Commit Graph

16994 Commits

Author SHA1 Message Date
Sachin Ahuja
3c9abc7858 QCA vendor attributes to configure TX and RX NSS
Define QCA vendor attributes to dynamically configure TX NSS and RX NSS
to be used with QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION and
QCA_NL80211_VENDOR_SUBCMD_GET_WIFI_CONFIGURATION commands.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-27 19:34:26 +02:00
Jouni Malinen
1759a8e3f3 tests: WPA2-PSK and supplicant receiving unexpected EAPOL-Key frames
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-23 21:28:36 +02:00
Jouni Malinen
0ea870324e tests: Use helper functions for PSK ext EAPOL-Key processing
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-23 21:02:03 +02:00
Sreeramya Soratkal
ed24bad1d9 AP: Check driver support while auto-selecting bandwidth for AP/P2P GO
If the maximum operating channel width for AP/P2P GO is not specified,
it is auto-selected during configuration. While selecting the channel
width, if VHT is supported and 160 MHz channels are available, 160 MHz
channel width is preferred to 80 MHz.

During the selection of the channel width, the corresponding driver
capabilities were not checked. As a result, the AP/P2P GO configuration
was set to use the available 160 MHz channels even if the driver did not
have capability to support the 160 MHz channel width causing failure to
start the AP/P2P GO.

Fix this by checking the driver support for the 160 MHz channel width
while selecting the channel width for AP/P2P GO.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2020-11-23 20:45:31 +02:00
Arun Kumar Khandavalli
5b782ff620 Add bus failure reason code to vendor indication
Add bus failure hang reason code in enum qca_wlan_vendor_hang_reason.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-23 20:37:44 +02:00
Jouni Malinen
ff7cae3444 tests: ANQP protection indication
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-23 20:35:00 +02:00
Jouni Malinen
1c77f3d3f9 Indicate whether additional ANQP elements were protected
Store information on whether extra ANQP elements were received using the
protection alternative (protected GAS during an association using PMF)
and make this available through the control interface BSS command.

For example:
anqp[277]=<hexdump>
protected-anqp-info[277]=1

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-23 20:32:26 +02:00
Mathy Vanhoef
c79a53420a fragattack: clarify amsdu-inject description in table 2020-11-23 03:19:48 +04:00
Mathy Vanhoef
fc1a5f9c46 fragattack: support WPA3/SAE/MFP 2020-11-23 03:19:29 +04:00
Srinivas Girigowda
90ca804e47 Add vendor attributes for TWT nudge request
TWT nudge is a combination of suspend and resume in a single request.
Add TWT nudge operation and QCA vendor attributes to support
the TWT nudge request.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-17 19:49:23 +02:00
Jouni Malinen
454ebb504c BSS: Use variable length array for IEs at the end of struct wpa_bss
Replace the previously used design "(u8 *) (bss + 1)" with a variable
length array at the end of struct wpa_bss bss->ies[] in hopes of making
this easier to understand for static analyzers.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-16 16:25:17 +02:00
Jouni Malinen
be7ee264f6 BSS: Use wrapper function for getting a pointer to the IE buffer
This makes it easier to change the internal struct wpa_bss design for
storing the variable length IE buffers.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-16 16:21:56 +02:00
Jouni Malinen
95edd81441 BSS: Add wpa_bss_get_ie_ext() wrapper
This removes need from the callers to know the struct wpa_bss details
for the location of the memory area for storing the IEs.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-16 16:00:21 +02:00
Jouni Malinen
dba4f7a545 Mark wpa_bss_get_fils_cache_id() argument const
This function does not modify the BSS entry.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-16 15:52:22 +02:00
Jouni Malinen
5027f34a33 tests: Fix test description strings for couple of SAE cases
Remove the extraneous closing parenthesis.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-16 15:51:05 +02:00
Hai Shalom
2a7023ba6f Change list arguments to const where possible
Change struct dl_list pointer argument to const in list functions that
do not manipulate the list: dl_list_len() and dl_list_empty().

Signed-off-by: Hai Shalom <haishalom@google.com>
2020-11-16 15:50:44 +02:00
Rohan Dutta
fdf114641f nl80211: Send the sae_pwe value to the driver
Use NL80211_ATTR_SAE_PWE attribute to indicate the sae_pwe value
to the driver during the NL80211_CMD_START_AP and NL80211_CMD_CONNECT
in WPA3-Personal networks which are using SAE authentication.

