Commit message (Collapse)AuthorAgeFilesLines
* nl80211: Configure PMKSA lifetime and reauth threshold timer to driverHEADpendingmasterVeerendranath Jakkam14 hours8-7/+24
| | | | | | | | | | Drivers that trigger roaming need to know the lifetime and reauth threshold time of configured PMKSA so that they can trigger full authentication to avoid unnecessary disconnection. To support this, send dot11RSNAConfigPMKLifetime and dot11RSNAConfigPMKReauthThreshold values configured in wpa_supplicant to the driver while configuring a PMKSA. Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
* Sync with mac80211-next.git include/uapi/linux/nl80211.hJouni Malinen14 hours1-2/+169
| | | | | | This brings in nl80211 definitions as of 2020-02-20. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: DPP PFSJouni Malinen14 hours2-1/+62
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Allow station to require or not allow PFSJouni Malinen14 hours9-2/+68
| | | | | | | | | | | | | | | | | | | | The new wpa_supplicant network profile parameter dpp_pfs can be used to specify how PFS is applied to associations. The default behavior (dpp_pfs=0) remains same as it was previously, i.e., try to use PFS if the AP supports it. PFS use can now be required (dpp_pfs=1) or disabled (dpp_pfs=2). This is also working around an interoperability issue of DPP R2 STA with certain hostapd builds that included both OWE and DPP functionality. That issue was introduced by commit 09368515d130 ("OWE: Process Diffie-Hellman Parameter element in AP mode") and removed by commit 16a4e931f03e ("OWE: Allow Diffie-Hellman Parameter element to be included with DPP"). hostapd builds between those two commits would reject DPP association attempt with PFS. The new wpa_supplicant default (dpp_pfs=0) behavior is to automatically try to connect again with PFS disabled if that happens. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Allow AP to require or reject PFSJouni Malinen19 hours8-1/+41
| | | | | | | | | | The new hostapd configuration parameter dpp_pfs can be used to specify how PFS is applied to associations. The default behavior (dpp_pfs=0) remains same as it was previously, i.e., allow the station to decide whether to use PFS. PFS use can now be required (dpp_pfs=1) or rejected (dpp_pfs=2). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Return an enum from wpa_validate_wpa_ie()Jouni Malinen19 hours4-52/+94
| | | | | | | This is more specific then returning a generic int and also allows the compiler to do more checks. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* hostapd: Add HE bit in BSSID Information field of own Neighbor ReportSathishkumar Muruganandam31 hours2-1/+4
| | | | | | | Add definition for HE bit in neighbor report BSSID Information field from IEEE P802.11ax/D6.0, Neighbor Report element. Signed-off-by: Sathishkumar Muruganandam <murugana@codeaurora.org>
* tests: Skip background scans in beacon loss testsJouni Malinen34 hours1-2/+3
| | | | | | | | | bgscan_learn_beacon_loss was failing quite frequently and it looks like the background scans were related to those failures. Since those scans are not really relevant to testing beacon loss, get rid of them in these test cases to avoid incorrect failures. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: dpp_controller_rx_failure to match implementation changesJouni Malinen35 hours1-1/+1
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Use a helper function for encapsulating TCP messageJouni Malinen35 hours1-104/+37
| | | | | | | This functionality was repeated for multiple different frames. Use a shared helper function to avoid such duplication. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: DPP chirpingJouni Malinen35 hours2-6/+156
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Presence Announcement processing in ControllerJouni Malinen35 hours1-0/+73
| | | | | | | | Process the received Presence Announcement frames in Controller. If a matching bootstrapping entry for the peer is found, initiate DPP authentication to complete provisioning of the Enrollee. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Presence Announcement processing in AP/RelayJouni Malinen35 hours2-2/+78
| | | | | | | | | Process the received Presence Announcement frames in AP/Relay. If a matching bootstrapping entry for the peer is found in a local Configurator, that Configurator is used. Otherwise, the frame is relayed to the first configured Controller (if available). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Presence Announcement processing at ConfiguratorJouni Malinen35 hours3-1/+98
| | | | | | | | Process received Presence Announcement frames and initiate Authentication exchange if matching information is available on the Configurator. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Configurator Connectivity indicationJouni Malinen35 hours6-0/+45
| | | | | | | | Add a new hostapd configuration parameter dpp_configurator_connectivity=1 to request Configurator connectivity to be advertised for chirping Enrollees. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Chirping in wpa_supplicant EnrolleeJouni Malinen35 hours7-0/+307
