Merge "Remove a host of incorrect OPENSSL_IS_BORINGSSL ifdefs" am: 5816616438 am: 527a96f5c4 am: 3e0f594533 am: 370ca7de61 am: 74423180cf
Original change: https://android-review.googlesource.com/c/platform/external/wpa_supplicant_8/+/2123558
Change-Id: I3beb7ced495169089c75e5292c97d05523d50032
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/hostapd/Android.mk b/hostapd/Android.mk
index adb4c08..14a7464 100644
--- a/hostapd/Android.mk
+++ b/hostapd/Android.mk
@@ -272,6 +272,7 @@
OBJS += src/common/sae.c
ifdef CONFIG_SAE_PK
L_CFLAGS += -DCONFIG_SAE_PK
+NEED_AES_SIV=y
OBJS += src/common/sae_pk.c
endif
NEED_ECC=y
diff --git a/hostapd/Makefile b/hostapd/Makefile
index 5f06378..88a2e18 100644
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
@@ -295,6 +295,7 @@
OBJS += ../src/common/sae.o
ifdef CONFIG_SAE_PK
CFLAGS += -DCONFIG_SAE_PK
+NEED_AES_SIV=y
OBJS += ../src/common/sae_pk.o
endif
NEED_ECC=y
diff --git a/hostapd/aidl/aidl.cpp b/hostapd/aidl/aidl.cpp
index e02708c..c6088ed 100644
--- a/hostapd/aidl/aidl.cpp
+++ b/hostapd/aidl/aidl.cpp
@@ -34,7 +34,8 @@
int hostapd_aidl_init(struct hapd_interfaces *interfaces)
{
- wpa_printf(MSG_DEBUG, "Initializing aidl control");
+ wpa_printf(MSG_INFO, "Initializing aidl control");
+ wpa_printf(MSG_INFO, "Interface version: %d", Hostapd::version);
std::string instance; // declared here to allow use of goto
ABinderProcess_setupPolling(&aidl_fd);
diff --git a/hostapd/aidl/hostapd.cpp b/hostapd/aidl/hostapd.cpp
index 11d1290..91a0a7e 100644
--- a/hostapd/aidl/hostapd.cpp
+++ b/hostapd/aidl/hostapd.cpp
@@ -670,27 +670,27 @@
iconf->vht_oper_chwidth, iconf->ieee80211n,
iconf->secondary_channel);
switch (iconf->vht_oper_chwidth) {
- case CHANWIDTH_80MHZ:
+ case CONF_OPER_CHWIDTH_80MHZ:
return ChannelBandwidth::BANDWIDTH_80;
- case CHANWIDTH_80P80MHZ:
+ case CONF_OPER_CHWIDTH_80P80MHZ:
return ChannelBandwidth::BANDWIDTH_80P80;
break;
- case CHANWIDTH_160MHZ:
+ case CONF_OPER_CHWIDTH_160MHZ:
return ChannelBandwidth::BANDWIDTH_160;
break;
- case CHANWIDTH_USE_HT:
+ case CONF_OPER_CHWIDTH_USE_HT:
if (iconf->ieee80211n) {
return iconf->secondary_channel != 0 ?
ChannelBandwidth::BANDWIDTH_40 : ChannelBandwidth::BANDWIDTH_20;
}
return ChannelBandwidth::BANDWIDTH_20_NOHT;
- case CHANWIDTH_2160MHZ:
+ case CONF_OPER_CHWIDTH_2160MHZ:
return ChannelBandwidth::BANDWIDTH_2160;
- case CHANWIDTH_4320MHZ:
+ case CONF_OPER_CHWIDTH_4320MHZ:
return ChannelBandwidth::BANDWIDTH_4320;
- case CHANWIDTH_6480MHZ:
+ case CONF_OPER_CHWIDTH_6480MHZ:
return ChannelBandwidth::BANDWIDTH_6480;
- case CHANWIDTH_8640MHZ:
+ case CONF_OPER_CHWIDTH_8640MHZ:
return ChannelBandwidth::BANDWIDTH_8640;
default:
return ChannelBandwidth::BANDWIDTH_INVALID;
@@ -1027,7 +1027,7 @@
iface_hapd->setup_complete_cb_ctx = iface_hapd;
iface_hapd->sta_authorized_cb = onAsyncStaAuthorizedCb;
iface_hapd->sta_authorized_cb_ctx = iface_hapd;
- wpa_msg_register_cb(onAsyncWpaEventCb);
+ wpa_msg_register_aidl_cb(onAsyncWpaEventCb);
if (hostapd_enable_iface(iface_hapd->iface) < 0) {
wpa_printf(
diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c
index ad994d4..6bebcbf 100644
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
@@ -1686,7 +1686,7 @@
return -1;
}
- ieee802_1x_receive(hapd, src, buf, len);
+ ieee802_1x_receive(hapd, src, buf, len, FRAME_ENCRYPTION_UNKNOWN);
os_free(buf);
return 0;
@@ -2531,6 +2531,9 @@
case 160:
bandwidth = CHAN_WIDTH_160;
break;
+ case 320:
+ bandwidth = CHAN_WIDTH_320;
+ break;
default:
bandwidth = CHAN_WIDTH_20;
break;
diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index f37d563..6b4223f 100644
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -871,7 +871,7 @@
# he_oper_chwidth is ignored, and the channel width is derived from the
# configured operating class or center frequency indexes (see
# IEEE P802.11ax/D6.1 Annex E, Table E-4).
-#he_oper_chwidth
+#he_oper_chwidth (see vht_oper_chwidth)
#he_oper_centr_freq_seg0_idx
#he_oper_centr_freq_seg1_idx
@@ -1021,7 +1021,7 @@
# In the 6 GHz band, eht_oper_chwidth is ignored and the channel width is
# derived from the configured operating class (IEEE P802.11be/D1.5,
# Annex E.1 - Country information and operating classes).
-#eht_oper_chwidth
+#eht_oper_chwidth (see vht_oper_chwidth)
#eht_oper_centr_freq_seg0_idx
##### IEEE 802.1X-2004 related configuration ##################################
diff --git a/hostapd/main.c b/hostapd/main.c
index eab57b6..74c7904 100644
--- a/hostapd/main.c
+++ b/hostapd/main.c
@@ -468,7 +468,7 @@
show_version();
fprintf(stderr,
"\n"
- "usage: hostapd [-hdBKtv] [-P <PID file>] [-e <entropy file>] "
+ "usage: hostapd [-hdBKtvq] [-P <PID file>] [-e <entropy file>] "
"\\\n"
" [-g <global ctrl_iface>] [-G <group>]\\\n"
" [-i <comma-separated list of interface names>]\\\n"
@@ -687,7 +687,7 @@
#endif /* CONFIG_DPP */
for (;;) {
- c = getopt(argc, argv, "b:Bde:f:hi:KP:sSTtu:vg:G:");
+ c = getopt(argc, argv, "b:Bde:f:hi:KP:sSTtu:vg:G:q");
if (c < 0)
break;
switch (c) {
@@ -760,6 +760,9 @@
&if_names_size, optarg))
goto out;
break;
+ case 'q':
+ wpa_debug_level++;
+ break;
default:
usage();
break;
diff --git a/hs20/client/osu_client.c b/hs20/client/osu_client.c
index 7b274da..01e7b75 100644
--- a/hs20/client/osu_client.c
+++ b/hs20/client/osu_client.c
@@ -2018,6 +2018,7 @@
struct osu_data *osu = NULL, *last = NULL;
size_t osu_count = 0;
char *pos, *end;
+ int res;
f = fopen(fname, "r");
if (f == NULL) {
@@ -2037,15 +2038,20 @@
osu = last;
last = &osu[osu_count++];
memset(last, 0, sizeof(*last));
- snprintf(last->bssid, sizeof(last->bssid), "%s",
- buf + 13);
+ res = os_snprintf(last->bssid, sizeof(last->bssid),
+ "%s", buf + 13);
+ if (os_snprintf_error(sizeof(last->bssid), res))
+ break;
continue;
}
if (!last)
continue;
if (strncmp(buf, "uri=", 4) == 0) {
- snprintf(last->url, sizeof(last->url), "%s", buf + 4);
+ res = os_snprintf(last->url, sizeof(last->url),
+ "%s", buf + 4);
+ if (os_snprintf_error(sizeof(last->url), res))
+ break;
continue;
}
@@ -2055,26 +2061,37 @@
}
if (strncmp(buf, "osu_ssid=", 9) == 0) {
- snprintf(last->osu_ssid, sizeof(last->osu_ssid),
- "%s", buf + 9);
+ res = os_snprintf(last->osu_ssid,
+ sizeof(last->osu_ssid),
+ "%s", buf + 9);
+ if (os_snprintf_error(sizeof(last->osu_ssid), res))
+ break;
continue;
}
if (strncmp(buf, "osu_ssid2=", 10) == 0) {
- snprintf(last->osu_ssid2, sizeof(last->osu_ssid2),
- "%s", buf + 10);
+ res = os_snprintf(last->osu_ssid2,
+ sizeof(last->osu_ssid2),
+ "%s", buf + 10);
+ if (os_snprintf_error(sizeof(last->osu_ssid2), res))
+ break;
continue;
}
if (os_strncmp(buf, "osu_nai=", 8) == 0) {
- os_snprintf(last->osu_nai, sizeof(last->osu_nai),
- "%s", buf + 8);
+ res = os_snprintf(last->osu_nai, sizeof(last->osu_nai),
+ "%s", buf + 8);
+ if (os_snprintf_error(sizeof(last->osu_nai), res))
+ break;
continue;
}
if (os_strncmp(buf, "osu_nai2=", 9) == 0) {
- os_snprintf(last->osu_nai2, sizeof(last->osu_nai2),
- "%s", buf + 9);
+ res = os_snprintf(last->osu_nai2,
+ sizeof(last->osu_nai2),
+ "%s", buf + 9);
+ if (os_snprintf_error(sizeof(last->osu_nai2), res))
+ break;
continue;
}
@@ -2087,8 +2104,14 @@
continue;
*pos++ = '\0';
txt = &last->friendly_name[last->friendly_name_count++];
- snprintf(txt->lang, sizeof(txt->lang), "%s", buf + 14);
- snprintf(txt->text, sizeof(txt->text), "%s", pos);
+ res = os_snprintf(txt->lang, sizeof(txt->lang),
+ "%s", buf + 14);
+ if (os_snprintf_error(sizeof(txt->lang), res))
+ break;
+ res = os_snprintf(txt->text, sizeof(txt->text),
+ "%s", pos);
+ if (os_snprintf_error(sizeof(txt->text), res))
+ break;
}
if (strncmp(buf, "desc=", 5) == 0) {
@@ -2100,8 +2123,14 @@
continue;
*pos++ = '\0';
txt = &last->serv_desc[last->serv_desc_count++];
- snprintf(txt->lang, sizeof(txt->lang), "%s", buf + 5);
- snprintf(txt->text, sizeof(txt->text), "%s", pos);
+ res = os_snprintf(txt->lang, sizeof(txt->lang),
+ "%s", buf + 5);
+ if (os_snprintf_error(sizeof(txt->lang), res))
+ break;
+ res = os_snprintf(txt->text, sizeof(txt->text),
+ "%s", pos);
+ if (os_snprintf_error(sizeof(txt->text), res))
+ break;
}
if (strncmp(buf, "icon=", 5) == 0) {
@@ -2124,23 +2153,30 @@
if (!end)
continue;
*end = '\0';
- snprintf(icon->lang, sizeof(icon->lang), "%s", pos);
+ res = os_snprintf(icon->lang, sizeof(icon->lang),
+ "%s", pos);
+ if (os_snprintf_error(sizeof(icon->lang), res))
+ break;
pos = end + 1;
end = strchr(pos, ':');
if (end)
*end = '\0';
- snprintf(icon->mime_type, sizeof(icon->mime_type),
- "%s", pos);
- if (!pos)
+ res = os_snprintf(icon->mime_type,
+ sizeof(icon->mime_type), "%s", pos);
+ if (os_snprintf_error(sizeof(icon->mime_type), res))
+ break;
+ if (!end)
continue;
pos = end + 1;
end = strchr(pos, ':');
if (end)
*end = '\0';
- snprintf(icon->filename, sizeof(icon->filename),
- "%s", pos);
+ res = os_snprintf(icon->filename,
+ sizeof(icon->filename), "%s", pos);
+ if (os_snprintf_error(sizeof(icon->filename), res))
+ break;
continue;
}
}
diff --git a/src/ap/acs.c b/src/ap/acs.c
index faaedbf..7708bc2 100644
--- a/src/ap/acs.c
+++ b/src/ap/acs.c
@@ -710,7 +710,7 @@
if (mode->mode == HOSTAPD_MODE_IEEE80211A &&
(iface->conf->ieee80211ac || iface->conf->ieee80211ax)) {
if (hostapd_get_oper_chwidth(iface->conf) ==
- CHANWIDTH_80MHZ &&
+ CONF_OPER_CHWIDTH_80MHZ &&
!acs_usable_bw80_chan(chan)) {
wpa_printf(MSG_DEBUG,
"ACS: Channel %d: not allowed as primary channel for 80 MHz bandwidth",
@@ -719,7 +719,7 @@
}
if (hostapd_get_oper_chwidth(iface->conf) ==
- CHANWIDTH_160MHZ &&
+ CONF_OPER_CHWIDTH_160MHZ &&
!acs_usable_bw160_chan(chan)) {
wpa_printf(MSG_DEBUG,
"ACS: Channel %d: not allowed as primary channel for 160 MHz bandwidth",
@@ -873,12 +873,14 @@
if (iface->conf->ieee80211ac || iface->conf->ieee80211ax) {
switch (hostapd_get_oper_chwidth(iface->conf)) {
- case CHANWIDTH_80MHZ:
+ case CONF_OPER_CHWIDTH_80MHZ:
n_chans = 4;
break;
- case CHANWIDTH_160MHZ:
+ case CONF_OPER_CHWIDTH_160MHZ:
n_chans = 8;
break;
+ default:
+ break;
}
}
@@ -915,13 +917,13 @@
wpa_printf(MSG_DEBUG, "ACS: Adjusting VHT center frequency");
switch (hostapd_get_oper_chwidth(iface->conf)) {
- case CHANWIDTH_USE_HT:
+ case CONF_OPER_CHWIDTH_USE_HT:
offset = 2 * iface->conf->secondary_channel;
break;
- case CHANWIDTH_80MHZ:
+ case CONF_OPER_CHWIDTH_80MHZ:
offset = 6;
break;
- case CHANWIDTH_160MHZ:
+ case CONF_OPER_CHWIDTH_160MHZ:
offset = 14;
break;
default:
diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
index b97d49c..05a1b05 100644
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -1048,7 +1048,7 @@
u32 vht_capab;
int ieee80211ac;
int require_vht;
- u8 vht_oper_chwidth;
+ enum oper_chan_width vht_oper_chwidth;
u8 vht_oper_centr_freq_seg0_idx;
u8 vht_oper_centr_freq_seg1_idx;
u8 ht40_plus_minus_allowed;
@@ -1094,7 +1094,7 @@
struct he_operation he_op;
struct ieee80211_he_mu_edca_parameter_set he_mu_edca;
struct spatial_reuse spr;
- u8 he_oper_chwidth;
+ enum oper_chan_width he_oper_chwidth;
u8 he_oper_centr_freq_seg0_idx;
u8 he_oper_centr_freq_seg1_idx;
u8 he_6ghz_max_mpdu;
@@ -1132,7 +1132,7 @@
int ieee80211be;
#ifdef CONFIG_IEEE80211BE
- u8 eht_oper_chwidth;
+ enum oper_chan_width eht_oper_chwidth;
u8 eht_oper_centr_freq_seg0_idx;
struct eht_phy_capabilities_info eht_phy_capab;
#endif /* CONFIG_IEEE80211BE */
@@ -1144,7 +1144,8 @@
};
-static inline u8 hostapd_get_oper_chwidth(struct hostapd_config *conf)
+static inline enum oper_chan_width
+hostapd_get_oper_chwidth(struct hostapd_config *conf)
{
#ifdef CONFIG_IEEE80211BE
if (conf->ieee80211be)
@@ -1158,11 +1159,14 @@
}
static inline void
-hostapd_set_oper_chwidth(struct hostapd_config *conf, u8 oper_chwidth)
+hostapd_set_oper_chwidth(struct hostapd_config *conf,
+ enum oper_chan_width oper_chwidth)
{
#ifdef CONFIG_IEEE80211BE
if (conf->ieee80211be)
conf->eht_oper_chwidth = oper_chwidth;
+ if (oper_chwidth == CONF_OPER_CHWIDTH_320MHZ)
+ oper_chwidth = CONF_OPER_CHWIDTH_160MHZ;
#endif /* CONFIG_IEEE80211BE */
#ifdef CONFIG_IEEE80211AX
if (conf->ieee80211ax)
@@ -1192,6 +1196,9 @@
#ifdef CONFIG_IEEE80211BE
if (conf->ieee80211be)
conf->eht_oper_centr_freq_seg0_idx = oper_centr_freq_seg0_idx;
+ if (center_idx_to_bw_6ghz(oper_centr_freq_seg0_idx) == 4)
+ oper_centr_freq_seg0_idx +=
+ conf->channel > oper_centr_freq_seg0_idx ? 16 : -16;
#endif /* CONFIG_IEEE80211BE */
#ifdef CONFIG_IEEE80211AX
if (conf->ieee80211ax)
diff --git a/src/ap/ap_drv_ops.c b/src/ap/ap_drv_ops.c
index 8af7a0e..87c3b90 100644
--- a/src/ap/ap_drv_ops.c
+++ b/src/ap/ap_drv_ops.c
@@ -978,13 +978,16 @@
hapd->iface->conf->ieee80211ax ||
hapd->iface->conf->ieee80211ac) &&
params.ht40_enabled) {
- u8 oper_chwidth = hostapd_get_oper_chwidth(hapd->iface->conf);
+ enum oper_chan_width oper_chwidth;
- if (oper_chwidth == CHANWIDTH_80MHZ)
+ oper_chwidth = hostapd_get_oper_chwidth(hapd->iface->conf);
+ if (oper_chwidth == CONF_OPER_CHWIDTH_80MHZ)
params.ch_width = 80;
- else if (oper_chwidth == CHANWIDTH_160MHZ ||
- oper_chwidth == CHANWIDTH_80P80MHZ)
+ else if (oper_chwidth == CONF_OPER_CHWIDTH_160MHZ ||
+ oper_chwidth == CONF_OPER_CHWIDTH_80P80MHZ)
params.ch_width = 160;
+ else if (oper_chwidth == CONF_OPER_CHWIDTH_320MHZ)
+ params.ch_width = 320;
}
if (hapd->iface->conf->op_class)
diff --git a/src/ap/beacon.c b/src/ap/beacon.c
index eaa4033..8676570 100644
--- a/src/ap/beacon.c
+++ b/src/ap/beacon.c
@@ -464,7 +464,8 @@
static u8 * hostapd_gen_probe_resp(struct hostapd_data *hapd,
const struct ieee80211_mgmt *req,
- int is_p2p, size_t *resp_len)
+ int is_p2p, size_t *resp_len,
+ bool bcast_probe_resp)
{
struct ieee80211_mgmt *resp;
u8 *pos, *epos, *csa_pos;
@@ -531,6 +532,9 @@
WLAN_FC_STYPE_PROBE_RESP);
if (req)
os_memcpy(resp->da, req->sa, ETH_ALEN);
+ else if (bcast_probe_resp)
+ os_memset(resp->da, 0xff, ETH_ALEN);
+
os_memcpy(resp->sa, hapd->own_addr, ETH_ALEN);
os_memcpy(resp->bssid, hapd->own_addr, ETH_ALEN);
@@ -1141,7 +1145,7 @@
" signal=%d", MAC2STR(mgmt->sa), ssi_signal);
resp = hostapd_gen_probe_resp(hapd, mgmt, elems.p2p != NULL,
- &resp_len);
+ &resp_len, false);
if (resp == NULL)
return;
@@ -1210,7 +1214,7 @@
"this");
/* Generate a Probe Response template for the non-P2P case */
- return hostapd_gen_probe_resp(hapd, NULL, 0, resp_len);
+ return hostapd_gen_probe_resp(hapd, NULL, 0, resp_len, false);
}
#endif /* NEED_AP_MLME */
@@ -1228,7 +1232,8 @@
hapd->conf->unsol_bcast_probe_resp_interval;
return hostapd_gen_probe_resp(hapd, NULL, 0,
- ¶ms->unsol_bcast_probe_resp_tmpl_len);
+ ¶ms->unsol_bcast_probe_resp_tmpl_len,
+ true);
}
#endif /* CONFIG_IEEE80211AX */
@@ -1275,22 +1280,24 @@
}
} else {
switch (hostapd_get_oper_chwidth(hapd->iconf)) {
- case CHANWIDTH_80P80MHZ:
+ case CONF_OPER_CHWIDTH_80P80MHZ:
mcs_nss_size += 4;
/* fallthrough */
- case CHANWIDTH_160MHZ:
+ case CONF_OPER_CHWIDTH_160MHZ:
mcs_nss_size += 4;
chwidth = FD_CAP_BSS_CHWIDTH_160_80_80;
break;
- case CHANWIDTH_80MHZ:
+ case CONF_OPER_CHWIDTH_80MHZ:
chwidth = FD_CAP_BSS_CHWIDTH_80;
break;
- case CHANWIDTH_USE_HT:
+ case CONF_OPER_CHWIDTH_USE_HT:
if (hapd->iconf->secondary_channel)
chwidth = FD_CAP_BSS_CHWIDTH_40;
else
chwidth = FD_CAP_BSS_CHWIDTH_20;
break;
+ default:
+ break;
}
#ifdef CONFIG_IEEE80211AX
diff --git a/src/ap/dfs.c b/src/ap/dfs.c
index e46dd7e..146dd1a 100644
--- a/src/ap/dfs.c
+++ b/src/ap/dfs.c
@@ -50,15 +50,15 @@
if (iface->conf->ieee80211ac || iface->conf->ieee80211ax) {
switch (hostapd_get_oper_chwidth(iface->conf)) {
- case CHANWIDTH_USE_HT:
+ case CONF_OPER_CHWIDTH_USE_HT:
break;
- case CHANWIDTH_80MHZ:
+ case CONF_OPER_CHWIDTH_80MHZ:
n_chans = 4;
break;
- case CHANWIDTH_160MHZ:
+ case CONF_OPER_CHWIDTH_160MHZ:
n_chans = 8;
break;
- case CHANWIDTH_80P80MHZ:
+ case CONF_OPER_CHWIDTH_80P80MHZ:
n_chans = 4;
*seg1 = 4;
break;
@@ -311,7 +311,7 @@
*oper_centr_freq_seg1_idx = 0;
switch (hostapd_get_oper_chwidth(iface->conf)) {
- case CHANWIDTH_USE_HT:
+ case CONF_OPER_CHWIDTH_USE_HT:
if (secondary_channel == 1)
*oper_centr_freq_seg0_idx = chan->chan + 2;
else if (secondary_channel == -1)
@@ -319,13 +319,13 @@
else
*oper_centr_freq_seg0_idx = chan->chan;
break;
- case CHANWIDTH_80MHZ:
+ case CONF_OPER_CHWIDTH_80MHZ:
*oper_centr_freq_seg0_idx = chan->chan + 6;
break;
- case CHANWIDTH_160MHZ:
+ case CONF_OPER_CHWIDTH_160MHZ:
*oper_centr_freq_seg0_idx = chan->chan + 14;
break;
- case CHANWIDTH_80P80MHZ:
+ case CONF_OPER_CHWIDTH_80P80MHZ:
*oper_centr_freq_seg0_idx = chan->chan + 6;
*oper_centr_freq_seg1_idx = sec_chan_idx_80p80 + 6;
break;
@@ -361,17 +361,17 @@
/* VHT/HE */
if (iface->conf->ieee80211ac || iface->conf->ieee80211ax) {
switch (hostapd_get_oper_chwidth(iface->conf)) {
- case CHANWIDTH_USE_HT:
+ case CONF_OPER_CHWIDTH_USE_HT:
break;
- case CHANWIDTH_80MHZ:
+ case CONF_OPER_CHWIDTH_80MHZ:
channel_no = hostapd_get_oper_centr_freq_seg0_idx(
iface->conf) - 6;
break;
- case CHANWIDTH_160MHZ:
+ case CONF_OPER_CHWIDTH_160MHZ:
channel_no = hostapd_get_oper_centr_freq_seg0_idx(
iface->conf) - 14;
break;
- case CHANWIDTH_80P80MHZ:
+ case CONF_OPER_CHWIDTH_80P80MHZ:
channel_no = hostapd_get_oper_centr_freq_seg0_idx(
iface->conf) - 6;
chan_seg1 = hostapd_get_oper_centr_freq_seg1_idx(
@@ -555,7 +555,8 @@
*secondary_channel = 0;
/* Get secondary channel for HT80P80 */
- if (hostapd_get_oper_chwidth(iface->conf) == CHANWIDTH_80P80MHZ) {
+ if (hostapd_get_oper_chwidth(iface->conf) ==
+ CONF_OPER_CHWIDTH_80P80MHZ) {
if (num_available_chandefs <= 1) {
wpa_printf(MSG_ERROR,
"only 1 valid chan, can't support 80+80");
@@ -1220,7 +1221,7 @@
int oper_chwidth;
oper_chwidth = hostapd_get_oper_chwidth(iface->conf);
- if (oper_chwidth == CHANWIDTH_USE_HT)
+ if (oper_chwidth == CONF_OPER_CHWIDTH_USE_HT)
break;
*channel_type = DFS_AVAILABLE;
hostapd_set_oper_chwidth(iface->conf, oper_chwidth - 1);
diff --git a/src/ap/dpp_hostapd.c b/src/ap/dpp_hostapd.c
index d4cbed8..2613c0c 100644
--- a/src/ap/dpp_hostapd.c
+++ b/src/ap/dpp_hostapd.c
@@ -832,7 +832,17 @@
}
addr = get_param(cmd, " tcp_addr=");
- if (addr) {
+ if (addr && os_strcmp(addr, "from-uri") == 0) {
+ os_free(addr);
+ if (!peer_bi->host) {
+ wpa_printf(MSG_INFO,
+ "DPP: TCP address not available in peer URI");
+ return -1;
+ }
+ tcp = 1;
+ os_memcpy(&ipaddr, peer_bi->host, sizeof(ipaddr));
+ tcp_port = peer_bi->port;
+ } else if (addr) {
int res;
res = hostapd_parse_ip_addr(addr, &ipaddr);
@@ -2064,9 +2074,11 @@
try_relay:
#ifdef CONFIG_DPP2
- if (v2)
- dpp_relay_rx_action(hapd->iface->interfaces->dpp,
- src, hdr, buf, len, freq, NULL, NULL, hapd);
+ if (v2 && dpp_relay_rx_action(hapd->iface->interfaces->dpp,
+ src, hdr, buf, len, freq, NULL, NULL,
+ hapd) != 0)
