Will Huang [Mon, 28 Aug 2023 02:30:16 +0000 (08:00 +0530)]
Add QCA vendor attribute for configuring max A-MPDU aggregation count
Add a QCA vendor attribute QCA_WLAN_VENDOR_ATTR_CONFIG_PEER_AMPDU_CNT to
enable configuration of TX maximum aggregate size with a specific peer.
This can be used to improve performance in noisy environment. In AP
mode, the peer MAC address of the associated STA is specified with
QCA_WLAN_VENDOR_ATTR_CONFIG_PEER_MAC.
Signed-off-by: Will Huang <quic_wilhuang@quicinc.com>
Will Huang [Mon, 28 Aug 2023 02:15:56 +0000 (07:45 +0530)]
Change QCA vendor configure attribution name of peer MAC address
Rename the attribute QCA_WLAN_VENDOR_ATTR_CONFIG_RX_BLOCKSIZE_PEER_MAC
to a generic name QCA_WLAN_VENDOR_ATTR_CONFIG_PEER_MAC, so other
configuration commands can reuse it. And make backward compatibility of
QCA_WLAN_VENDOR_ATTR_CONFIG_RX_BLOCKSIZE_PEER_MAC, define it as same
value of QCA_WLAN_VENDOR_ATTR_CONFIG_PEER_MAC (35).
Signed-off-by: Will Huang <quic_wilhuang@quicinc.com>
Nijun Gong [Mon, 10 Jul 2023 13:19:29 +0000 (21:19 +0800)]
Update hw_mode when CSA finishes
The driver might decide to change the operating band on its own, e.g.,
when trying to use a single channel in AP + AP case. A CSA event will be
notified to hostapd to update the channel/frequency, but hw_mode did not
get updated accordingly.
This may cause hostapd interface restarting to fail, e.g., with control
interface DISABLE / ENABLE commands at configured_fixed_chan_to_freq(),
because of the mismatch between conf->channel and conf->hw_mode.
Update hw_mode right after channel change to fix this.
Send actual MFP configuration when driver takes care of BSS selection
Send the actual MFP configuration value to the driver instead of
overriding it with MFP required based on the wpa_supplicant selected BSS
when the driver takes care of BSS selection.
This is needed to allow the driver to know whether it can select an MFP
disabled BSS.
SCS: Add support for optional QoS Charateristics parameters
Per IEEE P802.11be/D4.0, 9.4.2.316 (QoS Characteristics element), enable
support for the following optional QoS Characteristics parameters:
- Maximum MSDU Size
- Service Start Time
- Service Start Time LinkID
- Mean Data Rate
- Delayed Bounded Burst Size
- MSDU Lifetime
- MSDU Delivery Info
- Medium Time
SCS: Add support for QoS Characteristics in SCS request
Add support to configure the mandatory QoS Characteristics parameters
per IEEE P802.11be/D4.0, 9.4.2.316 (QoS Characteristics element), in SCS
request:
- Minimum Service Interval
- Maximum Service Interval
- Minimum Data Rate
- Delay Bound
Enable STA SCS traffic descriptor support for EHT connection when the
connected EHT AP advertises SCS traffic descriptor capability in the EHT
Capabilities element.
Add Non EHT SCS Capability in (Re)Association Request frames
Set WFA capability to allow non-EHT SCS Traffic support in association
elements when the AP advertises support for non-EHT SCS Traffic support
via Beacon or Probe Response frame. This capability is upper layer
functionality and as such, does not need a separate driver capability
indication or configuration, but indicate this only if the AP supports
the feature to minimize risk of interoperability issues with a new
information element.
Jouni Malinen [Mon, 28 Aug 2023 09:16:42 +0000 (12:16 +0300)]
wlantest: Store and check SNonce/ANonce for FT Authentication
Store SNonce and ANonce from FT Authentication frames during FT
over-the-air so that these values are available for processing the FT
reassociation frames.
Jouni Malinen [Fri, 25 Aug 2023 19:08:44 +0000 (22:08 +0300)]
Calculate defragmented FTE length during IE parsing
Get rid of the warning about unrecognized Fragment element when FTE is
fragmented and make the total length of the FTE itself and the following
Fragment elements available. For now, use a separate variable for the
total length to avoid confusing existing callers.
