path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* P2P: Fix listen state machine getting stuck in send_action() scheduled caseHu Wang9 days1-0/+1
| | | | | | | | | | | | | | | | | | | | | | | Commit 947b5a1532f9 ("P2P: Stop listen state if Action frame TX is needed on another channel") added an optimization for P2P response transmission in certain concurrent operation cases. However, it did not take into account possibility of the driver not being in listen state (p2p->drv_in_listen == 0) and could end up getting stuck with the P2P state machine in a manner that made the device not listen for following messages. This showed up in following manner in the debug log: P2P: Starting short listen state (state=SEARCH) P2P: Driver ended Listen state (freq=2437) process received frame and send a response P2P: Stop listen on 0 MHz to allow a frame to be sent immediately on 2437 MHz P2P: Clear timeout (state=SEARCH) --> state machine stuck Fix this by adding drv_in_listen > 0 condition for the optimization to stop the listen operation in send_action() resulting in scheduled TX. Fixes: 947b5a1532f9 ("P2P: Stop listen state if Action frame TX is needed on another channel") Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* hostapd: Update DFS status in VHT80+80 modeLei Wang12 days1-0/+11
| | | | | | | | | | | Update center frequency and center frequency2's DFS channel status in VHT80+80 mode. Otherwise it will cause AP failed to start on a DFS channel. Tested: qca9984 with firmware ver 10.4-3.10-00047 Signed-off-by: Rick Wu <rwu@codeaurora.org> Signed-off-by: Lei Wang <leiwa@codeaurora.org>
* Fix status code in SAE/DPP association PMKID mismatch (driver-AP-SME)Jouni Malinen14 days1-0/+3
| | | | | | | | | | | | | | | | | | | wpa_validate_wpa_ie() was already extended to cover these cases with WPA_INVALID_PMKID return value, but hostapd_notif_assoc() did not have code for mapping this into the appropriate status code (STATUS_INVALID_PMKID) and ended up using the default (WLAN_STATUS_INVALID_IE) instead. This caused AP SME-in-driver cases returning incorrect status code when the AP did not have a matching PMKSA cache entry. This could result in unexpected station behavior where the station could continue trying to use a PMKSA cache entry that the AP does not have and not being able to recover this. Fix this by adding the previously missed mapping of validation errors to status/reason codes. Fixes: 567da5bbd027 ("DPP: Add new AKM") Fixes: 458d8984de1d ("SAE: Reject request with mismatching PMKID (no PMKSA cache entry)") Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Fix a typo in a commentJouni Malinen2019-11-061-1/+1
| | | | | | Spell NULL correctly. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Move ownership of MAC address randomization mask to scan paramsEric Caruso2019-10-271-1/+1
| | | | | | | | | This array can be freed either from the scan parameters or from clearing the MAC address randomization parameters from the wpa_supplicant struct. To make this ownership more clear, we have each struct own its own copy of the parameters. Signed-off-by: Eric Caruso <ejcaruso@chromium.org>
* JSON: Fix escaping of characters that have MSB=1 with signed charJouni Malinen2019-10-271-1/+1
| | | | | | | The "\\u%04x" printf string did not really work in the correct way if char is signed. Fix this by type casting this to unsigned char. Signed-off-by: Jouni Malinen <j@w1.fi>
* nl80211: Indicate SUITE_B_192 capa only when CCMP-256/GCMP-256 supportedMikael Kanstrup2019-10-271-1/+4
| | | | | | | | | | | | | | SUITE_B_192 AKM capability was indicated for all devices using the nl80211 driver (without the QCA vendor specific AKM capability indication). However, some devices can't handle Suite B 192 due to insufficient ciphers supported. Add a check for CCMP-256 or GCMP-256 cipher support and only indicate SUITE_B_192 capability when such cipher is supported. This allows compiling with CONFIG_SUITEB192 and still get proper response to the 'GET_CAPABILITY key_mgmt' command. Under Android it can also serve as a dynamic way for HAL to query platform for WPA3-Enterprise 192-bit support. Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sony.com>
* nl80211: Add STA node details in AP through QCA vendor subcommandShiva Sankar Gajula2019-10-255-3/+52
| | | | | | | | Addi STA node details in AP through QCA vendor subcommand QCA_NL80211_VENDOR_SUBCMD_ADD_STA_NODE vendor when processing FT protocol roaming. Signed-off-by: Shiva Sankar Gajula <sgajula@codeaurora.org>
