Commit graph

14656 commits

Author SHA1 Message Date
Vamsi Krishna
ae21cffb2c Add QCA vendor command to support beacon reporting feature
Add a QCA vendor sub command QCA_NL80211_VENDOR_SUBCMD_BEACON_REPORTING
to implement beacon reporting feature. Different operations required to
implement this feature can be specified in
QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_OP_TYPE.

Userspace requests the driver/firmware to periodically report received
Beacon frames whose BSSID matches the current connected BSS's MAC
address. If userspace requests the driver/firmware to send beacon
reports actively, the driver encapsulates the details of the beacon in
an event and sends it to userspace asynchronously. Otherwise, the driver
will only update the beacon in cfg80211 scan cache but will not send any
event to userspace.

If this command is not issued, the current behavior of the
driver/firmware is to update the cfg80211 scan cache only when there is
a scan issued by the host in progress or whenever there is a change in
IEs of the Beacon frames from the current connected BSS.

The userspace requests the driver/firmware to stop reporting beacons
when reporting is not required anymore. If the driver/firmware is not
able to receive Beacon frames because of other Wi-Fi operations such as
off-channel activities, etc., the driver/firmware sends a pause event to
userspace and stops reporting Beacon frames. The driver/firmware
indicates whether the beacon reporting automatically resumes later by
using the QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_AUTO_RESUMES flag. If
userspace doesn't want the beacon reporting to be resumed automatically,
userspace can send QCA_WLAN_VENDOR_BEACON_REPORTING_OP_STOP command to
the driver to stop beacon reporting.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-02 15:08:31 +03:00
Toke Høiland-Jørgensen
ef7217518b hostapd: Add airtime policy configuration support
This adds support to hostapd for configuring airtime policy settings for
stations as they connect to the access point. This is the userspace
component of the airtime policy enforcement system PoliFi described in
this paper: https://arxiv.org/abs/1902.03439

The Linux kernel part has been merged into mac80211 for the 5.1 dev
cycle.

The configuration mechanism has three modes: Static, dynamic and limit.
In static mode, weights can be set in the configuration file for
individual MAC addresses, which will be applied when the configured
stations connect.

In dynamic mode, weights are instead set per BSS, which will be scaled
by the number of active stations on that BSS, achieving the desired
aggregate weighing between the configured BSSes. Limit mode works like
dynamic mode, except that any BSS *not* marked as 'limited' is allowed
to exceed its configured share if a per-station fairness share would
assign more airtime to that BSS. See the paper for details on these
modes.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2019-05-02 14:57:43 +03:00
Toke Høiland-Jørgensen
6720b9482f nl80211: Station airtime weight configuration
This provides a mechanism for configuring per-STA airtime weight for
airtime policy configuration.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2019-05-02 13:28:17 +03:00
Toke Høiland-Jørgensen
58d4c23615 nl80211: Fetch STA TX/RX duration statistics
This makes per-STA TX/RX duration statistics available for airtime policy
configuration.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2019-04-30 12:34:58 +03:00
Toke Høiland-Jørgensen
1d6f63854e nl80211: Fetch STA TXQ backlog statistics
This makes per-STA TXQ backlog statistics available for airtime policy
configuration.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2019-04-30 12:34:58 +03:00
David Woodhouse
6326fa0c40 Fix ENGINE support with OpenSSL 1.1+
Commit 373c796948 ("OpenSSL: Fix compile with OpenSSL 1.1.0 and
deprecated APIs") removed a call to ENGINE_load_dynamic() for newer
versions of OpenSSL, asserting that it should happen automatically.

That appears not to be the case, and loading engines now fails because
the dynamic engine isn't present.

Fix it by calling ENGINE_load_builtin_engines(), which works for all
versions of OpenSSL. Also remove the call to ERR_load_ENGINE_strings()
because that should have happened when SSL_load_error_strings() is
called anyway.

Fixes: 373c796948 ("OpenSSL: Fix compile with OpenSSL 1.1.0 and deprecated APIs")
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2019-04-30 12:10:40 +03:00
Jouni Malinen
099224c18e nl80211: Simplify if_indices tracking
Maintain a single array (of struct with two int variables) instead of
two independent arrays (of int) for tracking know ifindexes and reasons
for having added them. The previous implementation tried to maintain two
independent arrays even though they were always required to be of
exactly same length and order. That had resulted in a bug earlier and
the code was not exactly easy to understand either, so replace this with
a single array.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-28 21:05:54 +03:00
Jouni Malinen
e6ca2f1139 nl80211: Fix handling of if_indices reallocation failure
Addition of a separate if_indices_reason array broke reallocation
failure checking. drv->if_indices or drv->if_indices_reason could not be
NULL in the place where this check was moved to. Fix that by maintaining
knowledge of reallocation failure in a separate local variable.

