Jouni Malinen [Tue, 28 Jan 2020 22:58:33 +0000 (00:58 +0200)]
DPP2: Add Protocol Version attr to Auth Resp only if peer is R2 or newer
There is no need for the Protocol Version attribute in Authentication
Response if the peer is a DPP R1 device since such device would not know
how to use this attribute. To reduce risk for interoperability issues,
add this new attribute only if the peer included it in Authentication
Request.
Krishna Rao [Tue, 14 Jan 2020 12:46:55 +0000 (18:16 +0530)]
Add a vendor attribute for RTPL instance primary frequency
Add an attribute QCA_WLAN_VENDOR_ATTR_RTPLINST_PRIMARY_FREQUENCY for
primary channel center frequency in the definition for Representative
Tx Power List (RTPL) list entry instance. This is required for 6 GHz
support, since the 6 GHz channel numbers overlap with existing 2.4 GHz
and 5 GHz channel numbers thus requiring frequency values to uniquely
identify channels.
Mark QCA_WLAN_VENDOR_ATTR_RTPLINST_PRIMARY as deprecated if both the
driver and user space application support 6 GHz. For backward
compatibility, QCA_WLAN_VENDOR_ATTR_RTPLINST_PRIMARY is still used if
either the driver or user space application or both do not support the
6 GHz band.
Jouni Malinen [Tue, 28 Jan 2020 12:17:52 +0000 (14:17 +0200)]
TLS: Fix bounds checking in certificate policy parser
The recent addition of the X.509v3 certificatePolicies parser had a
copy-paste issue on the inner SEQUENCE parser that ended up using
incorrect length for the remaining buffer. Fix that to calculate the
remaining length properly to avoid reading beyond the end of the buffer
in case of corrupted input data.
Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20363 Fixes: d165b32f3887 ("TLS: TOD-STRICT and TOD-TOFU certificate policies") Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Mon, 27 Jan 2020 19:39:54 +0000 (21:39 +0200)]
DPP: Example script for NFC bootstrapping method
This Python script is an example on how nfcpy can be used to drive an
NFC Device to perform DPP bootstrapping operations over DPP (tag with
NFC URI and negotiated connection handover).
Jouni Malinen [Mon, 27 Jan 2020 15:31:10 +0000 (17:31 +0200)]
DPP: Show selected negotiation channel in DPP_BOOTSTRAP_INFO
Make the selected channel available for upper layer software to use,
e.g., when starting DPP listen operation during NFC negotiated
connection handover.
Jouni Malinen [Mon, 27 Jan 2020 15:04:26 +0000 (17:04 +0200)]
DPP: NFC negotiated connection handover
Add new control interface commands "DPP_NFC_HANDOVER_REQ own=<id>
uri=<URI>" and "DPP_NFC_HANDOVER_SEL own=<id> uri=<URI>" to support NFC
negotiated connection handover. These commands are used to report a DPP
URI received from a peer NFC Device in Handover Request and Handover
Select messages. The commands return peer bootstrapping information ID
or FAIL on failure. The returned ID is used similarly to any other
bootstrapping information to initiate DPP authentication.
Jouni Malinen [Mon, 27 Jan 2020 15:04:26 +0000 (17:04 +0200)]
DPP: Helper function for bootstrapping URI generation
The new dpp_gen_uri() helper function can be used to build the
bootstrapping URI from locally stored information. This can be used to
make it easier to update the URI, e.g., for NFC negotiated connection
handover cases.
Jouni Malinen [Sun, 26 Jan 2020 15:04:54 +0000 (17:04 +0200)]
crypto: Allow up to 10 fragments for hmac_sha*_vector()
This increases the limit of how many data fragments can be supported
with the internal HMAC implementation. The previous limit was hit with
some FT use cases.
Jouni Malinen [Sun, 26 Jan 2020 11:28:43 +0000 (13:28 +0200)]
tests: Fix DPP capability checking to avoid failures in non-DPP build
"finally" handler should not trigger a new exception when trying to
clear state for non-DPP builds. In addition, couple of checks for DPP
capability in the build were missing.
