www.project-moonshot.org Git - mech

FST: Fix session setup failure with peer without MB IE

Upon receiving FST setup request on old band, the peer is searched on
new band. The assumption is that MB IE from this peer on new band
previously received either in assoc event or in FST setup request.

There are cases in which above assumption doesn't work, peer is not
found and session setup fails. For example:
- STA connects over 11ac. Due to driver limitation, MB IE is not included
in assoc event
- STA connects over 11ad. MB IE included in assoc event.
- FST session established on 11ac band, with AP as initiator. i.e. FST
setup request sent in AP=>STA direction. STA searches for peer's (AP)
MB IE on 11ad band which exists.
- FST switch occur
- FST session established on 11ad band, with STA as initiator. i.e. FST
setup request sent in STA=>AP direction. AP searches for peer's (STA)
MB IE on 11ac band which are absent.

For fixing the above, consider also peers without MB IE as candidates in
the search algorithm.

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>

P2P: Add optional op_class argument to P2P_SET listen_channel

The existing implementation in p2p_ctrl_set used a hard-coded operating
class 81 which is only suitable for the social channels in the 2.4 GHz
band, and will not work for the social channel in the 60 GHz band.
Extend this by adding an optional op_class argument to P2P_SET
listen_channel. If not specified, use the default value of 81 to match
existing behavior.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>

P2P: Adjust service discovery maximum fragment size for 60 GHz

In the 60 GHz band, service discovery management frames are sent over
the control PHY and have a smaller maximum frame size (IEEE Std
802.11ad-2012, 21.4.3.2). Fix the code to use sufficiently small
fragment size when operating in the 60 GHz band.

The 60 GHz fragment size (928) is derived from the maximum frame size
for control PHY (1023) and subtracting 48 bytes of header size, and some
spare so we do not reach frames with the absolute maximum size.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>

tests: Add tests for HS 2.0 frame filtering

Signed-off-by: Johannes Berg <johannes.berg@intel.com>

tests: Add a test for mesh gate forwarding

This test checks that mesh nodes forward frames for unknown
destinations to the mesh gates.

Signed-off-by: Bob Copeland <me@bobcopeland.com>

tests: D-Bus AssocStatusCode

Signed-off-by: Jouni Malinen <j@w1.fi>

D-Bus: Add association response status code property for failure cases

(Re)Association Response frame with status code other than 0 is now
notified over DBUS as a part of PropertiesChanged signal. This can be
used by application in case AP is denying association with status code
17 (band steering) so that it does not interfere in the BSSID selection
logic of wpa_supplicant.

Signed-off-by: Naveen Singh <nasingh@google.com>

hostapd: Use ifname of the current context in debug messages

In case of multiple BSS configuration, return the current interface
name, instead of the first one.

Signed-off-by: Eliad Peller <eliad@wizery.com>

hostapd: Allow use of driver-generated interface addresses

Add a new 'use_driver_iface_addr' configuration parameter to allow use
of the default interface address generated by the driver on interface
creation. This can be useful when specific MAC addresses were allocated
to the device and we want to use them for multi-BSS operation.

Signed-off-by: Eliad Peller <eliad@wizery.com>

AP: Save EAPOL received before Association Response ACK

There is a race condition in which AP might receive the EAPOL-Start
frame (from the just-associated station) before the TX completion of the
Association Response frame. This in turn will cause the EAPOL-Start
frame to get dropped, and potentially failing the connection.

Solve this by saving EAPOL frames from authenticated-but-not-associated
stations, and handling them during the Association Response frame TX
completion processing.

Signed-off-by: Eliad Peller <eliad@wizery.com>

tests: Add hostapd.py helpers for various radio parameters

Add support for generating hostapd parameters for
b_only/g_only/a_only/HT20/HT40/VHT80.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

tests: Add terminate support for hostapd/wpa_supplicant

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

wpaspy: Add support for TERMINATE command

This can be used to terminate the wpa_supplicant/hostapd process.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

tests: Add HostapdGlobal.get_ctrl_iface_port()

This adds a method to get the UDP port for an interface.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

tests: Add UDP ctrl_iface support to hostapd.py

Allow use of a remote host using wpaspy.Ctrl with UDP ctrl_iface
support.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

tests: Add UDP ctrl_iface support to wpasupplicant.py

Allow use of a remote host using wpaspy.Ctrl with UDP ctrl_iface
support.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

wpaspy: Add support for UDP connection

hostname and port can now be specified when using wpaspy.Ctrl, so we can
connect to remote clients now.

