Commit graph

1272 commits

Author SHA1 Message Date
Jouni Malinen
b719a1568a DPP2: Parse AKM suite selector version of akm node
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-01 14:21:51 +03:00
Jouni Malinen
68fea96038 DPP2: Allow Configurator to use AKM suite selectors in Config Object
The new use_akm_selector=1 value to Configurator parameters can now be
used to request a list of AKM suite selectors to be used in the
Configuration Object if the Enrollee supports version 2 or newer.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-01 14:21:51 +03:00
Jouni Malinen
52d469de11 DPP2: Support multiple Config Objects in Enrollee
Process all received DPP Configuration Object attributes from
Configuration Result in Enrollee STA case. If wpa_supplicant is
configured to add networks automatically, this results in one network
being added for each included Configuration Object.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-01 14:21:51 +03:00
Jouni Malinen
7eb06a3369 DPP2: Allow multiple Config Objects to be build on Configurator
Special @CONF-OBJ-SEP@ string can now be used as a DPP configuration
string value to split the string into two different components to
configure two Config Objects for an Enrollee.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-01 14:21:51 +03:00
Jouni Malinen
99918e069a DPP: Cleaned up netrole indication for config object building
Include netrole as part of struct dpp_configuration to make config
object building more flexible.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-01 14:21:51 +03:00
Jouni Malinen
f32aa244ef DPP: Debug print configRequest bandSupport on Configurator
Go through the received bandSupport JSON array and print its contents in
the debug log. This information might be exposed to upper layer
configuration generation/use somehow in the future.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-19 00:21:47 +03:00
Jouni Malinen
8f8c423a51 DPP: Add bandSupport JSON array into config request
Indicate supported global operating classes when wpa_supplicant is
operating as an Enrollee.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-19 00:21:47 +03:00
Jouni Malinen
5a5639b068 DPP: Allow name and mudurl to be configured for Config Request
The new hostapd and wpa_supplicant configuration parameters dpp_name and
dpp_mud_url can now be used to set a specific name and MUD URL for the
Enrollee to use in the Configuration Request. dpp_name replaces the
previously hardcoded "Test" string (which is still the default if an
explicit configuration entry is not included). dpp_mud_url can
optionally be used to add a MUD URL to describe the Enrollee device.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-19 00:21:47 +03:00
Jouni Malinen
16ef233bf1 DPP2: Connection status result (Enrollee)
Add support for reporting connection status after provisioning if the
Configurator requests this.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-16 17:25:34 +03:00
Jouni Malinen
b10e01a795 DPP2: Connection status result (Configurator)
A new argument to the DPP_AUTH_INIT command (conn_status=1) can now be
used to set Configurator to request a station Enrollee to report
connection result after a successfully completed provisioning step. If
the peer supports this, the DPP-CONF-SENT event indicates this with a
new argument (wait_conn_status=1) and the Configurator remains waiting
for the connection result for up to 16 seconds.

Once the Enrollee reports the result, a new DPP-CONN-STATUS-RESULT event
is generated with arguments result, ssid, and channel_list indicating
what the Enrollee reported. result=0 means success while non-zero codes
are for various error cases as specified in the DPP tech spec. If no
report is received from the Enrollee, the event with "timeout" argument
is generated locally.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-16 17:13:46 +03:00
Jouni Malinen
e501a2eb59 DPP2: Connection status result defines
Add defines for the connection status result mechanism.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-15 17:03:04 +03:00
Jouni Malinen
cc8399528b DPP2: Move dpp_build_conf_result() to be within ifdef block
This is more consistent with the use of CONFIG_DPP2 since the
Configuration Result message is sent only when using version 2 or newer.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-15 16:45:16 +03:00
Jouni Malinen
3a6736fe87 DPP2: Fix a memory leak on error path for Config Result
If only one of the allocations fails, the successful allocation needs to
be freed on the error path.

Fixes: 22f90b32f1 ("DPP2: Configuration Result message generation and processing")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-15 16:30:40 +03:00
Alexei Avshalom Lazar
dc6c3be4e2 wpa_supplicant: Add support for 60 GHz band channels 5 and 6
The previous support in the 60 GHz band was for channels 1-4.
Add support for channels 5 and 6.

Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
2019-09-13 16:14:17 +03:00
Jouni Malinen
d842e00bd6 SAE: Return result from confirm CN() operation to the caller
These functions could fail in theory, so report the result to the
caller.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-08 18:02:47 +03:00
Srinivas Dasari
0df82a3daf Correct the type/usage of QCA_ATTR_ROAM_CONTROL_SCAN_FREQ_LIST
Update the documentation of QCA_ATTR_ROAM_CONTROL_SCAN_FREQ_LIST
to make it a nested attribute to carry frequencies of type u32.
This is to be in sync with the nl80211 attribute
NL80211_ATTR_SCAN_FREQUENCIES.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-08 17:48:14 +03:00
Jouni Malinen
7d2ed8bae8 Remove CONFIG_IEEE80211W build parameter
Hardcode this to be defined and remove the separate build options for
PMF since this functionality is needed with large number of newer
protocol extensions and is also something that should be enabled in all
WPA2/WPA3 networks.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-09-08 17:33:40 +03:00
John Crispin
0497e41481 HE: Fix HE Capabilities element size
Set the max value of optional bytes inside the data structure. This
requires us to calculate the actually used size when copying the
HE capabilities and generating the IE.

Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Sven Eckelmann <seckelmann@datto.com>
2019-08-30 15:59:20 +03:00
Krishna Rao
a2e0cc9e09 Add nl80211 vendor ACS trigger reasons related to interference
Add the following ACS trigger reasons to enum
qca_wlan_vendor_acs_select_reason:
1) QCA_WLAN_VENDOR_ACS_SELECT_REASON_GENERIC_INTERFERENCE
       Generic, uncategorized interference found
2) QCA_WLAN_VENDOR_ACS_SELECT_REASON_80211_INTERFERENCE
       Excessive 802.11 interference found
3) QCA_WLAN_VENDOR_ACS_SELECT_REASON_CW_INTERFERENCE
       Continuous Wave (CW) interference found
4) QCA_WLAN_VENDOR_ACS_SELECT_REASON_MWO_INTERFERENCE
       Microwave Oven (MWO) interference found
5) QCA_WLAN_VENDOR_ACS_SELECT_REASON_FHSS_INTERFERENCE
       Frequency-Hopping Spread Spectrum (FHSS) interference found
6) QCA_WLAN_VENDOR_ACS_SELECT_REASON_NON_80211_FHSS_INTERFERENCE
       Non-802.11 Frequency-Hopping Spread Spectrum (FHSS) interference
       found
7) QCA_WLAN_VENDOR_ACS_SELECT_REASON_WB_INTERFERENCE
       Wideband (WB) interference found
8) QCA_WLAN_VENDOR_ACS_SELECT_REASON_NON_80211_WB_INTERFERENCE
       Non-802.11 Wideband (WB) interference found
9) QCA_WLAN_VENDOR_ACS_SELECT_REASON_JAMMER_INTERFERENCE
       Jammer interference found

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-30 15:46:18 +03:00
Jouni Malinen
c38c62ff78 wlantest: Derive PMK-R1 and PTK for FT protocol cases
Track PMK-R0/PMK-R0-Name from the initial mobility domain association
and derive PMK-R1/PTK when the station uses FT protocol. This allows
frames from additional roaming cases to be decrypted.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-22 22:14:47 +03:00
Jouni Malinen
528f263c4a FT: Reject over-the-DS response with MFPC=0 if PMF is required
If FT over-the-DS case is enforced through the "FT_DS <BSSID>" control
interface command, the PMF capability check during BSS selection is not
used and that could have allowed PMF to be disabled in the over-the-DS
case even if the local network profile mandated use of PMF. Check
against this explicitly to avoid unexpected cases if the APs within the
same mobility domain are not configured consistently.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-16 13:55:26 +03:00
Jouni Malinen
2ca23faf1c Make wpa_insert_pmkid() more generic
This is not used only with FT, so make the comments less confusing and
include the function in all builds to make it available for
non-FT/non-FILS builds.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-14 17:47:58 +03:00
Rajeev Kumar Sirasanagandla
485dd425ba Add QCA vendor command for avoid frequency feature
Add vendor command QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY_EXT
and attribute qca_wlan_vendor_attr_avoid_frequency_ext to send structured
avoid frequency data.

This new command is alternative to existing command
QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY since existing command is
using stream of bytes instead of structured data using vendor attributes.

Signed-off-by: Rajeev Kumar Sirasanagandla <rsirasan@codeaurora.org>
2019-08-09 19:52:24 +03:00
Rajeev Kumar Sirasanagandla
6ae1247bfa Update QCA vendor attributes for 6 GHz band support
As a part of P802.11ax amendment, 6 GHz band operation is added.

Since the 6 GHz channel numbers are overlapping with existing 2.4 GHz
and 5 GHz channel numbers, use frequency to identify unique channel
operation instead of channel number. Channel frequency is unique across
bands.

