Extend DPP authentication session search for the DPP_QR_CODE command to
cover the ongoing exchanges in Controller/Responder. This was previously
done for wpa_supplicant, but not for hostapd, so complete this support
on the hostapd side.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
These were not really used anymore since the AP/Relay case did not set
msg_ctx or process_conf_obj in the global DPP context. Get the
appropriate pointers more directly from the more specific data
structures instead and remove these global values.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Extend hostapd support for DPP Controller to cover the DPP_CONTROLLER_*
cases that were previously implemented only in wpa_supplicant. This
allows hostapd/AP to be provisioned using DPP over TCP.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Firmware statistics are received in the driver as opaque data. The host
target needs to send this opaque data to userspace wifistats
application. This new event is used to transfer this opaque data to the
application.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
If reassoc_same_bss_optim=1 is used to optimize reassociation back to
the same BSS, it was possible for sm->pmk_len to be 0 due to a
disconnection event getting processed after sending out the
reassociation request. This resulted in wpa_sm_rx_eapol() calling
wpa_mic_len() with incorrect PMK length when PMKSA caching was being
attempted. That resulted in incorrect mic_len getting determined and not
finding the correct Key Data Length field value. This could result in
failing to complete 4-way handshake successfully.
Fix this by updating the current PMK length based on the selected PMKSA
cache entry if sm->pmk_len is not set when processing EAPOL-Key msg 1/4.
Signed-off-by: Jouni Malinen <j@w1.fi>
As per RFC 8110 (Opportunistic Wireless Encryption), if the AP has the
PMK identified by the PMKID and wishes to perform PMK caching, it will
include the PMKID in the Association Response frame RSNE but does not
include the Diffie-Hellman Parameter element.
This was already addressed for most cases with owe_process_assoc_req()
not setting sta->owe_ecdh in case PMKSA caching is used. However, it was
possible to an old STA entry to maintain the initial sta->owe_ecdh value
if reassociation back to the same AP was used to initiate the PMKSA
caching attempt. Cover that case by adding an explicit check for the
time when the Association Response frame is being generated.
Signed-off-by: Chittur Subramanian Raman <craman@maxlinear.com>
SSL_add0_chain_cert() was not available in LibreSSL before version
2.9.1.
Fixes: 4b834df5e0 ("OpenSSL: Support PEM encoded chain from client_cert blob")
Signed-off-by: Jouni Malinen <j@w1.fi>
Add a new QCA vendor attribute to configure the driver/firmware to
ignore SA Query timeout. If this configuration is enabled the
driver/firmware shall not send Deauthentication frame when SA Query
times out. This is required to support STA testbed role.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
These vendor attributes for FT/OCV/SAE testing can be configured only
when the STA is in connected state. Update the documentation of the
attributes to reflect the same.
Fixes: 18f3f99ac4 ("Add vendor attributes to configure testing functionality for FT/OCV/SAE")
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
Add support to get number of MIC errors, missing MME incidents, and
packet replay incidents observed while using IGTK/BIGTK keys when PMF
and/or beacon protection features are enabled.
These counters are applicable only for STA mode and can be fetched
through the QCA_NL80211_VENDOR_SUBCMD_GET_STA_INFO vendor command.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
Add support to parse the (Re)Association Response frames to check if the
AP has accepted/declined the MSCS request in response to the
corresponding (Re)Association Request frame. AP indicates the result by
setting it in the optional MSCS Status subelement of MSCS Descriptor
element in (Re)Association Response frame.
This MSCS Status subelement is defined in the process of being added
into P802.11-REVmd/D4.0 (11-20-0516-17-000m-cr-mscs-and-cid4158).
Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
Add support to receive and process MSCS Response frames from the AP and
indicate the status to upper layers.
Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
The function hostapd_event_ch_switch() derived the seg0_idx and seg1_idx
values only for the 5 GHz and 2.4 GHz bands and the 6 GHz case ended up
using incorrect calculation based on the 5 GHz channel definitions.
Fix this by adding support for 6 GHz frequencies.
Signed-off-by: Rohan <drohan@codeaurora.org>
Add a QCA vendor subcommand QCA_NL80211_VENDOR_SUBCMD_UPDATE_SSID
to update the new SSID in hostapd. NL80211_ATTR_SSID is used to encapsulate
the new SSID.
