Update PSK after cross AKM roaming to WPA-PSK when driver's SME in use
4-way handshake was failing after the driver roam from SAE to WPA-PSK
due to wpa_sm having an old PMK which was generated during previous SAE
connection.
To fix this update PSK to wpa_sm when AKM changes from SAE to WPA-PSK
for the target AP to have a correct PMK for 4-way handshake. Also,
update PSK to the driver when key management offload is enabled.
Jouni Malinen [Thu, 25 Aug 2022 21:25:17 +0000 (00:25 +0300)]
DPP: Fix DPP_RELAY_ADD_CONTROLLER command parsing
hostapd_dpp_add_controller() ended up trying to parse the IP address
without nul terminating it. This might work with some C libraries, but
not all. And anyway, this was already supposed to nul terminate the
string since a temporary copy is created of the constant string. Fix
this by adding the missed replacement of the space with nul.
Fixes: bfe3cfc382d6 ("DPP: Allow Relay connections to Controllers to be added and removed") Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Jouni Malinen [Thu, 25 Aug 2022 09:47:53 +0000 (12:47 +0300)]
DPP3: Use chirping channel list in PB discovery
This design was changed in the draft specification, so update
implementation to match the new design. Instead of including all
supported 2.4 and 5 GHz channels, generate the channel list using the
same mechanism that was already used for chirping.
Jouni Malinen [Thu, 25 Aug 2022 09:46:17 +0000 (12:46 +0300)]
tests: DPP PB channel changes
Prepare for an implementation change for the PB discovery channel list.
Move the standlone (not an AP) PB Configurators to a preferred channel
and enable Configurator connectivity indication in APs that act as PB
Configurators.
Jouni Malinen [Wed, 24 Aug 2022 20:28:20 +0000 (23:28 +0300)]
OpenSSL: Fix HPKE in some corner cases
EVP_PKEY_derive() might report a larger maximum size of the output than
HPKE_MAX_SHARED_SECRET_LEN under some conditions. That should be allowed
as long as the real final length is within the maximum limit.
Furthermore, since we are using a fixed length buffer for this, there is
no need to call EVP_PKEY_derive() twice to first learn the maximum
length. Use a bit longer buffer and allow OpenSSL to take care of the
update to the final length internally with than single call.
This showed up using the following test case sequence:
dbus_pkcs11 dpp_private_peer_introduction
Jouni Malinen [Wed, 24 Aug 2022 15:31:54 +0000 (18:31 +0300)]
DPP: Do not discard network introduction frames in test mode
dpp_discard_public_action=1 was not supposed to prevent network
introduction, i.e., it was only for frames that could go through the
DPP-over-TCP path. Fix this not to prevent network introduction when
using DPP-over-TCP to configure a DPP AKM profile.
Configurator station seems to be unable to get the first Authentication
Request frame transmitted through mac80211_hwsim for some reason. It is
not really clear why this happens and why it started happening now, but
as a temporary workaround, wait a second here since that seems to avoid
this for some unknown reason.
sae.c depends on wpa_common.c now and as such, this test build needs to
pull in whatever is needed there and that happens to include sha1-prf.c.
Add that to the fuzzer to fix the build.
This test case assumed that the p2p_pref_chan 128:44 parameter would
have resulted in channel 44 (5220 MHz) being selected. That does not
work anymore since that channel was marked to require DFS/radar
detection in regdb. Fix the text case by changing to use another country
with rules that match the test case expectations.
It looks like some test cases could fail due to timeouts since the 10
second wait may not be sufficient to cover some cases where 6 GHz
channels get scanned. Increase the timeouts to avoid hitting such cases.
nl80211: Allow more time for the initial scan with 6 GHz
The initial timeout of 10 seconds for the first scan before knowing
whether the driver reports scan completion events may not be sufficient
in cases where the driver ends up scanning a large number of channels.
In particular, this could be hit with 6 GHz support. Increase this
timeout when the driver indicates support for 6 GHz channels.