This can also be tested using test.py application with
./test.py <hostname> <port>

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

hostapd: Add global TERMINATE command

This will terminate the hostapd process.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

hostapd: Add INTERFACES ctrl_iface command

Return a list of the available interfaces (the main BSS) and optionally
with ctrl_iface when the optional "ctrl" parameter is included. This is
useful when using UDP ctrl_iface and add interfaces using the ADD
command. After that we need to know which UDP port was assigned for the
control interface for the added interface.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

hostapd: Update ctrl_interface for UDP to include the selected port

Set up the real ctrl_interface for UDP after having selected the port.
This is in format: udp:<port_no>. This is needed to get accurate
interface <-> udp_port mapping.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

wpa_supplicant: Add ctrl parameter to INTERFACES command

"INTERFACES ctrl" can now be used to fetch a list of network interfaces
and their control interfaces, e.g., to fetch the UDP port information
for the control interface.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

hostapd: Allow UDP ctrl_iface configuration to set the UDP port

This allows the UDP port to be set for the per-interface and global
control interfaces. The format is: udp:<port_no>

For example:
hostapd -ddt -g udp:8888

And in the configuration file:
ctrl_interface=udp:8877

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

hostapd: Add UDP support for ctrl_iface

Add UDP support for ctrl_iface:

New config option could be set:
CONFIG_CTRL_IFACE=udp
CONFIG_CTRL_IFACE=udp-remote
CONFIG_CTRL_IFACE=udp6
CONFIG_CTRL_IFACE=udp6-remote

And hostapd_cli usage:
hostapd_cli -i localhost:8877

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

ctrl_iface_common: Use sockaddr_storage instead of sockaddr_un

This is a step towards allowing UDP sockets to be used with the common
implementation.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

hostapd: Use common functions for ctrl_iface

Use the common functions, structures when UNIX socket ctrl_iface used.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

wpa_supplicant: Use common functions for ctrl_iface

Use the common functions, structures when UNIX socket ctrl_iface used.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

Add common ctrl_iface files

This is preparation for sharing a single implementation for ctrl_iface
functionality in wpa_supplicant and hostapd.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

wpa_supplicant: Add monitor support for global UDP ctrl_iface

Add monitor support (ATTACH/DETACH) for the global ctrl_iface when using
the UDP backend.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

wpa_supplicant: Share attach/detach/send UDP ctrl_iface functions

Extend the previously per-interface UDP ctrl_iface functions
(attach/detach/send) to support operations on the global interface as
well.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

wpa_supplicant: Allow UDP ctrl_iface configuration to set the UDP port

This allows the UDP port to be set for the per-interface and global
control interfaces. The format is: udp:<port_no>

For example:
wpa_supplicant -Dnl80211 -ddt -g udp:9888

And in the configuration file:
ctrl_interface=udp:9877

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

P2P: Update peer WFD IE from PD Response and GO Negotiation Response

Update the peer WFD IE information based on WFD elements received in
Provision Discovery Response and GO Negotiation Response frames.

Signed-off-by: Avichal Agarwal <avichal.a@samsung.com>
Signed-off-by: Kyeong-Chae Lim <kcya.lim@samsung.com>

P2P: Respect p2p_ignore_shared_freq on p2p_group_add

Make sure wpas_p2p_init_go_params() respects the p2p_ignore_shared_freq
configuration option. Choose currently used frequencies only if this
option is not set, or if there are no unused channels left.

Signed-off-by: Eliad Peller <eliad@wizery.com>

P2P: Fix shared freq print in wpas_p2p_init_go_params()

"freq" contains the forced frequency, not the selected one. Print the
correct freq instead.

Signed-off-by: Eliad Peller <eliad@wizery.com>

P2P: Update peer listen channel from Probe Request frames

In case a Probe Request frame is received from a known peer P2P Device,
update the listen channel based on the P2P attributes in the Probe
Request frame. This can be useful for cases where the peer P2P Device
changed its listen channel, and the local P2P device is about to start a
GO Negotiation or invitation signaling with the peer.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>

P2P: Abort ongoing scan when p2p_find is stopped

When p2p_find is stopped, send request to the driver
in order to cancel an ongoing scan if there is one.

Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>

nl80211: Abort an ongoing scan upon scan timeout indication

Currently, when scan is stuck in the kernel/driver/fw,
the nl80211 driver tries to recover by faking a SCAN_RESULTS flow.
However, the scan is still stuck in the kernel/driver/fw.

To avoid that stuck request, abort it upon scan timeout.

Signed-off-by: Ayala Beker <ayala.beker@intel.com>

tests: Handle different delays in discovery_and_interface_disabled

Test different delay intervals between the INTERFACE_DISABLED event
and the INTERFACE_ENABLED event for discovery_and_interface_disabled.

Previously, only a delay of 1 second was used, in which case the
scan results for the P2P_FIND operation were received after the
interface was enabled again, and the case the scan results were
received while the interface was disabled was not covered.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>

wpa_supplicant: Handle EVENT_SCAN_RESULTS when an interface is disabled

An interface can be disabled while it has an ongoing scan request.
In such a case, when the scan results notification is received,
it was being ignored (as the interface is already disabled) so the
scan state was not cleared. This can cause undetermined behavior
for the next scan request.

To handle this, clear the scan state when EVENT_SCAN_RESULTS is
received and the interface is disabled.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>

WNM: Do not scan based on malformed BSS Transition Management Request

Verify that when the Candidate List Included bit is set in a BSS
Transition Management Request frame, the candidate list actually
includes at least one candidate. If no candidates are included, reject
the request without scanning.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>

tests: BTM Request Preferred Candidate List followed by vendor element

This goes through parsing code for a case that was interpreted
incorrectly in the past.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

WNM: Fix candidates count in BSS Transition Management Request

In BSS Transition Management Request frame, it is possible that vendor
specific IEs are included after the candidate list. In this case the
candidates count was incremented for each IE although the candidate list
is already over which could result in adding all zeros candidates into
the neighbor list.

Fix that by incrementing the candidates count only for neighbor report
elements.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>

wpa_cli: Support running action script on global control interface

In case wpa_cli is started with an option to execute an action script,
but no interface is specified, wpa_cli might crash in wpa_cli_exec() if
arg1 == NULL. Fix this be setting arg1 = "global".

Signed-off-by: Ilan Peer <ilan.peer@intel.com>

EAP-PWD peer: Fix possible memory leak on error path

Fix possible memory leak in eap_pwd_perform_commit_exchange().

Signed-off-by: Ilan Peer <ilan.peer@intel.com>

Android: Remove superfluous OpenSSL include paths

The libcrypto and libssl modules (and their respective static and host
versions) use LOCAL_EXPORT_C_INCLUDE_DIRS thus just including the module
is sufficient.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>

HS 2.0R2: Clear fetch_anqp_in_progress if fopen fails

Clear wpa_s->fetch_anqp_in_progress when osu-providers.txt can't be
opened. An issue happens, for instance, when wpa_supplicant doesn't
have correct access permission to the directory specified by osu_dir.
If hs20_osu_fetch_done method returns without clearing the flag,
'FETCH_OSU' command will never work correctly.

Signed-off-by: Daichi Ueura <daichi.ueura@sonymobile.com>

Fix CONFIG_WPA_TRACE=y compilation without CONFIG_WPA_TRACE_BFD=y

syms is defined only for WPA_TRACE_BFD:

../src/utils/trace.c: In function ‘wpa_trace_deinit’:
../src/utils/trace.c:372:7: error: ‘syms’ undeclared (first use in this function)
free(syms);
^
../src/utils/trace.c:372:7: note: each undeclared identifier is reported only once for each function it appears in
make: *** [../src/utils/trace.o] Error 1
make: *** Waiting for unfinished jobs....

Add appropriate #ifdef.

Signed-off-by: Eliad Peller <eliad@wizery.com>

Add EAP-AKA' and EAP-pwd to wpa_supplicant README

The EAP methods were missing from the lists.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Update notes about OpenSSL versions

Obsolete OpenSSL versions 0.9.* are not supported anymore.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Fix some typos in wpa_supplicant README files

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

README-P2P: Fix a typo

Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>

P2P: Add Dev Info attribute to Probe Request frames in 60 GHz

When building P2P IE for Probe Request frames in P2P scan, add the
device information attribute if the 60 GHz band is included in the scan,
since this is required by the P2P specification.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>

wpa_supplicant: Expose wpas_get_bands() and related API

Expose the functions wpas_get_bands() and wpas_freq_to_band() and the
enum wpa_radio_work_band, since they will be needed outside
wpa_supplicant.c.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>

P2P: Change order of P2P IE and frequencies set up

When setting up parameters for P2P scan, calculate the frequencies
for the scan before calculating the scan IE. This is because
the scan IE calculation may need information about the scan
frequencies in use.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>

Android: Allow wpa_supplicant to write files to osu-info dir

This commit allows any process running with group id of AID_WIFI to
read/write files to osu-info directory. Also, it allows other users to
read and search the osu-info directory.