Signed-off-by: Pooventhiran G <pooventh@codeaurora.org>
Currently the driver/firmware indicates CCA busy time which includes own
TX and RX time and as such, does not allow the CCA busy time due to
other nodes to be computed. Add separate statistics to indicate own
radio TX time and own radio RX time to facilitate userspace applications
to compute CCA busy time because of traffic unintended to this device.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
All QCA_WLAN_VENDOR_ATTR_LL_STATS_CHANNEL_* attributes are also nested
within QCA_WLAN_VENDOR_ATTR_LL_STATS_CH_INFO, not only
QCA_WLAN_VENDOR_ATTR_LL_STATS_CHANNEL_INFO* attributes in the current
implementation. Fix QCA_WLAN_VENDOR_ATTR_LL_STATS_CH_INFO documentation
accordingly.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit does the following enhancements to the TWT interface:
Corrects the documentation for QCA_WLAN_TWT_SUSPEND and
QCA_WLAN_TWT_TERMINATE. Specifies that these operations carry the
parameters obtained through QCA_WLAN_VENDOR_ATTR_CONFIG_TWT_PARAMS. This
interface is very recently introduced and missed to document the same.
There are no user space or driver components using this interface yet.
Hence, enhancing/modifying the interface.
Corrects the documentation for
QCA_WLAN_VENDOR_ATTR_TWT_SETUP_WAKE_DURATION. Mentions that the units it
represent is a multiple of 256 microseconds rather than a TU. The host
driver always interpreted this as an unit in 256 microseconds and there
are no user space implementations that are impacted with this change in
the unit. Hence, modifying the documentation.
Introduces QCA_WLAN_VENDOR_ATTR_TWT_RESUME_NEXT2_TWT_SIZE, which is
similar to that of QCA_WLAN_VENDOR_ATTR_TWT_RESUME_NEXT_TWT, but carries
an offset/data of u32 size.
Introduces MAC_ADDR attribute to represent the peer for the TWT setup
and resume operations.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
While the listed unknown operating class/channel number pairs need to be
ignored, that should be done in a manner than prevents the parsed
bootstrapping info from being used as if it had no channel list (i.e.,
allowing any channel) if there are no known operating class/channel
number pairs.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Extend DPP authentication session search for the DPP_QR_CODE command to
cover the ongoing exchanges in Controller/Responder.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The case where mutual authentication with QR Code bootstrapping is used
with scanning of the QR Code during the exchange resulted in the
Controller closing the TCP socket too early. Fix this by leaving the
socket open while waiting for the full Authentication Response message.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Extend the DPP_CONTROLLER_START command to accept the optional qr=mutual
parameter similarly to the DPP_LISTEN case.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add support to configure the number of TX chains and the number of RX
chains to be used during a connection.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Extend dpp_control_get_auth() to find the ongoing session for enterprise
credential provisioning in cases where the Controller/Configurator
initiated the exchange. Only the other direction was supported
previously.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add an encrypted Enrollee identifier into Reconfig Announcement frames
and decrypt that on the Configurator side. The actual E-id value is
currently not used for anything, but it can be used in the future to
provide better control over reconfiguration.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This was added to the protocol design to support cases where the
C-sign-key uses a different group than the netAccessKey. The Enrollee
now indicates its netAccessKey group in Reconfig Announcement and the
Configurator builds it own reconfig Connector using that group instead
of the group used for the C-sign-key.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This prevents use of a SAE-PK style password as the WPA-PSK passphrase
only if the same password is not also enabled through sae_password for
use with SAE-PK.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Introduce additional attributes for the TWT response parameters from the
host driver. Also, add ATTR_TWT_RESUME_FLOW_ID for TWT Resume request.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Update the SAE-PK implementation to match the changes in the protocol
design:
- allow only Sec values 3 and 5 and encode this as a single bit field
with multiple copies
- add a checksum character
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add override parameters to use the specified channel while populating
OCI element in EAPOL-Key group msg 2/2, FT reassoc request, FILS assoc
request and WNM sleep request frames.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
The documentation for the QCA_WLAN_VENDOR_ATTR_CONFIG_UDP_QOS_UPGRADE
attribute had incorrectly specified the value of 0 (corresponding to BE)
to disable the QoS upgrade. BK (1) is a lower priority AC compared to BE
and if BE is used to disable the upgrade, there would be no possibility
for configured UDP AC upgrade to replace BK-from-DSCP with BE. Thus,
correct this by specifying that the value of BK (1) is used to disable
this UDP AC upgrade.
