Add PASN implementation to wpa_supplicant
1. Add functions to initialize and clear PASN data.
2. Add functions to construct PASN Authentication frames.
3. Add function to process PASN Authentication frame.
4. Add function to handle PASN frame TX status.
5. Implement the station side flow processing for PASN.
The implementation is missing support for wrapped data and PMKSA
establishment for base AKMs, and only supports PASN authentication or
base AKM with PMKSA caching.
The missing parts will be added in later patches.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
PASN requires to store the PTK derived during PASN authentication
so it can later be used for secure LTF etc. This is also true
for a PTK derived during regular connection.
Add an instance of a PTKSA cache for each wpa_supplicant
interface when PASN is enabled in build configuration.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
In order to be able to perform secure LTF measurements, both the
initiator and the responder need to first derive TK and KDK and store
them, so they would later be available for the secure LTF negotiation.
Add a basic implementation of a PTKSA cache that stores derived TK/KDK
which can later be used for secure LTF negotiation, and add it to the
build configuration.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Add helper functions to construct a PASN Authentication frame and
validate its content, which are common to both wpa_supplicant and
hostapd.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
1. Add a function to derive the PTK from a PMK and additional data.
2. Add a function to calculate the MIC for a PASN frames.
3. Add a function to compute the hash of an authentication frame body.
The above are built only in case that CONFIG_PASN is enabled at build
time.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Extend the fils_pmk_to_ptk() to also derive Key Derivation
Key (KDK) which can later be used for secure LTF measurements.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Extend the wpa_pmk_r1_to_ptk() to also derive Key Derivation
Key (KDK), which can later be used for secure LTF measurements.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Extend the wpa_pmk_to_ptk() to also derive Key Derivation
Key (KDK), which can later be used for secure LTF measurements.
Update the wpa_supplicant and hostapd configuration and the
corresponding WPA and WPA Auth state machine, to allow enabling of KDK
derivation. For now, use a testing parameter to control whether KDK is
derived.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
PASN authentication requires that group management cipher suite
would be set to 00-0F-AC:7 in the RSNE, so consider it as a valid
group management cipher and adjust the code accordingly.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Add support for new channels 173 and 177 in the operating classes 125 to
130 as defined in draft IEEE P802.11ax/D8.0.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
The operating class 129 includes channels with a maximum bandwidth of
160 MHz with center frequency index 50 and 114. The previous definition
of operating class 129 considered the center frequency index as actual
channels resulting in incorrect channel setup for the operating class.
Fix the definition of operating class 129 to consider channels with the
center frequency index of 50 and 114.
Also update the comment that describes the channel selection for
operating 128, 129, and 130 which mentions wpas_p2p_allow_channel()
verifies the channels while wpas_p2p_verify_channel() takes care of it.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
After sending DPP Auth Response, the Responder might not receive the
Auth Confirm either due to the Initiator not sending it or the reception
of the frame failing for some reason (e.g., Responder having already
left the negotiation channel). If this happens, following initiation
attempts would fail since the consecutive Auth Request would get
discarded since the previous authentication is still in progress.
Terminate DPP authentication on Responder, if no Auth Confirm is
received within one second of successfully sending Auth Response. This
allows the Responder to accept start of a new exchange.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
When wpa_supplicant sends NL80211_CMD_AUTHENTICATE to kernel, it is
possible that the cfg80211 in kernel has expired the BSS entry that
we are trying to auth with. Then cfg80211 will reject the auth cmd.
In this case, wpa_supplicant will trigger a single channel scan to
refresh cfg80211 BSS entry, and retry the auth when scan is finished.
When this case happens, wpa_supplicant makes a copy of auth params,
such as frequency, bssid, ssid, ie and so on. So when we retry auth,
the copy of these params will be used. The problem is, a param named
auth_data is missed when making the copy. The auth_data is used by
NL80211_ATTR_SAE_DATA which is a mandatory field for WPA3-SAE auth.
In WPA3-SAE case the auth retry will always fail because auth_data is
missing. This patch fixes the issue.
Signed-off-by: hongwang.li <hongwang.li@sonos.com>
Android has a mechanism to extend the driver interface in vendor
specific ways. This implementation of the vendor interface is done in
$(BOARD_WPA_SUPPLICANT_PRIVATE_LIB). Extend this to allow the vendor
events to be provided to this library to facilitate the event
processing.
