Parse link id info from channel switch events and indicate the info to
control interface using new per link channel switch events. If channel
switch happens on the link which used during association both legacy
and new per-link channel switch events will be reported.
nl80211: Send bssid info as parameter to nl80211_get_link_signal()
Add bssid as parameter to nl80211_get_link_signal() instead of using
bssid from driver structure. This is useful for calling the function
per-MLO link.
MLD STA: Fetch MLO connection info into core wpa_supplicant
Add support to fetch MLO connection info from the driver to the
wpa_supplicant instance of corresponding MLD STA interface. In addition,
return true for BSSs associated with MLO links from wpa_bss_in_use() to
avoid getting them cleared from scan results.
nl80211: Parse MLO connection info in NL80211_CMD_CONNECT event
Parse NL80211_ATTR_MLO_LINKS in NL80211_CMD_CONNECT event and cache the
MLO connection information. Set the legacy connection fields such as
assoc_freq and bssid to the values of the MLO link on which association
happened.
Define the following fields described in IEEE P802.11be/D2.1:
- Multi-Link element types as defined in Table 9-401c (Type subfield
encoding)
- Basic Multi-Link element presence bitmap as defined in Figure
9-1002g (Presence Bitmap subfield of the Basic Multi-Link element
format)
Chaoli Zhou [Tue, 30 Aug 2022 07:13:57 +0000 (15:13 +0800)]
Configure RRM elements to the driver in the driver-AP-SME case
Support updating the RRM IEs to the driver for Probe Response and
(Re)Association response frames in the AP mode when the SME is
implemented in the driver.
SAE: Use correct SSID profile for SAE auth retries during external auth
Previously, wpa_supplicant was using the current SSID for building the
SAE authentication commit frame for retries during external
authentication. But the external authentication SSID can be different
from the current SSID. Fix this by using the correct SSID profile.
SAE: Make sure H2E PT is derived for external auth SSID profile
The driver's SME may choose a BSS of a different ESS (SSID) compared to
the current SSID and trigger external authentication. If the chosen SSID
is not associated/selected before by wpa_supplicant it won't have the
H2E PT derived. Make sure to derive PT for SSID indicated in the
external authentication request.
Enable TWT responder AP role only if IEEE 802.11ax/HE is enabled
Set TWT responder configurator in the driver parameters only when the AP
is configured with HE enabled. This was already done for the extended
capability bit generation in commit 8de0ff0fa1de ("HE: Add TWT responder
extended capabilities field"), but this parameter for the driver command
to start the AP in _ieee802_11_set_beacon() missed the condition.
Move the ieee80211ax check into the common helper function to cover both
cases. In addition, add a check for disable_11ax to cover the case where
HE is disabled for a specific BSS.
Hu Wang [Fri, 26 Aug 2022 03:17:50 +0000 (11:17 +0800)]
Add p2p_optimize_listen_chan=1 to default Android template
Commit e3bd6e9dc0 ("P2P: Use another interface operating channel as
listen channel") allows P2P listen channel to be selected based on
another interface operating channel if it is one of social channels
(i.e., 2.4 GHz 1, 6, 11).
This optimization is disabled by default due to the technical
specification expectations, but since this can be quite helpful for
optimized behavior, enable it by adding p2p_optimize_listen_chan=1 to
the default Android configuration template.
Use the MLD MAC Address instead of link address in CCMP/GCMP AAD/nonce
construction when processing an individually addressed Data frame with
FromDS=1 or ToDS=1 between an AP MLD and non-AP MLD.
wlantest: Use link BSS entry instead of AP MLD entry for EAPOL-Key frames
SA/DA in EAPOL-Key frames might not be the BSSID when MLO is used. Check
for these cases to avoid adding unexpected BSS entries for AP MLD
instead of the per-link BSS entry. This is needed to be able to find the
derived keys when decrypting protected frames.
wlantest: Distinguish EAPOL-Key msg 4/4 from 2/4 based on Key Nonce
IEEE P802.11be adds the MAC Address KDE into the EAPOL-Key msg 4/4 when
MLO is used and as such, the previously used check for Key Data Length
value 0 is not sufficient for recognizing the EAPOL-Key msg 4/4 anymore.
