6 GHz: Fix operating class in Supported Operating Classes element
Previously, the secondary channel was set only in presence of HT
capabilities based on HT40+ or HT40-. As HT capabilities and
secondary_channel are not present for the 6 GHz bamd, this causes
incorrect operating class indication in the Supported Operating Classes
element.
Fix this by assigning the secondary channel for bandwidths greater than
20 MHz in the 6 GHz band.
Jouni Malinen [Mon, 3 May 2021 17:03:28 +0000 (20:03 +0300)]
tests: Update server and user certificates (2020)
The previous versions expired, so need to re-sign these to fix number of
the EAP test cases. This contains updates from running
tests/hwsim/auth_server/update.sh.
P Praneesh [Mon, 5 Apr 2021 05:45:26 +0000 (11:15 +0530)]
hostapd: Update 160 MHz center freq calculation in 6 GHz
In the 6 GHz Operation Information field, the Channel Center Frequency
Segment 0 field indicates the channel center frequency index for
the 20 MHz, 40 MHz, 80 MHz, or 80+80 MHz channel on which the
BSS operates in the 6 GHz band. If the BSS channel width is 160 MHz
then the Channel Center Frequency Segment 0 field indicates the
channel center frequency index of the primary 80 MHz.
The Channel Center Frequency Segment 1 field indicates the channel
center frequency index of the 160 MHz channel on which the BSS operates
in the 6 GHz band or the channel center frequency of the secondary 80
MHz for the 80+80 MHz channel.
Since Channel Center Frequency Segment 1 was 0 for 160 MHz, 6 GHz STA
associated using 80 MHz. Update seg0 and seg1 fields per standard (IEEE
P802.11ax/D8.0: 9.4.2.249 HE Operation element).
Signed-off-by: P Praneesh <ppranees@codeaurora.org>
When WMM is disabled, HT/VHT/HE capabilities should not be used for any
STA. If any STA advertises these capabilities, hostapd AP disables HT
capabilities in STA flags during STA assoc, but VHT/HE was not handled
similarly. This could allow a STA to associate in VHT/HE mode even in
WMM disable case.
To avoid this, disable VHT/HE capabilities similarly to HT during STA
association, if WMM is not enabled by the STA.
nl80211: Map internal TDLS_PEER_* to NL80211_TDLS_PEER_*
Even though these enum definitions are currently identical, it is better
to explicitly map these bits to the kernel interface instead of using
the internal definition for this. This makes it much clearer that new
enum tdls_peer_capability value needs to be assigned in nl80211 before
they can be added into wpa_supplicant.
Add support to indicate TDLS peer's HE capability to driver
Indicate TDLS peer's capability to driver after processing TDLS setup
response frame. This information can be used by the driver to decide
whether to include HE operation IE in TLDS setup confirmation frame.
Kani M [Thu, 18 Feb 2021 07:25:44 +0000 (12:55 +0530)]
Fix UPDATE_BEACON processing when disabled
The hostapd process crashed when the UPDATE_BEACON control interface
command was issue after the interface was disabled. Check for this case
and return an error if the interface is disabled.
Kani M [Tue, 13 Apr 2021 04:56:47 +0000 (10:26 +0530)]
DPP2: Fix channel 6 inclusion for chirping with non-2 GHz interfaces
When the driver provides a list of supported modes, chan6 ended getting
added even if the 2.4 GHz mode was not included. This resulted in
incorrect behavior of trying to transmit on a not supported channel in
case of 5 GHz only radios.
Fix this by adding the channel 6 by default only if the driver does not
provide a list of supported modes. Whenever the supported modes are
available, only add this channel if it is explicitly listed as an
enabled channel.
Fixes: 8e5739c3ac31 ("DPP2: Check channel 6 validity before adding it to chirp channel list") Signed-off-by: Kani M <kanisumi@codeaurora.org>
Disha Das [Thu, 15 Apr 2021 13:21:06 +0000 (18:51 +0530)]
DPP2: Get DPP Relay Controller context based on hostapd callback context
Get the DPP Relay Controller context from the list of configured
Controllers based on the correct hostapd callback context. This is
needed to pick the correct hostapd interface for sending out the
response over air, e.g., when the same hostapd process controls a 2.4
GHz only and a 5 GHz only interface.
Disha Das [Thu, 11 Feb 2021 08:36:47 +0000 (14:06 +0530)]
DPP2: Close incomplete Relay connections
Add timeout to close incomplete DPP relay connections. This is needed to
avoid getting stuck with old entries that prevent new connections from
getting started.
