Jouni Malinen [Mon, 1 Feb 2021 14:57:14 +0000 (16:57 +0200)]
Add EAPOL_TX command to extend ext_eapol_frame_io possibilities
This makes it convenient for an external test script to use
ext_eapol_frame_io=1 to delay and/or modify transmission of EAPOL-Key
msg 1/4 without having to use separate frame injection mechanisms.
Jouni Malinen [Mon, 8 Feb 2021 16:38:39 +0000 (18:38 +0200)]
wlantest: TKIP frame reassembly for Michael MIC check in fragmented case
Reassemble the full MSDU when processing TKIP protected fragmented
frames so that the Michael MIC can be validated once the last fragment
has been received.
Jouni Malinen [Sat, 30 Jan 2021 15:28:49 +0000 (17:28 +0200)]
wlantest: Report decrypted TKIP frames even if cannot check Michael MIC
This can be useful for debugging, so return successfully decrypted TKIP
frame even if the Michael MIC cannot be verified (fragment reassembly
not yet supported) or if the Michael MIC value is incorrect. Add a note
in the frame to point out that the Michael MIC was not verified or is
incorrect.
Jouni Malinen [Mon, 10 May 2021 22:03:57 +0000 (01:03 +0300)]
Skip GTK rekeying request if rekeying already in process
Do not start yet another rekeying of GTK when receiving an EAPOL-Key
request frame at the point when the GTK is already being rekeyed. This
fixes issues where the AP might end up configuring a different GTK than
the one it sends to the associated stations.
Vamsi Krishna [Tue, 4 May 2021 13:46:44 +0000 (19:16 +0530)]
Prefer 6 GHz APs for connection in BSS selection
Prefer 6 GHz APs when estimated throughputs are equal with APs from the
2.4/5 GHz bands while selecting APs for connection. Also add a 6 GHz
specific noise floor default value for the 6 GHz band (with the same
value as was used for 5 GHz previously) to make this step clearer.
Vamsi Krishna [Tue, 4 May 2021 13:01:18 +0000 (18:31 +0530)]
Add support to calculate estimated throughputs for HE rates
Add support to consider HE rates while estimating throughputs for the
scan results from HE enabled APs. HE 0.8 usec GI rates are used in all
tables. The minimum SNR values for HE rates (1024-QAM) are derived by
adding the existing minimum SNR values of 256-QAM rates from VHT tables
and the difference between the values of minimum sensitivity levels of
256-QAM rates and 1024-QAM rates defined in Table 27-51 (Receiver
minimum input level sensitivity) in IEEE P802.11ax/D8.0.
Vamsi Krishna [Tue, 4 May 2021 19:34:54 +0000 (01:04 +0530)]
Add support to estimate throughput for VHT 160/80+80 MHz supporting APs
Add support to calculate estimated throughputs for APs which support the
160 MHz (including 80+80 MHz) mode in VHT. The minimum SNR values for
VHT 160 MHz mode are derived from minimum SNR values used for VHT 80 MHz
mode + 3 dBm. The min-SNR values are derived relatively based on the
information that the minimum sensitivity levels defined in Table 21-25
(Receiver minimum input level sensitivity) in IEEE Std 802.11-2020 for
the 160 MHz mode are higher by 3 dBm compared to the values of the 80
MHz mode for each rate.
Vamsi Krishna [Tue, 4 May 2021 19:15:30 +0000 (00:45 +0530)]
Check local supported features for estimating BSS throughputs accurately
Add checks for features supported by the specific hardware mode of the
local device that has the channel for which the throughput is being
estimated instead of assuming the local device supports all optional
features. This is more accurate for cases where the local capabilities
might differ based on the band. In addition, this is in preparation for
extending rate estimates to cover optional VHT and HE features.
Jouni Malinen [Thu, 6 May 2021 20:49:12 +0000 (23:49 +0300)]
tests: Fix eap_proto_sake_server with Session ID = 255
Need to wrap back to 0 when changing value 255 to avoid generating a too
large value to fit an octet field. This was resulting in errors due to a
python exception (likely for about every 256th run).
