Jeff Johnson [Tue, 7 Nov 2017 19:15:50 +0000 (11:15 -0800)]
Define a QCA vendor command to retrieve SAR Power limits
Previously commit c79238b6a460ab6bc6ebc5e2453fd94716393105 ('Define a
QCA vendor command to configure SAR Power limits') implemented a vendor
command interface to allow a userspace entity to dynamically control the
SAR power limits. Now implement a command to retrieve the current SAR
power limits.
vamsi krishna [Thu, 14 Dec 2017 09:44:51 +0000 (15:14 +0530)]
FILS: Driver configuration to disable/enable FILS features
The new disable_fils parameter can be used to disable FILS functionality
in the driver. This is currently removing the FILS Capability bit in
Extended Capabilities and providing a callback to the driver wrappers.
driver_nl80211.c implements this using a QCA vendor specific command for
now.
hostapd: Add average channel utilization in STATUS
This allows external programs to get the average channel utilization.
The average channel utilization is calculated and reported through
STATUS command. Users need to configure chan_util_avg_period and
bss_load_update_period in hostapd config to get the average channel
utilization.
Signed-off-by: Bhagavathi Perumal S <bperumal@qti.qualcomm.com>
hostapd: Update BSS load update period dynamically
Recalculate the timeout value for each event instead of calculating this
once and then not allowing the timeout configuration to be changed
without fully stopping and restarting the interface.
This allows the bss_load_update_period configuration parameter to be
modified while a BSS continues operating.
Signed-off-by: Bhagavathi Perumal S <bperumal@qti.qualcomm.com>
Jouni Malinen [Mon, 11 Dec 2017 17:55:57 +0000 (19:55 +0200)]
hostapd_cli: Add dpp_listen and dpp_stop_listen
Now that hostapd exposes the DPP_LISTEN and DPP_STOP_LISTEN commands
similarly to wpa_supplicant, expose these through proper hostapd_cli
commands as well to match wpa_cli functionality.
Jouni Malinen [Mon, 11 Dec 2017 11:59:55 +0000 (13:59 +0200)]
OWE: Allow DH Parameters element overriding with driver SME
Commit 265bda34441da14249cb22ce8a459cebe8015a55 ('OWE: Allow DH
Parameters element to be overridden for testing purposes') provided
means for using "VENDOR_ELEM_ADD 13 <IE>" in OWE protocol testing, but
that commit covered only the sme.c case (i.e., drivers that use
wpa_supplicant SME). Extend this to cover drivers that use internal SME
(e.g., use the nl80211 Connect command).
Jouni Malinen [Mon, 11 Dec 2017 11:36:48 +0000 (13:36 +0200)]
OWE: Fix error case handling with drivers that implement AP SME
owe_auth_req_process() can return NULL in error cases, but the caller
was not prepared for this. The p pointer cannot be overridden in such
cases since that would result in buffer length (p - buf) overflows. Fix
this by using a temporary variable to check the return value before
overriding p so that the hostapd_sta_assoc() ends up using correct
length for the IE buffer.
Fixes: 33c8bbd8ca7a ("OWE: Add AP mode handling of OWE with drivers that implement SME") Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Sun, 10 Dec 2017 21:49:39 +0000 (23:49 +0200)]
OpenSSL: Replace EVP_PKEY_paramgen() with EC_KEY_new_by_curve_name()
The BoringSSL version of crypto_ecdh_init() and dpp_gen_keypair() works
fine with OpenSSL as well, so use that same implementation for both to
avoid unnecessary maintanence of multiple versions.
Jouni Malinen [Sun, 10 Dec 2017 21:41:29 +0000 (23:41 +0200)]
BoringSSL: Use EC_KEY_new_by_curve_name() to simplify implementation
There is no need to go through EC_GROUP_new_by_curve_name(),
EC_KEY_new(), and EC_KEY_set_group() when a single call to
EC_KEY_new_by_curve_name() takes care of all that.