Signed-off-by: Rohan Dutta <drohan@codeaurora.org>
2020-11-16 15:50:44 +02:00
Vamsi Krishna
2576f27e04 P2P: Disable P2P in the 6 GHz band for now
P2P usage in the 6 GHz band is not standardized yet by WFA. Disable P2P
operations in the 6 GHz band to avoid potential interop issues with
existing P2P devices in production. P2P operations in the 6 GHz band can
be reenabled later after defining standard ways to address potential
interop issues with existing P2P devices.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-16 13:15:28 +02:00
Sreeramya Soratkal
2ffd3bb4b6 P2P: Include p2p_6ghz_disable in global configuration
Previously, the configuration to disable the 6 GHz band remained local
to the P2P interface. With this there is a possibility of 6 GHz channels
being included in the channel list when the channel list needs to be
updated if the state changes on one of the interfaces.

Include the configuration to disable the 6 GHz band for P2P as a global
configuration value to prevent the inclusion of 6 GHz channels in the
channel list for P2P when the channel list needs to be updated during
the state change in one of the interfaces.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2020-11-16 13:15:28 +02:00
Vinita S. Maloo
60c902f408 Add connect fail reason code from the driver to assoc reject event
Add support to report a vendor specific connect fail reason code fetched
from the driver to users by adding the reason code to the event
CTRL-EVENT-ASSOC-REJECT. Fetch the connect fail reason code when the
driver sends a failure connection result and append the reason code, if
available, to assoc reject event.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-16 13:15:28 +02:00
Sunil Dutt
7423fa6e8f Vendor feature capability to support concurrent sessions on Wi-Fi bands
Introduces a vendor specific feature capability
QCA_WLAN_VENDOR_FEATURE_CONCURRENT_BAND_SESSIONS to know if the device
supports concurrent network sessions on different Wi-Fi bands. This feature
capability is attributed to the hardware's capability to support the same
(e.g., DBS).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-16 13:15:28 +02:00
Nandha Kishore Easwaran
1934ad9b23 Add extra parameters to vendor command GPIO attribute
Add extra parameters mux_config, drive, and init_enable
to the GPIO config command.

Signed-off-by: Nandha Kishore Easwaran <nandhaki@codeaurora.org>
2020-11-16 13:15:28 +02:00
Jouni Malinen
d0e0d2283e Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2020-11-11.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-11-16 13:15:21 +02:00
Mathy Vanhoef
08f0ba6c28 fragattack: version 1.2 on 15 november 2020-11-15 22:37:21 +04:00
Mathy Vanhoef
d10941c8bc fragattack: minor tweaks to README and tool output 2020-11-12 11:49:03 +04:00
Mathy Vanhoef
25066d096d fragattack: updated README 2020-11-12 00:31:13 +04:00
Mathy Vanhoef
78f9833e0f fragattack: minor tweaks to output 2020-11-12 00:17:53 +04:00
Mathy Vanhoef
9727be0348 fragattack: automatically close tool after test 2020-11-11 23:30:51 +04:00
Mathy Vanhoef
6c4d55a698 fragattack: detect when 4-way HS gets stuck 2020-11-11 22:59:40 +04:00
Mathy Vanhoef
dd3f2ba7f2 fragattack: automatically detect rekey request timeout 2020-11-11 21:22:08 +04:00
Mathy Vanhoef
805bd55942 fragattack: send rekey request with replay counter of one 2020-11-11 20:23:19 +04:00
Mathy Vanhoef
9a75e4790f fragattack: track latest libwifi 2020-11-11 19:57:02 +04:00
Mathy Vanhoef
b934c6c17b fragattack: bugfix: always send EAPOL to bss or sta MAC 2020-11-11 19:56:20 +04:00
Vinita S. Maloo
c2c4686228 Set NLA_F_NESTED flag with NL80211_ATTR_VENDOR_DATA conditionally
The newer kernel versions enforce strict netlink attribute policy
validation and will cause cfg80211 to reject vendor commands with
NL80211_ATTR_VENDOR_DATA if NLA_F_NESTED attribute is not set but
if the vendor command is expecting nested data within
NL80211_ATTR_VENDOR_DATA attribute.

Most of the earlier instances were addressed by adding NLA_F_NESTED
flag in nla_nest_start(). This commit addresses the remaining
instance in which NL80211_ATTR_VENDOR_DATA is populated using data
set by user through the control interface.

Enhance the control interface VENDOR command to indicate whether the
vendor subcommand uses nested attributes within NL80211_ATTR_VENDOR_DATA
attribute or not.