This fixes issues with hs20-osu-client creating a directory for
wpa_supplicant use without wpa_supplicant actually having privileges to
write there on Android where the wpa_supplicant process does not run as
root.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

FST: Enlarge State Transition Timeout (STT)

STT guards the exchange of FST Action frames with the peer station.
It was observed that sometimes Action frames sending is delayed at
driver/FW layers for few hundreds millisec.

Enlarge the STT to overcome such cases.

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>

Add error handling for offloaded ACS with vendor command failures

In case vendor ACS command returns invalid channel or hardware mode,
complete the interface setup with an error code instead of simply
return, so that hostapd can properly clean up the interface setup.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Fix scan rescheduling from wpas_stop_pno to check postponed case

Commit 02e122a995dea947a2ad2c0d85190d709f9128b7 ('Reschedule scan from
wpas_stop_pno if it was postponed') uses wpa_s->scanning as the only
condition for automatically starting a postponed scan request from
EVENT_SCHED_SCAN_STOPPED event handler. However, wpa_s->scanning may be
set for sched_scan and as such, this can result in unexpected extra
scans without there having been any real postponed request.

Make this more accurate by verifying that there really is a pending
request for a scan before speeding up its start.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: WPA2-Enterprise with EAP-GPSK and PTK rekey enforced by AP

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

nl80211: Add more address fields into RX frame debug message

This makes it easier to debug issues related to Public Action frame
addressing.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: GAS query with another AP while associated

This is without PMF to cover the case of Public Action frame to another
AP while associated.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

RADIUS: Add Acct-Delay-Time into accounting messages

This tells to the server how long we have been trying to transmit the
message so that the actual time of the message generation can be
determined from receive time (ignoring network delays and only at
accuracy of one second).

For interim updates, only value 0 is used since there are no
retransmissions of the same message. For other accounting messages, the
initial attempt goes out with value 0 and the retransmissions, if
needed, show the number of seconds the message has been waiting in the
queue.

Update the Identifier and Authenticator in the messages whenever
updating the Acct-Delay-Time per RFC 2866, 4.1 requirements.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: RADIUS Accounting interim update retry

Signed-off-by: Jouni Malinen <j@w1.fi>

RADIUS: Update full message for interim accounting updates

Instead of using the RADIUS client retransmission design with the old
RADIUS message contents for each retry, trigger a completely new interim
accounting update instance more quickly (using the same schedule as
RADIUS message retransmissions) to improve accounting updates in cases
where RADIUS message delivery fails. This allows the server to get up to
date information from the time the "retry" message was sent instead of
the old information from the time the first failed attempt was sent.

Signed-off-by: Jouni Malinen <j@w1.fi>

Document nas_identifier requirements for RADIUS accounting

nas_identifier needs to be set to a unique value for RADIUS accounting
to work properly. This needs to be unique for each BSS.

Signed-off-by: Jouni Malinen <j@w1.fi>

Replace hostapd_mac_comp_empty() with is_zero_ether_addr()

There is no need to maintain two implementations of the functionality.
is_zero_ether_addr() is easier to understand, so use it.

Signed-off-by: Jouni Malinen <j@w1.fi>

VLAN: Avoid use of libnl cache

Using rtnl_link_alloc_cache() is expensive as it fills in all configured
links. Using rtnl_link_get_kernel() is much more lightweight.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>

nl80211: Clean up ifidx properly if interface in a bridge is removed

When an interface is removed while it was in a bridge, the bridge was
not removed from the local ifidx list.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>

FT: Check destination MAC address on RRB receive

As the Linux variant of l2_packet_init() does not use its own_addr
argument and l2_packet_receive() does not filter on destination MAC
address, this needs to be checked in the callback.