+ wpa_printf(MSG_DEBUG,
+ "DPP: No Relay available for the message");
#else /* CONFIG_DPP2 */
wpa_printf(MSG_DEBUG, "DPP: No relay functionality included - skip");
#endif /* CONFIG_DPP2 */
diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
index 643a273..b1cb31e 100644
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -340,6 +340,16 @@
}
#endif /* CONFIG_WPS */
+ if (check_sa_query_need(hapd, sta)) {
+ status = WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY;
+
+ p = hostapd_eid_assoc_comeback_time(hapd, sta, p);
+
+ hostapd_sta_assoc(hapd, addr, reassoc, status, buf,
+ p - buf);
+ return 0;
+ }
+
if (sta->wpa_sm == NULL)
sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
sta->addr,
@@ -420,16 +430,6 @@
goto fail;
}
- if (check_sa_query_need(hapd, sta)) {
- status = WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY;
-
- p = hostapd_eid_assoc_comeback_time(hapd, sta, p);
-
- hostapd_sta_assoc(hapd, addr, reassoc, status, buf,
- p - buf);
- return 0;
- }
-
if (wpa_auth_uses_mfp(sta->wpa_sm))
sta->flags |= WLAN_STA_MFP;
else
@@ -838,6 +838,9 @@
case CHAN_WIDTH_160:
txt = "160";
break;
+ case CHAN_WIDTH_320:
+ txt = "320";
+ break;
default:
txt = NULL;
break;
@@ -891,19 +894,22 @@
switch (width) {
case CHAN_WIDTH_80:
- chwidth = CHANWIDTH_80MHZ;
+ chwidth = CONF_OPER_CHWIDTH_80MHZ;
break;
case CHAN_WIDTH_80P80:
- chwidth = CHANWIDTH_80P80MHZ;
+ chwidth = CONF_OPER_CHWIDTH_80P80MHZ;
break;
case CHAN_WIDTH_160:
- chwidth = CHANWIDTH_160MHZ;
+ chwidth = CONF_OPER_CHWIDTH_160MHZ;
+ break;
+ case CHAN_WIDTH_320:
+ chwidth = CONF_OPER_CHWIDTH_320MHZ;
break;
case CHAN_WIDTH_20_NOHT:
case CHAN_WIDTH_20:
case CHAN_WIDTH_40:
default:
- chwidth = CHANWIDTH_USE_HT;
+ chwidth = CONF_OPER_CHWIDTH_USE_HT;
break;
}
@@ -979,10 +985,10 @@
hostapd_set_oper_centr_freq_seg1_idx(hapd->iconf, seg1_idx);
if (hapd->iconf->ieee80211ac) {
hapd->iconf->vht_capab &= ~VHT_CAP_SUPP_CHAN_WIDTH_MASK;
- if (chwidth == CHANWIDTH_160MHZ)
+ if (chwidth == CONF_OPER_CHWIDTH_160MHZ)
hapd->iconf->vht_capab |=
VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
- else if (chwidth == CHANWIDTH_80P80MHZ)
+ else if (chwidth == CONF_OPER_CHWIDTH_80P80MHZ)
hapd->iconf->vht_capab |=
VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ;
}
@@ -1145,7 +1151,7 @@
/* set defaults for backwards compatibility */
hostapd_set_oper_centr_freq_seg1_idx(hapd->iconf, 0);
hostapd_set_oper_centr_freq_seg0_idx(hapd->iconf, 0);
- hostapd_set_oper_chwidth(hapd->iconf, CHANWIDTH_USE_HT);
+ hostapd_set_oper_chwidth(hapd->iconf, CONF_OPER_CHWIDTH_USE_HT);
if (acs_res->ch_width == 40) {
if (is_6ghz_freq(acs_res->pri_freq))
hostapd_set_oper_centr_freq_seg0_idx(
@@ -1155,22 +1161,33 @@
hostapd_set_oper_centr_freq_seg0_idx(
hapd->iconf, acs_res->vht_seg0_center_ch);
if (acs_res->vht_seg1_center_ch == 0) {
- hostapd_set_oper_chwidth(hapd->iconf,
- CHANWIDTH_80MHZ);
+ hostapd_set_oper_chwidth(
+ hapd->iconf, CONF_OPER_CHWIDTH_80MHZ);
} else {
- hostapd_set_oper_chwidth(hapd->iconf,
- CHANWIDTH_80P80MHZ);
+ hostapd_set_oper_chwidth(
+ hapd->iconf,
+ CONF_OPER_CHWIDTH_80P80MHZ);
hostapd_set_oper_centr_freq_seg1_idx(
hapd->iconf,
acs_res->vht_seg1_center_ch);
}
} else if (acs_res->ch_width == 160) {
- hostapd_set_oper_chwidth(hapd->iconf, CHANWIDTH_160MHZ);
+ hostapd_set_oper_chwidth(hapd->iconf,
+ CONF_OPER_CHWIDTH_160MHZ);
hostapd_set_oper_centr_freq_seg0_idx(
hapd->iconf, acs_res->vht_seg1_center_ch);
}
}
+#ifdef CONFIG_IEEE80211BE
+ if (hapd->iface->conf->ieee80211be && acs_res->ch_width == 320) {
+ hostapd_set_oper_chwidth(hapd->iconf, CONF_OPER_CHWIDTH_320MHZ);
+ hostapd_set_oper_centr_freq_seg0_idx(
+ hapd->iconf, acs_res->vht_seg1_center_ch);
+ hostapd_set_oper_centr_freq_seg1_idx(hapd->iconf, 0);
+ }
+#endif /* CONFIG_IEEE80211BE */
+
out:
ret = hostapd_acs_completed(hapd->iface, err);
if (ret) {
@@ -1543,7 +1560,8 @@
static void hostapd_event_eapol_rx(struct hostapd_data *hapd, const u8 *src,
- const u8 *data, size_t data_len)
+ const u8 *data, size_t data_len,
+ enum frame_encryption encrypted)
{
struct hostapd_iface *iface = hapd->iface;
struct sta_info *sta;
@@ -1557,7 +1575,7 @@
}
}
- ieee802_1x_receive(hapd, src, data, data_len);
+ ieee802_1x_receive(hapd, src, data, data_len, encrypted);
}
#endif /* HOSTAPD */
@@ -1952,7 +1970,8 @@
case EVENT_EAPOL_RX:
hostapd_event_eapol_rx(hapd, data->eapol_rx.src,
data->eapol_rx.data,
- data->eapol_rx.data_len);
+ data->eapol_rx.data_len,
+ data->eapol_rx.encrypted);
break;
case EVENT_ASSOC:
if (!data)
diff --git a/src/ap/gas_query_ap.c b/src/ap/gas_query_ap.c
index fdb3cad..3d94407 100644
--- a/src/ap/gas_query_ap.c
+++ b/src/ap/gas_query_ap.c
@@ -29,6 +29,8 @@
#define GAS_QUERY_WAIT_TIME_INITIAL 1000
#define GAS_QUERY_WAIT_TIME_COMEBACK 150
+#define GAS_QUERY_MAX_COMEBACK_DELAY 60000
+
/**
* struct gas_query_pending - Pending GAS query
*/
@@ -545,6 +547,8 @@
if (pos + 2 > data + len)
return 0;
comeback_delay = WPA_GET_LE16(pos);
+ if (comeback_delay > GAS_QUERY_MAX_COMEBACK_DELAY)
+ comeback_delay = GAS_QUERY_MAX_COMEBACK_DELAY;
pos += 2;
/* Advertisement Protocol element */
diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c
index ef53c41..05faa0f 100644
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -1718,7 +1718,7 @@
goto fail;
if (iface->conf->op_class) {
- int ch_width;
+ enum oper_chan_width ch_width;
ch_width = op_class_to_ch_width(iface->conf->op_class);
hostapd_set_oper_chwidth(iface->conf, ch_width);
@@ -1784,6 +1784,16 @@
}
+static int fst_hostapd_get_hw_modes_cb(void *ctx,
+ struct hostapd_hw_modes **modes)
+{
+ struct hostapd_data *hapd = ctx;
+
+ *modes = hapd->iface->hw_features;
+ return hapd->iface->num_hw_features;
+}
+
+
static void fst_hostapd_set_ies_cb(void *ctx, const struct wpabuf *fst_ies)
{
struct hostapd_data *hapd = ctx;
@@ -1876,9 +1886,11 @@
void fst_hostapd_fill_iface_obj(struct hostapd_data *hapd,
struct fst_wpa_obj *iface_obj)
{
+ os_memset(iface_obj, 0, sizeof(*iface_obj));
iface_obj->ctx = hapd;
iface_obj->get_bssid = fst_hostapd_get_bssid_cb;
iface_obj->get_channel_info = fst_hostapd_get_channel_info_cb;
+ iface_obj->get_hw_modes = fst_hostapd_get_hw_modes_cb;
iface_obj->set_ies = fst_hostapd_set_ies_cb;
iface_obj->send_action = fst_hostapd_send_action_cb;
iface_obj->get_mb_ie = fst_hostapd_get_mb_ie_cb;
@@ -3491,16 +3503,21 @@
case 0:
case 20:
case 40:
- hostapd_set_oper_chwidth(conf, CHANWIDTH_USE_HT);
+ hostapd_set_oper_chwidth(conf, CONF_OPER_CHWIDTH_USE_HT);
break;
case 80:
if (params->center_freq2)
- hostapd_set_oper_chwidth(conf, CHANWIDTH_80P80MHZ);
+ hostapd_set_oper_chwidth(conf,
+ CONF_OPER_CHWIDTH_80P80MHZ);
else
- hostapd_set_oper_chwidth(conf, CHANWIDTH_80MHZ);
+ hostapd_set_oper_chwidth(conf,
+ CONF_OPER_CHWIDTH_80MHZ);
break;
case 160:
- hostapd_set_oper_chwidth(conf, CHANWIDTH_160MHZ);
+ hostapd_set_oper_chwidth(conf, CONF_OPER_CHWIDTH_160MHZ);
+ break;
+ case 320:
+ hostapd_set_oper_chwidth(conf, CONF_OPER_CHWIDTH_320MHZ);
break;
default:
return -1;
@@ -3538,15 +3555,15 @@
switch (settings->freq_params.bandwidth) {
case 80:
if (settings->freq_params.center_freq2)
- bandwidth = CHANWIDTH_80P80MHZ;
+ bandwidth = CONF_OPER_CHWIDTH_80P80MHZ;
else
- bandwidth = CHANWIDTH_80MHZ;
+ bandwidth = CONF_OPER_CHWIDTH_80MHZ;
break;
case 160:
- bandwidth = CHANWIDTH_160MHZ;
+ bandwidth = CONF_OPER_CHWIDTH_160MHZ;
break;
default:
- bandwidth = CHANWIDTH_USE_HT;
+ bandwidth = CONF_OPER_CHWIDTH_USE_HT;
break;
}
@@ -3676,7 +3693,8 @@
hostapd_switch_channel_fallback(struct hostapd_iface *iface,
const struct hostapd_freq_params *freq_params)
{
- int seg0_idx = 0, seg1_idx = 0, bw = CHANWIDTH_USE_HT;
+ int seg0_idx = 0, seg1_idx = 0;
+ enum oper_chan_width bw = CONF_OPER_CHWIDTH_USE_HT;
wpa_printf(MSG_DEBUG, "Restarting all CSA-related BSSes");
@@ -3689,16 +3707,19 @@
case 0:
case 20:
case 40:
- bw = CHANWIDTH_USE_HT;
+ bw = CONF_OPER_CHWIDTH_USE_HT;
break;
case 80:
if (freq_params->center_freq2)
- bw = CHANWIDTH_80P80MHZ;
+ bw = CONF_OPER_CHWIDTH_80P80MHZ;
else
- bw = CHANWIDTH_80MHZ;
+ bw = CONF_OPER_CHWIDTH_80MHZ;
break;
case 160:
- bw = CHANWIDTH_160MHZ;
+ bw = CONF_OPER_CHWIDTH_160MHZ;
+ break;
+ case 320:
+ bw = CONF_OPER_CHWIDTH_320MHZ;
break;
default:
wpa_printf(MSG_WARNING, "Unknown CSA bandwidth: %d",
@@ -3792,7 +3813,7 @@
r = os_random() % HE_OPERATION_BSS_COLOR_MAX;
for (i = 0; i < HE_OPERATION_BSS_COLOR_MAX; i++) {
- if (r && !(hapd->color_collision_bitmap & BIT(r)))
+ if (r && !(hapd->color_collision_bitmap & (1ULL << r)))
break;
r = (r + 1) % HE_OPERATION_BSS_COLOR_MAX;
diff --git a/src/ap/hostapd.h b/src/ap/hostapd.h
index 6b9b65f..15d59dc 100644
--- a/src/ap/hostapd.h
+++ b/src/ap/hostapd.h
@@ -324,6 +324,7 @@
#ifdef CONFIG_PROXYARP
struct l2_packet_data *sock_dhcp;
struct l2_packet_data *sock_ndisc;
+ bool x_snoop_initialized;
#endif /* CONFIG_PROXYARP */
#ifdef CONFIG_MESH
int num_plinks;
diff --git a/src/ap/hw_features.c b/src/ap/hw_features.c
index 4b66b02..ed5ff41 100644
--- a/src/ap/hw_features.c
+++ b/src/ap/hw_features.c
@@ -371,7 +371,7 @@
iface->conf->secondary_channel = 0;
hostapd_set_oper_centr_freq_seg0_idx(iface->conf, 0);
hostapd_set_oper_centr_freq_seg1_idx(iface->conf, 0);
- hostapd_set_oper_chwidth(iface->conf, CHANWIDTH_USE_HT);
+ hostapd_set_oper_chwidth(iface->conf, CONF_OPER_CHWIDTH_USE_HT);
res = 1;
wpa_printf(MSG_INFO, "Fallback to 20 MHz");
}
@@ -1087,13 +1087,14 @@
if ((iface->conf->hw_mode == HOSTAPD_MODE_IEEE80211G ||
iface->conf->ieee80211n || iface->conf->ieee80211ac ||
- iface->conf->ieee80211ax) &&
+ iface->conf->ieee80211ax || iface->conf->ieee80211be) &&
iface->conf->channel == 14) {
- wpa_printf(MSG_INFO, "Disable OFDM/HT/VHT/HE on channel 14");
+ wpa_printf(MSG_INFO, "Disable OFDM/HT/VHT/HE/EHT on channel 14");
iface->conf->hw_mode = HOSTAPD_MODE_IEEE80211B;
iface->conf->ieee80211n = 0;
iface->conf->ieee80211ac = 0;
iface->conf->ieee80211ax = 0;
+ iface->conf->ieee80211be = 0;
}
iface->current_mode = NULL;
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 394e292..8806a58 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -4629,6 +4629,9 @@
if (hapd->conf->wpa && wpa_ie) {
enum wpa_validate_result res;
+ if (check_sa_query(hapd, sta, reassoc))
+ return WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY;
+
wpa_ie -= 2;
wpa_ie_len += 2;
if (sta->wpa_sm == NULL)
@@ -4652,9 +4655,6 @@
if (resp != WLAN_STATUS_SUCCESS)
return resp;
- if (check_sa_query(hapd, sta, reassoc))
- return WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY;
-
if (wpa_auth_uses_mfp(sta->wpa_sm))
sta->flags |= WLAN_STA_MFP;
else
@@ -6589,7 +6589,8 @@
ieee802_1x_receive(
hapd, mgmt->da,
wpabuf_head(sta->pending_eapol_rx->buf),
- wpabuf_len(sta->pending_eapol_rx->buf));
+ wpabuf_len(sta->pending_eapol_rx->buf),
+ sta->pending_eapol_rx->encrypted);
}
wpabuf_free(sta->pending_eapol_rx->buf);
os_free(sta->pending_eapol_rx);
@@ -7032,7 +7033,7 @@
#endif /* CONFIG_IEEE80211AX */
switch (hostapd_get_oper_chwidth(iconf)) {
- case CHANWIDTH_USE_HT:
+ case CONF_OPER_CHWIDTH_USE_HT:
if (iconf->secondary_channel == 0) {
/* Max Transmit Power count = 0 (20 MHz) */
tx_pwr_count = 0;
@@ -7041,12 +7042,12 @@
tx_pwr_count = 1;
}
break;
- case CHANWIDTH_80MHZ:
+ case CONF_OPER_CHWIDTH_80MHZ:
/* Max Transmit Power count = 2 (20, 40, and 80 MHz) */
tx_pwr_count = 2;
break;
- case CHANWIDTH_80P80MHZ:
- case CHANWIDTH_160MHZ:
+ case CONF_OPER_CHWIDTH_80P80MHZ:
+ case CONF_OPER_CHWIDTH_160MHZ:
/* Max Transmit Power count = 3 (20, 40, 80, 160/80+80 MHz) */
tx_pwr_count = 3;
break;
diff --git a/src/ap/ieee802_11_eht.c b/src/ap/ieee802_11_eht.c
index dbbf9a6..ec36a9e 100644
--- a/src/ap/ieee802_11_eht.c
+++ b/src/ap/ieee802_11_eht.c
@@ -41,25 +41,41 @@
}
-static u8 ieee80211_eht_mcs_set_size(const u8 *he_phy_cap,
+static u8 ieee80211_eht_mcs_set_size(enum hostapd_hw_mode mode, u8 opclass,
+ const u8 *he_phy_cap,
const u8 *eht_phy_cap)
{
u8 sz = EHT_PHYCAP_MCS_NSS_LEN_20MHZ_PLUS;
+ bool band24, band5, band6;
- if ((he_phy_cap[HE_PHYCAP_CHANNEL_WIDTH_SET_IDX] &
- (HE_PHYCAP_CHANNEL_WIDTH_SET_40MHZ_IN_2G |
- HE_PHYCAP_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G |
- HE_PHYCAP_CHANNEL_WIDTH_SET_160MHZ_IN_5G |
- HE_PHYCAP_CHANNEL_WIDTH_SET_80PLUS80MHZ_IN_5G)) == 0)
+ band24 = mode == HOSTAPD_MODE_IEEE80211B ||
+ mode == HOSTAPD_MODE_IEEE80211G ||
+ mode == NUM_HOSTAPD_MODES;
+ band5 = mode == HOSTAPD_MODE_IEEE80211A ||
+ mode == NUM_HOSTAPD_MODES;
+ band6 = is_6ghz_op_class(opclass);
+
+ if (band24 &&
+ (he_phy_cap[HE_PHYCAP_CHANNEL_WIDTH_SET_IDX] &
+ HE_PHYCAP_CHANNEL_WIDTH_SET_40MHZ_IN_2G) == 0)
return EHT_PHYCAP_MCS_NSS_LEN_20MHZ_ONLY;
- if (he_phy_cap[HE_PHYCAP_CHANNEL_WIDTH_SET_IDX] &
- (HE_PHYCAP_CHANNEL_WIDTH_SET_160MHZ_IN_5G |
- HE_PHYCAP_CHANNEL_WIDTH_SET_80PLUS80MHZ_IN_5G))
- sz += EHT_PHYCAP_MCS_NSS_LEN_20MHZ_PLUS;
+ if (band5 &&
+ (he_phy_cap[HE_PHYCAP_CHANNEL_WIDTH_SET_IDX] &
+ (HE_PHYCAP_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G |
+ HE_PHYCAP_CHANNEL_WIDTH_SET_160MHZ_IN_5G |
+ HE_PHYCAP_CHANNEL_WIDTH_SET_80PLUS80MHZ_IN_5G)) == 0)
+ return EHT_PHYCAP_MCS_NSS_LEN_20MHZ_ONLY;
- if (eht_phy_cap[EHT_PHYCAP_320MHZ_IN_6GHZ_SUPPORT_IDX] &
- EHT_PHYCAP_320MHZ_IN_6GHZ_SUPPORT_MASK)
+ if (band5 &&
+ (he_phy_cap[HE_PHYCAP_CHANNEL_WIDTH_SET_IDX] &
+ (HE_PHYCAP_CHANNEL_WIDTH_SET_160MHZ_IN_5G |
+ HE_PHYCAP_CHANNEL_WIDTH_SET_80PLUS80MHZ_IN_5G)))
+ sz += EHT_PHYCAP_MCS_NSS_LEN_20MHZ_PLUS;
+
+ if (band6 &&
+ (eht_phy_cap[EHT_PHYCAP_320MHZ_IN_6GHZ_SUPPORT_IDX] &
+ EHT_PHYCAP_320MHZ_IN_6GHZ_SUPPORT_MASK))
sz += EHT_PHYCAP_MCS_NSS_LEN_20MHZ_PLUS;
return sz;
@@ -81,7 +97,8 @@
if (!eht_cap->eht_supported)
return 0;
- len += ieee80211_eht_mcs_set_size(mode->he_capab[opmode].phy_cap,
+ len += ieee80211_eht_mcs_set_size(mode->mode, hapd->iconf->op_class,
+ mode->he_capab[opmode].phy_cap,
eht_cap->phy_cap);
len += ieee80211_eht_ppet_size(WPA_GET_LE16(&eht_cap->ppet[0]),
eht_cap->phy_cap);
@@ -133,7 +150,9 @@
pos = cap->optional;
- mcs_nss_len = ieee80211_eht_mcs_set_size(mode->he_capab[opmode].phy_cap,
+ mcs_nss_len = ieee80211_eht_mcs_set_size(mode->mode,
+ hapd->iconf->op_class,
+ mode->he_capab[opmode].phy_cap,
eht_cap->phy_cap);
if (mcs_nss_len) {
os_memcpy(pos, eht_cap->mcs, mcs_nss_len);
@@ -157,7 +176,8 @@
{
struct hostapd_config *conf = hapd->iconf;
struct ieee80211_eht_operation *oper;
- u8 *pos = eid, chwidth, seg0 = 0, seg1 = 0;
+ u8 *pos = eid, seg0 = 0, seg1 = 0;
+ enum oper_chan_width chwidth;
if (!hapd->iface->current_mode)
return eid;
@@ -177,9 +197,7 @@
seg0 = hostapd_get_oper_centr_freq_seg0_idx(conf);
switch (chwidth) {
-#if 0 /* FIX: Need to clean up CHANWIDTH_* use for protocol vs. internal
- * needs to be able to define this. */
- case CHANWIDTH_320MHZ:
+ case CONF_OPER_CHWIDTH_320MHZ:
oper->oper_info.control |= EHT_OPER_CHANNEL_WIDTH_320MHZ;
seg1 = seg0;
if (hapd->iconf->channel < seg0)
@@ -187,8 +205,7 @@
else
seg0 += 16;
break;
-#endif
- case CHANWIDTH_160MHZ:
+ case CONF_OPER_CHWIDTH_160MHZ:
oper->oper_info.control |= EHT_OPER_CHANNEL_WIDTH_160MHZ;
seg1 = seg0;
if (hapd->iconf->channel < seg0)
@@ -196,10 +213,10 @@
else
seg0 += 8;
break;
- case CHANWIDTH_80MHZ:
+ case CONF_OPER_CHWIDTH_80MHZ:
oper->oper_info.control |= EHT_OPER_CHANNEL_WIDTH_80MHZ;
break;
- case CHANWIDTH_USE_HT:
+ case CONF_OPER_CHWIDTH_USE_HT:
if (seg0)
oper->oper_info.control |= EHT_OPER_CHANNEL_WIDTH_40MHZ;
break;
@@ -257,7 +274,8 @@
capab = (const struct ieee80211_eht_capabilities *) sta_eht_capab;
sta_mcs = capab->optional;
- if (ieee80211_eht_mcs_set_size(mode->he_capab[opmode].phy_cap,
+ if (ieee80211_eht_mcs_set_size(mode->mode, hapd->iconf->op_class,
+ mode->he_capab[opmode].phy_cap,
mode->eht_capab[opmode].phy_cap) ==
EHT_PHYCAP_MCS_NSS_LEN_20MHZ_ONLY)
return check_valid_eht_mcs_nss(
@@ -265,10 +283,14 @@
EHT_PHYCAP_MCS_NSS_LEN_20MHZ_ONLY);
switch (hapd->iface->conf->eht_oper_chwidth) {
- /* TODO: CHANWIDTH_320MHZ */
- case CHANWIDTH_80P80MHZ:
- case CHANWIDTH_160MHZ:
- mcs_count = 2;
+ case CONF_OPER_CHWIDTH_320MHZ:
+ mcs_count++;
+ /* fall through */
+ case CONF_OPER_CHWIDTH_80P80MHZ:
+ case CONF_OPER_CHWIDTH_160MHZ:
+ mcs_count++;
+ break;
+ default:
break;
}
@@ -277,7 +299,9 @@
}
-static bool ieee80211_invalid_eht_cap_size(const u8 *he_cap, const u8 *eht_cap,
+static bool ieee80211_invalid_eht_cap_size(enum hostapd_hw_mode mode,
+ u8 opclass,
+ const u8 *he_cap, const u8 *eht_cap,
size_t len)
{
const struct ieee80211_he_capabilities *he_capab;
@@ -293,7 +317,8 @@
if (len < cap_len)
return true;
- cap_len += ieee80211_eht_mcs_set_size(he_phy_cap, cap->phy_cap);
+ cap_len += ieee80211_eht_mcs_set_size(mode, opclass, he_phy_cap,
+ cap->phy_cap);
if (len < cap_len)
return true;
@@ -310,10 +335,14 @@
const u8 *he_capab, size_t he_capab_len,
const u8 *eht_capab, size_t eht_capab_len)
{
+ struct hostapd_hw_modes *c_mode = hapd->iface->current_mode;
+ enum hostapd_hw_mode mode = c_mode ? c_mode->mode : NUM_HOSTAPD_MODES;
+
if (!hapd->iconf->ieee80211be || hapd->conf->disable_11be ||
!he_capab || he_capab_len < IEEE80211_HE_CAPAB_MIN_LEN ||
!eht_capab ||
- ieee80211_invalid_eht_cap_size(he_capab, eht_capab,
+ ieee80211_invalid_eht_cap_size(mode, hapd->iconf->op_class,
+ he_capab, eht_capab,
eht_capab_len) ||
!check_valid_eht_mcs(hapd, eht_capab, opmode)) {
sta->flags &= ~WLAN_STA_EHT;
diff --git a/src/ap/ieee802_11_he.c b/src/ap/ieee802_11_he.c
index 1e74c58..b5b7e5d 100644
--- a/src/ap/ieee802_11_he.c
+++ b/src/ap/ieee802_11_he.c
@@ -102,20 +102,22 @@
mode->he_capab[opmode].phy_cap);
switch (hapd->iface->conf->he_oper_chwidth) {
- case CHANWIDTH_80P80MHZ:
+ case CONF_OPER_CHWIDTH_80P80MHZ:
he_oper_chwidth |=
HE_PHYCAP_CHANNEL_WIDTH_SET_80PLUS80MHZ_IN_5G;
mcs_nss_size += 4;
/* fall through */
- case CHANWIDTH_160MHZ:
+ case CONF_OPER_CHWIDTH_160MHZ:
he_oper_chwidth |= HE_PHYCAP_CHANNEL_WIDTH_SET_160MHZ_IN_5G;
mcs_nss_size += 4;
/* fall through */
- case CHANWIDTH_80MHZ:
- case CHANWIDTH_USE_HT:
+ case CONF_OPER_CHWIDTH_80MHZ:
+ case CONF_OPER_CHWIDTH_USE_HT:
he_oper_chwidth |= HE_PHYCAP_CHANNEL_WIDTH_SET_40MHZ_IN_2G |
HE_PHYCAP_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G;
break;
+ default:
+ break;
}
ie_size += mcs_nss_size + ppet_size;
@@ -217,7 +219,7 @@
pos += 6; /* skip the fixed part */
if (is_6ghz_op_class(hapd->iconf->op_class)) {
- u8 seg0 = hostapd_get_oper_centr_freq_seg0_idx(hapd->iconf);
+ u8 seg0 = hapd->iconf->he_oper_centr_freq_seg0_idx;
u8 seg1 = hostapd_get_oper_centr_freq_seg1_idx(hapd->iconf);
u8 control;
@@ -430,10 +432,10 @@
* band/stream cases.
