Commit graph

16321 commits

Author SHA1 Message Date
Jouni Malinen
8c936926f0 tests: SAE-PK with immediate confirm on AP
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-31 20:34:38 +03:00
Jouni Malinen
87971ff059 SAE-PK: Fix SAE confirm writing in some AP cases with transition mode
sae_check_confirm_pk() and sae_write_confirm_pk() were using different
checks for determining whether SAE-PK was used. It was apparently
possible to miss the checks in sae_write_confirm_pk() in some AP cases
where SAE H2E is being used. Fix this by checking sae->pk in the
write-confirm case similarly to the way this was done in check-confirm.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-31 20:32:35 +03:00
Jouni Malinen
240e9af4d1 SAE-PK: Make no-KEK debug prints distinct
Debug logs did not make it clear whether the failure happens when
checking a received SAE confirm or when writing own SAE confirm. Those
cases have different checks on when to go through SAE-PK processing, so
it is useful to make this part clear in the debug log.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-31 19:59:52 +03:00
Jouni Malinen
9d00efd829 tests: Skip sigma_dut_dpp_qr_resp_11 if dpp-ca.py does not exist
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-31 10:09:33 +03:00
Jouni Malinen
38ef655eb5 dpp-nfc: Report negotiated connection handover result
Print out a summary of the result in yellow text.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-31 01:23:39 +03:00
Jouni Malinen
4d54618424 dpp-nfc: Stop only_one run after failed handover attempt
Do not require connection handover to succeed before stopping the loop
in the only_one case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-31 01:09:31 +03:00
Jouni Malinen
f7b5a1d347 dpp-nfc: Do not indicate no initial HS as failure if alt HR will be sent
Do not use red color for the "No response receive" message in case
another HR will be sent after this.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-31 01:00:11 +03:00
Jouni Malinen
475b34665c dpp-nfc: Improved version of HandoverServer::serve()
Fix processing of the case where no handover select is sent out and add
automatic (delayed) termination of the link on completing the handover
successfully.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-31 01:00:11 +03:00
Jouni Malinen
dc0795e4ff dpp-nfc: Stop process after successful handover client completion
terminate_now was not being set in the only_one case with connection
handover. Set it for that case as well as the tag cases to automatically
close down the link once it is not needed anymore.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-31 00:44:49 +03:00
Jouni Malinen
b00bbbfe54 dpp-nfc: Optimize HandoverClient message receiving for alternative HR case
Use a shorter polling interval in recv_octets() to be able to send out
the alternative HR more quickly when using a single thread and handover
client. In addition, fix recv_records() to handle normal exception cases
like not receiving anything.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-31 00:44:47 +03:00
Jouni Malinen
bbfb7b9feb dpp-nfc: Use a single handover client thread
Avoid extra complexity from use a separate thread to send out the
alternative proposal.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-31 00:44:12 +03:00
Jouni Malinen
aaa8638ed2 dpp-nfc: Add a class for maintaining connection handover state
This cleans up the shared state between the handover server and client.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-30 21:34:37 +03:00
Jouni Malinen
66d74626ba dpp-nfc: Reuse the same handover client for alternative URI
Postpone closing of the handover client to allow the same client to be
used for sending both handover request messages if an alternative URI
needs to be tried.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-30 20:43:26 +03:00
Jouni Malinen
6e904441c8 dpp-nfc: Add peer URI into the HS in testing mode
This makes it easier to confirm that the correct pair of the HR and the
HS were used.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-30 20:43:26 +03:00
Jouni Malinen
3021b14c49 dpp-nfc: Enable more verbose nfcpy debugging
Set logging level to various upper layer nfcpy modules to enable more
detailed debugging of the actual NFC operations when requested (-d on
the command line).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-30 16:49:40 +03:00
Jouni Malinen
7c04bab710 tests: AES-CTR encrypt test vectors
Verify AES-CTR encryption implementation against the test vectors in
NIST SP 800-38a. This implementations was already tested against AES SIV
and EAX mode test vectors, but this adds more explicit testing against
published CTR mode test vectors.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-30 13:52:14 +03:00
Jouni Malinen
1d3e16d0b0 dpp-nfc: Skip P2P management interfaces
Do not try to perform DPP operations on the P2P management interface
when no specific interface has been identified.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-30 12:51:56 +03:00
Jouni Malinen
a80ab0ea95 tests: sigma_dut DPP Configurator reporting MUD URL
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-28 16:44:41 +03:00
Jouni Malinen
e9c192ffc7 dpp-nfc: Ignore (no) response to initial handover request
If an alternative proposal (second handover request) is sent, the
response (or lack of it) to the initial handover request should be
ignored.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-24 12:46:20 +03:00
Jouni Malinen
7d27bcb8e7 dpp-nfc: Do not allow more than one alternative channel proposal
This avoids potential loops of endless alternative URI exchanges over
NFC negotiated connection handover. Only allow one such alternative
proposal and declarare the handover as a failure if another alternative
were needed.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-24 12:27:06 +03:00
Jouni Malinen
6eaee933d7 dpp-nfc: Add test mode for negotiated connection handover
Allow all actual DPP processing steps in wpa_supplicant to be skipped by
specifying hardcoded URI values. Also allow a hardcoded crn to be
specified to force specific handover requestor/selector roles.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-24 12:27:06 +03:00
Jouni Malinen
730fc307b1 Update documentation for vendor attributes to ignore BSSIDs during roaming
Replace some of the "blacklist" term to reduce undesired connotations.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-24 12:26:22 +03:00
Jouni Malinen
f4877083ec Rename driver op for temporarily disallowed BSSIDs
Use the "tmp_disallow" name more consistently so that both the core
wpa_supplicant functionality (struct wpa_bss_tmp_disallowed) and the
wpa_driver_ops callback have more similar names.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-24 12:26:09 +03:00
Jouni Malinen
f8c756c5b8 FT: Rename temporary blocking of nonresponsive R0KH
Avoid use of the "blacklist" term here to reduce undesired connotations.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-24 12:25:32 +03:00
Jouni Malinen
268433ecd0 tests: DPP Configurator enrolling followed by use of the new Configurator
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-23 18:01:55 +03:00
Jouni Malinen
15018d4f4a DPP2: Fix auth termination after receiving Configurator backup
remove_on_tx_status needs to be set in this case even if
dpp_config_processing=2 is used since there will be no connection
attempt when receiving a Configurator backup instead of station config
object.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-23 18:01:55 +03:00
Jouni Malinen
74cd38ac69 dpp-nfc: Return failure status if operation fails
For now, this is done only for the case where the NFC Device is not
usable and if writing a single tag fails.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-23 12:26:46 +03:00
Jouni Malinen
7e2edfbc1a dpp-nfc: Add color and details for interactive operations
Make the debug output easier to read when performing interactive NFC
operations on a device that has a terminal showing the log.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-23 12:10:26 +03:00
Jouni Malinen
09c22bb782 dpp-nfc: Fix regression in NFC Tag writing
The change to checking DPP_LISTEN return value ended up overwriting the
actual URI information from wpas_get_nfc_uri().