If there are multiple BSSes listening for FT RRB packets, all their
BSSIDs need to be local to the bridge interface. As l2_packet_init() is
going to receive all of them going for any local address, those RRB
messages started turning up on BSSes that were not destinated for and
cluttering logs.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>

RADIUS: Allow RADIUS server to provide PSK instead of passphrase

If the AP is slow, passphrase hashing takes too long to serve the client
before timeout. Extend the Tunnel-Password design to allow a 64
character value to be interpreted as a PSK and send SSID to RADIUS
server. This allows the RADIUS server to either take care of passphrase
hashing or to use raw PSK without such hashing.

This is especially important for FT-PSK with FT-over-air, where hashing
cannot be deferred.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>

Cache hashed passphrase in RADIUS-based PSK delivery

Instead of copying the full struct hostapd_sta_wpa_psk_short, share the
existing entry and use reference counting to check when it needs to be
freed. This allows caching of PSKs derived from passphrases to avoid
having to perform the heavy hashing operation multiple times.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>

Defer passphrase-to-PSK hashing out of 802.11 authentication ACL check

Hashing takes quite some time (can be about one second on a low-power
CPU for each passphrase provided), so hostapd can easily hit the 900 ms
Wi-Fi client authentication deadline (mac80211 uses 3x 300 ms). This can
be fixed by storing the passphrase instead of PSK with the STA and defer
the hashing into the WPA/RSN 4-way handshake, when enumerating all PSKs.

This applies for the case where a RADIUS server is used to store the
per-STA passphrases and this passphrase is delivered as part of the MAC
ACL check during IEEE 802.11 Authentication frame processing.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>

VLAN: Use stack instead of heap allocation for new interface name

The VLAN ifname is limited to the maximum length of IFNAMSIZ, so there
is no need to use heap allocation for it.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>

FT: Use BSSID as r1_key_holder if no value is configured

r1_key_holder is an identifier that was always set to zero if unless
configured before.

See 11.6.1.7.4 of IEEE Std 802.11-2012 which reads
"R1KH-ID is a MAC address of the holder of the PMK-R1 in the
  Authenticator of the AP"
See 12.2.2 of IEEE Std 802.11-2012 which reads
"Each R0KH-ID and R1KH-ID is assumed to be expressed as a unique
  identifier within the mobility domain."
"The R1KH-ID shall be set to a MAC address of the physical entity
  that stores the PMK-R1 ..."

Defaulting this to BSSID is a more reasonable value since we have not
rejected the missing r1_key_holder as invalid configuration.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>

tests: FT RRB internal delivery to non-WPA BSS

A malicious station could try to do FT-over-DS with a non WPA-enabled
BSS. When this BSS is located in the same hostapd instance, internal RRB
delivery will be used and thus the FT Action Frame will be processed by
a non-WPA enabled BSS. This processing used to crash hostapd as
hapd->wpa_auth is NULL.

This test implements such a malicious request for regression testing.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>

FT: Check hapd->wpa_auth before RRB internal delivery

A malicious station could try to do FT-over-DS with a non WPA-enabled
BSS. When this BSS is located in the same hostapd instance, internal RRB
delivery will be used and thus the FT Action Frame will be processed by
a non-WPA enabled BSS. This processing used to crash hostapd as
hapd->wpa_auth is NULL. If the target BSS is on a different hostapd
instance, it will not listen for these packets and thus not crash.

Fix this by checking hapd->wpa_auth before delivery.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>

FT: Fix R0KH-R1KH protocol data length values

The FT RRB hostapd packets have a length field. For PULL frames, it
counted the bytes starting with nonce and up to the last before pad. For
RESP frames, it counted the bytes starting with nonce and up to the last
before pad except for 2 bytes. For PUSH frames, it counted the bytes
starting with nonce and up to including pad.

As rounding is done with AES encryption, including pad does not make
sense. Not including the last field before pad does not make sense
either. These were broken in the earlier addition of the 2 octet
pairwise field in commit 1b484d60e55a01d02bf01f790a7c6fb9ea606098 ('FT:
Include pairwise cipher suite in PMK-R0 SA and PMK-R1 SA').

AES encryption is not affected, as rounding hides the differences. The
packets data_length field is not used, so the differences have no effect
there.

This patch changes the constants to match the bytes used, thus excluding
the pad. To validate the changes, look at remainder modulo 8 of the sum
of the size constants and the padding sizes.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>

tests: RSN pre-auth and PMKSA caching with per_sta_vif

This adds new tests to verify pmksa_cache_preauth when
used with per_sta_vif and possibly vlans.

