The first call to dpp_configuration_parse_helper() was supposed to use
the separately prepared tmp string with only the first configuration
entry, but it ended up using the full string that included both
configuration entries. This could result in the first configObject
getting a mix of parameters from both entries.
Fix the parsing to use only the text before the @CONF-OBJ-SEP@ separator
for the first entry.
Fixes: 7eb06a3369 ("DPP2: Allow multiple Config Objects to be build on Configurator")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
When ACS is configured in multiple BSS case, sometimes a virtual AP
interface does not come up as the channel context information between
different BSSs of the same band does not match.
Same behavior is observed in case of multiple band/hardware under a
single wiphy, when we bring up multiple virtual interface in various
bands simultaneously and the kernel maps a random channel as it has more
than one channel context, e.g., say a 2.4 GHz channel to a 5 GHz virtual
AP interface when the start AP command is sent. This is because the
frequency information is not present in the command.
Add the frequency information into the start AP netlink command so that
the kernel maps the appropriate channel context by parsing it instead of
using a previous set channel information.
Signed-off-by: Harshitha Prem <quic_hprem@quicinc.com>
This uses libnl3 to communicate with the macsec module available on
Linux. A recent enough version of libnl is needed for the hardware
offload support.
Signed-off-by: Emeel Hakim <ehakim@nvidia.com>
Add the country_code and country3 config parameter to the STATUS output
to easier determine the current values for each of an hostapd
access point. Currently neither STATUS, GET [country_code/country3] nor
GET_CONFIG output it.
This is useful if the hostapd access point has been created with
wpa_ctrl_request() without using a *.conf file (like hostapd.conf).
Signed-off-by: Antonio Prcela <antonio.prcela@gmail.com>
Signed-off-by: Antonio Prcela <antonio.prcela@sartura.hr>
sm->bssid has not yet been updated here, so use the provided bssid
instead. This avoids replacing the PTKSA entry for the previous AP when
a new PTKSA is being stored while using the FT protocol.
Fixes: d70060f966 ("WPA: Add PTKSA cache to wpa_supplicant for PASN")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
PTKSA was stored for the 4-way handshake and FILS cases, but not when it
was being derived through the use of the FT protocol.
Fixes: f2f8e4f458 ("Add PTKSA cache to hostapd")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This function is not used outside wpa_auth.c and it is not mentioned in
any header file either, so it should have been marked static.
Fixes: f2f8e4f458 ("Add PTKSA cache to hostapd")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
FT AP was silently ignoring EAPOL-Key msg 2/4 due to Key MIC mismatch
when the STA advertises support for Secure LTF and derives the KDK while
the AP implementation did not derive KDK.
Fix this to include KDK while deriving PTK for FT cases on the AP.
Signed-off-by: Shiva Sankar Gajula <quic_sgajula@quicinc.com>
Allows collecting and exposing more information about the station's
current connection from the kernel to the connection manager.
* Add an enum to represent guard interval settings to driver.h.
* Add fields for storing guard interval and dual carrier modulation
information into the hostap_sta_driver_data struct.
* Add bitmask values indicating the presence of fields.
* STA_DRV_DATA_TX_HE_DCM
* STA_DRV_DATA_RX_HE_DCM
* STA_DRV_DATA_TX_HE_GI
* STA_DRV_DATA_RX_HE_GI
* Retrieve NL80211_RATE_INFO_HE_GI and NL80211_RATE_INFO_HE_DCM in
get_sta_handler(), and set appropriate flags.
Signed-off-by: David Ruth <druth@chromium.org>
Currently invitation request wait time is very long and not needed for
sending a single Action frame only. To not interfere with other parallel
channel activities, decrease the wait time to to 150 ms in case of an
active P2P GO on the system.
In addition, if a P2P GO tries to invite a client that doesn't respond,
it will attempt to invite again after 100 ms. This is too aggressive and
may result in missing beacon transmission and affecting GO activity on
its operating channel. Increase the timeout to 120 ms, to allow enough
time for beacon transmission.