Fixes: 288c0ffaaa ("dpp-nfc: Do not hardcode netrole for NFC Tag writing cases")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-23 11:32:21 +03:00
Jouni Malinen
1e4a42c745 dpp-nfc: Detect a non-NDEF tag when trying to write
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-23 11:27:27 +03:00
Jouni Malinen
288c0ffaaa dpp-nfc: Do not hardcode netrole for NFC Tag writing cases
Allow netrole to be specified for NFC Tag writing cases. Previously,
this was hardcoded to use netrole=configurator when starting the listen
operation. Now the netrole parameter is not included by default, but any
netrole value can be specified with the new --netrole command line
argument.

In addition, fix the listening frequency for the case where a channel is
picked.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-23 01:30:30 +03:00
Sunil Dutt
ebd5e764f9 Vendor attribute to configure QoS/AC upgrade for UDP frames
Introduce a new attribute QCA_WLAN_VENDOR_ATTR_CONFIG_UDP_QOS_UPGRADE
to configure access category override for UDP frames.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-17 23:26:34 +03:00
Sunil Dutt
d91fb3ce32 Add a vendor command to fetch the currently enabled band(s)
Introduces a vendor command to get the currently enabled band(s)
through QCA_NL80211_VENDOR_SUBCMD_GETBAND.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-17 23:23:03 +03:00
Sunil Dutt
29e47c4165 Vendor command to configure TWT
This commit defines a new vendor interface
QCA_NL80211_VENDOR_SUBCMD_CONFIG_TWT to configure TWT.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-17 22:48:26 +03:00
Sunil Dutt
8f396ad685 Enhance the qca_set_band enum values to be used as a bitmap
Also introduce a new attribute QCA_WLAN_VENDOR_ATTR_SETBAND_MASK to
carry this new bitmask enum. This attribute shall consider the bitmask
combinations to define the respective band combinations and substitutes
QCA_WLAN_VENDOR_ATTR_SETBAND_VALUE. The old attribute use remains same
as before.

In addition, document the previously undocumented, but defined,
QCA_NL80211_VENDOR_SUBCMD_SETBAND.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-17 18:43:05 +03:00
Seevalamuthu Mariappan
cc6153a8a4 nl80211: Fix sending proper VLAN ID attr value when using VLAN offload
The NL80211_ATTR_VLAN_ID attribute expects non-zero values, but vlan_id
with value 0 has been set in VLAN offload case. Due to this, station
connection failure is observed if the driver advertises VLAN_OFFLOAD
support:

nl80211: NL80211_ATTR_STA_VLAN (addr=8c:fd:f0:22:19:15 ifname=wlan0
         vlan_id=0) failed: -34 (Result not representable)
wlan0: STA 8c:fd:f0:22:19:15 IEEE 802.11: could not bind the STA
         entry to vlan_id=0

Fix this by setting only non-zero values.

