The check for PSK/passphrase not being present was considering only the
WPA-PSK AKM, but the same check should be applied for all other AKMs
that can use a PSK.
QCA vendor attribute to indicate NDP interface managemtn using nl80211
Add a QCA_WLAN_VENDOR_FEATURE_USE_ADD_DEL_VIRTUAL_INTF_FOR_NDI
flag to indicate that the driver requires add/del virtual interface
path using the generic nl80211 commands for NDP interface create/delete
and to register/unregister of netdev instead of creating/deleting
the NDP interface using vendor commands.
With the latest Linux kernel (5.12 version onward), interface
creation/deletion is not allowed using vendor commands as it leads to a
deadlock while acquiring the RTNL_LOCK during the register/unregister of
netdev. Create and delete NDP interface using NL80211_CMD_NEW_INTERFACE
and NL80211_CMD_DEL_INTERFACE commands respectively if the driver
advertises this capability.
Xin Deng [Thu, 10 Feb 2022 08:29:19 +0000 (16:29 +0800)]
FT: Update current_bss to target AP before check for SME-in-driver
STA needs to check AP's information after receive reassociation
response. STA uses connected AP's Beacon/Probe Response frame to compare
with Reassociation Response frame of the target AP currently. However,
if one AP supports OCV and the other AP doesn't support OCV, STA will
fail to verify RSN capability, then disconnect. Update current_bss to
the target AP before check, so that STA can compare correct AP's RSN
information in Reassociation Response frame.
P2P: Copy only valid opclasses while filtering out 6 GHz channels
Copy channels from only valid operating classes in the source channel
list while preparing a non-6 GHz channel/op-classes list when the 6 GHz
band is not used for P2P GO negotiation.
Earlier, during preparation of P2P channels for GO negotiation, a union
of the GO channels and the P2P Client channels is used. While generating
the union in p2p_channels_union_inplace() as the first list itself has
P2P_MAX_REG_CLASSES number of entries, the operating classes from the
second list which are not in the first list were not getting considered.
Fix this by not setting the dst->reg_classes to too large a value.
Fixes: f7d4f1cbec34 ("P2P: Add a mechanism for allowing 6 GHz channels in channel lists") Signed-off-by: Sreeramya Soratkal <quic_ssramya@quicinc.com>
Chaoli Zhou [Thu, 24 Mar 2022 07:19:25 +0000 (15:19 +0800)]
Extend ACL to install allow/deny list to the driver dynamically
Support installing the updated allow/deny list to the driver if it
supports ACL offload. Previously, only the not-offloaded cases were
updated dynamically.
Chaoli Zhou [Thu, 24 Mar 2022 07:19:25 +0000 (15:19 +0800)]
Add return value to ACL functions
While these do not return error code within the current hostapd
implementation, matching functions in wpa_supplicant AP functionality
will have an error case and using consistent return type will make the
control interface code more consistent.
In addition, export hostapd_set_acl() in preparation for the
wpa_supplicant control interface implementation extension.
Chaoli Zhou [Tue, 22 Mar 2022 09:53:21 +0000 (11:53 +0200)]
Update the Extended Capability element to struct sta_info
Only the SME-in-hostapd case updated sta->ext_capability while the
SME-in-the-driver case updated sta->qos_map_enabled, but not other items
related to the extended capabilities. This resulted in reduced
information being available through the control interface.
Use the shared helper function for both cases to get matching
information available regardless of the SME architecture.
Chaoli Zhou [Mon, 21 Mar 2022 05:38:45 +0000 (13:38 +0800)]
Enable BSS Transition Management in wpa_supplicant AP mode
Enable BTM capability for AP mode only and do not affect P2P GO mode.
This can be used for AP band steering when using wpa_supplicant to
control AP mode operations.
Jouni Malinen [Tue, 15 Mar 2022 19:10:31 +0000 (21:10 +0200)]
DPP: Update Controller parameters when it was already started
dpp_configurator_params changes were taken into use in the
non-TCP/Controller case immediately on change, but that was not the case
for the Controller where this was updated only when explicitly starting
it. Change this to update dpp_configurator_params for the Controller as
well even if it is already running.