It looks like the host update of regulatory information can still get
through somehow, so add alternative expected values for the supported
operating classes for cases where 6 GHz frequencies were added recently.
David Benjamin [Mon, 13 Jun 2022 16:22:05 +0000 (12:22 -0400)]
Remove a host of unnecessary OPENSSL_IS_BORINGSSL ifdefs
The <openssl/buf.h> include is relevant in both OpenSSL and BoringSSL
because the file uses BUF_MEM (include what you use). OpenSSL just
happened to include it via another file. OpenSSL also spells it
<openssl/buffer.h>, not matching the type, so use the compatible
spelling.
Additionally all the CHECKED_CAST and manual STACK_OF(T) definitions
call into BoringSSL internals. The correct, public APIs are simply to
just use the same code as OpenSSL and call the DEFINE_STACK_OF macros.
Signed-off-by: David Benjamin <davidben@google.com>
Always process pending QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH data
Commit 74818ca63f7e ("Process
QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH after NL80211_CMD_ROAM")
added workaround to hold the pending
QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH event data for up to 100 ms
in case NL80211_CMD_ROAM is not received first. The 100 ms wait period
was sufficient for most of the cases but it's observed that some times
kernel is taking more than 100 ms to process and send NL80211_CMD_ROAM
to userspace.
If NL80211_CMD_ROAM takes more than 100 ms
QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH event data getting ignored
though wpa_supplicant has it. To avoid this remove timeout for
QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH event data since driver
always indicates NL80211_CMD_ROAM along with
QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH.
In addition, clear the pending event data when marking the interface
disconnected since the roaming information is supposed to be used only
when reassociating without a disconnection.
ipv4_params/ip6_params in type4_params maintains separate classifier
mask while type4_params already has a common classifier_mask. Lets
use the common classifier mask for both ipv4/ipv6 params and remove
the redundant params_mask in ipv4_params/ip6_params.
Xiaoning Ma [Wed, 27 Jul 2022 14:07:22 +0000 (22:07 +0800)]
Add fixed FDD mode to qca_btc_chain_mode QCA vendor attribute
Previously when chains of BT and WLAN 2.4 GHz are separated,
hybrid mode will be used for BTC. Now adding fixed FDD mode
to fulfill different BTC scenarios.
DPP: Check Enrollee supported curves when building Config Response
The Enrollee may report its supported curves in the bootstrapping URI.
If it does that, the Configurator may stop generating the Config Object
that would depend on the Enrollee using a curve that it did not indicate
as being supported. Check for this case while proessing the Config
Request and stop Configurator from building a configuration that is
known not to work.
DPP: Allow dpp_controller_start without arguments in CLIs
The DPP_CONTROLLER_START control interface command can be used without
any arguments, so do not force at least a single argument to be included
in wpa_cli and hostapd_cli.
SAE: Indicate AKM suite selector in commit for new AKM suites
SAE authentication needs to known which AKM suite is being used to be
able to determine the correct PMK length for the new AKM suite selectors
that use variable length keys.
SAE: Use H2E unconditionally with the new AKM suites
The new SAE AKM suites are defined to use H2E, so ignore the sae_pwe
value when these AKM suites are used similarly to the way H2E gets
enabled when SAE Password Identifiers are used.
SAE: Internal WPA_KEY_MGMT_* defines for extended key AKMs
Define new WPA_KEY_MGMT_* values for the new SAE AKM suite selectors
with variable length keys. This includes updates to various mapping and
checking of the SAE key_mgmt values.
DPP: Clear push button announcement state on wpa_supplicant FLUSH
This was already done in hostapd and same is needed for wpa_supplicant
to avoid testing issues due to session overlap detection from previous
test cases.
DPP: Event message for indicating when Relay would need a Controller
The new DPP-RELAY-NEEDS-CONTROLLER control interface event can be used
to trigger mDNS discovery of a Controller to see if such a connection
can be established automatically at the time an Enrollee is trying to
initiate an operation.