Signed-off-by: Ayala Beker <ayala.beker@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add support for WNM event report handling for the BSS color collision
and in use events.
Co-developed-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Yi-Chia Hsieh <yi-chia.hsieh@mediatek.com>
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Adding the hw_mode config parameter to the STATUS output to easier
determine the current hw_mode of an hostapd access-point. Currently
neither STATUS, GET hw_mode, nor GET_CONFIG output it.
Useful if the hostapd access point has been created with
wpa_ctrl_request() without using a *.conf file, like hostapd.conf.
Signed-off-by: Antonio Prcela <antonio.prcela@gmail.com>
Signed-off-by: Antonio Prcela <antonio.prcela@sartura.hr>
Per RFC 2548, 2.1.5, MS-CHAP-Error contains an Ident field of one octet
followed by an ASCII message. Add the missing Ident field.
Signed-off-by: Yihong Wu <wu@domosekai.com>
Change Probe Response frames to be sent as broadcast for 6 GHz band per
IEEE Std 802.11ax‐2021, 26.17.2.3.2: "If a 6 GHz AP receives a Probe
Request frame and responds with a Probe Response frame (per 11.1.4.3.4),
the Address 1 field of the Probe Response frame shall be set to the
broadcast address, unless the AP is not indicating its actual SSID in
the SSID element of its Beacon frames."
Signed-off-by: Hari Chandrakanthan <quic_haric@quicinc.com>
Send NL80211_ATTR_MLO_SUPPORT flag in NL80211_CMD_CONNECT to indicate
wpa_supplicant has support to handle MLO connection for SME-in-driver
case.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Enable MLO for SAE authentication when the driver indicates the AP MLD
address in an external authentication request. The MAC address of the
interface on which the external authentication request received will be
used as the own MLD address.
This commit does below for enabling MLO during external SAE
authentication:
- Use MLD addresses for SAE authentication.
- Add Basic Multi-Link element with the own MLD address in SAE
Authentication frames.
- Send SAE Authentication frames with the source address as the own MLD
address, destination address and BSSID as the AP MLD address to the
driver.
- Validate the MLD address indicated by the AP in SAE Authentication
frames against the AP MLD address indicated in external authentication
request.
- Store the PMKSA with the AP MLD address after completing SAE
authentication.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Add QCA_WLAN_VENDOR_MCC_QUOTA_TYPE_LOW_LATENCY attribute
to enable/disable Multi-Channel concurrency low latency mode.
The firmware will do optimization of channel time quota for
low latency in Multi-Channel concurrency state if enabled.
Signed-off-by: Liangwei Dong <quic_liangwei@quicinc.com>
hostapd was previously storing the derived PMK-R0 and PMK-R1 as soon as
these keys were derived. While that is fine for most purposes, it is
unnecessary to do that so quickly and if anything were to fail before
the supplicant is able to return a valid EAPOL-Key msg 2/4, there would
not really be any real use for the derived keys.
For the special case of FT-PSK and VLAN determination based on the
wpa_psk file, the VLAN information is set in the per-STA data structures
only after the EAPOL-Key msg 2/4 MIC has been verified. This ended up
storing the PMK-R0/PMK-R1 entries without correct VLAN assignment and as
such, any use of the FT protocol would not be able to transfer the VLAN
information through RRB.
Split local storing of the FT key hierarchy for the cases using the FT
4-way handshake so that PMK-R0 and PMK-R1 are first derived and then
stored as a separate step after having verified the MIC in the EAPOL-Key
msg 2/4 (i.e., after having confirmed the per-STA passphrase/PSK was
selected) and VLAN update. This fixes VLAN information for the
wpa_psk_file cases with FT-PSK.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
During implementation of commit 257b119c2d ("QCA vendor attribute of
update roaming cached statistics info") some deficiencies were noted as
listed below, so fix them. Since these are pre-implementation changes,
no ABI breakage is introduced.
1) Change all RSSI values to be signed values.