Introduce a new board configuration via
$(BOARD_WPA_SUPPLICANT_PRIVATE_LIB_EVENT) rather than reusing
$(BOARD_WPA_SUPPLICANT_PRIVATE_LIB) to enable this event handling in the
private library. This is to avoid compilation issues for
wpa_driver_nl80211_driver_event() with the already existing private
library implementations defined with
$(BOARD_WPA_SUPPLICANT_PRIVATE_LIB).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
When an external scan is in progress on the same radio, delay the P2P
search operation based on configuration parameter p2p_search_delay. The
"search_delay" configuration done through p2p_find always takes
precedence over this delay value set due to an external scan trigger.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
NL80211_CMD_ROAM indication is scheduled via a kernel work queue, while
QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH is a vendor event from the
driver. Thus, a race condition can exist wherein the vendor event is
received prior to the NL80211_CMD_ROAM indication.
The processing of this vendor event depends on the NL80211_CMD_ROAM
indication to update the roamed BSS/BSSID information and thus the out
of sequence processing of these events would result in not updating the
right BSS information.
This commit adds a workaround to hold the pending
QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH event for up to 100 ms in
case NL80211_CMD_ROAM is not received first.
Signed-off-by: Purushottam Kushwaha <pkushwah@codeaurora.org>
After a disconnect command is issued, wpa_supplicant generates a
disconnection event to self and ignores the next disconnection event
coming from the driver. In a race condition in which the driver
generates a connected event due to roaming just before receiving the
disconnect command from userspace, wpa_supplicant processes the
connected event after processing the self-generated disconnection event
and enters WPA_COMPLETED state. The driver sends a disconnection event
after processing the disconnect command sent by wpa_supplicant but the
disconnection event is ignored by wpa_supplicant as the disconnection
event is considered to be a result of locally generated disconnect
command. Thus, wpa_supplicant continues to be in the connected
(WPA_COMPLETED) state though the driver is in disconnected state.
Fix this out-of-sync behavior between the driver and wpa_supplicant by
not ignoring the disconnection event from the driver because of the
locally generated disconnect command sent to the driver if there is a
connection event received after issuing the disconnect command to the
driver.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The response for the respective TWT operations can either be synchronous
or asynchronous (wherever specified). If synchronous, the response to
this operation is obtained in the corresponding vendor command reply to
the user space. For asynchronous case, the response is obtained as an
event with the same operation type.
Drivers shall support either of these modes but not both simultaneously.
The support for asynchronous mode is advertised through the new flag
QCA_WLAN_VENDOR_FEATURE_TWT_ASYNC_SUPPORT. If the driver does not
include this flag, it shall support synchronous mode.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Define the following additional TWT operations:
QCA_WLAN_TWT_GET_STATS, QCA_WLAN_TWT_CLEAR_STATS,
QCA_WLAN_TWT_GET_CAPABILITIES, QCA_WLAN_TWT_SETUP_READY_NOTIFY.
Also define new attributes to qca_wlan_vendor_attr_twt_setup
and qca_wlan_vendor_attr_twt_nudge.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Replace the implicit boolean checks that used int variables with use of
a more explicit bool variable type.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Support possible band combinations of 2.4 GHz, 5 GHz, and 6 GHz with
QCA_WLAN_VENDOR_ATTR_SETBAND_MASK attribute. Ensure backwards
compatibility with old drivers that are using
QCA_WLAN_VENDOR_ATTR_SETBAND_VALUE attribute and supporting only 2.4 GHz
and 5 GHz bands.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
The earlier workaround for UBSAN issues in commit 3b6b3ae581 ("Modify
dl_list_for_each() to not use unaligned access with WPA_TRACE") ended up
using a construction in which the type cast to the containing structure
was compared instead of the struct dl_list pointers. While that worked
around the UBSAN issue, it resulted in a comparison that gcc-10
interprets as being out of bounds for struct dl_list (which it obviously
is since this is to find the start of the containing structure).
Revert that workaround and instead, mark the struct dl_list used within
struct os_alloc_trace to have matching 16 octet alignment as the
containing structure. This is also restoring consistent design for
dl_list_for_each*().
