lib/nl.c:1057
    #16 0x7feed9e91058 in nl_recvmsgs ./lib/nl.c:1081
    #17 0x55a2c45f2e8c in wpa_driver_nl80211_event_receive ../src/drivers/driver_nl80211.c:1782
    #18 0x55a2c44b9afa in eloop_sock_table_dispatch ../src/utils/eloop.c:603
    #19 0x55a2c44be122 in eloop_run ../src/utils/eloop.c:1228
    #20 0x55a2c43360bf in hostapd_global_run /home/mbr/hostapd/hostapd/main.c:451
    #21 0x55a2c43360bf in main /home/mbr/hostapd/hostapd/main.c:898
    #22 0x7feed8ce20b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
    #23 0x55a2c432f3fd in _start (/home/mbr/hostapd/hostapd/hostapd+0x9f23fd)

0x6110000663f8 is located 184 bytes inside of 216-byte region [0x611000066340,0x611000066418)
freed by thread T0 here:
    #0 0x7feeda1477cf in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x10d7cf)
    #1 0x55a2c44ce56b in os_free ../src/utils/os_unix.c:773
    #2 0x55a2c451a986 in radius_msg_free ../src/radius/radius.c:137
    #3 0x55a2c4527104 in radius_client_msg_free ../src/radius/radius_client.c:261
    #4 0x55a2c452f53c in radius_client_list_add ../src/radius/radius_client.c:715
    #5 0x55a2c452f53c in radius_client_send ../src/radius/radius_client.c:807
    #6 0x55a2c453b24c in accounting_sta_report ../src/ap/accounting.c:352
    #7 0x55a2c453d6e9 in accounting_sta_stop ../src/ap/accounting.c:384
    #8 0x55a2c44190fd in ap_free_sta ../src/ap/sta_info.c:194
    #9 0x55a2c4934530 in handle_deauth ../src/ap/ieee802_11.c:6035
    #10 0x55a2c4934530 in ieee802_11_mgmt ../src/ap/ieee802_11.c:6399
    #11 0x55a2c43bf114 in hostapd_mgmt_rx ../src/ap/drv_callbacks.c:1468
    #12 0x55a2c43bf114 in wpa_supplicant_event ../src/ap/drv_callbacks.c:1912
    #13 0x55a2c465faf7 in mlme_event_mgmt ../src/drivers/driver_nl80211_event.c:823
    #14 0x55a2c4661774 in mlme_event ../src/drivers/driver_nl80211_event.c:1135
    #15 0x55a2c466c43b in process_bss_event ../src/drivers/driver_nl80211_event.c:3177
    #16 0x7feed9e90b9b in nl_cb_call ./include/netlink-private/netlink.h:145
    #17 0x7feed9e90b9b in recvmsgs ./lib/nl.c:1006
    #18 0x7feed9e90b9b in nl_recvmsgs_report ./lib/nl.c:1057

previously allocated by thread T0 here:
    #0 0x7feeda147bc8 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8)
    #1 0x55a2c44cd387 in os_malloc ../src/utils/os_unix.c:715
    #2 0x55a2c44ceb7f in os_zalloc ../src/utils/os_unix.c:779
    #3 0x55a2c451a9f2 in radius_msg_new ../src/radius/radius.c:109
    #4 0x55a2c4539a6e in accounting_msg ../src/ap/accounting.c:46
    #5 0x55a2c453be15 in accounting_report_state ../src/ap/accounting.c:439
    #6 0x55a2c453d91d in accounting_init ../src/ap/accounting.c:534
    #7 0x55a2c4378952 in hostapd_setup_bss ../src/ap/hostapd.c:1333
    #8 0x55a2c4382530 in hostapd_setup_interface_complete_sync ../src/ap/hostapd.c:2094
    #9 0x55a2c4382815 in hostapd_setup_interface_complete ../src/ap/hostapd.c:2229
    #10 0x55a2c4384100 in setup_interface2 ../src/ap/hostapd.c:1726
    #11 0x55a2c4386b58 in setup_interface ../src/ap/hostapd.c:1628
    #12 0x55a2c4386b58 in hostapd_setup_interface ../src/ap/hostapd.c:2318
    #13 0x55a2c4387a57 in hostapd_enable_iface ../src/ap/hostapd.c:2730
    #14 0x55a2c455d723 in hostapd_ctrl_iface_enable /home/mbr/hostapd/hostapd/ctrl_iface.c:1606
    #15 0x55a2c455d723 in hostapd_ctrl_iface_receive_process /home/mbr/hostapd/hostapd/ctrl_iface.c:3607
    #16 0x55a2c456821e in hostapd_ctrl_iface_receive /home/mbr/hostapd/hostapd/ctrl_iface.c:4018
    #17 0x55a2c44b9afa in eloop_sock_table_dispatch ../src/utils/eloop.c:603
    #18 0x55a2c44be122 in eloop_run ../src/utils/eloop.c:1228
    #19 0x55a2c43360bf in hostapd_global_run /home/mbr/hostapd/hostapd/main.c:451
    #20 0x55a2c43360bf in main /home/mbr/hostapd/hostapd/main.c:898
    #21 0x7feed8ce20b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)

