lifeng [Fri, 10 Mar 2017 10:51:56 +0000 (18:51 +0800)]
QCA vendor attributes to extend antenna diversity functionality
1. Add new attribute to report corresponding antenna information to the
chain RSSI which is used in subcmd
QCA_NL80211_VENDOR_SUBCMD_GET_CHAIN_RSSI.
2. Add a series of attr to support the new wmi interface
WMI_PDEV_PARAM_ANT_DIV_USRCFG which export parameters setting of antenna
diversity algorithm to userspace.
Zhang Qian [Fri, 10 Mar 2017 13:12:49 +0000 (21:12 +0800)]
Add vendor attribute to config propagation delay's absolute value
QCA_WLAN_VENDOR_ATTR_CONFIG_PROPAGATION_ABS_DELAY is added to set
propagation delay's absolute value. This is a more detailed version of
QCA_WLAN_VENDOR_ATTR_CONFIG_PROPAGATION_DELAY.
Jouni Malinen [Mon, 13 Mar 2017 15:05:55 +0000 (17:05 +0200)]
P2P: Run full P2P_FIND scan after pending scan completes
If a P2P_FIND command is issued for running the initial full scan and
the attempt to start that full scan fails, the previous behavior was to
wait for the ongoing scan to complete and then continue p2p_find scan
iterations. However, this continued with the social channels scan
instead of the initial full scan. This could end up missing the full
scan completely.
Fix this by marking the full scan pending if the new scan cannot be
started immediately. Then start the initial full scan after the ongoing
scan completes before moving to social channel only scan iterations.
This applies both for the P2P_FIND_START_WITH_FULL (no specific
frequency set) and P2P_FIND_PROGRESSIVE cases since both of them start
with a single full scan round.
Jouni Malinen [Mon, 13 Mar 2017 10:50:50 +0000 (12:50 +0200)]
P2P: Continue scanning specified channel with P2P_FIND freq argument
This makes the "P2P_FIND freq=<MHz>" operation more robust by continuing
to include the specified frequency in the consecutive scan rounds
instead of including it only once in the first scan. In other words, the
first scan is only for the specified frequency just like the previous
behavior, but the following scans include all the social channels and
the specified frequency instead of just the previously used social
channels.
Jouni Malinen [Sun, 12 Mar 2017 20:45:35 +0000 (22:45 +0200)]
FILS: Add FILS SK auth PFS support in STA mode
This adds an option to configure wpa_supplicant to use the perfect
forward secrecy option in FILS shared key authentication. A new build
option CONFIG_FILS_SK_PFS=y can be used to include this functionality. A
new runtime network profile parameter fils_dh_group is used to enable
this by specifying which DH group to use. For example, fils_dh_group=19
would use FILS SK PFS with a 256-bit random ECP group.
Jouni Malinen [Sun, 12 Mar 2017 20:40:56 +0000 (22:40 +0200)]
FILS: Add FILS SK auth PFS support in AP mode
This adds an option to configure hostapd to enable use of perfect
forward secrecy option in FILS shared key authentication. A new build
option CONFIG_FILS_SK_PFS=y can be used to include this functionality. A
new runtime configuration parameter fils_dh_group is used to enable this
by specifying which DH group to use. For example, fils_dh_group=19 would
allow FILS SK PFS to be used with a 256-bit random ECP group.
Jouni Malinen [Sun, 12 Mar 2017 18:40:43 +0000 (20:40 +0200)]
OWE: Use AKM 00-0F-AC:11 style parameters for EAPOL-Key frames
draft-harkins-owe-07.txt does not specify these parameters, so need to
pick something sensible to use for the experimental implementation. The
Suite B 128-bit level AKM 00-0F-AC:11 has reasonable parameters for the
DH group 19 case (i.e., SHA256 hash), so use it for now. This can be
updated if the OWE RFC becomes clearer on the appropriate parameters
(KEK/KCK/MIC length, PRF/KDF algorithm, and key-wrap algorithm).
Jouni Malinen [Sun, 12 Mar 2017 09:53:21 +0000 (11:53 +0200)]
OWE: Process Diffie-Hellman Parameter element in STA mode
This adds STA side addition of OWE Diffie-Hellman Parameter element into
(Re)Association Request frame and processing it in (Re)Association
Response frame.