In the existing QCA vendor interface, wherever missing, add frequency
attributes to identify unique channel operation. In addition, add
comments to document some of the previously missed attributes/values.

Note: If both channel and frequency attributes are present in vendor
command/event and
(a) If both the driver and user-space application supports 6 GHz band
then channel related attributes are deprecated and use frequency
attributes.
(b) If either driver or user-space application or both doesn't
support 6 GHz band then use channel attributes.

Signed-off-by: Rajeev Kumar Sirasanagandla <rsirasan@codeaurora.org>
2019-08-09 19:52:24 +03:00
Rajeev Kumar Sirasanagandla
aa23ece3de Add QCA vendor channel attribute to restart AP
Add QCA_WLAN_VENDOR_ATTR_SAP_CONFIG_CHANNEL attribute in
enum qca_wlan_vendor_attr_sap_config to use with vendor command
QCA_NL80211_VENDOR_SUBCMD_SET_SAP_CONFIG.

This new attribute is used to restart AP on given channel.

Signed-off-by: Rajeev Kumar Sirasanagandla <rsirasan@codeaurora.org>
2019-08-09 19:52:23 +03:00
Rajeev Kumar Sirasanagandla
85508ecf67 Add QCA vendor command to configure ACS policy
Add a QCA vendor sub command QCA_NL80211_VENDOR_SUBCMD_ACS_POLICY
with attributes enum qca_wlan_vendor_attr_acs_config and
enum qca_acs_dfs_mode to configure ACS policy.

Signed-off-by: Rajeev Kumar Sirasanagandla <rsirasan@codeaurora.org>
2019-08-09 19:52:23 +03:00
Srinivas Dasari
2395fdb67b Add QCA vendor attributes to enhance roaming configuration
This enhances the existing vendor command QCA_NL80211_VENDOR_SUBCMD_ROAM
with the following configurations:
1. Set/get/clear roam control
2. Set/get the channels on which the roaming has to be triggered.
3. Set/get the roam scan period.
4. Configure the triggers for roaming.
5. Configure the candidate selection criteria.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-08 23:52:06 +03:00
Sunil Dutt
1425caac28 Rename qca_wlan_vendor_attr_roam_subcmd to represent subcmds
qca_wlan_vendor_attr_roam_subcmd is an enum associated with the
attribute QCA_WLAN_VENDOR_ATTR_ROAMING_SUBCMD. It represents different
sub command values and these are not the attributes. Hence, rename the
enum to qca_wlan_vendor_roaming_subcmd. Accordingly, the members of this
enum are also renamed to suite the usage.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-08 18:45:08 +03:00
Sunil Dutt
f131196319 Document the attributes used by QCA_NL80211_VENDOR_SUBCMD_ROAM
This commit documents the attributes used by
QCA_NL80211_VENDOR_SUBCMD_ROAM.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-08 18:45:04 +03:00
Jouni Malinen
fa1d5ec182 The master branch is now used for v2.10 development
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-07 17:51:53 +03:00
Jouni Malinen
ca8c2bd28a Preparations for v2.8 release
Update the version number for the build and also add the ChangeLog
entries for both hostapd and wpa_supplicant to describe main changes
between v2.7 and v2.8.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-07 16:25:25 +03:00
Jouni Malinen
7122a02fa5 SAE: Fix order_len for FFC groups
The KCK, PMK, and PMKID derivation fix broke SAE key derivation for all
FFC groups. Fix that by setting sae->tmp->order_len for FFC groups (it
was only set for ECC groups).

Fixes: ac734a342e ("SAE: Fix KCK, PMK, and PMKID derivation for groups 22, 23, 24")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-05 16:52:20 +03:00
Jouni Malinen
29ef1c5ee4 DPP: Use a common helper function for ECDH operations
This replaces the separately implemented ECDH operations with a single
helper function to avoid code duplication. In addition, this introduces
a workaround for strange OpenSSL behavior where the first
EVP_PKEY_derive(NULL) call to learn the size of the output shared secret
returns unexpectedly large buffer (72 octets when expected 32 octets for
group 19). It is not known what is causing this, but such behavior seems
to be showing up every now and then at least when running hwsim test
cases under UML and apparently mainly (only?) in the sigma_dut
controller cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-04 12:10:20 +03:00
Jouni Malinen
ac734a342e SAE: Fix KCK, PMK, and PMKID derivation for groups 22, 23, 24
IEEE Std 802.11-2016 is not exactly clear on the encoding of the bit
string that is needed for KCK, PMK, and PMKID derivation, but it seems
to make most sense to encode the (commit-scalar + peer-commit-scalar)
mod r part as a bit string by zero padding it from left to the length of
the order (in full octets).

The previous implementation used the length of the prime (in full
octets). This would work for KCK/PMK, but this results in deriving all
zero PMKIDs for the groups where the size of the order is smaller than
the size of the prime. This is the case for groups 22, 23, and 24.
However, those groups have been marked as being unsuitable for use with
SAE, so this fix should not really have a practical impact anymore.
Anyway, better fix it and document this clearly in the implementation
taken into account the unclarity of the standard in this area.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-03 17:00:39 +03:00
Jouni Malinen
876c5eaa6d dragonfly: Disable use of groups using Brainpool curves
Disable groups that use Brainpool curves for now since they leak more
timing information due to the prime not being close to a power of two.
This removes use of groups 28, 29, and 30 from SAE and EAP-pwd.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-07-27 23:36:27 +03:00
Jouni Malinen
fc03ea2c1f DPP: Avoid void pointer arithmetic
This is a compiler specific extension and not compliant with the C
standard.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-24 19:32:52 +03:00
Jouni Malinen
43aafef8df Add missed wpa_akm_to_suite() selectors
These SAE, OWE, DPP, and OSEN AKM suite selectors were covered in the
reverse conversion in rsn_key_mgmt_to_bitfield(), but were missing from
wpa_akm_to_suite(). Add them to make AKM suite selector reporting more
accurate in RADIUS Accounting messages (and future users of this
function).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-24 12:48:44 +03:00
Jouni Malinen
bfb6a482f6 dragonfly: SAE/EAP-pwd min PWE derivation iteration count to shared code
Use a shared function to determine the k parameter, i.e., the minimum
number of iterations of the PWE derivation loop, for SAE and EAP-pwd.
This makes it easier to fine-tune the parameter based on the negotiated
group, if desired.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-23 21:21:30 +03:00
Paul Zhang
6a4406c015 Add QCA vendor attributes for ELNA bypass
Add attributes QCA_WLAN_VENDOR_ATTR_CONFIG_ELNA_BYPASS under
the enum qca_wlan_vendor_attr_config to support set and get
the ELNA bypass.

Signed-off-by: Paul Zhang <paulz@codeaurora.org>
2019-07-22 20:48:43 +03:00
Srinivas Dasari
176c133e91 Add a vendor attribute to configure disconnect IEs
Add a new vendor attribute QCA_WLAN_VENDOR_ATTR_DISCONNECT_IES
to configure disconnect IEs to the driver. Driver shall fill
these IEs in disassoc/deauth frame.
These IEs are expected to be considered only for the next
immediate disconnection (disassoc/deauth frame) originated by
the DUT, irrespective of the entity (user space/driver/firmware)
triggering the disconnection.
The host drivers are not expected to use the IEs set through
this interface for further disconnections after the first immediate
disconnection initiated post the configuration.
If the IEs are also updated through cfg80211 interface (after the
enhancement to cfg80211_disconnect), host driver is expected to
take the union of IEs from both of these interfaces and send in
further disassoc/deauth frames.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-19 14:49:14 +03:00
Paul Zhang
123895228d Add QCA vendor command to support OEM data
Add a QCA vendor sub command QCA_NL80211_VENDOR_SUBCMD_OEM_DATA
with attributes qca_wlan_vendor_attr_oem_data_params to support
OEM data. It is used to send OEM data binary blobs from
application/service to firmware. The attributes defined in enum
qca_wlan_vendor_attr_oem_data_params are used to deliver the
parameters.

Signed-off-by: Paul Zhang <paulz@codeaurora.org>
2019-07-19 14:47:18 +03:00
Jouni Malinen
147bf7b88a SAE: Run through prf result processing even if it >= prime
This reduces differences in timing and memory access within the
hunting-and-pecking loop for ECC groups that have a prime that is not
close to a power of two (e.g., Brainpool curves).

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-07-02 22:19:27 +03:00
Vamsi Krishna
9c7e4f94de Add a QCA vendor attr to disable auto resume beacon reporting
The driver automatically starts beacon reporting if it pauses the beacon
reporting for any reason other than disconnection. In specific cases,
userspace may not want the beacon reporting to be automatically resumed
after a pause. Add interface support for userspace to specify driver not
to start beacon reporting automatically after a pause.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-05 23:10:56 +03:00
Shiva Krishna Pittala
1006c4be2d Add QCA vendor attributes for configuring Spectral DMA debug
Add the following vendor attributes under the enum
qca_wlan_vendor_attr_spectral_scan to support the configuration of
Spectral DMA debug.