SUMMARY: AddressSanitizer: heap-use-after-free ../src/common/ptksa_cache.c:310 in ptksa_cache_add
Shadow bytes around the buggy address:
  0x0c2280004c20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2280004c30: 00 00 fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2280004c40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2280004c50: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
  0x0c2280004c60: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
=>0x0c2280004c70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]
  0x0c2280004c80: fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2280004c90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2280004ca0: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa
  0x0c2280004cb0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c2280004cc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==19798==ABORTING

Fixes: a4e3691616 ("WPA: Add PTKSA cache implementation")
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2021-08-19 16:51:20 +03:00
Jouni Malinen
af89683a43 tests: Update RSA 3k certificates
The previous ones expired and caused test failures.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-08-19 13:57:53 +03:00
Davide Caratti
e2e9adc3d9 openssl: Disable padding after initializing the cipher suite
according to OpenSSL documentation [1], EVP_CIPHER_CTX_set_padding()
should be called after EVP_EncryptInit_ex(), EVP_DecryptInit_ex(), or
EVP_CipherInit_ex(). Not doing this causes EVP_CIPHER_CTX_set_padding()
to return false on OpenSSL-3.0.0, resulting in the impossibility to
connect in many scenarios. Fix this changing the order of function calls
where needed.

[1] https://www.openssl.org/docs/man1.1.1/man3/EVP_CIPHER_CTX_set_padding.html

Reported-by: Vladimir Benes <vbenes@redhat.com>
Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
2021-08-19 12:13:17 +03:00
Davide Caratti
d265dd2d96 openssl: Remove deprecated functions from des_encrypt()
NetworkManager-CI detected systematic failures on test scenarios using
MSCHAPv2 when wpa_supplicant uses OpenSSL-3.0.0.
The 'test_module_tests.py' script also fails, and the following log is
shown:

 1627404013.761569: generate_nt_response failed
 1627404013.761582: ms_funcs: 1 error

It seems that either DES_set_key() or DES_ecb_encrypt() changed their
semantic, but it doesn't make sense to fix them since their use has been
deprecated. Converting des_encrypt() to avoid use of deprecated
functions proved to fix the problem, and removed a couple of build
warnings at the same time.

Reported-by: Vladimir Benes <vbenes@redhat.com>
Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
2021-08-19 12:10:33 +03:00
Arowa Suliman
46b60299a4 wpa_supplicant: src: Replace Sane with Valid.
Replace the word Sane with Valid which is inclusive.

Signed-off-by: Arowa Suliman <arowa@chromium.org>
2021-08-19 11:34:45 +03:00
Joshua Emele
12388313a0 RADIUS client: Fix void-pointer-to-enum-cast warning
Found using x86_64-cros-linux-gnu-clang (Chromium OS
12.0_pre416183_p20210305-r3 clang version 12.0.0):

radius_client.c:818:24: warning: cast to smaller integer ...
        RadiusType msg_type = (RadiusType) sock_ctx;

Signed-off-by: Joshua Emele <jemele@chromium.org>
2021-08-19 11:19:37 +03:00
Jouni Malinen
3f4e8b93f8 tests: SCS
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-08-12 18:28:07 +03:00
Vinita S. Maloo
e433d06dd5 Allow MSCS support to be disabled for testing purposes
"SET disable_mscs_support 1" can be used to disable indication of MSCS
support in the Extended Capabilities element for testing purposes. This
is also disabling addition of the MSCS element even if valid
configuration parameters had been configured.

Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
2021-08-12 18:28:07 +03:00
Vinita S. Maloo
025f8ab52e SCS: Processing of SCS Response frames
Add support to receive and process SCS Response frames from the AP and
indicate the status to upper layers.

Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
2021-08-12 18:28:07 +03:00
Vinita S. Maloo
b4e01ae929 Allow SCS supported to be disabled for testing purposes
"SET disable_scs_support 1" can be used to disable indication of SCS
support in the Extended Capabilities element for testing purposes.

Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
2021-08-12 18:28:07 +03:00
Vinita S. Maloo
c005283c48 SCS: Sending of SCS Request frames
Add support to parse SCS control interface command and form the SCS
Request frame to be sent to SCS enabled AP.

Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
2021-08-12 18:28:07 +03:00
Hu Wang
445dbe2cdb P2P: Do not stop Listen state if it is moving to correct channel
Commit 0b8889d8e5 ("P2P: Do not stop Listen state if it is on
correct channel") added a optimization to use Listen state's
remain-on-channel to send out GO Negotiation response frame quickly.

But in Listen state, if GO Negotiation request frame is received before
the remain-on-channel started event from the driver, the above
optimization is not triggered. This showed up in following manner in the
debug log:

p2p0: Starting radio work 'p2p-listen'@0xb4000070ae22d420 after 0.000114 second wait
nl80211: Remain-on-channel cookie 0x100 for freq=2412 MHz duration=204
P2P: Received GO Negotiation Request from 6e:fa:a7:86:e5:e5(freq=2412)
P2P: GO Negotiation with 6e:fa:a7:86:e5:e5
P2P: Stopping find
P2P: Clear timeout (state=WAIT_PEER_CONNECT)
P2P: State WAIT_PEER_CONNECT -> IDLE
nl80211: Cancel remain-on-channel with cookie 0x100
p2p0: Radio work 'p2p-listen'@0xb4000070ae22d420 done in 0.074348 seconds
p2p0: radio_work_free('p2p-listen'@0xb4000070ae22d420): num_active_works --> 0
P2P: State IDLE -> GO_NEG
P2P: Sending GO Negotiation Response
Off-channel: Send action frame: freq=2412 dst=6e:fa:a7:86:e5:e5 src=da:3c:83:7d:70:2b bssid=da:3c:83:7d:70:2b len=196
nl80211: Remain-on-channel event (cancel=0 freq=2412 channel_type=0 duration=400 cookie=0x100 (match))
nl80211: Remain-on-channel event (cancel=1 freq=2412 channel_type=0 duration=0 cookie=0x100 (match))
P2P: GO Negotiation Response (failure) TX callback: success=0

Fix this by adding p2p->pending_listen_freq == freq condition for the
optimization so that the case where the remain-on-channel command has
already been issued to the driver, but the start event has not yet been
received, is covered as well.

Fixes: 0b8889d8e5 ("P2P: Do not stop Listen state if it is on correct channel")
Signed-off-by: Hu Wang <huw@codeaurora.org>
2021-08-12 17:52:28 +03:00
Aleti Nageshwar Reddy
e99aaf7064 Add QCA vendor attribute for TWT termination due to power save exit
Add QCA new status vendor attribute
QCA_WLAN_VENDOR_TWT_STATUS_POWER_SAVE_EXIT_TERMINATE
to indicate the TWT session termination due to power save
exit request from userspace.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-08-12 17:38:20 +03:00
Shiva Krishna Pittala
a147951eec Add QCA vendor attribute indicating the spectral scan bandwidth
Add the following vendor attribute to indicate the bandwidth to be used
for spectral scan operation:
- QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_BANDWIDTH

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-08-12 17:23:39 +03:00
Aleti Nageshwar Reddy
51f89565fc Add QCA vendor interface to fetch thermal statistics from the driver
Enhance QCA_NL80211_VENDOR_SUBCMD_THERMAL_CMD to fetch thermal
statistics for different temperature levels from the driver to
userspace. The statistics will be stored in the driver/firmware for
predefined temperature levels and will be reported to userspace when
QCA_NL80211_VENDOR_SUBCMD_THERMAL_CMD is sent with the command type
QCA_WLAN_VENDOR_ATTR_THERMAL_CMD_TYPE_GET_THERMAL_STATS.