Jouni Malinen [Fri, 25 Aug 2023 16:34:44 +0000 (19:34 +0300)]
Fix use of defragmented FTE information
The FTE parser itself used valid data, but the reassembled buffer was
available only during the parser run. That buffer will be needed for the
caller as well since most of the parsed data is used as pointers instead
of copied data.
Store the reassembled buffer in struct wpa_ft_ies and require
wpa_ft_parse_ies() callers to use wpa_ft_parse_ies_free() to free any
possibly allocated temporary data after wpa_ft_parse_ies() calls that
return success (0).
Fixes: 43b5f11d969a ("Defragmentation of FTE") Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Jouni Malinen [Fri, 25 Aug 2023 08:34:14 +0000 (11:34 +0300)]
Decrement hmac_sha*_vector() maximum num_elem value to 11
This replaces the earlier commit 4c079dcc64da ("Increment
hmac_sha*_vector() maximum num_elem value to 25") with a smaller
increment of just one extra element since the updated FTE MIC
calculation design does not use separate elements. This reduces stack
memory need. In addition, this starts using a define value for the
maximum number of vector elements to make this easier to change and to
make the code more readable.
Jouni Malinen [Fri, 25 Aug 2023 08:28:44 +0000 (11:28 +0300)]
FT: Make FTE MIC calculation more flexible
Generate the "extra" data buffer outside wpa_ft_mic() to make this
function easier to share for MLO FT Reassociation Response frame. This
replaces the earlier design in commit e6f64a8e1daf ("FT: FTE MIC
calculation for MLO Reassociation Request frame").
Jouni Malinen [Thu, 24 Aug 2023 15:00:31 +0000 (18:00 +0300)]
wlantest: FTE MIC calculation for MLO Reassociation Request frames
SPA (FTO's MAC address) and AA (FTR's MAC address) are the MLD MAC
addresses when using MLO and the Reassociation Request frame will also
include the non-AP STA MAC addresses for the requested links.
Jouni Malinen [Thu, 24 Aug 2023 14:58:25 +0000 (17:58 +0300)]
FT: FTE MIC calculation for MLO Reassociation Request frame
Extend wpa_ft_mic() to take in an array of link addresses to allow the
FTE MIC to be calculated for Reassociation Request frame as described in
IEEE P802.11be/D4.0, 13.8.4. This commit does not change actual
behavior, i.e., this is just preparing wpa_ft_mic() and the existing
callers with a new argument.
Jouni Malinen [Thu, 24 Aug 2023 14:34:37 +0000 (17:34 +0300)]
wlantest: Learn link address for assoc link from (Re)Association Request
Store the non-AP MLD link address of the link that is used for
association when processing (Re)Association Request frames. This is
needed to get the full set of link addresses when 4-way handshake is not
used (e.g., for FT protocol).
Use STA address indicated in FT Request/Response frames instead of
transmit or receive addresses for creating/finding STA instance.
For MLO to MLO roaming:
1. STA may use different link compared to FT Action frames negotiated
links.
2. STA may reassociate with target AP MLD with different set of
links compared to links connected to current AP MLD.
So create STA with MLD MAC address and attach to one of the BSS
affiliated with target AP MLD. Update link address of the STA and BSS
during processing of the Reassociation Request frame.
wlantest: Derive PMK-R1 and PTK using AA/SPA for MLO FT over-the-DS
Use AP and STA addresses indicated in FT Request/Response frames for
PMK-R1 and PTK derivation instead of the addresses in the BSS and STA
entries. This is needed for MLO to use the MLD MAC address instead of
one of the link addresses.
Yu Wang [Fri, 11 Aug 2023 03:45:50 +0000 (20:45 -0700)]
Add a QCA vendor sub command for transmit latency statistics
Add a new QCA vendor sub command QCA_NL80211_VENDOR_SUBCMD_TX_LATENCY to
configure, retrieve, and report per-link transmit latency statistics.