Jouni Malinen [Thu, 6 May 2021 20:28:27 +0000 (23:28 +0300)]
wlantest: Support HT Control field in QoS Data frames
Extend Data frame processing (and decryption) to handle +HTC frames by
skipping the HT Control field at the end of the frame header. While this
is not an exact match of the rules in IEEE Std 802.11-2020 for when the
HT Control field is present in frames (e.g., no check of the TXVECTOR
value), this is good enough to cover the most likely used cases.
Jouni Malinen [Tue, 4 May 2021 15:19:23 +0000 (18:19 +0300)]
tests: Limit maximum number of frames in fuzzing tests
This limits the EAP-SIM and EAP-AKA tests to 100 test frames to avoid
undesired timeouts in automated fuzz testing. The real world uses are
limited to 50 rounds, so there is not really any point in trying with
thousands of frames.
Determine 6 GHz bandwidth in AP mode ACS using op_class parameter
Determine bandwidth from op_class parameter when set in config. When not
configured, use he_oper_chwidth for determining 80 MHz or 160 MHz. When
both are not set, fall back to 20 MHz by default. This helps in removing
the dependency on op_class parameter in 6 GHz ACS.
6 GHz: Fix operating class in Supported Operating Classes element
Previously, the secondary channel was set only in presence of HT
capabilities based on HT40+ or HT40-. As HT capabilities and
secondary_channel are not present for the 6 GHz bamd, this causes
incorrect operating class indication in the Supported Operating Classes
element.
Fix this by assigning the secondary channel for bandwidths greater than
20 MHz in the 6 GHz band.
Jouni Malinen [Mon, 3 May 2021 17:03:28 +0000 (20:03 +0300)]
tests: Update server and user certificates (2020)
The previous versions expired, so need to re-sign these to fix number of
the EAP test cases. This contains updates from running
tests/hwsim/auth_server/update.sh.
P Praneesh [Mon, 5 Apr 2021 05:45:26 +0000 (11:15 +0530)]
hostapd: Update 160 MHz center freq calculation in 6 GHz
In the 6 GHz Operation Information field, the Channel Center Frequency
Segment 0 field indicates the channel center frequency index for
the 20 MHz, 40 MHz, 80 MHz, or 80+80 MHz channel on which the
BSS operates in the 6 GHz band. If the BSS channel width is 160 MHz
then the Channel Center Frequency Segment 0 field indicates the
channel center frequency index of the primary 80 MHz.
The Channel Center Frequency Segment 1 field indicates the channel
center frequency index of the 160 MHz channel on which the BSS operates
in the 6 GHz band or the channel center frequency of the secondary 80
MHz for the 80+80 MHz channel.
Since Channel Center Frequency Segment 1 was 0 for 160 MHz, 6 GHz STA
associated using 80 MHz. Update seg0 and seg1 fields per standard (IEEE
P802.11ax/D8.0: 9.4.2.249 HE Operation element).
Signed-off-by: P Praneesh <ppranees@codeaurora.org>
When WMM is disabled, HT/VHT/HE capabilities should not be used for any
STA. If any STA advertises these capabilities, hostapd AP disables HT
capabilities in STA flags during STA assoc, but VHT/HE was not handled
similarly. This could allow a STA to associate in VHT/HE mode even in
WMM disable case.
To avoid this, disable VHT/HE capabilities similarly to HT during STA
association, if WMM is not enabled by the STA.
nl80211: Map internal TDLS_PEER_* to NL80211_TDLS_PEER_*
Even though these enum definitions are currently identical, it is better
to explicitly map these bits to the kernel interface instead of using
the internal definition for this. This makes it much clearer that new
enum tdls_peer_capability value needs to be assigned in nl80211 before
they can be added into wpa_supplicant.
Add support to indicate TDLS peer's HE capability to driver
Indicate TDLS peer's capability to driver after processing TDLS setup
response frame. This information can be used by the driver to decide
whether to include HE operation IE in TLDS setup confirmation frame.
