There should be no wpa_pmk_to_ptk() calls with the cipher argument
indicating a cipher that is not allowed as a pairwise cipher. However,
it looks like that was possible to happen with wlantest. Check for this
corner case explicitly to avoid generating confusing debug logs.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is for protocol testing to check what happens if the Responser
receives an unexpected Authentication Response instead of Authentication
Confirm.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This prevents issues where an unexpected message in the DPP
Authentication exchange or PKEX could result in undefined behavior.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This extends wpa_supplicant DPP implementation to retransmit DPP
Authentication Response frame every 10 seconds up to 5 times if the peer
does not reply with DPP Authentication Confirm frame.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, this command stopped listen operation immediately, but if
there was an ongoing authentication exchange, a new listen operation was
started. This is not really expected behavior, so stop the
authentication exchange first with this command to avoid restarting
listen operation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new role=either parameter can now be used with DPP_AUTH_INIT to
indicate that the initiator can take either the Configurator or Enrollee
role.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This extends wpa_supplicant to iterate over all available channels from
the intersection of what the peer indicates and the local device
supports when initiating DPP Authentication. In addition, retry DPP
Authentication Request frame up to five times if no response is
received.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Generate the PKEX bootstrapping information and release the PKEX session
in a helper function that both the initiator and responder can use
instead of maintaining this functionality separately in two places.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is an initial step in allowing non-operating channel operations
with DPP when hostapd is the Responder. For now, this is only used for
specifying role=configurator/enrollee and qr=mutual cases similarly to
the wpa_supplicant configuration for in Responder role. Request to use a
non-operating channel will be rejected.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add the following vendor commands and their vendor attributes for
spectral scan.
1) QCA_NL80211_VENDOR_SUBCMD_SPECTRAL_SCAN_GET_CONFIG
Get current values of spectral parameters.
2) QCA_NL80211_VENDOR_SUBCMD_SPECTRAL_SCAN_GET_DIAG_STATS
Get stats for spectral scan debug.
3) QCA_NL80211_VENDOR_SUBCMD_SPECTRAL_SCAN_GET_CAP_INFO
Get the spectral hardware capability.
4) QCA_NL80211_VENDOR_SUBCMD_SPECTRAL_SCAN_GET_STATUS
Get the current status of spectral scan.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Some drivers may accept the remain-on-channel command, but instead of
indicating start event for remain-on-channel, just indicate that the
operation has been canceled immediately. This listen cancel from the
WAIT_PEER_CONNECT state ended up in discontinuation of further
WAIT_PEER_IDLE/WAIT_PEER_CONNECT state transitions. Hence, delay the
subsequent IDLE state by 100 ms.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit introduces the ACS functionality for the autonomous GO. The
optional parameter <freq> in p2p_group_add is enhanced to carry a value
"acs" with the intention to select the channels among any supported
band. freq = 2 / 5 carry the need to select the channels only in the
respective bands 2.4 / 5 GHz. This functionality is on top of the host
driver's capability to offload ACS, which is advertized through
WPA_DRIVER_FLAGS_ACS_OFFLOAD.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add QCA_WLAN_VENDOR_ATTR_LL_STATS_EXT_REPORT_TIME
and QCA_WLAN_VENDOR_ATTR_LL_STATS_EXT_MEASUREMENT_TIME to record
timestamp and duration for the last MAC counters. Some user layer
application is delay sensitive. It needs to know time stamp and
measurment duration for the counters.
Signed-off-by: Zhang Qian <zhangq@qti.qualcomm.com>
K and z can be derived already based on information available at the
time the PKEX Exchange Request is being processed, so move these there
from the PKEX Commit-Reveal Request processing since that matches the
DPP tech spec description close and allows PKEX exchange to be aborted
earlier if anything unexpected happens.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add limit on number of failed attempts that could have used PKEX code.
If the limit (5) is reached, drop the PKEX state (including the code)
and report this on the control interface to indicate that a new code
needs to be entered due to possible attack.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Clean up the pending PKEX exchange if Commit-Reveal Request processing
indicates a mismatch in the PKEX code. Previously, the this case was
silently ignored and the session was left in pending state that
prevented new PKEX exchanges from getting initated. Now, a new attempt
is allowed to be initiated.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Number of places writing BIGNUM values with left-padding were open
coding this helper functionality unnecessarily.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Report mismatching finite cyclic group with PKEX Exchange Response using
STATUS_BAD_GROUP and provide more detailed error report over the control
interface on the peer device when this happens.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The optional channel information was removed from the discovery object
in the DPP tech spec, so no need to maintain this TODO note anymore.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The previously used WLAN_REASON_MICHAEL_MIC_FAILURE (14) value as a
response to Authentication frame or (Re)Association Request frame is not
correct since the resp value is encoded in the Status Code (not Reason
Code) field. Status Code 14 is WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION
which is really what this value would have meant in the response frames.
There is no Michael MIC failure status code, so have to use the generic
"Unspecified failure" (1) reason code for these cases.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>