Fixes: ebd5e764f9 ("Vendor attribute to configure QoS/AC upgrade for UDP frames")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
sae_check_confirm_pk() and sae_write_confirm_pk() were using different
checks for determining whether SAE-PK was used. It was apparently
possible to miss the checks in sae_write_confirm_pk() in some AP cases
where SAE H2E is being used. Fix this by checking sae->pk in the
write-confirm case similarly to the way this was done in check-confirm.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Debug logs did not make it clear whether the failure happens when
checking a received SAE confirm or when writing own SAE confirm. Those
cases have different checks on when to go through SAE-PK processing, so
it is useful to make this part clear in the debug log.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Verify AES-CTR encryption implementation against the test vectors in
NIST SP 800-38a. This implementations was already tested against AES SIV
and EAX mode test vectors, but this adds more explicit testing against
published CTR mode test vectors.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Use the "tmp_disallow" name more consistently so that both the core
wpa_supplicant functionality (struct wpa_bss_tmp_disallowed) and the
wpa_driver_ops callback have more similar names.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Introduce a new attribute QCA_WLAN_VENDOR_ATTR_CONFIG_UDP_QOS_UPGRADE
to configure access category override for UDP frames.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Introduces a vendor command to get the currently enabled band(s)
through QCA_NL80211_VENDOR_SUBCMD_GETBAND.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Also introduce a new attribute QCA_WLAN_VENDOR_ATTR_SETBAND_MASK to
carry this new bitmask enum. This attribute shall consider the bitmask
combinations to define the respective band combinations and substitutes
QCA_WLAN_VENDOR_ATTR_SETBAND_VALUE. The old attribute use remains same
as before.
In addition, document the previously undocumented, but defined,
QCA_NL80211_VENDOR_SUBCMD_SETBAND.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The NL80211_ATTR_VLAN_ID attribute expects non-zero values, but vlan_id
with value 0 has been set in VLAN offload case. Due to this, station
connection failure is observed if the driver advertises VLAN_OFFLOAD
support:
nl80211: NL80211_ATTR_STA_VLAN (addr=8c:fd:f0:22:19:15 ifname=wlan0
vlan_id=0) failed: -34 (Result not representable)
wlan0: STA 8c:fd:f0:22:19:15 IEEE 802.11: could not bind the STA
entry to vlan_id=0
Fix this by setting only non-zero values.
Fixes: 0f903f37dc ("nl80211: VLAN offload support")
Signed-off-by: Seevalamuthu Mariappan <seevalam@codeaurora.org>
40/80 MHz bandwidth setting was being rejected due to incorrect sanity
check on the channel index. Fix that for the bandwidths larger than 20
MHz.
Fixes: d7c2c5c98c ("AP: Add initial support for 6 GHz band")
Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
The 0..3 value decoded from the password was not incremented to the
actual 2..5 range for Sec. This resulted in not properly detecting the
minimum password length.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The channel numbering/center frequencies was changed in IEEE
P802.11ax/D6.1. The center frequencies of the channels were shifted by
10 MHz. Also, a new operating class 136 was defined with a single
channel 2. Add required support to change the channelization as per IEEE
P802.11ax/D6.1.
Signed-off-by: Wu Gao<wugao@codeaurora.org>
Signed-off-by: Vamsi Krishna <vamsin@codeaurora.org>
Check if nl80211 control port TX status is available in the kernel and
enable control port TX if so. With this feature, nl80211 control path is
able to provide the same feature set as nl80211 (management) + AF_PACKET
socket (control) before.
For debugging and testing, this can explicitly be disabled with
the driver parameter control_port_ap=0.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
The kernel commit "mac80211: support control port TX status reporting"
seems to be delivering the TX status events for EAPOL frames over
control port using NL80211_CMD_FRAME_TX_STATUS due to incorrect check on
whether the frame is a Management or Data frame. Use the pending cookie
value from EAPOL TX operation to detect this incorrect behavior and
redirect the event internally to allow it to be used to get full TX
control port functionality available for AP mode.
Signed-off-by: Jouni Malinen <j@w1.fi>
Allow custom ack handler to be registered and use the ext ack handler
for TX control port to fetch the cookie information. If these cookies
are not supported by the current kernel, a value of 0 is returned.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
In order to retransmit faster in AP mode, hostapd can handle TX status
notifications. When using nl80211, this is currently only possible with
socket control messages. Add support for receiving such events directly
over nl80211 and detecting, if this feature is supported.
This finally allows for a clean separation between management/control
path (over nl80211) and in-kernel data path.
A follow up commit enables the feature in AP mode.