Jouni Malinen [Tue, 15 Mar 2022 08:39:09 +0000 (10:39 +0200)]
DPP: Fix msg_ctx for PKEX over TCP as Controller/Responder
PKEX Exchange Request handling in Controller used incorrect msg_ctx
pointer and that could result in event messages causing unexpected
behavior. Fix this by registering the correct msg_ctx pointer for these
cases.
Jouni Malinen [Mon, 14 Mar 2022 08:42:11 +0000 (10:42 +0200)]
hs20-osu-client: dNSName values from OSU server certificate for PPS MO
The previous change to allow EST server to use a different host name
ended up overriding the OSU server certificate information and the
incorrect server certificate was used when comparing the SP FQDN from
the PPS MO if the OSU and EST servers where different. Fix this by
keeping the dNSName from the SPP interaction and not storing the values
from the EST interaction.
Fixes: 0ce8d55a2e1b ("hs20-osu-client: Allow EST server to use different host name") Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
DFS: Switch to background radar channel if available
On radar detection on the main chain switch to the channel monitored
by the background chain if we have already performed the CAC there.
If a radar pattern is reported on the background chain, just select a
new random channel according to the regulations for monitoring.
Tested-by: Owen Peng <owen.peng@mediatek.com> Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Introduce the capability to perform radar/CAC detection on an offchannel
radar chain available on some hardware (e.g., mt7915). This feature
allows to avoid CAC downtime switching on a different channel during CAC
detection on the selected radar channel.
Tested-by: Owen Peng <owen.peng@mediatek.com> Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Allow background radar detection flag to be set when specifying a
channel. This is a preliminary change to introduce radar/CAC background
detection support.
Tested-by: Owen Peng <owen.peng@mediatek.com> Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
DFS: Rely on channel_type in dfs_downgrade_bandwidth()
Add the capability to specify all 3 channel type possibilities in
dfs_downgrade_bandwidth(). This is a preliminary change to introduce
radar/CAC background detection support.
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Jouni Malinen [Sun, 13 Mar 2022 16:18:28 +0000 (18:18 +0200)]
tests: Make DPP relay tests more robust
Flush scan results to avoid failure caused by incorrect channel
selection based on an old result for the same BSSID. This was found with
the following test sequence:
ap_track_sta_no_auth dpp_network_intro_version_missing_req dpp_controller_relay_pkex
Jouni Malinen [Sun, 13 Mar 2022 09:21:00 +0000 (11:21 +0200)]
OpenSSL: Determine RSA key size without low-level routines
RSA low-level routines were deprecated in OpenSSL 3.0.
EVP_PKEY_get_bits(), or its older and more backwards compatible name
EVP_PKEY_bits() can be used here instead.
Jouni Malinen [Sun, 13 Mar 2022 08:40:06 +0000 (10:40 +0200)]
OpenSSL 3.0: Determine the prime length for an EC key group using EVP_PKEY
EVP_PKEY_get0_EC_KEY() and EC_KEY_get0_group() were deprecated in
OpenSSL 3.0. Add a version of this by determining the group without
fetching the EC_KEY itself from an EVP_PKEY.
Jouni Malinen [Sat, 12 Mar 2022 20:35:32 +0000 (22:35 +0200)]
OpenSSL: Replace EC_GROUP_get_curve_GFp() calls with EC_GROUP_get_curve()
EC_GROUP_get_curve_GFp() was deprecated in OpenSSL 3.0.
EC_GROUP_get_curve() can be used to do the exact same thing. Add a
backwards compatibility wrapper for older OpenSSL versions to be able to
use this newer function.
Jouni Malinen [Sat, 12 Mar 2022 17:00:36 +0000 (19:00 +0200)]
tests: Fix sigma_dut_cmd() processing for the return value
The first sock.recv() may return both the status,RUNNING and the
following status line if the sigma_dut process ends up being faster in
writing the result than the test script is in reading the result. This
resulted in unexpected behavior and odd error messages when parsing the
result in the test cases. Fix this by dropping the status,RUNNING line
from the result in case the buffer includes multiple lines.
Lubomir Rintel [Mon, 7 Mar 2022 08:54:46 +0000 (09:54 +0100)]
D-Bus: Add 'wep_disabled' capability
Since commit 200c7693c9a1 ('Make WEP functionality an optional build
parameter'), WEP support is optional and, indeed, off by default.
The distributions are now catching up and disabling WEP in their builds.
Unfortunately, there's no indication prior to an attempt to connect to a
WEP network that it's not going to work. Add a capability to communicate
that.