When used as a command, userspace configures transmit latency monitoring
and get the corresponding statistics of the last period. When used as a
command response, driver replies the get action from userspace with the
statistics of the last period. When used as an event, driver reports the
statistics periodically.
Nijun Gong [Tue, 11 Jul 2023 13:21:21 +0000 (21:21 +0800)]
Update iface->current_mode when fetching new hw_features
When a CHANNEL_LIST_CHANGED event is received, memory of
iface->hw_features is freed and allocated again with
hostapd_get_hw_features(), but iface->current_mode still refer to the
original memory address, which is not correct since that memory has been
freed. This could happen in cases where the driver provides channel list
updates during the lifetime of the started BSS.
Fix this by updated iface->current_mode to point to the new array of hw
features.
Fixes: 0837863fbc62 ("AP: Handle 6 GHz AP state machine with NO_IR flags") Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Jouni Malinen [Tue, 22 Aug 2023 16:46:44 +0000 (19:46 +0300)]
tests: Make sae_proto_hostapd_status_* more robust
The first MGMT-TX-STATUS event might be for the initial broadcast
Deauthentication frame instead of the SAE Authentication frame. Skip the
first event and try to process TX status for the first Authentication
frame instead.
Typecasting takes precedence over division here, so the legacy rates
larger than 255 * 100 kbps (i.e., 36, 48, 54 Mbps) ended up getting
truncated to invalid values.
Fix this by typecasting the value after the division.
Jouni Malinen [Fri, 18 Aug 2023 18:00:45 +0000 (21:00 +0300)]
Fix hostapd interface cleanup with multiple interfaces
interfaces.iface[i] might be NULL when going through the cleanup of all
remaining interfaces at the end of the process termination. The changes
for clearing drv_priv in AP MLD cause that cleanup process to crash on
dereferencing a NULL pointer.
Fix this by explicitly checking that the interface context is available
before trying to clear the pointer to driver data.
Fixes: 7fa99b3246d1 ("AP: Allow starting multiple interfaces within single MLD") Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Jouni Malinen [Fri, 18 Aug 2023 17:40:12 +0000 (20:40 +0300)]
P2P: Do not filter pref_freq_list if the driver does not provide one
wpa_drv_get_pref_freq_list() may fail and the 6 GHz channel removal
should not be done unless the operation actually succeeded. The previous
implementation ended up processing uninitialized data. This did not
really result in any observable misbehavior since the result was not
used, but this showed up as a failed test case when running tests with
valgrind.
Fixes: f0cdacacb356 ("P2P: Allow connection on 6 GHz channels if requested") Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Xin Deng [Tue, 11 Jul 2023 06:18:38 +0000 (23:18 -0700)]
P2P: Clean wpa_s->last_ssid when removing a temporary group network
wpa_supplicant could crash due to dereferencing freed memory in a corner
case. When a reestablished P2P GO group gets removed because the
hardware mode is not supported when switching from 2.4 to 5 GHz. Group
removal in wpas_p2p_group_delete() forget to clean wpa_s->last_ssid due
to the missing wpas_notify_network_removed() call before removing the
network with wpa_config_remove_network().
That could cause a crash when flushing old BSSs which age out in
wpa_bss_flush_by_age() which uses wpa_s->last_ssid in some cases.
Fix this by invoking wpas_notify_network_removed() to clean
wpa_s->last_ssid when removing a temporary P2P group network.
Define QCA vendor attribute for high RSSI roam trigger threshold
Define an attribute for high RSSI roam trigger threshold. STA is
expected to trigger roam if the current connected AP's RSSI gets above
this high RSSI threshold. STA's roam attempt on high RSSI threshold aims
to find candidates from other better Wi-Fi bands.
Ke Huang [Tue, 20 Jun 2023 08:03:34 +0000 (16:03 +0800)]
Define QCA vendor roam control RSSI attributes
Add three vendor roam control attributes to configure the roaming
parameters dynamically.
QCA_ATTR_ROAM_CONTROL_CONNECTED_LOW_RSSI_THRESHOLD controls the
connected AP's low RSSI threshold to trigger the neighbor lookup.