Jouni Malinen [Sat, 11 Mar 2017 23:26:43 +0000 (01:26 +0200)]
OWE: Process Diffie-Hellman Parameter element in AP mode
This adds AP side processing for OWE Diffie-Hellman Parameter element in
(Re)Association Request frame and adding it in (Re)Association Response
frame.
Jouni Malinen [Sat, 11 Mar 2017 20:38:47 +0000 (22:38 +0200)]
Extend hmac_sha256_kdf() to support HKDF-Expand() as defined in RFC 5869
The KDF define in RFC 5295 is very similar to HKDF-Expand() defined in
RFC 5869. Allow a NULL label to be used to select the RFC 5869 version
with arbitrary seed (info in RFC 5869) material without forcing the
label and NULL termination to be included. HKDF-Expand() will be needed
for OWE.
Johannes Berg [Tue, 7 Mar 2017 16:20:59 +0000 (18:20 +0200)]
wpa_supplicant: Allow disabling HT in AP mode without HT overrides
Since VHT can be toggled explicitly, also expose being able to disable
HT explicitly, without requiring HT overrides. Continue making it
default to enabled though.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Tue, 7 Mar 2017 16:20:58 +0000 (18:20 +0200)]
tests: add wpa_supplicant 80 MHz VHT network test
Add a test for the configuration knobs exposed in the previous
patch; more precisely, add a test that creates an 80 MHz VHT
network through wpa_supplicant (without P2P).
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Jörg Krause [Thu, 9 Mar 2017 09:59:48 +0000 (10:59 +0100)]
WPS: Notify about WPS PBC event in Enrollee mode
Previously, the event "WPS-PBC-ACTIVE" was only generated when
wpa_supplicant is operating as WPS Registrar whereas "WPS-SUCCESS" or
"WPS-TIMEOUT" are generated for both, the Registrar and the Enrollee
roles.
Also generate the event when wpa_supplicant is operating as WPS Enrollee
to allow monitoring the begin and the end of a WPS PBC process.
Johannes Berg [Wed, 8 Mar 2017 20:41:17 +0000 (21:41 +0100)]
wpa_supplicant: events: Don't bounce timeout reason through a buffer
There's no point in making the code use a stack buffer and first copying
the string there, only to copy it again to the output. Make the output
directly use the reason string.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Avraham Stern [Wed, 8 Mar 2017 12:37:40 +0000 (14:37 +0200)]
WNM: Add option to configure candidates for BTM query candidate list
Add a mechanism to configure the candidates for BTM query candidate list
manually. This can be used to verify AP behavior for various candidates
preferences.
Avraham Stern [Wed, 8 Mar 2017 12:37:38 +0000 (14:37 +0200)]
WNM: Use a dynamically allocated buffer for BTM query and response
BSS transition management query and response use a large static buffer
for the frame because the candidate list may require a lot of space.
However, in most cases the actually used space will be much less than
the buffer (since the candidate list is short or completely missing).
Use a dynamically allocated buffer instead and allocate it according
to the actual space needed.
While at it, remove unneeded filling of the MAC header in the Action
frames, since this gets ignored and wpa_drv_send_action() adds the MAC
header anyway.
Jouni Malinen [Fri, 10 Mar 2017 16:57:12 +0000 (18:57 +0200)]
MBO: Parse MBO ANQP-element on STA
This extends the GAS/ANQP parser in wpa_supplicant to process MBO
ANQP-elements and indicate received Cellular Data Connection Preference
values over the control interface.
When a valid MBO ANQP-element is received, the following control
interface message is sent:
Jouni Malinen [Fri, 10 Mar 2017 16:33:51 +0000 (18:33 +0200)]
MBO: Add MBO ANQP-element processing on AP
This extends the GAS server to process MBO ANQP-elements and reply to a
query for the Cellular Data Connection Preference (if configured). The
new configuration parameter mbo_cell_data_conn_pref can be used to set
the value (0, 1, or 255) for the preference to indicate.
Jouni Malinen [Fri, 10 Mar 2017 15:02:22 +0000 (17:02 +0200)]
ANQP: Extend ANQP_GET command to request without IEEE 802.11 elements
Previously, ANQP_GET required at least one IEEE 802.11 ANQP-element to
be requested. This is not really necessary, so allow a case where
num_ids == 0 as long as the request includes at least one Hotspot 2.0 or
MBO ANQP-element.