DPP: Allow Relay connections to Controllers to be added and removed
The new control interface commands "DPP_RELAY_ADD_CONTROLLER <IP addr>
<PK hash>" and "DPP_RELAY_REMOVE_CONTROLLER <IP addr>" can now be used
to dynamically add and remove connections to Controllers for the cases
where the connection is initialized through a DPP Public Action frame
(i.e., Controller as the Responder).
DPP: Advertise Configurator connectivity on Relay automatically
Instead of requiring explicit configuration through
dpp_configurator_connectivity=1, advertise Configurator connectivity
automatically if a Relay is configured with a Controller that can
operate as a Responder.
DPP: Dynamic Controller initiated connection on Relay
Accept an incoming TCP connection from a Controller in a Relay that is
configured with dpp_relay_port even if that Controller is not configured
with a dpp_controller parameter. This allows more dynamic Controller
initiated operations, e.g., when using mDNS to discover a Relay.
This type of a dynamic Controller entry will not be used for exchanges
that are initiated by an Enrollee (i.e., based on a DPP Public Action
frame received by the Relay).
DPP3: Fix push button boostrapping key passing through PKEX
When PKEX was started through the push button mechanism, the own
bootstrapping key was not bound correctly to the Authentication phase
information and that ended up in incorrectly generating a new
bootstrapping key for the Authentication exchange. Fix this by added the
needed own=<id> parameter into the cached parameters when using push
button.
The peer=<id> information about the specific boostrapping key provided
through PKEX was added for Public Action frame cases, but the TCP
variant did not do same. Add the same information there to maintain
knowledge of the specific peer bootstrapping key from PKEX to
Authentication exchange.
Extend DPP push button support in wpa_supplicant to allow the role of
the Configurator to be used. This provides similar functionality to the
way the DPP_PUSH_BUTTON command in hostapd worked when providing the
configuration parameters with that command (instead of building the
config object based on current AP configuration).
DPP: Recognize own PKEX Exchange Request if it ends up being received
It is possible for a Controller to receive a copy of its own PKEX
Exchange Request in the case where the Controller is initiating a PKEX
exchange through a Relay. The Configurator role in the device would have
a matching PKEX code in that case and the device might reply as a PKEX
responder which would result in going through the exchange with the
Controller device itself. That is clearly not desired, so recognize this
special case by checking whether the Encrypted Key attribute value
matches a pending locally generated one when processing a received PKEX
Exchange Request.
This gets the Controller (DPP-over-TCP) sequence closer to the one used
with Public Action frames and makes it easier for upper layer components
to share the same design for tracking operation status.
DPP: Allow Controller to initiate PKEX through Relay
Relay will need to allow the PKEX Exchange Response message to be
handled similarly to the Authentication Response message to allow this
sequence to be completed successfully.
DPP: Delete PKEX code and identifier on success completion of PKEX
We are not supposed to reuse these without being explicitly requested to
perform PKEX again. There is not a strong use case for being able to
provision an Enrollee multiple times with PKEX, so this should have no
issues on the Enrollee. For a Configurator, there might be some use
cases that would benefit from being able to use the same code with
multiple Enrollee devices, e.g., for guess access with a laptop and a
smart phone. That case will now require a new DPP_PKEX_ADD command on
the Configurator after each completion of the provisioning exchange.
tests: Allow DPP_PKEX_REMOVE success in dpp_pkex_hostapd_errors
This is in preparation to allow the implementation in hostapd to be
changed to accept removal of PKEX information without indicating an
error after it have been automatically removed at the successful
completion of PKEX.
The new global configuration parameter
dpp_connector_privacy_default=<0/1> can now be used to set the default
value for the dpp_connector_privacy parameter for all new networks
provisioned using DPP.
Add a privacy protecting variant of the peer introduction protocol to
allow the station device to hide its Connector from 3rd parties. The new
wpa_supplicant network profile parameter dpp_connector_privacy=1 can be
used to select this alternative mechanism to the peer introduction
protocol added in the initial release of DPP.