2) Add enums for scan type and dwell type instead of documenting
their values with comments
3) Add missing QCA_ROAM_REASON_STA_KICKOUT to enum qca_roam_reason
Signed-off-by: Chunquan Luo <quic_chunquan@quicinc.com>
The initial MACsec implementation required the EAP Session-Id to be at
least 65 octets long and by truncating the value to that length, the
practical limit of functional cases was limited to that exact length of
65 octets. While that happens to work with EAP method that use TLS, it
does not work with most other EAP methods.
Remove the EAP Session-Id length constraint and allow any length of the
Session-Id as long as the EAP method provides one. In addition, simplify
this be removing the unnecessary copying of the Session Id into a new
allocated buffer.
Fixes: dd10abccc8 ("MACsec: wpa_supplicant integration")
Fixes: a93b369c17 ("macsec: Support IEEE 802.1X(EAP)/PSK MACsec Key Agreement in hostapd")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The received Service Discovery Response frame follows the ap_mgmt_rx()
path in P2P GO mode. If gas_query_rx_frame() doesn't process the frame,
call the Public Action frame callbacks if any are registered for further
processing of the RX frame.
Fixes: 9c2b8204e6 ("DPP: Integration for hostapd")
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
Add vendor subcmd QCA_NL80211_VENDOR_SUBCMD_ROAM_STATS and attribute id
in enum qca_wlan_vendor_attr_roam_cached_stats for collecting roaming
statistics information when diagnosing roaming behavior.
Signed-off-by: Chunquan Luo <quic_chunquan.quicinc.com>
Add new AP concurrency policy QCA_WLAN_CONCURRENT_AP_POLICY_XR to
configure interface for eXtended Reality (XR) requirements.
Signed-off-by: Purushottam Kushwaha <quic_pkushwah@quicinc.com>
Add a new vendor command QCA_NL80211_VENDOR_SUBCMD_GET_MONITOR_MODE to
get the local packet capture status in the monitor mode. Add required
attributes to respond with status of the monitor mode. The monitor mode
can be started/configured by using the
QCA_NL80211_VENDOR_SUBCMD_SET_MONITOR_MODE subcommand.
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
Add new QCA vendor attributes to configure the driver for EHT
capabilities and multi link configuration.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add new QCA vendor attributes to configure the driver for EHT
capabilities. These attributes are used for testing purposes.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
When I was testing dpp_auth_init on an AP with Enrollee on a different
channel from the AP I was getting failures. This happened on hwsim in
UML with time-travel for me. I don't recall seeing this with real
devices, presumably because of lax offchan implementation.
The DPP authentication would succeed. However the station would then try
to get configuration through a GAS request and fail.
The AP reported the following logs (grepped):
> 1614762426.860212: RX_ACTION category 4 action 10 sa 02:00:00:00:01:00 da 02:00:00:00:00:00 len 227 freq 2412
> 1614762426.860212: wlan0: GAS: GAS Initial Request from 02:00:00:00:01:00 (dialog token 239)
> 1614762426.860233: DPP: Wait for Configuration Result
> 1614762426.860234: nl80211: Send Action frame (ifindex=5, freq=2462 MHz wait=0 ms no_cck=0 offchanok=0)
> 1614762428.861186: DPP: Timeout while waiting for Configuration Result
> 1614762428.861186: wlan0: DPP-CONF-FAILED
While the STA reported the following logs (grepped):
> 1614762426.860193: wlan1: DPP-AUTH-SUCCESS init=0
> 1614762426.860195: DPP: Stop listen on 2412 MHz
> 1614762426.860202: wlan1: GAS-QUERY-START addr=02:00:00:00:00:00 dialog_token=239 freq=2412
> 1614762428.861185: GAS: No response received for query to 02:00:00:00:00:00 dialog token 239
> 1614762428.861189: DPP: GAS query did not succeed
> 1614762428.861189: wlan1: DPP-CONF-FAILED
AP would still receive the GAS request on ch1 but would then try to
respond on ch11 while STA was waiting on ch1.