OpenSSL: Fix compilation for version < 1.1.0 without CONFIG_ECC
When CONFIG_ECC is not defined, openssl/ec.h is not included and EC_KEY
not known. Fix be not defining EVP_PKEY_get0_EC_KEY() when CONFIG_ECC is
not defined.
Signed-off-by: Wolfgang Steinwender <wsteinwender@pcs.com>
Add helper functions for parsing RSNXE capabilities
Simplify the implementation by using shared functions for parsing the
capabilities instead of using various similar but not exactly identical
checks throughout the implementation.
SAE: Remove now unused password identifier argument from non-H2E case
IEEE Std 802.11-2020 mandates H2E to be used whenever an SAE password
identifier is used. While this was already covered in the
implementation, the sae_prepare_commit() function still included an
argument for specifying the password identifier since that was used in
an old test vector. Now that that test vector has been updated, there is
no more need for this argument anymore. Simplify the older non-H2E case
to not pass through a pointer to the (not really used) password
identifier.
Ilan Peer [Thu, 8 Apr 2021 09:06:24 +0000 (12:06 +0300)]
PASN: Change PASN flows to use SAE H2E only
Do so for both wpa_supplicant and hostapd. While this was not explicitly
required in IEEE P802.11az/D3.0, likely direction for the draft is to
start requiring use of H2E for all cases where SAE is used with PASN.
Ilan Peer [Thu, 8 Apr 2021 09:06:20 +0000 (12:06 +0300)]
PASN: Derive KDK only when required
When a PTK derivation is done as part of PASN authentication flow, a KDK
derivation should be done if and only if the higher layer protocol is
supported by both parties.
Fix the code accordingly, so KDK would be derived if and only if both
sides support Secure LTF.
Add vendor reason codes for TWT setup reject on roaming/channel switch
The firmware rejects the TWT setup request when roaming and channel
switch is in progress. Extend enum qca_wlan_vendor_twt_status to
represent new reason codes for these cases.
Sunil Dutt [Thu, 25 Mar 2021 14:17:13 +0000 (07:17 -0700)]
Set last_eapol_matches_bssid=1 on a roam+auth indication from driver
Commit 3ab35a660364 ("Extend EAPOL frames processing workaround for
roaming cases") added a work around to address the issue of EAPOL frame
reception after reassociation replied to with an incorrect destination
address (the BSSID of the old AP). This is due to association events and
EAPOL RX events being reordered for the roaming cases with drivers that
perform BSS selection internally.
This mechanism relies on the fact that the driver always forwards the
EAPOL handshake to wpa_supplicant after the roaming (sets
last_eapol_matches_bssid during the EAPOL processing and resets on the
assoc/reassoc indication).
The above approach does not address the case where the driver does the
EAPOL handshake on the roam, indicating the authorized status to
wpa_supplicant but also forwards the EAPOL handshake to wpa_supplicant
for few other roam attempts. This is because the flag
last_eapol_matches_bssid is not set with the roam+authorized event from
the driver. Thus, the next reorder of roam and EAPOL RX events would
miss this workaround.
Address this by setting last_eapol_matches_bssid=1 on a roam+authorized
event from the driver.
SAE: Increment the Sc counter before generating each Confirm
This changes the Send-Confirm value for the first SAE Confirm message to
be 1 instead of 0 for all cases to match the design shown in IEEE Std
802.11-2020, Figure 12-4 (SAE finite state machine).
Sc is defined to be "the number of SAE Confirm messages that have been
sent" which is a bit vague on whether the current frame is included in
the count or not. However, the state machine is showing inc(Sc)
operation in all cases before the "2" event to build the Confirm.
Yu Wang [Tue, 19 Jan 2021 08:28:28 +0000 (16:28 +0800)]
nl80211: Support larger number of MAC ACL entries
If the maximum size of MAC ACL entries is large enough, the
configuration message may exceed the default buffer size of a netlink
message which is allocated with nlmsg_alloc(), and result in a failure
when putting the attributes into the message.
To fix this, calculate the required buffer size of the netlink message
according to MAC ACL size and allocate a sufficiently large buffer with
nlmsg_alloc_size().
Yu Wang [Tue, 19 Jan 2021 08:28:28 +0000 (16:28 +0800)]
nl80211: Fix the size of the maximum MAC ACL size
NL80211_ATTR_MAC_ACL_MAX is a u32 attribute to advertise the maximum
number of MAC addresses that a device can support for MAC ACL. This was
incorrectly used as a u8 attribute which would not work with any values
larger than 255 or on big endian CPUs. Fix this by moving from
nla_get_u8() to nla_get_u32().