Jouni Malinen [Sun, 10 Dec 2017 19:16:26 +0000 (21:16 +0200)]
OpenSSL: Allow cipher list to be overridden for tls_suiteb=1 case
This allows wpa_supplicant configuration with phase1="tls_suiteb=1" to
use openssl_ciphers="ECDHE-RSA-AES256-GCM-SHA384" to further limit the
possible TLS cipher suites when using Suite B with RSA >3K keys. This
combination disables use of DHE and as such, mandates ECDHE to be used.
Jouni Malinen [Sat, 9 Dec 2017 16:36:48 +0000 (18:36 +0200)]
eapol-fuzzer: Resolve circular library references with --start-group
src/crypto/libcrypto.a and src/tls/libtls.a have circular references
and will need special handling with the linker at least for the time
being. This could be cleaned up eventually, but for now, provide a
mechanism to get the program linked.
This was already done in tests/Makefile, but tests/eapol-fuzzer/Makefile
needs the same.
David Benjamin [Mon, 18 Sep 2017 15:47:47 +0000 (11:47 -0400)]
OpenSSL: Avoid SSL*_use_default_passwd_cb()
These functions are a bit awkward to use for one-off file loads, as
suggested by the tls_clear_default_passwd_cb() logic. There was also
some historical mess with OpenSSL versions and either not having per-SSL
settings, having per-SSL settings but ignoring them, and requiring the
per-SSL settings.
Instead, loading the key with the lower-level functions seems a bit
tidier and also allows abstracting away trying both formats, one after
another.
Signed-off-by: David Benjamin <davidben@google.com>
Wpa_supplicant's random pool is not necessary on Android. Randomness
is already provided by the entropymixer service which ensures
sufficient entropy is maintained across reboots. Commit b410eb1913
'Initialize /dev/urandom earlier in boot' seeds /dev/urandom with
that entropy before either wpa_supplicant or hostapd are run.
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Jouni Malinen [Fri, 8 Dec 2017 19:51:47 +0000 (21:51 +0200)]
wlantest: Try harder to find a STA entry with PTK for 4-address frames
Commit aab66128369c5953e70f867e997a54146bcca88b ('wlantest: Search
bss/sta entry more thoroughly for 4-address frames') allowed wlantest to
find a STA entry in this type of cases, but it was still possible for
that STA entry to be the one that has no derived PTK while the STA entry
for the other side of the link might have the derived PTK available.
Extend this BSS/STA selection mechanism to use sta->ptk_set to determine
which STA entry is more useful for decryption, i.e., select the one with
a known PTK.
Paul Zhang [Thu, 30 Nov 2017 13:40:30 +0000 (21:40 +0800)]
Add new QCA vendor attribute for WLAN Latency Module (WLM)
A new vendor attribute QCA_WLAN_VENDOR_ATTR_CONFIG_LATENCY_LEVEL is added
for vendor sub-command QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION.
This attribute is for setting the level of WLM.
Signed-off-by: Paul Zhang <paulz@qti.qualcomm.com>
Jouni Malinen [Fri, 1 Dec 2017 23:42:50 +0000 (01:42 +0200)]
WPS: Add GCMP-256 and CCMP-256 cipher options on Enrollee
If a credential with encp type AES is received, add GCMP-256 and
CCMP-256 cipher options on station Enrollee based on local capabilities.
This is needed to allow connection with an AP using either of these
newer ciphers.
Jouni Malinen [Sat, 2 Dec 2017 10:12:27 +0000 (12:12 +0200)]
tests: Make ap_wps_ap_scan_2 work with multiple AES-ciphers
This test case is not really realistic and the second connection attempt
would fail if additional AES-based ciphers get provisioned. Work this
around by dropping to CCMP only if other ciphers are present.
Jouni Malinen [Fri, 1 Dec 2017 23:37:41 +0000 (01:37 +0200)]
WPS: Check BSS table against current BSSID if credential does not match
The credential MAC address is not necessarily that of the AP, i.e., it
is more likely to be that of the Enrollee. Check the scan results
against the current BSSID as well if match is not found otherwise when
going through the mixed mode workaround.