* Add QCA vendor cmd for setting BT coex chain modeYu Wang2019-10-251-0/+43
| | | | | | | | | | | | | To config BT coex chain mode, add a new QCA sub command QCA_NL80211_VENDOR_SUBCMD_BTC_CHAIN_MODE. This new command has two attributes: 1. QCA_VENDOR_ATTR_COEX_BTC_CHAIN_MODE: u32 attribute. Indicates the BT coex chain mode, are 32-bit values from enum qca_btc_chain_mode. 2. QCA_VENDOR_ATTR_COEX_BTC_CHAIN_MODE_RESTART: flag attribute. If set, vdev should be restarted once BT coex chain mode is updated. Signed-off-by: Yu Wang <yyuwang@codeaurora.org>
* Extend QCA OEM data vendor subcmd to allow use as an eventAshish Kumar Dhanotiya2019-10-251-8/+11
| | | | | | | | | | The QCA_NL80211_VENDOR_SUBCMD_OEM_DATA command was previously defined only to pass data blobs from user space to kernel (application to firmware) but there was no mechanism to send the data blobs from firmware to application. Extend this to define use of the same subcommand and attributes as vendor events. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Determine H2E vs. looping when restarting SAE auth in AP modeJouni Malinen2019-10-251-10/+20
| | | | | | | | | | | | | | | | | If hostapd had existing STA SAE state, e.g., from a previously completed SAE authentication, a new start of a separate SAE authentication (i.e., receiving of a new SAE commit) ended up using some of the previous state. This is problematic for determining whether to H2E vs. looping since the STA is allowed (even if not really expected to) to change between these two alternatives. This could result in trying to use H2E when STA was using looping to derive PWE and that would result in SAE confirm failing. Fix this by determining whether to use H2E or looping for the restarted authentication based on the Status Code in the new SAE commit message instead of previously cached state information. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* crypto: Remove unused crypto_bignum_sqrtmod()Jouni Malinen2019-10-253-41/+0
| | | | | | | | This wrapper function is not used anymore, so drop it instead of trying to figure out good way of implementing it in constant time with various crypto libraries. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Drop sqrt() alternative from SSWU (H2E)Jouni Malinen2019-10-251-13/+10
| | | | | | | | | | Remove support for performing full sqrt(), i.e., only support curves that use prime with p = 3 mod 4. In practice, this drops only group 26 with SAE H2E. This seems acceptable since there does not seem to be any strong use case for that group taken into account the limits being placed on acceptable prime lengths. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* common: Fix same expression checked twice in fils_key_auth_sk()Jesus Fernandez Manzano2019-10-251-2/+2
| | | | Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.net>
* HE: Add 11ax info to ap mode ctrl iface STATUS commandPradeep Kumar Chitrapu2019-10-252-1/+18
| | | | Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
* Fix AP Extended Capability length determinationJouni Malinen2019-10-251-4/+12
| | | | | | | | | The IE minimum length determination in hostapd_eid_ext_capab() was not fully up to date with the hostapd_ext_capab_byte() conditions. This could result in omitting some of the capability octets depending on configuration. Fix this by adding the missing conditions. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* P2P: Continue listening next request if no post-PD operationsJimmy Chen2019-10-251-2/+8
| | | | | | | | If there are no post-provision discovery operations, we should continue in find mode to avoid getting the p2p_find operation stopped (stuck in SEARCH state) unexpectedly. Signed-off-by: Jimmy Chen <jimmycmchen@google.com>
* FT-SAE: Add RSNXE into FT MICJouni Malinen2019-10-184-5/+62
| | | | | | | Protect RSNXE, if present, in FT Reassociation Request/Response frames. This is needed for SAE H2E with FT. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Add RSNXE into (Re)Association Response framesJouni Malinen2019-10-184-0/+26
| | | | | | | Add the new RSNXE into (Re)Association Response frames if any of the capability bits is nonzero. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Merge wpa_supplicant and hostapd EAPOL-Key KDE parsersJouni Malinen2019-10-186-496/+317