  1. QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_DMA_RING_DEBUG
	Enable/disable debug of the Spectral DMA ring
  2. QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_DMA_BUFFER_DEBUG
	Enable/disable debug of the Spectral DMA buffers

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-31 23:06:29 +03:00
Edayilliam Jayadev
0fa0858fe7 Add QCA vendor attributes for agile spectral scan
Add QCA vendor attributes to spectral scan related vendor commands to
support agile spectral scan.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-31 23:02:46 +03:00
John Crispin
4f3f33804a HE: Make the basic NSS/MCS configurable
Add a config option to allow setting a custom Basic NSS/MCS set. As a
default we use single stream HE-MCS 0-7.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:45:04 +03:00
John Crispin
88005ee98d HE: Pass in HE information into hostapd_set_freq_params()
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:33:59 +03:00
John Crispin
78d35b16de HE: Add AP mode MLME/SME handling for HE stations
Process HE information in (Re)Association Request frames and add HE
elements into (Re)Association Response frames when HE is enabled in the
BSS.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:40:48 +03:00
John Crispin
8f5fc369e2 HE: Fix HE Capabilities element variable length encoding
The HE Capibilities element has dynamic size due to the variable length
and optional fields at the end. Mask out the channel width capabilities
that are less than the configured. Only add the MCS/NSS sets for the
announced channel widths and also add the PPET elements.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:30:23 +03:00
John Crispin
b04e43086b HE: Remove vht_ prefix from shared set_freq argument
oper_chwidth is used for both VHT and HE here.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:30:05 +03:00
John Crispin
464dcfd030 HE: Remove VHT_ prefix from CHANWITDH_* define
The bandwidth values are shared between VHT and HE mode so remove the
VHT specific prefix.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:27:49 +03:00
John Crispin
289a9cf7ae HE: Add HE Operation element to element parser
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:27:41 +03:00
Jouni Malinen
b1aee7a622 DPP: Fix bootstrapping URI parser to handle channel list for an opclass
The bootstrapping URI format for DPP was extended during protocol design
to allow a list of channels without having to repeat the same operating
class information for each channel. That change was not included in the
initial implementation of the parser and a channel-list like
"C:81/1,6,11" would not be understood correctly (i.e., only the longer
"C:81/1,81/6,81/11" form would have been parsed correctly).

Fix this by extending the parser to accept both the shorter and longer
form for a list of channels within a single operating class.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-23 01:34:24 +03:00
Jouni Malinen
6602d9e3a6 DPP: Fix a memory leak in testing sequence
Do not allow auth->own_protocol_key to be overridden without having
freed the previously stored key in case a test sequence in
dpp_proto_auth_conf_replaced_by_resp is used.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 20:38:10 +03:00
Jouni Malinen
c5622b43cd DPP: Fix a memory leak on duplicate Authentication Response
Do not allow auth->peer_protocol_key to be overridden without having
freed the previously stored key in case two Authentication Response
messages are received.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 20:25:10 +03:00
Jouni Malinen
1cdfe8d23f DPP: Fix a memory leak in PKEX Qi/Qr derivation
The result of EC_GROUP_dup() needs to be freed, so do so within the
derivation functions for all error cases and in the callers for success
cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 19:59:21 +03:00
Jouni Malinen
677e120181 dragonfly: Fix a memory leak on error path
This is mostly a theoretical case, but since crypto_bignum_rand() could
fail, need to free the allocated struct crypto_bignum *tmp in such a
case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 18:55:57 +03:00
Jouni Malinen
57ec74ea9b DPP: Fix memory leak in EC_GROUP handling
EC_GROUP_new_by_curve_name() allocates memory for the returned pointer,
so need to free this with EC_GROUP_free() before leaving the calling
functions. This was leaking memory when parsing JWK and when performing
PKEX.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 18:32:29 +03:00
Jouni Malinen
7a9ddba6f5 DPP: Fix a memory leak in key pair generation
ec_params needs to be free within dpp_gen_keypair() to avoid leaking the
allocated memory.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 18:27:06 +03:00
Paul Zhang
fb10f3bb65 Add subcmd QCA_NL80211_VENDOR_SUBCMD_INTEROP_ISSUES_AP
In practice, some APs have interop issues with the DUT. This sub command
is used to transfer the AP info between the driver and user space. This
works both as a command and event. As a command, it configures the
stored list of APs from user space to firmware; as an event, it
indicates the AP info detected by the firmware to user space for
persistent storage. The attributes defined in enum
qca_vendor_attr_interop_issues_ap are used to deliver the parameters.

Signed-off-by: Paul Zhang <paulz@codeaurora.org>
2019-05-07 13:03:51 +03:00
Jeff Johnson
fd1c2ca521 Add QCA_WLAN_VENDOR_ATTR_WIFI_INFO_RADIO_INDEX
Update enum qca_wlan_vendor_attr_get_wifi_info to add support for
attribute QCA_WLAN_VENDOR_ATTR_WIFI_INFO_RADIO_INDEX. In addition
update the documentation for qca_wlan_vendor_attr_get_wifi_info and
QCA_NL80211_VENDOR_SUBCMD_GET_WIFI_INFO to fully describe the
operation of the command and the format of the attributes.

Signed-off-by: Jeff Johnson <jjohnson@codeaurora.org>
2019-05-02 17:13:46 +03:00
Vamsi Krishna
ae21cffb2c Add QCA vendor command to support beacon reporting feature
Add a QCA vendor sub command QCA_NL80211_VENDOR_SUBCMD_BEACON_REPORTING
to implement beacon reporting feature. Different operations required to
implement this feature can be specified in
QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_OP_TYPE.

Userspace requests the driver/firmware to periodically report received
Beacon frames whose BSSID matches the current connected BSS's MAC
address. If userspace requests the driver/firmware to send beacon
reports actively, the driver encapsulates the details of the beacon in
an event and sends it to userspace asynchronously. Otherwise, the driver
will only update the beacon in cfg80211 scan cache but will not send any
event to userspace.

If this command is not issued, the current behavior of the
driver/firmware is to update the cfg80211 scan cache only when there is
a scan issued by the host in progress or whenever there is a change in
IEs of the Beacon frames from the current connected BSS.

The userspace requests the driver/firmware to stop reporting beacons
when reporting is not required anymore. If the driver/firmware is not
able to receive Beacon frames because of other Wi-Fi operations such as
off-channel activities, etc., the driver/firmware sends a pause event to
userspace and stops reporting Beacon frames. The driver/firmware
indicates whether the beacon reporting automatically resumes later by
using the QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_AUTO_RESUMES flag. If
userspace doesn't want the beacon reporting to be resumed automatically,
userspace can send QCA_WLAN_VENDOR_BEACON_REPORTING_OP_STOP command to
the driver to stop beacon reporting.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-02 15:08:31 +03:00
Jouni Malinen
b93a0ce7bd DPP2: Check conn->ctrl more consistently
There is no point in checking this pointer against NULL after it has
been dereferenced. Move the check to the beginning of the function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-28 20:28:46 +03:00
Jouni Malinen
73338db029 Share common SAE and EAP-pwd functionality: own scalar generation
Use a shared helper function for deriving rand, mask, and own scalar.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-26 17:33:44 +03:00
Jouni Malinen
e6f9eab90e HE: Fix HE Operation element byte order on bigendian CPUs
The first four octets of the element were used as a host byte order u32.
That is not correct on bigendian CPUs, so handle byte swapping needs
properly. Mark the he_oper_params field as le32 to explicitly indicate
the byte order and swap the generated params content based on CPU byte
order.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 23:57:47 +03:00
Jouni Malinen
17749e948a Share common SAE and EAP-pwd functionality: is_quadratic_residue
Use a shared helper function for the blinded mechanism of determining
the Legendre symbol.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 23:49:49 +03:00
Jouni Malinen
a9615b1b88 Share common SAE and EAP-pwd functionality: random 1..p-1 creation
Use a shared helper function to create a random value in 1..p-1 range
for is_quadratic_residue().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 23:49:49 +03:00
Jouni Malinen
6c9543fcb7 Share common SAE and EAP-pwd functionality: random qr/qnr creation
Use a shared helper function to create random qr/qnr values.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 23:49:49 +03:00
Jouni Malinen
2b84ca4dd9 Share common SAE and EAP-pwd functionality: suitable groups
Start sharing common SAE and EAP-pwd functionality by adding a new
source code file that can be included into both. This first step is
bringing in a shared function to check whether a group is suitable.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 23:49:49 +03:00
Jouni Malinen
ff229da309 Share a single buf_shift_right() implementation
Move the identical function used by both SAE and EAP-pwd to
src/utils/common.c to avoid duplicated implementation.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 23:49:43 +03:00
Jouni Malinen
8e14b030e5 SAE: Use const_time_memcmp() for pwd_value >= prime comparison
This reduces timing and memory access pattern differences for an
operation that could depend on the used password.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 18:52:34 +03:00
John Crispin
2ec71488b5 HE: Add Spatial Reuse Parameter Set element to the Beacon frames
SPR allows us to detect OBSS overlaps and allows us to do adaptive CCA
thresholds. For this to work the AP needs to broadcast the element
first.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-04-25 12:15:36 +03:00
John Crispin
7cac255632 HE: Fix Operation Parameters order
According to P802.11ax/D4.0 9.4.2.238 (HE Operation element) the BSS
Color Information field is located after the HE Operation Parameters
field. Fix the ordering of the bit masks/offsets for fields in these 3+1
octets used as a single 32-bit value. With these changes, Wireshark 3.2
is able to properly parse and display Beacon frames.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-04-25 11:55:39 +03:00
Omer Dagan
95f556f3c7 Make channel switch started event available over control interface
This makes it easier to upper layer components to manage operating
channels in cases where the same radio is shared for both station and AP
mode virtual interfaces.