QCA_ATTR_ROAM_CONTROL_CANDIDATE_ROAM_RSSI_DIFF and
QCA_ATTR_ROAM_CONTROL_6GHZ_CANDIDATE_ROAM_RSSI_DIFF control the RSSI
difference threshold between the connected AP and the new candidate AP
for the roam to trigger.
Extend QCA vendor command to include more parameters for netdev events
Extend enum qca_wlan_vendor_attr_mlo_peer_prim_netdev_event to add MLD
MAC address, the number of links, and link info. Link info contains
ifindex and MAC address of each link of a non-AP MLD that was negotiated
in ML association.
Chunquan Luo [Tue, 8 Aug 2023 06:51:50 +0000 (23:51 -0700)]
QCA vendor attributes for updating roaming AP BSSID info
Add vendor attribute IDs QCA_WLAN_VENDOR_ATTR_ROAM_STATS_ORIGINAL_BSSID,
QCA_WLAN_VENDOR_ATTR_ROAM_STATS_CANDIDATE_BSSID, and
QCA_WLAN_VENDOR_ATTR_ROAM_STATS_ROAMED_BSSID for updating roaming AP
BSSID to user space to enable user space collecting the BSSID for
roaming issues.
Signed-off-by: Chunquan Luo <quic_chunquan@quicinc.com>
EHT: Support puncturing for 320 MHz channel bandwidth
Determine the channel width by operating class for the 6 GHz band when
validating puncturing bitmap. This is needed to allow puncturing to be
used with 320 MHz channels.
Jouni Malinen [Fri, 11 Aug 2023 17:35:34 +0000 (20:35 +0300)]
wlantest: Guess SAE/OWE group from EAPOL-Key length mismatch
The MIC length depends on the negotiated group when SAE-EXT-KEY or OWE
key_mgmt is used. wlantest can determine the group if the capture file
includes the group negotiation, i.e., the initial association when a PMK
was created. However, if the capture file includes only an association
using PMKSA caching, the group information is not available. This can
result in inability to be able to process the EAPOL-Key frames (e.g.,
with the "Truncated EAPOL-Key from" message).
If the negotiated group is not known and an EAPOL-Key frame length does
not seem to match the default expectations for group 19, check whether
the alternative lengths for group 20 or 21 would result in a frame that
seems to have valid length. If so, update the STA entry with the guessed
group and continue processing the EAPOL-Key frames based on this.
Ilan Peer [Tue, 25 Jul 2023 07:16:57 +0000 (12:46 +0530)]
AP: Add configuration option to specify the desired MLD address
Add mld_addr configuration option to set the MLD MAC address.
The already existing bssid configuration option can be used to
control the AP MLD's link addresses.
Signed-off-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com> Signed-off-by: Manaswini Paluri <quic_mpaluri@quicinc.com>
Michael Lee [Thu, 27 Jul 2023 08:29:22 +0000 (16:29 +0800)]
wpa_supplicant: Fix configuration parsing error for tx_queue_*
In the original flow, after hostapd_config_tx_queue() successfully
parses a tx_queue variable, wpa_config_process_global() would not return
immediately. Then it would print out "unknown global field" later and set
return val to -1.
Return success (0) after hostapd_config_tx_queue() successfully parses a
tx_queue variable to fix this.
Fixes: 790026c3daa2 ("Allow TX queue parameters to be configured for wpa_supplicant AP/P2P GO") Signed-off-by: Michael Lee <michael-cy.lee@mediatek.com>
Felix Fietkau [Mon, 7 Aug 2023 19:59:47 +0000 (21:59 +0200)]
BSS coloring: Fix CCA with multiple BSS
Pass bss->ctx instead of drv->ctx in order to avoid multiple reports for
the first bss. The first report would otherwise clear hapd->cca_color and
subsequent reports would cause the iface bss color to be set to 0.
In order to avoid any issues with cancellations, only overwrite the color
based on hapd->cca_color if it was actually set.
