[wpa_supplicant] Cumulative patch from commit 0c5ededed
Merge to enable randomized source MAC address for ANQP/GAS
messages. Addresses an issue with DPP when GAS MAC randomization
is enabled.
Enable GAS MAC randomization in HIDL.
Bug: 154393320
Test: Device boots up and connects to wifi networks, run traffic.
Test: Able to turn on/off softap, associate wifi STA, run traffic.
Test: Confirm ANQP messages are randomized from logs:
wpa_supplicant: GAS: Use a new random transmitter address ae:a2:5f:5e:65:11
Test: act.py -c ../WifiDppConfig.json -tc WifiDppTest
Test: Wi-Fi direct tests in CtsVerifier
Test: Regression test passed (Bug: 154769005)
0c5ededed DPP: Fix config exchange with gas_rand_mac_addr
60a2de568 EAP server: Convert Boolean to C99 bool
4d2ec436e DPP: Add driver operation for enabling/disabling listen mode
99cf89555 Include stdbool.h to allow C99 bool to be used
3e6383f31 DPP2: Silence compiler warning with no-CONFIG_DPP2 and OpenSSL 1.0.2
f23b70f16 Silence compiler warning in no-NEED_AP_MLME hostapd builds
011526874 nl80211: Move nl80211_init_connect_handle() to avoid forward declaration
2c70b7d0b Do not open l2_packet(EAPOL) for receive unnecessarily
7a880b129 l2_packet: Allow initialization without RX handling
95cbf4509 nl80211: Do not open EAPOL RX socket when using control port for RX (AP)
c3bb8865a Clean up l2_packet_get_own_addr() call
9d6334e81 Do not open l2_packet bridge workaround socket if control port is used
c1bc0dd80 nl80211: Disable EAPOL TX over control port in AP mode by default
12ea7dee3 nl80211: Use nl80211 control port for receiving EAPOL frames
8609aa5ba nl80211: Tie connect handle to bss init/destroy
b4a70018e nl80211: Handle control port frame in bss events
6f70fcd98 nl80211: Check ethertype for control port RX
932546ac2 nl80211: Add a separate driver capability for control port RX
bb9e3935d driver: Add second driver capability flags bitmap
6255a8ac1 WPS: Convert WPA/TKIP-only to WPA+WPA2 mixed mode credential
6b1c590eb Allow TKIP support to be removed from build
a6c689d35 FT: Testing override for RSNXE Used subfield in FTE (AP)
9b222b613 nl80211: Remove unnecessary inclusion of l2_packet.h
b2d8dc59f FT: Testing override for RSNXE Used subfield in FTE
5344af7d2 FT: Discard ReassocReq with mismatching RSNXE Used value
af0178c75 Add vendor attributes indicating number of spectral detectors
7a510a97b Add an attribute for secondary 80 MHz span of agile spectral scan
24a6bca70 PKCS#1: Debug dump invalid Signature EB
eac6eb702 X509: Use unique debug prints for unused bits entries
153333ef6 FT RRB: Remove confusing debug print about extra data
d867e1181 FT: Remove and re-add STA entry after FT protocol success with PMF
97beccc83 SAE: Fix build without DPP/OWE/ERP
c7a9a5745 P2P: Start group with user configured params after accepting invitation
512b6c02e DPP: Mandate mutual auth with NFC negotiated connection handover
872299f4b DPP2: Store netAccessKey in psk/sae credentials for reconfig
bf9f49396 OWE: Remove check for unexpected DH Parameter IE use with other AKMs
e4eb009d9 DPP2: Add Connector and C-sign-key in psk/sae credentials for reconfig
1dcfbab25 DPP2: Clear requirement for QR Code mutual authentication for chirping
Change-Id: I3e808e1d17162f0d4ce71536addf28790f0b24d2
diff --git a/src/common/dpp.c b/src/common/dpp.c
index d8690ad..b33ab15 100644
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -74,12 +74,14 @@
}
+#ifdef CONFIG_DPP2
static EC_KEY * EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