Fixes: 3c4ca36330c0 ("hostapd: Support MAC address based access control list") Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Lavanya Suresh [Tue, 16 Mar 2021 16:01:19 +0000 (21:31 +0530)]
hostapd: Enable WMM automatically when HE is configured
If WMM is not set explicitly in the configuration, it can be set based
on HT/HE config. As HE can be used without HT/VHT (which was introduced
as a special behavior for the 6 GHz band), add a similar automatic
enabling of WMM for HE without HT.
Jouni Malinen [Thu, 4 Feb 2021 22:28:17 +0000 (00:28 +0200)]
Flush pending control interface message for an interface to be removed
wpa_supplicant_ctrl_iface_deinit() was executed only if the
per-interface control interface initialization had been completed. This
is not the case if driver initialization fails and that could result in
leaving behind references to the freed wpa_s instance in a corner case
where control interface messages ended up getting queued.
Fix this by calling wpa_supplicant_ctrl_iface_deinit() in all cases to
cancel the potential eloop timeout for wpas_ctrl_msg_queue_timeout with
the reference to the wpa_s pointer. In addition, flush any pending
message from the global queue for this interface since such a message
cannot be of use after this and there is no need to leave them in the
queue until the global control interface gets deinitialized.
Jouni Malinen [Wed, 24 Mar 2021 22:30:04 +0000 (00:30 +0200)]
Fix WNM-Sleep Mode exit debug print of BIGTK
Previous debug print used IGTK instead of BIGTK, so fix that to use the
correct key. Actual generation of the BIGTK subelement itself was using
the correct key, though, so this is only needed to fix the debug print.
Jouni Malinen [Mon, 22 Mar 2021 09:29:31 +0000 (11:29 +0200)]
Allow AP mode extended capabilities to be overridden
The new hostapd configuration parameters ext_capa_mask and ext_capa can
now be used to mask out or add extended capability bits. While this is
not without CONFIG_TESTING_OPTIONS, the main use case for this is for
testing purposes.
Jouni Malinen [Mon, 22 Mar 2021 09:33:16 +0000 (11:33 +0200)]
Make hostapd_config_fill() easier to auto indent
The conditional compilation block with only the opening brace included
in two variants was messing up auto indentation in emacs. Work around
this by defining the maximum value conditionally while leave the if
block outside any conditional building rules.
Jouni Malinen [Mon, 22 Mar 2021 09:12:39 +0000 (11:12 +0200)]
Simplify extended capability determination in AP mode
There is no need to determine the exact length of the element before
filling in the octets since this function is already capable of
truncated the fields based on what the actual values are.
Ilan Peer [Sun, 21 Mar 2021 11:55:09 +0000 (13:55 +0200)]
PASN: Add support for comeback flow to wpa_supplicant
Process the received comeback cookie and retry automatically if the AP
allows this. Otherwise, provide the cookie to upper layers to allow a
later attempt with the cookie.
Jouni Malinen [Sun, 21 Mar 2021 09:47:39 +0000 (11:47 +0200)]
DPP: Fix GAS client error case handling in hostapd
The GAS client processing of the response callback for DPP did not
properly check for GAS query success. This could result in trying to
check the Advertisement Protocol information in failure cases where that
information is not available and that would have resulted in
dereferencing a NULL pointer. Fix this by checking the GAS query result
before processing with processing of the response.
This is similar to the earlier wpa_supplicant fix in commit 931f7ff65609
("DPP: Fix GAS client error case handling").
Jouni Malinen [Sat, 20 Mar 2021 14:25:50 +0000 (16:25 +0200)]
EAP-SIM/AKA: Fix check for anonymous decorated identity
eap_sim_anonymous_username() gets called with an argument that is not a
null terminated C string and as such, os_strrchr() and os_strlen()
cannot be used with it. The previous implementation resulted in use of
uninitialized values and a potential read beyond the end of the buffer.
Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32277 Fixes: 73d9891bd722 ("EAP-SIM/AKA peer: Support decorated anonymous identity prefix") Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 20 Mar 2021 14:09:19 +0000 (16:09 +0200)]
DPP: Indicate authentication success on ConfReqRX if needed (hostapd)
It is possible to receive the Configuration Request frame before having
seen TX status for the Authentication Confirm. In that sequence, the
DPP-AUTH-SUCCESS event would not be indicated before processing the
configuration step and that could confuse upper layers that follow the
details of the DPP exchange. As a workaround, indicate DPP-AUTH-SUCCESS
when receiving the Configuration Request since the Enrollee/Responser
has clearly receive the Authentication Confirm even if the TX status for
it has not been received.