Fixes: 732b1d20ec ("nl80211: Clean up ifidx properly if interface in a bridge is removed")
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-28 20:52:10 +03:00
Jouni Malinen
b93a0ce7bd DPP2: Check conn->ctrl more consistently
There is no point in checking this pointer against NULL after it has
been dereferenced. Move the check to the beginning of the function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-28 20:28:46 +03:00
Jouni Malinen
d42df8d6ce Fix a regression in storing of external_auth SSID/BSSID
An earlier change in drivers_ops API for struct external_auth broke the
way SSID and BSSID for an external authentication request were stored.
The implementation depended on the memory array being available in the
API struct with a use of memcpy() to copy the full structure even though
when only SSID and BSSID was needed. Fix this by replacing that
easy-to-break storing mechanism with explicit arrays for the exact set
of needed information.

Fixes: dd1a8cef4c ("Remove unnecessary copying of SSID and BSSID for external_auth")
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-28 16:24:32 +03:00
Jouni Malinen
9ff2b85e73 tests: FT-EAP and PMKSA caching for initial mobility domain association
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-28 16:07:22 +03:00
Jouni Malinen
9083ef1355 FT: Allow PMKSA caching to be enabled with FT-EAP
The new wpa_supplicant network profile configuration parameter
ft_eap_pmksa_caching=1 can be used to enable use of PMKSA caching with
FT-EAP for FT initial mobility domain association. This is still
disabled by default (i.e., maintaining previous behavior) to avoid
likely interoperability issues.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-28 16:01:45 +03:00
Jouni Malinen
a7b7ce82f4 FT: Allow cached XXKey/MPMK to be used if new XXKey is not available
This allows authenticator side to complete FT initial mobility domain
association using FT-EAP with PMKSA caching.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-28 15:52:43 +03:00
Jouni Malinen
64f4809371 FT: Store XXKey/MPMK in PMKSA cache instead of MSK (authenticator)
When completing FT initial mobility domain association with EAP, store
XXKey/MPMK in the PMKSA cache instead of MSK. The previously stored MSK
was of no use since it could not be used as the XXKey for another FT
initial mobility domain association using PMKSA caching.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-28 15:52:08 +03:00
Jouni Malinen
0c46b1a516 FT: Allow cached XXKey/MPMK to be used if new XXKey is not available
This allows supplicant side to complete FT initial mobility domain
association using FT-EAP with PMKSA caching.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-28 15:50:51 +03:00
Jouni Malinen
16c511449d FT: Store XXKey/MPMK in PMKSA cache instead of MSK (supplicant)
When completing FT initial mobility domain association with EAP, store
XXKey/MPMK in the PMKSA cache instead of MSK. The previously stored MSK
was of no use since it could not be used as the XXKey for another FT
initial mobility domain association using PMKSA caching.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-28 15:48:58 +03:00
Jouni Malinen
e0e15fc236 Remove unused crypto_bignum_bits()
This wrapper function is not needed anymore.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-26 17:43:45 +03:00
Jouni Malinen
fbd671acb5 tests: Update SAE local error tests to match implementation
The change to use a shared dragonfly_generate_scalar() helper function
resulted in failures in sae_no_random and sae_bignum_failure test cases
due to renamed functions and removed uses.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-26 17:36:27 +03:00
Jouni Malinen
73338db029 Share common SAE and EAP-pwd functionality: own scalar generation
Use a shared helper function for deriving rand, mask, and own scalar.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-26 17:33:44 +03:00
Jouni Malinen
c3805fb623 Ignore channel switch event if AP interface is not yet ready
It is apparently possible to somehow trigger the driver to report a
channel switch event during ACS operation when the interface information
is not yet complete. hapd->iface->current_mode could be NULL in that
case and that would result in process termination due to NULL pointer
dereference.

