[wpa_supplicant] Cumulative patch from b8491ae5a
Also revert local solution for encrypted IMSI and use the upstream version.
Bug: 134177972
Test: Device boots up and connects to WPA3/OWE wifi networks, run traffic.
Test: Able to turn on/off softap, associate wifi STA, run traffic.
Test: Regression test passed (Bug: 137653009)
Change-Id: Ibf6b6ef3495287156c397daa89d02923f981889b
diff --git a/src/common/dpp.c b/src/common/dpp.c
index 49de476..3eb86c5 100644
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -8,6 +8,7 @@
*/
#include "utils/includes.h"
+#include <fcntl.h>
#include <openssl/opensslv.h>
#include <openssl/err.h>
#include <openssl/asn1.h>
@@ -16,6 +17,8 @@
#include "utils/common.h"
#include "utils/base64.h"
#include "utils/json.h"
+#include "utils/ip_addr.h"
+#include "utils/eloop.h"
#include "common/ieee802_11_common.h"
#include "common/ieee802_11_defs.h"
#include "common/wpa_ctrl.h"
@@ -70,9 +73,62 @@
#endif
+struct dpp_connection {
+ struct dl_list list;
+ struct dpp_controller *ctrl;
+ struct dpp_relay_controller *relay;
+ struct dpp_global *global;
+ struct dpp_authentication *auth;
+ int sock;
+ u8 mac_addr[ETH_ALEN];
+ unsigned int freq;
+ u8 msg_len[4];
+ size_t msg_len_octets;
+ struct wpabuf *msg;
+ struct wpabuf *msg_out;
+ size_t msg_out_pos;
+ unsigned int read_eloop:1;
+ unsigned int write_eloop:1;
+ unsigned int on_tcp_tx_complete_gas_done:1;
+ unsigned int on_tcp_tx_complete_remove:1;
+ unsigned int on_tcp_tx_complete_auth_ok:1;
+};
+
+/* Remote Controller */
+struct dpp_relay_controller {
+ struct dl_list list;
+ struct dpp_global *global;
+ u8 pkhash[SHA256_MAC_LEN];
+ struct hostapd_ip_addr ipaddr;
+ void *cb_ctx;
+ void (*tx)(void *ctx, const u8 *addr, unsigned int freq, const u8 *msg,
+ size_t len);
+ void (*gas_resp_tx)(void *ctx, const u8 *addr, u8 dialog_token,
+ int prot, struct wpabuf *buf);
+ struct dl_list conn; /* struct dpp_connection */
+};
+
+/* Local Controller */
+struct dpp_controller {
+ struct dpp_global *global;
+ u8 allowed_roles;
+ int qr_mutual;
+ int sock;
+ struct dl_list conn; /* struct dpp_connection */
+ char *configurator_params;
+};
+
struct dpp_global {
+ void *msg_ctx;
struct dl_list bootstrap; /* struct dpp_bootstrap_info */
struct dl_list configurator; /* struct dpp_configurator */
+#ifdef CONFIG_DPP2
+ struct dl_list controllers; /* struct dpp_relay_controller */
+ struct dpp_controller *controller;
+ struct dl_list tcp_init; /* struct dpp_connection */
+ void *cb_ctx;
+ int (*process_conf_obj)(void *ctx, struct dpp_authentication *auth);
+#endif /* CONFIG_DPP2 */
};
static const struct dpp_curve_params dpp_curves[] = {
@@ -689,17 +745,19 @@
int dpp_parse_uri_chan_list(struct dpp_bootstrap_info *bi,
const char *chan_list)
{
- const char *pos = chan_list;
- int opclass, channel, freq;
+ const char *pos = chan_list, *pos2;
+ int opclass = -1, channel, freq;
while (pos && *pos && *pos != ';') {
- opclass = atoi(pos);
+ pos2 = pos;
+ while (*pos2 >= '0' && *pos2 <= '9')
+ pos2++;
+ if (*pos2 == '/') {
+ opclass = atoi(pos);
+ pos = pos2 + 1;
+ }
if (opclass <= 0)
goto fail;
- pos = os_strchr(pos, '/');
- if (!pos)
- goto fail;
- pos++;
channel = atoi(pos);
if (channel <= 0)
goto fail;
@@ -1079,7 +1137,7 @@
static EVP_PKEY * dpp_gen_keypair(const struct dpp_curve_params *curve)
{
EVP_PKEY_CTX *kctx = NULL;
- EC_KEY *ec_params;
+ EC_KEY *ec_params = NULL;
EVP_PKEY *params = NULL, *key = NULL;
int nid;
@@ -1110,19 +1168,18 @@
EVP_PKEY_keygen_init(kctx) != 1 ||
EVP_PKEY_keygen(kctx, &key) != 1) {
wpa_printf(MSG_ERROR, "DPP: Failed to generate EC key");
+ key = NULL;
goto fail;
}
if (wpa_debug_show_keys)
dpp_debug_print_key("Own generated key", key);
+fail:
+ EC_KEY_free(ec_params);
EVP_PKEY_free(params);
EVP_PKEY_CTX_free(kctx);
return key;
-fail:
- EVP_PKEY_CTX_free(kctx);
- EVP_PKEY_free(params);
- return NULL;
}
@@ -2732,6 +2789,7 @@
#endif /* CONFIG_TESTING_OPTIONS */
wpa_hexdump(MSG_DEBUG, "DPP: R-nonce", auth->r_nonce, nonce_len);
+ EVP_PKEY_free(auth->own_protocol_key);
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_protocol_key_override_len) {
const struct dpp_curve_params *tmp_curve;
@@ -3698,6 +3756,7 @@
}
EVP_PKEY_CTX_free(ctx);
ctx = NULL;
+ EVP_PKEY_free(auth->peer_protocol_key);
auth->peer_protocol_key = pr;
pr = NULL;
@@ -5199,6 +5258,7 @@
pkey = dpp_set_pubkey_point_group(group, wpabuf_head(x), wpabuf_head(y),
wpabuf_len(x));
+ EC_GROUP_free(group);
*key_curve = curve;
fail:
@@ -6535,6 +6595,7 @@
EC_GROUP *group;
size_t len = curve->prime_len;
const u8 *x, *y;
+ EVP_PKEY *res;
switch (curve->ike_group) {
case 19:
@@ -6568,14 +6629,16 @@
group = EC_GROUP_new_by_curve_name(OBJ_txt2nid(curve->name));
if (!group)
return NULL;
- return dpp_set_pubkey_point_group(group, x, y, len);
+ res = dpp_set_pubkey_point_group(group, x, y, len);
+ EC_GROUP_free(group);
+ return res;
}
static EC_POINT * dpp_pkex_derive_Qi(const struct dpp_curve_params *curve,
const u8 *mac_init, const char *code,
const char *identifier, BN_CTX *bnctx,
- const EC_GROUP **ret_group)
+ EC_GROUP **ret_group)
{
u8 hash[DPP_MAX_HASH_LEN];
const u8 *addr[3];
@@ -6644,8 +6707,10 @@
EC_KEY_free(Pi_ec);
EVP_PKEY_free(Pi);
BN_clear_free(hash_bn);
- if (ret_group)
+ if (ret_group && Qi)
*ret_group = group2;
+ else
+ EC_GROUP_free(group2);
return Qi;
fail:
EC_POINT_free(Qi);
@@ -6657,7 +6722,7 @@
static EC_POINT * dpp_pkex_derive_Qr(const struct dpp_curve_params *curve,
const u8 *mac_resp, const char *code,
const char *identifier, BN_CTX *bnctx,
- const EC_GROUP **ret_group)
+ EC_GROUP **ret_group)
{
u8 hash[DPP_MAX_HASH_LEN];
const u8 *addr[3];
@@ -6726,8 +6791,10 @@
EC_KEY_free(Pr_ec);
EVP_PKEY_free(Pr);
BN_clear_free(hash_bn);
- if (ret_group)
+ if (ret_group && Qr)
*ret_group = group2;
+ else
+ EC_GROUP_free(group2);
return Qr;
fail:
EC_POINT_free(Qr);
@@ -6796,6 +6863,7 @@
BN_free(y);
EC_POINT_free(point);
BN_CTX_free(ctx);
+ EC_GROUP_free(group);
return ret;
}
@@ -6807,7 +6875,7 @@
EC_KEY *X_ec = NULL;
const EC_POINT *X_point;
BN_CTX *bnctx = NULL;
- const EC_GROUP *group;
+ EC_GROUP *group = NULL;
EC_POINT *Qi = NULL, *M = NULL;
struct wpabuf *M_buf = NULL;
BIGNUM *Mx = NULL, *My = NULL;
@@ -6929,6 +6997,7 @@
BN_clear_free(Mx);
BN_clear_free(My);
BN_CTX_free(bnctx);
+ EC_GROUP_free(group);
return msg;
fail:
wpa_printf(MSG_INFO, "DPP: Failed to build PKEX Exchange Request");
@@ -7173,7 +7242,7 @@
struct dpp_pkex *pkex = NULL;
EC_POINT *Qi = NULL, *Qr = NULL, *M = NULL, *X = NULL, *N = NULL;
BN_CTX *bnctx = NULL;
- const EC_GROUP *group;
+ EC_GROUP *group = NULL;
BIGNUM *Mx = NULL, *My = NULL;
EC_KEY *Y_ec = NULL, *X_ec = NULL;;
const EC_POINT *Y_point;
@@ -7390,6 +7459,7 @@
EC_POINT_free(X);
EC_KEY_free(X_ec);
EC_KEY_free(Y_ec);
+ EC_GROUP_free(group);
return pkex;
fail:
wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Request processing failed");
@@ -7518,7 +7588,7 @@
{
const u8 *attr_status, *attr_id, *attr_key, *attr_group;
u16 attr_status_len, attr_id_len, attr_key_len, attr_group_len;
- const EC_GROUP *group;
+ EC_GROUP *group = NULL;
BN_CTX *bnctx = NULL;
struct wpabuf *msg = NULL, *A_pub = NULL, *X_pub = NULL, *Y_pub = NULL;
const struct dpp_curve_params *curve = pkex->own_bi->curve;
@@ -7715,6 +7785,7 @@
EC_KEY_free(Y_ec);
EVP_PKEY_CTX_free(ctx);
BN_CTX_free(bnctx);
+ EC_GROUP_free(group);
return msg;
fail:
wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Response processing failed");
@@ -8533,20 +8604,25 @@
char *reply, int reply_size)
{
struct dpp_bootstrap_info *bi;
+ char pkhash[2 * SHA256_MAC_LEN + 1];
bi = dpp_bootstrap_get_id(dpp, id);
if (!bi)
return -1;
+ wpa_snprintf_hex(pkhash, sizeof(pkhash), bi->pubkey_hash,
+ SHA256_MAC_LEN);
return os_snprintf(reply, reply_size, "type=%s\n"
"mac_addr=" MACSTR "\n"
"info=%s\n"
"num_freq=%u\n"
- "curve=%s\n",
+ "curve=%s\n"
+ "pkhash=%s\n",
dpp_bootstrap_type_txt(bi->type),
MAC2STR(bi->mac_addr),
bi->info ? bi->info : "",
bi->num_freq,
- bi->curve->name);
+ bi->curve->name,
+ pkhash);
}
@@ -8689,16 +8765,88 @@
}
-struct dpp_global * dpp_global_init(void)
+#ifdef CONFIG_DPP2
+
+static void dpp_connection_free(struct dpp_connection *conn)
+{
+ if (conn->sock >= 0) {
+ wpa_printf(MSG_DEBUG, "DPP: Close Controller socket %d",
+ conn->sock);
+ eloop_unregister_sock(conn->sock, EVENT_TYPE_READ);
+ eloop_unregister_sock(conn->sock, EVENT_TYPE_WRITE);
+ close(conn->sock);
+ }
+ wpabuf_free(conn->msg);
+ wpabuf_free(conn->msg_out);
+ dpp_auth_deinit(conn->auth);
+ os_free(conn);
+}
+
+
+static void dpp_connection_remove(struct dpp_connection *conn)
+{
+ dl_list_del(&conn->list);
+ dpp_connection_free(conn);
+}
+
+
+static void dpp_tcp_init_flush(struct dpp_global *dpp)
+{
+ struct dpp_connection *conn, *tmp;
+
+ dl_list_for_each_safe(conn, tmp, &dpp->tcp_init, struct dpp_connection,
+ list)
+ dpp_connection_remove(conn);
+}
+
+
+static void dpp_relay_controller_free(struct dpp_relay_controller *ctrl)
+{
+ struct dpp_connection *conn, *tmp;
+
+ dl_list_for_each_safe(conn, tmp, &ctrl->conn, struct dpp_connection,
+ list)
+ dpp_connection_remove(conn);
+ os_free(ctrl);
+}
+
+
+static void dpp_relay_flush_controllers(struct dpp_global *dpp)
+{
+ struct dpp_relay_controller *ctrl, *tmp;
+
+ if (!dpp)
+ return;
+
+ dl_list_for_each_safe(ctrl, tmp, &dpp->controllers,
+ struct dpp_relay_controller, list) {
+ dl_list_del(&ctrl->list);
+ dpp_relay_controller_free(ctrl);
+ }
+}
+
+#endif /* CONFIG_DPP2 */
+
+
+struct dpp_global * dpp_global_init(struct dpp_global_config *config)
{
struct dpp_global *dpp;
dpp = os_zalloc(sizeof(*dpp));
if (!dpp)
return NULL;
+ dpp->msg_ctx = config->msg_ctx;
+#ifdef CONFIG_DPP2
+ dpp->cb_ctx = config->cb_ctx;
+ dpp->process_conf_obj = config->process_conf_obj;
+#endif /* CONFIG_DPP2 */
dl_list_init(&dpp->bootstrap);
dl_list_init(&dpp->configurator);
+#ifdef CONFIG_DPP2
+ dl_list_init(&dpp->controllers);
+ dl_list_init(&dpp->tcp_init);
+#endif /* CONFIG_DPP2 */
return dpp;
}
@@ -8711,6 +8859,11 @@
dpp_bootstrap_del(dpp, 0);
dpp_configurator_del(dpp, 0);
+#ifdef CONFIG_DPP2
+ dpp_tcp_init_flush(dpp);
+ dpp_relay_flush_controllers(dpp);
+ dpp_controller_stop(dpp);
+#endif /* CONFIG_DPP2 */
}
@@ -8719,3 +8872,1233 @@
dpp_global_clear(dpp);
os_free(dpp);
}
+
+
+#ifdef CONFIG_DPP2
+
+static void dpp_controller_rx(int sd, void *eloop_ctx, void *sock_ctx);
+static void dpp_conn_tx_ready(int sock, void *eloop_ctx, void *sock_ctx);
+static void dpp_controller_auth_success(struct dpp_connection *conn,
+ int initiator);
+
+