Also check for an all zero Key Nonce value since that field is supposed
to be zero in EAPOL-Key msg 4/4 and it has to be a random value in
EAPOL-Key msg 2/4.
wlantest: Use MLD MAC addresses, if known, as AA/SA in PTK derivation
When MLO is used, the MLD MAC addresses of the AP MLD and non-AP MLD are
used as the Authenticator and Supplicant addresses. Update PTK
derivation to use this information to work with MLO.
wlantest: Learn MLD MAC address from EAPOL-Key msg 1/4 and 2/4
IEEE P802.11be indicates the MLD MAC addresses, i.e., the Authenticator
and Supplicant addresses, in the MAC Address KDE in EAPOL-Key msg 1/4
and 2/4. Learn those addresses so that wlantest can be extended to
support MLO.
Verify that the MAC Address KDE includes enough data to contain a MAC
address as a part of the parsing function so that each caller would not
need to verify this separately. None of the existing users of this
parser actually needed the MAC address value, so there was not any use
for the length field before. The updated design is more robust for
future uses and gets rid of that unused length field as well.
Fix expiration logic for the first PTKSA cache entry
When an entry is added to the PTKSA cache, timer expiration is not set.
Check the list and set the timer expiration when the list is empty also.
When another entry is added to the list, it is placed before the relavant
entry in the order of expiry time of all entries present in the list.
PASN: Set secure ranging context to driver after association
After the secure association and PTK derivation are completed, if the
device supports LTF keyseed, generate the LTF keyseed using KDK and set
the ranging context to the driver by using the command
QCA_NL80211_VENDOR_SUBCMD_SECURE_RANGING_CONTEXT.
PASN: Configure secure ranging context to the driver in AP mode
AP as a responder, on successful completion of PASN authentication
configures the required keys by using the command
QCA_NL80211_VENDOR_SUBCMD_SECURE_RANGING_CONTEXT to the driver.
nl80211: Define vendor interface functions to offload PASN authentication
This defines the QCA vendor interface functions to offload PASN
authentication from the driver.
The driver sends the QCA_NL80211_VENDOR_SUBCMD_PASN event requesting to
perform PASN authentication with a list of peers with which the driver
needs to do ranging. wpa_supplicant performs PASN handshake with all the
peer devices and sets the required keys using the command
QCA_NL80211_VENDOR_SUBCMD_SECURE_RANGING_CONTEXT to the driver. After
PASN handshake is completed with all requested peers, wpa_supplicant
sends consolidated status for all peers to the driver.
PASN: Set keys from PTKSA cache for a valid PTKSA entry
Set secure ranging context to the driver for a valid PTKSA entry in the
PTKSA cache, if available. When the driver requests for PASN keys,
wpa_supplicant configures the keys from its cache if the keys for the
peer derived with the same own MAC address are available in the cache
instead of doing the full PASN handshake again.
nl80211: Allow PASN Authentication frames with random (foreign) MAC address
To support secure ranging with a random MAC address, PASN handshake is
performed with a different source MAC address from the device's own
interface address. Hence, allow PASN Authentication frames with any
foreign MAC address to further process the Authentication frames.
PASN: Deauthenticate on PTKSA cache entry expiration
Add an option for an alternative processing of PTKSA life time expiry.
Register a callback in wpa_supplicant to handle the life time expiry of
the keys in PTKSA cache. Send PASN deauthentication when a PTKSA cache
entry expires.
PASN: Offload handshake for multiple peers from the driver
This brings in the functionality to hold multiple peers and perform PASN
authentication with each peer at a time and send the PASN response to
the driver. PASN parameters such as AKMP and cipher suite are obtained
from the BSS information of the cached scan results. Also add
functionality to trigger deauthentication to the peer for which PASN
request with action PASN_ACTION_DELETE_SECURE_RANGING_CONTEXT is
received.
PASN: Add interface to handle PASN request from the driver
This brings in the function declarations and data structures that are
required for handling PASN request from the driver, sending secure
ranging context and PASN response to the driver.
Vinay Gannevaram [Sun, 20 Mar 2022 09:59:49 +0000 (15:29 +0530)]
Add own MAC address in PASN supplicant start and deauthentication
The driver requests PASN authentication for a peer with a specified
source (own) MAC address. Use the specified own MAC address for PASN
operations. This is needed to allow random MAC addresses to be used.