Avraham Stern [Thu, 9 Mar 2017 13:19:58 +0000 (15:19 +0200)]
MBO: Add option to add MBO query list to ANQP query
MBO techspec v0.0_r27 changed the MBO ANQP-element format. The MBO
element in ANQP query should now include an MBO Query List element that
contains a list of MBO elements to query.
Add API to add the MBO Query List to an ANQP query.
As FCC DFS requirement does not explicitly mention about the validity of
the (pre-)CAC when channel is switched, it is safe to assume that the
pre-CAC result will not be valid once the CAC completed channel is
switched or radar detection is not active on the (CAC completed) channel
within a time period which is allowed (10 seconds - channel switch time)
as per FCC DFS requirement.
Use the new driver event to allow the driver to notify expiry of the CAC
result on a channel. Move the DFS state of the channel to 'usable' when
processing pre-CAC expired event. This means any future operation on
that channel will require a new CAC to be completed. This event is
applicable only when DFS is not offloaded to the kernel driver.
When DFS channel state is shared across multiple radios on the system it
is possible that a CAC completion event is propagated from other radio
to us. When in enabled state, do not proceed with setup completion upon
processing CAC completion event with devices where DFS is not offloaded,
when in state other than enabled make sure the configured DFS channel is
in available state before start the AP.
nl80211: Add option to delay start of schedule scan plans
The userspace may want to delay the the first scheduled scan.
This enhances sched_scan to add initial delay (in seconds) before
starting first scan cycle. The driver may optionally choose to
ignore this parameter and start immediately (or at any other time).
This uses NL80211_ATTR_SCHED_SCAN_DELAY to add this via user
global configurable option: sched_scan_start_delay.
Jouni Malinen [Wed, 8 Mar 2017 14:16:37 +0000 (16:16 +0200)]
RRM: Fix wpas_rrm_send_msr_report() loop handling
The while (len) loop was updating the next pointer at the end even when
len == 0, i.e., when the new next value won't be used. This could result
in reading one octet beyond the end of the allocated response wpabuf.
While the read value is not really used in practice, this is not correct
behavior, so fix this by skipping the unnecessary next pointer update in
len == 0 case.
Avraham Stern [Wed, 8 Mar 2017 12:31:49 +0000 (14:31 +0200)]
RRM: Use dynamically allocated buffer for beacon report
The maximum required size for each Beacon Report element is known in
advance: it is the size of the Beacon Report element fixed fields + the
size of the Reported Frame Body subelement.
Allocate the buffer used for constructing the Beacon Report element
dynamically with the maximum needed size, instead of using a very
large static buffer.
Jouni Malinen [Tue, 7 Mar 2017 16:13:05 +0000 (18:13 +0200)]
tests: Fix authsrv_errors_1 and authsrv_errors_3 when running on host
Use a non-existing directory in the path to avoid SQLite from being able
to create a new database file. The previous design worked in the VM case
due to the host file system being read-only, but a bit more is needed
for the case when this is running on the host.
Johannes Berg [Tue, 7 Mar 2017 09:17:23 +0000 (10:17 +0100)]
Use os_memdup()
This leads to cleaner code overall, and also reduces the size
of the hostapd and wpa_supplicant binaries (in hwsim test build
on x86_64) by about 2.5 and 3.5KiB respectively.
The mechanical conversions all over the code were done with
the following spatch:
MBO: Add support for transition reject reason code
Add support for rejecting a BSS transition request using MBO reject
reason codes. A candidate is selected or rejected based on whether it is
found acceptable by both wpa_supplicant and the driver. Also accept any
candidate meeting a certain threshold if disassoc imminent is set in BTM
Request frame.
nl80211: Driver command for checking BTM accept/reject
Add driver interface command using the QCA vendor extensions to check
the driverr whether to accept or reject a BSS transition candidate. For
the reject case, report an MBO reject reason code.
Avraham Stern [Mon, 6 Mar 2017 11:30:38 +0000 (13:30 +0200)]
tests: Make beacon report tests remote compatible
Use the new hostapd.add_ap() API (i.e., pass the ap device as a
parameter instead of the interface name) in beacon report tests to
make them remote compatible, and mark them appropriately.
