aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* nl80211: Configure PMKSA lifetime and reauth threshold timer to driverHEADpendingmasterVeerendranath Jakkam16 hours6-5/+18
| | | | | | | | | | Drivers that trigger roaming need to know the lifetime and reauth threshold time of configured PMKSA so that they can trigger full authentication to avoid unnecessary disconnection. To support this, send dot11RSNAConfigPMKLifetime and dot11RSNAConfigPMKReauthThreshold values configured in wpa_supplicant to the driver while configuring a PMKSA. Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
* Sync with mac80211-next.git include/uapi/linux/nl80211.hJouni Malinen16 hours1-2/+169
| | | | | | This brings in nl80211 definitions as of 2020-02-20. Signed-off-by: Jouni Malinen <j@w1.fi>
* DPP2: Allow AP to require or reject PFSJouni Malinen21 hours6-1/+25
| | | | | | | | | | The new hostapd configuration parameter dpp_pfs can be used to specify how PFS is applied to associations. The default behavior (dpp_pfs=0) remains same as it was previously, i.e., allow the station to decide whether to use PFS. PFS use can now be required (dpp_pfs=1) or rejected (dpp_pfs=2). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Return an enum from wpa_validate_wpa_ie()Jouni Malinen21 hours4-52/+94
| | | | | | | This is more specific then returning a generic int and also allows the compiler to do more checks. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* hostapd: Add HE bit in BSSID Information field of own Neighbor ReportSathishkumar Muruganandam34 hours2-1/+4
| | | | | | | Add definition for HE bit in neighbor report BSSID Information field from IEEE P802.11ax/D6.0, 9.4.2.36 Neighbor Report element. Signed-off-by: Sathishkumar Muruganandam <murugana@codeaurora.org>
* DPP2: Use a helper function for encapsulating TCP messageJouni Malinen38 hours1-104/+37
| | | | | | | This functionality was repeated for multiple different frames. Use a shared helper function to avoid such duplication. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Presence Announcement processing in ControllerJouni Malinen38 hours1-0/+73
| | | | | | | | Process the received Presence Announcement frames in Controller. If a matching bootstrapping entry for the peer is found, initiate DPP authentication to complete provisioning of the Enrollee. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Presence Announcement processing in AP/RelayJouni Malinen38 hours2-2/+78
| | | | | | | | | Process the received Presence Announcement frames in AP/Relay. If a matching bootstrapping entry for the peer is found in a local Configurator, that Configurator is used. Otherwise, the frame is relayed to the first configured Controller (if available). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Presence Announcement processing at ConfiguratorJouni Malinen38 hours2-1/+33
| | | | | | | | Process received Presence Announcement frames and initiate Authentication exchange if matching information is available on the Configurator. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Configurator Connectivity indicationJouni Malinen38 hours4-0/+38
| | | | | | | | Add a new hostapd configuration parameter dpp_configurator_connectivity=1 to request Configurator connectivity to be advertised for chirping Enrollees. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Chirping in wpa_supplicant EnrolleeJouni Malinen38 hours3-0/+8
| | | | | | | | Add a new wpa_supplicant control interface command "DPP_CHIRP own=<BI ID> iter=<count>" to request chirping, i.e., sending of Presence Announcement frames, to be started. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Add a helper function for building Presence Announcement frameJouni Malinen40 hours2-23/+50
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: New identifier definitionsJouni Malinen40 hours3-0/+16
| | | | | | | Add new identifier definitions for presence announcement, reconfiguration, and certificate enrollment. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP: Add DPP_BOOTSTRAP_SET commandJouni Malinen40 hours2-0/+21
| | | | | | | | "DPP_BOOTSTRAP_SET <ID> <configurator parameters..>" can now be used to set peer specific configurator parameters which will override any global parameters from dpp_configurator_params. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP: Allow per-peer configurator parameters to be setJouni Malinen40 hours2-1/+12