{
if (pkey->type != EVP_PKEY_EC)
return NULL;
return pkey->pkey.ec;
}
+#endif /* CONFIG_DPP2 */
#endif
@@ -3952,6 +3954,14 @@
dpp_auth_fail(auth,
"Missing Initiator Bootstrapping Key Hash attribute");
return NULL;
+ } else if (auth->own_bi &&
+ auth->own_bi->type == DPP_BOOTSTRAP_NFC_URI &&
+ auth->own_bi->nfc_negotiated) {
+ /* NFC negotiated connection handover bootstrapping mandates
+ * use of mutual authentication */
+ dpp_auth_fail(auth,
+ "Missing Initiator Bootstrapping Key Hash attribute");
+ return NULL;
}
auth->peer_version = 1; /* default to the first version */
@@ -6730,7 +6740,7 @@
conf->connector = os_strdup(signed_connector);
dpp_copy_csign(conf, csign_pub);
- if (dpp_akm_dpp(conf->akm))
+ if (dpp_akm_dpp(conf->akm) || auth->peer_version >= 2)
dpp_copy_netaccesskey(auth, conf);
ret = 0;
diff --git a/src/common/dpp.h b/src/common/dpp.h
index ab3f927..585d398 100644
--- a/src/common/dpp.h
+++ b/src/common/dpp.h
@@ -138,6 +138,8 @@
const struct dpp_curve_params *curve;
unsigned int pkex_t; /* number of failures before dpp_pkex
* instantiation */
+ int nfc_negotiated; /* whether this has been used in NFC negotiated
+ * connection handover */
char *configurator_params;
};
diff --git a/src/common/qca-vendor.h b/src/common/qca-vendor.h
index 8ef666d..3fa38c9 100644
--- a/src/common/qca-vendor.h
+++ b/src/common/qca-vendor.h
@@ -5469,8 +5469,12 @@
* QCA_WLAN_VENDOR_SPECTRAL_SCAN_MODE_AGILE
* Center frequency (in MHz) of the span of interest or
* for convenience, center frequency (in MHz) of any channel
- * in the span of interest. If agile spectral scan is initiated
- * without setting a valid frequency it returns the error code
+ * in the span of interest. For 80+80 MHz agile spectral scan
+ * request it represents center frequency (in MHz) of the primary
+ * 80 MHz span or for convenience, center frequency (in MHz) of any
+ * channel in the primary 80 MHz span. If agile spectral scan is
+ * initiated without setting a valid frequency it returns the
+ * error code
* (QCA_WLAN_VENDOR_SPECTRAL_SCAN_ERR_PARAM_NOT_INITIALIZED).
* u32 attribute.
*/
@@ -5497,6 +5501,20 @@
* 1-enable, 0-disable
*/
QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_DMA_BUFFER_DEBUG = 28,
+ /* This specifies the frequency span over which spectral scan would be
+ * carried out. Its value depends on the value of
+ * QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_MODE and the relation is as
+ * follows.
+ * QCA_WLAN_VENDOR_SPECTRAL_SCAN_MODE_NORMAL
+ * Not applicable. Spectral scan would happen in the operating span.
+ * QCA_WLAN_VENDOR_SPECTRAL_SCAN_MODE_AGILE
+ * This attribute is applicable only for agile spectral scan
+ * requests in 80+80 MHz mode. It represents center frequency (in
+ * MHz) of the secondary 80 MHz span or for convenience, center
+ * frequency (in MHz) of any channel in the secondary 80 MHz span.
+ * u32 attribute.
+ */
+ QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_FREQUENCY_2 = 29,
QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_AFTER_LAST,
QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_MAX =
@@ -5587,6 +5605,26 @@
* for 80+80 MHz mode.
*/
QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_AGILE_SPECTRAL_80_80 = 13,
+ /* Number of spectral detectors used for scan in 20 MHz.
+ * u32 attribute.
+ */
+ QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_NUM_DETECTORS_20_MHZ = 14,
+ /* Number of spectral detectors used for scan in 40 MHz.
+ * u32 attribute.