Signed-off-by: Jouni Malinen <j@w1.fi>
When the driver sends a CQM RSSI threshold event, wpa_supplicant queries
the driver for the signal and noise values. However, it is possible that
by that time the station has already disconnected from the AP, so these
values are no longer valid. In this case, indicate that these values are
invalid by setting them to WPA_INVALID_NOISE.
Previously a value of 0 would be reported, which may be confusing as
this is a valid value.
Since nl80211_get_link_signal() and nl80211_get_link_noise() already set
invalid values for a case of failure, just use the value set by these
functions even if they fail.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Brian Norris <briannorris@chromium.org>
S1G beacons save a few bytes by not requiring the RSNE in beacon if RSN
BSS is configured. Handle this in wlantest by only clearing RSNE from
the BSS info if frame is a Probe Response frame.
Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
Add a new hostapd configuration parameters rssi_ignore_probe_request to
ignore Probe Request frames received with too low RSSI.
Signed-off-by: John Crispin <john@phrozen.org>
Previously hostapd would not stop transmitting when a DFS event was
detected and no available channel to switch to was available.
Disable and re-enable the interface to enter DFS state. This way, TX
does not happen until the kernel notifies hostapd about the NOP
expiring.
Signed-off-by: David Bauer <mail@david-bauer.net>
Add the ability to disable HT/VHT/HE for specific BSS from hostapd.conf.
- Add disable_11ax boolean to hostapd_bss_config.
- Change disable_11n and disable_11ac to bool in hostapd_bss_config.
- Add configuration option to set these disable_11* parameters
(which were previously used only automatically based on incompatible
security parameters to disable HT/VHT).
Signed-off-by: Shay Bar <shay.bar@celeno.com>
The hostapd DFS code deinitializes and initializes the AP interface, if
a clean channel switch is not possible. In this case the AP code paths
would deinit the driver, for example nl80211, without wpa_supplicant
code paths getting notice of this.
Therefore add callbacks for wpa_supplicant mesh methods, which are
called on init/deinit of the AP BSS. These callbacks are then used to
handle the reset in the mesh code.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
The kernel requires indication of DFS handler residing in user space
(NL80211_ATTR_HANDLE_DFS) to enable DFS channels.
Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
mac80211 does not allow mgmt tx to use off channel on
DFS channels in non-ETSI domain, because it will invalidate
CAC result on current operating channel.
(mac80211 commit: 34373d12f3cbb74960a73431138ef619d857996f)
Hence don't set offchanok for mgmt tx in case of DFS channels
in non-ETSI.
Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
Mesh join function is the last function to be called during mesh join
process, but it's been called a bit earlier than it's supposed to be, so
that some mesh parameter values such as VHT capabilities were not
applied correct when mesh join is in process. Moreover, the current
design of mesh join that is called directly after mesh initialization
isn't suitable for DFS channels to use, since mesh join process should
be paused until DFS CAC is done and resumed after it's done.
The callback will be called by hostapd_setup_interface_complete_sync().
There is a possibility that completing mesh init fails, so add error
handling codes for that.
Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
Define QCA vendor attributes to dynamically configure TX NSS and RX NSS
to be used with QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION and
QCA_NL80211_VENDOR_SUBCMD_GET_WIFI_CONFIGURATION commands.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
TWT nudge is a combination of suspend and resume in a single request.
Add TWT nudge operation and QCA vendor attributes to support
the TWT nudge request.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Change struct dl_list pointer argument to const in list functions that
do not manipulate the list: dl_list_len() and dl_list_empty().
Signed-off-by: Hai Shalom <haishalom@google.com>
Use NL80211_ATTR_SAE_PWE attribute to indicate the sae_pwe value
to the driver during the NL80211_CMD_START_AP and NL80211_CMD_CONNECT
in WPA3-Personal networks which are using SAE authentication.
Signed-off-by: Rohan Dutta <drohan@codeaurora.org>
P2P usage in the 6 GHz band is not standardized yet by WFA. Disable P2P
operations in the 6 GHz band to avoid potential interop issues with
existing P2P devices in production. P2P operations in the 6 GHz band can
be reenabled later after defining standard ways to address potential
interop issues with existing P2P devices.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Previously, the configuration to disable the 6 GHz band remained local
to the P2P interface. With this there is a possibility of 6 GHz channels
being included in the channel list when the channel list needs to be
updated if the state changes on one of the interfaces.