+int dpp_relay_add_controller(struct dpp_global *dpp,
+ struct dpp_relay_config *config)
+{
+ struct dpp_relay_controller *ctrl;
+
+ if (!dpp)
+ return -1;
+
+ ctrl = os_zalloc(sizeof(*ctrl));
+ if (!ctrl)
+ return -1;
+ dl_list_init(&ctrl->conn);
+ ctrl->global = dpp;
+ os_memcpy(&ctrl->ipaddr, config->ipaddr, sizeof(*config->ipaddr));
+ os_memcpy(ctrl->pkhash, config->pkhash, SHA256_MAC_LEN);
+ ctrl->cb_ctx = config->cb_ctx;
+ ctrl->tx = config->tx;
+ ctrl->gas_resp_tx = config->gas_resp_tx;
+ dl_list_add(&dpp->controllers, &ctrl->list);
+ return 0;
+}
+
+
+static struct dpp_relay_controller *
+dpp_relay_controller_get(struct dpp_global *dpp, const u8 *pkhash)
+{
+ struct dpp_relay_controller *ctrl;
+
+ if (!dpp)
+ return NULL;
+
+ dl_list_for_each(ctrl, &dpp->controllers, struct dpp_relay_controller,
+ list) {
+ if (os_memcmp(pkhash, ctrl->pkhash, SHA256_MAC_LEN) == 0)
+ return ctrl;
+ }
+
+ return NULL;
+}
+
+
+static void dpp_controller_gas_done(struct dpp_connection *conn)
+{
+ struct dpp_authentication *auth = conn->auth;
+
+ if (auth->peer_version >= 2 &&
+ auth->conf_resp_status == DPP_STATUS_OK) {
+ wpa_printf(MSG_DEBUG, "DPP: Wait for Configuration Result");
+ auth->waiting_conf_result = 1;
+ return;
+ }
+
+ wpa_msg(conn->ctrl->global->msg_ctx, MSG_INFO, DPP_EVENT_CONF_SENT);
+ dpp_connection_remove(conn);
+}
+
+
+static int dpp_tcp_send(struct dpp_connection *conn)
+{
+ int res;
+
+ if (!conn->msg_out) {
+ eloop_unregister_sock(conn->sock, EVENT_TYPE_WRITE);
+ conn->write_eloop = 0;
+ return -1;
+ }
+ res = send(conn->sock,
+ wpabuf_head_u8(conn->msg_out) + conn->msg_out_pos,
+ wpabuf_len(conn->msg_out) - conn->msg_out_pos, 0);
+ if (res < 0) {
+ wpa_printf(MSG_DEBUG, "DPP: Failed to send buffer: %s",
+ strerror(errno));
+ dpp_connection_remove(conn);
+ return -1;
+ }
+
+ conn->msg_out_pos += res;
+ if (wpabuf_len(conn->msg_out) > conn->msg_out_pos) {
+ wpa_printf(MSG_DEBUG,
+ "DPP: %u/%u bytes of message sent to Controller",
+ (unsigned int) conn->msg_out_pos,
+ (unsigned int) wpabuf_len(conn->msg_out));
+ if (!conn->write_eloop &&
+ eloop_register_sock(conn->sock, EVENT_TYPE_WRITE,
+ dpp_conn_tx_ready, conn, NULL) == 0)
+ conn->write_eloop = 1;
+ return 1;
+ }
+
+ wpa_printf(MSG_DEBUG, "DPP: Full message sent over TCP");
+ wpabuf_free(conn->msg_out);
+ conn->msg_out = NULL;
+ conn->msg_out_pos = 0;
+ eloop_unregister_sock(conn->sock, EVENT_TYPE_WRITE);
+ conn->write_eloop = 0;
+ if (!conn->read_eloop &&
+ eloop_register_sock(conn->sock, EVENT_TYPE_READ,
+ dpp_controller_rx, conn, NULL) == 0)
+ conn->read_eloop = 1;
+ if (conn->on_tcp_tx_complete_remove) {
+ dpp_connection_remove(conn);
+ } else if (conn->ctrl && conn->on_tcp_tx_complete_gas_done &&
+ conn->auth) {
+ dpp_controller_gas_done(conn);
+ } else if (conn->on_tcp_tx_complete_auth_ok) {
+ conn->on_tcp_tx_complete_auth_ok = 0;
+ dpp_controller_auth_success(conn, 1);
+ }
+
+ return 0;
+}
+
+
+static void dpp_controller_start_gas_client(struct dpp_connection *conn)
+{
+ struct dpp_authentication *auth = conn->auth;
+ struct wpabuf *buf;
+ char json[100];
+ int netrole_ap = 0; /* TODO: make this configurable */
+
+ os_snprintf(json, sizeof(json),
+ "{\"name\":\"Test\","
+ "\"wi-fi_tech\":\"infra\","
+ "\"netRole\":\"%s\"}",
+ netrole_ap ? "ap" : "sta");
+#ifdef CONFIG_TESTING_OPTIONS
+ if (dpp_test == DPP_TEST_INVALID_CONFIG_ATTR_OBJ_CONF_REQ) {
+ wpa_printf(MSG_INFO, "DPP: TESTING - invalid Config Attr");
+ json[29] = 'k'; /* replace "infra" with "knfra" */
+ }
+#endif /* CONFIG_TESTING_OPTIONS */
+ wpa_printf(MSG_DEBUG, "DPP: GAS Config Attributes: %s", json);
+
+ buf = dpp_build_conf_req(auth, json);
+ if (!buf) {
+ wpa_printf(MSG_DEBUG,
+ "DPP: No configuration request data available");
+ return;
+ }
+
+ wpabuf_free(conn->msg_out);
+ conn->msg_out_pos = 0;
+ conn->msg_out = wpabuf_alloc(4 + wpabuf_len(buf) - 1);
+ if (!conn->msg_out) {
+ wpabuf_free(buf);
+ return;
+ }
+ wpabuf_put_be32(conn->msg_out, wpabuf_len(buf) - 1);
+ wpabuf_put_data(conn->msg_out, wpabuf_head(buf) + 1,
+ wpabuf_len(buf) - 1);
+ wpabuf_free(buf);
+
+ if (dpp_tcp_send(conn) == 1) {
+ if (!conn->write_eloop) {
+ if (eloop_register_sock(conn->sock, EVENT_TYPE_WRITE,
+ dpp_conn_tx_ready,
+ conn, NULL) < 0)
+ return;
+ conn->write_eloop = 1;
+ }
+ }
+}
+
+
+static void dpp_controller_auth_success(struct dpp_connection *conn,
+ int initiator)
+{
+ struct dpp_authentication *auth = conn->auth;
+
+ if (!auth)
+ return;
+
+ wpa_printf(MSG_DEBUG, "DPP: Authentication succeeded");
+ wpa_msg(conn->global->msg_ctx, MSG_INFO,
+ DPP_EVENT_AUTH_SUCCESS "init=%d", initiator);
+#ifdef CONFIG_TESTING_OPTIONS
+ if (dpp_test == DPP_TEST_STOP_AT_AUTH_CONF) {
+ wpa_printf(MSG_INFO,
+ "DPP: TESTING - stop at Authentication Confirm");
+ if (auth->configurator) {
+ /* Prevent GAS response */
+ auth->auth_success = 0;
+ }
+ return;
+ }
+#endif /* CONFIG_TESTING_OPTIONS */
+
+ if (!auth->configurator)
+ dpp_controller_start_gas_client(conn);
+}
+
+
+static void dpp_conn_tx_ready(int sock, void *eloop_ctx, void *sock_ctx)
+{
+ struct dpp_connection *conn = eloop_ctx;
+
+ wpa_printf(MSG_DEBUG, "DPP: TCP socket %d ready for TX", sock);
+ dpp_tcp_send(conn);
+}
+
+
+static int dpp_ipaddr_to_sockaddr(struct sockaddr *addr, socklen_t *addrlen,
+ const struct hostapd_ip_addr *ipaddr,
+ int port)
+{
+ struct sockaddr_in *dst;
+#ifdef CONFIG_IPV6
+ struct sockaddr_in6 *dst6;
+#endif /* CONFIG_IPV6 */
+
+ switch (ipaddr->af) {
+ case AF_INET:
+ dst = (struct sockaddr_in *) addr;
+ os_memset(dst, 0, sizeof(*dst));
+ dst->sin_family = AF_INET;
+ dst->sin_addr.s_addr = ipaddr->u.v4.s_addr;
+ dst->sin_port = htons(port);
+ *addrlen = sizeof(*dst);
+ break;
+#ifdef CONFIG_IPV6
+ case AF_INET6:
+ dst6 = (struct sockaddr_in6 *) addr;
+ os_memset(dst6, 0, sizeof(*dst6));
+ dst6->sin6_family = AF_INET6;
+ os_memcpy(&dst6->sin6_addr, &ipaddr->u.v6,
+ sizeof(struct in6_addr));
+ dst6->sin6_port = htons(port);
+ *addrlen = sizeof(*dst6);
+ break;
+#endif /* CONFIG_IPV6 */
+ default:
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static struct dpp_connection *
+dpp_relay_new_conn(struct dpp_relay_controller *ctrl, const u8 *src,
+ unsigned int freq)
+{
+ struct dpp_connection *conn;
+ struct sockaddr_storage addr;
+ socklen_t addrlen;
+ char txt[100];
+
+ if (dl_list_len(&ctrl->conn) >= 15) {
+ wpa_printf(MSG_DEBUG,
+ "DPP: Too many ongoing Relay connections to the Controller - cannot start a new one");
+ return NULL;
+ }
+
+ if (dpp_ipaddr_to_sockaddr((struct sockaddr *) &addr, &addrlen,
+ &ctrl->ipaddr, DPP_TCP_PORT) < 0)
+ return NULL;
+
+ conn = os_zalloc(sizeof(*conn));
+ if (!conn)
+ return NULL;
+
+ conn->global = ctrl->global;
+ conn->relay = ctrl;
+ os_memcpy(conn->mac_addr, src, ETH_ALEN);
+ conn->freq = freq;
+
+ conn->sock = socket(AF_INET, SOCK_STREAM, 0);
+ if (conn->sock < 0)
+ goto fail;
+ wpa_printf(MSG_DEBUG, "DPP: TCP relay socket %d connection to %s",
+ conn->sock, hostapd_ip_txt(&ctrl->ipaddr, txt, sizeof(txt)));
+
+ if (fcntl(conn->sock, F_SETFL, O_NONBLOCK) != 0) {
+ wpa_printf(MSG_DEBUG, "DPP: fnctl(O_NONBLOCK) failed: %s",
+ strerror(errno));
+ goto fail;
+ }
+
+ if (connect(conn->sock, (struct sockaddr *) &addr, addrlen) < 0) {
+ if (errno != EINPROGRESS) {
+ wpa_printf(MSG_DEBUG, "DPP: Failed to connect: %s",
+ strerror(errno));
+ goto fail;
+ }
+
+ /*
+ * Continue connecting in the background; eloop will call us
+ * once the connection is ready (or failed).
+ */
+ }
+
+ if (eloop_register_sock(conn->sock, EVENT_TYPE_WRITE,
+ dpp_conn_tx_ready, conn, NULL) < 0)
+ goto fail;
+ conn->write_eloop = 1;
+
+ /* TODO: eloop timeout to clear a connection if it does not complete
+ * properly */
+
+ dl_list_add(&ctrl->conn, &conn->list);
+ return conn;
+fail:
+ dpp_connection_free(conn);
+ return NULL;
+}
+
+
+static struct wpabuf * dpp_tcp_encaps(const u8 *hdr, const u8 *buf, size_t len)
+{
+ struct wpabuf *msg;
+
+ msg = wpabuf_alloc(4 + 1 + DPP_HDR_LEN + len);
+ if (!msg)
+ return NULL;
+ wpabuf_put_be32(msg, 1 + DPP_HDR_LEN + len);
+ wpabuf_put_u8(msg, WLAN_PA_VENDOR_SPECIFIC);
+ wpabuf_put_data(msg, hdr, DPP_HDR_LEN);
+ wpabuf_put_data(msg, buf, len);
+ wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Outgoing TCP message", msg);
+ return msg;
+}
+
+
+static int dpp_relay_tx(struct dpp_connection *conn, const u8 *hdr,
+ const u8 *buf, size_t len)
+{
+ u8 type = hdr[DPP_HDR_LEN - 1];
+
+ wpa_printf(MSG_DEBUG,
+ "DPP: Continue already established Relay/Controller connection for this session");
+ wpabuf_free(conn->msg_out);
+ conn->msg_out_pos = 0;
+ conn->msg_out = dpp_tcp_encaps(hdr, buf, len);
+ if (!conn->msg_out) {
+ dpp_connection_remove(conn);
+ return -1;
+ }
+
+ /* TODO: for proto ver 1, need to do remove connection based on GAS Resp
+ * TX status */
+ if (type == DPP_PA_CONFIGURATION_RESULT)
+ conn->on_tcp_tx_complete_remove = 1;
+ dpp_tcp_send(conn);
+ return 0;
+}
+
+
+int dpp_relay_rx_action(struct dpp_global *dpp, const u8 *src, const u8 *hdr,
+ const u8 *buf, size_t len, unsigned int freq,
+ const u8 *i_bootstrap, const u8 *r_bootstrap)
+{
+ struct dpp_relay_controller *ctrl;
+ struct dpp_connection *conn;
+ u8 type = hdr[DPP_HDR_LEN - 1];
+
+ /* Check if there is an already started session for this peer and if so,
+ * continue that session (send this over TCP) and return 0.
+ */
+ if (type != DPP_PA_PEER_DISCOVERY_REQ &&
+ type != DPP_PA_PEER_DISCOVERY_RESP) {
+ dl_list_for_each(ctrl, &dpp->controllers,
+ struct dpp_relay_controller, list) {
+ dl_list_for_each(conn, &ctrl->conn,
+ struct dpp_connection, list) {
+ if (os_memcmp(src, conn->mac_addr,
+ ETH_ALEN) == 0)
+ return dpp_relay_tx(conn, hdr, buf, len);
+ }
+ }
+ }
+
+ if (!r_bootstrap)
+ return -1;
+
+ ctrl = dpp_relay_controller_get(dpp, r_bootstrap);
+ if (!ctrl)
+ return -1;
+
+ wpa_printf(MSG_DEBUG,
+ "DPP: Authentication Request for a configured Controller");
+ conn = dpp_relay_new_conn(ctrl, src, freq);
+ if (!conn)
+ return -1;
+
+ conn->msg_out = dpp_tcp_encaps(hdr, buf, len);
+ if (!conn->msg_out) {
+ dpp_connection_remove(conn);
+ return -1;
+ }
+ /* Message will be sent in dpp_conn_tx_ready() */
+
+ return 0;
+}
+
+
+int dpp_relay_rx_gas_req(struct dpp_global *dpp, const u8 *src, const u8 *data,
+ size_t data_len)
+{
+ struct dpp_relay_controller *ctrl;
+ struct dpp_connection *conn, *found = NULL;
+ struct wpabuf *msg;
+
+ /* Check if there is a successfully completed authentication for this
+ * and if so, continue that session (send this over TCP) and return 0.