Signed-off-by: Michal Kazior <michal@plume.com>
IEEE P802.11be/D2.0 added a 4-octet Basic EHT-MCS And Nss Set field into
the EHT Operation element. cfg80211 is now verifying that the EHT
Operation element has large enough payload and that check is failing
with the previous version. This commit does not really set the correct
Basic EHT-MCS And Nss Set values, but the IE length check is now passing
to allow initial mac80211_hwsim testing to succeed.
Signed-off-by: Jouni Malinen <j@w1.fi>
Authentication frames include several fixed body parts (see Table 9-68
(Authentication frame body) and Table 9-69 (Presence of fields and
elements in Authentication frames) in IEEE P802.11-REVme/D2.0).
To be able to parse the IE part, these fields need to be skipped. Since
SAE logic already implements this parsing, change SAE authentication
handling functions to return the offset to the IE part. This preparation
is needed for future MLD patches that need to parse out the ML related
elements in the Authentication frames.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
In case of drivers that offload the 4-way handshake to the driver, there
was no way of updating wpa_supplicant about the transition disable
bitmap received as a part of EAPOL-Key msg 3/4.
With latest provisions in cfg80211_port_authorized(), the TD bitmap can
be sent to the upper layer. Parse that as a part of the port authorized
event and set the transition disable information accordingly.
Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>
Some Wi-Fi SoCs do not ensure unique MAC address for the new virtual
interface. Enforce unique address is used for the created AP interface
similarly to other previously address interface types.
Signed-off-by: Jintao Lin <jintaolin@chromium.org>
Return value of crypto_bignum_to_bin() wasn't always checked, resulting
in potential access to uninitialized values. Fix it, as some analyzers
complain about it.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-off-by: Micha Hashkes <micha.hashkes@intel.com>
Fix an issue that results in TX failures being stored where TX retries
belongs.
Fixes: ad4fa5dd3c ("Add more nl80211 info to struct wpa_signal_info")
Signed-off-by: David Ruth <druth@chromium.org>
k_pad and tk were not cleared in internal HMAC-SHA256 implementation.
Clear them to avoid leaving secret material in temporary stack
variables.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Use more specific status code values to report error cases.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
RSNXE bits were modified, so update the relevant places accordingly.
Please note, WLAN_RSNX_CAPAB_PROT_RANGE_NEG was renamed to
WLAN_RSNX_CAPAB_URNM_MFPR and the bit position is changed to 15 instead
of 10, while BIT 10 is used for WLAN_RSNX_CAPAB_URNM_MFPR_X20 and is not
supported yet.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add the assigned values based on IEEE P802.11-REVme/D2.0. In addition,
sort these definitions in ascending order.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Check the HE membership selector and don't use the BSS
if required but not supported by HW.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add the ability to require HE, advertising that via the
BSS membership selector as well as rejecting association
without HE.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
When AP is started on a DFS channel and DFS is offloaded to the driver,
AP setup will be separated to two stages. In the first stage, hostapd
will set frequency and initialize BSS, then waits the driver CAC to
complete. Once CAC done, in the second stage,
hostapd_setup_interface_complete() will be called again from a callback
to continue AP/channel setup.
But the driver will fail to restart AP if it is disabled/reenabled
during a driver CAC procedure because some steps such as setting
freq/beacon in the first stage are skipped due to cac_started not
cleared when the AP is disabled.
Avoid this by clearing cac_started when the AP is disabled.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Channel width in HE Capabilities element added to management frames is
calculated in hostapd_eid_he_capab() by intersecting the driver
capabilities and the operating channel width. Kernel uses this value
from the Beacon frames to verify EHT capabilities length. However, EHT
MCS length calculation uses only the driver capabilities which results
in EHT AP bring up failure in some cases dues to different lengths.
Modify the EHT code to use the HE operating channel width as well to
determine matching length for the information.
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Add new attributes for the destination MAC address and netdev index in
SCS rule config subcommand.