It should be noted that the new variant does not work with older DPP APs
(i.e., requires support for release 3). As such, this new variant is
disabled by default.
DPP: Allow 3rd party information to be added into config object
This allows the DPP Configuration Object from a Configurator to be
extended with 3rd party information. This information can be provided as
a part of the existing configuration specification mechanisms with the
new extra_name=<string> and extra_value=<hexdump encoded JSON>.
DPP: Allow 3rd party information to be added into config request obj
This allows the DPP Configuration Request Object from an Enrollee to be
extended with 3rd party information. The new dpp_extra_conf_req_name and
dpp_extra_conf_req_value configuration parameters specify the name of
the added JSON node and its contents. For example:
dpp_extra_conf_req_name=org.example
dpp_extra_conf_req_value={"a":1,"b":"test"}
Add a new vendor attribute QCA_WLAN_VENDOR_ATTR_CONFIG_DBAM to
configure Dedicated Bluetooth Antenna Mode (DBAM). It is used to
switch between dedicated antenna mode for BT and COEX shared
antenna mode for WLAN and BT.
DPP: Allow AP/Relay to be configured to listed for new TCP connections
This extends Relay functionality to allow a Controller to intitiate a
new DPP exchange in addition to the previously supported case where the
exchange was initiated through a DPP Public Action frame.
DPP3: Allow external configuration to be specified on AP for PB
While the most likely production use case for DPP push button is to
provision the AP's current configuration, there might be some use cases
for providing different configuration. Add possibility for doing this by
extending the DPP_PUSH_BUTTON command to accept an optional set of
parameters similarly to the other DPP commands for the Configurator.
Add support to use a push button -based bootstrap mechanism with DPP.
The new DPP_PUSH_BUTTON control interface command enables this mode on
the AP/hostapd and station/wpa_supplicant. This goes through the
following sequence of events: a suitable peer in active push button mode
is discovered with session overlap detection, PKEX is executed with
bootstrap key hash validation, DPP authentication and configuration
exchanges are performed.
Add AP and STA specific P802.11az security capabilities (vendor command)
Add feature capability indication for P802.11az security for the drivers
to advertise capabilities such as secure LTF support, secure RTT
measurement exchange support, and protection of range negotiation and
measurement management frames for station and AP interfaces
independently. This allows a more fine-tuned capability indication as an
alternative to the upstream nl80211 mechanism that is not specific to
the operating mode.
Yu Wang [Tue, 24 May 2022 10:10:23 +0000 (18:10 +0800)]
QCA vendor command for CoAP offload processing
Add vendor command QCA_NL80211_VENDOR_SUBCMD_COAP_OFFLOAD to
enable/disable offload processing in firmware for CoAP messages
(RFC7252: The Constrained Application Protocol) or fetch the
CoAP messages cached during offload processing.
Jingxiang Ge [Wed, 15 Jun 2022 03:22:18 +0000 (11:22 +0800)]
Add QCA vendor attribute for TIM beacon statistics
Add the following two vendor attributes to send TIM beacon
statistics to userspace which can be used for power saving:
QCA_WLAN_VENDOR_ATTR_LL_STATS_TIM_BEACON
QCA_WLAN_VENDOR_ATTR_LL_STATS_TIM_BEACON_ERR
Signed-off-by: Jingxiang Ge <quic_jge@quicinc.com>
Vinay Gannevaram [Mon, 13 Jun 2022 11:43:50 +0000 (17:13 +0530)]
Add QCA vendor interface for PASN offload to userspace
Define QCA vendor interface for PASN offload to userspace from the driver.
The driver can send this command as an event to a userspace component to
perform PASN authentication with a list of peers with which the driver
needs to do ranging. The userspace component, if capable of performing
PASN handshake, can perform PASN handshake with all the peer devices and
set the relevant keys by sending the
QCA_NL80211_VENDOR_SUBCMD_SECURE_RANGING_CONTEXT command for each peer
to the driver.