*/
switch (hapd->iface->conf->he_oper_chwidth) {
- case CHANWIDTH_80P80MHZ:
+ case CONF_OPER_CHWIDTH_80P80MHZ:
mcs_count = 3;
break;
- case CHANWIDTH_160MHZ:
+ case CONF_OPER_CHWIDTH_160MHZ:
mcs_count = 2;
break;
default:
diff --git a/src/ap/ieee802_11_shared.c b/src/ap/ieee802_11_shared.c
index 6154895..4e7c33e 100644
--- a/src/ap/ieee802_11_shared.c
+++ b/src/ap/ieee802_11_shared.c
@@ -998,7 +998,7 @@
* If a VHT Operation element was present, use it to determine
* the supported channel bandwidth.
*/
- if (oper->vht_op_info_chwidth == 0) {
+ if (oper->vht_op_info_chwidth == CHANWIDTH_USE_HT) {
requested_bw = ht_40mhz ? 40 : 20;
} else if (oper->vht_op_info_chan_center_freq_seg1_idx == 0) {
requested_bw = 80;
diff --git a/src/ap/ieee802_11_vht.c b/src/ap/ieee802_11_vht.c
index 828f0ab..681b6d7 100644
--- a/src/ap/ieee802_11_vht.c
+++ b/src/ap/ieee802_11_vht.c
@@ -96,12 +96,12 @@
hapd->iconf->vht_oper_centr_freq_seg1_idx;
oper->vht_op_info_chwidth = hapd->iconf->vht_oper_chwidth;
- if (hapd->iconf->vht_oper_chwidth == 2) {
+ if (hapd->iconf->vht_oper_chwidth == CONF_OPER_CHWIDTH_160MHZ) {
/*
* Convert 160 MHz channel width to new style as interop
* workaround.
*/
- oper->vht_op_info_chwidth = 1;
+ oper->vht_op_info_chwidth = CHANWIDTH_80MHZ;
oper->vht_op_info_chan_center_freq_seg1_idx =
oper->vht_op_info_chan_center_freq_seg0_idx;
if (hapd->iconf->channel <
@@ -109,12 +109,13 @@
oper->vht_op_info_chan_center_freq_seg0_idx -= 8;
else
oper->vht_op_info_chan_center_freq_seg0_idx += 8;
- } else if (hapd->iconf->vht_oper_chwidth == 3) {
+ } else if (hapd->iconf->vht_oper_chwidth ==
+ CONF_OPER_CHWIDTH_80P80MHZ) {
/*
* Convert 80+80 MHz channel width to new style as interop
* workaround.
*/
- oper->vht_op_info_chwidth = 1;
+ oper->vht_op_info_chwidth = CHANWIDTH_80MHZ;
}
/* VHT Basic MCS set comes from hw */
diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
index fb5e920..d90792c 100644
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
@@ -998,7 +998,7 @@
static void ieee802_1x_save_eapol(struct sta_info *sta, const u8 *buf,
- size_t len)
+ size_t len, enum frame_encryption encrypted)
{
if (sta->pending_eapol_rx) {
wpabuf_free(sta->pending_eapol_rx->buf);
@@ -1016,21 +1016,39 @@
return;
}
+ sta->pending_eapol_rx->encrypted = encrypted;
os_get_reltime(&sta->pending_eapol_rx->rx_time);
}
+static bool ieee802_1x_check_encryption(struct sta_info *sta,
+ enum frame_encryption encrypted,
+ u8 type)
+{
+ if (encrypted != FRAME_NOT_ENCRYPTED)
+ return true;
+ if (type != IEEE802_1X_TYPE_EAP_PACKET &&
+ type != IEEE802_1X_TYPE_EAPOL_START &&
+ type != IEEE802_1X_TYPE_EAPOL_LOGOFF)
+ return true;
+ if (!(sta->flags & WLAN_STA_MFP))
+ return true;
+ return !wpa_auth_pairwise_set(sta->wpa_sm);
+}
+
+
/**
* ieee802_1x_receive - Process the EAPOL frames from the Supplicant
* @hapd: hostapd BSS data
* @sa: Source address (sender of the EAPOL frame)
* @buf: EAPOL frame
* @len: Length of buf in octets
+ * @encrypted: Whether the frame was encrypted
*
* This function is called for each incoming EAPOL frame from the interface
*/
void ieee802_1x_receive(struct hostapd_data *hapd, const u8 *sa, const u8 *buf,
- size_t len)
+ size_t len, enum frame_encryption encrypted)
{
struct sta_info *sta;
struct ieee802_1x_hdr *hdr;
@@ -1043,8 +1061,9 @@
!hapd->conf->wps_state)
return;
- wpa_printf(MSG_DEBUG, "IEEE 802.1X: %lu bytes from " MACSTR,
- (unsigned long) len, MAC2STR(sa));
+ wpa_printf(MSG_DEBUG, "IEEE 802.1X: %lu bytes from " MACSTR
+ " (encrypted=%d)",
+ (unsigned long) len, MAC2STR(sa), encrypted);
sta = ap_get_sta(hapd, sa);
if (!sta || (!(sta->flags & (WLAN_STA_ASSOC | WLAN_STA_PREAUTH)) &&
!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_WIRED))) {
@@ -1054,7 +1073,7 @@
if (sta && (sta->flags & WLAN_STA_AUTH)) {
wpa_printf(MSG_DEBUG, "Saving EAPOL frame from " MACSTR
" for later use", MAC2STR(sta->addr));
- ieee802_1x_save_eapol(sta, buf, len);
+ ieee802_1x_save_eapol(sta, buf, len, encrypted);
}
return;
@@ -1114,6 +1133,12 @@
return;
}
+ if (!ieee802_1x_check_encryption(sta, encrypted, hdr->type)) {
+ wpa_printf(MSG_DEBUG,
+ "IEEE 802.1X: Discard unencrypted EAPOL message - encryption was expected");
+ return;
+ }
+
if (!sta->eapol_sm) {
sta->eapol_sm = ieee802_1x_alloc_eapol_sm(hapd, sta);
if (!sta->eapol_sm)
diff --git a/src/ap/ieee802_1x.h b/src/ap/ieee802_1x.h
index 70dc11a..1469351 100644
--- a/src/ap/ieee802_1x.h
+++ b/src/ap/ieee802_1x.h
@@ -19,7 +19,7 @@
void ieee802_1x_receive(struct hostapd_data *hapd, const u8 *sa, const u8 *buf,
- size_t len);
+ size_t len, enum frame_encryption encrypted);
void ieee802_1x_new_station(struct hostapd_data *hapd, struct sta_info *sta);
void ieee802_1x_free_station(struct hostapd_data *hapd, struct sta_info *sta);
diff --git a/src/ap/neighbor_db.c b/src/ap/neighbor_db.c
index e37324f..52f25eb 100644
--- a/src/ap/neighbor_db.c
+++ b/src/ap/neighbor_db.c
@@ -199,19 +199,21 @@
static enum nr_chan_width hostapd_get_nr_chan_width(struct hostapd_data *hapd,
int ht, int vht, int he)
{
- u8 oper_chwidth = hostapd_get_oper_chwidth(hapd->iconf);
+ enum oper_chan_width oper_chwidth;
+
+ oper_chwidth = hostapd_get_oper_chwidth(hapd->iconf);
if (!ht && !vht && !he)
return NR_CHAN_WIDTH_20;
if (!hapd->iconf->secondary_channel)
return NR_CHAN_WIDTH_20;
- if ((!vht && !he) || oper_chwidth == CHANWIDTH_USE_HT)
+ if ((!vht && !he) || oper_chwidth == CONF_OPER_CHWIDTH_USE_HT)
return NR_CHAN_WIDTH_40;
- if (oper_chwidth == CHANWIDTH_80MHZ)
+ if (oper_chwidth == CONF_OPER_CHWIDTH_80MHZ)
return NR_CHAN_WIDTH_80;
- if (oper_chwidth == CHANWIDTH_160MHZ)
+ if (oper_chwidth == CONF_OPER_CHWIDTH_160MHZ)
return NR_CHAN_WIDTH_160;
- if (oper_chwidth == CHANWIDTH_80P80MHZ)
+ if (oper_chwidth == CONF_OPER_CHWIDTH_80P80MHZ)
return NR_CHAN_WIDTH_80P80;
return NR_CHAN_WIDTH_20;
}
diff --git a/src/ap/preauth_auth.c b/src/ap/preauth_auth.c
index 2ff1861..3284a10 100644
--- a/src/ap/preauth_auth.c
+++ b/src/ap/preauth_auth.c
@@ -90,7 +90,7 @@
return;
sta->preauth_iface = piface;
ieee802_1x_receive(hapd, ethhdr->h_source, (u8 *) (ethhdr + 1),
- len - sizeof(*ethhdr));
+ len - sizeof(*ethhdr), FRAME_ENCRYPTION_UNKNOWN);
}
diff --git a/src/ap/sta_info.h b/src/ap/sta_info.h
index af8f171..5c92e01 100644
--- a/src/ap/sta_info.h
+++ b/src/ap/sta_info.h
@@ -65,6 +65,7 @@
struct pending_eapol_rx {
struct wpabuf *buf;
struct os_reltime rx_time;
+ enum frame_encryption encrypted;
};
enum pasn_fils_state {
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index ad91883..2954af6 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -735,16 +735,13 @@
{
#ifdef CONFIG_P2P
if (WPA_GET_BE32(sm->ip_addr)) {
- u32 start;
wpa_printf(MSG_DEBUG,
"P2P: Free assigned IP address %u.%u.%u.%u from "
- MACSTR,
+ MACSTR " (bit %u)",
sm->ip_addr[0], sm->ip_addr[1],
sm->ip_addr[2], sm->ip_addr[3],
- MAC2STR(sm->addr));
- start = WPA_GET_BE32(sm->wpa_auth->conf.ip_addr_start);
- bitfield_clear(sm->wpa_auth->ip_pool,
- WPA_GET_BE32(sm->ip_addr) - start);
+ MAC2STR(sm->addr), sm->ip_addr_bit);
+ bitfield_clear(sm->wpa_auth->ip_pool, sm->ip_addr_bit);
}
#endif /* CONFIG_P2P */
if (sm->GUpdateStationKeys) {
@@ -2204,6 +2201,7 @@
{
u8 buf[2 + RSN_SELECTOR_LEN + PMKID_LEN], *pmkid = NULL;
size_t pmkid_len = 0;
+ u16 key_info;
SM_ENTRY_MA(WPA_PTK, PTKSTART, wpa_ptk);
sm->PTKRequest = false;
@@ -2307,8 +2305,10 @@
}
if (!pmkid)
pmkid_len = 0;
- wpa_send_eapol(sm->wpa_auth, sm,
- WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL,
+ key_info = WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE;
+ if (sm->pairwise_set && sm->wpa != WPA_VERSION_WPA)
+ key_info |= WPA_KEY_INFO_SECURE;
+ wpa_send_eapol(sm->wpa_auth, sm, key_info, NULL,
sm->ANonce, pmkid, pmkid_len, 0, 0);
}
@@ -2892,6 +2892,7 @@
wpa_printf(MSG_DEBUG, "FILS: Failed to set TK to the driver");
return -1;
}
+ sm->pairwise_set = true;
sm->tk_already_set = true;
wpa_auth_store_ptksa(sm->wpa_auth, sm->addr, sm->pairwise,
@@ -3178,12 +3179,14 @@
if (idx >= 0) {
u32 start = WPA_GET_BE32(wpa_auth->conf.ip_addr_start);
bitfield_set(wpa_auth->ip_pool, idx);
+ sm->ip_addr_bit = idx;
WPA_PUT_BE32(sm->ip_addr, start + idx);
wpa_printf(MSG_DEBUG,
"P2P: Assigned IP address %u.%u.%u.%u to "
- MACSTR, sm->ip_addr[0], sm->ip_addr[1],
+ MACSTR " (bit %u)",
+ sm->ip_addr[0], sm->ip_addr[1],
sm->ip_addr[2], sm->ip_addr[3],
- MAC2STR(sm->addr));
+ MAC2STR(sm->addr), sm->ip_addr_bit);
}
}
#endif /* CONFIG_P2P */
diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
index 17cb5a2..5bd699c 100644
--- a/src/ap/wpa_auth_i.h
+++ b/src/ap/wpa_auth_i.h
@@ -152,6 +152,7 @@
#ifdef CONFIG_P2P
u8 ip_addr[4];
+ unsigned int ip_addr_bit;
#endif /* CONFIG_P2P */
#ifdef CONFIG_FILS
diff --git a/src/ap/x_snoop.c b/src/ap/x_snoop.c
index aef9a53..029f4de 100644
--- a/src/ap/x_snoop.c
+++ b/src/ap/x_snoop.c
@@ -31,6 +31,8 @@
return -1;
}
+ hapd->x_snoop_initialized = true;
+
if (hostapd_drv_br_port_set_attr(hapd, DRV_BR_PORT_ATTR_HAIRPIN_MODE,
1)) {
wpa_printf(MSG_DEBUG,
@@ -125,7 +127,10 @@
void x_snoop_deinit(struct hostapd_data *hapd)
{
+ if (!hapd->x_snoop_initialized)
+ return;
hostapd_drv_br_set_net_param(hapd, DRV_BR_NET_PARAM_GARP_ACCEPT, 0);
hostapd_drv_br_port_set_attr(hapd, DRV_BR_PORT_ATTR_PROXYARP, 0);
hostapd_drv_br_port_set_attr(hapd, DRV_BR_PORT_ATTR_HAIRPIN_MODE, 0);
+ hapd->x_snoop_initialized = false;
}
diff --git a/src/common/defs.h b/src/common/defs.h
index f43bdb5..4e63053 100644
--- a/src/common/defs.h
+++ b/src/common/defs.h
@@ -429,9 +429,26 @@
CHAN_WIDTH_4320,
CHAN_WIDTH_6480,
CHAN_WIDTH_8640,
+ CHAN_WIDTH_320,
CHAN_WIDTH_UNKNOWN
};
+/* VHT/EDMG/etc. channel widths
+ * Note: The first four values are used in hostapd.conf and as such, must
+ * maintain their defined values. Other values are used internally. */
+enum oper_chan_width {
+ CONF_OPER_CHWIDTH_USE_HT = 0,
+ CONF_OPER_CHWIDTH_80MHZ = 1,
+ CONF_OPER_CHWIDTH_160MHZ = 2,
+ CONF_OPER_CHWIDTH_80P80MHZ = 3,
+ CONF_OPER_CHWIDTH_2160MHZ,
+ CONF_OPER_CHWIDTH_4320MHZ,
+ CONF_OPER_CHWIDTH_6480MHZ,
+ CONF_OPER_CHWIDTH_8640MHZ,
+ CONF_OPER_CHWIDTH_40MHZ_6GHZ,
+ CONF_OPER_CHWIDTH_320MHZ,
+};
+
enum key_flag {
KEY_FLAG_MODIFY = BIT(0),
KEY_FLAG_DEFAULT = BIT(1),
@@ -475,4 +492,10 @@
PTK0_REKEY_ALLOW_NEVER
};
+enum frame_encryption {
+ FRAME_ENCRYPTION_UNKNOWN = -1,
+ FRAME_NOT_ENCRYPTED = 0,
+ FRAME_ENCRYPTED = 1
+};
+
#endif /* DEFS_H */
diff --git a/src/common/dpp.c b/src/common/dpp.c
index cc26b80..fcc5241 100644
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -13,6 +13,7 @@
#include "utils/common.h"
#include "utils/base64.h"
#include "utils/json.h"
+#include "utils/ip_addr.h"
#include "common/ieee802_11_common.h"
#include "common/wpa_ctrl.h"
#include "common/gas.h"
@@ -162,6 +163,7 @@
os_free(info->uri);
os_free(info->info);
os_free(info->chan);
+ os_free(info->host);
os_free(info->pk);
crypto_ec_key_deinit(info->pubkey);
str_clear_free(info->configurator_params);
@@ -369,12 +371,70 @@
}
+static int dpp_parse_uri_host(struct dpp_bootstrap_info *bi, const char *txt)
+{
+ const char *end;
+ char *port;
+ struct hostapd_ip_addr addr;
+ char buf[100], *pos;
+
+ if (!txt)
+ return 0;
+
+ end = os_strchr(txt, ';');
+ if (!end)
+ end = txt + os_strlen(txt);
+ if (end - txt > (int) sizeof(buf) - 1)
+ return -1;
+ os_memcpy(buf, txt, end - txt);
+ buf[end - txt] = '\0';
+
+ bi->port = DPP_TCP_PORT;
+
+ pos = buf;
+ if (*pos == '[') {
+ pos = &buf[1];
+ port = os_strchr(pos, ']');
+ if (!port)
+ return -1;
+ *port++ = '\0';
+ if (*port == ':')
+ bi->port = atoi(port + 1);
+ }
+
+ if (hostapd_parse_ip_addr(pos, &addr) < 0) {
+ if (buf[0] != '[') {
+ port = os_strrchr(pos, ':');
+ if (port) {
+ *port++ = '\0';
+ bi->port = atoi(port);
+ }
+ }
+ if (hostapd_parse_ip_addr(pos, &addr) < 0) {
+ wpa_printf(MSG_INFO,
+ "DPP: Invalid IP address in URI host entry: %s",
+ pos);
+ return -1;
+ }
+ }
+ os_free(bi->host);
+ bi->host = os_memdup(&addr, sizeof(addr));
+ if (!bi->host)
+ return -1;
+
+ wpa_printf(MSG_DEBUG, "DPP: host: %s port: %u",
+ hostapd_ip_txt(bi->host, buf, sizeof(buf)), bi->port);
+
+ return 0;
+}
+
+
static struct dpp_bootstrap_info * dpp_parse_uri(const char *uri)
{
const char *pos = uri;
const char *end;
const char *chan_list = NULL, *mac = NULL, *info = NULL, *pk = NULL;
- const char *version = NULL, *supported_curves = NULL;
+ const char *version = NULL, *supported_curves = NULL, *host = NULL;
struct dpp_bootstrap_info *bi;
wpa_hexdump_ascii(MSG_DEBUG, "DPP: URI", uri, os_strlen(uri));
@@ -409,6 +469,8 @@
version = pos + 2;
else if (pos[0] == 'B' && pos[1] == ':' && !supported_curves)
supported_curves = pos + 2;
+ else if (pos[0] == 'H' && pos[1] == ':' && !host)
+ host = pos + 2;
else
wpa_hexdump_ascii(MSG_DEBUG,
"DPP: Ignore unrecognized URI parameter",
@@ -431,6 +493,7 @@
dpp_parse_uri_info(bi, info) < 0 ||
dpp_parse_uri_version(bi, version) < 0 ||
dpp_parse_uri_supported_curves(bi, supported_curves) < 0 ||
+ dpp_parse_uri_host(bi, host) < 0 ||
dpp_parse_uri_pk(bi, pk) < 0) {
dpp_bootstrap_info_free(bi);
bi = NULL;
@@ -632,6 +695,7 @@
char macstr[ETH_ALEN * 2 + 10];
size_t len;
char supp_curves[10];
+ char host[100];
len = 4; /* "DPP:" */
if (bi->chan)
@@ -664,11 +728,29 @@
supp_curves[0] = '\0';
}
+ host[0] = '\0';
+ if (bi->host) {
+ char buf[100];
+ const char *addr;
+
+ addr = hostapd_ip_txt(bi->host, buf, sizeof(buf));
+ if (!addr)
+ return -1;
+ if (bi->port == DPP_TCP_PORT)
+ len += os_snprintf(host, sizeof(host), "H:%s;", addr);
+ else if (bi->host->af == AF_INET)
+ len += os_snprintf(host, sizeof(host), "H:%s:%u;",
+ addr, bi->port);
+ else
+ len += os_snprintf(host, sizeof(host), "H:[%s]:%u;",
+ addr, bi->port);
+ }
+
os_free(bi->uri);
bi->uri = os_malloc(len + 1);
if (!bi->uri)
return -1;
- os_snprintf(bi->uri, len + 1, "DPP:%s%s%s%s%s%s%s%s%sK:%s;;",
+ os_snprintf(bi->uri, len + 1, "DPP:%s%s%s%s%s%s%s%s%s%sK:%s;;",
bi->chan ? "C:" : "", bi->chan ? bi->chan : "",
bi->chan ? ";" : "",
macstr,
@@ -677,6 +759,7 @@
DPP_VERSION == 3 ? "V:3;" :
(DPP_VERSION == 2 ? "V:2;" : ""),
supp_curves,
+ host,
bi->pk);
return 0;
}
@@ -4233,7 +4316,7 @@
int dpp_bootstrap_gen(struct dpp_global *dpp, const char *cmd)
{
char *mac = NULL, *info = NULL, *curve = NULL;
- char *key = NULL, *supported_curves = NULL;
+ char *key = NULL, *supported_curves = NULL, *host = NULL;
u8 *privkey = NULL;
size_t privkey_len = 0;
int ret = -1;
@@ -4261,6 +4344,7 @@
curve = get_param(cmd, " curve=");
key = get_param(cmd, " key=");
supported_curves = get_param(cmd, " supported_curves=");
+ host = get_param(cmd, " host=");
if (key) {
privkey_len = os_strlen(key) / 2;
@@ -4275,6 +4359,7 @@
dpp_parse_uri_mac(bi, mac) < 0 ||
dpp_parse_uri_info(bi, info) < 0 ||
dpp_parse_supported_curves_list(bi, supported_curves) < 0 ||
+ dpp_parse_uri_host(bi, host) < 0 ||
dpp_gen_uri(bi) < 0)
goto fail;
@@ -4288,6 +4373,7 @@
os_free(info);
str_clear_free(key);
os_free(supported_curves);
+ os_free(host);
bin_clear_free(privkey, privkey_len);
dpp_bootstrap_info_free(bi);
return ret;
@@ -4343,6 +4429,8 @@
struct dpp_bootstrap_info *bi;
char pkhash[2 * SHA256_MAC_LEN + 1];
char supp_curves[100];
+ char host[100];
+ int ret;
bi = dpp_bootstrap_get_id(dpp, id);
if (!bi)
@@ -4352,7 +4440,6 @@
supp_curves[0] = '\0';
if (bi->supported_curves) {
- int ret;
size_t i;
char *pos = supp_curves;
char *end = &supp_curves[sizeof(supp_curves)];
@@ -4379,6 +4466,17 @@
supp_curves[0] = '\0';
}
+ host[0] = '\0';
+ if (bi->host) {
+ char buf[100];
+
+ ret = os_snprintf(host, sizeof(host), "host=%s %u\n",
+ hostapd_ip_txt(bi->host, buf, sizeof(buf)),
+ bi->port);
+ if (os_snprintf_error(sizeof(host), ret))
+ return -1;
+ }
+
return os_snprintf(reply, reply_size, "type=%s\n"
"mac_addr=" MACSTR "\n"
"info=%s\n"
@@ -4386,7 +4484,7 @@
"use_freq=%u\n"
"curve=%s\n"
"pkhash=%s\n"
- "version=%d\n%s",
+ "version=%d\n%s%s",
dpp_bootstrap_type_txt(bi->type),
MAC2STR(bi->mac_addr),
bi->info ? bi->info : "",
@@ -4395,7 +4493,8 @@
bi->curve->name,
pkhash,
bi->version,
- supp_curves);
+ supp_curves,
+ host);
}
diff --git a/src/common/dpp.h b/src/common/dpp.h
index fba4119..1241668 100644
--- a/src/common/dpp.h
+++ b/src/common/dpp.h
@@ -163,6 +163,8 @@
u8 mac_addr[ETH_ALEN];
char *chan;
char *info;
+ struct hostapd_ip_addr *host;
+ unsigned int port;
char *pk;
unsigned int freq[DPP_BOOTSTRAP_MAX_FREQ];
unsigned int num_freq;
diff --git a/src/common/dpp_crypto.c b/src/common/dpp_crypto.c
index 47f56c2..fb239f7 100644
--- a/src/common/dpp_crypto.c
+++ b/src/common/dpp_crypto.c
@@ -1035,10 +1035,9 @@
int dpp_auth_derive_l_responder(struct dpp_authentication *auth)
{
struct crypto_ec *ec;
- struct crypto_ec_point *L = NULL;
- const struct crypto_ec_point *BI;
- const struct crypto_bignum *bR, *pR, *q;
- struct crypto_bignum *sum = NULL, *lx = NULL;
+ struct crypto_ec_point *L = NULL, *BI = NULL;
+ const struct crypto_bignum *q;
+ struct crypto_bignum *sum = NULL, *lx = NULL, *bR = NULL, *pR = NULL;
int ret = -1;
/* L = ((bR + pR) modulo q) * BI */
@@ -1068,7 +1067,10 @@
fail:
crypto_bignum_deinit(lx, 1);
crypto_bignum_deinit(sum, 1);
+ crypto_bignum_deinit(bR, 1);
+ crypto_bignum_deinit(pR, 1);
crypto_ec_point_deinit(L, 1);
+ crypto_ec_point_deinit(BI, 1);
crypto_ec_deinit(ec);
return ret;
}
@@ -1077,10 +1079,8 @@
int dpp_auth_derive_l_initiator(struct dpp_authentication *auth)
{
struct crypto_ec *ec;
- struct crypto_ec_point *L = NULL, *sum = NULL;
- const struct crypto_ec_point *BR, *PR;
- const struct crypto_bignum *bI;
- struct crypto_bignum *lx = NULL;
+ struct crypto_ec_point *L = NULL, *sum = NULL, *BR = NULL, *PR = NULL;
+ struct crypto_bignum *lx = NULL, *bI = NULL;
int ret = -1;
/* L = bI * (BR + PR) */
@@ -1108,8 +1108,11 @@
ret = 0;
fail:
crypto_bignum_deinit(lx, 1);
+ crypto_bignum_deinit(bI, 1);
crypto_ec_point_deinit(sum, 1);
crypto_ec_point_deinit(L, 1);
+ crypto_ec_point_deinit(BR, 1);
+ crypto_ec_point_deinit(PR, 1);
crypto_ec_deinit(ec);
return ret;
}
@@ -1441,9 +1444,8 @@
const u8 *addr[3];
size_t len[3];
unsigned int num_elem = 0;
- struct crypto_ec_point *Qi = NULL;
+ struct crypto_ec_point *Qi = NULL, *Pi = NULL;
struct crypto_ec_key *Pi_key = NULL;
- const struct crypto_ec_point *Pi = NULL;
struct crypto_bignum *hash_bn = NULL;
struct crypto_ec *ec = NULL;
@@ -1494,6 +1496,7 @@
crypto_ec_point_debug_print(ec, Qi, "DPP: Qi");
out:
crypto_ec_key_deinit(Pi_key);
+ crypto_ec_point_deinit(Pi, 1);
crypto_bignum_deinit(hash_bn, 1);
if (ret_ec && Qi)
*ret_ec = ec;
@@ -1516,9 +1519,8 @@
const u8 *addr[3];
size_t len[3];
unsigned int num_elem = 0;
- struct crypto_ec_point *Qr = NULL;
+ struct crypto_ec_point *Qr = NULL, *Pr = NULL;
struct crypto_ec_key *Pr_key = NULL;
- const struct crypto_ec_point *Pr = NULL;
struct crypto_bignum *hash_bn = NULL;
struct crypto_ec *ec = NULL;
@@ -1570,6 +1572,7 @@
out:
crypto_ec_key_deinit(Pr_key);
+ crypto_ec_point_deinit(Pr, 1);
crypto_bignum_deinit(hash_bn, 1);
if (ret_ec && Qr)
*ret_ec = ec;
@@ -1661,11 +1664,10 @@
struct json_token *peer_net_access_key)
{
struct crypto_ec_key *own_key = NULL, *peer_key = NULL;
- struct crypto_bignum *sum = NULL;
- const struct crypto_bignum *q, *cR, *pR;
+ struct crypto_bignum *sum = NULL, *cR = NULL, *pR = NULL;
+ const struct crypto_bignum *q;
struct crypto_ec *ec = NULL;
- struct crypto_ec_point *M = NULL;
- const struct crypto_ec_point *CI;
+ struct crypto_ec_point *M = NULL, *CI = NULL;
u8 Mx[DPP_MAX_SHARED_SECRET_LEN];
u8 prk[DPP_MAX_HASH_LEN];
const struct dpp_curve_params *curve;
@@ -1748,7 +1750,10 @@
forced_memzero(prk, sizeof(prk));
forced_memzero(Mx, sizeof(Mx));
crypto_ec_point_deinit(M, 1);
+ crypto_ec_point_deinit(CI, 1);
crypto_bignum_deinit(sum, 1);
+ crypto_bignum_deinit(cR, 1);
+ crypto_bignum_deinit(pR, 1);
crypto_ec_key_deinit(own_key);
crypto_ec_key_deinit(peer_key);
crypto_ec_deinit(ec);
@@ -1761,10 +1766,9 @@
struct json_token *net_access_key)
{
struct crypto_ec_key *pr = NULL, *peer_key = NULL;
- const struct crypto_ec_point *CR, *PR;
- const struct crypto_bignum *cI;
+ struct crypto_bignum *cI = NULL;
struct crypto_ec *ec = NULL;
- struct crypto_ec_point *sum = NULL, *M = NULL;
+ struct crypto_ec_point *sum = NULL, *M = NULL, *CR = NULL, *PR = NULL;
u8 Mx[DPP_MAX_SHARED_SECRET_LEN];
u8 prk[DPP_MAX_HASH_LEN];
int res = -1;
@@ -1835,10 +1839,13 @@
fail:
forced_memzero(prk, sizeof(prk));
forced_memzero(Mx, sizeof(Mx));