Signed-off-by: Omer Dagan <omer.dagan@tandemg.com>
2019-04-22 22:08:07 +03:00
Alex Khouderchah
9c95124418 Add 802.11 status code strings
Logs involving IEEE 802.11 Status Codes output the Status Code value,
but do not provide any explanation of what the value means. This change
provides a terse explanation of each status code using the latter part
of the Status Code #define names.

Signed-off-by: Alex Khouderchah <akhouderchah@chromium.org>
2019-04-22 22:08:07 +03:00
Alex Khouderchah
cfde99a84b Add 802.11 reason code strings into wpa_supplicant messages
Logs involving IEEE 802.11 Reason Codes output the Reason Code value,
but do not provide any explanation of what the value means. This change
provides a terse explanation of each Reason Code using the latter part
of the reason code #define names.

Signed-off-by: Alex Khouderchah <akhouderchah@chromium.org>
2019-04-22 22:08:05 +03:00
Jouni Malinen
88a78bdde4 DPP2: Protocol exchange over TCP using Controller/Relay
Add initial implementation of DPP-over-TCP. This adds the general TCP
encapsulation routines into the shared src/common/dpp.c implementation.
That functionality will be exposed through hostapd and wpa_supplicant in
the following commits.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-22 21:08:59 +03:00
Jouni Malinen
9ffec2e854 DPP: Make pkhash available in bootstrapping info
This can be helpful for testing DPP2 Controller functionality (get
pkhash from Controller to Relay).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-21 23:14:37 +03:00
Jouni Malinen
2ed2b52ff5 DPP: Add configuration structure to dpp_global_init()
This can be used to provide configurable parameter to the global DPP
context. This initial commit introduces the msg_ctx context pointer for
wpa_msg().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-21 21:35:32 +03:00
Jouni Malinen
516ccede8f The master branch is now used for v2.9 development
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-21 17:04:07 +03:00
Jouni Malinen
6396282430 Preparations for v2.8 release
Update the version number for the build and also add the ChangeLog
entries for both hostapd and wpa_supplicant to describe main changes
between v2.7 and v2.8.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-21 10:10:22 +03:00
Jouni Malinen
ac8fa9ef19 SAE: Fix confirm message validation in error cases
Explicitly verify that own and peer commit scalar/element are available
when trying to check SAE confirm message. It could have been possible to
hit a NULL pointer dereference if the peer element could not have been
parsed. (CVE-2019-9496)

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-09 17:11:15 +03:00
Jouni Malinen
cff138b074 SAE: Use constant time operations in sae_test_pwd_seed_ffc()
Try to avoid showing externally visible timing or memory access
differences regardless of whether the derived pwd-value is smaller than
the group prime.

This is related to CVE-2019-9494.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-09 17:11:15 +03:00
Jouni Malinen
f8f20717f8 SAE: Use const_time selection for PWE in FFC
This is an initial step towards making the FFC case use strictly
constant time operations similarly to the ECC case.
sae_test_pwd_seed_ffc() does not yet have constant time behavior,
though.

This is related to CVE-2019-9494.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-09 17:11:15 +03:00
Jouni Malinen
90839597cc SAE: Mask timing of MODP groups 22, 23, 24
These groups have significant probability of coming up with pwd-value
that is equal or greater than the prime and as such, need for going
through the PWE derivation loop multiple times. This can result in
sufficient timing different to allow an external observer to determine
how many rounds are needed and that can leak information about the used
password.

Force at least 40 loop rounds for these MODP groups similarly to the ECC
group design to mask timing. This behavior is not described in IEEE Std
802.11-2016 for SAE, but it does not result in different values (i.e.,
only different timing), so such implementation specific countermeasures
can be done without breaking interoperability with other implementation.

Note: These MODP groups 22, 23, and 24 are not considered sufficiently
strong to be used with SAE (or more or less anything else). As such,
they should never be enabled in runtime configuration for any production
use cases. These changes to introduce additional protection to mask
timing is only for completeness of implementation and not an indication
that these groups should be used.

This is related to CVE-2019-9494.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-09 17:11:15 +03:00
Jouni Malinen
362704dda0 SAE: Avoid branches in is_quadratic_residue_blind()
Make the non-failure path in the function proceed without branches based
on r_odd and in constant time to minimize risk of observable differences
in timing or cache use. (CVE-2019-9494)

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-09 17:11:15 +03:00
Jouni Malinen
6513db3e96 SAE: Minimize timing differences in PWE derivation
The QR test result can provide information about the password to an
attacker, so try to minimize differences in how the
sae_test_pwd_seed_ecc() result is used. (CVE-2019-9494)

Use heap memory for the dummy password to allow the same password length
to be used even with long passwords.

Use constant time selection functions to track the real vs. dummy
variables so that the exact same operations can be performed for both QR
test results.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-09 17:11:15 +03:00
Jouni Malinen
83f13e4ff6 tests: Fix build without CONFIG_SAE
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-09 16:24:38 +03:00
Jouni Malinen
bbde461d7e Fix a typo in the Multiple BSSID Index element ID define
This was not used anywhere, so just rename the define to fix the typo.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-08 23:42:12 +03:00
Jouni Malinen
1326cb7653 DPP: Fix a regression in non-DPP, non-OpenSSL builds
Inclusion of common/dpp.h into hostapd/main.c brought in an undesired
unconditional dependency on OpenSSL header files even for builds where
DPP is not enabled. Fix this by making the dpp.h contents, and in
particular the inclusion of openssl/x509.h, conditional on CONFIG_DPP.

Fixes: 87d8435cf9 ("DPP: Common configurator/bootstrapping data management")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-08 18:13:19 +03:00
Jouni Malinen
db54db11ae SAE: Reject unsuitable groups based on REVmd changes
The rules defining which DH groups are suitable for SAE use were
accepted into IEEE 802.11 REVmd based on this document:
https://mentor.ieee.org/802.11/dcn/19/11-19-0387-02-000m-addressing-some-sae-comments.docx

Enforce those rules in production builds of wpa_supplicant and hostapd.
CONFIG_TESTING_OPTIONS=y builds can still be used to select any o the
implemented groups to maintain testing coverage.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-08 18:11:00 +03:00
Jouni Malinen
3d93e26e66 tests: SAE test vector from IEEE P802.11-REVmd/D2.1, Annex J.10
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-06 13:26:15 +03:00
Sunil Dutt
e5711b6181 Add a QCA vendor attribute to carry the reason for roaming
This commit introduces an attribute
QCA_WLAN_VENDOR_ATTR_ROAM_AUTH_REASON to carry the roam reason code
through QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH event.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-05 21:15:16 +03:00
Jouni Malinen
bd23daa8e6 DPP: Move GAS encapsulation into dpp_build_conf_req()
Avoid duplicated code in each user of dpp_build_conf_req() by moving the
common encapsulation case into this helper function.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-03 19:10:47 +03:00
Jouni Malinen
87d8435cf9 DPP: Common configurator/bootstrapping data management
Merge the practically copy-pasted implementations in wpa_supplicant and
hostapd into a single shared implementation in dpp.c for managing
configurator and boostrapping information. This avoid unnecessary code
duplication and provides a convenient location for adding new global DPP
data.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-24 17:29:45 +02:00
Jouni Malinen
130444738b FILS: Fix KEK2 derivation for FILS+FT
The offset update for copying KEK2 from the extended PTK was overriding
the offset instead of incrementing it (a likely copy-paste error from
the first offset assignment based on KCK). This resulted in KEK2 being
set to incorrect segment of PTK. Fix this by updating the offset
properly so that KEK2 is copied from the correct place at the end of the
PTK.