| | | | | | | | | This is a more convenient way of addressing cases where a Configurator/Controller may store a large number of peer bootstrapping information instances and may need to manage different configuration parameters for each peer while operating as the Responder. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP: Store global pointers in struct dpp_authenticationJouni Malinen40 hours3-29/+29
| | | | | | | | Set the global pointer and msg_ctx when allocating struct dpp_authentication instead of needing to pass these to dpp_set_configurator(). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Update STA flags to the driver immediately on disconnectionJouni Malinen3 days4-2/+10
| | | | | | | | | | | | hostapd (and wpa_supplicant in AP mode) was internally updating the STA flags on disconnection cases to remove authorization and association. However, some cases did not result in immediate update of the driver STA entry. Update all such cases to send out the update to the driver as well to reduce risk of race conditions where new frames might be accepted for TX or RX after the port authorization or association has been lost and configured keys are removed. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Process Transition Disable KDE in station modeJouni Malinen3 days6-0/+27
| | | | | | | | | Check whether the Transition Disable KDE is received from an authenticated AP and if so, whether it contains valid indication for disabling a transition mode. If that is the case, update the local network profile by removing the less secure options. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Allow hostapd AP to advertise Transition Disable KDEJouni Malinen3 days4-3/+26
| | | | | | | | | The new hostapd configuration parameter transition_disable can now be used to configure the AP to advertise that use of a transition mode is disabled. This allows stations to automatically disable transition mode by disabling less secure network profile parameters. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Transition Disable KDE definitionsJouni Malinen3 days1-0/+7
| | | | | | | Define the OUI Type and bitmap values for Transition Disable KDE. These will be shared by both the AP and STA implementations. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Add addition CFR capture type to filter all NDPA NDP framesWu Gao4 days1-0/+2
| | | | | | | | Add QCA_WLAN_VENDOR_CFR_NDPA_NDP_ALL in enum qca_wlan_vendor_cfr_capture_type. This capture type requests all NDPA NDP frames to be filtered. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Change CFR attributes from required to optionalWu Gao4 days1-9/+9
| | | | | | | Some CFR attributes are used frequently with conditions, so change them from required to optional. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Add ACS support for 60 GHz channel bondingNoam Shaked4 days5-5/+19
| | | | | | | | | hostapd will trigger EDMG auto channel selection by setting QCA_WLAN_VENDOR_ATTR_ACS_EDMG_ENABLED. The 60 GHz driver will be called to start an auto channel selection and will return the primary channel and the EDMG channel. Signed-off-by: Noam Shaked <nshaked@codeaurora.org>
* nl80211: Fix offloaded ACS regression for the 60 GHz bandNoam Shaked5 days1-17/+54
| | | | | | | | | | Addition of chan_2ghz_or_5ghz_to_freq() broke 60 GHz ACS, because it assumes reported ACS channel is on either 2.4 or 5 GHz band. Fix this by converting chan_2ghz_or_5ghz_to_freq() to a more generic chan_to_freq(). The new function uses hw_mode to support 60 GHz. Fixes: 41cac481a889 ("ACS: Use frequency params in ACS (offload) completed event interface") Signed-off-by: Noam Shaked <nshaked@codeaurora.org>
* HE: Add HE support to hostapd_set_freq_params()John Crispin6 days1-11/+60
| | | | | | | | | The parameters that need to be applied are symmetric to those of VHT, however the validation code needs to be tweaked to check the HE capabilities. Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com> Signed-off-by: John Crispin <john@phrozen.org>
* Extend vendor attributes to support enhanced CFR captureWu Gao6 days1-30/+193
| | | | | | | | | | Enhanced channel frequency response supports capturing of channel status information based on RX. Define previous CFR as version 1 and enhanced CFR as version 2. If target supports both versions, two versions can't be enabled at same time. Extend attributes for enhanced CFR capture in enum qca_wlan_vendor_peer_cfr_capture_attr. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Add QCA vendor attributes for ACS over EDMG (IEEE 802.11ay)Noam Shaked6 days1-0/+11
| | | | | | | QCA_WLAN_VENDOR_ATTR_ACS_EDMG_ENABLED, conduct ACS for EDMG. QCA_WLAN_VENDOR_ATTR_ACS_EDMG_CHANNEL, return the EDMG channel. Signed-off-by: Noam Shaked <nshaked@codeaurora.org>