WPS: Allow WPS to be enabled in CCMP-256 and GCMP-256 only cases
Extend the check against WPA/TKIP only configuration by adding CCMP-256
and GCMP-256 to the list of allowed ciphers. This is needed to allow WPS
to be enabled in AP configurations where neither CCMP-128 nor GCMP-128
are enabled.
Jouni Malinen [Fri, 1 Dec 2017 23:16:17 +0000 (01:16 +0200)]
DPP: Indicate to upper layers whether mutual authentication was used
DPP Responder selects whether mutual authentication is used. This commit
adds information about that selection to upper layers (ctrl_iface event
DPP-AUTH-DIRECTION mutual=<0/1>) on the Initiator side.
Jouni Malinen [Fri, 1 Dec 2017 22:38:12 +0000 (00:38 +0200)]
DPP: Change Authentication Response retry time to 1 second
The previously used 10 second timer did not really make much sense since
the Initiator is not going to be waiting for the response that long.
Change this to 1 second based on the DPP tech spec change.
This nl80211 attribute uses NLA_U8 policy in cfg80211 and wpa_supplicant
needs to use same size when writing the attribute.
This fixes mesh mode regression triggered by kernel commit "net:
netlink: Update attr validation to require exact length for some types"
in v4.15-rc1 that resulted in the following debug log entry when trying
to join a mesh:
nl80211: mesh join failed: ret=-22 (Invalid argument)
Fixes: 6c1664f6051f ("nl80211: Add new commands to support mesh interfaces") Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 1 Dec 2017 18:22:44 +0000 (20:22 +0200)]
nl80211: Fix NL80211_ATTR_SMPS_MODE encoding
This nl80211 attribute uses NLA_U8 policy in cfg80211 and
hostapd/wpa_supplicant needs to use same size when writing the
attribute.
This fixes AP mode regression triggered by kernel commit "net: netlink:
Update attr validation to require exact length for some types" in
v4.15-rc1 that resulted in the following debug log entry when trying to
enable beaconing:
nl80211: Beacon set failed: -34 (Numerical result out of range)
Krishna Rao [Fri, 24 Nov 2017 09:26:16 +0000 (14:56 +0530)]
Add QCA vendor command and attributes for RROP
Add QCA vendor command and attributes for vendor specific Representative
RF Operating Parameter (RROP) information. This information is intended
for optional use by external ACS. It provides guidance values for some
RF parameters that are used by the system during operation, so that
external ACS can utilize these to compare between channels, bands, etc.
Jouni Malinen [Thu, 30 Nov 2017 10:56:24 +0000 (12:56 +0200)]
tests: Make dpp_auth_req_retries* more reliable
These test cases were failing when run immediately after
dpp_pkex_test_fail. It looks like timing of the TX status and the short
eloop wait were getting reordered in this cases. This ended up with some
of the DPP-TX-STATUS event messages missing. Instead of explicitly
checking for those message, simply count the number of DPP-TX messages
to verify that the correct number of retries are being sent.
Jouni Malinen [Thu, 30 Nov 2017 10:42:58 +0000 (12:42 +0200)]
nl80211: Use consistent "0x" prefix for the cookie values
One of the event message for TX status was missing 'x' from the "0x"
prefix. Add that to make the used format consistent for all cookie debug
print cases.
Jouni Malinen [Wed, 29 Nov 2017 22:11:22 +0000 (00:11 +0200)]
DPP: Call wpas_dpp_stop() from wpas_dpp_deinit()
This makes the full DPP deinit operation more consistent with stopping
of a single operation. In practice, this adds the new GAS client
stopping functionality.
Jouni Malinen [Wed, 29 Nov 2017 19:40:31 +0000 (21:40 +0200)]
DPP: Do not continue if public key hash derivation fails
sha256_vector() result was ignored apart from printing out the failure
in the debug log. This is not really a normal case and it is better to
reject the full operation rather than try to continue with an incorrect
public key hash value.
