If a DPP_STOP_LISTEN call happens to be received when there is a pending
gas-query radio work that has not yet been started, it was possible for
gas_query_stop() to go through gas_query_done() processing with
gas->work == NULL and that ended up with the pending GAS query getting
freed without removing the pending radio work that hold a reference to
the now freed memory. Fix this by removing the pending non-started radio
work for the GAS query in this specific corner case.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Wait for the configuration exchange to complete before issuing the
DPP_STOP_LISTEN command to avoid confusing sequence of operation between
the ongoing and immediately following DPP exchanges.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add support for wpa_supplicant to try to initiate PKEX on 5 GHz and 60
GHz bands in addition to the previously available 2.4 GHz case. If no
response from a peer device is seen on the 2.4 GHz band (channel 6) for
the five attempts, try the other PKEX channels (5 GHz channels 44 and
149; and 60 GHz channel 2) if they are supported and allowed for
initiating radiation.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Fix bssid2 value to make scanning more reliable for the second OWE BSS.
In addition, reorder the STA status checks to happen before the data
connectivity check to get more accurate failure reason into the log if
the test case fails.
Signed-off-by: Jouni Malinen <j@w1.fi>
Check for the fi parameter to be non-NULL before trying to fetch the
ssi_signal information similarly to how the fi->freq was already
handled. While the meta information is supposed to be available, it
looks like there is at least one corner case where fi == NULL could be
used (Authentication frame reprocessing after RADIUS-based ACL).
Signed-off-by: Jouni Malinen <j@w1.fi>
Reject SAE association request when PMKID is included in the RSNE, but
the corresponding PMKSA is not available in the AP.
Signed-off-by: Ashok Ponnaiah <aponnaia@codeaurora.org>
Define a new QCA vendor sub command for configuring the device with wifi
test configuration. Add new test config attributes for this sub command
that are used to configure the device for testbed configuration.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Previously, wpa_supplicant set PMF as optional for the DPP AKM since
there was no clear statement about this requirement in the tech spec.
Now that this requirement has been added, update the implementation to
match. In addition, set ssid->ieee80211w using the actual enum
mfp_options values instead of magic constants to make this a bit more
readable.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This function is used to process a (Re)Association Request frame, so
rename it appropriately to mention assoc_req instead of auth_req.
Signed-off-by: Ashok Ponnaiah <aponnaia@codeaurora.org>
Verify that the STA has ECDH data available before trying to use this
data to add the OWE DH Params element.
Signed-off-by: Ashok Ponnaiah <aponnaia@codeaurora.org>
This was already the case with the hostapd-based SME/MLME
implementation, but the OWE DH Param element construction for the
driver-based SME/MLME needed a matching change to set the group
properly.
Signed-off-by: Ashok Ponnaiah <aponnaia@codeaurora.org>
For FT-PSK sm->xxkey was populated with only the first password on the
linked list (i.e., last matching password in the wpa_psk_file) in
INITPSK. This caused only that password to be recognized and accepted.
All other passwords were not verified properly and subsequently
prevented clients from connecting.
Hostapd would report:
Jan 30 12:55:44 hostapd: ap0: STA xx:xx:xx:xx:xx:xx WPA: sending 1/4 msg of 4-Way Handshake
Jan 30 12:55:44 hostapd: ap0: STA xx:xx:xx:xx:xx:xx WPA: received EAPOL-Key frame (2/4 Pairwise)
Jan 30 12:55:44 hostapd: ap0: STA xx:xx:xx:xx:xx:xx WPA: invalid MIC in msg 2/4 of 4-Way Handshake
Jan 30 12:55:45 hostapd: ap0: STA xx:xx:xx:xx:xx:xx WPA: EAPOL-Key timeout
Signed-off-by: Michal Kazior <michal@plumewifi.com>
If the -I<config> argument is used and the referenced configuration file
cannot be parsed, wpa_config_read() ended up freeing the main
configuration data structure and that resulted in use of freed memory in
such an error case. Fix this by not freeing the main config data and
handling the error case in the caller.
Signed-off-by: Jouni Malinen <j@w1.fi>
If option -I:config points to a non-existing file, the the previously
allocated config must not be freed. Avoid use of freed memory in such an
error case by skipping the incorrect freeing operation.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Linux kernel commit c9491367b759 ("mac80211: always update the PM state
of a peer on MGMT / DATA frames") enforces the AP to check only
mgmt/data frames PM bit, and to update station's power save accordingly.