Unlike other capabilities, this one is negative. That is, it indicates
lack of a WEP support as opposed to its presence. This is necessary
because historically there has been no capability to indicate presence
of WEP support and therefore NetworkManager (and probably others) just
assumes it's there.
Nicolas Escande [Tue, 8 Mar 2022 10:22:18 +0000 (11:22 +0100)]
DFS: Don't let cac_time_left_seconds overflow
There can be some discrepancy between the theorical dfs cac end (as
computed with the cac duration and cac start) and the actual cac end as
reported by the driver. During that window, the value of remaining time
outputed by the status command on the socket control interface will
display an overflowed, invalid value.
To mitigate this lets compute the remaining time as signed and display
it only when positive, otherwise defaulting it to 0.
Status command shows something like that when polling every seconds:
The current code generates a warning when compiled by Clang, because if
we goto 'fail:', password_len can be uninitialised when we pass it in to
bin_clear_free().
Note that the actual usage is safe, because bin_clear_free() ignores
the second argument if the first argument is NULL, but it still seems
worth cleaning up.
Signed-off-by: Alasdair Mackintosh <alasdair at google.com>
ArisAachen [Fri, 11 Mar 2022 07:02:58 +0000 (15:02 +0800)]
dbus: Set CurrentAuthMode to INACTIVE only if network is not selected
CurrentAuthMode should be set as a real auth type when authentication is
in progress. wpa_supplicant has a property "State" which indicates the
authentication stage already. I think setting auth mode as "INACTIVE" in
all auth progress stages is not a good idea, because sometimes we need
to handle this connection according to the auth type even when
authentication is not complete. For example, NetworkManager may recall
ask-password-dialog when auth mode is "wpa-psk" and "sae", try next
access point when auth mode is "EAP-xx" when password is incorrect.
Since "CurrentAuthMode" is set as "INACTIVE" in all not fully completed
situations, we do not know how to handle it.
Jouni Malinen [Fri, 11 Mar 2022 17:47:30 +0000 (19:47 +0200)]
hs20-osu-client: Allow EST server to use different host name
The EST server does not have to be sharing the same host name with the
OSU server. Use the host name from the EST URL instead of the SPP server
URL when validating the EST server certificate.
Android: Compile hs20-osu-client to /vendor/bin in test builds
hs20-osu-client compilation fails on Android O onwards because of
undefined reference for __android_log_print/__android_log_vprint.
Modify hs20-osu-client's Android.mk to include liblog library and use
tag 'hs20-osu-client' in logcat logs. Additionally, compile
hs20-osu-client to /vendor/bin in non-production builds.
Jhalak Naik [Mon, 28 Feb 2022 08:06:36 +0000 (13:36 +0530)]
Add QCA vendor attributes for AFC support in external ACS
Add support for new QCA nested attributes to pass the AFC channel
information as part of the external ACS request command,
EXTERNAL_ACS_EVENT_CHAN_INFO.
Jouni Malinen [Wed, 9 Mar 2022 23:28:51 +0000 (01:28 +0200)]
tests: Fix dpp_own_config_curve_mismatch to match implementation
This test case was assuming the Configurator would change the
netAccessKey curve every time based on the protocol keys, but that is
not the case anymore, so force that change here for a negative test.
Jouni Malinen [Wed, 9 Mar 2022 23:16:29 +0000 (01:16 +0200)]
tests: Fix dpp_intro_mismatch to match implementation
This test case was assuming the Configurator would change the
netAccessKey curve every time based on the protocol keys, but that is
not the case anymore, so force that change here for a negative test.
Jouni Malinen [Wed, 9 Mar 2022 22:55:05 +0000 (00:55 +0200)]
DPP: Allow Configurator net_access_key_curve to be changed
This is mainly for testing purposes to allow a Configurator to the curve
between provisioning cases. This would not work for real deployement
cases unless every Enrollee were reconfigured.
Jouni Malinen [Wed, 9 Mar 2022 21:08:06 +0000 (23:08 +0200)]
DPP: Update Configurator to require same netAccessKey curve to be used
DPP network introduction requires all devices to use the same curve for
netAccessKey. Enforce that this happens based on hardcoding the curve
based on the first successful configuration object generation if no
explicit configuration of the curve was used.