Jouni Malinen [Sun, 26 Jan 2020 11:19:09 +0000 (13:19 +0200)]
tests: Check SAE capability in build more consistently
Use a helper function for this and add checks for number of test cases
that were missing this. This gets rid of undesired FAIL results
(converts them to SKIP) for test runs where the station do not support
SAE.
This commit introduces the vendor event
QCA_NL80211_VENDOR_SUBCMD_REQUEST_SAR_LIMITS_EVENT.
Host drivers can request user space application to set SAR power
limits with this event.
Vamsi Krishna [Mon, 13 Jan 2020 12:37:13 +0000 (18:07 +0530)]
Add new QCA vendor attribute to set thermal level
Add a new QCA vendor attribute to set thermal level to the driver from
userspace. The driver/firmware takes actions requested by userspace to
mitigate high temperature such as throttling TX etc. The driver may
choose the level of throttling and other actions for various thermal
levels set by userspace.
Jouni Malinen [Thu, 23 Jan 2020 20:46:51 +0000 (22:46 +0200)]
OWE: PTK derivation workaround in STA mode
Initial OWE implementation used SHA256 when deriving the PTK for all OWE
groups. This was supposed to change to SHA384 for group 20 and SHA512
for group 21. The new owe_ptk_workaround=1 network parameter can be used
to enable older behavior mainly for testing purposes. There is no impact
to group 19 behavior, but if enabled, this will make group 20 and 21
cases use SHA256-based PTK derivation which will not work with the
updated OWE implementation on the AP side.
Jouni Malinen [Thu, 23 Jan 2020 18:56:51 +0000 (20:56 +0200)]
OWE: PTK derivation workaround in AP mode
Initial OWE implementation used SHA256 when deriving the PTK for all OWE
groups. This was supposed to change to SHA384 for group 20 and SHA512
for group 21. The new owe_ptk_workaround parameter can be used to enable
workaround for interoperability with stations that use SHA256 with
groups 20 and 21. By default, only the appropriate hash function is
accepted. When workaround is enabled (owe_ptk_workaround=1), the
appropriate hash function is tried first and if that fails, SHA256-based
PTK derivation is attempted. This workaround can result in reduced
security for groups 20 and 21, but is required for interoperability with
older implementations. There is no impact to group 19 behavior.
Jouni Malinen [Thu, 23 Jan 2020 18:04:40 +0000 (20:04 +0200)]
OWE: Select KDF hash algorithm based on the length of the prime
Previous implementation was hardcoding use of SHA256 PMK-to-PTK
derivation for all groups. Replace that with hash algorithm selection
based on the length of the prime similarly to the way this was done for
other derivation steps in OWE.
This breaks backwards compatibility when using group 20 or 21; group 19
behavior remains same.
Vamsi Krishna [Mon, 13 Jan 2020 09:29:06 +0000 (14:59 +0530)]
Do not enable HT/VHT for 6 GHz band 20 MHz width channels also
The previous commit had a rebasing issue that ended up covering only the
center_segment0 != 0 case. These were supposed to apply for all 6 GHz
band cases.
Fixes: 0bfc04b8d0f8 ("Do not enable HT/VHT when operating in 6 GHz band") Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Vamsi Krishna [Mon, 30 Dec 2019 09:42:12 +0000 (15:12 +0530)]
Enhance get_mode() to return correct hw_mode with 6 GHz support
The 5 GHz channels are stored in one hw_features set with mode
HOSTAPD_MODE_IEEE80211A while the 6 GHz channels will need to be stored
in a separate hw_features set (but with same mode
HOSTAPD_MODE_IEEE80211A) due to possibility of different HT/VHT/HE
capabilities being available between the 5 GHz and 6 GHz bands.
Iterate through all hw_features sets and check and match the band of
channel supported by the hw_features set while getting the hw_features
set in get_mode(). This allows both the 5 GHz and 6 GHz channels to be
found and correct capabilities to be used in cases where the driver
reports different capability values between 5 and 6 GHz channels.