+ crypto_bignum_deinit(cI, 1);
crypto_ec_key_deinit(pr);
crypto_ec_key_deinit(peer_key);
crypto_ec_point_deinit(sum, 1);
crypto_ec_point_deinit(M, 1);
+ crypto_ec_point_deinit(CR, 1);
+ crypto_ec_point_deinit(PR, 1);
crypto_ec_deinit(ec);
return res;
}
@@ -2259,8 +2266,8 @@
{
const struct crypto_bignum *q;
struct crypto_bignum *bn;
- const struct crypto_ec_point *pp, *generator;
- struct crypto_ec_point *e_prime_id, *a_nonce;
+ const struct crypto_ec_point *generator;
+ struct crypto_ec_point *e_prime_id, *a_nonce, *pp;
int ret = -1;
pp = crypto_ec_key_get_public_key(id->pp_key);
@@ -2297,6 +2304,7 @@
fail:
crypto_ec_point_deinit(e_prime_id, 1);
crypto_ec_point_deinit(a_nonce, 1);
+ crypto_ec_point_deinit(pp, 1);
crypto_bignum_deinit(bn, 1);
return ret;
}
@@ -2321,9 +2329,9 @@
struct crypto_ec_key *e_prime_id)
{
struct crypto_ec *ec;
- const struct crypto_bignum *pp;
+ struct crypto_bignum *pp = NULL;
struct crypto_ec_point *e_id = NULL;
- const struct crypto_ec_point *a_nonce_point, *e_prime_id_point;
+ struct crypto_ec_point *a_nonce_point, *e_prime_id_point;
if (!ppkey)
return NULL;
@@ -2348,6 +2356,9 @@
crypto_ec_point_debug_print(ec, e_id, "DPP: Decrypted E-id");
fail:
+ crypto_ec_point_deinit(a_nonce_point, 1);
+ crypto_ec_point_deinit(e_prime_id_point, 1);
+ crypto_bignum_deinit(pp, 1);
crypto_ec_deinit(ec);
return e_id;
}
@@ -2453,8 +2464,7 @@
{
struct crypto_ec *ec;
struct crypto_ec_key *key = NULL;
- const struct crypto_ec_point *pub_key;
- struct crypto_ec_point *p = NULL;
+ struct crypto_ec_point *p = NULL, *pub_key = NULL;
u8 *x, *y;
int ret = -1;
@@ -2472,11 +2482,9 @@
/* Retrieve public key coordinates */
pub_key = crypto_ec_key_get_public_key(key);
- if (!pub_key)
+ if (!pub_key || crypto_ec_point_to_bin(ec, pub_key, x, y))
goto fail;
- crypto_ec_point_to_bin(ec, pub_key, x, y);
-
/* And corrupt them */
y[curve->prime_len - 1] ^= 0x01;
p = crypto_ec_point_from_bin(ec, x);
@@ -2489,6 +2497,7 @@
ret = 0;
fail:
crypto_ec_point_deinit(p, 0);
+ crypto_ec_point_deinit(pub_key, 0);
crypto_ec_key_deinit(key);
crypto_ec_deinit(ec);
return ret;
diff --git a/src/common/dpp_pkex.c b/src/common/dpp_pkex.c
index 72084d9..cf4fb6b 100644
--- a/src/common/dpp_pkex.c
+++ b/src/common/dpp_pkex.c
@@ -30,8 +30,7 @@
bool v2)
{
struct crypto_ec *ec = NULL;
- const struct crypto_ec_point *X;
- struct crypto_ec_point *Qi = NULL, *M = NULL;
+ struct crypto_ec_point *Qi = NULL, *M = NULL, *X = NULL;
u8 *Mx, *My;
struct wpabuf *msg = NULL;
size_t attr_len;
@@ -150,6 +149,7 @@
os_memcpy(pkex->Mx, Mx, curve->prime_len);
out:
+ crypto_ec_point_deinit(X, 1);
crypto_ec_point_deinit(M, 1);
crypto_ec_point_deinit(Qi, 1);
crypto_ec_deinit(ec);
@@ -349,9 +349,8 @@
u16 ike_group;
struct dpp_pkex *pkex = NULL;
struct crypto_ec_point *Qi = NULL, *Qr = NULL, *M = NULL, *X = NULL,
- *N = NULL;
+ *N = NULL, *Y = NULL;
struct crypto_ec *ec = NULL;
- const struct crypto_ec_point *Y;
u8 *x_coord = NULL, *y_coord = NULL;
u8 Kx[DPP_MAX_SHARED_SECRET_LEN];
size_t Kx_len;
@@ -566,6 +565,7 @@
crypto_ec_point_deinit(M, 1);
crypto_ec_point_deinit(N, 1);
crypto_ec_point_deinit(X, 1);
+ crypto_ec_point_deinit(Y, 1);
crypto_ec_deinit(ec);
return pkex;
fail:
diff --git a/src/common/hw_features_common.c b/src/common/hw_features_common.c
index 732124f..6646301 100644
--- a/src/common/hw_features_common.c
+++ b/src/common/hw_features_common.c
@@ -384,13 +384,16 @@
u8 edmg_channel, int ht_enabled,
int vht_enabled, int he_enabled,
bool eht_enabled, int sec_channel_offset,
- int oper_chwidth, int center_segment0,
+ enum oper_chan_width oper_chwidth,
+ int center_segment0,
int center_segment1, u32 vht_caps,
struct he_capabilities *he_cap,
struct eht_capabilities *eht_cap)
{
if (!he_cap || !he_cap->he_supported)
he_enabled = 0;
+ if (!eht_cap || !eht_cap->eht_supported)
+ eht_enabled = 0;
os_memset(data, 0, sizeof(*data));
data->mode = mode;
data->freq = freq;
@@ -402,11 +405,13 @@
data->sec_channel_offset = sec_channel_offset;
data->center_freq1 = freq + sec_channel_offset * 10;
data->center_freq2 = 0;
- if (oper_chwidth == CHANWIDTH_80MHZ)
+ if (oper_chwidth == CONF_OPER_CHWIDTH_80MHZ)
data->bandwidth = 80;
- else if (oper_chwidth == CHANWIDTH_160MHZ ||
- oper_chwidth == CHANWIDTH_80P80MHZ)
+ else if (oper_chwidth == CONF_OPER_CHWIDTH_160MHZ ||
+ oper_chwidth == CONF_OPER_CHWIDTH_80P80MHZ)
data->bandwidth = 160;
+ else if (oper_chwidth == CONF_OPER_CHWIDTH_320MHZ)
+ data->bandwidth = 320;
else if (sec_channel_offset)
data->bandwidth = 40;
else
@@ -482,9 +487,8 @@
return 0;
}
-#if 0 /* FIX: Figure out how to handle CHANWIDTH_320MHZ */
if (data->eht_enabled) switch (oper_chwidth) {
- case CHANWIDTH_320MHZ:
+ case CONF_OPER_CHWIDTH_320MHZ:
if (!(eht_cap->phy_cap[EHT_PHYCAP_320MHZ_IN_6GHZ_SUPPORT_IDX] &
EHT_PHYCAP_320MHZ_IN_6GHZ_SUPPORT_MASK)) {
wpa_printf(MSG_ERROR,
@@ -492,16 +496,18 @@
return -1;
}
break;
+ default:
+ break;
}
-#endif
if (data->he_enabled || data->eht_enabled) switch (oper_chwidth) {
- case CHANWIDTH_USE_HT:
+ case CONF_OPER_CHWIDTH_USE_HT:
if (sec_channel_offset == 0)
break;
if (mode == HOSTAPD_MODE_IEEE80211G) {
- if (!(he_cap->phy_cap[HE_PHYCAP_CHANNEL_WIDTH_SET_IDX] &
+ if (he_cap &&
+ !(he_cap->phy_cap[HE_PHYCAP_CHANNEL_WIDTH_SET_IDX] &
HE_PHYCAP_CHANNEL_WIDTH_SET_40MHZ_IN_2G)) {
wpa_printf(MSG_ERROR,
"40 MHz channel width is not supported in 2.4 GHz");
@@ -510,9 +516,10 @@
break;
}
/* fall through */
- case CHANWIDTH_80MHZ:
+ case CONF_OPER_CHWIDTH_80MHZ:
if (mode == HOSTAPD_MODE_IEEE80211A) {
- if (!(he_cap->phy_cap[HE_PHYCAP_CHANNEL_WIDTH_SET_IDX] &
+ if (he_cap &&
+ !(he_cap->phy_cap[HE_PHYCAP_CHANNEL_WIDTH_SET_IDX] &
HE_PHYCAP_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G)) {
wpa_printf(MSG_ERROR,
"40/80 MHz channel width is not supported in 5/6 GHz");
@@ -520,35 +527,39 @@
}
}
break;
- case CHANWIDTH_80P80MHZ:
- if (!(he_cap->phy_cap[HE_PHYCAP_CHANNEL_WIDTH_SET_IDX] &
+ case CONF_OPER_CHWIDTH_80P80MHZ:
+ if (he_cap &&
+ !(he_cap->phy_cap[HE_PHYCAP_CHANNEL_WIDTH_SET_IDX] &
HE_PHYCAP_CHANNEL_WIDTH_SET_80PLUS80MHZ_IN_5G)) {
wpa_printf(MSG_ERROR,
"80+80 MHz channel width is not supported in 5/6 GHz");
return -1;
}
break;
- case CHANWIDTH_160MHZ:
- if (!(he_cap->phy_cap[HE_PHYCAP_CHANNEL_WIDTH_SET_IDX] &
+ case CONF_OPER_CHWIDTH_160MHZ:
+ if (he_cap &&
+ !(he_cap->phy_cap[HE_PHYCAP_CHANNEL_WIDTH_SET_IDX] &
HE_PHYCAP_CHANNEL_WIDTH_SET_160MHZ_IN_5G)) {
wpa_printf(MSG_ERROR,
"160 MHz channel width is not supported in 5 / 6GHz");
return -1;
}
break;
- } else if (data->vht_enabled) switch (oper_chwidth) {
- case CHANWIDTH_USE_HT:
+ default:
break;
- case CHANWIDTH_80P80MHZ:
+ } else if (data->vht_enabled) switch (oper_chwidth) {
+ case CONF_OPER_CHWIDTH_USE_HT:
+ break;
+ case CONF_OPER_CHWIDTH_80P80MHZ:
if (!(vht_caps & VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ)) {
wpa_printf(MSG_ERROR,
"80+80 channel width is not supported!");
return -1;
}
/* fall through */
- case CHANWIDTH_80MHZ:
+ case CONF_OPER_CHWIDTH_80MHZ:
break;
- case CHANWIDTH_160MHZ:
+ case CONF_OPER_CHWIDTH_160MHZ:
if (!(vht_caps & (VHT_CAP_SUPP_CHAN_WIDTH_160MHZ |
VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ))) {
wpa_printf(MSG_ERROR,
@@ -556,11 +567,13 @@
return -1;
}
break;
+ default:
+ break;
}
if (data->eht_enabled || data->he_enabled ||
data->vht_enabled) switch (oper_chwidth) {
- case CHANWIDTH_USE_HT:
+ case CONF_OPER_CHWIDTH_USE_HT:
if (center_segment1 ||
(center_segment0 != 0 &&
5000 + center_segment0 * 5 != data->center_freq1 &&
@@ -571,7 +584,7 @@
return -1;
}
break;
- case CHANWIDTH_80P80MHZ:
+ case CONF_OPER_CHWIDTH_80P80MHZ:
if (center_segment1 == center_segment0 + 4 ||
center_segment1 == center_segment0 - 4) {
wpa_printf(MSG_ERROR,
@@ -580,19 +593,21 @@
}
data->center_freq2 = 5000 + center_segment1 * 5;
/* fall through */
- case CHANWIDTH_80MHZ:
+ case CONF_OPER_CHWIDTH_80MHZ:
data->bandwidth = 80;
if (!sec_channel_offset) {
wpa_printf(MSG_ERROR,
"80/80+80 MHz: no second channel offset");
return -1;
}
- if (oper_chwidth == CHANWIDTH_80MHZ && center_segment1) {
+ if (oper_chwidth == CONF_OPER_CHWIDTH_80MHZ &&
+ center_segment1) {
wpa_printf(MSG_ERROR,
"80 MHz: center segment 1 configured");
return -1;
}
- if (oper_chwidth == CHANWIDTH_80P80MHZ && !center_segment1) {
+ if (oper_chwidth == CONF_OPER_CHWIDTH_80P80MHZ &&
+ !center_segment1) {
wpa_printf(MSG_ERROR,
"80+80 MHz: center segment 1 not configured");
return -1;
@@ -631,7 +646,7 @@
}
}
break;
- case CHANWIDTH_160MHZ:
+ case CONF_OPER_CHWIDTH_160MHZ:
data->bandwidth = 160;
if (center_segment1) {
wpa_printf(MSG_ERROR,
@@ -662,6 +677,43 @@
return -1;
}
break;
+ case CONF_OPER_CHWIDTH_320MHZ:
+ data->bandwidth = 320;
+ if (!data->eht_enabled || !is_6ghz_freq(freq)) {
+ wpa_printf(MSG_ERROR,
+ "320 MHz: EHT not enabled or not a 6 GHz channel");
+ return -1;
+ }
+ if (center_segment1) {
+ wpa_printf(MSG_ERROR,
+ "320 MHz: center segment 1 should not be set");
+ return -1;
+ }
+ if (center_segment0 == channel + 30 ||
+ center_segment0 == channel + 26 ||
+ center_segment0 == channel + 22 ||
+ center_segment0 == channel + 18 ||
+ center_segment0 == channel + 14 ||
+ center_segment0 == channel + 10 ||
+ center_segment0 == channel + 6 ||
+ center_segment0 == channel + 2 ||
+ center_segment0 == channel - 2 ||
+ center_segment0 == channel - 6 ||
+ center_segment0 == channel - 10 ||
+ center_segment0 == channel - 14 ||
+ center_segment0 == channel - 18 ||
+ center_segment0 == channel - 22 ||
+ center_segment0 == channel - 26 ||
+ center_segment0 == channel - 30)
+ data->center_freq1 = 5000 + center_segment0 * 5;
+ else {
+ wpa_printf(MSG_ERROR,
+ "320 MHz: wrong center segment 0");
+ return -1;
+ }
+ break;
+ default:
+ break;
}
return 0;
@@ -772,6 +824,7 @@
case 2:
case 4:
case 8:
+ case 16:
return num_chans * 20;
default:
return 20;
@@ -805,6 +858,9 @@
case 160:
bw_mask = HOSTAPD_CHAN_WIDTH_160;
break;
+ case 320:
+ bw_mask = HOSTAPD_CHAN_WIDTH_320;
+ break;
default:
bw_mask = 0;
break;
diff --git a/src/common/hw_features_common.h b/src/common/hw_features_common.h
index d87a2ca..d8ca168 100644
--- a/src/common/hw_features_common.h
+++ b/src/common/hw_features_common.h
@@ -41,7 +41,8 @@
int ht_enabled,
int vht_enabled, int he_enabled,
bool eht_enabled, int sec_channel_offset,
- int oper_chwidth, int center_segment0,
+ enum oper_chan_width oper_chwidth,
+ int center_segment0,
int center_segment1, u32 vht_caps,
struct he_capabilities *he_caps,
struct eht_capabilities *eht_cap);
diff --git a/src/common/ieee802_11_common.c b/src/common/ieee802_11_common.c
index 44335de..b8d3c54 100644
--- a/src/common/ieee802_11_common.c
+++ b/src/common/ieee802_11_common.c
@@ -886,7 +886,7 @@
{
u8 op_class;
- return ieee80211_freq_to_channel_ext(freq, 0, CHANWIDTH_USE_HT,
+ return ieee80211_freq_to_channel_ext(freq, 0, CONF_OPER_CHWIDTH_USE_HT,
&op_class, channel);
}
@@ -896,15 +896,15 @@
* for HT40, VHT, and HE. DFS channels are not covered.
* @freq: Frequency (MHz) to convert
* @sec_channel: 0 = non-HT40, 1 = sec. channel above, -1 = sec. channel below
- * @chanwidth: VHT/EDMG channel width (CHANWIDTH_*)
+ * @chanwidth: VHT/EDMG/etc. channel width
* @op_class: Buffer for returning operating class
* @channel: Buffer for returning channel number
* Returns: hw_mode on success, NUM_HOSTAPD_MODES on failure
*/
-enum hostapd_hw_mode ieee80211_freq_to_channel_ext(unsigned int freq,
- int sec_channel,
- int chanwidth,
- u8 *op_class, u8 *channel)
+enum hostapd_hw_mode
+ieee80211_freq_to_channel_ext(unsigned int freq, int sec_channel,
+ enum oper_chan_width chanwidth,
+ u8 *op_class, u8 *channel)
{
u8 vht_opclass;
@@ -952,13 +952,13 @@
}
switch (chanwidth) {
- case CHANWIDTH_80MHZ:
+ case CONF_OPER_CHWIDTH_80MHZ:
vht_opclass = 128;
break;
- case CHANWIDTH_160MHZ:
+ case CONF_OPER_CHWIDTH_160MHZ:
vht_opclass = 129;
break;
- case CHANWIDTH_80P80MHZ:
+ case CONF_OPER_CHWIDTH_80P80MHZ:
vht_opclass = 130;
break;
default:
@@ -1057,15 +1057,18 @@
return NUM_HOSTAPD_MODES;
switch (chanwidth) {
- case CHANWIDTH_80MHZ:
+ case CONF_OPER_CHWIDTH_80MHZ:
*op_class = 133;
break;
- case CHANWIDTH_160MHZ:
+ case CONF_OPER_CHWIDTH_160MHZ:
*op_class = 134;
break;
- case CHANWIDTH_80P80MHZ:
+ case CONF_OPER_CHWIDTH_80P80MHZ:
*op_class = 135;
break;
+ case CONF_OPER_CHWIDTH_320MHZ:
+ *op_class = 137;
+ break;
default:
if (sec_channel)
*op_class = 132;
@@ -1090,12 +1093,12 @@
return NUM_HOSTAPD_MODES;
switch (chanwidth) {
- case CHANWIDTH_USE_HT:
- case CHANWIDTH_2160MHZ:
+ case CONF_OPER_CHWIDTH_USE_HT:
+ case CONF_OPER_CHWIDTH_2160MHZ:
*channel = (freq - 56160) / 2160;
*op_class = 180;
break;
- case CHANWIDTH_4320MHZ:
+ case CONF_OPER_CHWIDTH_4320MHZ:
/* EDMG channels 9 - 13 */
if (freq > 56160 + 2160 * 5)
return NUM_HOSTAPD_MODES;
@@ -1103,7 +1106,7 @@
*channel = (freq - 56160) / 2160 + 8;
*op_class = 181;
break;
- case CHANWIDTH_6480MHZ:
+ case CONF_OPER_CHWIDTH_6480MHZ:
/* EDMG channels 17 - 20 */
if (freq > 56160 + 2160 * 4)
return NUM_HOSTAPD_MODES;
@@ -1111,7 +1114,7 @@
*channel = (freq - 56160) / 2160 + 16;
*op_class = 182;
break;
- case CHANWIDTH_8640MHZ:
+ case CONF_OPER_CHWIDTH_8640MHZ:
/* EDMG channels 25 - 27 */
if (freq > 56160 + 2160 * 3)
return NUM_HOSTAPD_MODES;
@@ -1140,28 +1143,31 @@
case CHAN_WIDTH_20_NOHT:
case CHAN_WIDTH_20:
case CHAN_WIDTH_40:
- cw = CHANWIDTH_USE_HT;
+ cw = CONF_OPER_CHWIDTH_USE_HT;
break;
case CHAN_WIDTH_80:
- cw = CHANWIDTH_80MHZ;
+ cw = CONF_OPER_CHWIDTH_80MHZ;
break;
case CHAN_WIDTH_80P80:
- cw = CHANWIDTH_80P80MHZ;
+ cw = CONF_OPER_CHWIDTH_80P80MHZ;
break;
case CHAN_WIDTH_160:
- cw = CHANWIDTH_160MHZ;
+ cw = CONF_OPER_CHWIDTH_160MHZ;
break;
case CHAN_WIDTH_2160:
- cw = CHANWIDTH_2160MHZ;
+ cw = CONF_OPER_CHWIDTH_2160MHZ;
break;
case CHAN_WIDTH_4320:
- cw = CHANWIDTH_4320MHZ;
+ cw = CONF_OPER_CHWIDTH_4320MHZ;
break;
case CHAN_WIDTH_6480:
- cw = CHANWIDTH_6480MHZ;
+ cw = CONF_OPER_CHWIDTH_6480MHZ;
break;
case CHAN_WIDTH_8640:
- cw = CHANWIDTH_8640MHZ;
+ cw = CONF_OPER_CHWIDTH_8640MHZ;
+ break;
+ case CHAN_WIDTH_320:
+ cw = CONF_OPER_CHWIDTH_320MHZ;
break;
}
@@ -1458,6 +1464,7 @@
case 133: /* UHB channels, 80 MHz: 7, 23, 39.. */
case 134: /* UHB channels, 160 MHz: 15, 47, 79.. */
case 135: /* UHB channels, 80+80 MHz: 7, 23, 39.. */
+ case 137: /* UHB channels, 320 MHz: 31, 63, 95, 127, 159, 191 */
if (chan < 1 || chan > 233)
return -1;
return 5950 + chan * 5;
@@ -2272,6 +2279,9 @@
/* channels 15, 47, 79...*/
if ((idx & 0x1f) == 0xf)
return 3; /* 160 MHz */
+ /* channels 31, 63, 95, 127, 159, 191 */
+ if ((idx & 0x1f) == 0x1f && idx < 192)
+ return 4; /* 320 MHz */
return -1;
}
@@ -2294,7 +2304,7 @@
bool is_6ghz_op_class(u8 op_class)
{
- return op_class >= 131 && op_class <= 136;
+ return op_class >= 131 && op_class <= 137;
}
@@ -2600,6 +2610,8 @@
return 160;
case 136: /* UHB channels, 20 MHz: 2 */
return 20;
+ case 137: /* UHB channels, 320 MHz: 31, 63, 95, 127, 159, 191 */
+ return 320;
case 180: /* 60 GHz band, channels 1..8 */
return 2160;
case 181: /* 60 GHz band, EDMG CB2, channels 9..15 */
@@ -2614,64 +2626,66 @@
}
-int op_class_to_ch_width(u8 op_class)
+enum oper_chan_width op_class_to_ch_width(u8 op_class)
{
switch (op_class) {
case 81:
case 82:
- return CHANWIDTH_USE_HT;
+ return CONF_OPER_CHWIDTH_USE_HT;
case 83: /* channels 1..9; 40 MHz */
case 84: /* channels 5..13; 40 MHz */
- return CHANWIDTH_USE_HT;
+ return CONF_OPER_CHWIDTH_USE_HT;
case 115: /* channels 36,40,44,48; indoor only */
- return CHANWIDTH_USE_HT;
+ return CONF_OPER_CHWIDTH_USE_HT;
case 116: /* channels 36,44; 40 MHz; indoor only */
case 117: /* channels 40,48; 40 MHz; indoor only */
- return CHANWIDTH_USE_HT;
+ return CONF_OPER_CHWIDTH_USE_HT;
case 118: /* channels 52,56,60,64; dfs */
- return CHANWIDTH_USE_HT;
+ return CONF_OPER_CHWIDTH_USE_HT;
case 119: /* channels 52,60; 40 MHz; dfs */
case 120: /* channels 56,64; 40 MHz; dfs */
- return CHANWIDTH_USE_HT;
+ return CONF_OPER_CHWIDTH_USE_HT;
case 121: /* channels 100-140 */
- return CHANWIDTH_USE_HT;
+ return CONF_OPER_CHWIDTH_USE_HT;
case 122: /* channels 100-142; 40 MHz */
case 123: /* channels 104-136; 40 MHz */
- return CHANWIDTH_USE_HT;
+ return CONF_OPER_CHWIDTH_USE_HT;
case 124: /* channels 149,153,157,161 */
case 125: /* channels 149,153,157,161,165,169,171 */
- return CHANWIDTH_USE_HT;
+ return CONF_OPER_CHWIDTH_USE_HT;
case 126: /* channels 149,157,165, 173; 40 MHz */
case 127: /* channels 153,161,169,177; 40 MHz */
- return CHANWIDTH_USE_HT;
+ return CONF_OPER_CHWIDTH_USE_HT;
case 128: /* center freqs 42, 58, 106, 122, 138, 155, 171; 80 MHz */
- return CHANWIDTH_80MHZ;
+ return CONF_OPER_CHWIDTH_80MHZ;
case 129: /* center freqs 50, 114, 163; 160 MHz */
- return CHANWIDTH_160MHZ;
+ return CONF_OPER_CHWIDTH_160MHZ;
case 130: /* center freqs 42, 58, 106, 122, 138, 155, 171; 80+80 MHz */
- return CHANWIDTH_80P80MHZ;
+ return CONF_OPER_CHWIDTH_80P80MHZ;
case 131: /* UHB channels, 20 MHz: 1, 5, 9.. */
- return CHANWIDTH_USE_HT;
+ return CONF_OPER_CHWIDTH_USE_HT;
case 132: /* UHB channels, 40 MHz: 3, 11, 19.. */
- return CHANWIDTH_USE_HT;
+ return CONF_OPER_CHWIDTH_USE_HT;
case 133: /* UHB channels, 80 MHz: 7, 23, 39.. */
- return CHANWIDTH_80MHZ;
+ return CONF_OPER_CHWIDTH_80MHZ;
case 134: /* UHB channels, 160 MHz: 15, 47, 79.. */
- return CHANWIDTH_160MHZ;
+ return CONF_OPER_CHWIDTH_160MHZ;
case 135: /* UHB channels, 80+80 MHz: 7, 23, 39.. */
- return CHANWIDTH_80P80MHZ;
+ return CONF_OPER_CHWIDTH_80P80MHZ;
case 136: /* UHB channels, 20 MHz: 2 */
- return CHANWIDTH_USE_HT;
+ return CONF_OPER_CHWIDTH_USE_HT;
+ case 137: /* UHB channels, 320 MHz: 31, 63, 95, 127, 159, 191 */
+ return CONF_OPER_CHWIDTH_320MHZ;
case 180: /* 60 GHz band, channels 1..8 */
- return CHANWIDTH_2160MHZ;
+ return CONF_OPER_CHWIDTH_2160MHZ;
case 181: /* 60 GHz band, EDMG CB2, channels 9..15 */
- return CHANWIDTH_4320MHZ;
+ return CONF_OPER_CHWIDTH_4320MHZ;
case 182: /* 60 GHz band, EDMG CB3, channels 17..22 */
- return CHANWIDTH_6480MHZ;
+ return CONF_OPER_CHWIDTH_6480MHZ;
case 183: /* 60 GHz band, EDMG CB4, channel 25..29 */
- return CHANWIDTH_8640MHZ;
+ return CONF_OPER_CHWIDTH_8640MHZ;
}
- return CHANWIDTH_USE_HT;
+ return CONF_OPER_CHWIDTH_USE_HT;
}
struct wpabuf * ieee802_11_defrag_data(struct ieee802_11_elems *elems,
diff --git a/src/common/ieee802_11_common.h b/src/common/ieee802_11_common.h
index e21f7be..13fd10d 100644
--- a/src/common/ieee802_11_common.h
+++ b/src/common/ieee802_11_common.h
@@ -215,9 +215,10 @@
const char *name, const char *val);
enum hostapd_hw_mode ieee80211_freq_to_chan(int freq, u8 *channel);
int ieee80211_chan_to_freq(const char *country, u8 op_class, u8 chan);
-enum hostapd_hw_mode ieee80211_freq_to_channel_ext(unsigned int freq,
- int sec_channel, int vht,
- u8 *op_class, u8 *channel);
+enum hostapd_hw_mode
+ieee80211_freq_to_channel_ext(unsigned int freq, int sec_channel,
+ enum oper_chan_width chanwidth,
+ u8 *op_class, u8 *channel);
int ieee80211_chaninfo_to_channel(unsigned int freq, enum chan_width chanwidth,
int sec_channel, u8 *op_class, u8 *channel);
int ieee80211_is_dfs(int freq, const struct hostapd_hw_modes *modes,
@@ -279,7 +280,7 @@
unsigned int capab);
bool ieee802_11_rsnx_capab(const u8 *rsnxe, unsigned int capab);
int op_class_to_bandwidth(u8 op_class);
-int op_class_to_ch_width(u8 op_class);
+enum oper_chan_width op_class_to_ch_width(u8 op_class);
/* element iteration helpers */
#define for_each_element(_elem, _data, _datalen) \
diff --git a/src/common/ieee802_11_defs.h b/src/common/ieee802_11_defs.h
index c341a1d..ae035f5 100644
--- a/src/common/ieee802_11_defs.h
+++ b/src/common/ieee802_11_defs.h
@@ -1340,16 +1340,11 @@
#define VHT_RX_NSS_MAX_STREAMS 8
-/* VHT/EDMG channel widths */
+/* VHT operation information - channel widths */
#define CHANWIDTH_USE_HT 0
#define CHANWIDTH_80MHZ 1
#define CHANWIDTH_160MHZ 2
#define CHANWIDTH_80P80MHZ 3
-#define CHANWIDTH_2160MHZ 4
-#define CHANWIDTH_4320MHZ 5
-#define CHANWIDTH_6480MHZ 6
-#define CHANWIDTH_8640MHZ 7
-#define CHANWIDTH_40MHZ_6GHZ 8
#define HE_NSS_MAX_STREAMS 8
diff --git a/src/common/ocv.c b/src/common/ocv.c
index c9dc14f..d77bc4b 100644
--- a/src/common/ocv.c
+++ b/src/common/ocv.c
@@ -159,11 +159,10 @@
}
/*
- * When using a 160 or 80+80 MHz channel to transmit, verify that we use
+ * When using an 80+80 MHz channel to transmit, verify that we use
* the same segments as the receiver by comparing frequency segment 1.