Signed-off-by: Harsh Kumar Bijlani<quic_hbijlani@quicinc.com>
With an MLD connection the BSSID reported in the association
event is the MLD AP address, while the association state reported
in the scan results relates to the MLD AP specific link. In such a
case do not disconnect.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Define additional association parameters for MLD to be able to indicate
information for all the requested links and fill these into nl80211
attributes.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Set MLO attributes for NL80211_CMD_AUTHENTICATE and make sure that MLD
configuration is preserved between authentication retries.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add the required ML and RNR definitions and report the information in
BSS command.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
The control fields are 16 bit wide. Combine the per byte definitions to
make it more convenient.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Facilitate emitting more station information over D-Bus for use by the
connection manager.
* Add storage for more NL80211_STA_INFO_* fields to data structures, and
move them through the system.
* Reorder NL80211_STA_INFO_* fields in driver_nl80211.c to match the
ordering in nl80211.h.
* Convert signal field to an integer to support holding WPA_INVALID_NOISE
and avoid changing logging.
* Add fields to hostap_sta_driver_data to capture more information
* fcs_error_count
* beacon_loss_count
* expected_throughput
* rx_drop_misc
* rx_mpdus
* rx_hemcs
* tx_hemcs
* rx_he_nss
* tx_he_nss
* avg_signal
* avg_beacon_signal
* avg_ack_signal
* Add struct hostap_sta_driver_data to struct wpa_signal_info and remove
redundant fields and redundant attribute parsing
* Change logging when printing txrate to handle unsigned long
value
Signed-off-by: David Ruth <druth@chromium.org>
Indicate whether the collocated BSS in the RNR is a part of a multiple
BSSID set and whether it is a transmited BSSID.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Send MBSSID and EMA configuration parameters to the kernel.
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Co-developed-by: John Crispin <john@phrozen.org>
Signed-off-by: John Crispin <john@phrozen.org>
As described in IEEE Std 802.11-2020, 11.1.3.8 Multiple BSSID procedure,
set the lowest AID value assigned to any client equal to 2^n, where n is
the maximum BSSID indicator of the MBSSID set.
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Co-developed-by: John Crispin <john@phrozen.org>
Signed-off-by: John Crispin <john@phrozen.org>
Process the Known BSSID elements if included by non-AP stations. The
format is described in IEEE Std 802.11ax-2021, 9.4.2.261.
Non-AP stations may include this element in directed Probe Request
frames to indicate which of the multiple BSSIDs they have already
discovered. AP should exclude these profiles from the Probe Response
frame.
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Add Multiple BSSID Configuration element data per IEEE Std
802.11ax-2021, 9.4.2.260 when enhanced multiple BSSID advertisement
(EMA) is enabled. This element informs the stations about the EMA
profile periodicity of the multiple BSSID set.
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Set extended capabilities as described in IEEE Std 802.11ax-2021,
9.4.2.26. Reset the capability bits to 0 explicitly if MBSSID and/or EMA
is not enabled because otherwise some client devices fail to associate.
Bit 80 (complete list of non-tx profiles) is set for all Probe Response
frames, but for Beacon frames it is set only if EMA is disabled or if
EMA profile periodicity is 1.
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Co-developed-by: John Crispin <john@phrozen.org>
Signed-off-by: John Crispin <john@phrozen.org>
Add helper functions to retrieve the context for the transmitting
interfaces of the MBSSID set and the index of a given BSS.
Set device parameters: BSS index and the transmitting BSS.
Include Multiple BSSID elements in Beacon and Probe Response frames.
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Co-developed-by: John Crispin <john@phrozen.org>
Signed-off-by: John Crispin <john@phrozen.org>
Add data per IEEE Std 802.11-2020, 9.4.2.240. Current implementation is
added for the security and extended supported rates only.
For the Extended rates element, add a new member 'xrates_supported'
which is set to 1 only if hostapd_eid_ext_supp_rates() returns success.