Jouni Malinen [Tue, 21 Jan 2020 11:22:57 +0000 (13:22 +0200)]
tests: Allow more time for sigma_dut sta_associate commands
The previously used timeout of two seconds did not allow more than a
single scan attempt and that could fail every now and then. Make these
more robust by increasing the timeout to 10 seconds which allows another
scan attempt to be completed similarly to the most non-sigma_dut test
cases.
Jouni Malinen [Mon, 20 Jan 2020 18:27:06 +0000 (20:27 +0200)]
SAE: Use Anti-Clogging Token Container element with H2E
IEEE P802.11-REVmd was modified to use a container IE for anti-clogging
token whenver H2E is used so that parsing of the SAE Authentication
frames can be simplified.
See this document for more details of the approved changes:
https://mentor.ieee.org/802.11/dcn/19/11-19-2154-02-000m-sae-anti-clogging-token.docx
Jouni Malinen [Tue, 21 Jan 2020 10:57:07 +0000 (12:57 +0200)]
tests: Remove mesh SAE Password Identifier test cases for now
IEEE P802.11-REVmd was modified to require H2E to be used whenever
Password Identifier is used with SAE. Since wpa_supplicant and mac80211
do not yet support SAE H2E in mesh, Password Identifier cannot be used
in mesh cases. Remove the test cases that verified this behavior for now
to allow H2E to be required per updated REVmd definition. These test
cases will be restored once H2E is fully functionality in mesh cases.
Jouni Malinen [Mon, 20 Jan 2020 18:23:48 +0000 (20:23 +0200)]
SAE H2E: Check H2E-only BSS membership selector only if SAE is enabled
This BSS membership selector has impact only for SAE functionality, so
ignore it when configured not to use SAE. This allows WPA-PSK connection
to and AP that advertises WPA-PSK and SAE while requiring H2E for SAE.
Johannes Berg [Wed, 15 Jan 2020 11:48:43 +0000 (12:48 +0100)]
tests: parallel-vm: allow running without curses
Allow running without curses, in which case the log is simply written to
stdout instead of a file. This is useful for automated (but parallel)
testing. Note that in most cases, you'd want to specify --debug, and so
I added a .rstrip() there on the lines to clean that up a bit.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Hai Shalom [Fri, 27 Dec 2019 17:44:49 +0000 (09:44 -0800)]
EAP-SIM/AKA peer: Add support for EAP Method prefix
Add support for EAP method prefix in the anonymous identity
used during EAP-SIM/AKA/AKA' authentication when encrypted IMSI
is used. The prefix is a single character that indicates which
EAP method is required by the client.
Jouni Malinen [Thu, 9 Jan 2020 22:19:27 +0000 (00:19 +0200)]
tests: Call stop_sigma_dut() in more failure cases
Some of the sigma_dut test cases were not yet using try/finally to
ensure stop_sigma_dut() gets called. That could result in not logging
all failure reasons in the log and getting stuck with being unable to
start new sigma_dut processes after failed test cases.
Vamsi Krishna [Tue, 24 Dec 2019 12:01:39 +0000 (17:31 +0530)]
ACS: Populate channel config from external ACS per documented behavior
Based on the now documented seg0/seg1 values from offloaded ACS, there
is a mismatch between the driver interface and internal hostapd use.
The value of segment0 field in ACS results is the index of the channel
center frequency for 20 MHz, 40 MHz, and 80M Hz channels. The value is
the center frequency index of the primary 80 MHz segment for 160 MHz and
80+80 MHz channels.
The value of segment1 field in ACS results is zero for 20 MHz, 40 MHz,
and 80 MHz channels. The value is the index of the channel center
frequency for 160 MHz channels and the center frequency index of the
secondary 80 MHz segment for 80+80 MHz channels.
However, in struct hostapd_config, for 160 MHz channels, the value of
the segment0 field is the index of the channel center frequency of 160
MHz channel and the value of the segment1 field is zero. Map the values
from ACS event into hostapd_config fields accordingly.
Vamsi Krishna [Tue, 24 Dec 2019 12:46:37 +0000 (18:16 +0530)]
ACS: Update documentation of external ACS results event parameters
Update the documentation with values to be sent for seg0 and seg1 fields
in external ACS result event for 20 MHz, 40 MHz, 80 MHz, 160 MHz, and
80+80 MHz channels. These values match the changes done to definitions
of seg0 and seg1 fields in the IEEE 802.11 standard.