Kani M [Thu, 18 Feb 2021 07:25:44 +0000 (12:55 +0530)]
Fix UPDATE_BEACON processing when disabled
The hostapd process crashed when the UPDATE_BEACON control interface
command was issue after the interface was disabled. Check for this case
and return an error if the interface is disabled.
Kani M [Tue, 13 Apr 2021 04:56:47 +0000 (10:26 +0530)]
DPP2: Fix channel 6 inclusion for chirping with non-2 GHz interfaces
When the driver provides a list of supported modes, chan6 ended getting
added even if the 2.4 GHz mode was not included. This resulted in
incorrect behavior of trying to transmit on a not supported channel in
case of 5 GHz only radios.
Fix this by adding the channel 6 by default only if the driver does not
provide a list of supported modes. Whenever the supported modes are
available, only add this channel if it is explicitly listed as an
enabled channel.
Fixes: 8e5739c3ac31 ("DPP2: Check channel 6 validity before adding it to chirp channel list") Signed-off-by: Kani M <kanisumi@codeaurora.org>
Disha Das [Thu, 15 Apr 2021 13:21:06 +0000 (18:51 +0530)]
DPP2: Get DPP Relay Controller context based on hostapd callback context
Get the DPP Relay Controller context from the list of configured
Controllers based on the correct hostapd callback context. This is
needed to pick the correct hostapd interface for sending out the
response over air, e.g., when the same hostapd process controls a 2.4
GHz only and a 5 GHz only interface.
Disha Das [Thu, 11 Feb 2021 08:36:47 +0000 (14:06 +0530)]
DPP2: Close incomplete Relay connections
Add timeout to close incomplete DPP relay connections. This is needed to
avoid getting stuck with old entries that prevent new connections from
getting started.
OpenSSL: Fix compilation for version < 1.1.0 without CONFIG_ECC
When CONFIG_ECC is not defined, openssl/ec.h is not included and EC_KEY
not known. Fix be not defining EVP_PKEY_get0_EC_KEY() when CONFIG_ECC is
not defined.
Signed-off-by: Wolfgang Steinwender <wsteinwender@pcs.com>
Add helper functions for parsing RSNXE capabilities
Simplify the implementation by using shared functions for parsing the
capabilities instead of using various similar but not exactly identical
checks throughout the implementation.
SAE: Remove now unused password identifier argument from non-H2E case
IEEE Std 802.11-2020 mandates H2E to be used whenever an SAE password
identifier is used. While this was already covered in the
implementation, the sae_prepare_commit() function still included an
argument for specifying the password identifier since that was used in
an old test vector. Now that that test vector has been updated, there is
no more need for this argument anymore. Simplify the older non-H2E case
to not pass through a pointer to the (not really used) password
identifier.
Ilan Peer [Thu, 8 Apr 2021 09:06:24 +0000 (12:06 +0300)]
PASN: Change PASN flows to use SAE H2E only
Do so for both wpa_supplicant and hostapd. While this was not explicitly
required in IEEE P802.11az/D3.0, likely direction for the draft is to
start requiring use of H2E for all cases where SAE is used with PASN.
Ilan Peer [Thu, 8 Apr 2021 09:06:20 +0000 (12:06 +0300)]
PASN: Derive KDK only when required
When a PTK derivation is done as part of PASN authentication flow, a KDK
derivation should be done if and only if the higher layer protocol is
supported by both parties.
Fix the code accordingly, so KDK would be derived if and only if both
sides support Secure LTF.
Add vendor reason codes for TWT setup reject on roaming/channel switch
The firmware rejects the TWT setup request when roaming and channel
switch is in progress. Extend enum qca_wlan_vendor_twt_status to
represent new reason codes for these cases.
Sunil Dutt [Thu, 25 Mar 2021 14:17:13 +0000 (07:17 -0700)]
Set last_eapol_matches_bssid=1 on a roam+auth indication from driver
Commit 3ab35a660364 ("Extend EAPOL frames processing workaround for
roaming cases") added a work around to address the issue of EAPOL frame
reception after reassociation replied to with an incorrect destination
address (the BSSID of the old AP). This is due to association events and
EAPOL RX events being reordered for the roaming cases with drivers that
perform BSS selection internally.