*/
- if ((ci->chanwidth == CHAN_WIDTH_160 ||
- ci->chanwidth == CHAN_WIDTH_80P80) &&
+ if (ci->chanwidth == CHAN_WIDTH_80P80 &&
tx_seg1_idx != oci.seg1_idx) {
os_snprintf(ocv_errorstr, sizeof(ocv_errorstr),
"frequency segment 1 mismatch in received OCI (we use %d but receiver is using %d)",
diff --git a/src/common/qca-vendor.h b/src/common/qca-vendor.h
index d04c8d1..c9e4675 100644
--- a/src/common/qca-vendor.h
+++ b/src/common/qca-vendor.h
@@ -711,10 +711,10 @@
* This event contains Tx VDEV group information, other VDEVs
* interface index, and status information.
*
- * @QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_MULTI_STA_POLICY: Vendor command to
- * configure the concurrent session policies when multiple STA interfaces
+ * @QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_POLICY: Vendor command to
+ * configure the concurrent session policies when multiple interfaces
* are (getting) active. The attributes used by this command are defined
- * in enum qca_wlan_vendor_attr_concurrent_sta_policy.
+ * in enum qca_wlan_vendor_attr_concurrent_policy.
*
* @QCA_NL80211_VENDOR_SUBCMD_USABLE_CHANNELS: Userspace can use this command
* to query usable channels for different interface types such as STA,
@@ -788,6 +788,37 @@
*
* The attributes used with this command are defined in
* enum qca_wlan_vendor_attr_mcc_quota.
+ *
+ * @QCA_NL80211_VENDOR_SUBCMD_GET_RADIO_COMBINATION_MATRIX: Vendor command to
+ * get the WLAN radio combinations matrix supported by the device which
+ * provides the device simultaneous radio configurations such as
+ * standalone, dual band simultaneous, and single band simultaneous.
+ *
+ * The attributes used with this command are defined in
+ * enum qca_wlan_vendor_attr_radio_combination_matrix.
+ *
+ * @QCA_NL80211_VENDOR_SUBCMD_DRIVER_READY: Event indicating to the user space
+ * that the driver is ready for operations again after recovering from
+ * internal failures. This occurs following a failure that was indicated by
+ * @QCA_NL80211_VENDOR_SUBCMD_HANG.
+ *
+ * @QCA_NL80211_VENDOR_SUBCMD_PASN: Subcommand used to offload preassociation
+ * security negotiation and key generation to user space.
+ *
+ * When used as an event, the driver requests userspace to trigger the PASN
+ * authentication or dropping of a PTKSA for the indicated peer devices.
+ * When used as a command response, userspace indicates a consolidated
+ * status report for all the peers that were requested for.
+ *
+ * The attributes used with this command are defined in
+ * enum qca_wlan_vendor_attr_pasn.
+ *
+ * @QCA_NL80211_VENDOR_SUBCMD_SECURE_RANGING_CONTEXT: Subcommand used to set
+ * secure ranging context such as TK and LTF keyseed for each peer
+ * requested by the driver with a @QCA_NL80211_VENDOR_SUBCMD_PASN event.
+ *
+ * The attributes used with this command are defined in
+ * enum qca_wlan_vendor_attr_secure_ranging_ctx.
*/
enum qca_nl80211_vendor_subcmds {
QCA_NL80211_VENDOR_SUBCMD_UNSPEC = 0,
@@ -974,7 +1005,7 @@
QCA_NL80211_VENDOR_SUBCMD_UPDATE_SSID = 194,
QCA_NL80211_VENDOR_SUBCMD_WIFI_FW_STATS = 195,
QCA_NL80211_VENDOR_SUBCMD_MBSSID_TX_VDEV_STATUS = 196,
- QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_MULTI_STA_POLICY = 197,
+ QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_POLICY = 197,
QCA_NL80211_VENDOR_SUBCMD_USABLE_CHANNELS = 198,
QCA_NL80211_VENDOR_SUBCMD_GET_RADAR_HISTORY = 199,
QCA_NL80211_VENDOR_SUBCMD_MDNS_OFFLOAD = 200,
@@ -983,8 +1014,19 @@
QCA_NL80211_VENDOR_SUBCMD_ROAM_EVENTS = 203,
QCA_NL80211_VENDOR_SUBCMD_RATEMASK_CONFIG = 204,
QCA_NL80211_VENDOR_SUBCMD_MCC_QUOTA = 205,
+ /* 206..212 - reserved for QCA */
+ QCA_NL80211_VENDOR_SUBCMD_GET_RADIO_COMBINATION_MATRIX = 213,
+ QCA_NL80211_VENDOR_SUBCMD_DRIVER_READY = 214,
+ QCA_NL80211_VENDOR_SUBCMD_PASN = 215,
+ QCA_NL80211_VENDOR_SUBCMD_SECURE_RANGING_CONTEXT = 216,
};
+/* Compatibility defines for previously used subcmd names.
+ * These values should not be used in any new implementation.
+ */
+#define QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_MULTI_STA_POLICY \
+ QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_POLICY
+
enum qca_wlan_vendor_attr {
QCA_WLAN_VENDOR_ATTR_INVALID = 0,
/* used by QCA_NL80211_VENDOR_SUBCMD_DFS_CAPABILITY */
@@ -1495,6 +1537,12 @@
* Used with command to configure ACS operation for EHT mode.
* Disable (flag attribute not present) - EHT disabled and
* Enable (flag attribute present) - EHT enabled.
+ *
+ * @QCA_WLAN_VENDOR_ATTR_ACS_LAST_SCAN_AGEOUT_TIME: Optional (u32).
+ * Used with command to configure how older scan can be considered for ACS
+ * scoring. In case scan was performed on a partial set of channels configured
+ * with this command within last QCA_WLAN_VENDOR_ATTR_ACS_LAST_SCAN_AGEOUT_TIME
+ * (in ms), scan only the remaining channels.
*/
enum qca_wlan_vendor_attr_acs_offload {
QCA_WLAN_VENDOR_ATTR_ACS_CHANNEL_INVALID = 0,
@@ -1517,6 +1565,7 @@
QCA_WLAN_VENDOR_ATTR_ACS_EDMG_CHANNEL = 17,
QCA_WLAN_VENDOR_ATTR_ACS_PUNCTURE_BITMAP = 18,
QCA_WLAN_VENDOR_ATTR_ACS_EHT_ENABLED = 19,
+ QCA_WLAN_VENDOR_ATTR_ACS_LAST_SCAN_AGEOUT_TIME = 20,
/* keep last */
QCA_WLAN_VENDOR_ATTR_ACS_AFTER_LAST,
@@ -1600,17 +1649,17 @@
* operation is specifically mentioned (against its respective
* documentation) to support either of these or both modes.
* @QCA_WLAN_VENDOR_FEATURE_USE_ADD_DEL_VIRTUAL_INTF_FOR_NDI: Flag indicates
- * that the driver requires add/del virtual interface path using the
+ * that the driver requires add/del virtual interface path using the
* generic nl80211 commands for NDP interface create/delete and to
* register/unregister the netdev instead of creating/deleting the NDP
* interface using the vendor commands
* QCA_WLAN_VENDOR_ATTR_NDP_INTERFACE_CREATE and
* QCA_WLAN_VENDOR_ATTR_NDP_INTERFACE_DELETE. With the latest kernel
- * (5.12 version onward), interface creation/deletion is not allowed using
- * vendor commands as it leads to a deadlock while acquiring the RTNL_LOCK
- * during the register/unregister of netdev. Create and delete NDP
- * interface using NL80211_CMD_NEW_INTERFACE and NL80211_CMD_DEL_INTERFACE
- * commands respectively if the driver advertises this capability set.
+ * (5.12 version onward), interface creation/deletion is not allowed using
+ * vendor commands as it leads to a deadlock while acquiring the RTNL_LOCK
+ * during the register/unregister of netdev. Create and delete NDP
+ * interface using NL80211_CMD_NEW_INTERFACE and NL80211_CMD_DEL_INTERFACE
+ * commands respectively if the driver advertises this capability set.
* @NUM_QCA_WLAN_VENDOR_FEATURES: Number of assigned feature bits
*/
enum qca_wlan_vendor_features {
@@ -1622,7 +1671,7 @@
QCA_WLAN_VENDOR_FEATURE_OCE_AP = 5,
QCA_WLAN_VENDOR_FEATURE_OCE_STA_CFON = 6,
QCA_WLAN_VENDOR_FEATURE_SELF_MANAGED_REGULATORY = 7,
- QCA_WLAN_VENDOR_FEATURE_TWT = 8,
+ QCA_WLAN_VENDOR_FEATURE_TWT = 8,
QCA_WLAN_VENDOR_FEATURE_11AX = 9,
QCA_WLAN_VENDOR_FEATURE_6GHZ_SUPPORT = 10,
QCA_WLAN_VENDOR_FEATURE_THERMAL_CONFIG = 11,
@@ -2643,6 +2692,13 @@
*/
QCA_WLAN_VENDOR_ATTR_CONFIG_ARP_NS_OFFLOAD = 81,
+ /*
+ * 8-bit unsigned value. This attribute can be used to configure the
+ * data path mode to be followed for audio traffic. Possible values
+ * are defined in enum qca_wlan_audio_data_path.
+ */
+ QCA_WLAN_VENDOR_ATTR_CONFIG_AUDIO_DATA_PATH = 82,
+
/* keep last */
QCA_WLAN_VENDOR_ATTR_CONFIG_AFTER_LAST,
QCA_WLAN_VENDOR_ATTR_CONFIG_MAX =
@@ -4683,7 +4739,7 @@
/**
* enum qca_vendor_attr_roam_control - Attributes to carry roam configuration
- * The following attributes are used to set/get/clear the respective
+ * The following attributes are used to set/get/clear the respective
* configurations to/from the driver.
* For the get, the attribute for the configuration to be queried shall
* carry any of its acceptable values to the driver. In return, the driver
@@ -4885,6 +4941,12 @@
* Optional parameter. Scan dwell time for 6G Non Preferred Scanning
* Channels. If this attribute is not configured, the driver shall proceed
* with default behavior.
+ *
+ * @QCA_ATTR_ROAM_CONTROL_RX_LINKSPEED_THRESHOLD: u16 value in Mbps.
+ * Optional parameter. RX link speed threshold to disable roaming.
+ * If the current RX link speed is above the threshold, roaming is not
+ * needed. If this attribute is not configured, or if it is set to 0, the
+ * driver will not consider the RX link speed in the roaming decision.
*/
enum qca_vendor_attr_roam_control {
QCA_ATTR_ROAM_CONTROL_ENABLE = 1,
@@ -4910,6 +4972,7 @@
QCA_ATTR_ROAM_CONTROL_MAXIMUM_AWAY_TIME = 21,
QCA_ATTR_ROAM_CONTROL_SCAN_6G_PSC_DWELL_TIME = 22,
QCA_ATTR_ROAM_CONTROL_SCAN_6G_NON_PSC_DWELL_TIME = 23,
+ QCA_ATTR_ROAM_CONTROL_LINKSPEED_THRESHOLD = 24,
/* keep last */
QCA_ATTR_ROAM_CONTROL_AFTER_LAST,
@@ -11573,24 +11636,58 @@
};
/**
- * enum qca_wlan_vendor_attr_concurrent_sta_policy - Defines attributes
- * used by QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_MULTI_STA_POLICY vendor command.
+ * enum qca_wlan_concurrent_ap_policy_config - Concurrent AP policies
*
- * @QCA_WLAN_VENDOR_ATTR_CONCURRENT_STA_POLICY_CONFIG:
+ * @QCA_WLAN_CONCURRENT_AP_POLICY_UNSPECIFIED: No specific policy for this AP
+ * interface.
+ *
+ * @QCA_WLAN_CONCURRENT_AP_POLICY_GAMING_AUDIO: Select interface concurrencies
+ * to meet gaming audio latency requirements.
+ *
+ * @QCA_WLAN_CONCURRENT_AP_POLICY_LOSSLESS_AUDIO_STREAMING: Select interface
+ * concurrencies to meet lossless audio streaming requirements.
+ */
+enum qca_wlan_concurrent_ap_policy_config {
+ QCA_WLAN_CONCURRENT_AP_POLICY_UNSPECIFIED = 0,
+ QCA_WLAN_CONCURRENT_AP_POLICY_GAMING_AUDIO = 1,
+ QCA_WLAN_CONCURRENT_AP_POLICY_LOSSLESS_AUDIO_STREAMING = 2,
+};
+
+/**
+ * enum qca_wlan_vendor_attr_concurrent_policy - Defines attributes
+ * used by QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_POLICY vendor command.
+ *
+ * @QCA_WLAN_VENDOR_ATTR_CONCURRENT_POLICY_STA_CONFIG:
* u8 attribute. Configures the concurrent STA policy configuration.
* Possible values are defined in enum qca_wlan_concurrent_sta_policy_config.
+
+ * @QCA_WLAN_VENDOR_ATTR_CONCURRENT_POLICY_AP_CONFIG:
+ * u8 attribute. Configures the concurrent AP policy configuration.
+ * Possible values are defined in enum qca_wlan_concurrent_ap_policy_config.
*/
-enum qca_wlan_vendor_attr_concurrent_sta_policy {
- QCA_WLAN_VENDOR_ATTR_CONCURRENT_STA_POLICY_INVALID = 0,
- QCA_WLAN_VENDOR_ATTR_CONCURRENT_STA_POLICY_CONFIG = 1,
+enum qca_wlan_vendor_attr_concurrent_policy {
+ QCA_WLAN_VENDOR_ATTR_CONCURRENT_POLICY_INVALID = 0,
+ QCA_WLAN_VENDOR_ATTR_CONCURRENT_POLICY_STA_CONFIG = 1,
+ QCA_WLAN_VENDOR_ATTR_CONCURRENT_POLICY_AP_CONFIG = 2,
/* keep last */
- QCA_WLAN_VENDOR_ATTR_CONCURRENT_STA_POLICY_AFTER_LAST,
- QCA_WLAN_VENDOR_ATTR_CONCURRENT_STA_POLICY_MAX =
- QCA_WLAN_VENDOR_ATTR_CONCURRENT_STA_POLICY_AFTER_LAST - 1,
+ QCA_WLAN_VENDOR_ATTR_CONCURRENT_POLICY_AFTER_LAST,
+ QCA_WLAN_VENDOR_ATTR_CONCURRENT_POLICY_MAX =
+ QCA_WLAN_VENDOR_ATTR_CONCURRENT_POLICY_AFTER_LAST - 1,
};
+/* Compatibility defines for previously used enum
+ * qca_wlan_vendor_attr_concurrent_policy names. These values should not be used
+ * in any new implementation.
+ */
+#define QCA_WLAN_VENDOR_ATTR_CONCURRENT_STA_POLICY_CONFIG \
+ QCA_WLAN_VENDOR_ATTR_CONCURRENT_POLICY_STA_CONFIG
+#define QCA_WLAN_VENDOR_ATTR_CONCURRENT_STA_POLICY_MAX \
+ QCA_WLAN_VENDOR_ATTR_CONCURRENT_POLICY_MAX
+#define qca_wlan_vendor_attr_concurrent_sta_policy \
+ qca_wlan_vendor_attr_concurrent_policy
+
/**
* enum qca_sta_connect_fail_reason_codes - Defines values carried
* by QCA_WLAN_VENDOR_ATTR_GET_STA_INFO_CONNECT_FAIL_REASON_CODE vendor
@@ -11821,6 +11918,82 @@
};
/**
+ * enum qca_wlan_vendor_attr_supported_radio_cfg - Attributes for
+ * radio configurations present in each radio combination.
+ *
+ * @QCA_WLAN_VENDOR_ATTR_SUPPORTED_RADIO_CFG_BAND: u32 attribute indicates
+ * the band info in the radio configuration. Uses the enum qca_set_band values.
+ *
+ * @QCA_WLAN_VENDOR_ATTR_SUPPORTED_RADIO_CFG_ANTENNA: u8 attribute indicates
+ * the number of antennas info in the radio configuration.
+ */
+enum qca_wlan_vendor_attr_supported_radio_cfg {
+ QCA_WLAN_VENDOR_ATTR_SUPPORTED_RADIO_CFG_INVALID = 0,
+ QCA_WLAN_VENDOR_ATTR_SUPPORTED_RADIO_CFG_BAND = 1,
+ QCA_WLAN_VENDOR_ATTR_SUPPORTED_RADIO_CFG_ANTENNA = 2,
+
+ /* keep last */
+ QCA_WLAN_VENDOR_ATTR_SUPPORTED_RADIO_CFG_LAST,
+ QCA_WLAN_VENDOR_ATTR_SUPPORTED_RADIO_CFG_MAX =
+ QCA_WLAN_VENDOR_ATTR_SUPPORTED_RADIO_CFG_LAST - 1,
+};
+
+/**
+ * enum qca_wlan_vendor_attr_radio_combination - Attributes for
+ * radio combinations supported by the device.
+ *
+ * @QCA_WLAN_VENDOR_ATTR_RADIO_COMBINATIONS_CFGS: Nested attribute
+ * provides the radio configurations present in the radio combination.
+ * Uses the enum qca_wlan_vendor_attr_supported_radio_cfg attributes.
+ * This attribute provides the values for radio combination matrix.
+ * For standalone config, the number of config values is one and the config
+ * carries the band and antenna information for standalone configuration. For
+ * Dual Band Simultaneous (DBS)/Single Band Simultaneous (SBS) mode
+ * configuration the number of config values is two and the config carries the
+ * band and antenna information for each simultaneous radio.
+ */
+enum qca_wlan_vendor_attr_radio_combination {
+ QCA_WLAN_VENDOR_ATTR_RADIO_COMBINATIONS_INVALID = 0,
+ QCA_WLAN_VENDOR_ATTR_RADIO_COMBINATIONS_CFGS = 1,
+
+ /* keep last */
+ QCA_WLAN_VENDOR_ATTR_RADIO_COMBINATIONS_LAST,
+ QCA_WLAN_VENDOR_ATTR_RADIO_COMBINATIONS_MAX =
+ QCA_WLAN_VENDOR_ATTR_RADIO_COMBINATIONS_LAST - 1,
+};
+
+/**
+ * enum qca_wlan_vendor_attr_radio_combination_matrix - Attributes used by
+ * %QCA_NL80211_VENDOR_SUBCMD_GET_RADIO_COMBINATION_MATRIX
+ *
+ * @QCA_WLAN_VENDOR_ATTR_RADIO_MATRIX_SUPPORTED_CFGS: Nested attribute
+ * provides the radio combinations supported by the device.
+ * Uses the enum qca_wlan_vendor_attr_radio_combination attributes.
+ * For example, in the radio combination matrix for a device which has two
+ * radios, where one radio is capable of 2.4 GHz 2X2 only and another radio is
+ * capable of either 5 GHz or 6 GHz 2X2, the possible number of radio
+ * combinations is 5 and the radio combinations are
+ * {{{2.4 GHz 2X2}}, //Standalone 2.4 GHz
+ * {{5 GHz 2X2}}, //Standalone 5 GHz
+ * {{6 GHz 2X2}}, //Standalone 6 GHz
+ * {{2.4 GHz 2X2}, {5 GHz 2X2}}, //2.4 GHz + 5 GHz DBS
+ * {{2.4 GHz 2X2}, {6 GHz 2X2}}} //2.4 GHz + 6 GHz DBS
+ * The band and antenna info together as nested data provides one radio config.
+ * Standalone configuration has one config with band and antenna nested data.
+ * Dual Band Simultaneous (DBS)/Single Band Simultaneous (SBS) configuration
+ * have two nested band and antenna info data.
+ */
+enum qca_wlan_vendor_attr_radio_combination_matrix {
+ QCA_WLAN_VENDOR_ATTR_RADIO_MATRIX_INVALID = 0,
+ QCA_WLAN_VENDOR_ATTR_RADIO_MATRIX_SUPPORTED_CFGS = 1,
+
+ /* keep last */
+ QCA_WLAN_VENDOR_ATTR_RADIO_MATRIX_LAST,
+ QCA_WLAN_VENDOR_ATTR_RADIO_MATRIX_MAX =
+ QCA_WLAN_VENDOR_ATTR_RADIO_MATRIX_LAST - 1,
+};
+
+/**
* enum qca_wlan_vendor_attr_mdns_offload - Attributes used by
* %QCA_NL80211_VENDOR_SUBCMD_MDNS_OFFLOAD vendor command.
*
@@ -12198,4 +12371,173 @@
QCA_WLAN_VENDOR_ATTR_RATEMASK_PARAMS_AFTER_LAST - 1,
};
+/**
+ * enum qca_wlan_audio_data_path - Defines the data path to be used for audio
+ * traffic.
+ *
+ * @QCA_WLAN_AUDIO_DATA_PATH_VIA_HOST_PROCESSOR:
+ * Send audio traffic through the host processor.
+ * @QCA_WLAN_AUDIO_DATA_PATH_VIA_LOW_POWER_DSP:
+ * Send audio traffic using the low power DSP to/from the encoder.
+ */
+enum qca_wlan_audio_data_path {
+ QCA_WLAN_AUDIO_DATA_PATH_VIA_HOST_PROCESSOR = 0,
+ QCA_WLAN_AUDIO_DATA_PATH_VIA_LOW_POWER_DSP = 1,
+};
+
+/**
+ * enum qca_wlan_vendor_pasn_action - Action to authenticate (and generate keys
+ * for) or drop existing PASN security association for the listed the
+ * peers. Used by QCA_WLAN_VENDOR_ATTR_PASN_ACTION and sent from the driver
+ * to userspace.
+ *
+ * @QCA_WLAN_VENDOR_PASN_ACTION_AUTH: Initiate PASN handshake with the peer
+ * devices indicated with %QCA_WLAN_VENDOR_ATTR_PASN_PEER_MAC_ADDR.
+ * @QCA_WLAN_VENDOR_PASN_ACTION_DELETE_SECURE_RANGING_CONTEXT: Indication from
+ * the driver to userspace to inform that the existing PASN keys of the
+ * peer devices specified with %QCA_WLAN_VENDOR_ATTR_PASN_PEER_MAC_ADDR are
+ * not valid anymore.
+ */
+enum qca_wlan_vendor_pasn_action {
+ QCA_WLAN_VENDOR_PASN_ACTION_AUTH,
+ QCA_WLAN_VENDOR_PASN_ACTION_DELETE_SECURE_RANGING_CONTEXT,
+};
+
+/**
+ * enum qca_wlan_vendor_attr_pasn_peer: Defines the nested attributes used in
+ * QCA_WLAN_VENDOR_ATTR_PASN_PEERS.
+ *
+ * @QCA_WLAN_VENDOR_ATTR_PASN_PEER_SRC_ADDR: This attribute is optional in the
+ * event from the driver to userspace and represents the local MAC address
+ * to be used for PASN handshake. When this attribute is present, userspace
+ * shall use the source address specified in this attribute by the driver
+ * for PASN handshake with peer device.
+ * This attribute is required in a command response from userspace to the
+ * driver and represents the MAC address that was used in PASN handshake
+ * with the peer device.