Include the configuration to disable the 6 GHz band for P2P as a global
configuration value to prevent the inclusion of 6 GHz channels in the
channel list for P2P when the channel list needs to be updated during
the state change in one of the interfaces.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
Add support to report a vendor specific connect fail reason code fetched
from the driver to users by adding the reason code to the event
CTRL-EVENT-ASSOC-REJECT. Fetch the connect fail reason code when the
driver sends a failure connection result and append the reason code, if
available, to assoc reject event.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Introduces a vendor specific feature capability
QCA_WLAN_VENDOR_FEATURE_CONCURRENT_BAND_SESSIONS to know if the device
supports concurrent network sessions on different Wi-Fi bands. This feature
capability is attributed to the hardware's capability to support the same
(e.g., DBS).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The newer kernel versions enforce strict netlink attribute policy
validation and will cause cfg80211 to reject vendor commands with
NL80211_ATTR_VENDOR_DATA if NLA_F_NESTED attribute is not set but
if the vendor command is expecting nested data within
NL80211_ATTR_VENDOR_DATA attribute.
Most of the earlier instances were addressed by adding NLA_F_NESTED
flag in nla_nest_start(). This commit addresses the remaining
instance in which NL80211_ATTR_VENDOR_DATA is populated using data
set by user through the control interface.
Enhance the control interface VENDOR command to indicate whether the
vendor subcommand uses nested attributes within NL80211_ATTR_VENDOR_DATA
attribute or not.
Set NLA_F_NESTED flag for existing QCA vendor commands which use nested
attributes within the NL80211_ATTR_VENDOR_DATA attributes so that the
old frameworks implementations for already existing commands work
without any issues.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Define a QCA vendor attribute
QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_FULL_BW_UL_MU_MIMO to
enable/disable full bandwidth UL MU-MIMO subfield in the HE PHY
capabilities information field for testing purposes.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This extends the changes in commit c397eff828 ("Make GTK length
validation easier to analyze") to cover the RSN case as well as the WPA.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Use a local variable to try to make ikev2_parse_proposal() easier for
static analyzers to understand. Bounds checking in the loop is really
done by the ikev2_parse_transform() function, so the p->num_transforms
value itself is of no importance for that part and even that was already
implicitly limited in range.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The previous fix did not actually address this testing functionality
case correctly. Clear the peer pointer to avoid double freeing.
Fixes: a86078c876 ("TDLS: Fix error path handling for TPK M1 send failures")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
When SAE is used, the local pointer pmk may point to sm->PMK. Skip the
memcpy operation in such a case since it is not really needed and use of
overlapping memory buffers is undefined behavior for memcpy().
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The loop for removing unsupported bands was assuming there is always
exactly one band/mode following the removed band. That was not at all
correct, so fix this by dynamically determining how many (if any) bands
need to be moved.
Fixes: 106d67a93c ("nl80211: Filter out unsupported bands")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Local allocation error or failure to get a random number could have
resulted in the peer entry getting freed and couple of the error path
cases in callers could have tried to reference or delete the peer after
that. Fix this by tracking the errors where the peer is freed.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The allocated memory pointed by the pem pointer was freed on an error
path without clearing the pointer to NULL before returning it from the
function. This could have resulted in use of freed memory in an error
case. Fix this by clearing the pointer so that the function returns NULL
properly in the case of this error.
Fixes: ace3723d98 ("DPP2: Enterprise provisioning (Enrollee)")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
DPP_CONFIGURATOR_ADD processing of the new ppkey parameter had a
copy-paste error in determining the correct length of this parameter.
Fix that by referencing the correct pointer.
Fixes: 9c1fbff074 ("DPP2: Generate a privacy protection key for Configurator")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add support for missing 6 GHz operating classes as defined in
IEEE P802.11ax/D7.0.
This is needed to avoid OCV failures on the 6 GHz band when the channel
width is larger than 20 MHz.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
Previously only primary channel number used to calculate 6GHz operating
class in ieee80211_freq_to_channel_ext() and it is always giving 131
operating class. Fix this by mapping operating class using chanwidth and
sec_channel also.
This is needed to avoid OCV failures on the 6 GHz band when the channel
width is larger than 20 MHz.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
For EAP-SIM connections, reorder the order of the attributes in
EAP-Response/SIM/Start message: Send AT_IDENTITY first, then
AT_NONCE and AT_VERSION instead of AT_IDENTITY last. Even though there
is no order requirements in the RFC, some implementations expect the
order of the attributes to be exactly as described in the RFC figures.