Jouni Malinen [Wed, 29 Nov 2017 11:22:44 +0000 (13:22 +0200)]
JSON: Fix a memory leak on an error path
If the second json_alloc_token() call failed to allocate memory,
json_parse() missed the first allocation on the error path. Assign the
root pointer earlier for that case to avoid the potential memory leak.
Jouni Malinen [Mon, 27 Nov 2017 18:20:26 +0000 (20:20 +0200)]
DPP: Do not process dpp_auth_ok_on_ack multiple times
An additional TX status callback could result in processing the DPP
authentication completion another time at least with hostapd. Fix this
by clearing the dpp_auth_ok_on_ack when processing it.
Jouni Malinen [Mon, 27 Nov 2017 11:48:40 +0000 (13:48 +0200)]
DPP: Ignore GAS server status callback for unknown response
It was possible for a timeout from an old GAS server operation to
trigger DPP configuration failure during the subsequent DPP operation.
Fix this by verifying that the status callback is for the response
generated during the same DPP Authentication/Configuration exchange.
Jouni Malinen [Mon, 27 Nov 2017 10:43:40 +0000 (12:43 +0200)]
DPP: Add DPP_CONFIGURATOR_SIGN support to hostapd
Configurator signing its own Connector was previously supported only in
wpa_supplicant. This commit extends that to hostapd to allow an AP
acting as a Configurator to self-configure itself.
Jouni Malinen [Mon, 27 Nov 2017 11:22:32 +0000 (13:22 +0200)]
DPP: Move hostapd Configurator/bootstrap data into global context
This moves the Configurator and Bootstrapping Information data from
struct hostapd_data (per-BSS) to struct hapd_interfaces (per-hostapd
process). This allows the information to be maintained over interface
restarts and shared between interfaces.
Jouni Malinen [Sun, 26 Nov 2017 15:41:22 +0000 (17:41 +0200)]
DPP: Auto-generate Initiator bootstrapping info if needed
Instead of using the all-zeros Initiator Bootstrapping Key Hash when no
local bootstrapping key is configuref for the Initiator, automatically
generate a temporary bootstrapping key for the same curve that the
Responder uses. If the Responder indicates that it wants to do mutual
authentication, provide the URI for the auto-generated bootstrapping key
in the DPP-RESPONSE-PENDING event for upper layers to display the QR
Code.
Jouni Malinen [Sun, 26 Nov 2017 11:27:25 +0000 (13:27 +0200)]
tests: Split ap_vht160 into two test cases (ap_vht160 and ap_vht160b)
These VHT160 with DFS cases were in a single test case to optimize test
execution time with parallel wait for the 60 second CAC. However, this
design has become difficult to support with the kernel changes that
allow radar events to be shared between interfaces. To avoid need for
more workarounds here just for testing purposes, split this into two
test cases so that conflicting events from another interface do not
cause the test case to fail.
Jouni Malinen [Sun, 26 Nov 2017 10:57:27 +0000 (12:57 +0200)]
tests: Split dfs_radar into two test cases (dfs_radar1 and dfs_radar2)
These DFS radar detection cases were in a single test case to optimize
test execution time with parallel wait for the 60 second CAC. However,
this design has become difficult to support with the kernel changes that
allow radar events to be shared between interfaces. To avoid need for
more workarounds here just for testing purposes, split this into two
test cases so that conflicting events from another interface do not
cause the test case to fail.
Sriram R [Mon, 20 Nov 2017 12:48:41 +0000 (18:18 +0530)]
nl80211: Filter global events based on wiphy
Avoid same interface processing nl80211 events when at least one of
IFIDX, WDEV, or WIPHY index attribute is available in the nl80211 event
message.
Previously, a same interface processes events when ifidx and wdev id
attribute were not available in the nl80211 message. This is extended to
check the presence of wiphy index attribute as well since some radar
notifications include only WIPHY index attrbute in the nl80211 message.