+ */
+ dl_list_for_each(ctrl, &dpp->controllers,
+ struct dpp_relay_controller, list) {
+ if (found)
+ break;
+ dl_list_for_each(conn, &ctrl->conn,
+ struct dpp_connection, list) {
+ if (os_memcmp(src, conn->mac_addr,
+ ETH_ALEN) == 0) {
+ found = conn;
+ break;
+ }
+ }
+ }
+
+ if (!found)
+ return -1;
+
+ msg = wpabuf_alloc(4 + 1 + data_len);
+ if (!msg)
+ return -1;
+ wpabuf_put_be32(msg, 1 + data_len);
+ wpabuf_put_u8(msg, WLAN_PA_GAS_INITIAL_REQ);
+ wpabuf_put_data(msg, data, data_len);
+ wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Outgoing TCP message", msg);
+
+ wpabuf_free(conn->msg_out);
+ conn->msg_out_pos = 0;
+ conn->msg_out = msg;
+ dpp_tcp_send(conn);
+ return 0;
+}
+
+
+static void dpp_controller_free(struct dpp_controller *ctrl)
+{
+ struct dpp_connection *conn, *tmp;
+
+ if (!ctrl)
+ return;
+
+ dl_list_for_each_safe(conn, tmp, &ctrl->conn, struct dpp_connection,
+ list)
+ dpp_connection_remove(conn);
+
+ if (ctrl->sock >= 0) {
+ close(ctrl->sock);
+ eloop_unregister_sock(ctrl->sock, EVENT_TYPE_READ);
+ }
+ os_free(ctrl->configurator_params);
+ os_free(ctrl);
+}
+
+
+static int dpp_controller_rx_auth_req(struct dpp_connection *conn,
+ const u8 *hdr, const u8 *buf, size_t len)
+{
+ const u8 *r_bootstrap, *i_bootstrap;
+ u16 r_bootstrap_len, i_bootstrap_len;
+ struct dpp_bootstrap_info *own_bi = NULL, *peer_bi = NULL;
+
+ if (!conn->ctrl)
+ return 0;
+
+ wpa_printf(MSG_DEBUG, "DPP: Authentication Request");
+
+ r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
+ &r_bootstrap_len);
+ if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) {
+ wpa_printf(MSG_INFO,
+ "Missing or invalid required Responder Bootstrapping Key Hash attribute");
+ return -1;
+ }
+ wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash",
+ r_bootstrap, r_bootstrap_len);
+
+ i_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_I_BOOTSTRAP_KEY_HASH,
+ &i_bootstrap_len);
+ if (!i_bootstrap || i_bootstrap_len != SHA256_MAC_LEN) {
+ wpa_printf(MSG_INFO,
+ "Missing or invalid required Initiator Bootstrapping Key Hash attribute");
+ return -1;
+ }
+ wpa_hexdump(MSG_MSGDUMP, "DPP: Initiator Bootstrapping Key Hash",
+ i_bootstrap, i_bootstrap_len);
+
+ /* Try to find own and peer bootstrapping key matches based on the
+ * received hash values */
+ dpp_bootstrap_find_pair(conn->ctrl->global, i_bootstrap, r_bootstrap,
+ &own_bi, &peer_bi);
+ if (!own_bi) {
+ wpa_printf(MSG_INFO,
+ "No matching own bootstrapping key found - ignore message");
+ return -1;
+ }
+
+ if (conn->auth) {
+ wpa_printf(MSG_INFO,
+ "Already in DPP authentication exchange - ignore new one");
+ return 0;
+ }
+
+ conn->auth = dpp_auth_req_rx(conn->ctrl->global->msg_ctx,
+ conn->ctrl->allowed_roles,
+ conn->ctrl->qr_mutual,
+ peer_bi, own_bi, -1, hdr, buf, len);
+ if (!conn->auth) {
+ wpa_printf(MSG_DEBUG, "DPP: No response generated");
+ return -1;
+ }
+
+ if (dpp_set_configurator(conn->ctrl->global, conn->ctrl->global->msg_ctx,
+ conn->auth,
+ conn->ctrl->configurator_params) < 0) {
+ dpp_connection_remove(conn);
+ return -1;
+ }
+
+ wpabuf_free(conn->msg_out);
+ conn->msg_out_pos = 0;
+ conn->msg_out = wpabuf_alloc(4 + wpabuf_len(conn->auth->resp_msg) - 1);
+ if (!conn->msg_out)
+ return -1;
+ wpabuf_put_be32(conn->msg_out, wpabuf_len(conn->auth->resp_msg) - 1);
+ wpabuf_put_data(conn->msg_out, wpabuf_head(conn->auth->resp_msg) + 1,
+ wpabuf_len(conn->auth->resp_msg) - 1);
+
+ if (dpp_tcp_send(conn) == 1) {
+ if (!conn->write_eloop) {
+ if (eloop_register_sock(conn->sock, EVENT_TYPE_WRITE,
+ dpp_conn_tx_ready,
+ conn, NULL) < 0)
+ return -1;
+ conn->write_eloop = 1;
+ }
+ }
+
+ return 0;
+}
+
+
+static int dpp_controller_rx_auth_resp(struct dpp_connection *conn,
+ const u8 *hdr, const u8 *buf, size_t len)
+{
+ struct dpp_authentication *auth = conn->auth;
+ struct wpabuf *msg;
+
+ if (!auth)
+ return -1;
+
+ wpa_printf(MSG_DEBUG, "DPP: Authentication Response");
+
+ msg = dpp_auth_resp_rx(auth, hdr, buf, len);
+ if (!msg) {
+ if (auth->auth_resp_status == DPP_STATUS_RESPONSE_PENDING) {
+ wpa_printf(MSG_DEBUG,
+ "DPP: Start wait for full response");
+ return -1;
+ }
+ wpa_printf(MSG_DEBUG, "DPP: No confirm generated");
+ dpp_connection_remove(conn);
+ return -1;
+ }
+
+ wpabuf_free(conn->msg_out);
+ conn->msg_out_pos = 0;
+ conn->msg_out = wpabuf_alloc(4 + wpabuf_len(msg) - 1);
+ if (!conn->msg_out) {
+ wpabuf_free(msg);
+ return -1;
+ }
+ wpabuf_put_be32(conn->msg_out, wpabuf_len(msg) - 1);
+ wpabuf_put_data(conn->msg_out, wpabuf_head(msg) + 1,
+ wpabuf_len(msg) - 1);
+ wpabuf_free(msg);
+
+ conn->on_tcp_tx_complete_auth_ok = 1;
+ if (dpp_tcp_send(conn) == 1) {
+ if (!conn->write_eloop) {
+ if (eloop_register_sock(conn->sock, EVENT_TYPE_WRITE,
+ dpp_conn_tx_ready,
+ conn, NULL) < 0)
+ return -1;
+ conn->write_eloop = 1;
+ }
+ }
+
+ return 0;
+}
+
+
+static int dpp_controller_rx_auth_conf(struct dpp_connection *conn,
+ const u8 *hdr, const u8 *buf, size_t len)
+{
+ struct dpp_authentication *auth = conn->auth;
+
+ wpa_printf(MSG_DEBUG, "DPP: Authentication Confirmation");
+
+ if (!auth) {
+ wpa_printf(MSG_DEBUG,
+ "DPP: No DPP Authentication in progress - drop");
+ return -1;
+ }
+
+ if (dpp_auth_conf_rx(auth, hdr, buf, len) < 0) {
+ wpa_printf(MSG_DEBUG, "DPP: Authentication failed");
+ return -1;
+ }
+
+ dpp_controller_auth_success(conn, 0);
+ return 0;
+}
+
+
+static int dpp_controller_rx_conf_result(struct dpp_connection *conn,
+ const u8 *hdr, const u8 *buf,
+ size_t len)
+{
+ struct dpp_authentication *auth = conn->auth;
+ enum dpp_status_error status;
+
+ if (!conn->ctrl)
+ return 0;
+
+ wpa_printf(MSG_DEBUG, "DPP: Configuration Result");
+
+ if (!auth || !auth->waiting_conf_result) {
+ wpa_printf(MSG_DEBUG,
+ "DPP: No DPP Configuration waiting for result - drop");
+ return -1;
+ }
+
+ status = dpp_conf_result_rx(auth, hdr, buf, len);
+ if (status == DPP_STATUS_OK)
+ wpa_msg(conn->ctrl->global->msg_ctx, MSG_INFO,
+ DPP_EVENT_CONF_SENT);
+ else
+ wpa_msg(conn->ctrl->global->msg_ctx, MSG_INFO,
+ DPP_EVENT_CONF_FAILED);
+ return -1; /* to remove the completed connection */
+}
+
+
+static int dpp_controller_rx_action(struct dpp_connection *conn, const u8 *msg,
+ size_t len)
+{
+ const u8 *pos, *end;
+ u8 type;
+
+ wpa_printf(MSG_DEBUG, "DPP: Received DPP Action frame over TCP");
+ pos = msg;
+ end = msg + len;
+
+ if (end - pos < DPP_HDR_LEN ||
+ WPA_GET_BE24(pos) != OUI_WFA ||
+ pos[3] != DPP_OUI_TYPE) {
+ wpa_printf(MSG_DEBUG, "DPP: Unrecognized header");
+ return -1;
+ }
+
+ if (pos[4] != 1) {
+ wpa_printf(MSG_DEBUG, "DPP: Unsupported Crypto Suite %u",
+ pos[4]);
+ return -1;
+ }
+ type = pos[5];
+ wpa_printf(MSG_DEBUG, "DPP: Received message type %u", type);
+ pos += DPP_HDR_LEN;
+
+ wpa_hexdump(MSG_MSGDUMP, "DPP: Received message attributes",
+ pos, end - pos);
+ if (dpp_check_attrs(pos, end - pos) < 0)
+ return -1;
+
+ if (conn->relay) {
+ wpa_printf(MSG_DEBUG, "DPP: Relay - send over WLAN");
+ conn->relay->tx(conn->relay->cb_ctx, conn->mac_addr,
+ conn->freq, msg, len);
+ return 0;
+ }
+
+ switch (type) {
+ case DPP_PA_AUTHENTICATION_REQ:
+ return dpp_controller_rx_auth_req(conn, msg, pos, end - pos);
+ case DPP_PA_AUTHENTICATION_RESP:
+ return dpp_controller_rx_auth_resp(conn, msg, pos, end - pos);
+ case DPP_PA_AUTHENTICATION_CONF:
+ return dpp_controller_rx_auth_conf(conn, msg, pos, end - pos);
+ case DPP_PA_CONFIGURATION_RESULT:
+ return dpp_controller_rx_conf_result(conn, msg, pos, end - pos);
+ default:
+ /* TODO: missing messages types */
+ wpa_printf(MSG_DEBUG,
+ "DPP: Unsupported frame subtype %d", type);
+ return -1;
+ }
+}
+
+
+static int dpp_controller_rx_gas_req(struct dpp_connection *conn, const u8 *msg,
+ size_t len)
+{
+ const u8 *pos, *end, *next;
+ u8 dialog_token;
+ const u8 *adv_proto;
+ u16 slen;
+ struct wpabuf *resp, *buf;
+ struct dpp_authentication *auth = conn->auth;
+
+ if (len < 1 + 2)
+ return -1;
+
+ wpa_printf(MSG_DEBUG,
+ "DPP: Received DPP Configuration Request over TCP");
+
+ if (!conn->ctrl || !auth || !auth->auth_success) {
+ wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress");
+ return -1;
+ }
+
+ pos = msg;
+ end = msg + len;
+
+ dialog_token = *pos++;
+ adv_proto = pos++;
+ slen = *pos++;
+ if (*adv_proto != WLAN_EID_ADV_PROTO ||
+ slen > end - pos || slen < 2)
+ return -1;
+
+ next = pos + slen;
+ pos++; /* skip QueryRespLenLimit and PAME-BI */
+
+ if (slen != 8 || *pos != WLAN_EID_VENDOR_SPECIFIC ||
+ pos[1] != 5 || WPA_GET_BE24(&pos[2]) != OUI_WFA ||
+ pos[5] != DPP_OUI_TYPE || pos[6] != 0x01)
+ return -1;
+
+ pos = next;
+ /* Query Request */
+ if (end - pos < 2)
+ return -1;
+ slen = WPA_GET_LE16(pos);
+ pos += 2;
+ if (slen > end - pos)
+ return -1;
+
+ resp = dpp_conf_req_rx(auth, pos, slen);
+ if (!resp)
+ return -1;
+
+ buf = wpabuf_alloc(4 + 18 + wpabuf_len(resp));
+ if (!buf) {
+ wpabuf_free(resp);
+ return -1;
+ }
+
+ wpabuf_put_be32(buf, 18 + wpabuf_len(resp));
+
+ wpabuf_put_u8(buf, WLAN_PA_GAS_INITIAL_RESP);
+ wpabuf_put_u8(buf, dialog_token);
+ wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS);
+ wpabuf_put_le16(buf, 0); /* GAS Comeback Delay */
+
+ dpp_write_adv_proto(buf);
+ dpp_write_gas_query(buf, resp);
+ wpabuf_free(resp);
+
+ /* Send Config Response over TCP; GAS fragmentation is taken care of by
+ * the Relay */
+ wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Outgoing TCP message", buf);
+ wpabuf_free(conn->msg_out);
+ conn->msg_out_pos = 0;
+ conn->msg_out = buf;
+ conn->on_tcp_tx_complete_gas_done = 1;
+ dpp_tcp_send(conn);
+ return 0;
+}
+
+
+static int dpp_tcp_rx_gas_resp(struct dpp_connection *conn, struct wpabuf *resp)
+{
+ struct dpp_authentication *auth = conn->auth;
+ int res;
+ struct wpabuf *msg, *encaps;
+ enum dpp_status_error status;
+
+ wpa_printf(MSG_DEBUG,
+ "DPP: Configuration Response for local stack from TCP");
+
+ res = dpp_conf_resp_rx(auth, resp);
+ wpabuf_free(resp);
+ if (res < 0) {
+ wpa_printf(MSG_DEBUG, "DPP: Configuration attempt failed");
+ return -1;
+ }
+
+ if (conn->global->process_conf_obj)
+ res = conn->global->process_conf_obj(conn->global->cb_ctx,
+ auth);
+ else
+ res = 0;
+
+ if (auth->peer_version < 2 || auth->conf_resp_status != DPP_STATUS_OK)
+ return -1;
+
+ wpa_printf(MSG_DEBUG, "DPP: Send DPP Configuration Result");
+ status = res < 0 ? DPP_STATUS_CONFIG_REJECTED : DPP_STATUS_OK;
+ msg = dpp_build_conf_result(auth, status);
+ if (!msg)
+ return -1;
+
+ encaps = wpabuf_alloc(4 + wpabuf_len(msg) - 1);
+ if (!encaps) {
+ wpabuf_free(msg);
+ return -1;
+ }
+ wpabuf_put_be32(encaps, wpabuf_len(msg) - 1);
+ wpabuf_put_data(encaps, wpabuf_head(msg) + 1, wpabuf_len(msg) - 1);
+ wpabuf_free(msg);
+ wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Outgoing TCP message", encaps);
+
+ wpabuf_free(conn->msg_out);
+ conn->msg_out_pos = 0;
+ conn->msg_out = encaps;
+ conn->on_tcp_tx_complete_remove = 1;
+ dpp_tcp_send(conn);
+
+ /* This exchange will be terminated in the TX status handler */
+
+ return 0;
+}
+
+
+static int dpp_rx_gas_resp(struct dpp_connection *conn, const u8 *msg,
+ size_t len)
+{
+ struct wpabuf *buf;
+ u8 dialog_token;
+ const u8 *pos, *end, *next, *adv_proto;
+ u16 status, slen;
+
+ if (len < 5 + 2)
+ return -1;
+
+ wpa_printf(MSG_DEBUG,
+ "DPP: Received DPP Configuration Response over TCP");
+
+ pos = msg;
+ end = msg + len;
+
+ dialog_token = *pos++;
+ status = WPA_GET_LE16(pos);
+ if (status != WLAN_STATUS_SUCCESS) {
+ wpa_printf(MSG_DEBUG, "DPP: Unexpected Status Code %u", status);
+ return -1;
+ }
+ pos += 2;
+ pos += 2; /* ignore GAS Comeback Delay */
+
+ adv_proto = pos++;
+ slen = *pos++;
+ if (*adv_proto != WLAN_EID_ADV_PROTO ||
+ slen > end - pos || slen < 2)
+ return -1;
+
+ next = pos + slen;
+ pos++; /* skip QueryRespLenLimit and PAME-BI */
+
+ if (slen != 8 || *pos != WLAN_EID_VENDOR_SPECIFIC ||
+ pos[1] != 5 || WPA_GET_BE24(&pos[2]) != OUI_WFA ||
+ pos[5] != DPP_OUI_TYPE || pos[6] != 0x01)
+ return -1;
+
+ pos = next;
+ /* Query Response */
+ if (end - pos < 2)
+ return -1;
+ slen = WPA_GET_LE16(pos);
+ pos += 2;
+ if (slen > end - pos)
+ return -1;
+
+ buf = wpabuf_alloc(slen);
+ if (!buf)
+ return -1;
+ wpabuf_put_data(buf, pos, slen);
+
+ if (!conn->relay && !conn->ctrl)
+ return dpp_tcp_rx_gas_resp(conn, buf);
+
+ if (!conn->relay) {
+ wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress");
+ wpabuf_free(buf);
+ return -1;
+ }
+ wpa_printf(MSG_DEBUG, "DPP: Relay - send over WLAN");
+ conn->relay->gas_resp_tx(conn->relay->cb_ctx, conn->mac_addr,
+ dialog_token, 0, buf);
+
+ return 0;
+}
+
+
+static void dpp_controller_rx(int sd, void *eloop_ctx, void *sock_ctx)
+{
+ struct dpp_connection *conn = eloop_ctx;
+ int res;
+ const u8 *pos;
+
+ wpa_printf(MSG_DEBUG, "DPP: TCP data available for reading (sock %d)",
+ sd);
+
+ if (conn->msg_len_octets < 4) {
+ u32 msglen;
+
+ res = recv(sd, &conn->msg_len[conn->msg_len_octets],
+ 4 - conn->msg_len_octets, 0);
+ if (res < 0) {
+ wpa_printf(MSG_DEBUG, "DPP: recv failed: %s",
+ strerror(errno));
+ dpp_connection_remove(conn);
+ return;
+ }
+ if (res == 0) {
+ wpa_printf(MSG_DEBUG,
+ "DPP: No more data available over TCP");
+ dpp_connection_remove(conn);
+ return;
+ }
+ wpa_printf(MSG_DEBUG,
+ "DPP: Received %d/%d octet(s) of message length field",
+ res, (int) (4 - conn->msg_len_octets));
+ conn->msg_len_octets += res;
+
+ if (conn->msg_len_octets < 4) {
+ wpa_printf(MSG_DEBUG,
+ "DPP: Need %d more octets of message length field",
+ (int) (4 - conn->msg_len_octets));
+ return;
+ }
+
+ msglen = WPA_GET_BE32(conn->msg_len);
+ wpa_printf(MSG_DEBUG, "DPP: Message length: %u", msglen);
+ if (msglen > 65535) {
+ wpa_printf(MSG_INFO, "DPP: Unexpectedly long message");
+ dpp_connection_remove(conn);
+ return;
+ }
+
+ wpabuf_free(conn->msg);
+ conn->msg = wpabuf_alloc(msglen);
+ }
+
+ if (!conn->msg) {
+ wpa_printf(MSG_DEBUG,
+ "DPP: No buffer available for receiving the message");
+ dpp_connection_remove(conn);
+ return;
+ }
+
+ wpa_printf(MSG_DEBUG, "DPP: Need %u more octets of message payload",
+ (unsigned int) wpabuf_tailroom(conn->msg));
+
+ res = recv(sd, wpabuf_put(conn->msg, 0), wpabuf_tailroom(conn->msg), 0);
+ if (res < 0) {
+ wpa_printf(MSG_DEBUG, "DPP: recv failed: %s", strerror(errno));
+ dpp_connection_remove(conn);
+ return;
+ }
+ if (res == 0) {
+ wpa_printf(MSG_DEBUG, "DPP: No more data available over TCP");
+ dpp_connection_remove(conn);
+ return;
+ }
+ wpa_printf(MSG_DEBUG, "DPP: Received %d octets", res);
+ wpabuf_put(conn->msg, res);
+
+ if (wpabuf_tailroom(conn->msg) > 0) {
+ wpa_printf(MSG_DEBUG,
+ "DPP: Need %u more octets of message payload",
+ (unsigned int) wpabuf_tailroom(conn->msg));
+ return;
+ }
+
+ conn->msg_len_octets = 0;
+ wpa_hexdump_buf(MSG_DEBUG, "DPP: Received TCP message", conn->msg);
+ if (wpabuf_len(conn->msg) < 1) {
+ dpp_connection_remove(conn);
+ return;
+ }
+
+ pos = wpabuf_head(conn->msg);
+ switch (*pos) {
+ case WLAN_PA_VENDOR_SPECIFIC:
+ if (dpp_controller_rx_action(conn, pos + 1,
+ wpabuf_len(conn->msg) - 1) < 0)
+ dpp_connection_remove(conn);
+ break;
+ case WLAN_PA_GAS_INITIAL_REQ:
+ if (dpp_controller_rx_gas_req(conn, pos + 1,
+ wpabuf_len(conn->msg) - 1) < 0)
+ dpp_connection_remove(conn);
+ break;
+ case WLAN_PA_GAS_INITIAL_RESP:
+ if (dpp_rx_gas_resp(conn, pos + 1,
+ wpabuf_len(conn->msg) - 1) < 0)
+ dpp_connection_remove(conn);
+ break;
+ default:
+ wpa_printf(MSG_DEBUG, "DPP: Ignore unsupported message type %u",
+ *pos);
+ break;
+ }
+}
+
+
+static void dpp_controller_tcp_cb(int sd, void *eloop_ctx, void *sock_ctx)
+{
+ struct dpp_controller *ctrl = eloop_ctx;
+ struct sockaddr_in addr;
+ socklen_t addr_len = sizeof(addr);
+ int fd;
+ struct dpp_connection *conn;
+
+ wpa_printf(MSG_DEBUG, "DPP: New TCP connection");
+
+ fd = accept(ctrl->sock, (struct sockaddr *) &addr, &addr_len);
+ if (fd < 0) {
+ wpa_printf(MSG_DEBUG,
+ "DPP: Failed to accept new connection: %s",
+ strerror(errno));
+ return;
+ }
+ wpa_printf(MSG_DEBUG, "DPP: Connection from %s:%d",
+ inet_ntoa(addr.sin_addr), ntohs(addr.sin_port));
+
+ conn = os_zalloc(sizeof(*conn));
+ if (!conn)
+ goto fail;
+
+ conn->global = ctrl->global;
+ conn->ctrl = ctrl;
+ conn->sock = fd;
+
+ if (fcntl(conn->sock, F_SETFL, O_NONBLOCK) != 0) {
+ wpa_printf(MSG_DEBUG, "DPP: fnctl(O_NONBLOCK) failed: %s",
+ strerror(errno));
+ goto fail;
+ }
+
+ if (eloop_register_sock(conn->sock, EVENT_TYPE_READ,
+ dpp_controller_rx, conn, NULL) < 0)
+ goto fail;
+ conn->read_eloop = 1;
+
+ /* TODO: eloop timeout to expire connections that do not complete in
+ * reasonable time */
+ dl_list_add(&ctrl->conn, &conn->list);
+ return;
+
+fail:
+ close(fd);
+ os_free(conn);
+}
+
+
+int dpp_tcp_init(struct dpp_global *dpp, struct dpp_authentication *auth,
+ const struct hostapd_ip_addr *addr, int port)
+{
+ struct dpp_connection *conn;
+ struct sockaddr_storage saddr;
+ socklen_t addrlen;
+ const u8 *hdr, *pos, *end;
+ char txt[100];
+
+ wpa_printf(MSG_DEBUG, "DPP: Initialize TCP connection to %s port %d",
+ hostapd_ip_txt(addr, txt, sizeof(txt)), port);
+ if (dpp_ipaddr_to_sockaddr((struct sockaddr *) &saddr, &addrlen,
+ addr, port) < 0) {
+ dpp_auth_deinit(auth);
+ return -1;
+ }
+
+ conn = os_zalloc(sizeof(*conn));
+ if (!conn) {
+ dpp_auth_deinit(auth);
+ return -1;
+ }
+
+ conn->global = dpp;
+ conn->auth = auth;
+ conn->sock = socket(AF_INET, SOCK_STREAM, 0);
+ if (conn->sock < 0)
+ goto fail;
+
+ if (fcntl(conn->sock, F_SETFL, O_NONBLOCK) != 0) {
+ wpa_printf(MSG_DEBUG, "DPP: fnctl(O_NONBLOCK) failed: %s",
+ strerror(errno));
+ goto fail;
+ }
+
+ if (connect(conn->sock, (struct sockaddr *) &saddr, addrlen) < 0) {
+ if (errno != EINPROGRESS) {
+ wpa_printf(MSG_DEBUG, "DPP: Failed to connect: %s",
+ strerror(errno));
+ goto fail;
+ }
+
+ /*
+ * Continue connecting in the background; eloop will call us
+ * once the connection is ready (or failed).