Peer Authenticator
| |
| +------------------------------+
| | Server does not have a |
| | Subscriber identity available|
| | When starting EAP-SIM |
| +------------------------------+
| |
| EAP-Request/SIM/Start |
| (AT_ANY_ID_REQ, AT_VERSION_LIST) |
|<------------------------------------------------|
| |
| |
| EAP-Response/SIM/Start |
| (AT_IDENTITY, AT_NONCE_MT, |
| AT_SELECTED_VERSION) |
|------------------------------------------------>|
| |
Signed-off-by: Hai Shalom <haishalom@google.com>
When nlmsg allocation fails, nl80211_drv_msg() returns NULL and the call
to send_and_recv_msgs_owner() from nl80211_leave_ibss() could have ended
up dereferencing a NULL pointer. Fix this by make
send_and_recv_msgs_owner() more consistent with other send_and_recv*()
cases that check msg == NULL internally.
Fixes: 12ea7dee31 ("nl80211: Use nl80211 control port for receiving EAPOL frames")
Signed-off-by: Pooventhiran G <pooventh@codeaurora.org>
In theory, the EVP_PKEY_get0_EC_KEY() could fail, so verify that it
succeeds before using the pointer to get the group.
Fixes: 65e94351dc ("DPP2: Reconfig Authentication Request processing and Response generation")
Signed-off-by: Disha Das <dishad@codeaurora.org>
If the driver indicates capability for a band that
hostapd/wpa_supplicant does not support, the struct hostapd_hw_modes
array of bands got an empty entry for that with NUM_HOSTAPD_MODES as the
mode. This resulted in various issues, e.g., with fst_hw_mode_to_band()
hitting a WPA_ASSERT(0).
Fix this by filtering out unsupported bands from the internal data
structures.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
IANA assigned the TCP port 8908 for DPP, so update the implementation to
match the formal assignment.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Make sae_status_success() more explicit by rejecting SAE-PK status code
when the AP is not configured with PK.
Fixes: 20ccf97b3d ("SAE-PK: AP functionality")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
If SAE_CONFIG_PK is not defined and sae->pk isn't zero (which is
possible as it is controlled by the commit message status code),
sae_derive_keys() may end up deriving PMK and KCK from an
uninitialized array. Fix that.
Fixes: 6b9e99e571 ("SAE-PK: Extend SAE functionality for AP validation")
Fixes: 20ccf97b3d ("SAE-PK: AP functionality")
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
SSL_CTX_get0_certificate() returns NULL if no certificate is installed.
While this should not be the case here due to the loop in
openssl_debug_dump_certificate_chains() proceeding only if the
SSL_CTX_set_current_cert() returns success, it is safer to make
openssl_debug_dump_certificate() explicitly check against NULL before
trying to dump details about the certificate.
Signed-off-by: Pooventhiran G <pooventh@codeaurora.org>
During the build reshuffling, I missed this, so doing
'make clean' in a certain src/lib folder doesn't clean
up everything anymore. Fix that.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
If wpa_supplicant is built with dynamic EAP methods,
the *.so files land here. Add them to .gitignore.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
P2P goes to Listen state while waiting for the peer to become ready for
GO Negotiation. If old listen radio work has not been completed, P2P
fails to go to listen state. This could happen in cases where P2P Action
frame transmission reused ongoing p2p-listen radio work.
p2p0: Add radio work 'p2p-listen'@0x
P2P-FIND-STOPPED
p2p0: Starting radio work 'p2p-listen'@0x after 0.010644 second wait
P2P: Use ongoing radio work for Action frame TX
P2P: Use ongoing radio work for Action frame TX
P2P: State CONNECT -> CONNECT
P2P: State CONNECT -> WAIT_PEER_IDLE
P2P: State WAIT_PEER_IDLE -> WAIT_PEER_CONNECT
P2P: Reject start_listen since p2p_listen_work already exists
P2P: Failed to start listen mode
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The connection process fails for several reasons and the status codes
defined in IEEE Std 802.11 do not cover the locally generated reason
codes. Add an attribute to QCA_NL80211_VENDOR_SUBCMD_GET_STA_INFO vendor
sub command which can be used by the driver/firmware to report various
additional reason codes for connection failures.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The install target at the beginning of src/eap_peer/Makefile was
confusing make about the build rules for libeap_peer.a and overriding of
the install target between src/eap_peer/Makefile and src/lib.rules was
breaking installation of dynamic EAP peer *.so files.
