Update ACS driver offload feature for VHT configuration. In addition,
this allows the chanlist parameter to be used to specify which channels
are included as options for the offloaded ACS case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If the AP/Authenticator receives an EAPOL-Key msg 2/4 for an association
that negotiated use of PSK and the EAPOL-Key MIC does not match, it is
likely that the station is trying to use incorrect PSK/passphrase.
Report this with "AP-STA-POSSIBLE-PSK-MISMATCH <STA addr>" control
interface event.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Channel 140 is needed as allowed HT40 channel pair to use
channel 144 introduced in 802.11ac for VHT40 and VHT80.
Signed-off-by: Peter Oh <poh@qca.qualcomm.com>
Add handling logic for DFS offloaded case, and add a helper function
that takes the frequency (MHz) as a param and returns 1 if given channel
requires DFS, or 0 otherwise.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
These values were previously used only for sorting the scan results, but
it may be useful to provide access to the used values through the BSS
entries.
Signed-off-by: Jouni Malinen <j@w1.fi>
When DFS offloading capability is supported by the driver, the driver
should use these events to indicate when a radar pattern has been
detected, channel availability check (CAC) has been completed, aborted
or finished after the non-occupancy period is over on a DFS channel.
Also, add a new driver.h event to be used by NL80211 to indicate CAC
Started event on a DFS channel.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When DFS offloading capability is supported by the driver, the driver
should use this event to indicate when channel availability check (CAC)
is started on a DFS channel.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds testing code (for CONFIG_TESTING_OPTIONS=y builds only) to
send an nl80211 vendor command and report a test vendor event in case
the driver supports this.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Send MESH-SAE-AUTH-BLOCKED event if SAE authentication is blocked. The
BLOCK state will finish when a new peer notification event is sent for
the same MAC address.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
SAE authentication fails likely with wrong password. This commit adds a
notification of the failure to the upper application (UI) so that the
application can notify suspection of a wrong password to the user. The
control interface monitor even for this is "MESH-SAE-AUTH-FAILURE
addr=<peer>".
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This modifies struct wpa_ptk to allow the length of KCK and KEK to be
stored. This is needed to allow longer keys to be used, e.g., with
Suite B 192-bit level.
Signed-off-by: Jouni Malinen <j@w1.fi>
The ANQP verification/parsing is done only after the GAS_DONE indication
is sent over the control interface. This means that in case the ANQP
parsing fails there is no indication to the upper layers. Add an
ANQP-QUERY-DONE event that reports the status of the ANQP parsing.
Signed-off-by: ASHUTOSH NARAYAN <ashutoshx.narayan@intel.com>
A new "CTRL-EVENT-EAP-PEER-ALT depth=<i> <alt name>" event is now used
to provide information about server certificate chain alternative
subject names for upper layers, e.g., to make it easier to configure
constraints on the server certificate. For example:
CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:server.example.com
Currently, this includes DNS, EMAIL, and URI components from the
certificates. Similar information is priovided to D-Bus Certification
signal in the new altsubject argument which is a string array of these
items.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new VENDOR_ELEM value 13 can now be used to add a vendor element
into all (Re)Association Request frames, not just for P2P use cases like
the previous item was for.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows vendor specific information element to be used to advertise
support for VHT on 2.4 GHz band. In practice, this is used to enable use
of 256 QAM rates (VHT-MCS 8 and 9) on 2.4 GHz band.
This functionality is disabled by default, but can be enabled with
vendor_vht=1 parameter in hostapd.conf if the driver advertises support
for VHT on either 2.4 or 5 GHz bands.
Signed-off-by: Yanbo Li <yanbol@qti.qualcomm.com>
There should not be a mesh-specific mechanism for setting up channel
parameters since that will just result in duplicated code. IBSS, mesh,
and AP mode can use the same data structures and parameters for setting
up such parameters.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add the t0 retransmission timer as specified by IEEE Std 802.11-2012,
11.3.8.4. This makes SAE much more likely to succeed in the case of lost
frames.
Signed-off-by: Bob Copeland <me@bobcopeland.com>
There is no need to keep temporary keys in memory beyond the end of the
association, so explicitly clear any SAE buffers that can contain keys
as soon as such keys are not needed.
Signed-off-by: Jouni Malinen <j@w1.fi>
struct wpa_driver_associate_params moved to using struct
hostapd_freq_params instead of just frequency. Need to update wpa_priv
to do same.
Signed-off-by: Jouni Malinen <j@w1.fi>
This commit introduces a QCA vendor command that allows interrogation of
the vendor-specific features supported by the device/driver. Currently
the only defined feature is the ability to offload key management.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This converts os_snprintf() result validation cases to use
os_snprintf_error() for cases that were note covered by spatch and
semantic patches.
Signed-off-by: Jouni Malinen <j@w1.fi>
Using QCA vendor command, allow ACS function to be offloaded to the
driver. Once channels are selected, hostapd is notified to perform OBSS
operation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit inserts Finite Cyclic Group to Anti-Clogging Token request
frame because IEEE Std 802.11-2012, Table 8-29 says "Finite Cyclic Group
is present if Status is zero or 76".
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
The mesh anti-clogging functionality is implemented partially. This
patch fixes to parse anti-clogging request frame and use anti-clogging
token.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Some static analyzers had problems understanding "left < count * len"
(CID 62855, CID 62856), so convert this to equivalent "count > left /
len" (len here is fixed to 4, so this can be done efficiently).
Signed-off-by: Jouni Malinen <j@w1.fi>
Static analyzers may not have understood the bounds checking on
data->num_pmkid. Use a local, temporary variable and validate that that
value is within length limits before assining this to data->num_pmkid to
make this clearer. (CID 62857, CID 68126)
Signed-off-by: Jouni Malinen <j@w1.fi>