Without this change, there are cases where this function returns before
adding the element for the transmitting interface resulting in incorrect
addition of this element inside the MBSSID Non-Inheritance element.
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Co-developed-by: John Crispin <john@phrozen.org>
Signed-off-by: John Crispin <john@phrozen.org>
Co-developed-by: Sowmiya Sree Elavalagan <quic_ssreeela@quicinc.com>
Signed-off-by: Sowmiya Sree Elavalagan <quic_ssreeela@quicinc.com>
Add Multiple BSSID element data per IEEE Std 802.11ax-2021, 9.4.2.45.
Split the BSSes into multiple elements if the data does not fit in
the 255 bytes allowed for a single element.
Store the total count of elements created and the offset to the start
of each element in the provided buffer.
Set the DTIM periods of non-transmitted profiles equal to the EMA
profile periodicity if those are not a multiple of the latter already as
recommended in IEEE Std 802.11ax-2021, Annex AA (Multiple BSSID
configuration examples).
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Co-developed-by: John Crispin <john@phrozen.org>
Signed-off-by: John Crispin <john@phrozen.org>
When multiple BSSID advertisement feature is enabled in IEEE 802.11ax
mode or later, Beacon frames are not transmitted per interface, instead
only one of the interfaces transmits Beacon frames that include one or
more Multiple BSSID elements with configuration for the remaining
interfaces on the same radio.
Change the existing logic such that all configuration details for all
the interfaces are available while building the Beacon frame template
for the transmitting interface itself.
Do not change the flow for the cases where multiple BSSID advertisement
is not enabled.
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Retrieve driver capabilities for the maximum number of interfaces for
MBSSID and the maximum allowed profile periodicity for enhanced MBSSID
advertisement.
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Add configuration option 'mbssid' used to enable multiple BSSID (MBSSID)
and enhanced multiple BSSID advertisements (EMA) features.
Reject the configuration if any of the BSSes have hidden SSID enabled.
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Co-developed-by: John Crispin <john@phrozen.org>
Signed-off-by: John Crispin <john@phrozen.org>
Add a testing option to delay EAPOL-Key messages 1/4 and 3/4. By setting
delay_eapol_tx=1, the actual EAPOL Tx will occur on the last possible
attempt (wpa_pairwise_update_count) thus all previous attempts will fail
on timeout which is the wanted delay.
In addition, add an hwsim test that uses this testing option to verify
that non protected Robust Action frames are dropped prior to keys
installation in MFP.
Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Include the start of the next EAP method in an EAP Payload TLV in the
same message with the Crypto-Binding TLV for the previous EAP method to
get rid of one roundtrip when using more than a single EAP
authentication method within the tunnel. The previous, not optimized,
sequence can still be used with eap_teap_method_sequence=1 for more
complete testing coverage.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
When using the optimized EAP method sequence within the tunnel, crypto
binding for the previous EAP method can be performed in the same message
with the start of the next EAP method. The Crypto-Binding TLV needs to
be processed before moving to the next EAP method for IMSK to be derived
correctly, so swap the order of these processing steps.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
While RFC 7170 does not describe this, EAP-TEAP has been deployed with
implementations that use the EAP-FAST-MSCHAPv2, instead of the
EAP-MSCHAPv2, way of deriving the MSK for IMSK. Use that design here to
interoperate with other implementations since that seems to be direction
that IETF EMU WG is likely to go with an RFC 7170 update.
This breaks interoperability with earlier hostapd/wpa_supplicant
versions.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
EAP-FAST uses a special variant of EAP-MSHCAPv2 called EAP-FAST-MSCHAPv2
in RFC 5422. The only difference between that and EAP-MSCHAPv2 is in how
the MSK is derived. While this was supposed to be specific to EAP-FAST,
the same design has ended up getting deployed with EAP-TEAP as well.
Move this special handling into EAP-MSCHAPv2 implementation so that it
can be shared for both needs.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
With the UHB enabled, the number of scanned frequencies may exceed
the buffer size. Increase it.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add support to consider EHT rates while calculating the estimated
throughput for scan results.