* Use a shared helper function for RSN supplicant capabilitiesJouni Malinen6 days3-22/+20
| | | | | | | Avoid practically copy-pasted code for determining local RSN capabilities. Signed-off-by: Jouni Malinen <j@w1.fi>
* STA: Support Extended Key IDAlexander Wetzel6 days5-8/+131
| | | | | | | | | | | Support Extended Key ID in wpa_supplicant according to IEEE Std 802.11-2016 for infrastructure (AP) associations. Extended Key ID allows to rekey pairwise keys without the otherwise unavoidable MPDU losses on a busy link. The standard is fully backward compatible, allowing STAs to also connect to APs not supporting it. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
* AP: Support Extended Key IDAlexander Wetzel6 days7-12/+101
| | | | | | | | | | | Support Extended Key ID in hostapd according to IEEE Std 802.11-2016. Extended Key ID allows to rekey pairwise keys without the otherwise unavoidable MPDU losses on a busy link. The standard is fully backward compatible, allowing an AP to serve STAs with and without Extended Key ID support in the same BSS. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
* Convert int_array to use size_t instead of int as the lengthJouni Malinen7 days3-15/+15
| | | | | | | This extends this to allow longer lists with LP32 data model to avoid limit of 16-bit int. Signed-off-by: Jouni Malinen <j@w1.fi>
* Limit freq_range_list_parse() result to UINT_MAX entriesJouni Malinen7 days1-0/+4
| | | | | | | This addresses a theoretical integer overflow with configuration parameters with 16-bit int. Signed-off-by: Jouni Malinen <j@w1.fi>
* loop: Use size_t for eloop.countJouni Malinen7 days1-8/+9
| | | | | | | | This is more consistent with the other eloop registrations and avoids a theoretical integer overflow with 16-bit int should more than 32767 sockets/signals/events be registered. Signed-off-by: Jouni Malinen <j@w1.fi>
* eloop: Use size_t for socket table->countJouni Malinen7 days1-10/+14
| | | | | | | | This is more consistent with the other eloop registrations and avoids a theoretical integer overflow with 16-bit int should more than 32767 sockets be registered (which is not really going to happen in practice). Signed-off-by: Jouni Malinen <j@w1.fi>
* hs20-osu-client: Use size_t for certificate componentsJouni Malinen7 days1-3/+3
| | | | | | | | This avoids a theoretical integer overflow with 16-bit unsigned int should a certificate be encoded with more that 65535 friendly names or icons. Signed-off-by: Jouni Malinen <j@w1.fi>
* eloop: Use size_t for signal_countJouni Malinen7 days2-7/+7
| | | | | | | | This is more consistent with the other eloop registrations and avoids a theoretical integer overflow with 16-bit int (not that there would ever be more that 32767 signal handlers getting registered). Signed-off-by: Jouni Malinen <j@w1.fi>
* Limit maximum number of pending SA QueriesJouni Malinen7 days1-0/+2
| | | | | | | | There is no point in starting a huge number of pending SA Queries, so limit the number of pending queries to 1000 to have an explicit limit for how large sa_query_count can grow. Signed-off-by: Jouni Malinen <j@w1.fi>
* RADIUS: Use size_t instead of int for message attributesJouni Malinen7 days1-1/+1
| | | | | | | While RADIUS messages are limited to 4 kB, use size_t to avoid even a theoretical overflow issue with 16-bit int. Signed-off-by: Jouni Malinen <j@w1.fi>
* nl80211: Fix RTM NEW/DELLINK IFLA_IFNAME copy for maximum ifname lengthOuden8 days1-2/+2
| | | | | | | | | | | | | If the kernel rtm_newlink or rtm_dellink send the maximum length of ifname (IFNAMSIZ), the event handlers in wpa_driver_nl80211_event_rtm_addlink() and wpa_driver_nl80211_event_rtm_dellink() did not copy the IFLA_IFNAME value. Because the RTA_PAYLOAD (IFLA_IFNAME) length already includes the NULL termination, that equals the IFNAMSIZ. Fix the condition when IFNAME reach maximum size. Signed-off-by: Ouden <Ouden.Biz@gmail.com>
* More details to the vendor specific driver internal failure reportingSourav Mohapatra8 days1-0/+39
| | | | | | | | | | Add more hang reason codes for the hang reason in the QCA_NL80211_VENDOR_SUBCMD_HANG events. This also introduces the attribute QCA_WLAN_VENDOR_ATTR_HANG_REASON_DATA to carry the required data for the respective hang reason. This data is expected to contain the required dump to analyze the reason for the hang. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Ignore duplicated SSID element when parsingJouni Malinen8 days1-0/+5