Jouni Malinen [Mon, 6 Mar 2017 21:53:33 +0000 (23:53 +0200)]
tests: Make wnm_bss_tm_req a bit more efficient and robust
Use a local variable for the STA address instead of fetching it
separately for each operation. Dump control interface monitor events
between each test message to avoid increasing the socket output queue
unnecessarily.
Jouni Malinen [Sun, 5 Mar 2017 14:16:42 +0000 (16:16 +0200)]
RADIUS server: Fix error paths in new session creation
radius_server_session_free() does not remove the session from the
session list and these radius_server_get_new_session() error paths ended
up leaving a pointer to freed memory into the session list. This
resulted in the following operations failing due to use of freed memory.
Fix this by using radius_server_session_remove() which removes the entry
from the list in addition to calling radius_server_session_free().
Jouni Malinen [Sat, 4 Mar 2017 09:42:15 +0000 (11:42 +0200)]
Fix DHCP/NDISC snoop deinit followed by failing re-init
It was possible to hit a double-free on the l2_packet socket if
initialization of DHCP/NDISC snoop failed on a hostapd interface that
had previously had those enabled successfully. Fix this by clearing the
l2_packet pointers during deinit.
Hu Wang [Wed, 1 Mar 2017 14:39:30 +0000 (16:39 +0200)]
Clear scan_res_handler on no-retry failure
Previously it was possible for wpa_s->scan_res_handler to remain set to
its old value in case wpa_drv_scan() failed and no retry for the scan
trigger was scheduled (i.e., when last_scan_req == MANUAL_SCAN_REQ).
This could result in getting stuck with the next connection attempt
after a failed "SCAN TYPE=ONLY" operation when wpa_s->scan_res_handler
was set to scan_only_handler().
Fix this by clearing wpa_s->scan_res_handler if wpa_drv_scan() fails and
no retry is scheduled.
Gaole Zhang [Wed, 1 Mar 2017 07:56:32 +0000 (15:56 +0800)]
QCA nl80211 vendor attribute for specific sub-20 MHz channel width
Define a new attribute QCA_WLAN_VENDOR_ATTR_CONFIG_SUB20_CHAN_WIDTH.
This attribute can set a station device to work in 5 or 10 MHz channel
width while in disconnect state.
Jouni Malinen [Wed, 1 Mar 2017 09:25:49 +0000 (11:25 +0200)]
tests: WNM BSS TM with explicit Table E-4 indication
wnm_bss_tm_global uses an unknown country code to use Table E-4. Extend
that with otherwise identical test case wnm_bss_tm_global4, but with the
country string explicitly indicating use of Table E-4 while using a
known country code.
Jouni Malinen [Wed, 1 Mar 2017 08:58:15 +0000 (10:58 +0200)]
Make the third octet of Country String configurable
The new hostapd.conf parameter country3 can now be used to configure the
third octet of the Country String that was previously hardcoded to ' '
(= 0x20).
For example:
All environments of the current frequency band and country (default)
country3=0x20
Outdoor environment only
country3=0x4f
Indoor environment only
country3=0x49
Noncountry entity (country_code=XX)
country3=0x58
IEEE 802.11 standard Annex E table indication: 0x01 .. 0x1f
Annex E, Table E-4 (Global operating classes)
country3=0x04
Jouni Malinen [Mon, 27 Feb 2017 22:03:48 +0000 (00:03 +0200)]
tests: Fix EAPOL frame source address in protocol tests
The send_eapol() calls for delivering frames to wpa_supplicant had a
copy-paste bug from the earlier hostapd cases. These were supposed to
use the BSSID, not the address of the station, as the source address.
The local address worked for most cases since it was practically
ignored, but this could prevent the race condition workaround for
association event from working. Fix this by using the correct source
address (BSSID).
Jouni Malinen [Sun, 26 Feb 2017 23:10:02 +0000 (01:10 +0200)]
af_alg: Crypto wrappers for Linux kernel crypto (AF_ALG)
CONFIG_TLS=linux can now be used to select the crypto implementation
that uses the user space socket interface (AF_ALG) for the Linux kernel
crypto implementation. This commit includes some of the cipher, hash,
and HMAC functions. The functions that are not available through AF_ALG
(e.g., the actual TLS implementation) use the internal implementation
(CONFIG_TLS=internal).