+ */
+ }
+
+ if (eloop_register_sock(conn->sock, EVENT_TYPE_WRITE,
+ dpp_conn_tx_ready, conn, NULL) < 0)
+ goto fail;
+ conn->write_eloop = 1;
+
+ hdr = wpabuf_head(auth->req_msg);
+ end = hdr + wpabuf_len(auth->req_msg);
+ hdr += 2; /* skip Category and Actiom */
+ pos = hdr + DPP_HDR_LEN;
+ conn->msg_out = dpp_tcp_encaps(hdr, pos, end - pos);
+ if (!conn->msg_out)
+ goto fail;
+ /* Message will be sent in dpp_conn_tx_ready() */
+
+ /* TODO: eloop timeout to clear a connection if it does not complete
+ * properly */
+ dl_list_add(&dpp->tcp_init, &conn->list);
+ return 0;
+fail:
+ dpp_connection_free(conn);
+ return -1;
+}
+
+
+int dpp_controller_start(struct dpp_global *dpp,
+ struct dpp_controller_config *config)
+{
+ struct dpp_controller *ctrl;
+ int on = 1;
+ struct sockaddr_in sin;
+ int port;
+
+ if (!dpp || dpp->controller)
+ return -1;
+
+ ctrl = os_zalloc(sizeof(*ctrl));
+ if (!ctrl)
+ return -1;
+ ctrl->global = dpp;
+ if (config->configurator_params)
+ ctrl->configurator_params =
+ os_strdup(config->configurator_params);
+ dl_list_init(&ctrl->conn);
+ /* TODO: configure these somehow */
+ ctrl->allowed_roles = DPP_CAPAB_ENROLLEE | DPP_CAPAB_CONFIGURATOR;
+ ctrl->qr_mutual = 0;
+
+ ctrl->sock = socket(AF_INET, SOCK_STREAM, 0);
+ if (ctrl->sock < 0)
+ goto fail;
+
+ if (setsockopt(ctrl->sock, SOL_SOCKET, SO_REUSEADDR,
+ &on, sizeof(on)) < 0) {
+ wpa_printf(MSG_DEBUG,
+ "DPP: setsockopt(SO_REUSEADDR) failed: %s",
+ strerror(errno));
+ /* try to continue anyway */
+ }
+
+ if (fcntl(ctrl->sock, F_SETFL, O_NONBLOCK) < 0) {
+ wpa_printf(MSG_INFO, "DPP: fnctl(O_NONBLOCK) failed: %s",
+ strerror(errno));
+ goto fail;
+ }
+
+ /* TODO: IPv6 */
+ os_memset(&sin, 0, sizeof(sin));
+ sin.sin_family = AF_INET;
+ sin.sin_addr.s_addr = INADDR_ANY;
+ port = config->tcp_port ? config->tcp_port : DPP_TCP_PORT;
+ sin.sin_port = htons(port);
+ if (bind(ctrl->sock, (struct sockaddr *) &sin, sizeof(sin)) < 0) {
+ wpa_printf(MSG_INFO,
+ "DPP: Failed to bind Controller TCP port: %s",
+ strerror(errno));
+ goto fail;
+ }
+ if (listen(ctrl->sock, 10 /* max backlog */) < 0 ||
+ fcntl(ctrl->sock, F_SETFL, O_NONBLOCK) < 0 ||
+ eloop_register_sock(ctrl->sock, EVENT_TYPE_READ,
+ dpp_controller_tcp_cb, ctrl, NULL))
+ goto fail;
+
+ dpp->controller = ctrl;
+ wpa_printf(MSG_DEBUG, "DPP: Controller started on TCP port %d", port);
+ return 0;
+fail:
+ dpp_controller_free(ctrl);
+ return -1;
+}
+
+
+void dpp_controller_stop(struct dpp_global *dpp)
+{
+ if (dpp) {
+ dpp_controller_free(dpp->controller);
+ dpp->controller = NULL;
+ }
+}
+
+#endif /* CONFIG_DPP2 */
diff --git a/src/common/dpp.h b/src/common/dpp.h
index 5a6d8cc..db640ef 100644
--- a/src/common/dpp.h
+++ b/src/common/dpp.h
@@ -18,9 +18,11 @@
#include "crypto/sha256.h"
struct crypto_ecdh;
+struct hostapd_ip_addr;
struct dpp_global;
#define DPP_HDR_LEN (4 + 2) /* OUI, OUI Type, Crypto Suite, DPP frame type */
+#define DPP_TCP_PORT 7871
enum dpp_public_action_frame_type {
DPP_PA_AUTHENTICATION_REQ = 0,
@@ -259,6 +261,22 @@
size_t pmk_len;
};
+struct dpp_relay_config {
+ const struct hostapd_ip_addr *ipaddr;
+ const u8 *pkhash;
+
+ void *cb_ctx;
+ void (*tx)(void *ctx, const u8 *addr, unsigned int freq, const u8 *msg,
+ size_t len);
+ void (*gas_resp_tx)(void *ctx, const u8 *addr, u8 dialog_token, int prot,
+ struct wpabuf *buf);
+};
+
+struct dpp_controller_config {
+ const char *configurator_params;
+ int tcp_port;
+};
+
#ifdef CONFIG_TESTING_OPTIONS
enum dpp_test_behavior {
DPP_TEST_DISABLED = 0,
@@ -497,7 +515,26 @@
int dpp_configurator_remove(struct dpp_global *dpp, const char *id);
int dpp_configurator_get_key_id(struct dpp_global *dpp, unsigned int id,
char *buf, size_t buflen);
-struct dpp_global * dpp_global_init(void);
+int dpp_relay_add_controller(struct dpp_global *dpp,
+ struct dpp_relay_config *config);
+int dpp_relay_rx_action(struct dpp_global *dpp, const u8 *src, const u8 *hdr,
+ const u8 *buf, size_t len, unsigned int freq,
+ const u8 *i_bootstrap, const u8 *r_bootstrap);
+int dpp_relay_rx_gas_req(struct dpp_global *dpp, const u8 *src, const u8 *data,
+ size_t data_len);
+int dpp_controller_start(struct dpp_global *dpp,
+ struct dpp_controller_config *config);
+void dpp_controller_stop(struct dpp_global *dpp);
+int dpp_tcp_init(struct dpp_global *dpp, struct dpp_authentication *auth,
+ const struct hostapd_ip_addr *addr, int port);
+
+struct dpp_global_config {
+ void *msg_ctx;
+ void *cb_ctx;
+ int (*process_conf_obj)(void *ctx, struct dpp_authentication *auth);
+};
+
+struct dpp_global * dpp_global_init(struct dpp_global_config *config);
void dpp_global_clear(struct dpp_global *dpp);
void dpp_global_deinit(struct dpp_global *dpp);
diff --git a/src/common/dragonfly.c b/src/common/dragonfly.c
new file mode 100644
index 0000000..e98bce6
--- /dev/null
+++ b/src/common/dragonfly.c
@@ -0,0 +1,194 @@
+/*
+ * Shared Dragonfly functionality
+ * Copyright (c) 2012-2016, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2019, The Linux Foundation
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "utils/includes.h"
+
+#include "utils/common.h"
+#include "utils/const_time.h"
+#include "crypto/crypto.h"
+#include "dragonfly.h"
+
+
+int dragonfly_suitable_group(int group, int ecc_only)
+{
+ /* Enforce REVmd rules on which SAE groups are suitable for production
+ * purposes: FFC groups whose prime is >= 3072 bits and ECC groups
+ * defined over a prime field whose prime is >= 256 bits. Furthermore,
+ * ECC groups defined over a characteristic 2 finite field and ECC
+ * groups with a co-factor greater than 1 are not suitable. */
+ return group == 19 || group == 20 || group == 21 ||
+ group == 28 || group == 29 || group == 30 ||
+ (!ecc_only &&
+ (group == 15 || group == 16 || group == 17 || group == 18));
+}
+
+
+int dragonfly_get_random_qr_qnr(const struct crypto_bignum *prime,
+ struct crypto_bignum **qr,
+ struct crypto_bignum **qnr)
+{
+ *qr = *qnr = NULL;
+
+ while (!(*qr) || !(*qnr)) {
+ struct crypto_bignum *tmp;
+ int res;
+
+ tmp = crypto_bignum_init();
+ if (!tmp || crypto_bignum_rand(tmp, prime) < 0) {
+ crypto_bignum_deinit(tmp, 0);
+ break;
+ }
+
+ res = crypto_bignum_legendre(tmp, prime);
+ if (res == 1 && !(*qr))
+ *qr = tmp;
+ else if (res == -1 && !(*qnr))
+ *qnr = tmp;
+ else
+ crypto_bignum_deinit(tmp, 0);
+ }
+
+ if (*qr && *qnr)
+ return 0;
+ crypto_bignum_deinit(*qr, 0);
+ crypto_bignum_deinit(*qnr, 0);
+ *qr = *qnr = NULL;
+ return -1;
+}
+
+
+static struct crypto_bignum *
+dragonfly_get_rand_1_to_p_1(const struct crypto_bignum *prime)
+{
+ struct crypto_bignum *tmp, *pm1, *one;
+
+ tmp = crypto_bignum_init();
+ pm1 = crypto_bignum_init();
+ one = crypto_bignum_init_set((const u8 *) "\x01", 1);
+ if (!tmp || !pm1 || !one ||
+ crypto_bignum_sub(prime, one, pm1) < 0 ||
+ crypto_bignum_rand(tmp, pm1) < 0 ||
+ crypto_bignum_add(tmp, one, tmp) < 0) {
+ crypto_bignum_deinit(tmp, 0);
+ tmp = NULL;
+ }
+
+ crypto_bignum_deinit(pm1, 0);
+ crypto_bignum_deinit(one, 0);
+ return tmp;
+}
+
+
+int dragonfly_is_quadratic_residue_blind(struct crypto_ec *ec,
+ const u8 *qr, const u8 *qnr,
+ const struct crypto_bignum *val)
+{
+ struct crypto_bignum *r, *num, *qr_or_qnr = NULL;
+ int check, res = -1;
+ u8 qr_or_qnr_bin[DRAGONFLY_MAX_ECC_PRIME_LEN];
+ const struct crypto_bignum *prime;
+ size_t prime_len;
+ unsigned int mask;
+
+ prime = crypto_ec_get_prime(ec);
+ prime_len = crypto_ec_prime_len(ec);
+
+ /*
+ * Use a blinding technique to mask val while determining whether it is
+ * a quadratic residue modulo p to avoid leaking timing information
+ * while determining the Legendre symbol.
+ *
+ * v = val
+ * r = a random number between 1 and p-1, inclusive
+ * num = (v * r * r) modulo p
+ */
+ r = dragonfly_get_rand_1_to_p_1(prime);
+ if (!r)
+ return -1;
+
+ num = crypto_bignum_init();
+ if (!num ||
+ crypto_bignum_mulmod(val, r, prime, num) < 0 ||
+ crypto_bignum_mulmod(num, r, prime, num) < 0)
+ goto fail;
+
+ /*
+ * Need to minimize differences in handling different cases, so try to
+ * avoid branches and timing differences.