Fixes: 2f37387812 ("FILS: Add more complete support for FT-FILS use cases")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-20 22:26:56 +02:00
Jouni Malinen
10ec6a5f38 DPP2: PFS for PTK derivation
Use Diffie-Hellman key exchange to derivate additional material for
PMK-to-PTK derivation to get PFS. The Diffie-Hellman Parameter element
(defined in OWE RFC 8110) is used in association frames to exchange the
DH public keys. For backwards compatibility, ignore missing
request/response DH parameter and fall back to no PFS in such cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-18 18:32:31 +02:00
Jouni Malinen
ecacd9ccd4 DPP2: Extend wpa_pmk_to_ptk() to support extra Z.x component in context
DPP allows Diffie-Hellman exchange to be used for PFS in PTK derivation.
This requires an additional Z.x (x coordinate of the DH shared secret)
to be passed to wpa_pmk_to_ptk(). This commit adds that to the function
and updates all the callers to pass NULL,0 for that part in preparation
of the DPP specific changes to start using this.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-18 01:31:31 +02:00
Jouni Malinen
18015fc8a4 DPP2: Support new legacy+DPP config object credentials
This allows devices supporting DPP protocol version 2 or newer to
provision networks that enable both the legacy (PSK/SAE) and DPP
credentials.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-16 18:52:06 +02:00
Jouni Malinen
9305c2332b DPP: Clean up configuration parsing
Share a single parsing implementation for both hostapd and
wpa_supplicant to avoid code duplication. In addition, clean up the
implementation to be more easily extensible.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-16 17:29:59 +02:00
Jouni Malinen
67b3bcc954 DPP2: Testing option for Config Object rejction
Add a new testing option to force Enrollee to reject the receive Config
Object.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-15 00:31:09 +02:00
Jouni Malinen
22f90b32f1 DPP2: Configuration Result message generation and processing
Use this new message from Enrollee to Configurator to indicate result of
the config object provisioning if both devices support protocol version
2 or newer.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-15 00:31:09 +02:00
Arif Hussain
02bde9581f Vendor attribute to enable or disable TWT request support
Add a new QCA vendor attribute for testing purposes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-13 14:56:59 +02:00
Jouni Malinen
0b4a906de1 DPP2: Protocol version indication
Send out the new Protocol Version attribute in Authentication
Request/Response messages and determine the peer version based on this
attribute.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-13 13:22:37 +02:00
stonez
48102f65ef Add a vendor subcommand QCA_NL80211_VENDOR_SUBCMD_MPTA_HELPER_CONFIG
This subcommand is used to update Zigbee state and specified WLAN
durations to enhance success ratio of Zigbee joining network. The
attributes defined in enum qca_mpta_helper_vendor_attr are used to
deliver these parameters to the driver.

Signed-off-by: stonez <stonez@codeaurora.org>
2019-03-12 13:00:24 +02:00
Amir Patel
f10a4af1bd Add QCA vendor command/event and attributes for peer rate statistics
Peer rate statistics is per-peer cached data in the driver. These
statistics needs to be flushed to a user space application on
synchronous/asynchronous events. This command is used as an event from
the driver to flush per-peer cached statistics to the application.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-12 12:42:58 +02:00
Sunil Dutt
b9cd4f5e75 Vendor feature capability for TWT (Target Wake Time)
Add a new QCA vendor specific feature capability indication for the
device to indicate the support of TWT.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-06 14:13:33 +02:00
Sunil Dutt
877502a6a7 Vendor attribute to indicate a set_blacklist of BSSID only as a hint
The current/default behavior of set blacklist BSSID QCA vendor command
is a mandate to the driver - do not consider this BSSID for connect/roam
till reset.

There are use cases where this need not be a mandate and thus could
provide the flexibility for the driver to consider this BSSID if there
are no better ones. Such use cases can use this new flag attribute to
only hint the blacklist of a BSSID to the driver.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-06 14:09:15 +02:00
Kiran Kumar Lokere
a9247bcdf2 Vendor attribute to configure HE testbed default capabilities
Add a new QCA vendor attribute for testing purposes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-06 14:04:28 +02:00
Kiran Kumar Lokere
8a7510cc0d Vendor attribute to configure support to enable VHT in 2.4G band
Add a new QCA vendor attribute for testing purposes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-06 14:03:56 +02:00
Kiran Kumar Lokere
8919ec616b Vendor attribute to configure HE OMI UL MU data disable
Add a new QCA vendor attribute for testing purposes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-06 14:02:37 +02:00
Jouni Malinen
fd83089120 SAE: Reuse previously generated PWE on a retry with the same AP
Do not start SAE authentication from scratch when the AP requests
anti-clogging token to be used. Instead, use the previously generated
PWE as-is if the retry is for the same AP and the same group. This saves
unnecessary processing on the station side in case the AP is under heavy
SAE authentiation load.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-06 13:07:11 +02:00
Lior David
2c129a1b71 Fix cipher suite selector default value in RSNE for DMG
According to IEEE Std 802.11-2016, 9.4.2.25 when fields of an RSNE are
not included, the default values are used. The cipher suite defaults
were hardcoded to CCMP in the previous implementation, but the default
is actually different for DMG: GCMP (per 9.4.2.25.2).

It is not possible to find out from the RSNE if the network is non-DMG
or DMG, so callers of wpa_parse_wpa_ie_rsn() need to handle this case
based on context, which can be different for each caller.

In order to fix this issue, add flags to the wpa_ie_data indicating
whether pairwise/group ciphers were included in the RSNE. Callers can
check these flags and fill in the appropriate ciphers. The
wpa_parse_wpa_ie_rsn() function still initializes the ciphers to CCMP by
default so existing callers will not break. This change also fixes some
callers which need to handle the DMG network case.

Signed-off-by: Lior David <liord@codeaurora.org>
2019-02-21 12:42:24 +02:00
Jiani Liu
239794018e Add new QCA vendor attributes for coex configuration
Signed-off-by: Jiani Liu <jianil@codeaurora.org>
2019-02-21 12:24:45 +02:00
Arun Kumar Khandavalli
d939a8cb49 Add a vendor attribute for specifying ethernet protocol type
This new QCA vendor attribute adds provision to specify the
ethernet protocol id from userspace to the packets which are
offloaded to the driver/firmware (e.g., IPv4, IPv6).

Signed-off-by: Arun Kumar Khandavalli <akhandav@codeaurora.org>
2019-02-21 12:18:19 +02:00
Jouni Malinen
b0e91e3877 SAE: VLAN assignment based on SAE Password Identifier
The new sae_password parameter [|vlanid=<VLAN ID>] can now be used to
assign stations to a specific VLAN based on which SAE Password
Identifier they use. This is similar to the WPA2-Enterprise case where
the RADIUS server can assign stations to different VLANs and the
WPA2-Personal case where vlanid parameter in wpa_psk_file is used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-17 17:24:23 +02:00
Qun Zhang
31ee2992c7 Add QCA vendor subcmd/attribute to check wlan firmware state
Allow user space applications to check whether wlan firmware is alive
through an nl80211 vendor command.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-15 02:09:41 +02:00
Jouni Malinen
ccaf774767 Add HE Capabilities into ieee802_11_parse_elems()
This is needed to determine whether an association negotiated use of HE.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-15 02:09:41 +02:00
Jouni Malinen
092a19222b Use for_each_element() in ieee802_11_parse_elems()
Use the new iteration macro to simplify the impelmentation and make it
more consistent with other IE parsers.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-11 13:51:11 +02:00
Johannes Berg
b50a638965 common: Use for_each_element_id/_extid for get_ie/get_ie_ext/get_vendor_ie
Simplifications based on the new iteration macros.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-02-11 13:37:22 +02:00
Johannes Berg
b644797429 common: Use for_each_element_id() in mb_ies_info_by_ies()
The change is bigger because here we need to catch the error
condition if the last element doesn't fit.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-02-11 13:37:22 +02:00
Johannes Berg
9008048f0f common: Use for_each_element_id() in ieee802_11_vendor_ie_concat()
Simple cleanup using the new iteration helper macro.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-02-11 13:37:22 +02:00
Johannes Berg
eb84238df6 common: Use for_each_element() in ieee802_11_ie_count()
Simple cleanup using the new macros.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-02-11 13:37:22 +02:00
Johannes Berg
0e0c31bdc5 common: Add strongly typed element iteration macros
Rather than always iterating elements from frames with pure
u8 pointers, add a type "struct element" that encapsulates
the id/datalen/data format of them.

Then, add the element iteration macros
 * for_each_element
 * for_each_element_id
 * for_each_element_extid

which take, as their first 'argument', such a structure and
iterate through a given u8 array interpreting it as elements.

While at it also add
 * for_each_subelement
 * for_each_subelement_id
 * for_each_subelement_extid

which instead of taking data/length just take an outer element
and use its data/datalen.

Also add for_each_element_completed() to determine if any of
the loops above completed, i.e., it was able to parse all of
the elements successfully and no data remained.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-02-11 13:37:22 +02:00
Jouni Malinen
c4e90da6d0 MBO: Move the WNM-Notification subtype definitions to common location
Do not use a separate enum for MBO WNM-Notification Request frame
subtype values since these share the same number space with the Hotspot
2.0 ones.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-06 19:10:17 +02:00
Jouni Malinen
105b14f54b HS 2.0: Update the T&C Acceptance subtype value
The previously used value 2 was already assigned for another purpose
(MBO non-preferred channel report), so the newer T&C Acceptable
definition needs to be updated with a unique value.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-06 19:10:17 +02:00
stonez
fff8da8ace Add a vendor attribution to transfer EVM information
This new QCA vendor attribute indicates the EVM value in netlink.