Vinay Gannevaram [Sun, 20 Mar 2022 09:26:00 +0000 (14:56 +0530)]
Add own MAC address used for key derivation to PTKSA cache
On successful PASN handshake or 4-way handshake with a peer, PTK is
derived using the local and peer MAC addresses as input. Store the own
MAC address that is used for key derivation in PTKSA cache to maintain
that state over potential MAC addresses changes.
Vinay Gannevaram [Sun, 20 Mar 2022 13:56:02 +0000 (19:26 +0530)]
Use separate PASN capabilities for AP and STA modes
Use separate capabilities for AP and STA modes for P802.11az security
parameters secure LTF support, secure RTT measurement exchange support,
and protection of range negotiation and measurement management frames
support.
P802.11az security parameters are considered to be supported for both
station and AP modes if the driver sets NL80211_EXT_FEATURE_SECURE_LTF,
NL80211_EXT_FEATURE_SECURE_RTT, and
NL80211_EXT_FEATURE_PROT_RANGE_NEGO_AND_MEASURE flags. The driver can
advertize capabilities specific to each mode using
QCA_WLAN_VENDOR_FEATURE_SECURE_LTF*,
QCA_WLAN_VENDOR_FEATURE_SECURE_RTT*, and
QCA_WLAN_VENDOR_FEATURE_PROT_RANGE_NEGO_AND_MEASURE* flags.
Vinayak Yadawad [Thu, 30 Jun 2022 04:08:14 +0000 (09:38 +0530)]
EAPOL: Update PMK length in EAPOL callback to support longer keys
With introduction of newer AKMs, there is a need to update the PMK
length plumbed for the driver based 4-way handshake. To support this,
the current update the PMK length to 48, if the key management type uses
SHA-384. This is needed, e.g., for SUITE-B-192.
Andre Heider [Wed, 22 Jun 2022 12:13:55 +0000 (14:13 +0200)]
OpenSSL: Include rsa.h for all OpenSSL versions
This fixes the build with OpenSSL 1.1.1:
../src/crypto/crypto_openssl.c: In function 'crypto_rsa_oaep_sha256_decrypt':
../src/crypto/crypto_openssl.c:4404:49: error: 'RSA_PKCS1_OAEP_PADDING' undeclared (first use in this function)
P2P: Skip 6 GHz band directly if 6 GHz P2P is disabled
If 6 GHz is supported by the device but 6 GHz P2P is disabled, P2P
invitation would fail if the GO select an operating channel which is not
the preferred channel. The root cause is that the 5 GHz and 6 GHz bands
are both HOSTAPD_MODE_IEEE80211A so the 5 GHz channels would be added
twice for the P2P Client's following scanning frequency list. This will
cause scanning to fail with -EINVAL. Fix this by adding the 5 GHz
channels only once.
Seongsu Choi [Tue, 30 Aug 2022 04:21:16 +0000 (13:21 +0900)]
Fix wrong AKM priority for FILS
According to the OCE specification, the STA shall select the AKM in
priority order from the list below.
1. FT Authentication over FILS (SHA-384) 00-0F-AC:17
2. FILS (SHA-384) 00-0F-AC:15
3. FT Authentication over FILS (SHA-256) 00-0F-AC:16
4. FILS (SHA-256) 00-0F-AC:14
5. FT Authentication using IEEE Std 802.1X (SHA-256) 00-0F-AC:3
6. Authentication using IEEE Std 802.1X (SHA-256) 00-0F-AC:5
7. Authentication using IEEE Std 802.1X 00-0F-AC:1
Move the FT-FILS-SHA256 check to be after the FILS-SHA384 one to match
this.
Jouni Malinen [Mon, 29 Aug 2022 18:46:09 +0000 (21:46 +0300)]
wlantest: Extend Management frame decryption to support GCMP and CCMP-256
Data frame processing had already been extended to support additional
cipher suites, but Robust Management frame processing was still using a
hardcoded cipher suite (CCMP-128). Extend it to support GCMP-128,
GCMP-256, and CCMP-256 as well.