+ *
+ * If r is odd:
+ * num = (num * qr) module p
+ * LGR(num, p) = 1 ==> quadratic residue
+ * else:
+ * num = (num * qnr) module p
+ * LGR(num, p) = -1 ==> quadratic residue
+ *
+ * mask is set to !odd(r)
+ */
+ mask = const_time_is_zero(crypto_bignum_is_odd(r));
+ const_time_select_bin(mask, qnr, qr, prime_len, qr_or_qnr_bin);
+ qr_or_qnr = crypto_bignum_init_set(qr_or_qnr_bin, prime_len);
+ if (!qr_or_qnr ||
+ crypto_bignum_mulmod(num, qr_or_qnr, prime, num) < 0)
+ goto fail;
+ /* branchless version of check = odd(r) ? 1 : -1, */
+ check = const_time_select_int(mask, -1, 1);
+
+ /* Determine the Legendre symbol on the masked value */
+ res = crypto_bignum_legendre(num, prime);
+ if (res == -2) {
+ res = -1;
+ goto fail;
+ }
+ /* branchless version of res = res == check
+ * (res is -1, 0, or 1; check is -1 or 1) */
+ mask = const_time_eq(res, check);
+ res = const_time_select_int(mask, 1, 0);
+fail:
+ crypto_bignum_deinit(num, 1);
+ crypto_bignum_deinit(r, 1);
+ crypto_bignum_deinit(qr_or_qnr, 1);
+ return res;
+}
+
+
+static int dragonfly_get_rand_2_to_r_1(struct crypto_bignum *val,
+ const struct crypto_bignum *order)
+{
+ return crypto_bignum_rand(val, order) == 0 &&
+ !crypto_bignum_is_zero(val) &&
+ !crypto_bignum_is_one(val);
+}
+
+
+int dragonfly_generate_scalar(const struct crypto_bignum *order,
+ struct crypto_bignum *_rand,
+ struct crypto_bignum *_mask,
+ struct crypto_bignum *scalar)
+{
+ int count;
+
+ /* Select two random values rand,mask such that 1 < rand,mask < r and
+ * rand + mask mod r > 1. */
+ for (count = 0; count < 100; count++) {
+ if (dragonfly_get_rand_2_to_r_1(_rand, order) &&
+ dragonfly_get_rand_2_to_r_1(_mask, order) &&
+ crypto_bignum_add(_rand, _mask, scalar) == 0 &&
+ crypto_bignum_mod(scalar, order, scalar) == 0 &&
+ !crypto_bignum_is_zero(scalar) &&
+ !crypto_bignum_is_one(scalar))
+ return 0;
+ }
+
+ /* This should not be reachable in practice if the random number
+ * generation is working. */
+ wpa_printf(MSG_INFO,
+ "dragonfly: Unable to get randomness for own scalar");
+ return -1;
+}
diff --git a/src/common/dragonfly.h b/src/common/dragonfly.h
new file mode 100644
index 0000000..e7627ef
--- /dev/null
+++ b/src/common/dragonfly.h
@@ -0,0 +1,30 @@
+/*
+ * Shared Dragonfly functionality
+ * Copyright (c) 2012-2016, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2019, The Linux Foundation
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef DRAGONFLY_H
+#define DRAGONFLY_H
+
+#define DRAGONFLY_MAX_ECC_PRIME_LEN 66
+
+struct crypto_bignum;
+struct crypto_ec;
+
+int dragonfly_suitable_group(int group, int ecc_only);
+int dragonfly_get_random_qr_qnr(const struct crypto_bignum *prime,
+ struct crypto_bignum **qr,
+ struct crypto_bignum **qnr);
+int dragonfly_is_quadratic_residue_blind(struct crypto_ec *ec,
+ const u8 *qr, const u8 *qnr,
+ const struct crypto_bignum *val);
+int dragonfly_generate_scalar(const struct crypto_bignum *order,
+ struct crypto_bignum *_rand,
+ struct crypto_bignum *_mask,
+ struct crypto_bignum *scalar);
+
+#endif /* DRAGONFLY_H */
diff --git a/src/common/hw_features_common.c b/src/common/hw_features_common.c
index 49ed806..3fdbf89 100644
--- a/src/common/hw_features_common.c
+++ b/src/common/hw_features_common.c
@@ -361,30 +361,35 @@
int hostapd_set_freq_params(struct hostapd_freq_params *data,
enum hostapd_hw_mode mode,
int freq, int channel, int ht_enabled,
- int vht_enabled, int sec_channel_offset,
- int vht_oper_chwidth, int center_segment0,
- int center_segment1, u32 vht_caps)
+ int vht_enabled, int he_enabled,
+ int sec_channel_offset,
+ int oper_chwidth, int center_segment0,
+ int center_segment1, u32 vht_caps,
+ struct he_capabilities *he_cap)
{
+ if (!he_cap)
+ he_enabled = 0;
os_memset(data, 0, sizeof(*data));
data->mode = mode;
data->freq = freq;
data->channel = channel;
data->ht_enabled = ht_enabled;
data->vht_enabled = vht_enabled;
+ data->he_enabled = he_enabled;
data->sec_channel_offset = sec_channel_offset;
data->center_freq1 = freq + sec_channel_offset * 10;
data->center_freq2 = 0;
data->bandwidth = sec_channel_offset ? 40 : 20;
- if (data->vht_enabled) switch (vht_oper_chwidth) {
- case VHT_CHANWIDTH_USE_HT:
+ if (data->vht_enabled) switch (oper_chwidth) {
+ case CHANWIDTH_USE_HT:
if (center_segment1 ||
(center_segment0 != 0 &&
5000 + center_segment0 * 5 != data->center_freq1 &&
2407 + center_segment0 * 5 != data->center_freq1))
return -1;
break;
- case VHT_CHANWIDTH_80P80MHZ:
+ case CHANWIDTH_80P80MHZ:
if (!(vht_caps & VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ)) {
wpa_printf(MSG_ERROR,
"80+80 channel width is not supported!");
@@ -395,11 +400,11 @@
return -1;
data->center_freq2 = 5000 + center_segment1 * 5;
/* fall through */
- case VHT_CHANWIDTH_80MHZ:
+ case CHANWIDTH_80MHZ:
data->bandwidth = 80;
- if ((vht_oper_chwidth == VHT_CHANWIDTH_80MHZ &&
+ if ((oper_chwidth == CHANWIDTH_80MHZ &&
center_segment1) ||
- (vht_oper_chwidth == VHT_CHANWIDTH_80P80MHZ &&
+ (oper_chwidth == CHANWIDTH_80P80MHZ &&
!center_segment1) ||
!sec_channel_offset)
return -1;
@@ -432,7 +437,7 @@
return -1;
}
break;
- case VHT_CHANWIDTH_160MHZ:
+ case CHANWIDTH_160MHZ:
data->bandwidth = 160;
if (!(vht_caps & (VHT_CAP_SUPP_CHAN_WIDTH_160MHZ |
VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ))) {
diff --git a/src/common/hw_features_common.h b/src/common/hw_features_common.h
index eb1f1c5..2d2a539 100644
--- a/src/common/hw_features_common.h
+++ b/src/common/hw_features_common.h
@@ -32,9 +32,11 @@
int hostapd_set_freq_params(struct hostapd_freq_params *data,
enum hostapd_hw_mode mode,
int freq, int channel, int ht_enabled,
- int vht_enabled, int sec_channel_offset,
- int vht_oper_chwidth, int center_segment0,
- int center_segment1, u32 vht_caps);
+ int vht_enabled, int he_enabled,
+ int sec_channel_offset,
+ int oper_chwidth, int center_segment0,
+ int center_segment1, u32 vht_caps,
+ struct he_capabilities *he_caps);
void set_disable_ht40(struct ieee80211_ht_capabilities *htcaps,
int disabled);
int ieee80211ac_cap_check(u32 hw, u32 conf);
diff --git a/src/common/ieee802_11_common.c b/src/common/ieee802_11_common.c
index f886551..9f57828 100644
--- a/src/common/ieee802_11_common.c
+++ b/src/common/ieee802_11_common.c
@@ -274,6 +274,10 @@
elems->he_capabilities = pos;
elems->he_capabilities_len = elen;
break;
+ case WLAN_EID_EXT_HE_OPERATION:
+ elems->he_operation = pos;
+ elems->he_operation_len = elen;
+ break;
case WLAN_EID_EXT_OCV_OCI:
elems->oci = pos;
elems->oci_len = elen;
@@ -704,7 +708,7 @@
{
u8 op_class;
- return ieee80211_freq_to_channel_ext(freq, 0, VHT_CHANWIDTH_USE_HT,
+ return ieee80211_freq_to_channel_ext(freq, 0, CHANWIDTH_USE_HT,
&op_class, channel);
}
@@ -714,7 +718,7 @@
* for HT40 and VHT. DFS channels are not covered.
* @freq: Frequency (MHz) to convert
* @sec_channel: 0 = non-HT40, 1 = sec. channel above, -1 = sec. channel below
- * @vht: VHT channel width (VHT_CHANWIDTH_*)
+ * @vht: VHT channel width (CHANWIDTH_*)
* @op_class: Buffer for returning operating class
* @channel: Buffer for returning channel number
* Returns: hw_mode on success, NUM_HOSTAPD_MODES on failure
@@ -769,13 +773,13 @@
}
switch (vht) {
- case VHT_CHANWIDTH_80MHZ:
+ case CHANWIDTH_80MHZ:
vht_opclass = 128;
break;
- case VHT_CHANWIDTH_160MHZ:
+ case CHANWIDTH_160MHZ:
vht_opclass = 129;
break;
- case VHT_CHANWIDTH_80P80MHZ:
+ case CHANWIDTH_80P80MHZ:
vht_opclass = 130;
break;
default:
@@ -894,16 +898,16 @@
case CHAN_WIDTH_20_NOHT:
case CHAN_WIDTH_20:
case CHAN_WIDTH_40:
- vht = VHT_CHANWIDTH_USE_HT;
+ vht = CHANWIDTH_USE_HT;
break;
case CHAN_WIDTH_80:
- vht = VHT_CHANWIDTH_80MHZ;
+ vht = CHANWIDTH_80MHZ;
break;
case CHAN_WIDTH_80P80:
- vht = VHT_CHANWIDTH_80P80MHZ;
+ vht = CHANWIDTH_80P80MHZ;
break;
case CHAN_WIDTH_160:
- vht = VHT_CHANWIDTH_160MHZ;
+ vht = CHANWIDTH_160MHZ;
break;
}
@@ -1317,6 +1321,185 @@
}
+const char * reason2str(u16 reason)
+{
+#define R2S(r) case WLAN_REASON_ ## r: return #r;
+ switch (reason) {
+ R2S(UNSPECIFIED)
+ R2S(PREV_AUTH_NOT_VALID)
+ R2S(DEAUTH_LEAVING)
+ R2S(DISASSOC_DUE_TO_INACTIVITY)
+ R2S(DISASSOC_AP_BUSY)
+ R2S(CLASS2_FRAME_FROM_NONAUTH_STA)
+ R2S(CLASS3_FRAME_FROM_NONASSOC_STA)
+ R2S(DISASSOC_STA_HAS_LEFT)
+ R2S(STA_REQ_ASSOC_WITHOUT_AUTH)
+ R2S(PWR_CAPABILITY_NOT_VALID)
+ R2S(SUPPORTED_CHANNEL_NOT_VALID)
+ R2S(BSS_TRANSITION_DISASSOC)
+ R2S(INVALID_IE)
+ R2S(MICHAEL_MIC_FAILURE)
+ R2S(4WAY_HANDSHAKE_TIMEOUT)
+ R2S(GROUP_KEY_UPDATE_TIMEOUT)
+ R2S(IE_IN_4WAY_DIFFERS)
+ R2S(GROUP_CIPHER_NOT_VALID)
+ R2S(PAIRWISE_CIPHER_NOT_VALID)
+ R2S(AKMP_NOT_VALID)
+ R2S(UNSUPPORTED_RSN_IE_VERSION)
+ R2S(INVALID_RSN_IE_CAPAB)
+ R2S(IEEE_802_1X_AUTH_FAILED)
+ R2S(CIPHER_SUITE_REJECTED)
+ R2S(TDLS_TEARDOWN_UNREACHABLE)
+ R2S(TDLS_TEARDOWN_UNSPECIFIED)
+ R2S(SSP_REQUESTED_DISASSOC)
+ R2S(NO_SSP_ROAMING_AGREEMENT)
+ R2S(BAD_CIPHER_OR_AKM)
+ R2S(NOT_AUTHORIZED_THIS_LOCATION)
+ R2S(SERVICE_CHANGE_PRECLUDES_TS)
+ R2S(UNSPECIFIED_QOS_REASON)
+ R2S(NOT_ENOUGH_BANDWIDTH)
+ R2S(DISASSOC_LOW_ACK)
+ R2S(EXCEEDED_TXOP)
+ R2S(STA_LEAVING)
+ R2S(END_TS_BA_DLS)
+ R2S(UNKNOWN_TS_BA)
+ R2S(TIMEOUT)
+ R2S(PEERKEY_MISMATCH)
+ R2S(AUTHORIZED_ACCESS_LIMIT_REACHED)
+ R2S(EXTERNAL_SERVICE_REQUIREMENTS)
+ R2S(INVALID_FT_ACTION_FRAME_COUNT)
+ R2S(INVALID_PMKID)
+ R2S(INVALID_MDE)
+ R2S(INVALID_FTE)
+ R2S(MESH_PEERING_CANCELLED)
+ R2S(MESH_MAX_PEERS)
+ R2S(MESH_CONFIG_POLICY_VIOLATION)
+ R2S(MESH_CLOSE_RCVD)
+ R2S(MESH_MAX_RETRIES)
+ R2S(MESH_CONFIRM_TIMEOUT)
+ R2S(MESH_INVALID_GTK)
+ R2S(MESH_INCONSISTENT_PARAMS)
+ R2S(MESH_INVALID_SECURITY_CAP)
+ R2S(MESH_PATH_ERROR_NO_PROXY_INFO)
+ R2S(MESH_PATH_ERROR_NO_FORWARDING_INFO)
+ R2S(MESH_PATH_ERROR_DEST_UNREACHABLE)
+ R2S(MAC_ADDRESS_ALREADY_EXISTS_IN_MBSS)
+ R2S(MESH_CHANNEL_SWITCH_REGULATORY_REQ)
+ R2S(MESH_CHANNEL_SWITCH_UNSPECIFIED)
+ }
+ return "UNKNOWN";
+#undef R2S
+}
+
+
+const char * status2str(u16 status)
+{
+#define S2S(s) case WLAN_STATUS_ ## s: return #s;
+ switch (status) {
+ S2S(SUCCESS)
+ S2S(UNSPECIFIED_FAILURE)
+ S2S(TDLS_WAKEUP_ALTERNATE)
+ S2S(TDLS_WAKEUP_REJECT)
+ S2S(SECURITY_DISABLED)
+ S2S(UNACCEPTABLE_LIFETIME)
+ S2S(NOT_IN_SAME_BSS)
+ S2S(CAPS_UNSUPPORTED)
+ S2S(REASSOC_NO_ASSOC)
+ S2S(ASSOC_DENIED_UNSPEC)
+ S2S(NOT_SUPPORTED_AUTH_ALG)
+ S2S(UNKNOWN_AUTH_TRANSACTION)
+ S2S(CHALLENGE_FAIL)
+ S2S(AUTH_TIMEOUT)
+ S2S(AP_UNABLE_TO_HANDLE_NEW_STA)
+ S2S(ASSOC_DENIED_RATES)
+ S2S(ASSOC_DENIED_NOSHORT)
+ S2S(SPEC_MGMT_REQUIRED)
+ S2S(PWR_CAPABILITY_NOT_VALID)
+ S2S(SUPPORTED_CHANNEL_NOT_VALID)
+ S2S(ASSOC_DENIED_NO_SHORT_SLOT_TIME)
+ S2S(ASSOC_DENIED_NO_HT)
+ S2S(R0KH_UNREACHABLE)
+ S2S(ASSOC_DENIED_NO_PCO)
+ S2S(ASSOC_REJECTED_TEMPORARILY)
+ S2S(ROBUST_MGMT_FRAME_POLICY_VIOLATION)
+ S2S(UNSPECIFIED_QOS_FAILURE)
+ S2S(DENIED_INSUFFICIENT_BANDWIDTH)
+ S2S(DENIED_POOR_CHANNEL_CONDITIONS)
+ S2S(DENIED_QOS_NOT_SUPPORTED)
+ S2S(REQUEST_DECLINED)
+ S2S(INVALID_PARAMETERS)
+ S2S(REJECTED_WITH_SUGGESTED_CHANGES)
+ S2S(INVALID_IE)
+ S2S(GROUP_CIPHER_NOT_VALID)
+ S2S(PAIRWISE_CIPHER_NOT_VALID)
+ S2S(AKMP_NOT_VALID)
+ S2S(UNSUPPORTED_RSN_IE_VERSION)
+ S2S(INVALID_RSN_IE_CAPAB)
+ S2S(CIPHER_REJECTED_PER_POLICY)
+ S2S(TS_NOT_CREATED)
+ S2S(DIRECT_LINK_NOT_ALLOWED)
+ S2S(DEST_STA_NOT_PRESENT)
+ S2S(DEST_STA_NOT_QOS_STA)
+ S2S(ASSOC_DENIED_LISTEN_INT_TOO_LARGE)
+ S2S(INVALID_FT_ACTION_FRAME_COUNT)
+ S2S(INVALID_PMKID)
+ S2S(INVALID_MDIE)
+ S2S(INVALID_FTIE)
+ S2S(REQUESTED_TCLAS_NOT_SUPPORTED)
+ S2S(INSUFFICIENT_TCLAS_PROCESSING_RESOURCES)
+ S2S(TRY_ANOTHER_BSS)
+ S2S(GAS_ADV_PROTO_NOT_SUPPORTED)
+ S2S(NO_OUTSTANDING_GAS_REQ)
+ S2S(GAS_RESP_NOT_RECEIVED)
+ S2S(STA_TIMED_OUT_WAITING_FOR_GAS_RESP)
+ S2S(GAS_RESP_LARGER_THAN_LIMIT)
+ S2S(REQ_REFUSED_HOME)
+ S2S(ADV_SRV_UNREACHABLE)
+ S2S(REQ_REFUSED_SSPN)
+ S2S(REQ_REFUSED_UNAUTH_ACCESS)
+ S2S(INVALID_RSNIE)
+ S2S(U_APSD_COEX_NOT_SUPPORTED)
+ S2S(U_APSD_COEX_MODE_NOT_SUPPORTED)
+ S2S(BAD_INTERVAL_WITH_U_APSD_COEX)
+ S2S(ANTI_CLOGGING_TOKEN_REQ)
+ S2S(FINITE_CYCLIC_GROUP_NOT_SUPPORTED)
+ S2S(CANNOT_FIND_ALT_TBTT)
+ S2S(TRANSMISSION_FAILURE)
+ S2S(REQ_TCLAS_NOT_SUPPORTED)
+ S2S(TCLAS_RESOURCES_EXCHAUSTED)
+ S2S(REJECTED_WITH_SUGGESTED_BSS_TRANSITION)
+ S2S(REJECT_WITH_SCHEDULE)
+ S2S(REJECT_NO_WAKEUP_SPECIFIED)
+ S2S(SUCCESS_POWER_SAVE_MODE)
+ S2S(PENDING_ADMITTING_FST_SESSION)
+ S2S(PERFORMING_FST_NOW)
+ S2S(PENDING_GAP_IN_BA_WINDOW)
+ S2S(REJECT_U_PID_SETTING)
+ S2S(REFUSED_EXTERNAL_REASON)
+ S2S(REFUSED_AP_OUT_OF_MEMORY)
+ S2S(REJECTED_EMERGENCY_SERVICE_NOT_SUPPORTED)
+ S2S(QUERY_RESP_OUTSTANDING)
+ S2S(REJECT_DSE_BAND)
+ S2S(TCLAS_PROCESSING_TERMINATED)
+ S2S(TS_SCHEDULE_CONFLICT)
+ S2S(DENIED_WITH_SUGGESTED_BAND_AND_CHANNEL)
+ S2S(MCCAOP_RESERVATION_CONFLICT)
+ S2S(MAF_LIMIT_EXCEEDED)
+ S2S(MCCA_TRACK_LIMIT_EXCEEDED)
+ S2S(DENIED_DUE_TO_SPECTRUM_MANAGEMENT)
+ S2S(ASSOC_DENIED_NO_VHT)
+ S2S(ENABLEMENT_DENIED)
+ S2S(RESTRICTION_FROM_AUTHORIZED_GDB)
+ S2S(AUTHORIZATION_DEENABLED)
+ S2S(FILS_AUTHENTICATION_FAILURE)
+ S2S(UNKNOWN_AUTHENTICATION_SERVER)
+ S2S(UNKNOWN_PASSWORD_IDENTIFIER)
+ }
+ return "UNKNOWN";
+#undef S2S
+}
+
+
int mb_ies_info_by_ies(struct mb_ies_info *info, const u8 *ies_buf,
size_t ies_len)
{
diff --git a/src/common/ieee802_11_common.h b/src/common/ieee802_11_common.h
index d41bd39..9b045b4 100644
--- a/src/common/ieee802_11_common.h
+++ b/src/common/ieee802_11_common.h
@@ -94,6 +94,7 @@
const u8 *oci;
const u8 *multi_ap;
const u8 *he_capabilities;
+ const u8 *he_operation;
u8 ssid_len;
u8 supp_rates_len;
@@ -143,6 +144,7 @@
u8 oci_len;
u8 multi_ap_len;
u8 he_capabilities_len;
+ u8 he_operation_len;
struct mb_ies_info mb_ies;
};
@@ -185,6 +187,8 @@
struct wpabuf * mb_ies_by_info(struct mb_ies_info *info);
const char * fc2str(u16 fc);
+const char * reason2str(u16 reason);
+const char * status2str(u16 status);
struct oper_class_map {
enum hostapd_hw_mode mode;
diff --git a/src/common/ieee802_11_defs.h b/src/common/ieee802_11_defs.h
index adaa893..b0aa913 100644
--- a/src/common/ieee802_11_defs.h
+++ b/src/common/ieee802_11_defs.h
@@ -468,6 +468,7 @@
#define WLAN_EID_EXT_HE_CAPABILITIES 35
#define WLAN_EID_EXT_HE_OPERATION 36
#define WLAN_EID_EXT_HE_MU_EDCA_PARAMS 38
+#define WLAN_EID_EXT_SPATIAL_REUSE 39
#define WLAN_EID_EXT_OCV_OCI 54
/* Extended Capabilities field */
@@ -1274,10 +1275,12 @@
#define VHT_RX_NSS_MAX_STREAMS 8
/* VHT channel widths */
-#define VHT_CHANWIDTH_USE_HT 0
-#define VHT_CHANWIDTH_80MHZ 1
-#define VHT_CHANWIDTH_160MHZ 2
-#define VHT_CHANWIDTH_80P80MHZ 3
+#define CHANWIDTH_USE_HT 0
+#define CHANWIDTH_80MHZ 1
+#define CHANWIDTH_160MHZ 2
+#define CHANWIDTH_80P80MHZ 3
+
+#define HE_NSS_MAX_STREAMS 8
#define OUI_MICROSOFT 0x0050f2 /* Microsoft (also used in Wi-Fi specs)
* 00:50:F2 */
@@ -2091,7 +2094,7 @@
/*
* IEEE P802.11-REVmc/D5.0 Table 9-152 - HT/VHT Operation Information
* subfields.