Signed-off-by: stonez <stonez@codeaurora.org>

:100644 100644 ad5dac2... ede4fc8... M	src/common/qca-vendor.h
2019-01-21 12:28:05 +02:00
Sunil Dutt
9da1641a4c Clarify documentation of avoid channels expectations
The vendor command QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY was defined
to carry the list of avoid frequencies that aim to avoid any
interference with other coexistencies. This recommendation was followed
strictly by trying to prevent WLAN traffic on the impacted channels.

This commit refines the expectation of the interface by defining this
avoid channel list to allow minimal traffic but not heavier one. For
example, P2P may still be able to use avoid list frequencies for P2P
discovery and GO negotiation if the actual group can be set up on a not
impact channel.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-01-12 12:39:36 +02:00
Siva Mullati
11ce7a1bc3 HE: Add MU EDCA Parameter Set element (AP)
Add support for configuring parameters for the MU EDCA Parameter Set
element per IEEE P802.11ax/D3.0.

Signed-off-by: Siva Mullati <siva.mullati@intel.com>
2019-01-08 17:22:43 +02:00
Kiran Kumar Lokere
166ab0b780 QCA vendor commands to configure HE +HTC capability and OM control Tx
Define QCA vendor command attributes to configure HE +HTC support and
HE operating mode control transmission. This is used to configure the
testbed device.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-01-07 22:55:20 +02:00
Jouni Malinen
89d79150ac Avoid forward references to enum types in ieee802_11_common.h
These are not allowed in ISO C++ (and well, not really in ISO C either,
but that does not result in compiler warning without pedantic
compilation).

Since ieee802_11_common.h may end up getting pulled into C++ code for
some external interfaces, it is more convenient to keep it free of these
cases. Pull in ieee802_11_defs.h to get enum phy_type defined and move
enum chan_width to common/defs.h (which was already pulled in into
src/drivers/driver.h and src/common/ieee802_11_common.h).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-01-07 17:26:40 +02:00
Janusz Dziedzic
bb35e2d214 hostapd: Work around an interop connection issue in FT-PSK + WPA-PSK
While the AP is configured to enable both FT-PSK and WPA-PSK, an HP
printer request both AKMs (copied from AP?) in Association Request
frame, but don't add MDIE and don't use FT. This results in the
connection failing.

Next in logs we see:

RSN: Trying to use FT, but MDIE not included
IE - hexdump(len=26): 30 18 01 00 00 0f ac 04 01 00 00 0f ac 04
                      02 00 00 0f ac 02 00 0f ac 04 00 00

This is seen with some HP and Epson printers. Work around this by
stripping FT AKM(s) when MDE is not present and there is still a non-FT
AKM available.

Signed-off-by: Janusz Dziedzic <janusz@plumewifi.com>
2019-01-06 21:10:08 +02:00
Jouni Malinen
b686745c76 Android: Harden wpa_ctrl_open2() against potential race conditions
The Android-specific chmod and chown operations on the client socket
(for communication with wpa_supplicant) did not protect against file
replacement between the bind() and chmod()/chown() calls. If the
directory in which the client socket is created (depends a bit on the
version and platform, but /data/misc/wifi/sockets is commonly used)
allows write access to processes that are different (less privileged)
compared to the process calling wpa_ctrl_open2(), it might be possible
to delete the socket file and replace it with something else (mainly, a
symlink) before the chmod/chown operations occur. This could have
resulted in the owner or permissions of the target of that symlink being
modified.

In general, it would be safest to use a directory which has more limited
write privileges (/data/misc/wifi/sockets normally has 'wifi' group
(AID_WIFI) with write access), but if that cannot be easily changed due
to other constraints, it is better to make wpa_ctrl_open2() less likely
to enable this type of race condition between the operations.

Replace chown() with lchown() (i.e., a version that does not dereference
symlinks) and chmod() with fchmod() on the socket before the bind() call
which is also not going to dereference a symlink (whereas chmod()
would). lchown() is a standard operation, but the fchmod() on the socket
is less so (unspecified behavior in some systems). However, it seems to
work on Linux and in particular, on Android, where this code is
executed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-06 20:20:20 +02:00
Dmitry Lebed
ce6d9ce15b hostapd: Add supported channel bandwidth checking infrastructure
This adds checks to common code to verify supported bandwidth options
for each channel using nl80211-provided info. No support of additional
modes is added, just additional checks. Such checks are needed because
driver/hardware can declare more strict limitations than declared in the
IEEE 802.11 standard. Without this patch hostapd might select
unsupported channel and that will fail because Linux kernel does check
channel bandwidth limitations.

Signed-off-by: Dmitry Lebed <dlebed@quantenna.com>
2019-01-06 11:54:34 +02:00
Jouni Malinen
ed87f6a80e Use a helper function for checking Extended Capabilities field
The new ieee802_11_ext_capab() and wpa_bss_ext_capab() functions can be
used to check whether a specific extended capability bit is set instead
of having to implement bit parsing separately for each need.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-02 18:13:19 +02:00
Avraham Stern
ecef0687dc RRM: Support for Last Beacon Report Indication subelement
IEEE P802.11-REVmd/D2.0, 9.4.2.20.7 (Beacon request) and 9.4.2.21.7
(Beacon report) add the Last Beacon Report Indication subelement to
Beacon Request and Beacon Report elements.

Add the Last Beacon Report Indication subelement to all Beacon Report
elements if the Beacon Request indicated that this subelement is
requested.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2019-01-02 16:26:11 +02:00
Avraham Stern
3ec118780a RRM: Add support for beacon report fragmentation
When the frame body subelement would cause the measurement report
element to exceed the maximum element size, the frame body subelement
used to be truncated. In addition, some elements were always truncated
in order to keep the reported frame body short (e.g. RSN IE).

Alternatively, IEEE P802.11-REVmd/D2.0, 9.4.2.21.7 extension to Beacon
reporting can be used: The frame body subelement is fragmented across
multiple beacon report elements, and the reported frame body fragment ID
subelement is added.

Use beacon report fragmentation instead of truncating the frame body
as this method gives the AP a more complete information about the
reported APs.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2019-01-02 15:54:55 +02:00
Ben Greear
2a54979695 wpa_ctrl: Make wpa_cli ping/pong work more reliably
In 2013 or so, IFNAME=foo was prepended to at least the Unix socket
communication from wpa_supplicant to wpa_cli. This broke the (fragile)
logic that made ping/pong work more often when wpa_supplicant is busy
sending logging info to wpa_cli.

Adding check for IFNAME=foo makes this work better.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2019-01-02 00:45:59 +02:00
Sergey Matyukevich
fb60dbdcec vlan: Use new bridge ioctl()
Legacy ioctl() through SIOCDEVPRIVATE are deprecated. Follow the
approach taken by bridge-utils and make use of new bridge ioctl's
whenever possible.

For example, using legacy ioctl() breaks dynamic VLAN mode on 32-bit
Linux systems running 64-bit kernels.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
2019-01-02 00:23:43 +02:00
Beni Lev
19677b77c3 OCE: Add RSSI based association rejection support (STA)
An AP might refuse to connect a STA if it has a low RSSI. In such case,
the AP informs the STA with the desired RSSI delta and a retry timeout.
Any subsequent association attempt with that AP (BSS) should be avoided,
unless the RSSI level improved by the desired delta or the timeout has
expired.

Defined in Wi-Fi Alliance Optimized Connectivity Experience technical
specification v1.0, section 3.14 (RSSI-based association rejection
information).

Signed-off-by: Beni Lev <beni.lev@intel.com>
2019-01-01 17:56:25 +02:00
Veerendranath Jakkam
dbe7f6da77 Vendor command to query the supported AKMs from the driver
This new QCA vendor command is used to query the supported AKM suite
selectors from the driver. There has been no such capability indication
from the driver and thus the current user space has to assume the driver
to support all the AKMs. This may be the case with some drivers (e.g.,
mac80211-based ones) but there are cfg80211-based drivers that implement
SME and have constraints on which AKMs can be supported (e.g., such
drivers may need an update to support SAE AKM using
NL80211_CMD_EXTERNAL_AUTH). Allow such drivers to specify the exact set
of supported AKMs so that user space tools can determine what network
profile options should be allowed to be configured. This command returns
the list of supported AKM suite selectors in the attribute
NL80211_ATTR_AKM_SUITES.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-21 21:09:48 +02:00
Jouni Malinen
5bcddb9302 DPP: Fix build with LibreSSL 2.8.3
Looks like LibreSSL 2.8 pulled in the OpenSSL API change to mark the
first argument to X509_ALGOR_get0() const.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-21 12:21:03 +02:00
Venkateswara Naralasetty
9c06f0f6ae hostapd: Add Multi-AP protocol support
The purpose of Multi-AP specification is to enable inter-operability
across Wi-Fi access points (APs) from different vendors.

This patch introduces one new configuration parameter 'multi_ap' to
enable Multi-AP functionality and to configure the BSS as a backhaul
and/or fronthaul BSS.

Advertise vendor specific Multi-AP capabilities in (Re)Association
Response frame, if Multi-AP functionality is enabled through the
configuration parameter.

A backhaul AP must support receiving both 3addr and 4addr frames from a
backhaul STA, so create a VLAN for it just like is done for WDS, i.e.,
by calling hostapd_set_wds_sta(). Since Multi-AP requires WPA2 (never
WEP), we can safely call hostapd_set_wds_encryption() as well and we can
reuse the entire WDS condition.