Control port TX status contains the original frame content for matching
with the current hostapd code. Furthermore, a cookie is included, which
allows for matching against outstanding cookies in the future. This
commit only prints the cookie value for debugging purposes on TX status
receive.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
This is a preliminary patch for using extack cookies for TX control port
handling. Custom ack handler arguments for send_and_recv() and friends
is introduced therefore. This commit does not actually use the provided
values, i.e., that will be added in a separate commit.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
eap_teap_auth=2 can now be used to configure hostapd to skip Phase 2 if
the peer can be authenticated based on client certificate during Phase
1.
Signed-off-by: Jouni Malinen <j@w1.fi>
The EAP-TEAP server may skip Phase 2 if the client authentication could
be completed during Phase 1 based on client certificate. Handle this
similarly to the case of PAC use.
Signed-off-by: Jouni Malinen <j@w1.fi>
These are needed for EAP-TEAP server and client side implementation to
allow Phase 2 to be skipped based on client certificate use during Phase
1.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add events for within-ESS reassociation. This allows us to monitor roam
events, both skipped and allowed, in tests.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
This allows the DPP_CA_SET command to be targeting a specific DPP-CST
event in cases where the Configurator did not receive the bootstrapping
information for the peer.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Make Configurator wait for CSR (i.e., another Config Request) when using
DPP over TCP similarly to the over Public Action frame case.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This was previously covered for the DPP over Public Action frames, but
the DPP over TCP case was missed.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Parse the received CSR, verify that it has been signed correctly, and
verify that the challengePassword is present and matches the derived cp.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The low level ECDSA interface is not available in BoringSSL and has been
deprecetated in OpenSSL 3.0, so move to using a higher layer EVP-based
interface for performing the ECDSA sign/verify operations.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add initial Enrollee functionality for provisioning enterprise (EAP-TLS)
configuration object. This commit is handling only the most basic case
and a number of TODO items remains to handle more complete CSR
generation and config object processing.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Try to parse the private_key blob as an ECPrivateKey in addition to the
previously supported RSA and DSA.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
base64_encode_no_lf() is otherwise identical to base64_encode(), but it
does not add line-feeds to split the output.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Use "client device" as the term for the device that operates under a
guidance of the device responsible for enforcing DFS rules.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Modify the check for VHT to include an option for HE in
hostapd_eid_wb_chsw_wrapper() and its callers to allow the Channel
Switch Wrapper element with the Wide Bandwidth Channel Switch subelement
to be included in Beacon and Probe Response frames when AP is operating
in HE mode without VHT.
Signed-off-by: Muna Sinada <msinada@codeaurora.org>
Move hostapd_eid_wb_chsw_wrapper() from VHT specific ieee802_11_vht.c to
ieee802_11.c since this can be used for both HE and VHT. This commit
does not change any functionality to enable the HE use case, i.e., the
function is just moved as-is.
Signed-off-by: Muna Sinada <msinada@codeaurora.org>
Operation in the 6 GHz band mandates valid HE capabilities element in
station negotiation. Reject association request upon receiving invalid
or missing HE elements.
Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
Vendor VHT IE is used only on the 2.4 GHz band. Restrict the use of
vendor VHT element to 2.4 GHz. This will ensure that invalid/wrong user
configuration will not impact beacon data in other than the 2.4 GHz
band.
Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
Previously, 6 GHz Band Capability element was derived from HT and VHT
capabilities of the device. Removes such unnecessary dependency by
relying directly on the HE capability.
In addition, clean up the struct ieee80211_he_6ghz_band_cap definition
to use a 16-bit little endian field instead of two 8-bit fields to match
the definition in P802.11ax.
Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
Read mode specific HE 6 GHz capability from phy info. This is needed
for futher user config validation and IE construction.
Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
Set the SAE-PK capability bit in RSNXE when sending out (Re)Association
Request frame for a network profile that allows use of SAE-PK.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Move the FILS Public Key element and the FILS Key Confirmation element
to be separate IEs instead of being encapsulated within the SAE-PK
element. This is also removing the unnecessary length field for the
fixed-length EncryptedModifier.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This was clarified in the draft specification to not be a mandatory
requirement for the AP and STA to enforce, i.e., matching security level
is a recommendation for AP configuration rather than a protocol
requirement.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Define MAC address fetching for OS X (by reusing the existing FreeBSD
implementation) to allow full compile testing of the WPS implementation
on a more BSD-like platform.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
struct ifreq does not include the ifr_netmask alternative on FreeBSD, so
replace that more specific name with ifr_addr that works with both Linux
and FreeBSD.
Fixes: 5b78c8f961 ("WPS UPnP: Do not allow event subscriptions with URLs to other networks")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