- * Note: These definitions are not the same as other VHT_CHANWIDTH_*.
+ * Note: These definitions are not the same as other CHANWIDTH_*.
*/
enum nr_chan_width {
NR_CHAN_WIDTH_20 = 0,
@@ -2104,21 +2107,46 @@
struct ieee80211_he_capabilities {
u8 he_mac_capab_info[6];
u8 he_phy_capab_info[11];
- u8 he_txrx_mcs_support[12]; /* TODO: 4, 8, or 12 octets */
- /* PPE Thresholds (optional) */
+ /* Followed by 4, 8, or 12 octets of Supported HE-MCS And NSS Set field
+ * and optional variable length PPE Thresholds field. */
+ u8 optional[];
} STRUCT_PACKED;
struct ieee80211_he_operation {
- u32 he_oper_params; /* HE Operation Parameters[3] and
- * BSS Color Information[1] */
- u8 he_mcs_nss_set[2];
+ le32 he_oper_params; /* HE Operation Parameters[3] and
+ * BSS Color Information[1] */
+ le16 he_mcs_nss_set;
u8 vht_op_info_chwidth;
u8 vht_op_info_chan_center_freq_seg0_idx;
u8 vht_op_info_chan_center_freq_seg1_idx;
/* Followed by conditional MaxBSSID Indicator subfield (u8) */
} STRUCT_PACKED;
+/*
+ * IEEE P802.11ax/D4.0, 9.4.2.246 Spatial Reuse Parameter Set element
+ */
+struct ieee80211_spatial_reuse {
+ u8 sr_ctrl; /* SR Control */
+ /* Up to 19 octets of parameters:
+ * Non-SRG OBSS PD Max Offset[0 or 1]
+ * SRG OBSS PD Min Offset[0 or 1]
+ * SRG OBSS PD Max Offset[0 or 1]
+ * SRG BSS Color Bitmap[0 or 8]
+ * SRG Partial BSSID Bitmap[0 or 8]
+ */
+ u8 params[19];
+} STRUCT_PACKED;
+
/* HE Capabilities Information defines */
+
+#define HE_PHYCAP_CHANNEL_WIDTH_SET_IDX 0
+#define HE_PHYCAP_CHANNEL_WIDTH_MASK ((u8) (BIT(1) | BIT(2) | \
+ BIT(3) | BIT(4)))
+#define HE_PHYCAP_CHANNEL_WIDTH_SET_40MHZ_IN_2G ((u8) BIT(1))
+#define HE_PHYCAP_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G ((u8) BIT(2))
+#define HE_PHYCAP_CHANNEL_WIDTH_SET_160MHZ_IN_5G ((u8) BIT(3))
+#define HE_PHYCAP_CHANNEL_WIDTH_SET_80PLUS80MHZ_IN_5G ((u8) BIT(4))
+
#define HE_PHYCAP_SU_BEAMFORMER_CAPAB_IDX 3
#define HE_PHYCAP_SU_BEAMFORMER_CAPAB ((u8) BIT(7))
#define HE_PHYCAP_SU_BEAMFORMEE_CAPAB_IDX 4
@@ -2126,23 +2154,39 @@
#define HE_PHYCAP_MU_BEAMFORMER_CAPAB_IDX 4
#define HE_PHYCAP_MU_BEAMFORMER_CAPAB ((u8) BIT(1))
+#define HE_PHYCAP_PPE_THRESHOLD_PRESENT_IDX 6
+#define HE_PHYCAP_PPE_THRESHOLD_PRESENT ((u8) BIT(7))
+
+/* HE PPE Threshold define */
+#define HE_PPE_THRES_RU_INDEX_BITMASK_MASK 0xf
+#define HE_PPE_THRES_RU_INDEX_BITMASK_SHIFT 3
+#define HE_PPE_THRES_NSS_MASK 0x7
+
/* HE Operation defines */
/* HE Operation Parameters and BSS Color Information fields */
-#define HE_OPERATION_BSS_COLOR_MASK ((u32) (BIT(0) | BIT(1) | \
- BIT(2) | BIT(3) | \
- BIT(4) | BIT(5)))
-#define HE_OPERATION_PARTIAL_BSS_COLOR ((u32) BIT(6))
-#define HE_OPERATION_BSS_COLOR_DISABLED ((u32) BIT(7))
-#define HE_OPERATION_DFLT_PE_DURATION_MASK ((u32) (BIT(8) | BIT(9) | \
- BIT(10)))
-#define HE_OPERATION_DFLT_PE_DURATION_OFFSET 8
-#define HE_OPERATION_TWT_REQUIRED ((u32) BIT(11))
-#define HE_OPERATION_RTS_THRESHOLD_MASK ((u32) (BIT(12) | BIT(13) | \
- BIT(14) | BIT(15) | \
- BIT(16) | BIT(17) | \
- BIT(18) | BIT(19) | \
- BIT(20) | BIT(21)))
-#define HE_OPERATION_RTS_THRESHOLD_OFFSET 12
+#define HE_OPERATION_DFLT_PE_DURATION_MASK ((u32) (BIT(0) | BIT(1) | \
+ BIT(2)))
+#define HE_OPERATION_DFLT_PE_DURATION_OFFSET 0
+#define HE_OPERATION_TWT_REQUIRED ((u32) BIT(3))
+#define HE_OPERATION_RTS_THRESHOLD_MASK ((u32) (BIT(4) | BIT(5) | \
+ BIT(6) | BIT(7) | \
+ BIT(8) | BIT(9) | \
+ BIT(10) | BIT(11) | \
+ BIT(12) | BIT(13)))
+#define HE_OPERATION_RTS_THRESHOLD_OFFSET 4
+#define HE_OPERATION_BSS_COLOR_MASK ((u32) (BIT(24) | BIT(25) | \
+ BIT(26) | BIT(27) | \
+ BIT(28) | BIT(29)))
+#define HE_OPERATION_PARTIAL_BSS_COLOR ((u32) BIT(30))
+#define HE_OPERATION_BSS_COLOR_DISABLED ((u32) BIT(31))
+#define HE_OPERATION_BSS_COLOR_OFFSET 24
+
+/* Spatial Reuse defines */
+#define SPATIAL_REUSE_SRP_DISALLOWED BIT(0)
+#define SPATIAL_REUSE_NON_SRG_OBSS_PD_SR_DISALLOWED BIT(1)
+#define SPATIAL_REUSE_NON_SRG_OFFSET_PRESENT BIT(2)
+#define SPATIAL_REUSE_SRG_INFORMATION_PRESENT BIT(3)
+#define SPATIAL_REUSE_HESIGA_SR_VAL15_ALLOWED BIT(4)
struct ieee80211_he_mu_edca_parameter_set {
u8 he_qos_info;
diff --git a/src/common/qca-vendor.h b/src/common/qca-vendor.h
index c34a3bc..0c607b8 100644
--- a/src/common/qca-vendor.h
+++ b/src/common/qca-vendor.h
@@ -1,7 +1,7 @@
/*
* Qualcomm Atheros OUI and vendor specific assignments
* Copyright (c) 2014-2017, Qualcomm Atheros, Inc.
- * Copyright (c) 2018, The Linux Foundation
+ * Copyright (c) 2018-2019, The Linux Foundation
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -98,6 +98,9 @@
* which supports DFS offloading, to indicate a radar pattern has been
* detected. The channel is now unusable.
*
+ * @QCA_NL80211_VENDOR_SUBCMD_GET_WIFI_INFO: Get information from the driver.
+ * Attributes defined in enum qca_wlan_vendor_attr_get_wifi_info.
+ *
* @QCA_NL80211_VENDOR_SUBCMD_GET_LOGGER_FEATURE_SET: Get the feature bitmap
* based on enum wifi_logger_supported_features. Attributes defined in
* enum qca_wlan_vendor_attr_get_logger_features.
@@ -373,7 +376,9 @@
* @QCA_NL80211_VENDOR_SUBCMD_SPECTRAL_SCAN_START: Start spectral scan. The scan
* parameters are specified by enum qca_wlan_vendor_attr_spectral_scan.
* This returns a cookie (%QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_COOKIE)
- * identifying the operation in success case.
+ * identifying the operation in success case. In failure cases an
+ * error code (%QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_ERROR_CODE)
+ * describing the reason for the failure is returned.
*
* @QCA_NL80211_VENDOR_SUBCMD_SPECTRAL_SCAN_STOP: Stop spectral scan. This uses
* a cookie (%QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_COOKIE) from
@@ -524,6 +529,61 @@
* parameters including Zigbee state and specific WLAN periods to enhance
* PTA master. All these parameters are delivered by the attributes
* defined in enum qca_mpta_helper_vendor_attr.
+ * @QCA_NL80211_VENDOR_SUBCMD_BEACON_REPORTING: This sub command is used to
+ * implement Beacon frame reporting feature.
+ *
+ * Userspace can request the driver/firmware to periodically report
+ * received Beacon frames whose BSSID is same as the current connected
+ * BSS's MAC address.
+ *
+ * In case the STA seamlessly (without sending disconnect indication to
+ * userspace) roams to a different BSS, Beacon frame reporting will be
+ * automatically enabled for the Beacon frames whose BSSID is same as the
+ * MAC address of the new BSS. Beacon reporting will be stopped when the
+ * STA is disconnected (when the disconnect indication is sent to
+ * userspace) and need to be explicitly enabled by userspace for next
+ * connection.
+ *
+ * When a Beacon frame matching configured conditions is received, and if
+ * userspace has requested to send asynchronous beacon reports, the
+ * driver/firmware will encapsulate the details of the Beacon frame in an
+ * event and send it to userspace along with updating the BSS information
+ * in cfg80211 scan cache, otherwise driver will only update the cfg80211
+ * scan cache with the information from the received Beacon frame but will
+ * not send any active report to userspace.
+ *
+ * The userspace can request the driver/firmware to stop reporting Beacon
+ * frames. If the driver/firmware is not able to receive Beacon frames due
+ * to other Wi-Fi operations such as off-channel activities, etc., the
+ * driver/firmware will send a pause event to userspace and stop reporting
+ * Beacon frames. Whether the beacon reporting will be automatically
+ * resumed or not by the driver/firmware later will be reported to
+ * userspace using the QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_AUTO_RESUMES
+ * flag. The beacon reporting shall be resumed for all the cases except
+ * either when userspace sets
+ * QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_DO_NOT_RESUME flag in the command
+ * which triggered the current beacon reporting or during any disconnection
+ * case as indicated by setting
+ * QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_PAUSE_REASON to
+ * QCA_WLAN_VENDOR_BEACON_REPORTING_PAUSE_REASON_DISCONNECTED by the
+ * driver.
+ *
+ * After QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_OP_PAUSE event is received
+ * by userspace with QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_AUTO_RESUMES
+ * flag not set, the next first
+ * QCA_WLAN_VENDOR_BEACON_REPORTING_OP_BEACON_INFO event from the driver
+ * shall be considered as un-pause event.
+ *
+ * All the attributes used with this command are defined in
+ * enum qca_wlan_vendor_attr_beacon_reporting_params.
+ * @QCA_NL80211_VENDOR_SUBCMD_INTEROP_ISSUES_AP: In practice, some APs have
+ * interop issues with the DUT. This sub command is used to transfer the
+ * AP info between the driver and user space. This works both as a command
+ * and an event. As a command, it configures the stored list of APs from
+ * user space to firmware; as an event, it indicates the AP info detected
+ * by the firmware to user space for persistent storage. The attributes
+ * defined in enum qca_vendor_attr_interop_issues_ap are used to deliver
+ * the parameters.
*/
enum qca_nl80211_vendor_subcmds {
QCA_NL80211_VENDOR_SUBCMD_UNSPEC = 0,
@@ -692,6 +752,8 @@
QCA_NL80211_VENDOR_SUBCMD_GET_FW_STATE = 177,
QCA_NL80211_VENDOR_SUBCMD_PEER_STATS_CACHE_FLUSH = 178,
QCA_NL80211_VENDOR_SUBCMD_MPTA_HELPER_CONFIG = 179,
+ QCA_NL80211_VENDOR_SUBCMD_BEACON_REPORTING = 180,
+ QCA_NL80211_VENDOR_SUBCMD_INTEROP_ISSUES_AP = 181,
};
enum qca_wlan_vendor_attr {
@@ -3204,11 +3266,28 @@
/**
* enum qca_wlan_vendor_attr_get_wifi_info: Attributes for data used by
* QCA_NL80211_VENDOR_SUBCMD_GET_WIFI_INFO sub command.
+ *
+ * @QCA_WLAN_VENDOR_ATTR_WIFI_INFO_DRIVER_VERSION: In a request this attribute
+ * should be set to any U8 value to indicate that the driver version
+ * should be returned. When enabled in this manner, in a response this
+ * attribute will contain a string representation of the driver version.
+ *
+ * @QCA_WLAN_VENDOR_ATTR_WIFI_INFO_FIRMWARE_VERSION: In a request this attribute
+ * should be set to any U8 value to indicate that the firmware version
+ * should be returned. When enabled in this manner, in a response this
+ * attribute will contain a string representation of the firmware version.
+ *
+ * @QCA_WLAN_VENDOR_ATTR_WIFI_INFO_RADIO_INDEX: In a request this attribute
+ * should be set to any U32 value to indicate that the current radio
+ * index should be returned. When enabled in this manner, in a response
+ * this attribute will contain a U32 radio index value.
+ *
*/
enum qca_wlan_vendor_attr_get_wifi_info {
QCA_WLAN_VENDOR_ATTR_WIFI_INFO_GET_INVALID = 0,
QCA_WLAN_VENDOR_ATTR_WIFI_INFO_DRIVER_VERSION = 1,
QCA_WLAN_VENDOR_ATTR_WIFI_INFO_FIRMWARE_VERSION = 2,
+ QCA_WLAN_VENDOR_ATTR_WIFI_INFO_RADIO_INDEX = 3,
/* keep last */
QCA_WLAN_VENDOR_ATTR_WIFI_INFO_GET_AFTER_LAST,
@@ -4481,6 +4560,44 @@
* qca_wlan_vendor_attr_spectral_scan_request_type.
*/
QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_REQUEST_TYPE = 23,
+ /* This specifies the frequency span over which spectral
+ * scan would be carried out. Its value depends on the
+ * value of QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_MODE and
+ * the relation is as follows.
+ * QCA_WLAN_VENDOR_SPECTRAL_SCAN_MODE_NORMAL
+ * Not applicable. Spectral scan would happen in the
+ * operating span.