- The estimated EHT throughput uses the HE 0.8 usec GI rates from the
relevant EHT-MCS tables from IEEE P802.11be/D2.0, 36.5.
- The minimum SNR values for EHT rates (4096-QAM) are derived by adding
the existing minimum SNR values of 1024-QAM rates from HE tables and
the difference between the values of minimum sensitivity levels of
1024-QAM rates and 4096-QAM rates defined in Table 36-67 (Receiver
minimum input level sensitivity) in IEEE P802.11be/D2.0.
Signed-off-by: Ayala Beker <ayala.beker@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
The arguments were swapped. Apparently all the calls to this function
use the same value for both input and output parameters, so it went
unnoticed. Fix it.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This is needed to be able to drop the OpenSSL security level, if
necessary, for cases where old certificates (e.g., something using SHA-1
signatures) are still needed. openssl_ciphers="DEFAULT@SECLEVEL=0" can
achieve this, but only if applied before attempting to load the
certificates.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Even if the use of H2E isn't strictly mandatory when using SAE on 6 GHz,
WPA3-Personal pushes it on 6 GHz. So lets automatically enable it by
setting sae_pwe=2. This will allow both the hunting-and-pecking and
hash-to-element to work (and be backward compatible).
Signed-off-by: Nicolas Escande <nico.escande@gmail.com>
The system may be interested in knowing which bootstrap information
entries are being exercised. This could be used for statistics or
completion signaling to upper application layer outside of hostapd,
along with the public key hash.
Signed-off-by: Michal Kazior <michal@plume.com>
Just like with WPA-PSK and keyids it may be desired to identify
connecting clients to provide additional network filtering.
This does:
- extend DPP_EVENT_AUTH_SUCCESS to expose public
key hash of the peer so the system can pick it
up and use for identification later
- store public key hash in PMKSA from DPP Network
Intro for later use
- extend sta mib to print out the dpp_pkhash
from PMKSA if present
- extend AP_STA_CONNECTED to include the
dpp_pkhash from PMKSA if present
Signed-off-by: Michal Kazior <michal@plume.com>
This event is generated in a couple of places. It'll be easier to extend
the event with additional metadata if it's generated in a single place.
Signed-off-by: Michal Kazior <michal@plume.com>
When considering a channel for a bandwidth of 40/80/160 MHZ on the 5 GHz
or 6 GHz band, allow selecting one of the other channels in the segment
instead of the first one. This is done only if the other channel's
interference_factor is lower than the first one's.
Signed-off-by: Nicolas Escande <nico.escande@gmail.com>
When using 40/80/160 MHz bandwidth on the 5 GHz or 6 GHz band, enforce
the secondary channel to be the other channel of the corresponding 40
MHz segment.
Even if this is useless for now, this is preparatory work to allow ACS
to select a primary channel which is not the first of its segment.
Signed-off-by: Nicolas Escande <nico.escande@gmail.com>
When using 40/80/160 MHz bandwidth, instead of computing the index of
the segment center freq based on the selected channel, lets look it up
in the bw_desc[] table.
This is preparative work to allow selecting a primary channel which is
not the first of the segment.
Signed-off-by: Nicolas Escande <nico.escande@gmail.com>
This extracts the 3 lists of allowed channels for 40/80/160 MHz
bandwidth out of their respective functions. It also adds for each
segment the frequency of the segment's last channel and the index of the
segment's "center" channel.
This is preparative work to allow selecting a channel which is not the
first of its segment for 40/80/160 MHz. In addition, this adds the 5 GHz
160 MHz channel defined for 5735-5895 MHz (channels 149-177).
Signed-off-by: Nicolas Escande <nico.escande@gmail.com>
Instead of opening a new TCP connection for each received Presence
Announcement from the same Enrollee from the Relay to the Controller,
use an existing connection if it is still waiting for Authentication
Response. This avoids opening multiple parallel sessions between the
same Controller and Enrollee.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
If wpa_supplicant receives a duplicate DPP chirp over a TCP connection
this causes the connection (and all of its state) to be torn down.