+ */
+ QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_NUM_DETECTORS_40_MHZ = 15,
+ /* Number of spectral detectors used for scan in 80 MHz.
+ * u32 attribute.
+ */
+ QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_NUM_DETECTORS_80_MHZ = 16,
+ /* Number of spectral detectors used for scan in 160 MHz.
+ * u32 attribute.
+ */
+ QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_NUM_DETECTORS_160_MHZ = 17,
+ /* Number of spectral detectors used for scan in 80+80 MHz.
+ * u32 attribute.
+ */
+ QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_NUM_DETECTORS_80P80_MHZ = 18,
QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_AFTER_LAST,
QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_MAX =
diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c
index 1284743..46b647b 100644
--- a/src/common/wpa_common.c
+++ b/src/common/wpa_common.c
@@ -2319,11 +2319,18 @@
int wpa_cipher_valid_pairwise(int cipher)
{
+#ifdef CONFIG_NO_TKIP
+ return cipher == WPA_CIPHER_CCMP_256 ||
+ cipher == WPA_CIPHER_GCMP_256 ||
+ cipher == WPA_CIPHER_CCMP ||
+ cipher == WPA_CIPHER_GCMP;
+#else /* CONFIG_NO_TKIP */
return cipher == WPA_CIPHER_CCMP_256 ||
cipher == WPA_CIPHER_GCMP_256 ||
cipher == WPA_CIPHER_CCMP ||
cipher == WPA_CIPHER_GCMP ||
cipher == WPA_CIPHER_TKIP;
+#endif /* CONFIG_NO_TKIP */
}
@@ -2476,8 +2483,10 @@
val |= WPA_CIPHER_CCMP;
else if (os_strcmp(start, "GCMP") == 0)
val |= WPA_CIPHER_GCMP;
+#ifndef CONFIG_NO_TKIP
else if (os_strcmp(start, "TKIP") == 0)
val |= WPA_CIPHER_TKIP;
+#endif /* CONFIG_NO_TKIP */
#ifdef CONFIG_WEP
else if (os_strcmp(start, "WEP104") == 0)
val |= WPA_CIPHER_WEP104;
diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
index da58159..c0ef689 100644
--- a/src/common/wpa_common.h
+++ b/src/common/wpa_common.h
@@ -22,6 +22,15 @@
#define OWE_DH_GROUP 19
+#ifdef CONFIG_NO_TKIP
+#define WPA_ALLOWED_PAIRWISE_CIPHERS \
+(WPA_CIPHER_CCMP | WPA_CIPHER_GCMP | WPA_CIPHER_NONE | \
+WPA_CIPHER_GCMP_256 | WPA_CIPHER_CCMP_256)
+#define WPA_ALLOWED_GROUP_CIPHERS \
+(WPA_CIPHER_CCMP | WPA_CIPHER_GCMP | \
+WPA_CIPHER_GCMP_256 | WPA_CIPHER_CCMP_256 | \
+WPA_CIPHER_GTK_NOT_USED)
+#else /* CONFIG_NO_TKIP */
#define WPA_ALLOWED_PAIRWISE_CIPHERS \
(WPA_CIPHER_CCMP | WPA_CIPHER_GCMP | WPA_CIPHER_TKIP | WPA_CIPHER_NONE | \
WPA_CIPHER_GCMP_256 | WPA_CIPHER_CCMP_256)
@@ -29,6 +38,7 @@
(WPA_CIPHER_CCMP | WPA_CIPHER_GCMP | WPA_CIPHER_TKIP | \
WPA_CIPHER_GCMP_256 | WPA_CIPHER_CCMP_256 | \
WPA_CIPHER_GTK_NOT_USED)
+#endif /* CONFIG_NO_TKIP */
#define WPA_ALLOWED_GROUP_MGMT_CIPHERS \
(WPA_CIPHER_AES_128_CMAC | WPA_CIPHER_BIP_GMAC_128 | WPA_CIPHER_BIP_GMAC_256 | \
WPA_CIPHER_BIP_CMAC_256)