This extends the SAE implementation in both infrastructure and mesh BSS
cases to allow an optional Password Identifier to be used. This uses the
mechanism added in P802.11REVmd/D1.0. The Password Identifier is
configured in a wpa_supplicant network profile as a new string parameter
sae_password_id. In hostapd configuration, the existing sae_password
parameter has been extended to allow the password identifier (and also a
peer MAC address) to be set. In addition, multiple sae_password entries
can now be provided to hostapd to allow multiple per-peer and
per-identifier passwords to be set.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add NAN attributes to communicate IPv6 address, port, and protocol
between wifihal and host driver.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Over time a number of style issues have crept into qca-vendor.h,
so fix most of them. There are some identifiers and comments which
exceed 80 columns, but these are left as-is for readability.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This can be used to determine which mechanism to use for configuring
country code from trusted sources.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add a new wifi test config QCA vendor attribute to configure Tx
beamformee in the driver. This is used for testbed configuration.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
OpenSSL started reporting failures from
EC_POINT_set_affine_coordinates_GFp() similarly to BoringSSL, so use the
same workaround to enable this protocol testing case.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add commands to allow an AP to configure filtering rules to capture
frames from stations that are active on the operating channel, but
not associated to this AP. Operations include add/delete the filter
and get the statistics information of the unassociated stations.
Signed-off-by: Karthikeyan Periyasamy <periyasa@codeaurora.org>
Extend RADIUS DAS to support CoA-Request packets for the case where the
HS 2.0 Terms And Conditions filtering VSA is used to remove filtering.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Mark a channel as required DFS based on regulatory information received
from the driver/kernel rather than deciding based on hardcoded
boundaries on the frequency. Previously few channels were being marked
as requiring DFS even though they were non-DFS in a particular country.
If the driver does not provide channel list information, fall back to
the previously used frequency-based determination.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Extend wpa_supplicant WNM-Notification RX handling to parse and process
received Terms and Conditions Acceptance notifications. If PMF is
enabled for the association, this frame results in control interface
indication (HS20-T-C-ACCEPTANCE <URL>) to get upper layers to guide the
user through the required acceptance steps.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This extends hostapd Access-Accept processing to check if the RADIUS
server indicated that Terms and Conditions Acceptance is required. The
new hs20_t_c_server_url parameter is used to specify the server URL
template that the STA is requested to visit.
This commit does not enable any kind of filtering, i.e., only the part
of forwarding a request from Access-Accept to the STA using
WNM-Notification is covered.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This allows user to get event indication when a new interface is
added/removed for 4addr WDS STA and also WDS STA ifname is informed
through the STA command.
Signed-off-by: Bhagavathi Perumal S <bperumal@codeaurora.org>
While it is unlikely that FILS would be used without PMF or SAE in the
build, it is possible to generate such a build and as such, it would be
good for the KDF selection to work properly. Add CONFIG_FILS as an
independent condition for the SHA256-based KDF. Previously, this
combination would have resulted in failure to derive keys and terminated
key management exchange.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This extends hostapd processing of (Re)Association Request frames to
store a local copy of the Consortium OI within the Roaming Consortium
Selection element, if present, and then add that in HS 2.0 Roaming
Consortium attribute into RADIUS Access-Request messages.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This extends wpa_supplicant Hotspot 2.0 ANQP routines to allow the
Operator Icon Metadata ANQP-element to be fetched with "ANQP_GET <bssid>
hs20:12". The result is available in the new hs20_operator_icon_metadata
entry in the "BSS <bssid>" output.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
At least LibreSSL v2.7.2 indicates support for OpenSSL API 1.1.0, but it
does not apparently use const ASN1_OBJECT * with X509_ALGOR_get0(). Use
the older non-const version here with LibreSSL to fix compilation.
Signed-off-by: Jouni Malinen <j@w1.fi>
This gives more protection against unexpected behavior if RSN supplicant
code ends up trying to use sm->pmk[] with a stale value. Couple of the
code paths did not clear sm->pmk_len explicitly in cases where the old
PMK is being removed, so cover those cases as well to make sure these
will result in PMK-to-PTK derivation failures rather than use of
incorrect PMK value if such a code path could be reached somehow.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add a new wifi test config attribute to configure HE LTF in the
driver. This is used for testbed configuration.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
In the current implementation, upon an EAP method failure, followed by
an EAP failure, the EAP Status is propagated up in wpa_supplicant with a
general failure parameter string "failure". This parameter is used for a
notification on the dbus.
This commit reports the EAP method failure error code in a separate
callback.
The solution in this commit is generic to all EAP methods, and can be
used by any method that need to pass its error code. However, this
commit only implements the reporting for EAP-SIM and EAP-AKA methods
where the Notification Code (in AT_NOTIFICATION) is used as the method
specific error code value.
Signed-off-by: Ahmed ElArabawy <arabawy@google.com>
This extends the original IEEE Std 802.11ai-2016 functionality with the
changes added in REVmd to describe how additional keys are derived to
protect the FT protocol using keys derived through FILS authentication.
This allows key_mgmt=FT-FILS-SHA256 to be used with FT protocol since
the FTE MIC can now be calculated following the changes in REVmd. The
FT-FILS-SHA384 case is still unsupported (it needs support for variable
length MIC field in FTE).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The previous implementation ended up defaulting to using PRF-SHA1 for
deriving PTK from PMK when SAE was used. This is not correct since the
SAE AKM is defined to be using SHA-256 -based KDF instead. Fix that.