+ * @QCA_WLAN_VENDOR_ATTR_PASN_PEER_MAC_ADDR: Indicates the MAC address of the
+ * peer device to which PASN handshake is requested in an event from the
+ * driver to userspace when QCA_WLAN_VENDOR_ATTR_PASN_ACTION is set to
+ * QCA_WLAN_VENDOR_PASN_ACTION_AUTH.
+ * Indicates the MAC address of the peer device for which the keys are to
+ * be invalidated in an event from the driver to userspace when
+ * QCA_WLAN_VENDOR_ATTR_PASN_ACTION is set to
+ * QCA_WLAN_VENDOR_PASN_ACTION_DELETE_SECURE_RANGING_CONTEXT.
+ * Indicates the MAC address of the peer device for which the status is
+ * being sent in a status report from userspace to the driver.
+ * @QCA_WLAN_VENDOR_ATTR_PASN_PEER_LTF_KEYSEED_REQUIRED: NLA_FLAG attribute used
+ * in the event from the driver to userspace. When set, userspace is
+ * required to derive LTF key seed from KDK and set it to the driver.
+ * @QCA_WLAN_VENDOR_ATTR_PASN_PEER_STATUS_SUCCESS: NLA_FLAG attribute. This
+ * attribute is used in the command response from userspace to the driver.
+ * If present, it indicates the successful PASN handshake with the peer. If
+ * this flag is not present, it indicates that the PASN handshake with the
+ * peer device failed.
+ */
+enum qca_wlan_vendor_attr_pasn_peer {
+ QCA_WLAN_VENDOR_ATTR_PASN_PEER_INVALID = 0,
+ QCA_WLAN_VENDOR_ATTR_PASN_PEER_SRC_ADDR = 1,
+ QCA_WLAN_VENDOR_ATTR_PASN_PEER_MAC_ADDR = 2,
+ QCA_WLAN_VENDOR_ATTR_PASN_PEER_LTF_KEYSEED_REQUIRED = 3,
+ QCA_WLAN_VENDOR_ATTR_PASN_PEER_STATUS_SUCCESS = 4,
+
+ /* keep last */
+ QCA_WLAN_VENDOR_ATTR_PASN_PEER_AFTER_LAST,
+ QCA_WLAN_VENDOR_ATTR_PASN_PEER_MAX =
+ QCA_WLAN_VENDOR_ATTR_PASN_PEER_AFTER_LAST - 1,
+};
+
+/**
+ * enum qca_wlan_vendor_attr_pasn: Defines the attributes used in the
+ * QCA_NL80211_VENDOR_SUBCMD_PASN command.
+ *
+ * @QCA_WLAN_VENDOR_ATTR_PASN_ACTION: u32 attribute, possible values are
+ * defined in enum qca_wlan_vendor_pasn_action and used only in an event
+ * from the driver to userspace.
+ * @QCA_WLAN_VENDOR_ATTR_PASN_PEERS: Nested attribute, used to pass PASN peer
+ * details for each peer and used in both an event and a command response.
+ * The nested attributes used inside QCA_WLAN_VENDOR_ATTR_PASN_PEERS are
+ * defined in enum qca_wlan_vendor_attr_pasn_peer.
+ */
+enum qca_wlan_vendor_attr_pasn {
+ QCA_WLAN_VENDOR_ATTR_PASN_INVALID = 0,
+ QCA_WLAN_VENDOR_ATTR_PASN_ACTION = 1,
+ QCA_WLAN_VENDOR_ATTR_PASN_PEERS = 2,
+
+ /* keep last */
+ QCA_WLAN_VENDOR_ATTR_PASN_AFTER_LAST,
+ QCA_WLAN_VENDOR_ATTR_PASN_MAX =
+ QCA_WLAN_VENDOR_ATTR_PASN_AFTER_LAST - 1,
+};
+
+/**
+ * enum qca_wlan_vendor_secure_ranging_ctx_action - Used to add or delete
+ * the ranging security context derived from PASN for each peer. Used in
+ * QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_ACTION.
+ *
+ * @QCA_WLAN_VENDOR_SECURE_RANGING_CTX_ACTION_ADD: Add the secure ranging
+ * context for the peer.
+ * @QCA_WLAN_VENDOR_SECURE_RANGING_CTX_ACTION_DELETE: Delete the secure ranging
+ * context for the peer.
+ */
+enum qca_wlan_vendor_secure_ranging_ctx_action {
+ QCA_WLAN_VENDOR_SECURE_RANGING_CTX_ACTION_ADD,
+ QCA_WLAN_VENDOR_SECURE_RANGING_CTX_ACTION_DELETE,
+};
+
+/**
+ * enum qca_wlan_vendor_sha_type - SHA types. Used to configure the SHA type
+ * used for deriving PASN keys to the driver. Used in
+ * QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_SHA_TYPE
+ * @QCA_WLAN_VENDOR_SHA_256: SHA-256
+ * @QCA_WLAN_VENDOR_SHA_384: SHA-384
+ */
+enum qca_wlan_vendor_sha_type {
+ QCA_WLAN_VENDOR_SHA_256,
+ QCA_WLAN_VENDOR_SHA_384,
+};
+
+/**
+ * enum qca_wlan_vendor_attr_secure_ranging_ctx: Defines the attributes used
+ * to set security context for the PASN peer from userspace to the driver.
+ * Used with QCA_NL80211_VENDOR_SUBCMD_SECURE_RANGING_CONTEXT.
+ *
+ * @QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_ACTION: u32 attribute, possible
+ * values are defined in enum qca_wlan_vendor_secure_ranging_ctx_action
+ * @QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_SRC_ADDR: The local MAC address that
+ * was used during the PASN handshake.
+ * @QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_PEER_MAC_ADDR: The MAC address of
+ * the peer device for which secure ranging context is being configured.
+ * @QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_SHA_TYPE: u32 attribute, defines the
+ * hash algorithm to be used, possible values are defined in enum
+ * qca_wlan_vendor_sha_type.
+ * @QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_TK: Variable length attribute, holds
+ * the temporal key generated from the PASN handshake. The length of this
+ * attribute is dependent on the value of
+ * %QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_CIPHER.
+ * @QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_CIPHER: cipher suite to use with the
+ * TK, u32, as defined in IEEE Std 802.11-2020, 9.4.2.24.2 (Cipher suites)
+ * (e.g., 0x000FAC04).
+ * @QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_LTF_KEYSEED: Variable length
+ * attribute, holds the LTF keyseed derived from KDK of PASN handshake.
+ * The length of this attribute is dependent on the value of
+ * %QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_SHA_TYPE.
+
+ */
+enum qca_wlan_vendor_attr_secure_ranging_ctx {
+ QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_INVALID = 0,
+ QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_ACTION = 1,
+ QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_SRC_ADDR = 2,
+ QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_PEER_MAC_ADDR = 3,
+ QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_SHA_TYPE = 4,
+ QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_TK = 5,
+ QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_CIPHER = 6,
+ QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_LTF_KEYSEED = 7,
+
+ /* keep last */
+ QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_AFTER_LAST,
+ QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_MAX =
+ QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_AFTER_LAST - 1,
+};
+
#endif /* QCA_VENDOR_H */
diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c
index 27336c9..587cd88 100644
--- a/src/common/wpa_common.c
+++ b/src/common/wpa_common.c
@@ -3025,120 +3025,116 @@
*/
static int wpa_parse_generic(const u8 *pos, struct wpa_eapol_ie_parse *ie)
{
- if (pos[1] == 0)
+ u8 len = pos[1];
+ size_t dlen = 2 + len;
+ u32 selector;
+ const u8 *p;
+ size_t left;
+
+ if (len == 0)
return 1;
- if (pos[1] >= 6 &&
- RSN_SELECTOR_GET(pos + 2) == WPA_OUI_TYPE &&
- pos[2 + WPA_SELECTOR_LEN] == 1 &&
- pos[2 + WPA_SELECTOR_LEN + 1] == 0) {
+ if (len < RSN_SELECTOR_LEN)
+ return 2;
+
+ p = pos + 2;
+ selector = RSN_SELECTOR_GET(p);
+ p += RSN_SELECTOR_LEN;
+ left = len - RSN_SELECTOR_LEN;
+
+ if (left >= 2 && selector == WPA_OUI_TYPE && p[0] == 1 && p[1] == 0) {
ie->wpa_ie = pos;
- ie->wpa_ie_len = pos[1] + 2;
+ ie->wpa_ie_len = dlen;
wpa_hexdump(MSG_DEBUG, "WPA: WPA IE in EAPOL-Key",
ie->wpa_ie, ie->wpa_ie_len);
return 0;
}
- if (pos[1] >= 4 && WPA_GET_BE32(pos + 2) == OSEN_IE_VENDOR_TYPE) {
+ if (selector == OSEN_IE_VENDOR_TYPE) {
ie->osen = pos;
- ie->osen_len = pos[1] + 2;
+ ie->osen_len = dlen;
return 0;
}
- if (pos[1] >= RSN_SELECTOR_LEN + PMKID_LEN &&
- RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_PMKID) {
- ie->pmkid = pos + 2 + RSN_SELECTOR_LEN;
- wpa_hexdump(MSG_DEBUG, "WPA: PMKID in EAPOL-Key",
- pos, pos[1] + 2);
+ if (left >= PMKID_LEN && selector == RSN_KEY_DATA_PMKID) {
+ ie->pmkid = p;
+ wpa_hexdump(MSG_DEBUG, "WPA: PMKID in EAPOL-Key", pos, dlen);
return 0;
}
- if (pos[1] >= RSN_SELECTOR_LEN + 2 &&
- RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_KEYID) {
- ie->key_id = pos + 2 + RSN_SELECTOR_LEN;
- wpa_hexdump(MSG_DEBUG, "WPA: KeyID in EAPOL-Key",
- pos, pos[1] + 2);
+ if (left >= 2 && selector == RSN_KEY_DATA_KEYID) {
+ ie->key_id = p;
+ wpa_hexdump(MSG_DEBUG, "WPA: KeyID in EAPOL-Key", pos, dlen);
return 0;
}
- if (pos[1] > RSN_SELECTOR_LEN + 2 &&
- RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_GROUPKEY) {
- ie->gtk = pos + 2 + RSN_SELECTOR_LEN;
- ie->gtk_len = pos[1] - RSN_SELECTOR_LEN;
- wpa_hexdump_key(MSG_DEBUG, "WPA: GTK in EAPOL-Key",
- pos, pos[1] + 2);
+ if (left > 2 && selector == RSN_KEY_DATA_GROUPKEY) {
+ ie->gtk = p;
+ ie->gtk_len = left;
+ wpa_hexdump_key(MSG_DEBUG, "WPA: GTK in EAPOL-Key", pos, dlen);
return 0;
}
- if (pos[1] > RSN_SELECTOR_LEN + 2 &&
- RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_MAC_ADDR) {
- ie->mac_addr = pos + 2 + RSN_SELECTOR_LEN;
- ie->mac_addr_len = pos[1] - RSN_SELECTOR_LEN;
+ if (left > 2 && selector == RSN_KEY_DATA_MAC_ADDR) {
+ ie->mac_addr = p;
+ ie->mac_addr_len = left;
wpa_hexdump(MSG_DEBUG, "WPA: MAC Address in EAPOL-Key",
- pos, pos[1] + 2);
+ pos, dlen);
return 0;
}
- if (pos[1] > RSN_SELECTOR_LEN + 2 &&
- RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_IGTK) {
- ie->igtk = pos + 2 + RSN_SELECTOR_LEN;
- ie->igtk_len = pos[1] - RSN_SELECTOR_LEN;
+ if (left > 2 && selector == RSN_KEY_DATA_IGTK) {
+ ie->igtk = p;
+ ie->igtk_len = left;
wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK in EAPOL-Key",
- pos, pos[1] + 2);
+ pos, dlen);
return 0;
}
- if (pos[1] > RSN_SELECTOR_LEN + 2 &&
- RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_BIGTK) {
- ie->bigtk = pos + 2 + RSN_SELECTOR_LEN;
- ie->bigtk_len = pos[1] - RSN_SELECTOR_LEN;
+ if (left > 2 && selector == RSN_KEY_DATA_BIGTK) {
+ ie->bigtk = p;
+ ie->bigtk_len = left;
wpa_hexdump_key(MSG_DEBUG, "WPA: BIGTK in EAPOL-Key",
- pos, pos[1] + 2);
+ pos, dlen);
return 0;
}
- if (pos[1] >= RSN_SELECTOR_LEN + 1 &&
- RSN_SELECTOR_GET(pos + 2) == WFA_KEY_DATA_IP_ADDR_REQ) {
- ie->ip_addr_req = pos + 2 + RSN_SELECTOR_LEN;
+ if (left >= 1 && selector == WFA_KEY_DATA_IP_ADDR_REQ) {
+ ie->ip_addr_req = p;
wpa_hexdump(MSG_DEBUG, "WPA: IP Address Request in EAPOL-Key",
- ie->ip_addr_req, pos[1] - RSN_SELECTOR_LEN);
+ ie->ip_addr_req, left);
return 0;
}
- if (pos[1] >= RSN_SELECTOR_LEN + 3 * 4 &&
- RSN_SELECTOR_GET(pos + 2) == WFA_KEY_DATA_IP_ADDR_ALLOC) {
- ie->ip_addr_alloc = pos + 2 + RSN_SELECTOR_LEN;
+ if (left >= 3 * 4 && selector == WFA_KEY_DATA_IP_ADDR_ALLOC) {
+ ie->ip_addr_alloc = p;
wpa_hexdump(MSG_DEBUG,
"WPA: IP Address Allocation in EAPOL-Key",
- ie->ip_addr_alloc, pos[1] - RSN_SELECTOR_LEN);
+ ie->ip_addr_alloc, left);
return 0;
}
- if (pos[1] > RSN_SELECTOR_LEN + 2 &&
- RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_OCI) {
- ie->oci = pos + 2 + RSN_SELECTOR_LEN;
- ie->oci_len = pos[1] - RSN_SELECTOR_LEN;
+ if (left > 2 && selector == RSN_KEY_DATA_OCI) {
+ ie->oci = p;
+ ie->oci_len = left;
wpa_hexdump(MSG_DEBUG, "WPA: OCI KDE in EAPOL-Key",
- pos, pos[1] + 2);
+ pos, dlen);
return 0;
}
- if (pos[1] >= RSN_SELECTOR_LEN + 1 &&
- RSN_SELECTOR_GET(pos + 2) == WFA_KEY_DATA_TRANSITION_DISABLE) {
- ie->transition_disable = pos + 2 + RSN_SELECTOR_LEN;
- ie->transition_disable_len = pos[1] - RSN_SELECTOR_LEN;
+ if (left >= 1 && selector == WFA_KEY_DATA_TRANSITION_DISABLE) {
+ ie->transition_disable = p;
+ ie->transition_disable_len = left;
wpa_hexdump(MSG_DEBUG,
"WPA: Transition Disable KDE in EAPOL-Key",
- pos, pos[1] + 2);
+ pos, dlen);
return 0;
}
- if (pos[1] >= RSN_SELECTOR_LEN + 2 &&
- RSN_SELECTOR_GET(pos + 2) == WFA_KEY_DATA_DPP) {
- ie->dpp_kde = pos + 2 + RSN_SELECTOR_LEN;
- ie->dpp_kde_len = pos[1] - RSN_SELECTOR_LEN;
- wpa_hexdump(MSG_DEBUG, "WPA: DPP KDE in EAPOL-Key",
- pos, pos[1] + 2);
+ if (left >= 2 && selector == WFA_KEY_DATA_DPP) {
+ ie->dpp_kde = p;
+ ie->dpp_kde_len = left;
+ wpa_hexdump(MSG_DEBUG, "WPA: DPP KDE in EAPOL-Key", pos, dlen);
return 0;
}
@@ -3157,15 +3153,17 @@
{
const u8 *pos, *end;
int ret = 0;
+ size_t dlen = 0;
os_memset(ie, 0, sizeof(*ie));
- for (pos = buf, end = pos + len; end - pos > 1; pos += 2 + pos[1]) {
+ for (pos = buf, end = pos + len; end - pos > 1; pos += dlen) {
if (pos[0] == 0xdd &&
((pos == buf + len - 1) || pos[1] == 0)) {
/* Ignore padding */
break;
}
- if (2 + pos[1] > end - pos) {
+ dlen = 2 + pos[1];
+ if ((int) dlen > end - pos) {
wpa_printf(MSG_DEBUG,
"WPA: EAPOL-Key Key Data underflow (ie=%d len=%d pos=%d)",
pos[0], pos[1], (int) (pos - buf));
@@ -3175,22 +3173,22 @@
}
if (*pos == WLAN_EID_RSN) {
ie->rsn_ie = pos;
- ie->rsn_ie_len = pos[1] + 2;
+ ie->rsn_ie_len = dlen;
wpa_hexdump(MSG_DEBUG, "WPA: RSN IE in EAPOL-Key",
ie->rsn_ie, ie->rsn_ie_len);
} else if (*pos == WLAN_EID_RSNX) {
ie->rsnxe = pos;
- ie->rsnxe_len = pos[1] + 2;
+ ie->rsnxe_len = dlen;
wpa_hexdump(MSG_DEBUG, "WPA: RSNXE in EAPOL-Key",
ie->rsnxe, ie->rsnxe_len);
} else if (*pos == WLAN_EID_MOBILITY_DOMAIN) {
ie->mdie = pos;
- ie->mdie_len = pos[1] + 2;
+ ie->mdie_len = dlen;
wpa_hexdump(MSG_DEBUG, "WPA: MDIE in EAPOL-Key",
ie->mdie, ie->mdie_len);
} else if (*pos == WLAN_EID_FAST_BSS_TRANSITION) {
ie->ftie = pos;
- ie->ftie_len = pos[1] + 2;
+ ie->ftie_len = dlen;
wpa_hexdump(MSG_DEBUG, "WPA: FTIE in EAPOL-Key",
ie->ftie, ie->ftie_len);
} else if (*pos == WLAN_EID_TIMEOUT_INTERVAL && pos[1] >= 5) {
@@ -3198,31 +3196,31 @@
ie->reassoc_deadline = pos;
wpa_hexdump(MSG_DEBUG, "WPA: Reassoc Deadline "
"in EAPOL-Key",
- ie->reassoc_deadline, pos[1] + 2);
+ ie->reassoc_deadline, dlen);
} else if (pos[2] == WLAN_TIMEOUT_KEY_LIFETIME) {
ie->key_lifetime = pos;
wpa_hexdump(MSG_DEBUG, "WPA: KeyLifetime "
"in EAPOL-Key",
- ie->key_lifetime, pos[1] + 2);
+ ie->key_lifetime, dlen);
} else {
wpa_hexdump(MSG_DEBUG, "WPA: Unrecognized "
"EAPOL-Key Key Data IE",
- pos, 2 + pos[1]);
+ pos, dlen);
}
} else if (*pos == WLAN_EID_LINK_ID) {
if (pos[1] >= 18) {
ie->lnkid = pos;
- ie->lnkid_len = pos[1] + 2;
+ ie->lnkid_len = dlen;
}
} else if (*pos == WLAN_EID_EXT_CAPAB) {
ie->ext_capab = pos;
- ie->ext_capab_len = pos[1] + 2;
+ ie->ext_capab_len = dlen;
} else if (*pos == WLAN_EID_SUPP_RATES) {
ie->supp_rates = pos;
- ie->supp_rates_len = pos[1] + 2;
+ ie->supp_rates_len = dlen;
} else if (*pos == WLAN_EID_EXT_SUPP_RATES) {
ie->ext_supp_rates = pos;
- ie->ext_supp_rates_len = pos[1] + 2;
+ ie->ext_supp_rates_len = dlen;
} else if (*pos == WLAN_EID_HT_CAP &&
pos[1] >= sizeof(struct ieee80211_ht_capabilities)) {
ie->ht_capabilities = pos + 2;
@@ -3276,7 +3274,7 @@
} else {
wpa_hexdump(MSG_DEBUG,
"WPA: Unrecognized EAPOL-Key Key Data IE",
- pos, 2 + pos[1]);
+ pos, dlen);
}
}
diff --git a/src/crypto/crypto.h b/src/crypto/crypto.h
index e4f3eb3..67210a0 100644
--- a/src/crypto/crypto.h
+++ b/src/crypto/crypto.h
@@ -1086,16 +1086,20 @@
* crypto_ec_key_get_public_key - Get EC public key as an EC point
* @key: EC key from crypto_ec_key_parse/set_pub() or crypto_ec_key_parse_priv()
* Returns: Public key as an EC point or %NULL on failure
+ *
+ * The caller needs to free the returned value with crypto_ec_point_deinit().
*/
-const struct crypto_ec_point *
+struct crypto_ec_point *
crypto_ec_key_get_public_key(struct crypto_ec_key *key);
/**
* crypto_ec_key_get_private_key - Get EC private key as a bignum
* @key: EC key from crypto_ec_key_parse/set_pub() or crypto_ec_key_parse_priv()
* Returns: Private key as a bignum or %NULL on failure
+ *
+ * The caller needs to free the returned value with crypto_bignum_deinit().