This vendor command had not previously been documented in this level of
detail and had not actually been used for the only case that could have
two different interpretation (160 MHz) based on which version of IEEE
802.11 standard is used.
Vamsi Krishna [Tue, 24 Dec 2019 12:02:29 +0000 (17:32 +0530)]
6 GHz: Fix Channel Width value for 80+80 in 6 GHZ Operation Info field
The Channel Width field value is 0 for 20 MHz, 1 for 40 MHz, 2 for 80
MHz, and 3 for both 160 MHz and 80+80 MHz channels. The 80+80 MHz case
was not addressed previously correctly since it cannot be derived from
seg0 only.
The Channel Center Frequency Segment 0 field value is the index of
channel center frequency for 20 MHz, 40 MHz, and 80 MHz channels. The
value is the center frequency index of the primary 80 MHz segment for
160 MHz and 80+80 MHz channels.
The Channel Center Frequency Segment 1 field value is zero for 20 MHz,
40 MHz, and 80 MHz channels. The value is the index of the channel
center frequency for 160 MHz channel and the center frequency index of
the secondary 80 MHz segment for 80+80 MHz channels.
Add the new set_key() parameter "key_flag" to provide more specific
description of what type of a key is being configured. This is needed to
be able to add support for "Extended Key ID for Individually Addressed
Frames" from IEEE Std 802.11-2016. In addition, this may be used to
replace the set_tx boolean eventually once all the driver wrappers have
moved to using the new key_flag.
The following flag are defined:
KEY_FLAG_MODIFY
Set when an already installed key must be updated.
So far the only use-case is changing RX/TX status of installed
keys. Must not be set when deleting a key.
KEY_FLAG_DEFAULT
Set when the key is also a default key. Must not be set when
deleting a key. (This is the replacement for set_tx.)
KEY_FLAG_RX
The key is valid for RX. Must not be set when deleting a key.
KEY_FLAG_TX
The key is valid for TX. Must not be set when deleting a key.
KEY_FLAG_GROUP
The key is a broadcast or group key.
KEY_FLAG_PAIRWISE
The key is a pairwise key.
KEY_FLAG_PMK
The key is a Pairwise Master Key (PMK).
Predefined and needed flag combinations so far are:
KEY_FLAG_GROUP_RX_TX
WEP key not used as default key (yet).
KEY_FLAG_GROUP_RX_TX_DEFAULT
Default WEP or WPA-NONE key.
KEY_FLAG_GROUP_RX
GTK key valid for RX only.
KEY_FLAG_GROUP_TX_DEFAULT
GTK key valid for TX only, immediately taking over TX.
KEY_FLAG_PAIRWISE_RX_TX
Pairwise key immediately becoming the active pairwise key.
KEY_FLAG_PAIRWISE_RX
Pairwise key not yet valid for TX. (Only usable with Extended Key ID
support.)
KEY_FLAG_PAIRWISE_RX_TX_MODIFY
Enable TX for a pairwise key installed with KEY_FLAG_PAIRWISE_RX.
KEY_FLAG_RX_TX
Not a valid standalone key type and can only used in combination
with other flags to mark a key for RX/TX.
This commit is not changing any functionality. It just adds the new
key_flag to all hostapd/wpa_supplicant set_key() functions without using
it, yet.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
Markus Theil [Wed, 8 Jan 2020 23:03:02 +0000 (00:03 +0100)]
tests: Fix Python sleep function
Current Python versions have no os.sleep(), use time.sleep() instead.
module 'os' has no attribute 'sleep'
Traceback (most recent call last):
File "./run-tests.py", line 521, in main
t(dev, apdev)
File "/home/mtheil/hostap/tests/hwsim/test_pmksa_cache.py", line 356, in test_pmksa_cache_expiration
hapd.wait_ptkinitdone(dev[0].own_addr())
File "/home/mtheil/hostap/tests/hwsim/hostapd.py", line 282, in wait_ptkinitdone
os.sleep(0.1)
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Jouni Malinen [Wed, 8 Jan 2020 22:47:03 +0000 (00:47 +0200)]
nl80211: Pass set_key() parameter struct to wpa_driver_nl80211_set_key()
This is the function that actually uses the parameters, so pass the full
parameter struct to it instead of hiding the struct from it in the
simple wrapper.