Set NLA_F_NESTED flag for existing QCA vendor commands which use nested
attributes within the NL80211_ATTR_VENDOR_DATA attributes so that the
old frameworks implementations for already existing commands work
without any issues.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-10 23:48:00 +02:00
Srinivas Girigowda
cd3aa54a37 Add test configuration attr to enable/disable full bandwidth UL MU-MIMO
Define a QCA vendor attribute
QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_FULL_BW_UL_MU_MIMO to
enable/disable full bandwidth UL MU-MIMO subfield in the HE PHY
capabilities information field for testing purposes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-10 20:10:59 +02:00
Jouni Malinen
f4de21a77a BSS/scan: More conversions to for_each_element_id()
Use the common IE parsing routine in hope of trying to make the length
checks easier for static analyzers. In addition, try to make the
*_vendor_ie_multi() cases easier to analyze as well even though they
cannot use for_each_element_id().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-04 19:50:34 +02:00
Jouni Malinen
aa06444f2c dbus: Check eloop registration failure in add_watch handler
Report failures at lower layer to the upper layer D-Bus handling of
socket registration to allow failures to be addressed more cleanly.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-04 19:39:08 +02:00
Mathy Vanhoef
e94b04ff57 fragattack: check if hostapd/wpa_sup was recompiled on updates 2020-11-04 12:26:50 +04:00
Jouni Malinen
56a1df71e5 BSS: Convert wpa_bss_get_vendor_ie() to use for_each_element_id()
Use the common IE parsing routine in hope of trying to make the length
checks easier for static analyzers.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-03 21:10:01 +02:00
Jouni Malinen
ec1f4f3c81 Make GTK length validation for RSN Group 1/2 easier to analyze
This extends the changes in commit c397eff828 ("Make GTK length
validation easier to analyze") to cover the RSN case as well as the WPA.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-03 21:10:01 +02:00
Jouni Malinen
f14df9b56a tests: Prepare for control interface message change
Update ap_wpa2_psk_supp_proto_too_long_gtk_in_group_msg to accept
upcoming change in the parsing validation step that catches the issue.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-03 21:10:01 +02:00
Jouni Malinen
c42d41bf35 EAP-IKEv2: Try to make transform parser simpler to understand
Use a local variable to try to make ikev2_parse_proposal() easier for
static analyzers to understand. Bounds checking in the loop is really
done by the ikev2_parse_transform() function, so the p->num_transforms
value itself is of no importance for that part and even that was already
implicitly limited in range.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-03 21:03:30 +02:00
Jouni Malinen
ec0d99c00e HS 2.0: Clarify OSU Friendly Name length validation
This extends the changes in commit 0570a3ea7d ("HS 2.0: Clarify OSU
Provider list length validation") to cover the length field for the OSU
Friendly Name value to try to get this easier for static analyzers to
understand.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-03 21:03:30 +02:00
Jouni Malinen
05962099c3 TDLS: Fix error path for TPK M1 send failure in testing functionality
The previous fix did not actually address this testing functionality
case correctly. Clear the peer pointer to avoid double freeing.

Fixes: a86078c876 ("TDLS: Fix error path handling for TPK M1 send failures")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-03 19:45:36 +02:00
Jouni Malinen
a9fed5f5b5 Avoid undefined behavior with memcpy PMK/PSK update
When SAE is used, the local pointer pmk may point to sm->PMK. Skip the
memcpy operation in such a case since it is not really needed and use of
overlapping memory buffers is undefined behavior for memcpy().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-02 18:46:35 +02:00
Jouni Malinen
c643c39287 nl80211: Fix filtering of unsupported bands/modes
The loop for removing unsupported bands was assuming there is always
exactly one band/mode following the removed band. That was not at all
correct, so fix this by dynamically determining how many (if any) bands
need to be moved.

Fixes: 106d67a93c ("nl80211: Filter out unsupported bands")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-02 18:38:41 +02:00
Jouni Malinen
3b89dbaa7d tests: TDLS with SAE
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-02 17:40:18 +02:00
Jouni Malinen
a86078c876 TDLS: Fix error path handling for TPK M1 send failures
Local allocation error or failure to get a random number could have
resulted in the peer entry getting freed and couple of the error path
cases in callers could have tried to reference or delete the peer after
that. Fix this by tracking the errors where the peer is freed.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-02 17:26:04 +02:00
Jouni Malinen
3d490296bc DPP2: Fix error path handling in enterprise provisioning
The allocated memory pointed by the pem pointer was freed on an error
path without clearing the pointer to NULL before returning it from the
function. This could have resulted in use of freed memory in an error
case. Fix this by clearing the pointer so that the function returns NULL
properly in the case of this error.

Fixes: ace3723d98 ("DPP2: Enterprise provisioning (Enrollee)")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-02 16:52:01 +02:00
Jouni Malinen
f724dd1bfd Remove unused variable update
Commit e8b85c078e ("iface match: Unspecified matched interfaces should
not log driver fails") removed the only use of the added interface wpa_s
pointer, but left that pointer setting in place. Remove it to keep
static analyzers happy.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-02 16:36:14 +02:00