*/
-const struct crypto_bignum *
+struct crypto_bignum *
crypto_ec_key_get_private_key(struct crypto_ec_key *key);
/**
diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index c6e065f..08e9f26 100644
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -25,6 +25,9 @@
#include <openssl/provider.h>
#include <openssl/core_names.h>
#include <openssl/param_build.h>
+#include <openssl/rsa.h>
+#include <openssl/encoder.h>
+#include <openssl/decoder.h>
#else /* OpenSSL version >= 3.0 */
#include <openssl/cmac.h>
#endif /* OpenSSL version >= 3.0 */
@@ -117,6 +120,19 @@
{
return ASN1_STRING_data((ASN1_STRING *) x);
}
+
+
+static const ASN1_TIME * X509_get0_notBefore(const X509 *x)
+{
+ return X509_get_notBefore(x);
+}
+
+
+static const ASN1_TIME * X509_get0_notAfter(const X509 *x)
+{
+ return X509_get_notAfter(x);
+}
+
#endif /* OpenSSL version < 1.1.0 */
@@ -1347,21 +1363,22 @@
ctx = os_zalloc(sizeof(*ctx));
if (!ctx)
- return NULL;
+ goto fail;
ctx->ctx = EVP_MAC_CTX_new(mac);
if (!ctx->ctx) {
- EVP_MAC_free(mac);
os_free(ctx);
- return NULL;
+ ctx = NULL;
+ goto fail;
}
if (EVP_MAC_init(ctx->ctx, key, key_len, params) != 1) {
EVP_MAC_CTX_free(ctx->ctx);
bin_clear_free(ctx, sizeof(*ctx));
- EVP_MAC_free(mac);
- return NULL;
+ ctx = NULL;
+ goto fail;
}
+fail:
EVP_MAC_free(mac);
return ctx;
#else /* OpenSSL version >= 3.0 */
@@ -2216,6 +2233,7 @@
struct crypto_ec {
EC_GROUP *group;
int nid;
+ int iana_group;
BN_CTX *bnctx;
BIGNUM *prime;
BIGNUM *order;
@@ -2260,6 +2278,44 @@
}
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+static const char * crypto_ec_group_2_name(int group)
+{
+ /* Map from IANA registry for IKE D-H groups to OpenSSL group name */
+ switch (group) {
+ case 19:
+ return "prime256v1";
+ case 20:
+ return "secp384r1";
+ case 21:
+ return "secp521r1";
+ case 25:
+ return "prime192v1";
+ case 26:
+ return "secp224r1";
+#ifdef NID_brainpoolP224r1
+ case 27:
+ return "brainpoolP224r1";
+#endif /* NID_brainpoolP224r1 */
+#ifdef NID_brainpoolP256r1
+ case 28:
+ return "brainpoolP256r1";
+#endif /* NID_brainpoolP256r1 */
+#ifdef NID_brainpoolP384r1
+ case 29:
+ return "brainpoolP384r1";
+#endif /* NID_brainpoolP384r1 */
+#ifdef NID_brainpoolP512r1
+ case 30:
+ return "brainpoolP512r1";
+#endif /* NID_brainpoolP512r1 */
+ default:
+ return NULL;
+ }
+}
+#endif /* OpenSSL version >= 3.0 */
+
+
struct crypto_ec * crypto_ec_init(int group)
{
struct crypto_ec *e;
@@ -2274,6 +2330,7 @@
return NULL;
e->nid = nid;
+ e->iana_group = group;
e->bnctx = BN_CTX_new();
e->group = EC_GROUP_new_by_curve_name(nid);
e->prime = BN_new();
@@ -2936,6 +2993,27 @@
struct crypto_ec_key * crypto_ec_key_parse_priv(const u8 *der, size_t der_len)
{
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ EVP_PKEY *pkey = NULL;
+ OSSL_DECODER_CTX *ctx;
+
+ ctx = OSSL_DECODER_CTX_new_for_pkey(
+ &pkey, "DER", NULL, "EC",
+ OSSL_KEYMGMT_SELECT_KEYPAIR |
+ OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
+ NULL, NULL);
+ if (!ctx ||
+ OSSL_DECODER_from_data(ctx, &der, &der_len) != 1) {
+ wpa_printf(MSG_INFO, "OpenSSL: Decoding EC private key (DER) failed: %s",
+ ERR_error_string(ERR_get_error(), NULL));
+ goto fail;
+ }
+
+ return (struct crypto_ec_key *) pkey;
+fail:
+ crypto_ec_key_deinit((struct crypto_ec_key *) pkey);
+ return NULL;
+#else /* OpenSSL version >= 3.0 */
EVP_PKEY *pkey = NULL;
EC_KEY *eckey;
@@ -2957,6 +3035,7 @@
fail:
crypto_ec_key_deinit((struct crypto_ec_key *) pkey);
return NULL;
+#endif /* OpenSSL version >= 3.0 */
}
@@ -2972,8 +3051,13 @@
}
/* Ensure this is an EC key */
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ if (!EVP_PKEY_is_a(pkey, "EC"))
+ goto fail;
+#else /* OpenSSL version >= 3.0 */
if (!EVP_PKEY_get0_EC_KEY(pkey))
goto fail;
+#endif /* OpenSSL version >= 3.0 */
return (struct crypto_ec_key *) pkey;
fail:
crypto_ec_key_deinit((struct crypto_ec_key *) pkey);
@@ -2984,6 +3068,47 @@
struct crypto_ec_key * crypto_ec_key_set_pub(int group, const u8 *buf_x,
const u8 *buf_y, size_t len)
{
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ const char *group_name;
+ OSSL_PARAM params[3];
+ u8 *pub;
+ EVP_PKEY_CTX *ctx;
+ EVP_PKEY *pkey = NULL;
+
+ group_name = crypto_ec_group_2_name(group);
+ if (!group_name)
+ return NULL;
+
+ pub = os_malloc(1 + len * 2);
+ if (!pub)
+ return NULL;
+ pub[0] = 0x04; /* uncompressed */
+ os_memcpy(pub + 1, buf_x, len);
+ os_memcpy(pub + 1 + len, buf_y, len);
+
+ params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
+ (char *) group_name, 0);
+ params[1] = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
+ pub, 1 + len * 2);
+ params[2] = OSSL_PARAM_construct_end();
+
+ ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL);
+ if (!ctx) {
+ os_free(pub);
+ return NULL;
+ }
+ if (EVP_PKEY_fromdata_init(ctx) <= 0 ||
+ EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_PUBLIC_KEY, params) <= 0) {
+ os_free(pub);
+ EVP_PKEY_CTX_free(ctx);
+ return NULL;
+ }
+
+ os_free(pub);
+ EVP_PKEY_CTX_free(ctx);
+
+ return (struct crypto_ec_key *) pkey;
+#else /* OpenSSL version >= 3.0 */
EC_KEY *eckey = NULL;
EVP_PKEY *pkey = NULL;
EC_GROUP *ec_group = NULL;
@@ -3058,6 +3183,7 @@
EVP_PKEY_free(pkey);
pkey = NULL;
goto out;
+#endif /* OpenSSL version >= 3.0 */
}
@@ -3065,9 +3191,28 @@
crypto_ec_key_set_pub_point(struct crypto_ec *ec,
const struct crypto_ec_point *pub)
{
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ int len = BN_num_bytes(ec->prime);
+ struct crypto_ec_key *key;
+ u8 *buf;
+
+ buf = os_malloc(2 * len);
+ if (!buf)
+ return NULL;
+ if (crypto_ec_point_to_bin(ec, pub, buf, buf + len) < 0) {
+ os_free(buf);
+ return NULL;
+ }
+
+ key = crypto_ec_key_set_pub(ec->iana_group, buf, buf + len, len);
+ os_free(buf);
+
+ return key;
+#else /* OpenSSL version >= 3.0 */
EC_KEY *eckey;
EVP_PKEY *pkey = NULL;
+ wpa_printf(MSG_INFO, "JKM:%s", __func__);
eckey = EC_KEY_new();
if (!eckey ||
EC_KEY_set_group(eckey, ec->group) != 1 ||
@@ -3093,11 +3238,41 @@
EC_KEY_free(eckey);
pkey = NULL;
goto out;
+#endif /* OpenSSL version >= 3.0 */
}
struct crypto_ec_key * crypto_ec_key_gen(int group)
{
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ EVP_PKEY_CTX *ctx;
+ OSSL_PARAM params[2];
+ const char *group_name;
+ EVP_PKEY *pkey = NULL;
+
+ group_name = crypto_ec_group_2_name(group);
+ if (!group_name)
+ return NULL;
+
+ params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
+ (char *) group_name, 0);
+ params[1] = OSSL_PARAM_construct_end();
+
+ ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL);
+ if (!ctx ||
+ EVP_PKEY_keygen_init(ctx) != 1 ||
+ EVP_PKEY_CTX_set_params(ctx, params) != 1 ||
+ EVP_PKEY_generate(ctx, &pkey) != 1) {
+ wpa_printf(MSG_INFO,
+ "OpenSSL: failed to generate EC keypair: %s",
+ ERR_error_string(ERR_get_error(), NULL));
+ pkey = NULL;
+ }
+
+ EVP_PKEY_CTX_free(ctx);
+
+ return (struct crypto_ec_key *) pkey;
+#else /* OpenSSL version >= 3.0 */
EVP_PKEY_CTX *kctx = NULL;
EC_KEY *ec_params = NULL, *eckey;
EVP_PKEY *params = NULL, *key = NULL;
@@ -3145,6 +3320,7 @@
EVP_PKEY_free(params);
EVP_PKEY_CTX_free(kctx);
return (struct crypto_ec_key *) key;
+#endif /* OpenSSL version >= 3.0 */
}
@@ -3183,6 +3359,54 @@
struct wpabuf * crypto_ec_key_get_subject_public_key(struct crypto_ec_key *key)
{
+ EVP_PKEY *pkey = (EVP_PKEY *) key;
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ OSSL_ENCODER_CTX *ctx;
+ int selection;
+ unsigned char *pdata = NULL;
+ size_t pdata_len = 0;
+ EVP_PKEY *copy = NULL;
+ struct wpabuf *buf = NULL;
+
+ if (EVP_PKEY_get_ec_point_conv_form(pkey) !=
+ POINT_CONVERSION_COMPRESSED) {
+ copy = EVP_PKEY_dup(pkey);
+ if (!copy)
+ return NULL;
+ if (EVP_PKEY_set_utf8_string_param(
+ copy, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
+ OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED) !=
+ 1) {
+ wpa_printf(MSG_INFO,
+ "OpenSSL: Failed to set compressed format");
+ EVP_PKEY_free(copy);
+ return NULL;
+ }
+ pkey = copy;
+ }
+
+ selection = OSSL_KEYMGMT_SELECT_ALL_PARAMETERS |
+ OSSL_KEYMGMT_SELECT_PUBLIC_KEY;
+
+ ctx = OSSL_ENCODER_CTX_new_for_pkey(pkey, selection, "DER",
+ "SubjectPublicKeyInfo",
+ NULL);
+ if (!ctx || OSSL_ENCODER_to_data(ctx, &pdata, &pdata_len) != 1) {
+ wpa_printf(MSG_INFO,
+ "OpenSSL: Failed to encode SubjectPublicKeyInfo: %s",
+ ERR_error_string(ERR_get_error(), NULL));
+ pdata = NULL;
+ }
+ OSSL_ENCODER_CTX_free(ctx);
+ if (pdata) {
+ buf = wpabuf_alloc_copy(pdata, pdata_len);
+ OPENSSL_free(pdata);
+ }
+
+ EVP_PKEY_free(copy);
+
+ return buf;
+#else /* OpenSSL version >= 3.0 */
#ifdef OPENSSL_IS_BORINGSSL
unsigned char *der = NULL;
int der_len;
@@ -3196,7 +3420,7 @@
int nid;
ctx = BN_CTX_new();
- eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) key);
+ eckey = EVP_PKEY_get0_EC_KEY(pkey);
if (!ctx || !eckey)
goto fail;
@@ -3249,33 +3473,16 @@
int der_len;
struct wpabuf *buf;
EC_KEY *eckey;
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- EVP_PKEY *tmp;
-#endif /* OpenSSL version >= 3.0 */
- eckey = EVP_PKEY_get1_EC_KEY((EVP_PKEY *) key);
+ eckey = EVP_PKEY_get1_EC_KEY(pkey);
if (!eckey)
return NULL;
/* For now, all users expect COMPRESSED form */
EC_KEY_set_conv_form(eckey, POINT_CONVERSION_COMPRESSED);
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- tmp = EVP_PKEY_new();
- if (!tmp)
- return NULL;
- if (EVP_PKEY_set1_EC_KEY(tmp, eckey) != 1) {
- EVP_PKEY_free(tmp);
- return NULL;
- }
- key = (struct crypto_ec_key *) tmp;
-#endif /* OpenSSL version >= 3.0 */
-
der_len = i2d_PUBKEY((EVP_PKEY *) key, &der);
EC_KEY_free(eckey);
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- EVP_PKEY_free(tmp);
-#endif /* OpenSSL version >= 3.0 */
if (der_len <= 0) {
wpa_printf(MSG_INFO, "OpenSSL: i2d_PUBKEY() failed: %s",
ERR_error_string(ERR_get_error(), NULL));
@@ -3286,19 +3493,58 @@
OPENSSL_free(der);
return buf;
#endif /* OPENSSL_IS_BORINGSSL */
+#endif /* OpenSSL version >= 3.0 */
}
struct wpabuf * crypto_ec_key_get_ecprivate_key(struct crypto_ec_key *key,
bool include_pub)
{
+ EVP_PKEY *pkey = (EVP_PKEY *) key;
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ OSSL_ENCODER_CTX *ctx;
+ int selection;
+ unsigned char *pdata = NULL;
+ size_t pdata_len = 0;
+ struct wpabuf *buf;
+ EVP_PKEY *copy = NULL;
+
+ selection = OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS |
+ OSSL_KEYMGMT_SELECT_PRIVATE_KEY;
+ if (include_pub) {
+ selection |= OSSL_KEYMGMT_SELECT_PUBLIC_KEY;
+ } else {
+ /* Not including OSSL_KEYMGMT_SELECT_PUBLIC_KEY does not seem
+ * to really be sufficient, so clone the key and explicitly
+ * mark it not to include the public key. */
+ copy = EVP_PKEY_dup(pkey);
+ if (!copy)
+ return NULL;
+ EVP_PKEY_set_int_param(copy, OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC,
+ 0);
+ pkey = copy;
+ }
+
+ ctx = OSSL_ENCODER_CTX_new_for_pkey(pkey, selection, "DER",
+ "type-specific", NULL);
+ if (!ctx || OSSL_ENCODER_to_data(ctx, &pdata, &pdata_len) != 1) {
+ OSSL_ENCODER_CTX_free(ctx);
+ EVP_PKEY_free(copy);
+ return NULL;
+ }
+ OSSL_ENCODER_CTX_free(ctx);
+ buf = wpabuf_alloc_copy(pdata, pdata_len);
+ OPENSSL_free(pdata);
+ EVP_PKEY_free(copy);
+ return buf;
+#else /* OpenSSL version >= 3.0 */
EC_KEY *eckey;
unsigned char *der = NULL;
int der_len;
struct wpabuf *buf;
unsigned int key_flags;
- eckey = EVP_PKEY_get1_EC_KEY((EVP_PKEY *) key);
+ eckey = EVP_PKEY_get1_EC_KEY(pkey);
if (!eckey)
return NULL;
@@ -3319,18 +3565,53 @@
OPENSSL_free(der);
return buf;
+#endif /* OpenSSL version >= 3.0 */
}
struct wpabuf * crypto_ec_key_get_pubkey_point(struct crypto_ec_key *key,
int prefix)
{
+ EVP_PKEY *pkey = (EVP_PKEY *) key;
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ struct wpabuf *buf;
+ unsigned char *pos;
+ size_t pub_len = OSSL_PARAM_UNMODIFIED;
+
+ buf = NULL;
+ if (!EVP_PKEY_is_a(pkey, "EC") ||
+ EVP_PKEY_get_octet_string_param(pkey,
+ OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
+ NULL, 0, &pub_len) < 0 ||
+ pub_len == OSSL_PARAM_UNMODIFIED ||
+ !(buf = wpabuf_alloc(pub_len)) ||
+ EVP_PKEY_get_octet_string_param(pkey,
+ OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
+ wpabuf_put(buf, pub_len),
+ pub_len, NULL) != 1 ||
+ wpabuf_head_u8(buf)[0] != 0x04) {
+ wpa_printf(MSG_INFO,
+ "OpenSSL: Failed to get encoded public key: %s",
+ ERR_error_string(ERR_get_error(), NULL));
+ wpabuf_free(buf);
+ return NULL;
+ }
+
+ if (!prefix) {
+ /* Remove 0x04 prefix if requested */
+ pos = wpabuf_mhead(buf);
+ os_memmove(pos, pos + 1, pub_len - 1);
+ buf->used--;
+ }
+
+ return buf;
+#else /* OpenSSL version >= 3.0 */
int len, res;
EC_KEY *eckey;
struct wpabuf *buf;
unsigned char *pos;
- eckey = EVP_PKEY_get1_EC_KEY((EVP_PKEY *) key);
+ eckey = EVP_PKEY_get1_EC_KEY(pkey);
if (!eckey)
return NULL;
EC_KEY_set_conv_form(eckey, POINT_CONVERSION_UNCOMPRESSED);
@@ -3367,30 +3648,92 @@
}
return buf;
+#endif /* OpenSSL version >= 3.0 */
}
-const struct crypto_ec_point *
+struct crypto_ec_point *
crypto_ec_key_get_public_key(struct crypto_ec_key *key)
{
- const EC_KEY *eckey;
+ EVP_PKEY *pkey = (EVP_PKEY *) key;
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ char group[64];
+ unsigned char pub[256];
+ size_t len;
+ EC_POINT *point = NULL;
+ EC_GROUP *grp;
+ int res = 0;
+ OSSL_PARAM params[2];
- eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) key);
+ if (!EVP_PKEY_is_a(pkey, "EC") ||
+ EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME,
+ group, sizeof(group), &len) != 1 ||
+ EVP_PKEY_get_octet_string_param(pkey, OSSL_PKEY_PARAM_PUB_KEY,
+ pub, sizeof(pub), &len) != 1)
+ return NULL;
+
+ params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
+ group, 0);
+ params[1] = OSSL_PARAM_construct_end();
+ grp = EC_GROUP_new_from_params(params, NULL, NULL);
+ if (!grp)
+ goto fail;
+ point = EC_POINT_new(grp);
+ if (!point)
+ goto fail;
+ res = EC_POINT_oct2point(grp, point, pub, len, NULL);
+
+fail:
+ if (res != 1) {
+ EC_POINT_free(point);
+ point = NULL;
+ }
+
+ EC_GROUP_free(grp);
+
+ return (struct crypto_ec_point *) point;
+#else /* OpenSSL version >= 3.0 */
+ const EC_KEY *eckey;
+ const EC_POINT *point;
+ const EC_GROUP *group;
+
+ eckey = EVP_PKEY_get0_EC_KEY(pkey);
if (!eckey)
return NULL;
- return (const struct crypto_ec_point *) EC_KEY_get0_public_key(eckey);
+ group = EC_KEY_get0_group(eckey);
+ if (!group)
+ return NULL;
+ point = EC_KEY_get0_public_key(eckey);
+ if (!point)
+ return NULL;
+ return (struct crypto_ec_point *) EC_POINT_dup(point, group);
+#endif /* OpenSSL version >= 3.0 */
}
-const struct crypto_bignum *
+struct crypto_bignum *
crypto_ec_key_get_private_key(struct crypto_ec_key *key)
{
- const EC_KEY *eckey;
+ EVP_PKEY *pkey = (EVP_PKEY *) key;
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ BIGNUM *bn = NULL;
- eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) key);
+ if (!EVP_PKEY_is_a(pkey, "EC") ||
+ EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &bn) != 1)
+ return NULL;
+ return (struct crypto_bignum *) bn;
+#else /* OpenSSL version >= 3.0 */
+ const EC_KEY *eckey;
+ const BIGNUM *bn;
+
+ eckey = EVP_PKEY_get0_EC_KEY(pkey);
if (!eckey)
return NULL;
- return (const struct crypto_bignum *) EC_KEY_get0_private_key(eckey);
+ bn = EC_KEY_get0_private_key(eckey);
+ if (!bn)
+ return NULL;
+ return (struct crypto_bignum *) BN_dup(bn);
+#endif /* OpenSSL version >= 3.0 */
}
@@ -3943,6 +4286,8 @@
{
EVP_PKEY *pkey;
X509 *x509;
+ const ASN1_TIME *not_before, *not_after;
+ int res_before, res_after;
pkey = PEM_read_PUBKEY(f, NULL, NULL, NULL);
if (pkey)
@@ -3953,17 +4298,36 @@
if (!x509)
return NULL;
+ not_before = X509_get0_notBefore(x509);
+ not_after = X509_get0_notAfter(x509);
+ if (!not_before || !not_after)
+ goto fail;
+ res_before = X509_cmp_current_time(not_before);
+ res_after = X509_cmp_current_time(not_after);
+ if (!res_before || !res_after)
+ goto fail;
+ if (res_before > 0 || res_after < 0) {
+ wpa_printf(MSG_INFO,
+ "OpenSSL: Certificate for RSA public key is not valid at this time (%d %d)",
+ res_before, res_after);
+ goto fail;
+ }
+
pkey = X509_get_pubkey(x509);
X509_free(x509);
if (!pkey)
return NULL;
if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
+ wpa_printf(MSG_INFO, "OpenSSL: No RSA public key found");
EVP_PKEY_free(pkey);
return NULL;
}
return pkey;
+fail:
+ X509_free(x509);
+ return NULL;
}
diff --git a/src/crypto/fips_prf_internal.c b/src/crypto/fips_prf_internal.c
index a4bf50a..f9347d0 100644
--- a/src/crypto/fips_prf_internal.c
+++ b/src/crypto/fips_prf_internal.c
@@ -17,10 +17,11 @@
int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen)
{
u8 xkey[64];
- u32 t[5], _t[5];
+ u32 _t[5];
int i, j, m, k;
u8 *xpos = x;
u32 carry;
+ struct SHA1Context ctx;
if (seed_len < sizeof(xkey))
os_memset(xkey + seed_len, 0, sizeof(xkey) - seed_len);
@@ -30,11 +31,7 @@
/* FIPS 186-2 + change notice 1 */
os_memcpy(xkey, seed, seed_len);
- t[0] = 0x67452301;
- t[1] = 0xEFCDAB89;
- t[2] = 0x98BADCFE;
- t[3] = 0x10325476;
- t[4] = 0xC3D2E1F0;
+ SHA1Init(&ctx);
m = xlen / 40;
for (j = 0; j < m; j++) {
@@ -43,7 +40,7 @@
/* XVAL = (XKEY + XSEED_j) mod 2^b */
/* w_i = G(t, XVAL) */
- os_memcpy(_t, t, 20);
+ os_memcpy(_t, ctx.state, 20);
SHA1Transform(_t, xkey);
_t[0] = host_to_be32(_t[0]);
_t[1] = host_to_be32(_t[1]);
diff --git a/src/crypto/fips_prf_openssl.c b/src/crypto/fips_prf_openssl.c
index 4697e04..484f772 100644
--- a/src/crypto/fips_prf_openssl.c
+++ b/src/crypto/fips_prf_openssl.c
@@ -7,6 +7,19 @@
*/
#include "includes.h"
+#include <openssl/opensslv.h>
+
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+
+/* OpenSSL 3.0 has deprecated the low-level SHA1 functions and does not
+ * include an upper layer interface that could be used to use the
+ * SHA1_Transform() function. Use the internal SHA-1 implementation instead
+ * as a workaround. */
+#include "sha1-internal.c"
+#include "fips_prf_internal.c"
+
+#else /* OpenSSL version >= 3.0 */
+
#include <openssl/sha.h>
#include "common.h"
@@ -97,3 +110,5 @@
return 0;
}
+
+#endif /* OpenSSL version >= 3.0 */
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index a1b5166..dc8a1b4 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -1584,6 +1584,15 @@
struct tls_connection *conn = arg;
const u8 *pos = buf;
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ if ((SSL_version(ssl) == TLS1_VERSION ||
+ SSL_version(ssl) == TLS1_1_VERSION) &&
+ SSL_get_security_level(ssl) > 0) {
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: Drop security level to 0 to allow TLS 1.0/1.1 use of MD5-SHA1 signature algorithm");
+ SSL_set_security_level(ssl, 0);
+ }
+#endif /* OpenSSL version >= 3.0 */
if (write_p == 2) {
wpa_printf(MSG_DEBUG,
"OpenSSL: session ver=0x%x content_type=%d",
@@ -4180,8 +4189,10 @@
"TLS: Failed to decode domain parameters from '%s': %s",
dh_file, ERR_error_string(ERR_get_error(), NULL));
BIO_free(bio);
+ OSSL_DECODER_CTX_free(ctx);
return -1;
}
+ OSSL_DECODER_CTX_free(ctx);
BIO_free(bio);
if (!tmpkey) {
diff --git a/src/drivers/driver.h b/src/drivers/driver.h
index 46cee44..12b46b6 100644
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -66,6 +66,7 @@
HOSTAPD_CHAN_WIDTH_40M = BIT(3),
HOSTAPD_CHAN_WIDTH_80 = BIT(4),
HOSTAPD_CHAN_WIDTH_160 = BIT(5),
+ HOSTAPD_CHAN_WIDTH_320 = BIT(6),
};
/* Filter gratuitous ARP */
@@ -667,6 +668,16 @@
*/
unsigned int p2p_include_6ghz:1;
+ /**
+ * non_coloc_6ghz - Force scanning of non-PSC 6 GHz channels
+ *
+ * If this is set, the driver should scan non-PSC channels from the
+ * scan request even if neighbor reports from 2.4/5 GHz APs did not
+ * report a co-located AP on these channels. The default is to scan
+ * non-PSC channels only if a co-located AP was reported on the channel.
+ */
+ unsigned int non_coloc_6ghz:1;
+
/*
* NOTE: Whenever adding new parameters here, please make sure
* wpa_scan_clone_params() and wpa_scan_free_params() get updated with
@@ -2601,6 +2612,24 @@
NESTED_ATTR_UNSPECIFIED = 2,
};
+/* Preferred channel list information */
+
+/* GO role */
+#define WEIGHTED_PCL_GO BIT(0)
+/* P2P Client role */
+#define WEIGHTED_PCL_CLI BIT(1)
+/* Must be considered for operating channel */
+#define WEIGHTED_PCL_MUST_CONSIDER BIT(2)
+/* Should be excluded in GO negotiation */
+#define WEIGHTED_PCL_EXCLUDE BIT(3)
+
+/* Preferred channel list with weight */
+struct weighted_pcl {
+ u32 freq; /* MHz */
+ u8 weight;
+ u32 flag; /* bitmap for WEIGHTED_PCL_* */
+};
+
/**
* struct wpa_driver_ops - Driver interface API definition
*
@@ -4445,14 +4474,17 @@
* @priv: Private driver interface data
* @if_type: Interface type
* @num: Number of channels
- * @freq_list: Preferred channel frequency list encoded in MHz values
+ * @freq_list: Weighted preferred channel list
* Returns 0 on success, -1 on failure
*
* This command can be used to query the preferred frequency list from
- * the driver specific to a particular interface type.
+ * the driver specific to a particular interface type. The freq_list
+ * array needs to have room for *num entries. *num will be updated to
+ * indicate the number of entries fetched from the driver.
*/
int (*get_pref_freq_list)(void *priv, enum wpa_driver_if_type if_type,
- unsigned int *num, unsigned int *freq_list);
+ unsigned int *num,
+ struct weighted_pcl *freq_list);
/**
* set_prob_oper_freq - Indicate probable P2P operating channel
@@ -5856,6 +5888,7 @@
const u8 *src;
const u8 *data;
size_t data_len;
+ enum frame_encryption encrypted;
} eapol_rx;
/**
@@ -6194,6 +6227,20 @@
event.eapol_rx.src = src;
event.eapol_rx.data = data;
event.eapol_rx.data_len = data_len;
+ event.eapol_rx.encrypted = FRAME_ENCRYPTION_UNKNOWN;
+ wpa_supplicant_event(ctx, EVENT_EAPOL_RX, &event);
+}
+
+static inline void drv_event_eapol_rx2(void *ctx, const u8 *src, const u8 *data,
+ size_t data_len,
+ enum frame_encryption encrypted)
+{
+ union wpa_event_data event;
+ os_memset(&event, 0, sizeof(event));
+ event.eapol_rx.src = src;
+ event.eapol_rx.data = data;
+ event.eapol_rx.data_len = data_len;
+ event.eapol_rx.encrypted = encrypted;
wpa_supplicant_event(ctx, EVENT_EAPOL_RX, &event);
}
diff --git a/src/drivers/driver_common.c b/src/drivers/driver_common.c
index 8db7861..84e6a9e 100644
--- a/src/drivers/driver_common.c
+++ b/src/drivers/driver_common.c
@@ -117,6 +117,8 @@
return "80+80 MHz";
case CHAN_WIDTH_160:
return "160 MHz";
+ case CHAN_WIDTH_320:
+ return "320 MHz";
default:
return "unknown";
}
@@ -136,6 +138,8 @@
case CHAN_WIDTH_80P80:
case CHAN_WIDTH_160:
return 160;
+ case CHAN_WIDTH_320:
+ return 320;
default:
return 0;
}
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index 5892fc1..bb3455d 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -219,6 +219,8 @@
return CHAN_WIDTH_80P80;
case NL80211_CHAN_WIDTH_160:
return CHAN_WIDTH_160;
+ case NL80211_CHAN_WIDTH_320:
+ return CHAN_WIDTH_320;
}
return CHAN_WIDTH_UNKNOWN;
}
@@ -5055,6 +5057,9 @@
case 160:
cw = NL80211_CHAN_WIDTH_160;
break;
+ case 320:
+ cw = NL80211_CHAN_WIDTH_320;
+ break;
default:
return -EINVAL;
}
@@ -5107,8 +5112,9 @@
NL80211_CHAN_NO_HT))
return -ENOBUFS;
}
- if (freq->radar_background)
- nla_put_flag(msg, NL80211_ATTR_RADAR_BACKGROUND);
+ if (freq->radar_background &&
+ nla_put_flag(msg, NL80211_ATTR_RADAR_BACKGROUND))
+ return -ENOBUFS;
return 0;
}
@@ -11441,9 +11447,33 @@
struct nl80211_pcl {
unsigned int num;
- unsigned int *freq_list;
+ struct weighted_pcl *freq_list;
};
+static void get_pcl_attr_values(struct weighted_pcl *wpcl, struct nlattr *nl[])
+{
+ if (nl[QCA_WLAN_VENDOR_ATTR_PCL_FREQ])
+ wpcl->freq = nla_get_u32(nl[QCA_WLAN_VENDOR_ATTR_PCL_FREQ]);
+ if (nl[QCA_WLAN_VENDOR_ATTR_PCL_WEIGHT])
+ wpcl->weight = nla_get_u8(nl[QCA_WLAN_VENDOR_ATTR_PCL_WEIGHT]);
+ if (nl[QCA_WLAN_VENDOR_ATTR_PCL_FLAG]) {
+ u32 flags = nla_get_u32(nl[QCA_WLAN_VENDOR_ATTR_PCL_FLAG]);
+
+ wpcl->flag = 0;
+ if (flags & BIT(0))
+ wpcl->flag |= WEIGHTED_PCL_GO;
+ if (flags & BIT(1))
+ wpcl->flag |= WEIGHTED_PCL_CLI;
+ if (flags & BIT(2))
+ wpcl->flag |= WEIGHTED_PCL_MUST_CONSIDER;
+ if (flags & BIT(3))
+ wpcl->flag |= WEIGHTED_PCL_EXCLUDE;
+ } else {
+ wpcl->flag = WEIGHTED_PCL_GO | WEIGHTED_PCL_CLI;
+ }
+}
+
+
static int preferred_freq_info_handler(struct nl_msg *msg, void *arg)
{
struct nlattr *tb[NL80211_ATTR_MAX + 1];
@@ -11452,6 +11482,7 @@
struct nlattr *nl_vend, *attr;
enum qca_iface_type iface_type;
struct nlattr *tb_vendor[QCA_WLAN_VENDOR_ATTR_MAX + 1];
+ struct nlattr *nl_pcl[QCA_WLAN_VENDOR_ATTR_PCL_MAX + 1];
unsigned int num, max_num;
u32 *freqs;
@@ -11477,26 +11508,69 @@
wpa_printf(MSG_DEBUG, "nl80211: Driver returned iface_type=%d",
iface_type);
- attr = tb_vendor[QCA_WLAN_VENDOR_ATTR_GET_PREFERRED_FREQ_LIST];
- if (!attr) {
+ attr = tb_vendor[
+ QCA_WLAN_VENDOR_ATTR_GET_PREFERRED_FREQ_LIST_WEIGHED_PCL];
+ if (attr) {
+ int rem;
+ struct nlattr *wpcl = attr;
+ unsigned int i;
+
+ num = 0;
+ nla_for_each_nested(attr, wpcl, rem) {
+ if (num == param->num)
+ break; /* not enough room for all entries */
+ if (nla_parse(nl_pcl, QCA_WLAN_VENDOR_ATTR_PCL_MAX,
+ nla_data(attr), nla_len(attr), NULL)) {
+ wpa_printf(MSG_ERROR,
+ "nl80211: Failed to parse PCL info");
+ param->num = 0;
+ return NL_SKIP;
+ }
+ get_pcl_attr_values(¶m->freq_list[num], nl_pcl);
+ num++;
+ }
+ param->num = num;
+
+ /* Sort frequencies based on their weight */
+ for (i = 0; i < num; i++) {
+ unsigned int j;
+
+ for (j = i + 1; j < num; j++) {
+ if (param->freq_list[i].weight <
+ param->freq_list[j].weight) {
+ struct weighted_pcl tmp;
+
+ tmp = param->freq_list[i];
+ param->freq_list[i] =
+ param->freq_list[j];
+ param->freq_list[j] = tmp;
+ }
+ }
+ }
+ } else if (tb_vendor[QCA_WLAN_VENDOR_ATTR_GET_PREFERRED_FREQ_LIST]) {
+ wpa_printf(MSG_DEBUG,
+ "nl80211: Driver does not provide weighted PCL; use the non-weighted variant");
+ attr = tb_vendor[QCA_WLAN_VENDOR_ATTR_GET_PREFERRED_FREQ_LIST];
+ /*
+ * param->num has the maximum number of entries for which there
+ * is room in the freq_list provided by the caller.