Jouni Malinen [Wed, 9 Mar 2022 18:49:17 +0000 (20:49 +0200)]
DPP: Update Auth-I derivation operations
This is not properly defined in the technical specification and will
need to be clarified there. Change the implementation to use a design
that is more likely to be used in the cleaned up tech spec.
Jouni Malinen [Tue, 8 Mar 2022 23:06:01 +0000 (01:06 +0200)]
DPP: Curve change for netAccessKey
Allow the Configurator to be configured to use a specific curve for the
netAccessKey so that it can request the Enrollee to generate a new key
during the configuration exchange to allow a compatible Connector to be
generated when the network uses a different curve than the protocol keys
used during the authentication exchange.
Jouni Malinen [Mon, 7 Mar 2022 22:28:10 +0000 (00:28 +0200)]
DPP: Fix a memory leak on error path
The encoded CSR could have been leaked if another memory allocation were
to fail in this function. Use a shared return path to free the allocated
temporary buffers to avoid this.
Jouni Malinen [Mon, 7 Mar 2022 21:40:27 +0000 (23:40 +0200)]
DPP: Missing/invalid Protocol Version in Reconfig Auth Req
Extend dpp_test testing functionality to allow the Protocol Version
attribute to be removed or modified to invalid value in Reconfig
Authentication Request.
Mario Hros [Sat, 19 Feb 2022 20:25:30 +0000 (21:25 +0100)]
SAE: Add support for RADIUS passphrase as the SAE password
Allow the first Tunnel-Password RADIUS entry to be used for SAE in
addition to the sae_password entries and wpa_passphrase parameters from
the static configuration file.
Lorenzo Bianconi [Mon, 20 Dec 2021 15:48:18 +0000 (16:48 +0100)]
DFS: Add capability to select radar-only channels
Introduce type parameter to dfs_get_valid_channel() routine to allow
selection of a radar-only channel where the CAC detection has not been
performed yet. This is a preliminary patch to enable background
radar/CAC detection.
Tested-by: Owen Peng <owen.peng@mediatek.com> Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
build: Re-enable options for libwpa_client.so and wpa_passphrase
Commit a41a29192e5d ("build: Pull common fragments into a build.rules
file") introduced a regression into wpa_supplicant build process. The
build target libwpa_client.so is not built regardless of whether the
option CONFIG_BUILD_WPA_CLIENT_SO is set or not. This happens because
this config option is used before it is imported from the configuration
file. Moving its use after including build.rules does not help: the
variable ALL is processed by build.rules and further changes are not
applied. Similarly, option CONFIG_NO_WPA_PASSPHRASE also does not work
as expected: wpa_passphrase is always built regardless of whether the
option is set or not.
Re-enable these options by adding both build targets to _all
dependencies.
Fixes: a41a29192e5d ("build: Pull common fragments into a build.rules file") Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Jouni Malinen [Wed, 2 Mar 2022 23:24:02 +0000 (01:24 +0200)]
HE: Fix invalid length checking for HE Capability element
Do not use the first octet of the PPE Thresholds field without
explicitly confirming that that octet was included in the element.
Furthermore, allow the received element to have additional octets in the
end since IEEE Std 802.11ax-2021 defines this to be an extensible
element and new fields could be added to the end of it in the future.
Fixes: 0497e4148197 ("HE: Fix HE Capabilities element size") Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
HE: Fix calculation of the PPE Threshold field length
The previously used calculation was not correct for the cases where the
extra padding field was needed. Fix this by properly calculating the
number of full octets in the field.
Fixes: 0497e4148197 ("HE: Fix HE Capabilities element size") Signed-off-by: Shiva Sankar Gajula <quic_sgajula@quicinc.com>
Jouni Malinen [Sat, 26 Feb 2022 17:07:10 +0000 (19:07 +0200)]
tests: Fetch all event messages in wpas_ctrl_many_networks
Do not leave a large number of network added/removed events remaining
for the following test case to handle. This removes some possible
failure test case sequences like the following one:
wpas_ctrl_many_networks dbus_ap_scan_2_ap_mode_scan
Jouni Malinen [Sat, 26 Feb 2022 11:39:35 +0000 (13:39 +0200)]
Clear PSK explicitly from memory in couple more cases on deinit
Couple of the WPS/P2P/RADIUS-PSK cases were freeing heap memory
allocations without explicitly clearing the PSK value. Add such clearing
for these to avoid leaving the PSK in memory after it is not needed
anymore.