When sending only a PS-Poll (control frame) the AP will ignore the PM
bit. As the result, the partial virtual bitmap will not be updated, and
the test ap_open_disconnect_in_ps will fail on tshark check. Since the
test needs only the TIM to be updated, setting PS enabled will send NDP
that will signal that the station is sleeping. Sending PS-Poll to enable
power save is not correct, according to the following standard
statement: "A PS-Poll frame exchange does not necessarily result in an
Ack frame from the AP, so a non-AP STA cannot change power management
mode using a PS-Poll frame."
Signed-off-by: Adiel Aloni <adiel.aloni@intel.com>
The special case of returning from wpa_supplicant_set_suites() when OWE
transition mode profile is used for an open association did not clear
the wpa_ie buffer length properly. This resulted in trying to use
corrupted IEs in the association request and failed association
(cfg80211 rejects the request or if the request were to go out, the AP
would likely reject it).
Signed-off-by: Jouni Malinen <j@w1.fi>
This functionality can be used regardless of P2P and should not be under
the ifdef of CONFIG_P2P.
Signed-off-by: Simon Dinkin <simon.dinkin@tandemg.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
The blocking timeout of this function was changed from 2 seconds to 10
seconds in this commit 1480633f ("Use longer timeout in
wpa_ctrl_request()"), but the description was never changed accordingly.
Signed-off-by: Simon Dinkin <simon.dinkin@tandemg.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Use the preprocessor conditional "ifdef" instead of "if" before
CONFIG_TESTING_OPTIONS to prevent an issue on build systems that treat
undefined preprocessor identifiers as an error.
Signed-off-by: David Messer <david.messer@garmin.com>
This was supposed to be an array of const-pointers to const-char; not
something duplicating const for char and resulting in compiler warnings
with more recent gcc versions.
Signed-off-by: Jouni Malinen <j@w1.fi>
Extend the SME functionality to support the external authentication.
External authentication may be used by the drivers that do not define
separate commands for authentication and association
(~WPA_DRIVER_FLAGS_SME) but rely on wpa_supplicant's SME for the
authentication.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This does not really work with mac80211_hwsim due to missing offload
support, but at least some minimal extra code coverage can be achieved.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This netlink socket handle owns the connect request and is further used
by the host driver/kernel to request for the external authentication.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This command/event interface can be used by host drivers that do not
define separate commands for authentication and association but rely on
wpa_supplicant for the authentication (SAE) processing.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add new QCA vendor commands and attributes to get thermal information
and send thermal shutdown related commands. Indicates the driver to
enter the power saving mode or resume from the power saving mode based
on the given temperature and thresholds.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
If a matching PMKSA cache entry is present for an OWE client, use it and
do not go through DH while processing Association Rquest frame.
Association Response frame will identify the PMKID in such a case and DH
parameters won't be present.
Signed-off-by: Ashok Ponnaiah <aponnaia@codeaurora.org>
Handle OWE unsupported finite cyclic group in (Re)Association Request
frame when not using the hostapd SME/MLME.
Signed-off-by: Ashok Ponnaiah <aponnaia@codeaurora.org>
This makes it a bit clearer to see which parameters need to be modified
if the test vector needs to be recreated based on new values.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add additional NDP attributes and NDP subcommand value which is
provided as part of schedule update indication from driver/firmware
to HAL.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Send Public Action frames with wildcard BSSID when destination was
broadcast address. This is required for DPP PKEX where the recipients
may drop the frames received with different BSSID than the wildcard
address or the current BSSID.
Signed-off-by: Ashok Ponnaiah <aponnaia@codeaurora.org>
The y coordinates for some of these PKEX role-specific points were
changed in the PKEX specification, so update the implementation to
match.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This allow MSDU queue depth threshold in target to be set per peer per
TID. This command contains MAC address, TID, update mask, and threshold
values.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
FILS capability bit setting could have ended up setting boths biths 72
(correct) and 64 (incorrect; part of Max Number of MSDUs In A-MSDU). Fix
this by adding the missing break to the switch statement.
Fixed: f55acd909e ("FILS: Set FILS Capability bit in management frames from AP")
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows a separate configuration parameter (imsi_identity) to be
used in EAP-SIM/AKA/AKA' profiles to override the identity used in MK
derivation for the case where the identity is expected to be from the
last AT_IDENTITY attribute (or EAP-Response/Identity if AT_IDENTITY was
not used). This may be needed to avoid sending out an unprotected
permanent identity information over-the-air and if the EAP-SIM/AKA
server ends up using a value based on the real IMSI during the internal
key derivation operation (that does not expose the data to others).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>