Fixes: 33c4dd26cd11 ("BSS coloring: Handle the collision and CCA events coming from the kernel") Signed-off-by: Felix Fietkau <nbd@nbd.name>
Henry Ptasinski [Thu, 13 Jul 2023 13:29:32 +0000 (15:29 +0200)]
Fix CCMP test vector issues
Commit b20991da6936a1baae9f2239ee127610a6f5335d introduced errors in
the order of arguments to the calls of ccmp_decrypt() and
ccmp_256_decrypt(). Correct the order of arguments.
Fixes: b20991da6936 ("wlantest: MLD MAC Address in CCMP/GCMP AAD/nonce") Signed-off-by: Henry Ptasinski <henry@e78com.com>
Chien Wong [Sun, 6 Aug 2023 15:15:48 +0000 (23:15 +0800)]
Fix a compiler warning on prototype mismatch
Fix the warning:
wpa_supplicant.c:2257:5: warning: conflicting types for
‘wpas_update_random_addr’ due to enum/integer mismatch; have ‘int(struct
wpa_supplicant *, enum wpas_mac_addr_style, struct wpa_ssid *)’
[-Wenum-int-mismatch]
 2257 | int wpas_update_random_addr(struct wpa_supplicant *wpa_s,
     |    ^~~~~~~~~~~~~~~~~~~~~~~
In file included from wpa_supplicant.c:32:
wpa_supplicant_i.h:1653:5: note: previous declaration of
‘wpas_update_random_addr’ with type ‘int(struct wpa_supplicant *, int,Â
struct wpa_ssid *)’
 1653 | int wpas_update_random_addr(struct wpa_supplicant *wpa_s, int
style,
     |    ^~~~~~~~~~~~~~~~~~~~~~~
Fixes: 1d4027fdbef2 ("Make random MAC address style parameters use common enum values") Signed-off-by: Chien Wong <m@xv97.com>
Jouni Malinen [Thu, 10 Aug 2023 18:17:40 +0000 (21:17 +0300)]
Fix writing of BIGTK in FT protocol
A copy-paste issue in wpa_ft_bigtk_subelem() ended up encoding the IGTK
value instead of the BIGTK when providing the current BIGTK to the STA
during FT protocol. Fix this to use the correct key to avoid issues when
beacon protection is used with FT.
Fixes: 16889aff408e ("Add BIGTK KDE and subelement similarly to IGTK") Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
QCA vendor extension is used for NDP setup. This defines the new
attributes QCA_WLAN_VENDOR_ATTR_NDP_CSIA_CAPABILITIES and
QCA_WLAN_VENDOR_ATTR_NDP_GTK_REQUIRED to support GTKSA, IGTKSA, and
BIGTKSA for NDP setup.
Jouni Malinen [Thu, 10 Aug 2023 08:34:41 +0000 (11:34 +0300)]
wlantest: Use the MLD MAC address as well for matching STA entries
Allow either a link address or the MLD MAC address of a non-AP MLD to
match the MAC address that is being used to identify a source or
destination of a frame for the MLO cases.
Jouni Malinen [Thu, 10 Aug 2023 08:31:26 +0000 (11:31 +0300)]
wlantest: Use MLO search for the STA in reassociation
FT over-the-DS might have created the new STA entry on another
affiliated BSS during the FT Request/Response exchange, so use a wider
search to locate the correct STA entry when processing the Reassociation
Request/Response frames.
Jouni Malinen [Thu, 10 Aug 2023 08:27:21 +0000 (11:27 +0300)]
wlantest: Learn non-AP MLD MAC address from (Re)Association Request frames
Use the Basic Multi-Link element in (Re)Association Request frames to
learn the non-AP MLD MAC address instead of having to wait until this
address is included in an EAPOL-Key frame. This is needed for FT
protocol (where 4-way handshake is not used) and it is also convenient
to have the MLD MAC address available as soon as possible to be able to
decrypt frames and even to recognize some special AP vs. STA cases when
either the BSSID or the AP MLD MAC address might be used.
Jouni Malinen [Thu, 10 Aug 2023 08:22:47 +0000 (11:22 +0300)]
wlantest: Recognize non-AP MLD based on any link address for decryption
Compare A1 against all the link addresses of a non-AP MLD when
determining whether a Data frame is from the non-AP MLD or the AP MLD
during a decryption attempt.