This is in preparation for adding support to use a single WLAN netdev
with VLAN operations offloaded to the driver. No functional changes are
included in this commit.
Jouni Malinen [Wed, 8 Jan 2020 20:15:18 +0000 (22:15 +0200)]
driver: Move set_key() parameters into a struct
This makes it more convenient to add, remove, and modify the parameters
without always having to update every single driver_*.c implementation
of this callback function.
Jouni Malinen [Wed, 8 Jan 2020 18:52:26 +0000 (20:52 +0200)]
SAE: A bit optimized sae_confirm_immediate=2 for testing purposes
sae_confirm_immediate=2 can now be used in CONFIG_TESTING_OPTIONS=y
builds to minimize the latency between SAE Commit and SAE Confirm by
postponing transmission of SAE Commit until the SAE Confirm frame is
generated. This does not have significant impact, but can get the frames
tiny bit closer to each other over the air to increase testing coverage.
The only difference between sae_confirm_immediate 1 and 2 is in the
former deriving KCK, PMK, PMKID, and CN between transmission of the
frames (i.e., a small number of hash operations).
Vamsi Krishna [Wed, 11 Dec 2019 12:57:47 +0000 (18:27 +0530)]
Do not select APs found on disabled channels for connection
If a channel list changed event is received after a scan and before
selecting a BSS for connection, a BSS found on a now disabled channel
may get selected for connection. The connect request issued with the BSS
found on a disabled channel is rejected by cfg80211. Filter out the BSSs
found on disabled channels and select from the other BSSs found on
enabled channels to avoid unnecessary connection attempts that are bound
to fail.
The channel list information will be updated by the driver in cases like
country code update, disabling/enabling specific bands, etc. which can
occur between the scan and connection attempt.
Markus Theil [Wed, 8 Jan 2020 10:04:52 +0000 (11:04 +0100)]
tests: Fix undefined behavior in module tests
Test: wpa_supplicant module tests
../src/utils/utils_module_tests.c:933:7: runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Jouni Malinen [Sun, 5 Jan 2020 19:18:18 +0000 (21:18 +0200)]
nl80211: Allow control port to be disabled with a driver param
This is mainly for testing purposes to allow wpa_supplicant and hostapd
functionality to be tested both with and without using the nl80211
control port which is by default used whenever supported by the driver.
control_port=0 driver parameter will prevent that from happening.
Markus Theil [Fri, 3 Jan 2020 15:17:42 +0000 (16:17 +0100)]
nl80211: Report control port RX events
This allows EAPOL frames to be received over the separate controlled
port once rest of the driver interface is ready for this. By itself,
this commit does not actually change behavior since cfg80211 will not be
delivering these events without them being explicitly requested.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Markus Theil [Fri, 3 Jan 2020 15:17:42 +0000 (16:17 +0100)]
Add no_encrypt flag for control port TX
In order to correctly encrypt rekeying frames, wpa_supplicant now checks
if a PTK is currently installed and sets the corresponding encrypt
option for tx_control_port().
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Brendan Jackman [Fri, 3 Jan 2020 15:17:41 +0000 (16:17 +0100)]
wpa_supplicant: Send EAPOL frames over nl80211 where available
Linux kernel v4.17 added the ability to request sending control port
frames via nl80211 instead of a normal network socket. Doing this
provides the device driver with ordering information between the
control port frames and the installation of keys. This empowers it to
avoid race conditions between, for example, PTK replacement and the
sending of frame 4 of the 4-way rekeying handshake in an RSNA. The
key difference between a TX_CONTROL_PORT and normal socket send is
that the device driver will certainly get any EAPOL frames comprising
a 4-way handshake before it gets the key installation call
for the derived key. By flushing its TX buffers it can then ensure
that no pending EAPOL frames are inadvertently encrypted with a key
that the peer will not yet have installed.