Fixes: 0f903f37dc ("nl80211: VLAN offload support")
Signed-off-by: Seevalamuthu Mariappan <seevalam@codeaurora.org>
2020-07-16 00:25:14 +03:00
Pradeep Kumar Chitrapu
a57f98754e Fix enabling 40/80 MHz bandwidth support in the 6 GHz band
40/80 MHz bandwidth setting was being rejected due to incorrect sanity
check on the channel index. Fix that for the bandwidths larger than 20
MHz.

Fixes: d7c2c5c98c ("AP: Add initial support for 6 GHz band")
Signed-off-by: Pradeep Kumar Chitrapu  <pradeepc@codeaurora.org>
2020-07-16 00:08:58 +03:00
Yu Wang
885097125c mesh: Fix peer link counting when removing a mesh peer
When removing a mesh peer with control interface commands (ACCEPT_ACL
DEL_MAC/DENY_ACL ADD_MAC/MESH_PEER_REMOVE) the plink count was not
decreased from its last connection. This resulted in peer link count
leakage and wpa_supplicant rejecting the connections after reaching
max_peer_links (default: 99).

Fix this by decreasing the plink count when removing a mesh peer which
is in PLINK_ESTAB state.

Signed-off-by: Yu Wang <yyuwang@codeaurora.org>
2020-07-15 12:00:35 +03:00
Jouni Malinen
4df892c781 tests: sigma_dut client privacy
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-26 22:50:13 +03:00
Jouni Malinen
58b384f467 tests: sigma_dut DPP reconfiguration
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-26 21:06:12 +03:00
Jouni Malinen
8632dea4ae DPP2: Make sure dpp_auth gets cleared with external config processing
wpa_s->dpp_auth did not get cleaner if dpp_config_processing=1 is used.
Clear this after having received TX status for Configuration Result to
avoid leaving behind the completed provisioning instance.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-26 20:50:23 +03:00
Jouni Malinen
a7ae422961 DPP2: Do not allow reconfiguration to be started with pending auth
The pending authentication exchange will make us ignore Reconfig
Authentication Request, so do not allow reconfiguration to be started in
that state.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-26 20:40:40 +03:00
Jouni Malinen
d93df9989f DPP2: Debug print reason for rejecting reconfiguration
This makes it easier to understand why Reconfig Authentication Request
gets ignored.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-26 20:37:30 +03:00
Jouni Malinen
2f4c6a5bf3 tests: sigma_dut SAE-PK AP with additional SAE_PK_KeyPair values
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-25 01:39:45 +03:00
Jouni Malinen
7700146de0 tests: SAE-PK password minimum length
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-25 01:39:45 +03:00
Jouni Malinen
5d8c5f344e SAE-PK: Fix password validation check for Sec
The 0..3 value decoded from the password was not incremented to the
actual 2..5 range for Sec. This resulted in not properly detecting the
minimum password length.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-25 01:39:45 +03:00
Jouni Malinen
0ce6883f64 tests: Fix SAE-PK password module tests
Couple of the test values were not actually valid, so remove them.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-25 01:39:45 +03:00
Jouni Malinen
c9dc075fcd dpp-nfc: Fix connection handover renegotiation
The use of the alternative channel list did not work properly for the
case were both ends were trying to initiate the negotiated connection
handover. Fix this by always starting a new connection handover client
thread for sending the alternative proposal and ignoring peer messages
(likely something from the first attempt) during this modified attempt.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-24 22:37:52 +03:00
Vinita S. Maloo
d0819a11cc FILS: Use FILS auth alg when connecting using PMKSA caching
When a PMKSA cache entry is available and used for connection with FILS
key management suite, use FILS authentication algorithm for connection
even if ERP keys are not available. This scenario may happen when
applications using wpa_supplicant cache persistently only PMKSA but not
ERP keys and reconfigures wpa_supplicant with PMKSA cache after
restarting wpa_supplicant.

The previous implementation correctly handles SME-in-wpa_supplicant
cases. However, SME-in-driver cases, complete FILS authentication
without PMKSA caching is performed.

Fix SME-in-driver behavior by setting authentication algorithm to
WPA_AUTH_ALG_FILS when connecting to a FILS AP using PMKSA caching.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-24 00:29:58 +03:00
Vinita S. Maloo
70b80c31f9 nl80211: Do not send FILS ERP sequence number without rRK
FILS ERP cannot be used without rRK, so include these attributes only
together.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-24 00:29:58 +03:00