Signed-off-by: Sriram R <srirrama@qti.qualcomm.com>
Lubomir Rintel [Mon, 16 Oct 2017 07:32:47 +0000 (09:32 +0200)]
tests: Enable dynamic debugging for mac80211_hwsim
mac80211_hwsim module typically dumps a lot of details into the kernel
message buffer. While it's probably okay in a dedicated VM, it's way too
chatty in other setups.
The kernel allows fine-tuning logging via the dynamic debugging
facility. Let's enable all logging locations in the mac80211_hwsim
module so that we don't loose debugging output when the kernel adopts
the dynamic debug mechanism for the driver.
Jouni Malinen [Fri, 24 Nov 2017 10:21:18 +0000 (12:21 +0200)]
FILS: Do not leave error value in left counter
If fils_decrypt_assoc() were to fail on the AP side, the previous
implementation could have continued through the response generation
using left = -1. That could have resulted in unexpected processing if
this value were to be used as the length of the remaining (unencrypted)
IEs. Fix this by not updating left in the failure case.
Fixes: 78815f3dde6e ("FILS: Decrypt Association Request elements and check Key-Auth (AP)") Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 24 Nov 2017 10:13:26 +0000 (12:13 +0200)]
WPA: Check wpa_eapol_key_mic() result on TX
Verify that nothing unexpected happened with EAPOL-Key Key MIC
calculation when transmitting EAPOL-Key frames from the Authenticator.
This should not be able to happen in practice, but if if it does, there
is no point in sending out the frame without the correct Key MIC value.
Jouni Malinen [Thu, 23 Nov 2017 18:20:39 +0000 (20:20 +0200)]
DPP: Fix error return value in dpp_auth_conf_rx()
Commit 03abb6b5416d472d473c7017802236f8397d0278 ('DPP: Reject unexpected
Req/Resp message based on Auth/PKEX role') used incorrect type of error
value (NULL vs. -1). Fix that.
Hu Wang [Wed, 25 Oct 2017 11:51:09 +0000 (19:51 +0800)]
hostapd: Disassoc STA without WPA/RSN IE if AP proto is WPA/RSN
With the AP proto configured being WPA/RSN and SME in the
driver, the previous implementation in hostapd is to not
process hostapd_notif_assoc() due to "No WPA/RSN IE from STA",
if the (Re)Association Request frame is without the WPA/RSN IEs.
Enhance that to disassociate such station provided the AP is not using
WPS.
hostapd: Add wpa_msg_ctrl() to report Probe Request frames from STA
This allows external applications to get event indication for Probe
Request frames. Extend ctrl iface cmd "ATTACH" to enable this event on
per-request basis. For example, user has to send ctrl iface cmd "ATTACH
probe_rx_events=1" to enable the Probe Request frame events.
Signed-off-by: bhagavathi perumal s <bperumal@qti.qualcomm.com>
Jouni Malinen [Thu, 23 Nov 2017 11:08:45 +0000 (13:08 +0200)]
DPP: Fix number of Authentication Request retry cases
Previous implementation did not handle number of sequences correctly.
Make sure the iteration continues in both unicast and broadcast cases
until the five attempts have been made. In addition, improve timing by
checking 10 second time from the beginning of each iteration round and
not the last channel on which the Auth Req frame has been transmitted.
Jouni Malinen [Wed, 22 Nov 2017 22:42:20 +0000 (00:42 +0200)]
DPP: Take response wait time into account for init retries
Previously, the Authentication Request frame was retried after 2+10 = 12
seconds since the wait for the response was not accounted for. Substract
that wait from the 10 second wait time to start the retries more quickly
based on the 10 second timer described in the tech spec.
Jouni Malinen [Wed, 22 Nov 2017 22:22:13 +0000 (00:22 +0200)]
DPP: Stop Authentication Request attempts if no response after ACK
If unicast Authentication Request frame is used and the peer ACKs such a
frame, but does not reply within the two second limit, there is no need
to continue trying to retransmit the request frames since the peer was
found, but not responsive.
projects / thirdparty / hostap.git / log