The thermal statistics can be cleared from userspace by sending a
QCA_NL80211_VENDOR_SUBCMD_THERMAL_CMD command with the type
QCA_WLAN_VENDOR_ATTR_THERMAL_CMD_TYPE_CLEAR_THERMAL_STATS.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-08-12 17:14:54 +03:00
Sreeramya Soratkal
24774dcc2e P2P: Require PMF for P2P GO in the 6 GHz band
Enable (and require) the management frame protection for the P2P GO if
it is started on a 6 GHz channel.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2021-08-05 19:14:52 +03:00
Jouni Malinen
c3155a725d tests: WPS+SAE+H2E
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-08-04 00:41:30 +03:00
Sreeramya Soratkal
49442194c4 SAE: Derive H2E PT while reconnecting to same SSID also
P2P connections in the 6 GHz band use SAE authentication algorithm after
getting credentials with WPS connection. During WPS connection as it
doesn't use SAE, SAE PT is not derived. After getting SAE credentials,
the STA connects to the same SSID using SAE auth algorithm. Earlier, SAE
H2E PT was not derived while connecting to the same SSID to which the
STA is connected last time. Due to this, the P2P group formation fails
for 6 GHz channels when H2E is enabled as the PT will not be setup by
the P2P client before proceeding to the SAE authentication. Same could
happen with infrastructure WPS when wps_cred_add_sae=1 is used.

Set up the SAE H2E PT while connecting to the same SSID again also to
make sure that the H2E PT is set up in the STA to derive the PWE for
successful SAE authentication. The PT derivation will be skipped in
wpa_s_setup_sae_pt() if PT is already available for that SSID.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2021-08-04 00:20:09 +03:00
Sreeramya Soratkal
ac79ed4998 HE: Obtain correct AP mode capabilities for hw_mode with 6 GHz support
Though both 5 GHz channels and 6 GHz channels report the mode as
HOSTAPD_MODE_IEEE80211A, there is a possibility of different HT/VHT/HE
capabilities being available between these bands. Use get_mode() to
obtain correct capabilities to cover cases where the driver reports
different capability values for the 5 GHz and 6 GHz channels.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2021-08-03 19:48:12 +03:00
Aditya Kodukula
dfabf1e5cb QCA vendor command for mDNS offload
Define a new vendor command for enabling/disabling mDNS offload.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-07-29 20:07:52 +03:00
Disha Das
1071f75395 DPP2: Fix channel 6 inclusion for chirping with non-2 GHz interfaces
When the driver provides a list of supported modes, hostapd ended up
adding channel 6 even if the 2.4 GHz mode was not included. This
resulted in incorrect behavior of trying to transmit on a not supported
channel in case of 5 GHz only radios.

Fix this by adding the channel 6 by default only if the driver does not
provide a list of supported modes. Whenever the supported modes are
available, only add this channel if it is explicitly listed as an
enabled channel.

This is similar to an earlier wpa_supplicant change in commit
8e5739c3ac ("DPP2: Check channel 6 validity before adding it to chirp
channel list").