+ * QCA_WLAN_VENDOR_SPECTRAL_SCAN_MODE_AGILE
+ * Center frequency (in MHz) of the span of interest or
+ * for convenience, center frequency (in MHz) of any channel
+ * in the span of interest. If agile spectral scan is initiated
+ * without setting a valid frequency it returns the error code
+ * (QCA_WLAN_VENDOR_SPECTRAL_SCAN_ERR_PARAM_NOT_INITIALIZED).
+ * u32 attribute.
+ */
+ QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_FREQUENCY = 24,
+ /* Spectral scan mode. u32 attribute.
+ * It uses values defined in enum qca_wlan_vendor_spectral_scan_mode.
+ * If this attribute is not present, it is assumed to be
+ * normal mode (QCA_WLAN_VENDOR_SPECTRAL_SCAN_MODE_NORMAL).
+ */
+ QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_MODE = 25,
+ /* Spectral scan error code. u32 attribute.
+ * It uses values defined in enum
+ * qca_wlan_vendor_spectral_scan_error_code.
+ * This attribute is included only in failure scenarios.
+ */
+ QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_ERROR_CODE = 26,
+ /* 8-bit unsigned value to enable/disable debug of the
+ * Spectral DMA ring.
+ * 1-enable, 0-disable
+ */
+ QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_DMA_RING_DEBUG = 27,
+ /* 8-bit unsigned value to enable/disable debug of the
+ * Spectral DMA buffers.
+ * 1-enable, 0-disable
+ */
+ QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_DMA_BUFFER_DEBUG = 28,
QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_AFTER_LAST,
QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_MAX =
@@ -4559,6 +4676,8 @@
* u8 attribute.
*/
QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_DEFAULT_AGC_MAX_GAIN = 10,
+ /* Flag attribute to indicate agile spectral scan capability */
+ QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_AGILE_SPECTRAL = 11,
QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_AFTER_LAST,
QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_MAX =
@@ -4575,6 +4694,13 @@
QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_STATUS_IS_ENABLED = 1,
/* Flag attribute to indicate whether spectral scan is in progress*/
QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_STATUS_IS_ACTIVE = 2,
+ /* Spectral scan mode. u32 attribute.
+ * It uses values defined in enum qca_wlan_vendor_spectral_scan_mode.
+ * If this attribute is not present, normal mode
+ * (QCA_WLAN_VENDOR_SPECTRAL_SCAN_MODE_NORMAL is assumed to be
+ * requested.
+ */
+ QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_STATUS_MODE = 3,
QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_STATUS_AFTER_LAST,
QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_STATUS_MAX =
@@ -4600,6 +4726,43 @@
};
/**
+ * qca_wlan_vendor_spectral_scan_mode: Attribute values for
+ * QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_MODE in the vendor subcmd
+ * QCA_NL80211_VENDOR_SUBCMD_SPECTRAL_SCAN_START and
+ * QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_STATUS_MODE in the vendor subcmd
+ * QCA_NL80211_VENDOR_SUBCMD_SPECTRAL_SCAN_GET_STATUS. This represents the
+ * spectral scan modes.
+ * @QCA_WLAN_VENDOR_SPECTRAL_SCAN_MODE_NORMAL: Normal spectral scan:
+ * spectral scan in the current operating span.
+ * @QCA_WLAN_VENDOR_SPECTRAL_SCAN_MODE_AGILE: Agile spectral scan:
+ * spectral scan in the configured agile span.
+ */
+enum qca_wlan_vendor_spectral_scan_mode {
+ QCA_WLAN_VENDOR_SPECTRAL_SCAN_MODE_NORMAL = 0,
+ QCA_WLAN_VENDOR_SPECTRAL_SCAN_MODE_AGILE = 1,
+};
+
+/**
+ * qca_wlan_vendor_spectral_scan_error_code: Attribute values for
+ * QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_ERROR_CODE in the vendor subcmd
+ * QCA_NL80211_VENDOR_SUBCMD_SPECTRAL_SCAN_START.
+ * @QCA_WLAN_VENDOR_SPECTRAL_SCAN_ERR_PARAM_UNSUPPORTED: Changing the value
+ * of a parameter is not supported.
+ * @QCA_WLAN_VENDOR_SPECTRAL_SCAN_ERR_MODE_UNSUPPORTED: Requested spectral scan
+ * mode is not supported.
+ * @QCA_WLAN_VENDOR_SPECTRAL_SCAN_ERR_PARAM_INVALID_VALUE: A parameter
+ * has invalid value.
+ * @QCA_WLAN_VENDOR_SPECTRAL_SCAN_ERR_PARAM_NOT_INITIALIZED: A parameter
+ * is not initialized.
+ */
+enum qca_wlan_vendor_spectral_scan_error_code {
+ QCA_WLAN_VENDOR_SPECTRAL_SCAN_ERR_PARAM_UNSUPPORTED = 0,
+ QCA_WLAN_VENDOR_SPECTRAL_SCAN_ERR_MODE_UNSUPPORTED = 1,
+ QCA_WLAN_VENDOR_SPECTRAL_SCAN_ERR_PARAM_INVALID_VALUE = 2,
+ QCA_WLAN_VENDOR_SPECTRAL_SCAN_ERR_PARAM_NOT_INITIALIZED = 3,
+};
+
+/**
* qca_wlan_vendor_spectral_scan_cap_hw_gen: Attribute values for
* QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_HW_GEN to the vendor subcmd
* QCA_NL80211_VENDOR_SUBCMD_SPECTRAL_SCAN_GET_CAP_INFO. This represents the
@@ -6709,4 +6872,234 @@
QCA_MPTA_HELPER_VENDOR_ATTR_AFTER_LAST - 1
};
+/**
+ * enum qca_wlan_vendor_beacon_reporting_op_types - Defines different types of
+ * operations for which %QCA_NL80211_VENDOR_SUBCMD_BEACON_REPORTING can be used.
+ * Will be used by %QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_OP_TYPE.
+ *
+ * @QCA_WLAN_VENDOR_BEACON_REPORTING_OP_START: Sent by userspace to the driver
+ * to request the driver to start reporting Beacon frames.
+ * @QCA_WLAN_VENDOR_BEACON_REPORTING_OP_STOP: Sent by userspace to the driver to
+ * request the driver to stop reporting Beacon frames.
+ * @QCA_WLAN_VENDOR_BEACON_REPORTING_OP_BEACON_INFO: Sent by the driver to
+ * userspace to report received Beacon frames.
+ * @QCA_WLAN_VENDOR_BEACON_REPORTING_OP_PAUSE: Sent by the driver to userspace
+ * to indicate that the driver is going to pause reporting Beacon frames.
+ */
+enum qca_wlan_vendor_beacon_reporting_op_types {
+ QCA_WLAN_VENDOR_BEACON_REPORTING_OP_START = 0,
+ QCA_WLAN_VENDOR_BEACON_REPORTING_OP_STOP = 1,
+ QCA_WLAN_VENDOR_BEACON_REPORTING_OP_BEACON_INFO = 2,
+ QCA_WLAN_VENDOR_BEACON_REPORTING_OP_PAUSE = 3,
+};
+
+/**
+ * enum qca_wlan_vendor_beacon_reporting_pause_reasons - Defines different types
+ * of reasons for which the driver is pausing reporting Beacon frames. Will be
+ * used by %QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_PAUSE_REASON.
+ *
+ * @QCA_WLAN_VENDOR_BEACON_REPORTING_PAUSE_REASON_UNSPECIFIED: For unspecified
+ * reasons.
+ * @QCA_WLAN_VENDOR_BEACON_REPORTING_PAUSE_REASON_SCAN_STARTED: When the
+ * driver/firmware is starting a scan.
+ * @QCA_WLAN_VENDOR_BEACON_REPORTING_PAUSE_REASON_DISCONNECTED: When the
+ * driver/firmware disconnects from the ESS and indicates the disconnection to
+ * userspace (non-seamless roaming case). This reason code will be used by the
+ * driver/firmware to indicate stopping of beacon report events. Userspace will
+ * need to start beacon reporting again (if desired) by sending vendor command
+ * QCA_NL80211_VENDOR_SUBCMD_BEACON_REPORTING with
+ * QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_OP_TYPE set to
+ * QCA_WLAN_VENDOR_BEACON_REPORTING_OP_START after the next connection is
+ * completed.
+ */
+enum qca_wlan_vendor_beacon_reporting_pause_reasons {
+ QCA_WLAN_VENDOR_BEACON_REPORTING_PAUSE_REASON_UNSPECIFIED = 0,
+ QCA_WLAN_VENDOR_BEACON_REPORTING_PAUSE_REASON_SCAN_STARTED = 1,
+ QCA_WLAN_VENDOR_BEACON_REPORTING_PAUSE_REASON_DISCONNECTED = 2,
+};
+
+/*
+ * enum qca_wlan_vendor_attr_beacon_reporting_params - List of attributes used
+ * in vendor sub-command QCA_NL80211_VENDOR_SUBCMD_BEACON_REPORTING.
+ */
+enum qca_wlan_vendor_attr_beacon_reporting_params {
+ QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_INVALID = 0,
+ /* Specifies the type of operation that the vendor command/event is
+ * intended for. Possible values for this attribute are defined in
+ * enum qca_wlan_vendor_beacon_reporting_op_types. u32 attribute.
+ */
+ QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_OP_TYPE = 1,
+ /* Optionally set by userspace to request the driver to report Beacon
+ * frames using asynchronous vendor events when the
+ * QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_OP_TYPE is set to
+ * QCA_WLAN_VENDOR_BEACON_REPORTING_OP_START. NLA_FLAG attribute.
+ * If this flag is not set, the driver will only update Beacon frames in
+ * cfg80211 scan cache but not send any vendor events.
+ */
+ QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_ACTIVE_REPORTING = 2,
+ /* Optionally used by userspace to request the driver/firmware to report
+ * Beacon frames periodically when the
+ * QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_OP_TYPE is set to
+ * QCA_WLAN_VENDOR_BEACON_REPORTING_OP_START.
+ * u32 attribute, indicates the period of Beacon frames to be reported
+ * and in the units of beacon interval.
+ * If this attribute is missing in the command, then the default value
+ * of 1 will be assumed by driver, i.e., to report every Beacon frame.
+ * Zero is an invalid value.
+ * If a valid value is received for this attribute, the driver will
+ * update the cfg80211 scan cache periodically as per the value received
+ * in this attribute in addition to updating the cfg80211 scan cache
+ * when there is significant change in Beacon frame IEs.
+ */
+ QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_PERIOD = 3,
+ /* Used by the driver to encapsulate the SSID when the
+ * QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_OP_TYPE is set to
+ * QCA_WLAN_VENDOR_BEACON_REPORTING_OP_BEACON_INFO.
+ * u8 array with a maximum size of 32.
+ *
+ * When generating beacon report from non-MBSSID Beacon frame, the SSID
+ * will be taken from the SSID element of the received Beacon frame.
+ *
+ * When generating beacon report from Multiple BSSID Beacon frame and if
+ * the BSSID of the current connected BSS matches the BSSID of the
+ * transmitting BSS, the SSID will be taken from the SSID element of the
+ * received Beacon frame.
+ *
+ * When generating beacon report from Multiple BSSID Beacon frame and if
+ * the BSSID of the current connected BSS matches the BSSID of one of
+ * the* nontransmitting BSSs, the SSID will be taken from the SSID field
+ * included in the nontransmitted BSS profile whose derived BSSID is
+ * same as the BSSID of the current connected BSS. When there is no
+ * nontransmitted BSS profile whose derived BSSID is same as the BSSID
+ * of current connected* BSS, this attribute will not be present.
+ */
+ QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_SSID = 4,
+ /* Used by the driver to encapsulate the BSSID of the AP to which STA is
+ * currently connected to when the
+ * QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_OP_TYPE is set to
+ * QCA_WLAN_VENDOR_BEACON_REPORTING_OP_BEACON_INFO. u8 array with a
+ * fixed size of 6 bytes.
+ *
+ * When generating beacon report from a Multiple BSSID beacon and the
+ * current connected BSSID matches one of the nontransmitted BSSIDs in a
+ * Multiple BSSID set, this BSSID will be that particular nontransmitted
+ * BSSID and not the transmitted BSSID (i.e., the transmitting address
+ * of the Beacon frame).
+ */
+ QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_BSSID = 5,
+ /* Used by the driver to encapsulate the frequency in MHz on which
+ * the Beacon frame was received when the
+ * QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_OP_TYPE is
+ * set to QCA_WLAN_VENDOR_BEACON_REPORTING_OP_BEACON_INFO.
+ * u32 attribute.
+ */
+ QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_FREQ = 6,
+ /* Used by the driver to encapsulate the Beacon interval
+ * when the QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_OP_TYPE is set to
+ * QCA_WLAN_VENDOR_BEACON_REPORTING_OP_BEACON_INFO.
+ * u16 attribute. The value will be copied from the Beacon frame and the
+ * units are TUs.
+ */
+ QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_BI = 7,
+ /* Used by the driver to encapsulate the Timestamp field from the Beacon
+ * frame when the QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_OP_TYPE is set
+ * to QCA_WLAN_VENDOR_BEACON_REPORTING_OP_BEACON_INFO.
+ * u64 attribute.
+ */
+ QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_TSF = 8,
+ /* Used by the driver to encapsulate the CLOCK_BOOTTIME when this
+ * Beacon frame is received in the driver when the
+ * QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_OP_TYPE is set to
+ * QCA_WLAN_VENDOR_BEACON_REPORTING_OP_BEACON_INFO. u64 attribute, in
+ * the units of nanoseconds. This value is expected to have accuracy of
+ * about 10 ms.
+ */
+ QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_BOOTTIME_WHEN_RECEIVED = 9,
+ /* Used by the driver to encapsulate the IEs of the Beacon frame from
+ * which this event is generated when the
+ * QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_OP_TYPE is set to
+ * QCA_WLAN_VENDOR_BEACON_REPORTING_OP_BEACON_INFO. u8 array.
+ */
+ QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_IES = 10,
+ /* Used by the driver to specify the reason for the driver/firmware to
+ * pause sending beacons to userspace when the
+ * QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_OP_TYPE is set to
+ * QCA_WLAN_VENDOR_BEACON_REPORTING_OP_PAUSE. Possible values are
+ * defined in enum qca_wlan_vendor_beacon_reporting_pause_reasons, u32
+ * attribute.
+ */
+ QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_PAUSE_REASON = 11,
+ /* Used by the driver to specify whether the driver will automatically
+ * resume reporting beacon events to userspace later (for example after
+ * the ongoing off-channel activity is completed etc.) when the
+ * QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_OP_TYPE is set to
+ * QCA_WLAN_VENDOR_BEACON_REPORTING_OP_PAUSE. NLA_FLAG attribute.
+ */
+ QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_AUTO_RESUMES = 12,
+ /* Optionally set by userspace to request the driver not to resume
+ * beacon reporting after a pause is completed, when the
+ * QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_OP_TYPE is set to
+ * QCA_WLAN_VENDOR_BEACON_REPORTING_OP_START. NLA_FLAG attribute.
+ * If this flag is set, the driver will not resume beacon reporting
+ * after any pause in beacon reporting is completed. Userspace has to
+ * send QCA_WLAN_VENDOR_BEACON_REPORTING_OP_START command again in order
+ * to initiate beacon reporting again. If this flag is set in the recent
+ * QCA_WLAN_VENDOR_BEACON_REPORTING_OP_START command, then in the
+ * subsequent QCA_WLAN_VENDOR_BEACON_REPORTING_OP_PAUSE event (if any)
+ * the QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_AUTO_RESUMES shall not be
+ * set by the driver. Setting this flag until and unless there is a
+ * specific need is not recommended as there is a chance of some beacons
+ * received after pause command and next start command being not
+ * reported.
+ */
+ QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_DO_NOT_RESUME = 13,
+
+ /* Keep last */
+ QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_LAST,
+ QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_MAX =
+ QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_LAST - 1
+};
+
+/**
+ * enum qca_vendor_interop_issues_ap_type - Interop issue types
+ * This enum defines the valid set of values of interop issue types. These
+ * values are used by attribute %QCA_WLAN_VENDOR_ATTR_INTEROP_ISSUES_AP_TYPE.
+ *
+ * @QCA_VENDOR_INTEROP_ISSUES_AP_ON_STA_PS: The AP has power save interop issue
+ * when the STA's Qpower feature is enabled.
+ */
+enum qca_vendor_interop_issues_ap_type {
+ QCA_VENDOR_INTEROP_ISSUES_AP_INVALID = 0,
+ QCA_VENDOR_INTEROP_ISSUES_AP_ON_STA_PS = 1,
+};
+
+/**
+ * enum qca_vendor_attr_interop_issues_ap - attribute for AP with interop issues
+ * Values are used by %QCA_NL80211_VENDOR_SUBCMD_INTEROP_ISSUES_AP.
+ *
+ * @QCA_WLAN_VENDOR_ATTR_INTEROP_ISSUES_AP_INVALID: Invalid value
+ * @QCA_WLAN_VENDOR_ATTR_INTEROP_ISSUES_AP_TYPE: Interop issue type
+ * 32-bit unsigned value. The values defined in enum
+ * qca_vendor_interop_issues_ap_type are used.