Update the RSN supplicant system to use this new operation for sending
EAPOL-Key frames when the driver reports that this capability is
available; otherwise, fall back to a normal Ethernet TX.
I have tested this on DMG (11ad/ay) devices with an out-of-tree Linux
driver that does not use mac80211. Without this patch I consistently see
PTK rekeying fail if message 4/4 shares a stream with other in-flight
traffic. With this patch, and the driver updated to flush the relevant TX
queue before overwriting a PTK (knowing, now, that if there was a message
4/4 related to the key installation, it has already entered the driver
queue), rekeying is reliable.
There is still data loss surrounding key installation - this problem is
alluded to in IEEE Std 802.11-2016, 12.6.21, where extended Key ID
support is described as the eventual solution. This patch aims to at
least prevent rekeying from totally breaking the association, in a way
that works on kernels as far back as 4.17 (as per Alexander Wetzel
extended Key ID support should be possible on 5.2).
See http://lists.infradead.org/pipermail/hostap/2019-May/040089.html for
a little more context.
Brendan Jackman [Fri, 3 Jan 2020 15:17:41 +0000 (16:17 +0100)]
nl80211: Control port over nl80211 helpers
Linux kernel v4.17 added the ability to request sending controlled port
frames (e.g., IEEE 802.1X controlled port EAPOL frames) via nl80211
instead of a normal network socket. Doing this provides the device
driver with ordering information between the control port frames and the
installation of keys. This empowers it to avoid race conditions between,
for example, PTK replacement and the sending of frame 4 of the 4-way
rekeying handshake in an RSNA. The key difference between the specific
control port and normal socket send is that the device driver will
certainly get any EAPOL frames comprising a 4-way handshake before it
gets the key installation call for the derived key. By flushing its TX
buffers it can then ensure that no pending EAPOL frames are
inadvertently encrypted with a key that the peer will not yet have
installed.
Add a CONTROL_PORT flag to the hostap driver API to report driver
capability for using a separate control port for EAPOL frames. This
operation is exactly like an Ethernet send except for the extra ordering
information it provides for device drivers. The nl80211 driver is
updated to support this operation when the device reports support for
NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211. Also add a driver op
tx_control_port() for request a frame to be sent over the controlled
port.
Jouni Malinen [Sun, 5 Jan 2020 16:32:10 +0000 (18:32 +0200)]
driver: Remove unused send_ether() driver op
This was used only for FT RRB sending with driver_test.c and
driver_test.c was removed more than five years ago, so there is no point
in continuing to maintain this driver op.
Bilal Hatipoglu [Fri, 3 Jan 2020 08:58:26 +0000 (11:58 +0300)]
WPS: Add application extension data to WPS IE
Application Extension attribute is defined in WSC tech spec v2.07 page
104. Allow hostapd to be configured to add this extension into WPS IE in
Beacon and Probe Response frames. The implementation is very similar to
vendor extension.
A new optional entry called "wps_application_ext" is added to hostapd
config file to configure this. It enodes the payload of the Application
Extension attribute in hexdump format.
Signed-off-by: Veli Demirel <veli.demirel@airties.com> Signed-off-by: Bilal Hatipoglu <bilal.hatipoglu@airties.com>
Jouni Malinen [Sat, 4 Jan 2020 21:11:28 +0000 (23:11 +0200)]
P2P: Move p2p_long_listen into struct wpa_global
This variable is not specific to any P2P group interface and since it
was already used through global->p2p_init_wpa_s, it is cleaner to simply
move this to the global structure so that there is a single variable
instead of per-interface variables and need to pick the correct
interface.
Benjamin Berg [Fri, 3 Jan 2020 21:18:52 +0000 (22:18 +0100)]
tests: Test p2p_long_listen longer than remain-on-channel
This tests an error, where the p2p_long_listen information from the
wrong device was used internally in wpa_supplicant when using the
separate P2P Device interface.
Benjamin Berg [Fri, 3 Jan 2020 21:18:51 +0000 (22:18 +0100)]
P2P: Always use global p2p_long_listen
The p2p_long_listen value was set on the control wpa_s struct while in a
lot of cases it operated on the p2p struct. Explicitly use the global
p2p_init_wpa_s struct in cases where we might not be operating on it
already.