While at it it refactors the code such that the tests
  pmksa_cache_preauth
  pmksa_cache_preauth_vlan_enabled
  pmksa_cache_preauth_vlan_used
  pmksa_cache_preauth_per_sta_vif
  pmksa_cache_preauth_vlan_enabled_per_sta_vif
  pmksa_cache_preauth_vlan_used_per_sta_vif
share code where possible.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>

tests: Document tshark and python-netifaces as dependencies

tshark and python-netifaces are used by some tests.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>

tests: Verify correct VLAN operation after reconnect

This adds a test case ap_vlan_reconnect. It connects, disconnects, and
reconnects a station in a VLAN. This tests for a regression with
wpa_group entering the FATAL_FAILURE state as the AP_VLAN interface is
removed before the group was stopped.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>

tests: Tagged-VLAN only change on reauthentication

Check VLAN ID change during reauthentication when using tagged-only
configuration.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>

tests: P2PS connection with cfg80211 P2P Device

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: p2p_device_nfc_invite with no separate group interface

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: P2P persistent group with cfg80211 P2P Device

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: P2P join-group using cfg80211 P2P Device

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: P2P autogo using cfg80211 P2P Device

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: P2P group formation with driver using cfg80211 P2P Device

This extends the P2P Device testing coverage to include the newly
enabled option of using the primary interface (e.g., wlan0) for P2P
group operation instead of always forcing a separate group interface to
be created dynamically.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

P2P: Support dedicated P2P_DEVICE without separate group interface

Add support for drivers with dedicated P2P_DEVICE interface, but without
group interface concurrency (only a single netdev is used). With such
devices, wpa_supplicant tried to use the p2p_dev interface instead of
the group interface and most P2P operations failed. Extend
wpa_supplicant to use the primary interface instead of a separate group
interface in such cases.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>

P2P: Add a separate pointer to the P2P Device instance

In many places in the code there was a reference to wpa_s->parent to get
from group interface to p2p_dev interface. These places can break if
P2P_DEVICE interface would need to be used with the primary interface as
the group interface, since the parent of the primary interface points to
itself and not the p2p_dev interface.

Fix this by adding a separate "p2pdev" pointer to wpa_supplicant,
it will be the same as parent pointer in most cases but whenever
the primary interface is used as a group interface, change it to
point to the correct p2p_dev interface.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>

GAS client: Make PMF check on RX more consistent

Use the SA field instead of BSSID in the received Action frame to
determine whether PMF has been negotiated with the transmitter. While
these fields are supposed to be same for Public Action frames from an
AP, it would be possible that a frame is received with different values.
The following operations in gas_query_rx() use SA, so do the same for
the PMF check.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: GAS query with another AP while associated and using PMF

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Multi-icon fetch with REQ_HS20_ICON

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: WNM BSS Transition Management and scan behavior

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

WNM: Optimize a single BSS transition management candidate scan

If the BSS Transition Management Request frame includes only a single
candidate and we need to scan for the BSS to get up-to-date information,
use a scan for the known BSSID instead of wildcard BSSID. In addition,
set the SSID in the scan if it is known based on old scan results in the
BSS table. This removes unnecessary Probe Response frames when we are
interested in results from only a single BSS.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

nl80211: Add an option to specify the BSSID to scan for

This allows scans to be optimized when a response is needed only from a
single, known BSS.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: MBO STA supported operating classes

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

AP: Store STA supported operating classes information

This makes hostapd track Supported Operating Classes information from
the associated STAs. The stored information is available through the STA
control interface command (supp_op_classes row) as a hexdump of the
Supported Operating Classes element starting from the Length field. This
information can be used as input to BSS transition management and
channel switching decisions.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

AP: Debug print management frame TX result

Inside management frame TX status callback, print the TX result where it
was missing. This is useful for debugging management frame drops.

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>

tests: MBO non-preferred channel list

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

MBO: Parse non-preferred channel list on the AP

This adds parsing of non-preferred channel list on an MBO AP. The
information in (Re)Association Request and WNM Notification Request
frames is parsed to get the initial value and updates from each
associated MBO STA. The parsed information is available through the STA
control interface command non_pref_chan[i] rows.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: WNM Sleep Mode - AP side OOM

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>