To parse the Multi-AP Extension subelement, we use get_ie(): even though
that function is meant for parsing IEs, it works for subelements.

Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org>
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2018-12-20 01:04:14 +02:00
Mathy Vanhoef
f9da7505bf OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.

On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.

Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.

As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 15:42:23 +02:00
Mathy Vanhoef
697652085f OCV: Add function to verify a received OCI element
ocv_verify_tx_params() verifies that the receive OCI element includes
field values that are compatible with the local channel configuration.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 00:02:14 +02:00
Mathy Vanhoef
f53aeff415 OCV: Parse all types of OCI information elements
Add functionality to parse all variations of the OCI element.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 00:02:14 +02:00
Mathy Vanhoef
6ab73efa72 OCV: Add utility functions to insert OCI elements
This commit adds utility functions to insert various encoding of the OCI
element.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 00:02:14 +02:00
Mathy Vanhoef
b1d05aee8b OCV: Protocol definitions
Define protocol identifiers for Operating Channel Verification (OCV)
based on IEEE P802.11-REVmd/D2.0.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 20:31:21 +02:00
Mathy Vanhoef
d706e0d7a3 Add functions to convert channel bandwidth to an integer
This adds two utility functions to convert both operating classes and
and the chan_width enum to an integer representing the channel
bandwidth. This can then be used to compare bandwidth parameters in an
uniform manner.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 18:35:30 +02:00
Mathy Vanhoef
dbe473fd22 Add utility function to derive operating class and channel
This function can be used to easily convert the parameters returned
by the channel_info driver API, into their corresponding operating
class and channel number.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 18:35:30 +02:00
Jouni Malinen
2205ca0dfe HS 2.0: Update supported release number to 3
Release 3 functionality is included, so start advertising support for
that release.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-08 14:06:58 +02:00
Peng Xu
891e1668c0 hostapd: Update HE Capabilities and Operation element definition
Update HE Capabilities/Operation element definition based on IEEE
P802.11ax/D3.0.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-07 15:17:02 +02:00
Edayilliam Jayadev
4c02242d04 Define spectral scaling parameters as QCA vendor specific attributes
Add spectral scaling parameters as vendor attributes to the
QCA_NL80211_VENDOR_SUBCMD_SPECTRAL_SCAN_GET_CAP_INFO vendor subcommand.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-04 20:57:32 +02:00
Jouni Malinen
368c9dc0bd The master branch is now used for v2.8 development
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-02 22:55:28 +02:00
Jouni Malinen
c2c6c01bb8 Update version to v2.7 and copyright years to include 2018
Also add the ChangeLog entries for both hostapd and wpa_supplicant to
describe main changes between v2.6 and v2.7.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-02 21:34:59 +02:00
Jouni Malinen
4a450ba201 DPP: Do not reply to PKEX request with identifier if no local identifier
The reverse case (local identifier configured but no identifier
received) was already covered, but PKEX is not going to complete
successfully if there is any difference in identifier configuration, so
ignore this other case as well. This avoids unnecessary responses to
PKEX requests with identifier from a device that is ready for PKEX in
general, but not for that particular request.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-02 12:30:11 +02:00
Jouni Malinen
810bedf23f DPP: Check own_bi/peer_bi pointers more consistently
This gets rid of smatch warnings about a dereference before check.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-30 21:28:19 +02:00
Jouni Malinen
89b6d8a2f0 DPP: Fix no-Status protocol testing in Auth Resp error case
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-27 17:20:41 +02:00
Sunil Dutt
acecac4c79 Define QCA_NL80211_VENDOR_SUBCMD_LINK_PROPERTIES also as an event
This commit enhances QCA_NL80211_VENDOR_SUBCMD_LINK_PROPERTIES to
also be an event, aimed to notify the link status (EX: connected
stations status on an AP link).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-27 00:27:18 +02:00
Jouni Malinen
06e62e11c7 DPP: Fix a debug print to use quotation marks consistently
The "DPP: Unexpected JWK kty" debug print missed one of the quotation
marks.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-11-25 17:31:49 +02:00
Jouni Malinen
11f07f027a DPP: Fix error path handling for GAS Comeback Response building
A local memory allocation failuring during GAS Comeback Response frame
generation could result in freeing the response context without removing
it from the list. This would result in dereferencing freed memory when
processing the next comeback request.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-11-25 13:51:26 +02:00
Jouni Malinen
c7896ef9c6 DPP: Fix memory leaks in GAS server error path handling
If local memory allocation for the GAS response failed, couple of error
paths ended up leaking some memory maintaining the state for the
exchange. Fix that by freeing the context properly.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-11-25 13:49:44 +02:00
Jouni Malinen
dc673aec46 HS 2.0: Generate AssocReq OSEN IE based on AP advertisement
Parse the OSEN IE from the AP to determine values used in the AssocReq
instead of using hardcoded cipher suites. This is needed to be able to
set the group cipher based on AP advertisement now that two possible
options exists for this (GTK_NOT_USED in separate OSEN BSS; CCMP or
GTK_NOT_USED in shared BSS case). Furthermore, this is a step towards
allowing other ciphers than CCMP to be used with OSEN.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-09 18:07:16 +02:00
Sachin Ahuja
d554402140 Define new QCA vendor command for coex priority config
Add QCA_NL80211_VENDOR_SUBCMD_COEX_CONFIG vendor command
to set the priorities among different types of traffic of
WLAN/BT/Zigbee during coex scenarios.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-09 00:20:09 +02:00
vamsi krishna
a626fb1070 Add QCA vendor event to indicate throughput changes
Add interface for drivers to report changes in TX/RX throughput
dynamically to user space. This information can be used by userspace
tools to tune kernel's TCP parameters in order to achieve peak
throughput. The driver may optionally provide guidance on which TCP
parameters to be configured for optimal performance along with the
values to be configured.

The TCP parameters that need to be tuned for peak performance are not
interface specific. Based on the guidance from the driver and
considering the other interfaces that may be affected with the new
configurations, a userspace tool has to choose the values to be
configured for these parameters to achieve optimal performance across
interfaces.

The throughput levels informed by the driver with this event are only
for providing guidance on TCP parameter tuning from userspace. The
driver may change the thresholds used to decide low or medium or high
throughput levels based on several parameters based on the PHY layer
capacity in the current connection, the number of packets being
dispatched per second, or the number of packets pending in queues, etc.
The throughput levels may not be consistent with the actual throughput
of the link.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-08 21:56:58 +02:00
Kiran Kumar Lokere
5d332a13f7 Add test config QCA vendor attribute for action frame Tx in TB PPDU
Add a new wifi test config QCA vendor attribute to configure action
frame transmission in HE trigger based PPDU.
This is used for testbed configuration.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-02 12:10:18 +02:00
Kiran Kumar Lokere
a94aab6ddd Define test config QCA vendor attribute for HE SU PPDU Tx config
Add a new wifi test config QCA vendor attribute to configure HE
single user PPDU transmission.
This is used for testbed configuration.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-02 12:09:38 +02:00
Kiran Kumar Lokere
292bce08b3 Define test config QCA vendor attribute for HE OM control config
Add a new wifi test config QCA vendor attributes to configure HE
operating mode control field bandwidth, number of spatial streams, and
UL MU disable configuration. Define a new attribute to clear the
previously set HE OM control field configuration. This is used for
testbed configuration.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-02 12:09:22 +02:00
Jouni Malinen
d514b50265 WNM: Collocated Interference Reporting
Add support for negotiating WNM Collocated Interference Reporting. This
allows hostapd to request associated STAs to report their collocated
interference information and wpa_supplicant to process such request and
reporting. The actual values (Collocated Interference Report Elements)
are out of scope of hostapd and wpa_supplicant, i.e., external
components are expected to generated and process these.

For hostapd/AP, this mechanism is enabled by setting
coloc_intf_reporting=1 in configuration. STAs are requested to perform
reporting with "COLOC_INTF_REQ <addr> <Automatic Report Enabled> <Report
Timeout>" control interface command. The received reports are indicated
as control interface events "COLOC-INTF-REPORT <addr> <dialog token>
<hexdump of report elements>".

For wpa_supplicant/STA, this mechanism is enabled by setting
coloc_intf_reporting=1 in configuration and setting Collocated
Interference Report Elements as a hexdump with "SET coloc_intf_elems
<hexdump>" control interface command. The hexdump can contain one or
more Collocated Interference Report Elements (each including the
information element header). For additional testing purposes, received
requests are reported with "COLOC-INTF-REQ <dialog token> <automatic
report enabled> <report timeout>" control interface events and
unsolicited reports can be sent with "COLOC_INTF_REPORT <hexdump>".