Jouni Malinen [Fri, 26 Aug 2022 21:50:05 +0000 (00:50 +0300)]
DPP3: Do not initiate PKEX for PB if no configuration is available
Reorder PKEX initiation function to send out the PKEX Exchange Request
frame at the end after all possible error cases have been checked. This
prevents Enrollee from seeing a PKEX frame when the session is about to
fail.
mukul sharma [Fri, 19 Aug 2022 18:24:47 +0000 (23:54 +0530)]
Add QCA vendor interface to get SAR capabilities to userspace
Add QCA_NL80211_VENDOR_SUBCMD_GET_SAR_CAPABILITY to get various SAR
capabilities supported by the WLAN firmware to userspace. These
capabilites are usually reported by the firmware during the initial
bootup handshake with the driver. Based on these capabilities, user
space can choose proper SAR indexes.
Add support to send multi AKM connect request when driver's SME in use
Add support to configure SAE, PSK, and PSK-SHA256 AKMs in connect
request when driver's SME in use. This is needed for implementing
WPA3-Personal transition mode correctly with any driver that handles
roaming internally.
Send additional AKMs configured in network block to driver based on
the maximum number of AKMs allowed by driver in connect request. Keep
first AKM in the list AKMs in the connect request as AKM selected by
wpa_supplicant to maintain backwards compatibility.
Update PSK after cross AKM roaming to WPA-PSK when driver's SME in use
4-way handshake was failing after the driver roam from SAE to WPA-PSK
due to wpa_sm having an old PMK which was generated during previous SAE
connection.
To fix this update PSK to wpa_sm when AKM changes from SAE to WPA-PSK
for the target AP to have a correct PMK for 4-way handshake. Also,
update PSK to the driver when key management offload is enabled.
Jouni Malinen [Thu, 25 Aug 2022 21:25:17 +0000 (00:25 +0300)]
DPP: Fix DPP_RELAY_ADD_CONTROLLER command parsing
hostapd_dpp_add_controller() ended up trying to parse the IP address
without nul terminating it. This might work with some C libraries, but
not all. And anyway, this was already supposed to nul terminate the
string since a temporary copy is created of the constant string. Fix
this by adding the missed replacement of the space with nul.
Fixes: bfe3cfc382d6 ("DPP: Allow Relay connections to Controllers to be added and removed") Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Jouni Malinen [Thu, 25 Aug 2022 09:47:53 +0000 (12:47 +0300)]
DPP3: Use chirping channel list in PB discovery
This design was changed in the draft specification, so update
implementation to match the new design. Instead of including all
supported 2.4 and 5 GHz channels, generate the channel list using the
same mechanism that was already used for chirping.
Jouni Malinen [Thu, 25 Aug 2022 09:46:17 +0000 (12:46 +0300)]
tests: DPP PB channel changes
Prepare for an implementation change for the PB discovery channel list.
Move the standlone (not an AP) PB Configurators to a preferred channel
and enable Configurator connectivity indication in APs that act as PB
Configurators.
Jouni Malinen [Wed, 24 Aug 2022 20:28:20 +0000 (23:28 +0300)]
OpenSSL: Fix HPKE in some corner cases
EVP_PKEY_derive() might report a larger maximum size of the output than
HPKE_MAX_SHARED_SECRET_LEN under some conditions. That should be allowed
as long as the real final length is within the maximum limit.
Furthermore, since we are using a fixed length buffer for this, there is
no need to call EVP_PKEY_derive() twice to first learn the maximum
length. Use a bit longer buffer and allow OpenSSL to take care of the
update to the final length internally with than single call.
This showed up using the following test case sequence:
dbus_pkcs11 dpp_private_peer_introduction
Jouni Malinen [Wed, 24 Aug 2022 15:31:54 +0000 (18:31 +0300)]
DPP: Do not discard network introduction frames in test mode
dpp_discard_public_action=1 was not supposed to prevent network
introduction, i.e., it was only for frames that could go through the
DPP-over-TCP path. Fix this not to prevent network introduction when
using DPP-over-TCP to configure a DPP AKM profile.
Configurator station seems to be unable to get the first Authentication
Request frame transmitted through mac80211_hwsim for some reason. It is
not really clear why this happens and why it started happening now, but
as a temporary workaround, wait a second here since that seems to avoid
this for some unknown reason.
sae.c depends on wpa_common.c now and as such, this test build needs to
pull in whatever is needed there and that happens to include sha1-prf.c.