Note: This change is not backwards compatible. Both the AP and station
side implementations will need to be updated at the same time to
maintain functionality.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add an event callback for EVENT_STATION_OPMODE_CHANGED to allow
user/application to get the notification whenever there is a change in a
station's HT/VHT op mode.
The new events:
STA-OPMODE-MAX-BW-CHANGED <addr> <20(no-HT)|20|40|80|80+80|160>
STA-OPMODE-SMPS-MODE-CHANGED <addr> <automatic|off|dynamic|static>
STA-OPMODE-N_SS-CHANGED <addr> <N_SS>
Signed-off-by: Tamizh chelvam <tamizhr@codeaurora.org>
To retain configurator information across hostapd/wpa_supplicant
restart, private key need to be maintained to generate a valid pair of
authentication keys (connector, netaccess_key, csign) for new enrollees
in the network.
Add a DPP_CONFIGURATOR_GET_KEY control interface API through which the
private key of an existing configurator can be fetched.
Command format:
DPP_CONFIGURATOR_GET_KEY <configurator_id>
The output from this command can then be used with
"DPP_CONFIGURATOR_ADD key=<hexdump>" to create the same key again.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The SAE AKM 00-0F-AC:8 is supposed to use EAPOL-Key Key Descriptor
Version 0 (AKM-defined) with AES-128-CMAC and NIST AES Key Wrap.
However, the previous implementation ended up using Key Descriptor
Version 2 (HMAC-SHA-1-128 and NIST AES Key Wrap). Fix this by using the
appropriate Key Descriptor Version and integrity algorithm. Use helper
functions to keep the selection clearer and more consistent between
wpa_supplicant and hostapd uses.
Note: This change is not backwards compatible. Both the AP and station
side implementations will need to be updated at the same time to
maintain functionality.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Define a new WiFi test configuration attributes in QCA vendor
command to configure BA session parameters and to add or
delete a BA session and to configure no ack policy.
This is used for configuring the testbed device.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Define a new WiFi test configuration attribute in QCA vendor
command to allow or not to allow WEP/TKIP in HT/VHT/HE mode.
This is used for configuring the testbed device.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This makes it easier to understand why "SAE: Failed to select group"
debug entry shows up in cases the selected crypto library does not
support a specific group.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
India supports 5 GHz channels 169 and 173 now. Enable HT40 across
channels 165 and 169. Leave channel 173 to remain HT20 only.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Enhance QCA vendor specific APF interface to support write/read program
and/or data and to enable/disable APF feature.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Define a new QCA vendor sub command for configuring the device with wifi
test configuration. Add new test config attributes for this sub command
that are used to configure the device for testbed configuration.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The blocking timeout of this function was changed from 2 seconds to 10
seconds in this commit 1480633f ("Use longer timeout in
wpa_ctrl_request()"), but the description was never changed accordingly.
Signed-off-by: Simon Dinkin <simon.dinkin@tandemg.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add new QCA vendor commands and attributes to get thermal information
and send thermal shutdown related commands. Indicates the driver to
enter the power saving mode or resume from the power saving mode based
on the given temperature and thresholds.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add additional NDP attributes and NDP subcommand value which is
provided as part of schedule update indication from driver/firmware
to HAL.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The y coordinates for some of these PKEX role-specific points were
changed in the PKEX specification, so update the implementation to
match.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This allow MSDU queue depth threshold in target to be set per peer per
TID. This command contains MAC address, TID, update mask, and threshold
values.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This prevents an issue where duplicated Authentication Response frame
could have resulted in deriving a new ke value after M.x had already
been cleared. This would result in the following configuration exchange
failing. This could happen since many driver do not filter out
retransmitted Public Action frames and link layer. Furthermore, this
could have been used as a denial-of-service attack agains the DPP
exchange.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit extends the existing QCA vendor specific NUD_STATS_GET/SET
interface to also collect the statistics of the data packets. The
intention here is to get more comprehensive information to detect the
network unreachability.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit introduces a QCA vendor command that provides the current
information of WLAN hardware MAC and its associated WLAN netdev
interfaces.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Set Sc to 2^16-1 when moving to Accepted state per IEEE Std 802.11-2016,
12.4.8.6.5 (Protocol instance behavior - Confirmed state). This allows
the peer in Accepted state to silently ignore unnecessary
retransmissions of the Confirm message.
Signed-off-by: Jouni Malinen <j@w1.fi>
This implements the behavior described in IEEE Std 802.11-2016,
12.4.8.6.6 (Protocol instance behavior - Accepted state) to silently
discard received Confirm message in the Accepted state if the new
message does not use an incremented send-confirm value or if the special
2^16-1 value is used. This avoids unnecessary processing of
retransmitted Confirm messages.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new hostapd.conf parameter sae_sync (default: 5) can now be used to
configure the dot11RSNASAESync value to specify the maximum number of
synchronization errors that are allowed to happen prior to
disassociation of the offending SAE peer.
Signed-off-by: Jouni Malinen <j@w1.fi>
A new vendor attribute QCA_WLAN_VENDOR_ATTR_GET_WEIGHED_PCL is added for
getting preferred channels with weight value and a flag to indicate how
the channels should be used in P2P negotiation process.
Signed-off-by: Peng Xu <pxu@qti.qualcomm.com>