+ * @QCA_WLAN_VENDOR_ATTR_INTEROP_ISSUES_AP_LIST: APs' BSSID container
+ * array of nested QCA_WLAN_VENDOR_ATTR_INTEROP_ISSUES_AP_BSSID attributes.
+ * It is present and mandatory for the command but is not used for the event
+ * since only a single BSSID is reported in an event.
+ * @QCA_WLAN_VENDOR_ATTR_INTEROP_ISSUES_AP_BSSID: AP's BSSID 6-byte MAC address.
+ * It is used within the nested QCA_WLAN_VENDOR_ATTR_INTEROP_ISSUES_AP_LIST
+ * attribute in command case and without such encapsulation in the event case.
+ * @QCA_WLAN_VENDOR_ATTR_INTEROP_ISSUES_AP_AFTER_LAST: last value
+ * @QCA_WLAN_VENDOR_ATTR_INTEROP_ISSUES_AP_MAX: max value
+ */
+enum qca_vendor_attr_interop_issues_ap {
+ QCA_WLAN_VENDOR_ATTR_INTEROP_ISSUES_AP_INVALID,
+ QCA_WLAN_VENDOR_ATTR_INTEROP_ISSUES_AP_TYPE,
+ QCA_WLAN_VENDOR_ATTR_INTEROP_ISSUES_AP_LIST,
+ QCA_WLAN_VENDOR_ATTR_INTEROP_ISSUES_AP_BSSID,
+ /* keep last */
+ QCA_WLAN_VENDOR_ATTR_INTEROP_ISSUES_AP_AFTER_LAST,
+ QCA_WLAN_VENDOR_ATTR_INTEROP_ISSUES_AP_MAX =
+ QCA_WLAN_VENDOR_ATTR_INTEROP_ISSUES_AP_AFTER_LAST - 1
+};
+
#endif /* QCA_VENDOR_H */
diff --git a/src/common/sae.c b/src/common/sae.c
index 0d56e55..0da7145 100644
--- a/src/common/sae.c
+++ b/src/common/sae.c
@@ -15,35 +15,22 @@
#include "crypto/random.h"
#include "crypto/dh_groups.h"
#include "ieee802_11_defs.h"
+#include "dragonfly.h"
#include "sae.h"
-static int sae_suitable_group(int group)
-{
-#ifdef CONFIG_TESTING_OPTIONS
- /* Allow all groups for testing purposes in non-production builds. */
- return 1;
-#else /* CONFIG_TESTING_OPTIONS */
- /* Enforce REVmd rules on which SAE groups are suitable for production
- * purposes: FFC groups whose prime is >= 3072 bits and ECC groups
- * defined over a prime field whose prime is >= 256 bits. Furthermore,
- * ECC groups defined over a characteristic 2 finite field and ECC
- * groups with a co-factor greater than 1 are not suitable. */
- return group == 19 || group == 20 || group == 21 ||
- group == 28 || group == 29 || group == 30 ||
- group == 15 || group == 16 || group == 17 || group == 18;
-#endif /* CONFIG_TESTING_OPTIONS */
-}
-
-
int sae_set_group(struct sae_data *sae, int group)
{
struct sae_temporary_data *tmp;
- if (!sae_suitable_group(group)) {
+#ifdef CONFIG_TESTING_OPTIONS
+ /* Allow all groups for testing purposes in non-production builds. */
+#else /* CONFIG_TESTING_OPTIONS */
+ if (!dragonfly_suitable_group(group, 0)) {
wpa_printf(MSG_DEBUG, "SAE: Reject unsuitable group %d", group);
return -1;
}
+#endif /* CONFIG_TESTING_OPTIONS */
sae_clear_data(sae);
tmp = sae->tmp = os_zalloc(sizeof(*tmp));
@@ -134,58 +121,6 @@
}
-static void buf_shift_right(u8 *buf, size_t len, size_t bits)
-{
- size_t i;
- for (i = len - 1; i > 0; i--)
- buf[i] = (buf[i - 1] << (8 - bits)) | (buf[i] >> bits);
- buf[0] >>= bits;
-}
-
-
-static struct crypto_bignum * sae_get_rand(struct sae_data *sae)
-{
- u8 val[SAE_MAX_PRIME_LEN];
- int iter = 0;
- struct crypto_bignum *bn = NULL;
- int order_len_bits = crypto_bignum_bits(sae->tmp->order);
- size_t order_len = (order_len_bits + 7) / 8;
-
- if (order_len > sizeof(val))
- return NULL;
-
- for (;;) {
- if (iter++ > 100 || random_get_bytes(val, order_len) < 0)
- return NULL;
- if (order_len_bits % 8)
- buf_shift_right(val, order_len, 8 - order_len_bits % 8);
- bn = crypto_bignum_init_set(val, order_len);
- if (bn == NULL)
- return NULL;
- if (crypto_bignum_is_zero(bn) ||
- crypto_bignum_is_one(bn) ||
- crypto_bignum_cmp(bn, sae->tmp->order) >= 0) {
- crypto_bignum_deinit(bn, 0);
- continue;
- }
- break;
- }
-
- os_memset(val, 0, order_len);
- return bn;
-}
-
-
-static struct crypto_bignum * sae_get_rand_and_mask(struct sae_data *sae)
-{
- crypto_bignum_deinit(sae->tmp->sae_rand, 1);
- sae->tmp->sae_rand = sae_get_rand(sae);
- if (sae->tmp->sae_rand == NULL)
- return NULL;
- return sae_get_rand(sae);
-}
-
-
static void sae_pwd_seed_key(const u8 *addr1, const u8 *addr2, u8 *key)
{
wpa_printf(MSG_DEBUG, "SAE: PWE derivation - addr1=" MACSTR
@@ -200,103 +135,6 @@
}
-static struct crypto_bignum *
-get_rand_1_to_p_1(const u8 *prime, size_t prime_len, size_t prime_bits,
- int *r_odd)
-{
- for (;;) {
- struct crypto_bignum *r;
- u8 tmp[SAE_MAX_ECC_PRIME_LEN];
-
- if (random_get_bytes(tmp, prime_len) < 0)
- break;
- if (prime_bits % 8)
- buf_shift_right(tmp, prime_len, 8 - prime_bits % 8);
- if (os_memcmp(tmp, prime, prime_len) >= 0)
- continue;
- r = crypto_bignum_init_set(tmp, prime_len);
- if (!r)
- break;
- if (crypto_bignum_is_zero(r)) {
- crypto_bignum_deinit(r, 0);
- continue;
- }
-
- *r_odd = tmp[prime_len - 1] & 0x01;
- return r;
- }
-
- return NULL;
-}
-
-
-static int is_quadratic_residue_blind(struct sae_data *sae,
- const u8 *prime, size_t bits,
- const u8 *qr, const u8 *qnr,
- const struct crypto_bignum *y_sqr)
-{
- struct crypto_bignum *r, *num, *qr_or_qnr = NULL;
- int r_odd, check, res = -1;
- u8 qr_or_qnr_bin[SAE_MAX_ECC_PRIME_LEN];
- size_t prime_len = sae->tmp->prime_len;
- unsigned int mask;
-
- /*
- * Use the blinding technique to mask y_sqr while determining
- * whether it is a quadratic residue modulo p to avoid leaking
- * timing information while determining the Legendre symbol.
- *
- * v = y_sqr
- * r = a random number between 1 and p-1, inclusive
- * num = (v * r * r) modulo p
- */
- r = get_rand_1_to_p_1(prime, prime_len, bits, &r_odd);
- if (!r)
- return -1;
-
- num = crypto_bignum_init();
- if (!num ||
- crypto_bignum_mulmod(y_sqr, r, sae->tmp->prime, num) < 0 ||
- crypto_bignum_mulmod(num, r, sae->tmp->prime, num) < 0)
- goto fail;
-
- /*
- * Need to minimize differences in handling different cases, so try to
- * avoid branches and timing differences.
- *
- * If r_odd:
- * num = (num * qr) module p
- * LGR(num, p) = 1 ==> quadratic residue
- * else:
- * num = (num * qnr) module p
- * LGR(num, p) = -1 ==> quadratic residue
- */
- mask = const_time_is_zero(r_odd);
- const_time_select_bin(mask, qnr, qr, prime_len, qr_or_qnr_bin);
- qr_or_qnr = crypto_bignum_init_set(qr_or_qnr_bin, prime_len);
- if (!qr_or_qnr ||
- crypto_bignum_mulmod(num, qr_or_qnr, sae->tmp->prime, num) < 0)
- goto fail;
- /* r_odd is 0 or 1; branchless version of check = r_odd ? 1 : -1, */
- check = const_time_select_int(mask, -1, 1);
-
- res = crypto_bignum_legendre(num, sae->tmp->prime);
- if (res == -2) {
- res = -1;
- goto fail;
- }
- /* branchless version of res = res == check
- * (res is -1, 0, or 1; check is -1 or 1) */
- mask = const_time_eq(res, check);
- res = const_time_select_int(mask, 1, 0);
-fail:
- crypto_bignum_deinit(num, 1);
- crypto_bignum_deinit(r, 1);
- crypto_bignum_deinit(qr_or_qnr, 1);
- return res;
-}
-
-
static int sae_test_pwd_seed_ecc(struct sae_data *sae, const u8 *pwd_seed,
const u8 *prime, const u8 *qr, const u8 *qnr,
u8 *pwd_value)
@@ -304,6 +142,8 @@
struct crypto_bignum *y_sqr, *x_cand;
int res;
size_t bits;
+ int cmp_prime;
+ unsigned int in_range;
wpa_hexdump_key(MSG_DEBUG, "SAE: pwd-seed", pwd_seed, SHA256_MAC_LEN);
@@ -317,8 +157,13 @@
wpa_hexdump_key(MSG_DEBUG, "SAE: pwd-value",
pwd_value, sae->tmp->prime_len);
- if (const_time_memcmp(pwd_value, prime, sae->tmp->prime_len) >= 0)
- return 0;
+ cmp_prime = const_time_memcmp(pwd_value, prime, sae->tmp->prime_len);
+ /* Create a const_time mask for selection based on prf result
+ * being smaller than prime. */
+ in_range = const_time_fill_msb((unsigned int) cmp_prime);
+ /* The algorithm description would skip the next steps if
+ * cmp_prime >= 0 (reutnr 0 here), but go through them regardless to
+ * minimize externally observable differences in behavior. */
x_cand = crypto_bignum_init_set(pwd_value, sae->tmp->prime_len);
if (!x_cand)
@@ -328,9 +173,12 @@
if (!y_sqr)
return -1;
- res = is_quadratic_residue_blind(sae, prime, bits, qr, qnr, y_sqr);
+ res = dragonfly_is_quadratic_residue_blind(sae->tmp->ec, qr, qnr,
+ y_sqr);
crypto_bignum_deinit(y_sqr, 1);
- return res;
+ if (res < 0)
+ return res;
+ return const_time_select_int(in_range, res, 0);
}
@@ -423,42 +271,6 @@
}
-static int get_random_qr_qnr(const u8 *prime, size_t prime_len,
- const struct crypto_bignum *prime_bn,
- size_t prime_bits, struct crypto_bignum **qr,
- struct crypto_bignum **qnr)
-{
- *qr = NULL;
- *qnr = NULL;
-
- while (!(*qr) || !(*qnr)) {
- u8 tmp[SAE_MAX_ECC_PRIME_LEN];
- struct crypto_bignum *q;
- int res;
-
- if (random_get_bytes(tmp, prime_len) < 0)
- break;
- if (prime_bits % 8)
- buf_shift_right(tmp, prime_len, 8 - prime_bits % 8);
- if (os_memcmp(tmp, prime, prime_len) >= 0)
- continue;
- q = crypto_bignum_init_set(tmp, prime_len);
- if (!q)
- break;
- res = crypto_bignum_legendre(q, prime_bn);
-
- if (res == 1 && !(*qr))
- *qr = q;
- else if (res == -1 && !(*qnr))
- *qnr = q;
- else
- crypto_bignum_deinit(q, 0);
- }
-
- return (*qr && *qnr) ? 0 : -1;
-}
-
-
static int sae_derive_pwe_ecc(struct sae_data *sae, const u8 *addr1,
const u8 *addr2, const u8 *password,
size_t password_len, const char *identifier)
@@ -477,7 +289,6 @@
u8 x_cand_bin[SAE_MAX_ECC_PRIME_LEN];
u8 qr_bin[SAE_MAX_ECC_PRIME_LEN];
u8 qnr_bin[SAE_MAX_ECC_PRIME_LEN];
- size_t bits;
int res = -1;
u8 found = 0; /* 0 (false) or 0xff (true) to be used as const_time_*
* mask */
@@ -494,14 +305,12 @@
if (crypto_bignum_to_bin(sae->tmp->prime, prime, sizeof(prime),
prime_len) < 0)
goto fail;
- bits = crypto_ec_prime_len_bits(sae->tmp->ec);
/*
* Create a random quadratic residue (qr) and quadratic non-residue
* (qnr) modulo p for blinding purposes during the loop.
*/
- if (get_random_qr_qnr(prime, prime_len, sae->tmp->prime, bits,
- &qr, &qnr) < 0 ||
+ if (dragonfly_get_random_qr_qnr(sae->tmp->prime, &qr, &qnr) < 0 ||
crypto_bignum_to_bin(qr, qr_bin, sizeof(qr_bin), prime_len) < 0 ||
crypto_bignum_to_bin(qnr, qnr_bin, sizeof(qnr_bin), prime_len) < 0)
goto fail;
@@ -768,48 +577,23 @@
static int sae_derive_commit(struct sae_data *sae)
{
struct crypto_bignum *mask;
- int ret = -1;
- unsigned int counter = 0;
+ int ret;
- do {
- counter++;
- if (counter > 100) {
- /*
- * This cannot really happen in practice if the random
- * number generator is working. Anyway, to avoid even a
- * theoretical infinite loop, break out after 100
- * attemps.
- */
- return -1;
- }
-
- mask = sae_get_rand_and_mask(sae);
- if (mask == NULL) {
- wpa_printf(MSG_DEBUG, "SAE: Could not get rand/mask");
- return -1;
- }
-
- /* commit-scalar = (rand + mask) modulo r */
- if (!sae->tmp->own_commit_scalar) {
- sae->tmp->own_commit_scalar = crypto_bignum_init();
- if (!sae->tmp->own_commit_scalar)
- goto fail;
- }
- crypto_bignum_add(sae->tmp->sae_rand, mask,
- sae->tmp->own_commit_scalar);
- crypto_bignum_mod(sae->tmp->own_commit_scalar, sae->tmp->order,
- sae->tmp->own_commit_scalar);
- } while (crypto_bignum_is_zero(sae->tmp->own_commit_scalar) ||
- crypto_bignum_is_one(sae->tmp->own_commit_scalar));
-
- if ((sae->tmp->ec && sae_derive_commit_element_ecc(sae, mask) < 0) ||
- (sae->tmp->dh && sae_derive_commit_element_ffc(sae, mask) < 0))
- goto fail;
-
- ret = 0;
-fail:
+ mask = crypto_bignum_init();
+ if (!sae->tmp->sae_rand)
+ sae->tmp->sae_rand = crypto_bignum_init();
+ if (!sae->tmp->own_commit_scalar)
+ sae->tmp->own_commit_scalar = crypto_bignum_init();
+ ret = !mask || !sae->tmp->sae_rand || !sae->tmp->own_commit_scalar ||
+ dragonfly_generate_scalar(sae->tmp->order, sae->tmp->sae_rand,
+ mask,
+ sae->tmp->own_commit_scalar) < 0 ||
+ (sae->tmp->ec &&
+ sae_derive_commit_element_ecc(sae, mask) < 0) ||
+ (sae->tmp->dh &&
+ sae_derive_commit_element_ffc(sae, mask) < 0);
crypto_bignum_deinit(mask, 1);
- return ret;
+ return ret ? -1 : 0;
}
diff --git a/src/common/version.h b/src/common/version.h
index eb4f313..031d1be 100644
--- a/src/common/version.h
+++ b/src/common/version.h
@@ -9,6 +9,6 @@
#define GIT_VERSION_STR_POSTFIX ""
#endif /* GIT_VERSION_STR_POSTFIX */
-#define VERSION_STR "2.8-devel" VERSION_STR_POSTFIX GIT_VERSION_STR_POSTFIX
+#define VERSION_STR "2.9-devel" VERSION_STR_POSTFIX GIT_VERSION_STR_POSTFIX
#endif /* VERSION_H */
diff --git a/src/common/wpa_ctrl.h b/src/common/wpa_ctrl.h
index f65077e..b24ae63 100644
--- a/src/common/wpa_ctrl.h
+++ b/src/common/wpa_ctrl.h
@@ -87,6 +87,9 @@
#define WPA_EVENT_BEACON_LOSS "CTRL-EVENT-BEACON-LOSS "
/** Regulatory domain channel */
#define WPA_EVENT_REGDOM_CHANGE "CTRL-EVENT-REGDOM-CHANGE "
+/** Channel switch started (followed by freq=<MHz> and other channel parameters)
+ */
+#define WPA_EVENT_CHANNEL_SWITCH_STARTED "CTRL-EVENT-STARTED-CHANNEL-SWITCH "
/** Channel switch (followed by freq=<MHz> and other channel parameters) */
#define WPA_EVENT_CHANNEL_SWITCH "CTRL-EVENT-CHANNEL-SWITCH "
/** SAE authentication failed due to unknown password identifier */