Add that to the fuzzer to fix the build.
This test case assumed that the p2p_pref_chan 128:44 parameter would
have resulted in channel 44 (5220 MHz) being selected. That does not
work anymore since that channel was marked to require DFS/radar
detection in regdb. Fix the text case by changing to use another country
with rules that match the test case expectations.
It looks like some test cases could fail due to timeouts since the 10
second wait may not be sufficient to cover some cases where 6 GHz
channels get scanned. Increase the timeouts to avoid hitting such cases.
nl80211: Allow more time for the initial scan with 6 GHz
The initial timeout of 10 seconds for the first scan before knowing
whether the driver reports scan completion events may not be sufficient
in cases where the driver ends up scanning a large number of channels.
In particular, this could be hit with 6 GHz support. Increase this
timeout when the driver indicates support for 6 GHz channels.
It looks like the host update of regulatory information can still get
through somehow, so add alternative expected values for the supported
operating classes for cases where 6 GHz frequencies were added recently.
David Benjamin [Mon, 13 Jun 2022 16:22:05 +0000 (12:22 -0400)]
Remove a host of unnecessary OPENSSL_IS_BORINGSSL ifdefs
The <openssl/buf.h> include is relevant in both OpenSSL and BoringSSL
because the file uses BUF_MEM (include what you use). OpenSSL just
happened to include it via another file. OpenSSL also spells it
<openssl/buffer.h>, not matching the type, so use the compatible
spelling.
Additionally all the CHECKED_CAST and manual STACK_OF(T) definitions
call into BoringSSL internals. The correct, public APIs are simply to
just use the same code as OpenSSL and call the DEFINE_STACK_OF macros.
Signed-off-by: David Benjamin <davidben@google.com>
Always process pending QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH data
Commit 74818ca63f7e ("Process
QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH after NL80211_CMD_ROAM")
added workaround to hold the pending
QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH event data for up to 100 ms
in case NL80211_CMD_ROAM is not received first. The 100 ms wait period
was sufficient for most of the cases but it's observed that some times
kernel is taking more than 100 ms to process and send NL80211_CMD_ROAM
to userspace.
If NL80211_CMD_ROAM takes more than 100 ms
QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH event data getting ignored
though wpa_supplicant has it. To avoid this remove timeout for
QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH event data since driver
always indicates NL80211_CMD_ROAM along with
QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH.
In addition, clear the pending event data when marking the interface
disconnected since the roaming information is supposed to be used only
when reassociating without a disconnection.
ipv4_params/ip6_params in type4_params maintains separate classifier
mask while type4_params already has a common classifier_mask. Lets
use the common classifier mask for both ipv4/ipv6 params and remove
the redundant params_mask in ipv4_params/ip6_params.
Xiaoning Ma [Wed, 27 Jul 2022 14:07:22 +0000 (22:07 +0800)]
Add fixed FDD mode to qca_btc_chain_mode QCA vendor attribute
Previously when chains of BT and WLAN 2.4 GHz are separated,
hybrid mode will be used for BTC. Now adding fixed FDD mode
to fulfill different BTC scenarios.
DPP: Check Enrollee supported curves when building Config Response
The Enrollee may report its supported curves in the bootstrapping URI.
If it does that, the Configurator may stop generating the Config Object
that would depend on the Enrollee using a curve that it did not indicate
as being supported. Check for this case while proessing the Config
Request and stop Configurator from building a configuration that is
known not to work.
DPP: Allow dpp_controller_start without arguments in CLIs
The DPP_CONTROLLER_START control interface command can be used without
any arguments, so do not force at least a single argument to be included
in wpa_cli and hostapd_cli.
SAE: Indicate AKM suite selector in commit for new AKM suites
SAE authentication needs to known which AKM suite is being used to be
able to determine the correct PMK length for the new AKM suite selectors
that use variable length keys.
SAE: Use H2E unconditionally with the new AKM suites
The new SAE AKM suites are defined to use H2E, so ignore the sae_pwe
value when these AKM suites are used similarly to the way H2E gets
enabled when SAE Password Identifiers are used.
projects / thirdparty / hostap.git / log