It should not really be possible to trigger a channel switch during ACS
is running (i.e., before the AP mode operation has been started), but
since that has been seen in an arbitrary test sequence with interface
start/stop operations with various parameters (both valid and invalid),
better prevent a crash here by ignoring the unexpected event instead of
trying to process it.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-26 16:24:31 +03:00
Jouni Malinen
eb314e8af2 Verify that channel info is available in hostapd_hw_get_channel()
Unexpected CHAN_SWITCH command could get this function using a NULL
pointer if the channel switch was requested while the interface was
already disabled.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-26 16:17:59 +03:00
Jouni Malinen
b9058266f0 Clear cached extended_capa pointers on hapd_deinit() call
driver->hapd_deinit() is going to free the memory that the cached
pointers are pointing to, so clear the pointers to avoid possibility of
dereferencing used memory. It seemed to be possible to hit a code path
using those fields by issuing a CHAN_SWITCH command on disabled hostapd
interface in some cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-26 16:15:15 +03:00
Jouni Malinen
c48f44e17c tests: ieee80211ax=1 in hostapd STATUS
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-26 15:08:10 +03:00
Hu Wang
6afde52a78 Indicate ieee80211ax configuration in hostapd STATUS output
This adds a ieee80211ax=0/1 line to the STATUS output to indicate
the configuration of ieee80211ax, which similar to ieee80211n and
ieee80211ac.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-26 15:06:30 +03:00
Jouni Malinen
71da22b94b tests: Initial and still very minimal HE testing
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-26 00:18:52 +03:00
Jouni Malinen
b1664c8e4f HE: Fix he_bss_color documentation
This field needs to be set to a value within 1-63 range, i.e., 0 is not
a valid value and does not indicate that BSS color is disabled. B7 of
the BSS Color octet is used to indicate that the BSS Color is
_temporarily_ disabled, but that is something that would happen
automatically based on detecting a collision in the used BSS colors and
not something that would be configured.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-26 00:12:53 +03:00
Jouni Malinen
e6f9eab90e HE: Fix HE Operation element byte order on bigendian CPUs
The first four octets of the element were used as a host byte order u32.
That is not correct on bigendian CPUs, so handle byte swapping needs
properly. Mark the he_oper_params field as le32 to explicitly indicate
the byte order and swap the generated params content based on CPU byte
order.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 23:57:47 +03:00
John Crispin
3869c159d9 HE: Fix HE operation field size
The current code will always use the size required when all optional
elements are present. This will cause the Linux kernel to consider the
field to be malformed if the elements are not actually flagged as being
present.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-04-25 23:51:04 +03:00
Jouni Malinen
a5dbddbf03 tests: Update SAE local error tests to match implementation
The change to use shared dragonfly_get_random_qr_qnr() and
dragonfly_get_rand_1_to_p_1() helper functions resulted in failures in
sae_no_random and sae_bignum_failure test cases due to renamed functions
and removed uses.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 23:49:49 +03:00
Jouni Malinen
17749e948a Share common SAE and EAP-pwd functionality: is_quadratic_residue
Use a shared helper function for the blinded mechanism of determining
the Legendre symbol.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 23:49:49 +03:00
Jouni Malinen
a9615b1b88 Share common SAE and EAP-pwd functionality: random 1..p-1 creation
Use a shared helper function to create a random value in 1..p-1 range
for is_quadratic_residue().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 23:49:49 +03:00
Jouni Malinen
6c9543fcb7 Share common SAE and EAP-pwd functionality: random qr/qnr creation
Use a shared helper function to create random qr/qnr values.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 23:49:49 +03:00
Jouni Malinen
2b84ca4dd9 Share common SAE and EAP-pwd functionality: suitable groups
Start sharing common SAE and EAP-pwd functionality by adding a new
source code file that can be included into both. This first step is
bringing in a shared function to check whether a group is suitable.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 23:49:49 +03:00
Jouni Malinen
ff229da309 Share a single buf_shift_right() implementation
Move the identical function used by both SAE and EAP-pwd to
src/utils/common.c to avoid duplicated implementation.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 23:49:43 +03:00
Jouni Malinen
1e237903f5 OpenSSL: Use BN_bn2binpad() or BN_bn2bin_padded() if available
This converts crypto_bignum_to_bin() to use the OpenSSL/BoringSSL
functions BN_bn2binpad()/BN_bn2bin_padded(), when available, to avoid
differences in runtime and memory access patterns depending on the
leading bytes of the BIGNUM value.