This mechanism relies on the fact that the driver always forwards the
EAPOL handshake to wpa_supplicant after the roaming (sets
last_eapol_matches_bssid during the EAPOL processing and resets on the
assoc/reassoc indication).
The above approach does not address the case where the driver does the
EAPOL handshake on the roam, indicating the authorized status to
wpa_supplicant but also forwards the EAPOL handshake to wpa_supplicant
for few other roam attempts. This is because the flag
last_eapol_matches_bssid is not set with the roam+authorized event from
the driver. Thus, the next reorder of roam and EAPOL RX events would
miss this workaround.
Address this by setting last_eapol_matches_bssid=1 on a roam+authorized
event from the driver.
SAE: Increment the Sc counter before generating each Confirm
This changes the Send-Confirm value for the first SAE Confirm message to
be 1 instead of 0 for all cases to match the design shown in IEEE Std
802.11-2020, Figure 12-4 (SAE finite state machine).
Sc is defined to be "the number of SAE Confirm messages that have been
sent" which is a bit vague on whether the current frame is included in
the count or not. However, the state machine is showing inc(Sc)
operation in all cases before the "2" event to build the Confirm.
Yu Wang [Tue, 19 Jan 2021 08:28:28 +0000 (16:28 +0800)]
nl80211: Support larger number of MAC ACL entries
If the maximum size of MAC ACL entries is large enough, the
configuration message may exceed the default buffer size of a netlink
message which is allocated with nlmsg_alloc(), and result in a failure
when putting the attributes into the message.
To fix this, calculate the required buffer size of the netlink message
according to MAC ACL size and allocate a sufficiently large buffer with
nlmsg_alloc_size().
Yu Wang [Tue, 19 Jan 2021 08:28:28 +0000 (16:28 +0800)]
nl80211: Fix the size of the maximum MAC ACL size
NL80211_ATTR_MAC_ACL_MAX is a u32 attribute to advertise the maximum
number of MAC addresses that a device can support for MAC ACL. This was
incorrectly used as a u8 attribute which would not work with any values
larger than 255 or on big endian CPUs. Fix this by moving from
nla_get_u8() to nla_get_u32().
Fixes: 3c4ca36330c0 ("hostapd: Support MAC address based access control list") Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Lavanya Suresh [Tue, 16 Mar 2021 16:01:19 +0000 (21:31 +0530)]
hostapd: Enable WMM automatically when HE is configured
If WMM is not set explicitly in the configuration, it can be set based
on HT/HE config. As HE can be used without HT/VHT (which was introduced
as a special behavior for the 6 GHz band), add a similar automatic
enabling of WMM for HE without HT.
Jouni Malinen [Thu, 4 Feb 2021 22:28:17 +0000 (00:28 +0200)]
Flush pending control interface message for an interface to be removed
wpa_supplicant_ctrl_iface_deinit() was executed only if the
per-interface control interface initialization had been completed. This
is not the case if driver initialization fails and that could result in
leaving behind references to the freed wpa_s instance in a corner case
where control interface messages ended up getting queued.
Fix this by calling wpa_supplicant_ctrl_iface_deinit() in all cases to
cancel the potential eloop timeout for wpas_ctrl_msg_queue_timeout with
the reference to the wpa_s pointer. In addition, flush any pending
message from the global queue for this interface since such a message
cannot be of use after this and there is no need to leave them in the
queue until the global control interface gets deinitialized.
Jouni Malinen [Wed, 24 Mar 2021 22:30:04 +0000 (00:30 +0200)]
Fix WNM-Sleep Mode exit debug print of BIGTK
Previous debug print used IGTK instead of BIGTK, so fix that to use the
correct key. Actual generation of the BIGTK subelement itself was using
the correct key, though, so this is only needed to fix the debug print.