| | | | | | | | Add a new wpa_supplicant control interface command "DPP_CHIRP own=<BI ID> iter=<count>" to request chirping, i.e., sending of Presence Announcement frames, to be started. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Add a helper function for building Presence Announcement frameJouni Malinen38 hours2-23/+50
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: New identifier definitionsJouni Malinen38 hours3-0/+16
| | | | | | | Add new identifier definitions for presence announcement, reconfiguration, and certificate enrollment. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP: Add DPP_BOOTSTRAP_SET commandJouni Malinen38 hours4-0/+30
| | | | | | | | "DPP_BOOTSTRAP_SET <ID> <configurator parameters..>" can now be used to set peer specific configurator parameters which will override any global parameters from dpp_configurator_params. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP: Allow per-peer configurator parameters to be setJouni Malinen38 hours2-1/+12
| | | | | | | | | This is a more convenient way of addressing cases where a Configurator/Controller may store a large number of peer bootstrapping information instances and may need to manage different configuration parameters for each peer while operating as the Responder. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP: Store global pointers in struct dpp_authenticationJouni Malinen38 hours4-36/+37
| | | | | | | | Set the global pointer and msg_ctx when allocating struct dpp_authentication instead of needing to pass these to dpp_set_configurator(). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Fix a typo in function documentationJouni Malinen43 hours1-1/+1
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Update STA flags to the driver immediately on disconnectionJouni Malinen3 days4-2/+10
| | | | | | | | | | | | hostapd (and wpa_supplicant in AP mode) was internally updating the STA flags on disconnection cases to remove authorization and association. However, some cases did not result in immediate update of the driver STA entry. Update all such cases to send out the update to the driver as well to reduce risk of race conditions where new frames might be accepted for TX or RX after the port authorization or association has been lost and configured keys are removed. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: Use frame injection in monitor_iface_unknown_staJouni Malinen3 days1-3/+16
| | | | | | | | The previously used normal data TX depends on undefined driver behavior after all keys have been removed. That may not be available, so do this more properly with frame injection through a monitor interface. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: sigma_dut controlled AP and transition disabled indicationJouni Malinen3 days1-0/+26
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: sigma_dut controlled AP and beacon protectionJouni Malinen3 days2-1/+37
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: sigma_dut controlled STA and beacon protectionJouni Malinen3 days2-49/+85
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: Add forgotten step to ap_wpa3_eap_transition_disableJouni Malinen3 days1-0/+5
| | | | | | | This was supposed to be included, but was forgotten in an editor window with pending changes.. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* STA: Fix wpa_clear_keys() PTK key deletion logicAlexander Wetzel3 days1-1/+1
| | | | | | | We have to delete PTK keys when either BIT(0) or BIT(15) are zero and not only when both are zero. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
* AP: Fix Extended Key ID parameter checkAlexander Wetzel3 days1-2/+2
| | | | | | Check the new variable to be set instead the current setting. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
* tests: Transition disableJouni Malinen3 days4-0/+165
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* wpa_supplicant AP mode configuration for Transition Disable KDEJouni Malinen3 days4-0/+24
| | | | | | | Allow AP mode network profile in wpa_supplicant to be configured to advertise Transition Disable DKE. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Process Transition Disable KDE in station modeJouni Malinen3 days7-0/+95
| | | | | | | | | Check whether the Transition Disable KDE is received from an authenticated AP and if so, whether it contains valid indication for disabling a transition mode. If that is the case, update the local network profile by removing the less secure options. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Allow hostapd AP to advertise Transition Disable KDEJouni Malinen3 days6-3/+45
| | | | | | | | | The new hostapd configuration parameter transition_disable can now be used to configure the AP to advertise that use of a transition mode is disabled. This allows stations to automatically disable transition mode by disabling less secure network profile parameters. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Transition Disable KDE definitionsJouni Malinen3 days1-0/+7
| | | | | | | Define the OUI Type and bitmap values for Transition Disable KDE. These will be shared by both the AP and STA implementations. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Add addition CFR capture type to filter all NDPA NDP framesWu Gao4 days1-0/+2