| | | | | | | | Use a single struct definition and a single shared implementation for parsing EAPOL-Key KDEs and IEs instead of maintaining more or less identical functionality separately for wpa_supplicant and hostapd. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Verify that STA negotiated H2E if it claims to support itJouni Malinen2019-10-182-0/+26
| | | | | | | If a STA indicates support for SAE H2E in RSNXE and H2E is enabled in the AP configuration, require H2E to be used. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* RSN: Verify RSNXE match between (Re)AssocReq and EAPOL-Key msg 2/4Jouni Malinen2019-10-171-0/+16
| | | | | | | | If the STA advertises RSN Extension element, it has to be advertised consistently in the unprotected ((Re)Association Request) and protected (EAPOL-Key msg 2/4) frames. Verify that this is the case. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Add RSNXE into AP KDE parserJouni Malinen2019-10-172-0/+5
| | | | | | This is needed for SAE hash-to-element implementation. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Store a copy of Association Request RSNXE in AP mode for later useJouni Malinen2019-10-176-1/+27
| | | | | | | This is needed to be able to compare the received RSNXE to a protected version in EAPOL-Key msg 2/4. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Add RSNXE in Association Request and EAPOL-Key msg 2/4Jouni Malinen2019-10-175-26/+137
| | | | | | | | | Add the new RSNXE into (Re)Association Request frames and EAPOL-Key msg 2/4 when using SAE with hash-to-element mechanism enabled. This allows the AP to verify that there was no downgrade attack when both PWE derivation mechanisms are enabled. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Add RSNXE into IE parserJouni Malinen2019-10-172-0/+6
| | | | | | This is needed for SAE hash-to-element implementation. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* WPS: Check SHA256 result successJouni Malinen2019-10-152-7/+11
| | | | | | | These functions can fail in theory, so verify they succeeded before comparing the hash values. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* QCA vendor command for adding a STA nodeShiva Sankar Gajula2019-10-151-0/+24
| | | | | | | | | | | | Add a QCA vendor subcommand QCA_NL80211_VENDOR_SUBCMD_ADD_STA_NODE with attributes qca_wlan_vendor_attr_add_sta_node_params to add STA peer entries in AP mode. This vendor sub command is used in FT roaming scenario to send STA node information from application/service to driver/firmware. The attributes defined in enum qca_wlan_vendor_attr_add_sta_node_params are used to deliver the parameters. Signed-off-by: Shiva Sankar Gajula <sgajula@codeaurora.org>
* Add a new QCA vendor attribute to carry device info for OEM dataSubrat Dash2019-10-151-1/+24
| | | | | | | | | | The OEM data binary blobs from application/service will be routed to the appropriate device based on this attribute value. This optional attribute is used to specify whether the device type is virtual or physical. This attribute can be omitted when the command is for a virtual device. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* QCA vendor attributes to indicate BW-based agile spectral capabilityEdayilliam Jayadev2019-10-151-1/+11
| | | | | | | | Some chipsets don't have the capability to run agile spectral scan with 160/80+80 MHz modes. Add separate agile spectral scanning capability flags for 160, 80+80, and non-160 MHz modes to cover such cases. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* nl80211: Allow external auth based on SAE/FT-SAE key mgmtSunil Dutt2019-10-151-2/+4
| | | | | | | | | | | | | | In the SME-in-driver case, wpa_supplicant used only the selected SAE auth_alg value as the trigger for enabling external authentication support for SAE. This prevented the driver from falling back to full SAE authentication if PMKSA caching was attempted (Open auth_alg selected) and the cached PMKID had been dropped. Enable external auth based on SAE/FT-SAE key_mgmt, rather than doing this based on SAE auth_alg, so that the driver can go through full SAE authentication in cases where PMKSA caching is attempted and it fails. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* FST: Update FST about MAC address changeDedy Lansky2019-10-152-0/+16
| | | | | | | Notify FST module upon MAC address change. FST module will update the Multiband IE accordingly. Signed-off-by: Dedy Lansky <dlansky@codeaurora.org>