Jouni Malinen [Mon, 22 Mar 2021 09:29:31 +0000 (11:29 +0200)]
Allow AP mode extended capabilities to be overridden
The new hostapd configuration parameters ext_capa_mask and ext_capa can
now be used to mask out or add extended capability bits. While this is
not without CONFIG_TESTING_OPTIONS, the main use case for this is for
testing purposes.
Jouni Malinen [Mon, 22 Mar 2021 09:33:16 +0000 (11:33 +0200)]
Make hostapd_config_fill() easier to auto indent
The conditional compilation block with only the opening brace included
in two variants was messing up auto indentation in emacs. Work around
this by defining the maximum value conditionally while leave the if
block outside any conditional building rules.
Jouni Malinen [Mon, 22 Mar 2021 09:12:39 +0000 (11:12 +0200)]
Simplify extended capability determination in AP mode
There is no need to determine the exact length of the element before
filling in the octets since this function is already capable of
truncated the fields based on what the actual values are.
Ilan Peer [Sun, 21 Mar 2021 11:55:09 +0000 (13:55 +0200)]
PASN: Add support for comeback flow to wpa_supplicant
Process the received comeback cookie and retry automatically if the AP
allows this. Otherwise, provide the cookie to upper layers to allow a
later attempt with the cookie.
Jouni Malinen [Sun, 21 Mar 2021 09:47:39 +0000 (11:47 +0200)]
DPP: Fix GAS client error case handling in hostapd
The GAS client processing of the response callback for DPP did not
properly check for GAS query success. This could result in trying to
check the Advertisement Protocol information in failure cases where that
information is not available and that would have resulted in
dereferencing a NULL pointer. Fix this by checking the GAS query result
before processing with processing of the response.
This is similar to the earlier wpa_supplicant fix in commit 931f7ff65609
("DPP: Fix GAS client error case handling").
Jouni Malinen [Sat, 20 Mar 2021 14:25:50 +0000 (16:25 +0200)]
EAP-SIM/AKA: Fix check for anonymous decorated identity
eap_sim_anonymous_username() gets called with an argument that is not a
null terminated C string and as such, os_strrchr() and os_strlen()
cannot be used with it. The previous implementation resulted in use of
uninitialized values and a potential read beyond the end of the buffer.
Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32277 Fixes: 73d9891bd722 ("EAP-SIM/AKA peer: Support decorated anonymous identity prefix") Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 20 Mar 2021 14:09:19 +0000 (16:09 +0200)]
DPP: Indicate authentication success on ConfReqRX if needed (hostapd)
It is possible to receive the Configuration Request frame before having
seen TX status for the Authentication Confirm. In that sequence, the
DPP-AUTH-SUCCESS event would not be indicated before processing the
configuration step and that could confuse upper layers that follow the
details of the DPP exchange. As a workaround, indicate DPP-AUTH-SUCCESS
when receiving the Configuration Request since the Enrollee/Responser
has clearly receive the Authentication Confirm even if the TX status for
it has not been received.
This was already done in wpa_supplicant in commit 422e73d623b4 ("DPP:
Indicate authentication success on ConfReqRX if needed") and matching
changes are now added to hostapd.
Jouni Malinen [Sat, 20 Mar 2021 11:36:55 +0000 (13:36 +0200)]
Fix full EAP authentication after PMKSA cache add failure
Need to get EAP state machine into a state where it is willing to
proceed with a new EAP-Request/Identity if PMKSA cache addition fails
after a successful EAP authentication before the initial 4-way handshake
can be completed.
Jouni Malinen [Sat, 20 Mar 2021 10:17:58 +0000 (12:17 +0200)]
DPP2: Fix connection status result wait in hostapd
The waiting_conn_status_result flag was not set which made hostapd
discard the Connection Status Result. Fix this to match the
wpa_supplicant implementation.
Jouni Malinen [Fri, 19 Mar 2021 22:22:28 +0000 (00:22 +0200)]
tests: hostapd airtime policy configuration
Add minimal testing for airtime policy configuration. mac80211_hwsim
does not actually support this functionality, so this is just for
testing coverage of src/ap/airtime_policy.c.
projects / thirdparty / hostap.git / log