Such a tear-down means that the authentication request state is discarded.
That in turn will cause any otherwise valid authentication response
to not succeed.
This commit addresses that problem. It also does not attempt to check
for duplicates until at least we know that we have an appropriate hash.
Signed-off-by: Eliot Lear <lear@lear.ch>
Add a callback handler to notify details of a PMKSA cache entry when it
is added to the PMKSA cache. This can be used to provide external
components more convenient access to the PMKSA cache contents.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
When using multiple BSSes on a single radio, it is sometimes desirable
to reconfigure one BSS, without disconnecting the stations already
connected to other BSSes on the same radio.
When a BSS is reconfigured using the SET command, there is no "old"
configuration we can compare to (so we cannot compare a hash of the
configuration for example).
One possible solution would be to make the current RELOAD command
reload only the current BSS. However, that could break the workflow of
existing users. Instead, introduce a new RELOAD_BSS command, which
reloads only the current BSS.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
In hostapd_clear_old() multiple steps are needed to clear a BSS.
There are some places where it would be desirable to clear only some
BSSes and not all.
To make it easier to clear only some BSSes, split hostapd_clear_old()
with hostapd_clear_old_bss(), which does the same actions but on a
single BSS.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
When using MAC randomization wpa_supplicant can change the local MAC
address during roaming scenario:
1. We attach to AP1 (with MAC1/SSID1).
2. Roaming to AP2 (with MAC2/SSID2) is started:
a) we send DEAUTH(for AP1, with MAC1)
b) we change MAC to MAC2 due to randomization
c) we start authentication for AP2
d) we get notification about DEAUTH for AP1 (which we ignore)
e) we complete association with AP2
In point 2d we completely ignore the notification which later causes
problems. This happens if the deauthentication event is generated by the
local driver (e.g., due to beacon loss) instead of AP2 sending an
explicit Deauthentication frame.
The intended behavior is as follows: during roaming we generate DEAUTH
(2a) and signal this event right away. To protect from handling of our
own DEAUTH for the 2nd time supplicant marks 'ignore_next_local_deauth'
variable. In point 2d we should receive this notification and clear the
flag but this does not happen because MAC1 in the notification is not
the current MAC address (it has been changed in 2b) so this notification
is ignored as a one with a "foreign" address.
So we end up successfully at AP2 but with 'ignore_next_local_deauth'
still set which causes problems. For example if AP2 shuts down it has
been observed on some drivers that the DEAUTH notification is generated
as a local one and since we have flag to ignore it nothing is reported
over D-Bus.
To address the problem let's store the previously used MAC address and
use it for checking for foreign address (in combination with the current
one).
Signed-off-by: Andrzej Ostruszka <amo@semihalf.com>
This is a step in separating RSN and WPA(v1) processing of EAPOL-Key
frames into separate functions. This allows the implementation to be
simplified and potentially allows the validation rules to be made
stricter more easily. This is also a step towards allowing WPA(v1)
functionality to be removed from the build in the future.
Signed-off-by: Jouni Malinen <j@w1.fi>
The default provider is being loaded here explicitly only because
OSSL_PROVIDER_load() disables the fallback provider loading (on either
success or failure). If the legacy provider fails to load, which it may
in some configurations, it will never load the default provider.
Just use the formulation which attempts to load without changing the
fallback behavior.
"default" will still be/only be loaded if no other provider (notably
FIPS) is loaded to provide algorithms.
Signed-off-by: Norman Hamer <nhamer@absolute.com>
DES and RC4 are not allowed in such builds, so comment out des_encrypt()
and rc4_skip() from the build to force compile time failures for cases
that cannot be supported instead of failing the operations at runtime.
This makes it easier to detect and fix accidental cases where DES/RC4
could still be used in some older protocols.
Signed-off-by: Norman Hamer <nhamer@absolute.com>