| | | | | | | | Add QCA_WLAN_VENDOR_CFR_NDPA_NDP_ALL in enum qca_wlan_vendor_cfr_capture_type. This capture type requests all NDPA NDP frames to be filtered. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Change CFR attributes from required to optionalWu Gao4 days1-9/+9
| | | | | | | Some CFR attributes are used frequently with conditions, so change them from required to optional. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Add ACS support for 60 GHz channel bondingNoam Shaked4 days5-5/+19
| | | | | | | | | hostapd will trigger EDMG auto channel selection by setting QCA_WLAN_VENDOR_ATTR_ACS_EDMG_ENABLED. The 60 GHz driver will be called to start an auto channel selection and will return the primary channel and the EDMG channel. Signed-off-by: Noam Shaked <nshaked@codeaurora.org>
* tests: sigma_dut sta_scan ShortSSIDJouni Malinen5 days1-0/+28
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* nl80211: Fix offloaded ACS regression for the 60 GHz bandNoam Shaked5 days1-17/+54
| | | | | | | | | | Addition of chan_2ghz_or_5ghz_to_freq() broke 60 GHz ACS, because it assumes reported ACS channel is on either 2.4 or 5 GHz band. Fix this by converting chan_2ghz_or_5ghz_to_freq() to a more generic chan_to_freq(). The new function uses hw_mode to support 60 GHz. Fixes: 41cac481a889 ("ACS: Use frequency params in ACS (offload) completed event interface") Signed-off-by: Noam Shaked <nshaked@codeaurora.org>
* HE: Add HE support to hostapd_set_freq_params()John Crispin6 days1-11/+60
| | | | | | | | | The parameters that need to be applied are symmetric to those of VHT, however the validation code needs to be tweaked to check the HE capabilities. Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com> Signed-off-by: John Crispin <john@phrozen.org>
* wlantest: Check for zero TK even when the real PTK is not knownJouni Malinen6 days1-4/+19
| | | | | | | This makes it easier to analyze certain encryption issues. Also print out an error at the default INFO debug verbosity with the frame number. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Extend vendor attributes to support enhanced CFR captureWu Gao6 days1-30/+193
| | | | | | | | | | Enhanced channel frequency response supports capturing of channel status information based on RX. Define previous CFR as version 1 and enhanced CFR as version 2. If target supports both versions, two versions can't be enabled at same time. Extend attributes for enhanced CFR capture in enum qca_wlan_vendor_peer_cfr_capture_attr. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Add QCA vendor attributes for ACS over EDMG (IEEE 802.11ay)Noam Shaked6 days1-0/+11
| | | | | | | QCA_WLAN_VENDOR_ATTR_ACS_EDMG_ENABLED, conduct ACS for EDMG. QCA_WLAN_VENDOR_ATTR_ACS_EDMG_CHANNEL, return the EDMG channel. Signed-off-by: Noam Shaked <nshaked@codeaurora.org>
* tests: Extended Key IDJouni Malinen6 days4-5/+148
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Allow last configured Key ID for TK to be fetched from wpa_supplicantJouni Malinen6 days1-0/+2
| | | | | | | "GET last_tk_key_idx" can now be used in testing build to determine which was the last configured Key ID for the pairwise key. Signed-off-by: Jouni Malinen <j@w1.fi>
* Use a shared helper function for RSN supplicant capabilitiesJouni Malinen6 days3-22/+20
| | | | | | | Avoid practically copy-pasted code for determining local RSN capabilities. Signed-off-by: Jouni Malinen <j@w1.fi>
* STA: Support Extended Key IDAlexander Wetzel6 days17-18/+222
| | | | | | | | | | | Support Extended Key ID in wpa_supplicant according to IEEE Std 802.11-2016 for infrastructure (AP) associations. Extended Key ID allows to rekey pairwise keys without the otherwise unavoidable MPDU losses on a busy link. The standard is fully backward compatible, allowing STAs to also connect to APs not supporting it. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
* AP: Support Extended Key IDAlexander Wetzel6 days10-12/+130
| | | | | | | | | | | Support Extended Key ID in hostapd according to IEEE Std 802.11-2016. Extended Key ID allows to rekey pairwise keys without the otherwise unavoidable MPDU losses on a busy link. The standard is fully backward compatible, allowing an AP to serve STAs with and without Extended Key ID support in the same BSS. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
* tests: Fix bgscan_learn_beacon_loss with REPORTS_TX_ACK_STATUSJouni Malinen6 days1-3/+11
| | | | | | | | | | | | | | | | Stopping the AP from beaconing will also stop it from acknowledging frames and that resulted in bgscan_learn_beacon_loss failing when mac80211_hwsim is registering REPORTS_TX_ACK_STATUS. Work around this by moving to using PMF so that the station ignores the unprotected deauthentiation frames from the AP and also disabling SA Query. This allows the AP to be stopped and restarted with large enough Beacon interval to allow the station to detect beacon loss. This is identical to the earlier design change for bgscan_simple_beacon_loss (somehow this bgscan_learn_beacon_loss test case managed to pass at that time). Signed-off-by: Jouni Malinen <j@w1.fi>