Without this, simply starting a p2p_listen operation (e.g., using
wpa_cli) will not work properly. As the p2p_long_listen is set on the
controlling interface and wpas_p2p_cancel_remain_on_channel_cb() uses
p2p_init_wpa_s, it would not actually work. This results in
wpa_supplicant stopping listening after the maximum remain-on-channel
time passes when using a separate P2P Device interface.
Jouni Malinen [Sat, 4 Jan 2020 18:23:05 +0000 (20:23 +0200)]
nl80211: Use monitor interface for sending no-encrypt test frames
Since NL80211_CMD_FRAME does not allow encryption to be disabled for the
frame, add a monitor interface temporarily for cases where this type of
no-encrypt frames are to be sent. The temporary monitor interface is
removed immediately after sending the frame.
This is testing functionality (only in CONFIG_TESTING_OPTIONS=y builds)
that is used for PMF testing where the AP can use this to inject an
unprotected Robust Management frame (mainly, Deauthentication or
Disassociation frame) even in cases where PMF has been negotiated for
the association.
Jouni Malinen [Sat, 4 Jan 2020 11:05:26 +0000 (13:05 +0200)]
Allow testing override for GTK/IGTK RSC from AP to STA
The new hostapd gtk_rsc_override and igtk_rsc_override configuration
parameters can be used to set an override value for the RSC that the AP
advertises for STAs for GTK/IGTK. The contents of those parameters is a
hexdump of the RSC in little endian byte order.
This functionality is available only in CONFIG_TESTING_OPTIONS=y builds.
This can be used to verify that stations implement initial RSC
configuration correctly for GTK/ and IGTK.
Jouni Malinen [Fri, 3 Jan 2020 16:06:01 +0000 (18:06 +0200)]
SME: Postpone current BSSID clearing until IEs are prepared
sme_send_authentication() could fail before actually requesting the
driver to authenticate with a new AP. This could happen after
wpa_s->bssid got cleared even though in such a case, the old association
is maintained and still valid. This can result in unexpected behavior
since wpa_s->bssid would not match the current BSSID anymore.
Fix this by postponing clearing of wpa_s->bssid until the IE preparation
has been completed successfully.
Ben Greear [Tue, 19 Mar 2019 21:34:24 +0000 (14:34 -0700)]
nl80211: Don't set offchan-OK flag if doing on-channel frame in AP mode
I saw a case where the kernel's cfg80211 rejected hostapd's attempt to
send a neighbor report response because nl80211 flagged the frame as
offchannel-OK, but kernel rejects because channel was 100 (DFS) and so
kernel failed thinking it was constrained by DFS/CAC requirements that
do not allow the operating channel to be left (at least in FCC).
Don't set the packet as off-channel OK if we are transmitting on the
current operating channel of an AP to avoid such issues with
transmission of Action frames.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Jouni Malinen [Fri, 3 Jan 2020 13:23:49 +0000 (15:23 +0200)]
nl80211: Rename send_action_cookie to send_frame_cookie
This is to match the NL80211_CMD_ACTION renaming to NL80211_CMD_FRAME
that happened long time ago. This command can be used with any IEEE
802.11 frame and it should not be implied to be limited to Action
frames.
Jouni Malinen [Fri, 3 Jan 2020 13:18:46 +0000 (15:18 +0200)]
nl80211: Clean up nl80211_send_frame_cmd() callers
Replace a separate cookie_out pointer argument with save_cookie boolean
since drv->send_action_cookie is the only longer term storage place for
the cookies. Merge all nl80211_send_frame_cmd() callers within
wpa_driver_nl80211_send_mlme() to use a single shared call to simplify
the function.
Jouni Malinen [Fri, 3 Jan 2020 12:53:37 +0000 (14:53 +0200)]
nl80211: Get rid of separate wpa_driver_nl80211_send_frame()
Merge this function into wpa_driver_nl80211_send_mlme() that is now the
only caller for the previously shared helper function. This is a step
towards cleaning up the overly complex code path for sending Management
frames.
projects / thirdparty / hostap.git / log