This was already done in wpa_supplicant in commit 422e73d623b4 ("DPP:
Indicate authentication success on ConfReqRX if needed") and matching
changes are now added to hostapd.
Jouni Malinen [Sat, 20 Mar 2021 11:36:55 +0000 (13:36 +0200)]
Fix full EAP authentication after PMKSA cache add failure
Need to get EAP state machine into a state where it is willing to
proceed with a new EAP-Request/Identity if PMKSA cache addition fails
after a successful EAP authentication before the initial 4-way handshake
can be completed.
Jouni Malinen [Sat, 20 Mar 2021 10:17:58 +0000 (12:17 +0200)]
DPP2: Fix connection status result wait in hostapd
The waiting_conn_status_result flag was not set which made hostapd
discard the Connection Status Result. Fix this to match the
wpa_supplicant implementation.
Jouni Malinen [Fri, 19 Mar 2021 22:22:28 +0000 (00:22 +0200)]
tests: hostapd airtime policy configuration
Add minimal testing for airtime policy configuration. mac80211_hwsim
does not actually support this functionality, so this is just for
testing coverage of src/ap/airtime_policy.c.
Introduce reason code for TWT teardown due to concurrency
The firmware sends new reason codes to indicate TWT teardown due to
single channel and multi channel concurrency. Update the enum
qca_wlan_vendor_twt_status to represent new reason code.
Jouni Malinen [Fri, 19 Mar 2021 18:54:16 +0000 (20:54 +0200)]
tests: Make FT roaming and data connectivity checks more robust
Dump pending monitor interface messages between each roaming step to
make the test log easier to understand and hostapd wait for the new
connection more robust by ensuring that the processed event if for the
very last reassociation. It looks like at least ap_ft_vlan_over_ds_many
could fail due to the connectivity check being started before the final
roam had been completed on the AP side even though there was an explicit
hapd2ap.wait_sta() wait before the test.
Matthew Wang [Tue, 16 Mar 2021 20:19:55 +0000 (13:19 -0700)]
tests: Check update misbehaving MBO AP test to include roam
APs PMF capabilities can differ. wpa_supplicant should be able to
disable and enable MBO when roaming to and from a misbehaving MBO AP
that doesn't support PMF. Verify that this is indeed happening.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
Jouni Malinen [Wed, 17 Mar 2021 21:38:26 +0000 (23:38 +0200)]
tests: Fix eap_proto_eke_errors with gcc-10
gcc-10 seems to be inlining eap_eke_prf() and eap_eke_prfplus() which
breaks this test case due to a different backtrace being generated for
triggering the local failures. Point to the functions called by those
instead of these two functions to get this working with both gcc-9 and
gcc-10.
Jouni Malinen [Wed, 17 Mar 2021 21:36:52 +0000 (23:36 +0200)]
tests: Speed up tshark operations
Hide /usr/share/wireshark from hostfs to prevent tshark from loading all
the data from there since that can take significant amount of time and
is not really needed for the test cases. In addition, set HOME to point
to local tmpfs to avoid unnecessary references through hostfs.
Ilan Peer [Mon, 15 Mar 2021 12:57:12 +0000 (14:57 +0200)]
PASN: Add support for deauthentication flow in station
The new wpa_supplicant control interface command "PASN_DEAUTH
bssid=<BSSID>" can now be used to flush the local PTKSA cache for the
specified BSS and to notify the AP to request it to drop its PTKSA as
well.
Ilan Peer [Mon, 15 Mar 2021 12:57:11 +0000 (14:57 +0200)]
nl80211: Allow sending Deauthentication frame with off channel for PASN
To allow for a PASN station to deauthenticate from an AP to clear any
PTKSA cache entry for it, extend the nl80211 interface to allow sending
a Deauthentication frame with off channel enabled.
Ilan Peer [Mon, 15 Mar 2021 12:57:05 +0000 (14:57 +0200)]
AP: Rename SAE anti clogging variables and functions
PASN authentication mandates support for comeback flow, which
among others can be used for anti-clogging purposes.
As the SAE support for anti clogging can also be used for PASN,
start modifying the source code so the anti clogging support
can be used for both SAE and PASN.
As a start, rename some variables/functions etc. so that they would not
be SAE specific. The configuration variable is also renamed, but the old
version remains available for backwards compatibility.
projects / thirdparty / hostap.git / log
