Commit graph

16088 commits

Author SHA1 Message Date
Jouni Malinen
5058f771d9 DPP2: Allow station to require or not allow PFS
The new wpa_supplicant network profile parameter dpp_pfs can be used to
specify how PFS is applied to associations. The default behavior
(dpp_pfs=0) remains same as it was previously, i.e., try to use PFS if
the AP supports it. PFS use can now be required (dpp_pfs=1) or disabled
(dpp_pfs=2).

This is also working around an interoperability issue of DPP R2 STA with
certain hostapd builds that included both OWE and DPP functionality.
That issue was introduced by commit 09368515d1 ("OWE: Process
Diffie-Hellman Parameter element in AP mode") and removed by commit
16a4e931f0 ("OWE: Allow Diffie-Hellman Parameter element to be
included with DPP"). hostapd builds between those two commits would
reject DPP association attempt with PFS. The new wpa_supplicant default
(dpp_pfs=0) behavior is to automatically try to connect again with PFS
disabled if that happens.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-28 17:23:22 +02:00
Jouni Malinen
7c021dec3a DPP2: Allow AP to require or reject PFS
The new hostapd configuration parameter dpp_pfs can be used to specify
how PFS is applied to associations. The default behavior (dpp_pfs=0)
remains same as it was previously, i.e., allow the station to decide
whether to use PFS. PFS use can now be required (dpp_pfs=1) or rejected
(dpp_pfs=2).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-28 12:33:48 +02:00
Jouni Malinen
ca57d5f553 Return an enum from wpa_validate_wpa_ie()
This is more specific then returning a generic int and also allows the
compiler to do more checks.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-28 12:30:46 +02:00
Sathishkumar Muruganandam
2b4f9ce287 hostapd: Add HE bit in BSSID Information field of own Neighbor Report
Add definition for HE bit in neighbor report BSSID Information field
from IEEE P802.11ax/D6.0, 9.4.2.36 Neighbor Report element.

Signed-off-by: Sathishkumar Muruganandam <murugana@codeaurora.org>
2020-03-27 23:52:24 +02:00
Jouni Malinen
a3eda98c22 tests: Skip background scans in beacon loss tests
bgscan_learn_beacon_loss was failing quite frequently and it looks like
the background scans were related to those failures. Since those scans
are not really relevant to testing beacon loss, get rid of them in these
test cases to avoid incorrect failures.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-27 21:05:44 +02:00
Jouni Malinen
ef46f143bc tests: dpp_controller_rx_failure to match implementation changes
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-27 20:05:25 +02:00
Jouni Malinen
80d0e50dc5 DPP2: Use a helper function for encapsulating TCP message
This functionality was repeated for multiple different frames. Use a
shared helper function to avoid such duplication.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-27 20:05:25 +02:00
Jouni Malinen
f1732b4d1a tests: DPP chirping
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-27 20:05:25 +02:00
Jouni Malinen
fa5143feb3 DPP2: Presence Announcement processing in Controller
Process the received Presence Announcement frames in Controller. If a
matching bootstrapping entry for the peer is found, initiate DPP
authentication to complete provisioning of the Enrollee.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-27 20:05:25 +02:00
Jouni Malinen
db1ef82538 DPP2: Presence Announcement processing in AP/Relay
Process the received Presence Announcement frames in AP/Relay. If a
matching bootstrapping entry for the peer is found in a local
Configurator, that Configurator is used. Otherwise, the frame is relayed
to the first configured Controller (if available).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-27 20:05:25 +02:00
Jouni Malinen
06dd32903d DPP2: Presence Announcement processing at Configurator
Process received Presence Announcement frames and initiate
Authentication exchange if matching information is available on the
Configurator.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-27 20:05:25 +02:00
Jouni Malinen
6f5bc15bec DPP2: Configurator Connectivity indication
Add a new hostapd configuration parameter
dpp_configurator_connectivity=1 to request Configurator connectivity to
be advertised for chirping Enrollees.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-27 20:05:25 +02:00
Jouni Malinen
562f77144c DPP2: Chirping in wpa_supplicant Enrollee
Add a new wpa_supplicant control interface command "DPP_CHIRP own=<BI
ID> iter=<count>" to request chirping, i.e., sending of Presence
Announcement frames, to be started.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-27 20:05:25 +02:00
Jouni Malinen
1f0226770c DPP2: Add a helper function for building Presence Announcement frame
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-27 17:44:06 +02:00
Jouni Malinen
7cba35b0ed DPP2: New identifier definitions
Add new identifier definitions for presence announcement,
reconfiguration, and certificate enrollment.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-27 17:44:06 +02:00
Jouni Malinen
547dc7eaa3 DPP: Add DPP_BOOTSTRAP_SET command
"DPP_BOOTSTRAP_SET <ID> <configurator parameters..>" can now be used to
set peer specific configurator parameters which will override any global
parameters from dpp_configurator_params.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-27 17:44:06 +02:00
Jouni Malinen
804fc268af DPP: Allow per-peer configurator parameters to be set
This is a more convenient way of addressing cases where a
Configurator/Controller may store a large number of peer bootstrapping
information instances and may need to manage different configuration
parameters for each peer while operating as the Responder.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-27 17:44:06 +02:00
Jouni Malinen
514cc49ba5 DPP: Store global pointers in struct dpp_authentication
Set the global pointer and msg_ctx when allocating struct
dpp_authentication instead of needing to pass these to
dpp_set_configurator().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-27 17:44:06 +02:00
Jouni Malinen
bc95d58330 Fix a typo in function documentation
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-27 12:43:28 +02:00
Jouni Malinen
b7275a8142 Update STA flags to the driver immediately on disconnection
hostapd (and wpa_supplicant in AP mode) was internally updating the STA
flags on disconnection cases to remove authorization and association.
However, some cases did not result in immediate update of the driver STA
entry. Update all such cases to send out the update to the driver as
well to reduce risk of race conditions where new frames might be
accepted for TX or RX after the port authorization or association has
been lost and configured keys are removed.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-26 17:51:03 +02:00
Jouni Malinen
b766ac488f tests: Use frame injection in monitor_iface_unknown_sta
The previously used normal data TX depends on undefined driver behavior
after all keys have been removed. That may not be available, so do this
more properly with frame injection through a monitor interface.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-26 17:51:03 +02:00
Jouni Malinen
19e8536d47 tests: sigma_dut controlled AP and transition disabled indication
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-26 13:01:19 +02:00
Jouni Malinen
f3de8f35bc tests: sigma_dut controlled AP and beacon protection
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-26 12:50:00 +02:00
Jouni Malinen
14ee49c24b tests: sigma_dut controlled STA and beacon protection
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-26 11:52:47 +02:00
Jouni Malinen
431e5d5819 tests: Add forgotten step to ap_wpa3_eap_transition_disable
This was supposed to be included, but was forgotten in an editor window
with pending changes..