Signed-off-by: Disha Das <dishad@codeaurora.org>
2021-07-29 20:07:52 +03:00
Utkarsh Bhatnagar
84b3de8095 TDLS: Support TDLS operations in HE mode for 6 GHz
Determine if the TDLS peer supports TDLS in 6 GHz band based on the HE 6
GHz Band Capabilities element received in the TDLS Setup Response frame.
Indicate the peer's HE 6 GHz capabilities to the driver through
sta_add().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-07-29 20:07:25 +03:00
Kiran Kumar Lokere
1990ee7eee QCA vendor attributes to configure BTWT and Rx control frame to MultiBSS
Add QCA vendor attributes to configure the driver to enable/disable the
Broadcast TWT support and Rx Control Frame To MultiBSS support in HE
capabilities information field. This attribute is used for testing
purposes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-07-28 12:51:15 +03:00
Nirav Shah
f5f2985a2d Update TWT attribute to send TSF value in TWT setup command
Update QCA_WLAN_VENDOR_ATTR_TWT_SETUP_WAKE_TIME_TSF
TWT attribute to use it in TWT setup command to pass TSF value.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-07-27 00:38:57 +03:00
Veerendranath Jakkam
b4f7506ff0 FILS: Flush external-PMKSA when connection fails without ERP keys
External applications can store PMKSA entries persistently and
reconfigure them to wpa_supplicant after restart. This can result in
wpa_supplicant having a PMKSA for FILS authentication without having
matching ERP keys for it which would prevent the previously added
mechanism for dropping FILS PMKSA entries to recover from rejected
association attempts.

Fix this by clearing PMKSA entries configured by external applications
upon FILS connection failure even when ERP keys are not available.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2021-07-14 21:35:24 +03:00
Veerendranath Jakkam
80bcd7ecd1 FILS: Flush PMKSA entries on FILS connection failure
wpa_supplicant generates both a PMKSA cache entry and ERP keys upon
successful FILS connection and uses FILS authentication algorithm for
subsequent connections when either ERP keys or a PMKSA cache entry is
available.

In some cases, like AP/RADIUS server restart, both ERP keys and PMKSA
becomes invalid. But currently when an AP rejects an association,
wpa_supplicant marks only ERP keys as failed but not clearing PMKSA.

Since PMKSA is not cleared, consecutive connection attempts are still
happening with FILS authentication algorithm and connection attempts are
failing with the same association rejection again instead of trying to
recover from the state mismatch by deriving a new ERP key hierarchy.

Clear PMKSA entries as well on association rejection from an AP to allow
the following connection attempt to go with open authentication to
re-establish a valid ERP key hierarchy. Also, since clearing PMKSA
entries on unprotected (Re)Association Response frames could allow DoS
attack (reduce usability of PMKSA caching), clear PMKSA entries only
when ERP keys exists.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2021-07-14 21:20:17 +03:00
Jouni Malinen
d727b5e464 tests: Fix PASN tests to check for PASN support
Couple of the PASN test cases did not verify whether the wpa_supplicant
build used in the test included PASN support.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-07-14 18:18:47 +03:00
Jouni Malinen
295170851d tests: SAE Authetication failure reporting
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-07-14 18:18:47 +03:00
Jouni Malinen
914a2f518f SAE: Report authentication rejection over control interface
CTRL-EVENT-AUTH-REJECT reporting was previously skipped when going
through SAE-specific Authentication frame handling. Add this event here
as well to be more consistent with control interface events.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-07-14 18:18:47 +03:00
Jia Ding
9557ba336b AP: Don't increment auth_transaction upon SAE authentication failure
IEEE Std 802.11-2016, 12.4.7.6 specifies:

An SAE Commit message with a status code not equal to SUCCESS shall
indicate that a peer rejects a previously sent SAE Commit message.

An SAE Confirm message, with a status code not equal to SUCCESS, shall
indicate that a peer rejects a previously sent SAE Confirm message.

Thus when SAE authentication failure happens, authentication transaction
sequence number should not be incremented.

Signed-off-by: Jia Ding <jiad@codeaurora.org>
2021-07-14 18:18:47 +03:00
Jia Ding
84f6492eac Extend QCA vendor command for TSF to enable and disable auto report
Add TSF cmd to enable and disable automatic TSF report from the target
to the host.

Signed-off-by: Jia Ding <jiad@codeaurora.org>
2021-07-14 18:18:37 +03:00
Kiran Kumar Lokere
7ef4200588 QCA vendor attribute to configure BSS max idle support
Add new QCA vendor attribute to configure the driver to enable/disable
the BSS max idle period support. This attribute is used for testing
purposes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-07-13 23:52:18 +03:00