Fix this by lib.rules defining a default for the install target so that
src/*/Makefile can override that and by moving the install target for
eap_peer to the end of the Makefile.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is needed to cover the HE-specific conf->he_oper_chwidth value in
addition to conf->vht_oper_chwidth.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Some places in the code base were not using the wrappers like
hostapd_set_oper_centr_freq_seg0_idx and friends. This could lead to
errors, for example when joining 80 MHz mesh networks. Fix this, by
enforcing usage of these wrappers.
wpa_supplicant_conf_ap_ht() now checks for HE capability before dealing
with VHT in order for these wrappers to work, as they first check HE
support in the config.
While doing these changes, I've noticed that the extra channel setup
code for mesh networks in wpa_supplicant/mesh.c should not be necessary
anymore and dropped it. wpa_supplicant_conf_ap_ht() should handle this
setup already.
Acked-by: John Crispin <john@phrozen.org>
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
This allows the privacyProtectionKey to be transferred to a new
Configurator similarly to the way c-sign-key is transferred.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Use ppKey instead of C-sign-key to encrypted E-id to E'-id into Reconfig
Announcement frame on the Enrollee side.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Store the received privacy protection key from Connector into
wpa_supplicant network profile and indicate it through the control
interface similarly to C-sign-key.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This provides the new privacy protection key to the Enrollee so that
this can be used to protect E-id in Reconfig Announcement frames.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Generate a new key for Configurator. This is either generated
automatically for the specified curve or provided from external source
with the new ppkey=<val> argument similarly to the way c-sign-key was
previously generated.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
We don't really need to duplicate more of this, so just
move the lib.rules include to the end and do more of the
stuff that's common anyway there.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Derive the library name from the directory name, and let each
library Makefile only declare the objects that are needed.
This reduces duplicate code for the ar call. While at it, also
pretty-print that call.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
When files change that go into a static library such as libutils.a, then
libutils.a doesn't get rebuilt from, e.g., wlantest because the
top-level Makefile just calls the library make if the library doesn't
exist yet.
Change that by making the library depend on a phony target (cannot make
it itself phony due to the pattern) so that the build will always
recurse into the library build, and check there if the library needs to
be rebuilt.
While at it, remove the (actually unnecessary) mkdir so it doesn't get
done each and every time you do 'make'.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The objs.mk include changes for archive files broke things
completely and none of the dependency files (*.d) ever got
included, as the expansion there ended up empty.
Clearly, my mistake, I should've tested that better. As we
don't need the %.a files in the list there use filter-out
to remove them, rather than what I had lazily wanted to do,
which was trying to read %.d files for them. The filter-out
actually works, and avoids looking up files that can never
exist in the first place.
Fixes: 87098d3324 ("build: Put archive files into build/ folder too")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Setting of the PN for the receive SA failed because the SCI wasn't
provided. Fix this by adding the needed attribute to the command.
Signed-off-by: Ze Gan <ganze718@gmail.com>
Now that we no longer leave build artifacts outside the build folder, we
can clean up the gitignore a bit. Also move more things to per-folder
files that we mostly had already anyway.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This is something I hadn't previously done, but there are
cases where it's needed, e.g., building 'wlantest' and then
one of the tests/fuzzing/*/ projects, they use a different
configuration (fuzzing vs. not fuzzing).
Perhaps more importantly, this gets rid of the last thing
that was dumped into the source directories, apart from
the binaries themselves.
Note that due to the use of thin archives, this required
building with absolute paths.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
wolfSSL_X509_get_ext_d2i() returns STACK_OF(GENERAL_NAME)* for
ALT_NAMES_OID therefore wolfSSL_sk_value needs to expect a
WOLFSSL_GENERAL_NAME*.
In addition, explicitly check for NULL return from wolfSSL_sk_value().
Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
If kernel advertises a band with channels < 2.4 GHz
hostapd/wpa_supplicant gets confused and assumes this is an IEEE
802.11b, corrupting the real IEEE 802.11b band info.
Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