Jouni Malinen [Thu, 10 Aug 2023 08:18:57 +0000 (11:18 +0300)]
wlantest: Find non-AP MLD only from affiliated BSSs of the AP MLD
Make sta_find_mlo() more accurate by searching a non-AP MLD only from
the affialiated BSSs of the AP MLD instead of from any BSS. This might
help in some roaming cases where both the old and the new AP MLD have
their affiliated links in the BSS table.
Jouni Malinen [Thu, 10 Aug 2023 07:57:07 +0000 (10:57 +0300)]
wlantest: Learn AP MLD MAC address from Beacon frames
Use the Basic Multi-Link element in Beacon frames (and Probe Response
frames for that matter) to learn the AP MLD MAC address instead of
having to wait until this address is included in an EAPOL-Key frame.
This is needed for FT protocol (where 4-way handshake is not used) and
it is also convenient to have the MLD MAC address available as soon as
possible to be able to decrypt frames and even to recognize some special
AP vs. STA cases when either the BSSID or the AP MLD MAC address might
be used.
Jouni Malinen [Tue, 8 Aug 2023 10:32:32 +0000 (13:32 +0300)]
FTE protected element check for MLO Reassociation Response frame
The set of protected elements in the FTE in Reassociation Response frame
is different for MLO. Count RSNE and RSNXE separately for each link.
This implementation uses the number of links for which a GTK was
provided which does not fully match the standard ("requested link") and
a more accurate implementation is likely needed, but that will require
some more complexity and state information.
Jouni Malinen [Tue, 8 Aug 2023 09:37:39 +0000 (12:37 +0300)]
Defragmentation of FTE
Defragment the FTE if it was fragmented. This is needed for MLO when the
FTE in Reassociation Response frame might be longer than 255 octets to
include all the group keys for all the links.
Jouni Malinen [Tue, 8 Aug 2023 08:00:42 +0000 (11:00 +0300)]
wlantest: Support multiple input files
Allow the -r<file> command line argument to be used multiple times to
read more than a single capture file for processing. This reduces need
for external tools to be used first to merge capture files for wlantest.
Jouni Malinen [Tue, 8 Aug 2023 07:30:10 +0000 (10:30 +0300)]
wlantest: Handle variable length MIC field in EAPOL-Key with OWE
The Key MIC field is of variable length when using OWE, so determine the
correct length based on which group was negotiated for OWE during
association.
Manaswini Paluri [Thu, 22 Jun 2023 08:49:36 +0000 (14:19 +0530)]
nl80211: Skip STA MLO link channel switch handling in AP mode
Add check to skip the STA mode specific MLO link channel switch handling
in AP mode. Commit 1b6f3b5850a7 ("MLD STA: Indicate per link channel
switch") added this indication only for STA mode.
Set RRM used config if the (Re)Association Request frame has RRM IE
Set the sme RRM used config if the RRM element is present in the
(Re)Association Request frame sent in association event to cover the
cases where the driver SME takes care of negotiating RRM capabilities.
Vishal Miskin [Tue, 27 Jun 2023 14:13:36 +0000 (19:43 +0530)]
Add QCA vendor attributes for user defined power save parameters
Extend QCA_WLAN_VENDOR_ATTR_CONFIG_OPTIMIZED_POWER_MANAGEMENT
attribute to support enum qca_wlan_vendor_opm_mode.
Add QCA vendor attribute QCA_WLAN_VENDOR_ATTR_CONFIG_OPM_ITO and
QCA_WLAN_VENDOR_ATTR_CONFIG_OPM_SPEC_WAKE to configure inactivity
timeout and speculative wake interval in User defined optimized
power save mode.
Verify that the operation succeeds before a debug print indicating that
it did. This was already done in most callers, so be more consistent and
do it here as well.
The second argument to memset() is only eight bits, so there is no point
in trying to set 0xffff values for an array of 16-bit fields. 0xff will
do the exact same thing without causing static analyzes warnings about
truncated value.