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-26 00:57:40 +02:00
Alexander Wetzel
8ca6f924d6 STA: Fix wpa_clear_keys() PTK key deletion logic
We have to delete PTK keys when either BIT(0) or BIT(15) are zero and
not only when both are zero.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-26 00:33:17 +02:00
Alexander Wetzel
ff54340905 AP: Fix Extended Key ID parameter check
Check the new variable to be set instead the current setting.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-26 00:26:17 +02:00
Jouni Malinen
5cf5680e5c tests: Transition disable
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-26 00:22:57 +02:00
Jouni Malinen
96686e637c wpa_supplicant AP mode configuration for Transition Disable KDE
Allow AP mode network profile in wpa_supplicant to be configured to
advertise Transition Disable DKE.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-26 00:18:06 +02:00
Jouni Malinen
9d1857cf35 Process Transition Disable KDE in station mode
Check whether the Transition Disable KDE is received from an
authenticated AP and if so, whether it contains valid indication for
disabling a transition mode. If that is the case, update the local
network profile by removing the less secure options.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-26 00:13:14 +02:00
Jouni Malinen
82cc0b0cc2 Allow hostapd AP to advertise Transition Disable KDE
The new hostapd configuration parameter transition_disable can now be
used to configure the AP to advertise that use of a transition mode is
disabled. This allows stations to automatically disable transition mode
by disabling less secure network profile parameters.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-26 00:12:41 +02:00
Jouni Malinen
3eb9ddc658 Transition Disable KDE definitions
Define the OUI Type and bitmap values for Transition Disable KDE. These
will be shared by both the AP and STA implementations.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-26 00:12:39 +02:00
Wu Gao
a72ec4c221 Add addition CFR capture type to filter all NDPA NDP frames
Add QCA_WLAN_VENDOR_CFR_NDPA_NDP_ALL in enum
qca_wlan_vendor_cfr_capture_type. This capture type requests all NDPA
NDP frames to be filtered.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-25 12:05:14 +02:00
Wu Gao
a163bfe2bc Change CFR attributes from required to optional
Some CFR attributes are used frequently with conditions, so change them
from required to optional.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-25 12:04:37 +02:00
Noam Shaked
e520de8dbe Add ACS support for 60 GHz channel bonding
hostapd will trigger EDMG auto channel selection by setting
QCA_WLAN_VENDOR_ATTR_ACS_EDMG_ENABLED. The 60 GHz driver will be
called to start an auto channel selection and will return the
primary channel and the EDMG channel.