OpenSSL 1.0.2 and LibreSSL do not include such functions, so those cases
are still using the previous implementation where the BN_num_bytes()
call may result in different memory access pattern.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 19:24:32 +03:00
Jouni Malinen
7958223fdc EAP-pwd: Use const_time_memcmp() for pwd_value >= prime comparison
This reduces timing and memory access pattern differences for an
operation that could depend on the used password.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 19:07:05 +03:00
Jouni Malinen
8e14b030e5 SAE: Use const_time_memcmp() for pwd_value >= prime comparison
This reduces timing and memory access pattern differences for an
operation that could depend on the used password.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 18:52:34 +03:00
John Crispin
2ec71488b5 HE: Add Spatial Reuse Parameter Set element to the Beacon frames
SPR allows us to detect OBSS overlaps and allows us to do adaptive CCA
thresholds. For this to work the AP needs to broadcast the element
first.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-04-25 12:15:36 +03:00
John Crispin
2fde3caa3a HE: Properly populate Beacon template prior to sending it to the kernel
Properly populate the the HE Capabilities element with the info read
from the kernel.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-04-25 12:00:51 +03:00
John Crispin
7cac255632 HE: Fix Operation Parameters order
According to P802.11ax/D4.0 9.4.2.238 (HE Operation element) the BSS
Color Information field is located after the HE Operation Parameters
field. Fix the ordering of the bit masks/offsets for fields in these 3+1
octets used as a single 32-bit value. With these changes, Wireshark 3.2
is able to properly parse and display Beacon frames.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-04-25 11:55:39 +03:00
John Crispin
83f30fabe3 HE: Disable TXOP duration-based RTS if he_rts_threshold is not set
IEEE P802.11ax/D4.0 9.4.2.243 "HE Operation element" indicates that the
special value 1023 in the TXOP Duration RTS Threshold field is used to
indicate that TXOP duration-based RTS is disabled. Use that value as the
default instead of the previously used value 0 which would really mean
threshold of 0 usec. Furthermore, the previous implementation did not
allow values larger than 255 to be used for this field while the field
is actually 10 bits in size.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-04-25 11:43:59 +03:00
John Crispin
5b3940d0c2 nl80211: Add driver HE capabilities parsing support
Add code to parse NL80211_BAND_ATTR_IFTYPE_DATA when reading the band
info. This is needed to find out about the local HE capabilities in AP
mode.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-04-25 11:43:59 +03:00
Jouni Malinen
1b90aae929 nl80211: Remove QCA vendor specific HE capability handling
The QCA_NL80211_VENDOR_SUBCMD_GET_HE_CAPABILITIES attributes are not
up-to-date with the latest P802.11ax/D4.0 capabilities and would need to
be updated or replaced. Since the variables from this functionality were
not used for anything in practice, it is easier to simply remove this
functionality completely to avoid issues with upcoming updates to use
upstream nl80211 information to determine HE capabilities.

This is practically reverting the commit ca1ab9db2a ("hostapd: Get
vendor HE capabilities").

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 11:43:59 +03:00
Jouni Malinen
64c20a831f tests: Channel switch started/completed events
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-22 22:08:07 +03:00
Omer Dagan
fa335929b7 wpa_cli: Make CTRL-EVENT-CHANNEL-SWITCH available to action scripts
Signed-off-by: Omer Dagan <omer.dagan@tandemg.com>
2019-04-22 22:08:07 +03:00
Omer Dagan
95f556f3c7 Make channel switch started event available over control interface
This makes it easier to upper layer components to manage operating
channels in cases where the same radio is shared for both station and AP
mode virtual interfaces.

Signed-off-by: Omer Dagan <omer.dagan@tandemg.com>
2019-04-22 22:08:07 +03:00
Alex Khouderchah
9c95124418 Add 802.11 status code strings
Logs involving IEEE 802.11 Status Codes output the Status Code value,
but do not provide any explanation of what the value means. This change
provides a terse explanation of each status code using the latter part
of the Status Code #define names.

Signed-off-by: Alex Khouderchah <akhouderchah@chromium.org>
2019-04-22 22:08:07 +03:00
Jouni Malinen
4be17ffbd9 Replace int status/reason_code with u16 variable
These cases are for the IEEE 802.11 Status Code and Reason Code and
those fields are unsigned 16 bit values, so use the more appropriate
type consistently. This is mainly to document the uses and to make the
source code easier to understand.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-22 22:08:07 +03:00
Alex Khouderchah
cfde99a84b Add 802.11 reason code strings into wpa_supplicant messages
Logs involving IEEE 802.11 Reason Codes output the Reason Code value,
but do not provide any explanation of what the value means. This change
provides a terse explanation of each Reason Code using the latter part
of the reason code #define names.

Signed-off-by: Alex Khouderchah <akhouderchah@chromium.org>
2019-04-22 22:08:05 +03:00
Jouni Malinen
5fbefcc64b tests: DPP over TCP using Controller/Relay
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-22 21:08:59 +03:00