Jouni Malinen [Fri, 25 Feb 2022 20:39:54 +0000 (22:39 +0200)]
nl80211: Clear bss->freq when stopping AP mode
The current operating frequency information was already cleared when
stopping other modes, but the cases for stopping AP mode were not
covered. Clear bss->freq in wpa_driver_nl80211_del_beacon() to cover
these cases. In addition, move clearing of bss->beacon_set there to
avoid having to clear that in all callers separately.
Jouni Malinen [Fri, 25 Feb 2022 18:04:50 +0000 (20:04 +0200)]
tests: Make test cases more robust by clearing scan cache explicitly
This test cases can fail if previously executed tests leave older scan
results in cfg80211 scan table. Clear that scan table explicitly to
avoid such issues.
Ajit Vaishya [Tue, 15 Feb 2022 16:24:31 +0000 (21:54 +0530)]
Define a vendor specific NDP attribute for NAN service id
Add a NAN NDP attribute QCA_WLAN_VENDOR_ATTR_NDP_SERVICE_ID which
indicates service id with 6 bytes of length and it's derived from the
SHA-256 hash of the NAN service name. As per Wi-Fi Aware Specfication
version 3.2, this service ID is used to calculate the NAN PMK.
Jouni Malinen [Wed, 23 Feb 2022 19:58:07 +0000 (21:58 +0200)]
DPP: Clear netrole on starting chirping or reconfiguration
A previously set netrole (e.g., from DPP_LISTEN or DPP_AUTH_INIT) could
have been used in a following DPP_CHIRP or DPP_RECONFIG operation. This
could result in trying to request incorrect configuration and likely
rejection from the Configurator. Fix this by clearing the netrole when
starting these operations.
Jouni Malinen [Wed, 23 Feb 2022 19:47:10 +0000 (21:47 +0200)]
Clear wpa_s->last/current_ssid in more cases
It was possible for at least the wpa_s->last_ssid to be left pointing to
a removed network which could result in processing the following
association as a reassociation-within-an-ESS even when it was moving to
a different ESS. This could result in unexpected behavior. This was
found with the following test case sequence:
sigma_dut_ap_psk_sae_ft sae_h2e_password_id ap_wps_pk_oom sigma_dut_client_privacy
Move clearing of wpa_s->last_ssid and wpa_s->current_ssid into
wpas_notify_network_removed() to catch all cases similarily to the way
wpa_s->next_ssid was already cleared.
Jouni Malinen [Wed, 23 Feb 2022 09:16:40 +0000 (11:16 +0200)]
tests: Add a script for find a minimal failing test sequence
min-seq.py can be used to find a minimal test sequence that can be used
to reproduce test failures. This is meant for being able to process the
recently added "Failure sequence:" entries from parallel-vm.log to
reduce manual work needed to debug commonly failing test case sequences.
Jouni Malinen [Mon, 21 Feb 2022 22:24:56 +0000 (00:24 +0200)]
DPP: Stop offchannel frame TX wait on DPP_STOP_LISTEN in a corner case
The offchannel frame TX wait was stopped whenever processing
DPP_STOP_LISTEN in most cases. However, there was a corner case on the
Responder side where this operation was skipped after PKEX was completed
successful and the Authentication Request frame had not yet been
received from the Initiator.
While this does not normally cause any significant issue, this could
result in unexpected behavior especially in test cases that run multiple
DPP PKEX operations in a row since the start of a new TX operation might
get delayed while waiting for the previous TX-wait to complete.
This was found with the following test case sequence:
dpp_reconfig_retries dpp_pkex_alloc_fail
Jouni Malinen [Mon, 21 Feb 2022 16:34:42 +0000 (18:34 +0200)]
tests: Fix a test case name
The test case name ap_ft_pmf_over_ds was used for two different test
cases which resulted in only one of those being used. Fix this by using
unique test case names.
Jouni Malinen [Mon, 21 Feb 2022 16:11:25 +0000 (18:11 +0200)]
tests: Make FT-over-DS test cases more robust
Clear scan cache to avoid issues with old scan results from earlier test
cases. This caused issues like the following test case sequence failing:
rrm_beacon_req_active_ap_channels ap_ft_eap_dis_over_ds
projects / thirdparty / hostap.git / log