Signed-off-by: Noam Shaked <nshaked@codeaurora.org>
2020-03-24 22:15:32 +02:00
Jouni Malinen
634bc4e6df tests: sigma_dut sta_scan ShortSSID
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-24 12:33:31 +02:00
Noam Shaked
00f6a27628 nl80211: Fix offloaded ACS regression for the 60 GHz band
Addition of chan_2ghz_or_5ghz_to_freq() broke 60 GHz ACS, because it
assumes reported ACS channel is on either 2.4 or 5 GHz band. Fix this
by converting chan_2ghz_or_5ghz_to_freq() to a more generic
chan_to_freq(). The new function uses hw_mode to support 60 GHz.

Fixes: 41cac481a8 ("ACS: Use frequency params in ACS (offload) completed event interface")
Signed-off-by: Noam Shaked <nshaked@codeaurora.org>
2020-03-23 22:29:04 +02:00
John Crispin
1e8ea0833d HE: Add HE support to hostapd_set_freq_params()
The parameters that need to be applied are symmetric to those of VHT,
however the validation code needs to be tweaked to check the HE
capabilities.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2020-03-23 18:08:50 +02:00
Jouni Malinen
8e467e3cf4 wlantest: Check for zero TK even when the real PTK is not known
This makes it easier to analyze certain encryption issues. Also print
out an error at the default INFO debug verbosity with the frame number.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-23 17:58:43 +02:00
Wu Gao
bb08be757f Extend vendor attributes to support enhanced CFR capture
Enhanced channel frequency response supports capturing of channel status
information based on RX. Define previous CFR as version 1 and enhanced
CFR as version 2. If target supports both versions, two versions can't
be enabled at same time. Extend attributes for enhanced CFR capture in
enum qca_wlan_vendor_peer_cfr_capture_attr.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-23 15:39:36 +02:00
Noam Shaked
30ac8ddaf6 Add QCA vendor attributes for ACS over EDMG (IEEE 802.11ay)
QCA_WLAN_VENDOR_ATTR_ACS_EDMG_ENABLED, conduct ACS for EDMG.
QCA_WLAN_VENDOR_ATTR_ACS_EDMG_CHANNEL, return the EDMG channel.

Signed-off-by: Noam Shaked <nshaked@codeaurora.org>
2020-03-23 13:19:51 +02:00
Jouni Malinen
681e8495b4 tests: Extended Key ID
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-23 11:47:31 +02:00
Jouni Malinen
41c3f0cd5b Allow last configured Key ID for TK to be fetched from wpa_supplicant
"GET last_tk_key_idx" can now be used in testing build to determine
which was the last configured Key ID for the pairwise key.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-23 11:47:31 +02:00
Jouni Malinen
8b63a58166 Use a shared helper function for RSN supplicant capabilities
Avoid practically copy-pasted code for determining local RSN
capabilities.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-23 11:47:31 +02:00
Alexander Wetzel
b17b7a8e53 STA: Support Extended Key ID
Support Extended Key ID in wpa_supplicant according to
IEEE Std 802.11-2016 for infrastructure (AP) associations.

Extended Key ID allows to rekey pairwise keys without the otherwise
unavoidable MPDU losses on a busy link. The standard is fully backward
compatible, allowing STAs to also connect to APs not supporting it.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-23 11:47:31 +02:00
Alexander Wetzel
862aac1fcd AP: Support Extended Key ID
Support Extended Key ID in hostapd according to IEEE Std 802.11-2016.

Extended Key ID allows to rekey pairwise keys without the otherwise
unavoidable MPDU losses on a busy link. The standard is fully backward
compatible, allowing an AP to serve STAs with and without Extended Key
ID support in the same BSS.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-23 11:43:10 +02:00
Jouni Malinen
9efac01020 tests: Fix bgscan_learn_beacon_loss with REPORTS_TX_ACK_STATUS
Stopping the AP from beaconing will also stop it from acknowledging
frames and that resulted in bgscan_learn_beacon_loss failing when
mac80211_hwsim is registering REPORTS_TX_ACK_STATUS. Work around this by
moving to using PMF so that the station ignores the unprotected
deauthentiation frames from the AP and also disabling SA Query. This
allows the AP to be stopped and restarted with large enough Beacon
interval to allow the station to detect beacon loss.

This is identical to the earlier design change for
bgscan_simple_beacon_loss (somehow this bgscan_learn_beacon_loss test
case managed to pass at that time).

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-22 19:52:38 +02:00
Jouni Malinen
b967b5e859 Limit scan frequency list to 100 entries
There is no real use case for the scan to be requested on more than 100
channels individually. To avoid excessively long lists with invalid
configuration, use 100 entry limit for the list before dropping to the
fallback scan-all-channels option.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-22 18:51:41 +02:00
Jouni Malinen
9f9a148af6 Convert int_array to use size_t instead of int as the length
This extends this to allow longer lists with LP32 data model to avoid
limit of 16-bit int.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-22 18:50:04 +02:00
Jouni Malinen
749add5c64 Limit freq_range_list_parse() result to UINT_MAX entries
This addresses a theoretical integer overflow with configuration
parameters with 16-bit int.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-22 18:50:04 +02:00