* AP: Publish only HE capabilities and operation IEs on 6 GHz bandAndrei Otcheretianski2019-10-158-8/+47
| | | | | | | | | | | When operating on the 6 GHz band, add 6 GHz Operation Information inside the HE Operation element and don't publish HT/VHT IEs. Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com> - Replace HOSTAPD_MODE_IEEE80211AX mode checks with is_6ghz_op_class() Signed-off-by: Vamsi Krishna <vamsin@codeaurora.org>
* AP: Add initial support for 6 GHz bandAndrei Otcheretianski2019-10-153-0/+120
| | | | | | | | | | | | | | | Add support for new hardware mode for 6 GHz band. 6 GHz operation is defined in IEEE P802.11ax/D4.3. 6 GHz band adds global operating classes 131-135 that define channels in frequency range from 5940 MHz to 7105 MHz. Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com> - Remove HOSTAPD_MODE_IEEE80211AX mode - Replace check for HOSTAPD_MODE_IEEE80211AX with is_6ghz_freq() - Move center_idx_to_bw_6ghz() to ieee802_11_common.c file Signed-off-by: Vamsi Krishna <vamsin@codeaurora.org>
* AP: Add op_class config item to specify 6 GHz channels uniquelyLiangwei Dong2019-10-152-0/+7
| | | | | | | | | | Add hostapd config option "op_class" for fixed channel selection along with existing "channel" option. "op_class" and "channel" config options together can specify channels across 2.4 GHz, 5 GHz, and 6 GHz bands uniquely. Signed-off-by: Liangwei Dong <liangwei@codeaurora.org> Signed-off-by: Vamsi Krishna <vamsin@codeaurora.org>
* SAE: Check that peer's rejected groups are not enabled in APJouni Malinen2019-10-151-0/+53
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: H2E version of SAE commit message handling for APJouni Malinen2019-10-151-13/+43
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Derive H2E PT in AP when starting the APJouni Malinen2019-10-152-0/+50
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* RSN: Verify RSNXE match between Beacon/ProbeResp and EAPOL-Key msg 3/4Jouni Malinen2019-10-155-2/+60
| | | | | | | | If the AP advertises RSN Extension element, it has to be advertised consistently in the unprotected (Beacon and Probe Response) and protected (EAPOL-Key msg 3/4) frames. Verify that this is the case. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Advertise Extended RSN Capabilities when H2E is enabledJouni Malinen2019-10-152-0/+26
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Advertise BSS membership selector for H2E-only caseJouni Malinen2019-10-151-0/+15
| | | | | | | | If hostapd is configured to enable only the hash-to-element version of SAE PWE derivation (sae_pwe=1), advertise BSS membership selector to indicate this. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Add sae_pwe configuration parameter for hostapdJouni Malinen2019-10-153-0/+3
| | | | | | | | This parameter can be used to specify which PWE derivation mechanism(s) is enabled. This commit is only introducing the new parameter; actual use of it will be address in separate commits. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: Module test for SAE hash-to-element crypto routinesJouni Malinen2019-10-151-0/+124
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Add Rejected Groups element into H2E CommitJouni Malinen2019-10-152-1/+11
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Hash algorithm selection for H2E KCK/CN()Jouni Malinen2019-10-152-34/+113
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Implement hash-to-element PT/PWE crypto routinesJouni Malinen2019-10-152-3/+827
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Parse Rejected Groups element from H2E SAE commitJouni Malinen2019-10-142-12/+67
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Tell sae_parse_commit() whether H2E is usedJouni Malinen2019-10-144-4/+7
| | | | | | This will be needed to help parsing the received SAE commit. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: H2E protocol definesJouni Malinen2019-10-142-0/+10
| | | | | | | These are the defined values/identifiers for SAE hash-to-element mechanism from IEEE P802.11-REVmd/D3.0. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* wolfSSL: Fix crypto_bignum_sub()Jouni Malinen2019-10-141-1/+1
| | | | | | | | | The initial crypto wrapper implementation for wolfSSL seems to have included a copy-paste error in crypto_bignum_sub() implementation that was identical to crypto_bignum_add() while mp_sub() should have been used instead of mp_add(). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>