Once PASN handshake is completed with all requested peers, the userspace
component sends consolidated status for all the peers to the driver. The
consolidated report is required for the driver to understand that the
PASN handshake process is complete and whether it succeeded/failed for
each of the peers it was requested for. The secure ranging context is
configured only for the peers with which the PASN handshake succeeded.
When the driver requests PASN keys, the userspace component can set the
keys from its cache if those keys have not already expired and were
derived with the same source MAC address that is requested by the driver
instead of doing the full PASN handshake again.
If the driver detects that current keys of a peer are not valid anymore,
it sends a notification to userspace using the
QCA_NL80211_VENDOR_SUBCMD_PASN command and setting the action to
QCA_WLAN_VENDOR_PASN_ACTION_DELETE_SECURE_RANGING_CONTEXT. The userspace
component should delete the corresponding keys from its cache.
Add a vendor attribute to configure concurrency policy for AP interface
Add a new QCA vendor attribute
QCA_WLAN_VENDOR_ATTR_CONCURRENT_POLICY_AP_CONFIG to
QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_POLICY sub command to set the
concurrency policy for AP interface.
QCA_WLAN_VENDOR_ATTR_CONCURRENT_POLICY_AP_CONFIG uses the values
defined in enum qca_wlan_concurrent_ap_policy_config to specify
concurrency policy.
Rename QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_MULTI_STA_POLICY to
QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_POLICY to allow extension for other
interface type(s). A subsequent commit will extend the renamed
definitions in a manner that is inconsistent with the current naming.
This is a precursor for AP/P2P concurrency policy configuration support
via updated vendor command QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_POLICY.
Move CHANWIDTH_* definitions from ieee80211_defs.h to defs.h
Move most of CHANWIDTH_* definitions from ieee80211_defs.h to defs.h as
the definitions are getting used mostly for internal purpose only. Also
change prefix of the definitions to CONF_OPER_CHWIDTH_* and update in
all the files accordingly.
Leave the couple of VHT-specific exceptions to use the old defines (the
reason why they were originally added as VHT values), to avoid use of
clearly marked configuration values in information elements. In
addition, use the defines instead of magic values where appropriate.
Jouni Malinen [Thu, 16 Jun 2022 17:26:11 +0000 (20:26 +0300)]
tests: Make OCV negative test error cases more robust
Try to avoid an exception while processing an exception that indicates
the test case failed. Explicit DISCONNECT command here can avoid the
undesired FAIL-BUSY from cleanup SCAN.
Add QCA vendor event to indicate driver recovery after internal failures
Add QCA vendor event to indicate user space that the driver recovery is
completed after the internal failure reported with
QCA_NL80211_VENDOR_SUBCMD_HANG.
Xinyue Ling [Mon, 13 Jun 2022 06:29:56 +0000 (14:29 +0800)]
Set current_ssid before changing state to ASSOCIATING
For hidden GBK encoding of a Chinese SSID, both the UTF-8 and GBK
encoding profiles are added into wpa_supplicant to make sure the
connection succeeds. In this situation, wpa_supplicant_select_network()
will not be called so current_ssid is NULL when association begins.
Android monitors the WPA_EVENT_STATE_CHANGE event to get the SSID and
BSSID. When connecting to a Chinese SSID, in case of association
rejection happens, Android will report null SSID to OEM APP because
current_ssid is updated after wpa_supplicant_set_state(wpa_s,
WPA_ASSOCIATING), which may cause confusion.
Fix this by setting the current_ssid before changing state to
ASSOCIATING.
QCA vendor attribute to configure direct data path for audio traffic
Add a new QCA vendor attribute
QCA_WLAN_VENDOR_ATTR_CONFIG_AUDIO_DATA_PATH to
QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION to configure audio data
path.
Possible audio data paths are defined in enum qca_wlan_audio_data_path.
QCA vendor command support to get WLAN radio combinations
Vendor command to get the WLAN radio combinations matrix supported by
the device which provides the device simultaneous radio configurations
such as standalone, dual band simultaneous, and single band
simultaneous.
projects / thirdparty / hostap.git / log