| | | | | | | | | Some APs have managed to add two SSID elements into Beacon frames and that used to result in picking the last one which had incorrect data in the known examples of this misbehavior. Pick the first one to get the correct SSID. Signed-off-by: Jouni Malinen <j@w1.fi>
* Set beacon protection config irrespective of macro CONFIG_FILSVeerendranath Jakkam8 days1-1/+1
| | | | | | | This was not supposed to be conditional on CONFIG_FILS. Fixes: ecbf59e6931f ("wpa_supplicant configuration for Beacon protection") Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Check against integer overflow in int_array functionsJouni Malinen8 days1-4/+24
| | | | | | | | | | | | | | | | | | | | | | | | | int_array_concat() and int_array_add_unique() could potentially end up overflowing the int type variable used to calculate their length. While this is mostly theoretical for platforms that use 32-bit int, there might be cases where a 16-bit int overflow could be hit. This could result in accessing memory outside buffer bounds and potentially a double free when realloc() ends up freeing the buffer. All current uses of int_array_add_unique() and most uses of int_array_concat() are currently limited by the buffer limits for the local configuration parameter or frame length and as such, cannot hit this overflow cases. The only case where a long enough int_array could be generated is the combination of scan_freq values for a scan. The memory and CPU resource needs for generating an int_array with 2^31 entries would not be realistic to hit in practice, but a device using LP32 data model with 16-bit int could hit this case. It is better to have more robust checks even if this could not be reached in practice, so handle cases where more than INT_MAX entries would be added to an int_array as memory allocation failures instead of allowing the overflow case to proceed. Signed-off-by: Jouni Malinen <j@w1.fi>
* Allow RSNXE to be removed from Beacon frames for testing purposesJouni Malinen8 days2-0/+7
| | | | | | | | The new hostapd configuration parameter no_beacon_rsnxe=1 can be used to remove RSNXE from Beacon frames. This can be used to test protection mechanisms for downgrade attacks. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* FT: Omit RSNXE from FT protocol Reassociation Response when neededJouni Malinen8 days4-12/+25
| | | | | | | | | | The previous design for adding RSNXE into FT was not backwards compatible. Move to a new design based on 20/332r3 to avoid that issue by not include RSNXE in the FT protocol Reassociation Response frame so that a STA not supporting RSNXE can still validate the FTE MIC correctly. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* FT: Omit RSNXE from FT protocol Reassociation Request when neededJouni Malinen8 days1-9/+15
| | | | | | | | | | The previous design for adding RSNXE into FT was not backwards compatible. Move to a new design based on 20/332r3 to avoid that issue by not include RSNXE in the FT protocol Reassociation Request frame so that an AP not supporting RSNXE can still validate the FTE MIC correctly. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* FT: Verify that RSNXE is used consistently in Reassociation ResponseJouni Malinen8 days1-1/+12
| | | | | | | | Verify that the AP included RSNXE in Beacon/Probe Response frames if it indicated in FTE that RSNXE is used. This is needed to protect against downgrade attacks based on the design proposed in 20/332r3. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* FT: Verify that RSNXE is used consistently in Reassociation RequestJouni Malinen9 days1-4/+15
| | | | | | | | Verify that the STA includes RSNXE if it indicated in FTE that RSNXE is used and the AP is also using RSNXE. This is needed to protect against downgrade attacks based on the design proposed in 20/332r3. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* FT: Set the new RSNXE Used subfield in FT reassociationJouni Malinen9 days4-9/+18
| | | | | | | | | | This is a workaround needed to keep FT protocol backwards compatible for the cases where either the AP or the STA uses RSNXE, but the other one does not. This commit adds setting of the new field to 1 in Reassociation Request/Response frame during FT protocol when the STA/AP uses RSNXE in other frames. This mechanism is described in 20/332r3. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* nl80211: Debug print set_key() command namesJouni Malinen13 days1-0/+4
| | | | | | | This makes it easier to understand the debug log for various set_key() operations. Signed-off-by: Jouni Malinen <j@w1.fi>