Fixes: 903e3a1e6259 ("FILS: Fix maximum NSS calculation for FD frame") Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Check the ieee802_11_parse_elems() return code and do not proceed in
various cases if parsing failed. Previously, these cases would have been
allowed to continue by ignoring whatever might have followed in the IE
buffer after the first detected parsing failure. This is not really an
issue in practice, but it feels cleaner to explicitly stop when
receiving an invalid set of IEs.
Optimize the search for nonzero octets when checking for the need to
work around WPS M1 padding. The previous implementation was really
inefficient (O(n^2)) and while that was likely sufficiently fast for the
cases where the MMPDU size limit prevents long buffers (e.g., all P2P
Action frames), it might be able to take tens of seconds on low-end CPUs
with maximum length EAP-WSC messages during WPS provisioning. More
visibly, this was causing OSS-Fuzz to time out a test case with
unrealisticly long data (i.e., almost 10 times the maximum EAP-WSC
buffer length).
Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60039 Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Allow the phase2_auth=2 parameter (in phase1 configuration item) to be
used with EAP-TTLS to require Phase 2 authentication. In practice, this
disables TLS session resumption since EAP-TTLS is defined to skip Phase
2 when resuming a session.
The previous PEAP client behavior allowed the server to skip Phase 2
authentication with the expectation that the server was authenticated
during Phase 1 through TLS server certificate validation. Various PEAP
specifications are not exactly clear on what the behavior on this front
is supposed to be and as such, this ended up being more flexible than
the TTLS/FAST/TEAP cases. However, this is not really ideal when
unfortunately common misconfiguration of PEAP is used in deployed
devices where the server trust root (ca_cert) is not configured or the
user has an easy option for allowing this validation step to be skipped.
Change the default PEAP client behavior to be to require Phase 2
authentication to be successfully completed for cases where TLS session
resumption is not used and the client certificate has not been
configured. Those two exceptions are the main cases where a deployed
authentication server might skip Phase 2 and as such, where a more
strict default behavior could result in undesired interoperability
issues. Requiring Phase 2 authentication will end up disabling TLS
session resumption automatically to avoid interoperability issues.
Allow Phase 2 authentication behavior to be configured with a new phase1
configuration parameter option:
'phase2_auth' option can be used to control Phase 2 (i.e., within TLS
tunnel) behavior for PEAP:
* 0 = do not require Phase 2 authentication
* 1 = require Phase 2 authentication when client certificate
(private_key/client_cert) is no used and TLS session resumption was
not used (default)
* 2 = require Phase 2 authentication in all cases
Jouni Malinen [Thu, 22 Jun 2023 19:44:51 +0000 (22:44 +0300)]
wlantest: Support HT Control field in Robust Management frames
Check the +HTC bit in FC to determine if the HT Control field is present
when decrypting Robust Management frames. This was already done for QoS
Data frames, but the Management frame case had not been extended to
cover this option.
Add support to configure per-MLO link maximum supported channel width
Update documentation of the QCA_WLAN_VENDOR_ATTR_CONFIG_CHANNEL_WIDTH
and QCA_WLAN_VENDOR_ATTR_CONFIG_CHAN_WIDTH_UPDATE_TYPE attributes to
indicate support for per-MLO link configuration.
Add QCA vendor interface to support per-MLO link configurations
Add support for per-MLO link configurations in
QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION and
QCA_NL80211_VENDOR_SUBCMD_GET_WIFI_CONFIGURATION commands.
Additionally, add documentation for
QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION and
QCA_NL80211_VENDOR_SUBCMD_GET_WIFI_CONFIGURATION commands.
nl80211: Always return NL_SKIP from survey dump handler
Previously, NL_STOP was returned from the survey dump handler if the
maximum number of frequencies was reached for storing survey
information, but this is causing wpa_supplicant context getting stuck if
the current SKB returned by the kernel itself ends with NLMSG_DONE type
message. This is due to libnl immediately stopping processing the
current SKB upon receiving NL_STOP and not being able to process
NLMSG_DONE type message, and due to this wpa_supplicant's
finish_handler() not getting called. Fix this by returning NL_SKIP
instead while still ignoring all possible additional frequencies.
projects / thirdparty / hostap.git / log