This commit adds support for reporting changes in the collocated
interference (Automatic Report Enabled == 1 and partial 3), but not for
periodic reports (2 and other part of 3).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-30 14:07:51 +02:00
Peng Xu
2f186d598a Define vendor specific NDP attribute for peer NDPE support
Add NAN NDP attribute QCA_WLAN_VENDOR_ATTR_PEER_NDPE_SUPPORT which
indicates if NDP remote peer supports NDPE attribute or not.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-19 20:44:44 +03:00
Visweswara Tanuku
77fcd74753 QCA vendor subcommand and attributes to configure capture of CFR data
Add a subcommand for Channel Frequency Response (CFG) Capture
Configuration and define attributes for configuring CFR capture
parameters per peer and enabling/disabling CFR capture.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-11 12:12:30 +03:00
Jouni Malinen
cad810a98f HS 2.0: OSU Provider NAI List advertisement
Extend hostapd to allow the new OSU Provider NAI List ANQP-element to be
advertised in addition to the previously used OSU Providers list
ANQP-element. The new osu_nai2 configurator parameter option is used to
specify the OSU_NAI value for the shared BSS (Single SSID) case while
osu_nai remains to be used for the separate OSU BSS.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-05 20:49:42 +03:00
vamsi krishna
edb509d49f Add QCA vendor event to report roam scan events
Driver/firmware does roam scan when it finds the need to roam to a
different BSS. Add a QCA vendor event to indicate such roam scan events
from driver/firmware to user space.

Please note that some drivers may not send these events in few cases,
e.g., if the host processor is sleeping when this event is generated in
firmware to avoid undesired wakeups.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-04 00:31:45 +03:00
Ankita Bajaj
820ea0ba93 DPP: Fix a memory leak on Configurator keygen error path
The allocated configuration structure needs to be freed if the specified
curve is not supported.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-09-21 21:22:42 +03:00
Ankita Bajaj
5a052f92eb DPP: Fix a memory leak in L derivation
The temporary EC_POINT 'sum' needs to be freed at the end of the
function with the other OpenSSL allocations.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-09-21 21:21:14 +03:00
Ankita Bajaj
bae282e3e8 DPP: Fix an error path memory leak in URI public key parsing
The allocated buffer from base64_decode() needs to be freed on the
sha256_vector() error path.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-09-21 21:20:06 +03:00
Varun Reddy Yeturu
60377efcc1 QCA vendor command support for TWT test configuration
Define new QCA vendor specific test config attributes to configure TWT.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-09-18 13:03:02 +03:00
Jouni Malinen
2b92c4f3c0 DPP: Fix test functionality for invalid keys with OpenSSL 1.1.0
It looks like at least OpenSSL 1.1.0i includes the extra checks in
EC_POINT_set_affine_coordinates_GFp() that break the previously used
mechanism for generating invalid keys. Fix this by using the alternative
design that was used with OpenSSL 1.1.1 and BoringSSL.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-09-17 17:23:10 +03:00
Jouni Malinen
3ecb8a5203 ANQP: Parse and report Venue URL information
Parse the Venue URL ANQP-element payload and report it with the new
RX-VENUE-URL event messages if the query was done using PMF.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-09-15 05:17:49 +03:00
Kiran Kumar Lokere
13dd13fc01 Define test config attribute to configure OM control support
Define a new QCA vendor specific test config attribute to configure the
support for receiving the MPDU with operating mode control subfield.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-09-06 00:01:57 +03:00
Purushottam Kushwaha
20f612d998 DPP: Set group id through DPP_AUTH_INIT or dpp_configurator_params
This enhances DPP_AUTH_INIT, DPP_CONFIGURATOR_SIGN, and SET
dpp_configurator_params to allow optional setting of the DPP groupId
string for a Connector. If the value is not set, the previously wildcard
value ("*") is used by default.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-30 23:34:00 +03:00
Nachiket Kukade
495aebd39f Add new QCA vendor command and attributes to enhance NAN
The payload used for the existing NAN vendor command,
QCA_NL80211_VENDOR_SUBCMD_NAN is a binary blob of data. This
command is not extendable to send additional information. Hence
define a new vendor command QCA_NL80211_VENDOR_SUBCMD_NAN_EXT,
that can carry the binary blob encapsulated within an attribute
and can carry additional attributes to enhance the NAN command
interface. Define additional 3 new attributes for conveying
type of NAN subcmd and channel information.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-30 22:55:19 +03:00
Nachiket Kukade
28c7f77a85 Correct the documentation of NAN vendor command
Present implementation of NAN vendor command does not use
attribute encapsulation for sending the command from userspace
to the driver, payload is directly sent as is. Attribute
QCA_WLAN_VENDOR_ATTR_NAN is used only for receiving vendor
events in the userspace from the driver. Update the doc as per
this implementation.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-30 22:50:17 +03:00
Kiran Kumar Lokere
1bac151eaf Change the ADDBA buffer size attribute type to U16 from U8
The max supported ADDBA buffer size value is 256, so change
the buffer size attribute type to U16 to configure the testbed
device to use the 256 buffer size in ADDBA negotiation in 11ax
testing.

This attribute is used only to configure a testbed device and the old
definition of this attribute was not used in any deployed implementation
hence it is still justifiable to change the definition.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-24 16:27:34 +03:00
Srinivas Dasari
d35003e501 Vendor attribute to get max blacklist BSSIDs capability
Add a QCA vendor attribute
QCA_WLAN_VENDOR_ATTR_GSCAN_MAX_BLACKLIST_BSSID to get maximum
blacklist BSSIDs capability from the driver for gscan.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-24 16:27:34 +03:00
xiaofeis
1ff8605775 mka: Support GCM-AES-256
GCM-AES-256 cipher suite is defined in IEEE Std 802.1AEbn-2011.

If authenticator configured as GCM-AES-256, the distributed SAK will be
256 bits indicated by the GCM-AES-256 ID in the MKA packet.

This patch will make AES Key Unwrap to 32 bytes of SAK when identify the
ID.

Signed-off-by: xiaofeis <xiaofeis@codeaurora.org>
2018-08-21 19:28:20 +03:00
Kiran Kumar Lokere
cbdf5a49c8 Define test config vendor attribute to override MU EDCA
Add a new test config QCA vendor attribute to override the MU EDCA
parameters to default values in the driver for test configuration. This
is used for configuring the testbed device.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-01 17:38:47 +03:00
Kiran Kumar Lokere
420b5dd814 Define test config QCA vendor attribute for HE MAC padding duration
Add a new wifi test config QCA vendor attribute to configure HE
trigger frame MAC padding duration value in the driver.
This is used for testbed configuration.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-07-06 21:27:01 +03:00
Kiran Kumar Lokere
7bf86e4416 Define test config QCA vendor attribute for HE MU EDCA params
Add a new wifi test config QCA vendor attributes to configure
HE MU EDCA parameters value in the driver.
This is used for testbed configuration.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-07-03 18:12:44 +03:00
Kiran Kumar Lokere
6cc77193c6 Define test config QCA vendor attribute for Tx beamformee NSTS
Add a new wifi test config QCA vendor attribute to configure Tx
beamformee number of space-time streams value in the driver.
This is used for testbed configuration.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-06-28 18:37:01 +03:00
Jouni Malinen
a10f5714cc HS 2.0: Allow Hotspot 2.0 version number to be overridden for build
This can be used for testing and development purposes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-06-18 20:11:52 +03:00
Jouni Malinen
c3e4f40cd6 FT: Derive PMKR0Name/PMKR1Name using SHA-384 with AKM 00-0F-AC:13
The AKM 00-0F-AC:13 is supposed to use cryptographic algorithms
consistently, but the current IEEE 802.11 standard is not doing so for
the key names: PMKID (uses SHA-1), PMKR0Name/PMKR1Name (uses SHA-256).
The PMKID case was already implemented with SHA-384 and this commit
replaces use of SHA-256 with SHA-384 for PMKR0Name/PMKR1Name derivation
to be consistent in SHA-384. While this is not compliant with the
current IEEE 802.11 standard, this is clearly needed to meet CNSA Suite
requirements. Matching change is being proposed in REVmd to get the IEEE
802.11 standard to meet the use case requirements.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-06-06 23:59:46 +03:00
Jouni Malinen
df3bf6870b FT: Debug print of IE parsing element details
This makes it easier to debug issues in processing FT frames.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 20:16:37 +03:00
Jouni Malinen
9a33737a0b FT: FTE parsing for SHA384-based AKM
The MIC field is now a variable length field, so make the FTE parser
aware of the two different field lengths.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 19:29:53 +03:00
Jouni Malinen
994eac7e61 FT: PMK-R0 derivation using SHA384-based AKM
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 19:29:53 +03:00
Jouni Malinen
1655e81c97 FT: PMKID derivation using SHA384-based AKM
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 19:29:53 +03:00
Jouni Malinen
40a2eb1164 FT: PTK derivation using SHA384-based AKM
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 19:29:53 +03:00
Jouni Malinen
7880a6a2b8 FT: PMK-R1 derivation using SHA384-based AKM
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 19:29:52 +03:00
Jouni Malinen
b327026a72 FT: FTE MIC calculation using SHA384-based AKM
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 19:29:52 +03:00
Jouni Malinen
c49a9d6b99 FT: EAPOL-Key MIC calculation using SHA384-based AKM
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 19:29:52 +03:00