+ */
+ freqs = nla_data(attr);
+ max_num = nla_len(attr) / sizeof(u32);
+ if (max_num > param->num)
+ max_num = param->num;
+ for (num = 0; num < max_num; num++) {
+ param->freq_list[num].freq = freqs[num];
+ param->freq_list[num].flag =
+ WEIGHTED_PCL_GO | WEIGHTED_PCL_CLI;
+ }
+ param->num = num;
+ } else {
wpa_printf(MSG_ERROR,
"nl80211: preferred_freq_list couldn't be found");
param->num = 0;
return NL_SKIP;
}
-
- /*
- * param->num has the maximum number of entries for which there
- * is room in the freq_list provided by the caller.
- */
- freqs = nla_data(attr);
- max_num = nla_len(attr) / sizeof(u32);
- if (max_num > param->num)
- max_num = param->num;
- for (num = 0; num < max_num; num++)
- param->freq_list[num] = freqs[num];
- param->num = num;
-
return NL_SKIP;
}
@@ -11504,7 +11578,7 @@
static int nl80211_get_pref_freq_list(void *priv,
enum wpa_driver_if_type if_type,
unsigned int *num,
- unsigned int *freq_list)
+ struct weighted_pcl *freq_list)
{
struct i802_bss *bss = priv;
struct wpa_driver_nl80211_data *drv = bss->drv;
@@ -11561,7 +11635,8 @@
}
nla_nest_end(msg, params);
- os_memset(freq_list, 0, *num * sizeof(freq_list[0]));
+ if (freq_list)
+ os_memset(freq_list, 0, *num * sizeof(struct weighted_pcl));
ret = send_and_recv_msgs(drv, msg, preferred_freq_info_handler, ¶m,
NULL, NULL);
if (ret) {
@@ -11573,8 +11648,10 @@
*num = param.num;
for (i = 0; i < *num; i++) {
- wpa_printf(MSG_DEBUG, "nl80211: preferred_channel_list[%d]=%d",
- i, freq_list[i]);
+ wpa_printf(MSG_DEBUG,
+ "nl80211: preferred_channel_list[%d]=%d[%d]:0x%x",
+ i, freq_list[i].freq, freq_list[i].weight,
+ freq_list[i].flag);
}
return 0;
diff --git a/src/drivers/driver_nl80211_event.c b/src/drivers/driver_nl80211_event.c
index 5c103a4..01c7ab4 100644
--- a/src/drivers/driver_nl80211_event.c
+++ b/src/drivers/driver_nl80211_event.c
@@ -673,6 +673,9 @@
case CHAN_WIDTH_80P80:
freq1 = cf1 - 30;
break;
+ case CHAN_WIDTH_320:
+ freq1 = cf1 - 150;
+ break;
case CHAN_WIDTH_UNKNOWN:
case CHAN_WIDTH_2160:
case CHAN_WIDTH_4320:
@@ -2789,6 +2792,9 @@
case NL80211_CHAN_WIDTH_160:
ed.sta_opmode.chan_width = CHAN_WIDTH_160;
break;
+ case NL80211_CHAN_WIDTH_320:
+ ed.sta_opmode.chan_width = CHAN_WIDTH_320;
+ break;
default:
ed.sta_opmode.chan_width = CHAN_WIDTH_UNKNOWN;
break;
@@ -2808,6 +2814,7 @@
{
u8 *src_addr;
u16 ethertype;
+ enum frame_encryption encrypted;
if (!tb[NL80211_ATTR_MAC] ||
!tb[NL80211_ATTR_FRAME] ||
@@ -2816,6 +2823,8 @@
src_addr = nla_data(tb[NL80211_ATTR_MAC]);
ethertype = nla_get_u16(tb[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
+ encrypted = nla_get_flag(tb[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]) ?
+ FRAME_NOT_ENCRYPTED : FRAME_ENCRYPTED;
switch (ethertype) {
case ETH_P_RSN_PREAUTH:
@@ -2824,9 +2833,10 @@
MAC2STR(src_addr));
break;
case ETH_P_PAE:
- drv_event_eapol_rx(drv->ctx, src_addr,
- nla_data(tb[NL80211_ATTR_FRAME]),
- nla_len(tb[NL80211_ATTR_FRAME]));
+ drv_event_eapol_rx2(drv->ctx, src_addr,
+ nla_data(tb[NL80211_ATTR_FRAME]),
+ nla_len(tb[NL80211_ATTR_FRAME]),
+ encrypted);
break;
default:
wpa_printf(MSG_INFO,
diff --git a/src/drivers/driver_nl80211_scan.c b/src/drivers/driver_nl80211_scan.c
index b82e5af..c31ed6e 100644
--- a/src/drivers/driver_nl80211_scan.c
+++ b/src/drivers/driver_nl80211_scan.c
@@ -203,6 +203,21 @@
goto fail;
}
nla_nest_end(msg, ssids);
+
+ /*
+ * If allowed, scan for 6 GHz APs that are reported by other
+ * APs. Note that if the flag is not set and 6 GHz channels are
+ * to be scanned, it is highly likely that non-PSC channels
+ * would be scanned passively (due to the Probe Request frame
+ * transmission restrictions mandated in IEEE Std 802.11ax-2021,
+ * 26.17.2.3 (Scanning in the 6 GHz band). Passive scanning of
+ * all non-PSC channels would take a significant amount of time.
+ */
+ if (!params->non_coloc_6ghz) {
+ wpa_printf(MSG_DEBUG,
+ "nl80211: Scan co-located APs on 6 GHz");
+ scan_flags |= NL80211_SCAN_FLAG_COLOCATED_6GHZ;
+ }
} else {
wpa_printf(MSG_DEBUG, "nl80211: Passive scan requested");
}
diff --git a/src/eap_common/eap_sake_common.c b/src/eap_common/eap_sake_common.c
index 8ee9e32..a4256e2 100644
--- a/src/eap_common/eap_sake_common.c
+++ b/src/eap_common/eap_sake_common.c
@@ -164,26 +164,33 @@
os_memset(attr, 0, sizeof(*attr));
while (pos < end) {
+ u8 attr_id, attr_len;
+
if (end - pos < 2) {
wpa_printf(MSG_DEBUG, "EAP-SAKE: Too short attribute");
return -1;
}
- if (pos[1] < 2) {
- wpa_printf(MSG_DEBUG, "EAP-SAKE: Invalid attribute "
- "length (%d)", pos[1]);
+ attr_id = *pos++;
+ attr_len = *pos++;
+ /* Attribute length value includes the Type and Length fields */
+ if (attr_len < 2) {
+ wpa_printf(MSG_DEBUG,
+ "EAP-SAKE: Invalid attribute length (%d)",
+ attr_len);
return -1;
}
+ attr_len -= 2;
- if (pos + pos[1] > end) {
+ if (attr_len > end - pos) {
wpa_printf(MSG_DEBUG, "EAP-SAKE: Attribute underflow");
return -1;
}
- if (eap_sake_parse_add_attr(attr, pos[0], pos[1] - 2, pos + 2))
+ if (eap_sake_parse_add_attr(attr, attr_id, attr_len, pos))
return -1;
- pos += pos[1];
+ pos += attr_len;
}
return 0;
diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c
index 276dca3..8ceb1df 100644
--- a/src/eap_peer/eap.c
+++ b/src/eap_peer/eap.c
@@ -1707,7 +1707,7 @@
identity_len = config->machine_identity_len;
wpa_hexdump_ascii(MSG_DEBUG, "EAP: using machine identity",
identity, identity_len);
- } else if (config->imsi_privacy_key && config->identity &&
+ } else if (config->imsi_privacy_cert && config->identity &&
config->identity_len > 0) {
const u8 *pos = config->identity;
const u8 *end = config->identity + config->identity_len;
diff --git a/src/eap_peer/eap_aka.c b/src/eap_peer/eap_aka.c
index b7f86c3..8dac3cb 100644
--- a/src/eap_peer/eap_aka.c
+++ b/src/eap_peer/eap_aka.c
@@ -103,20 +103,20 @@
data->eap_method = EAP_TYPE_AKA;
- if (config && config->imsi_privacy_key) {
+ if (config && config->imsi_privacy_cert) {
#ifdef CRYPTO_RSA_OAEP_SHA256
data->imsi_privacy_key = crypto_rsa_key_read(
- config->imsi_privacy_key, false);
+ config->imsi_privacy_cert, false);
if (!data->imsi_privacy_key) {
wpa_printf(MSG_ERROR,
- "EAP-AKA: Failed to read/parse IMSI privacy key %s",
- config->imsi_privacy_key);
+ "EAP-AKA: Failed to read/parse IMSI privacy certificate %s",
+ config->imsi_privacy_cert);
os_free(data);
return NULL;
}
#else /* CRYPTO_RSA_OAEP_SHA256 */
wpa_printf(MSG_ERROR,
- "EAP-AKA: No support for imsi_privacy_key in the build");
+ "EAP-AKA: No support for imsi_privacy_cert in the build");
os_free(data);
return NULL;
#endif /* CRYPTO_RSA_OAEP_SHA256 */
@@ -656,11 +656,12 @@
#ifdef CRYPTO_RSA_OAEP_SHA256
static struct wpabuf *
eap_aka_encrypt_identity(struct crypto_rsa_key *imsi_privacy_key,
- const u8 *identity, size_t identity_len)
+ const u8 *identity, size_t identity_len,
+ const char *attr)
{
struct wpabuf *imsi_buf, *enc;
char *b64;
- size_t b64_len;
+ size_t b64_len, len;
wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Encrypt permanent identity",
identity, identity_len);
@@ -678,7 +679,10 @@
if (!b64)
return NULL;
- enc = wpabuf_alloc(1 + b64_len);
+ len = 1 + b64_len;
+ if (attr)
+ len += 1 + os_strlen(attr);
+ enc = wpabuf_alloc(len);
if (!enc) {
os_free(b64);
return NULL;
@@ -686,6 +690,10 @@
wpabuf_put_u8(enc, '\0');
wpabuf_put_data(enc, b64, b64_len);
os_free(b64);
+ if (attr) {
+ wpabuf_put_u8(enc, ',');
+ wpabuf_put_str(enc, attr);
+ }
wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Encrypted permanent identity",
wpabuf_head(enc), wpabuf_len(enc));
@@ -729,9 +737,15 @@
}
#ifdef CRYPTO_RSA_OAEP_SHA256
if (identity && data->imsi_privacy_key) {
+ struct eap_peer_config *config;
+ const char *attr = NULL;
+
+ config = eap_get_config(sm);
+ if (config)
+ attr = config->imsi_privacy_attr;
enc_identity = eap_aka_encrypt_identity(
data->imsi_privacy_key,
- identity, identity_len);
+ identity, identity_len, attr);
if (!enc_identity) {
wpa_printf(MSG_INFO,
"EAP-AKA: Failed to encrypt permanent identity");
diff --git a/src/eap_peer/eap_config.h b/src/eap_peer/eap_config.h
index eaf514b..26744ab 100644
--- a/src/eap_peer/eap_config.h
+++ b/src/eap_peer/eap_config.h
@@ -318,14 +318,24 @@
size_t imsi_identity_len;
/**
- * imsi_privacy_key - IMSI privacy key (PEM encoded X.509v3 certificate)
+ * imsi_privacy_cert - IMSI privacy certificate
*
* This field is used with EAP-SIM/AKA/AKA' to encrypt the permanent
- * identity (IMSI) to improve privacy. The X.509v3 certificate needs to
- * include a 2048-bit RSA public key and this is from the operator who
- * authenticates the SIM/USIM.
+ * identity (IMSI) to improve privacy. The referenced PEM-encoded
+ * X.509v3 certificate needs to include a 2048-bit RSA public key and
+ * this is from the operator who authenticates the SIM/USIM.
*/
- char *imsi_privacy_key;
+ char *imsi_privacy_cert;
+
+ /**
+ * imsi_privacy_attr - IMSI privacy attribute
+ *
+ * This field is used to help the EAP-SIM/AKA/AKA' server to identify
+ * the used certificate (and as such, the matching private key). This
+ * is set to an attribute in name=value format if the operator needs
+ * this information.
+ */
+ char *imsi_privacy_attr;
/**
* machine_identity - EAP Identity for machine credential
diff --git a/src/eap_peer/eap_sim.c b/src/eap_peer/eap_sim.c
index 9f66db2..a555680 100644
--- a/src/eap_peer/eap_sim.c
+++ b/src/eap_peer/eap_sim.c
@@ -101,20 +101,20 @@
return NULL;
}
- if (config && config->imsi_privacy_key) {
+ if (config && config->imsi_privacy_cert) {
#ifdef CRYPTO_RSA_OAEP_SHA256
data->imsi_privacy_key = crypto_rsa_key_read(
- config->imsi_privacy_key, false);
+ config->imsi_privacy_cert, false);
if (!data->imsi_privacy_key) {
wpa_printf(MSG_ERROR,
- "EAP-SIM: Failed to read/parse IMSI privacy key %s",
- config->imsi_privacy_key);
+ "EAP-SIM: Failed to read/parse IMSI privacy certificate %s",
+ config->imsi_privacy_cert);
os_free(data);
return NULL;
}
#else /* CRYPTO_RSA_OAEP_SHA256 */
wpa_printf(MSG_ERROR,
- "EAP-SIM: No support for imsi_privacy_key in the build");
+ "EAP-SIM: No support for imsi_privacy_cert in the build");
os_free(data);
return NULL;
#endif /* CRYPTO_RSA_OAEP_SHA256 */
@@ -133,6 +133,9 @@
"sim_min_num_chal configuration "
"(%lu, expected 2 or 3)",
(unsigned long) data->min_num_chal);
+#ifdef CRYPTO_RSA_OAEP_SHA256
+ crypto_rsa_key_free(data->imsi_privacy_key);
+#endif /* CRYPTO_RSA_OAEP_SHA256 */
os_free(data);
return NULL;
}
@@ -521,11 +524,12 @@
#ifdef CRYPTO_RSA_OAEP_SHA256
static struct wpabuf *
eap_sim_encrypt_identity(struct crypto_rsa_key *imsi_privacy_key,
- const u8 *identity, size_t identity_len)
+ const u8 *identity, size_t identity_len,
+ const char *attr)
{
struct wpabuf *imsi_buf, *enc;
char *b64;
- size_t b64_len;
+ size_t b64_len, len;
wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM: Encrypt permanent identity",
identity, identity_len);
@@ -543,7 +547,10 @@
if (!b64)
return NULL;
- enc = wpabuf_alloc(1 + b64_len);
+ len = 1 + b64_len;
+ if (attr)
+ len += 1 + os_strlen(attr);
+ enc = wpabuf_alloc(len);
if (!enc) {
os_free(b64);
return NULL;
@@ -551,6 +558,10 @@
wpabuf_put_u8(enc, '\0');
wpabuf_put_data(enc, b64, b64_len);
os_free(b64);
+ if (attr) {
+ wpabuf_put_u8(enc, ',');
+ wpabuf_put_str(enc, attr);
+ }
wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM: Encrypted permanent identity",
wpabuf_head(enc), wpabuf_len(enc));
@@ -594,9 +605,15 @@
}
#ifdef CRYPTO_RSA_OAEP_SHA256
if (identity && data->imsi_privacy_key) {
+ struct eap_peer_config *config;
+ const char *attr = NULL;
+
+ config = eap_get_config(sm);
+ if (config)
+ attr = config->imsi_privacy_attr;
enc_identity = eap_sim_encrypt_identity(
data->imsi_privacy_key,
- identity, identity_len);
+ identity, identity_len, attr);
if (!enc_identity) {
wpa_printf(MSG_INFO,
"EAP-SIM: Failed to encrypt permanent identity");
diff --git a/src/eapol_supp/eapol_supp_sm.c b/src/eapol_supp/eapol_supp_sm.c
index 4e66369..6173960 100644
--- a/src/eapol_supp/eapol_supp_sm.c
+++ b/src/eapol_supp/eapol_supp_sm.c
@@ -1281,11 +1281,12 @@
* @src: Source MAC address of the EAPOL packet
* @buf: Pointer to the beginning of the EAPOL data (EAPOL header)
* @len: Length of the EAPOL frame
+ * @encrypted: Whether the frame was encrypted
* Returns: 1 = EAPOL frame processed, 0 = not for EAPOL state machine,
* -1 failure
*/
int eapol_sm_rx_eapol(struct eapol_sm *sm, const u8 *src, const u8 *buf,
- size_t len)
+ size_t len, enum frame_encryption encrypted)
{
const struct ieee802_1x_hdr *hdr;
const struct ieee802_1x_eapol_key *key;
@@ -1295,6 +1296,14 @@
if (sm == NULL)
return 0;
+
+ if (encrypted == FRAME_NOT_ENCRYPTED && sm->ctx->encryption_required &&
+ sm->ctx->encryption_required(sm->ctx->ctx)) {
+ wpa_printf(MSG_DEBUG,
+ "EAPOL: Discard unencrypted EAPOL frame when encryption since encryption was expected");
+ return 0;
+ }
+
sm->dot1xSuppEapolFramesRx++;
if (len < sizeof(*hdr)) {
sm->dot1xSuppInvalidEapolFramesRx++;
diff --git a/src/eapol_supp/eapol_supp_sm.h b/src/eapol_supp/eapol_supp_sm.h
index 630a38e..bbe2b6f 100644
--- a/src/eapol_supp/eapol_supp_sm.h
+++ b/src/eapol_supp/eapol_supp_sm.h
@@ -321,6 +321,13 @@
* @reason_string: Information to log about the event
*/
void (*open_ssl_failure_cb)(void *ctx, const char* reason_string);
+
+ /**
+ * encryption_required - Check whether encryption is required
+ * @ctx: eapol_ctx from eap_peer_sm_init() call
+ * Returns: Whether the current session requires encryption
+ */
+ bool (*encryption_required)(void *ctx);
};
@@ -337,7 +344,7 @@
void eapol_sm_configure(struct eapol_sm *sm, int heldPeriod, int authPeriod,
int startPeriod, int maxStart);
int eapol_sm_rx_eapol(struct eapol_sm *sm, const u8 *src, const u8 *buf,
- size_t len);
+ size_t len, enum frame_encryption encrypted);
void eapol_sm_notify_tx_eapol_key(struct eapol_sm *sm);
void eapol_sm_notify_portEnabled(struct eapol_sm *sm, bool enabled);
void eapol_sm_notify_portValid(struct eapol_sm *sm, bool valid);
@@ -403,7 +410,8 @@
{
}
static inline int eapol_sm_rx_eapol(struct eapol_sm *sm, const u8 *src,
- const u8 *buf, size_t len)
+ const u8 *buf, size_t len,
+ enum frame_encryption encrypted)
{
return 0;
}
diff --git a/src/fst/fst_group.c b/src/fst/fst_group.c
index d1c4014..255d0fd 100644
--- a/src/fst/fst_group.c
+++ b/src/fst/fst_group.c
@@ -28,8 +28,13 @@
while (s >= 2) {
const struct multi_band_ie *mbie =
(const struct multi_band_ie *) p;
+ size_t len;
+
WPA_ASSERT(mbie->eid == WLAN_EID_MULTI_BAND);
WPA_ASSERT(2U + mbie->len >= sizeof(*mbie));
+ len = 2 + mbie->len;
+ if (len > s)
+ break;
fst_printf(MSG_WARNING,
"%s: %s: mb_ctrl=%u band_id=%u op_class=%u chan=%u bssid="
@@ -45,8 +50,8 @@
mbie->mb_connection_capability,
mbie->fst_session_tmout);
- p += 2 + mbie->len;
- s -= 2 + mbie->len;
+ p += len;
+ s -= len;
}
}
diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c
index cd04008..b7fde1b 100644
--- a/src/p2p/p2p.c
+++ b/src/p2p/p2p.c
@@ -1803,6 +1803,7 @@
os_memcpy(params->passphrase, p2p->passphrase, os_strlen(p2p->passphrase));
} else {
p2p_random(params->passphrase, p2p->cfg->passphrase_len);
+ params->passphrase[p2p->cfg->passphrase_len] = '\0';
}
p2p->passphrase_set = 0;
return 0;
@@ -1837,6 +1838,7 @@
os_memcpy(res.ssid, p2p->ssid, p2p->ssid_len);
res.ssid_len = p2p->ssid_len;
p2p_random(res.passphrase, p2p->cfg->passphrase_len);
+ res.passphrase[p2p->cfg->passphrase_len] = '\0';
} else {
res.freq = peer->oper_freq;
if (p2p->ssid_len) {
@@ -5540,7 +5542,7 @@
void p2p_set_own_pref_freq_list(struct p2p_data *p2p,
- const unsigned int *pref_freq_list,
+ const struct weighted_pcl *pref_freq_list,
unsigned int size)
{
unsigned int i;
@@ -5548,10 +5550,11 @@
if (size > P2P_MAX_PREF_CHANNELS)
size = P2P_MAX_PREF_CHANNELS;
p2p->num_pref_freq = size;
+ os_memcpy(p2p->pref_freq_list, pref_freq_list,
+ size * sizeof(struct weighted_pcl));
for (i = 0; i < size; i++) {
- p2p->pref_freq_list[i] = pref_freq_list[i];
p2p_dbg(p2p, "Own preferred frequency list[%u]=%u MHz",
- i, p2p->pref_freq_list[i]);
+ i, p2p->pref_freq_list[i].freq);
}
}
diff --git a/src/p2p/p2p.h b/src/p2p/p2p.h
index f606fbb..768fc10 100644
--- a/src/p2p/p2p.h
+++ b/src/p2p/p2p.h
@@ -12,6 +12,8 @@
#include "common/ieee802_11_defs.h"
#include "wps/wps.h"
+struct weighted_pcl;
+
/* P2P ASP Setup Capability */
#define P2PS_SETUP_NONE 0
#define P2PS_SETUP_NEW BIT(0)
@@ -1132,7 +1134,8 @@
* the driver specific to a particular interface type.
*/
int (*get_pref_freq_list)(void *ctx, int go,
- unsigned int *len, unsigned int *freq_list);
+ unsigned int *len,
+ struct weighted_pcl *freq_list);
};
@@ -2338,6 +2341,8 @@
const u8 *go_dev_addr,
const u8 *ssid, size_t ssid_len);
+bool p2p_pref_freq_allowed(const struct weighted_pcl *freq_list, bool go);
+
struct p2p_nfc_params {
int sel;
const u8 *wsc_attr;
@@ -2397,7 +2402,7 @@
void p2p_expire_peers(struct p2p_data *p2p);
void p2p_set_own_pref_freq_list(struct p2p_data *p2p,
- const unsigned int *pref_freq_list,
+ const struct weighted_pcl *pref_freq_list,
unsigned int size);
void p2p_set_override_pref_op_chan(struct p2p_data *p2p, u8 op_class,
u8 chan);
@@ -2422,6 +2427,6 @@
bool p2p_wfd_enabled(struct p2p_data *p2p);
bool is_p2p_allow_6ghz(struct p2p_data *p2p);
void set_p2p_allow_6ghz(struct p2p_data *p2p, bool value);
-int p2p_remove_6ghz_channels(unsigned int *pref_freq_list, int size);
+int p2p_remove_6ghz_channels(struct weighted_pcl *pref_freq_list, int size);
#endif /* P2P_H */
diff --git a/src/p2p/p2p_build.c b/src/p2p/p2p_build.c
index 4229d9b..e4f40fe 100644
--- a/src/p2p/p2p_build.c
+++ b/src/p2p/p2p_build.c
@@ -10,6 +10,7 @@
#include "common.h"
#include "common/ieee802_11_defs.h"
+#include "common/ieee802_11_common.h"
#include "common/qca-vendor.h"
#include "wps/wps_i.h"
#include "p2p_i.h"
@@ -111,7 +112,7 @@
void p2p_buf_add_pref_channel_list(struct wpabuf *buf,
- const unsigned int *preferred_freq_list,
+ const struct weighted_pcl *pref_freq_list,
unsigned int size)
{
unsigned int i, count = 0;
@@ -126,8 +127,9 @@
* of the vendor IE size.
*/
for (i = 0; i < size; i++) {
- if (p2p_freq_to_channel(preferred_freq_list[i], &op_class,
- &op_channel) == 0)
+ if (p2p_freq_to_channel(pref_freq_list[i].freq, &op_class,
+ &op_channel) == 0 &&
+ !(pref_freq_list[i].flag & WEIGHTED_PCL_EXCLUDE))
count++;
}
@@ -136,10 +138,11 @@
wpabuf_put_be24(buf, OUI_QCA);
wpabuf_put_u8(buf, QCA_VENDOR_ELEM_P2P_PREF_CHAN_LIST);
for (i = 0; i < size; i++) {
- if (p2p_freq_to_channel(preferred_freq_list[i], &op_class,
- &op_channel) < 0) {
+ if (p2p_freq_to_channel(pref_freq_list[i].freq, &op_class,
+ &op_channel) < 0 ||
+ (pref_freq_list[i].flag & WEIGHTED_PCL_EXCLUDE)) {
wpa_printf(MSG_DEBUG, "Unsupported frequency %u MHz",
- preferred_freq_list[i]);
+ pref_freq_list[i].freq);
continue;
}
wpabuf_put_u8(buf, op_class);
@@ -149,7 +152,7 @@
void p2p_buf_add_channel_list(struct wpabuf *buf, const char *country,
- struct p2p_channels *chan)
+ struct p2p_channels *chan, bool is_6ghz_capab)
{
u8 *len;
size_t i;
@@ -161,6 +164,9 @@
for (i = 0; i < chan->reg_classes; i++) {
struct p2p_reg_class *c = &chan->reg_class[i];
+
+ if (is_6ghz_op_class(c->reg_class) && !is_6ghz_capab)
+ continue;
wpabuf_put_u8(buf, c->reg_class);
wpabuf_put_u8(buf, c->channels);
wpabuf_put_data(buf, c->channel, c->channels);
diff --git a/src/p2p/p2p_go_neg.c b/src/p2p/p2p_go_neg.c
index 1d53d52..e3d704b 100644
--- a/src/p2p/p2p_go_neg.c
+++ b/src/p2p/p2p_go_neg.c
@@ -142,6 +142,7 @@
u8 group_capab;
size_t extra = 0;
u16 pw_id;
+ bool is_6ghz_capab;
#ifdef CONFIG_WIFI_DISPLAY
if (p2p->wfd_ie_go_neg)
@@ -179,7 +180,22 @@
p2p_buf_add_ext_listen_timing(buf, p2p->ext_listen_period,
p2p->ext_listen_interval);
p2p_buf_add_intended_addr(buf, p2p->intended_addr);
- p2p_buf_add_channel_list(buf, p2p->cfg->country, &p2p->channels);
+ is_6ghz_capab = is_p2p_6ghz_capable(p2p) &&
+ p2p_is_peer_6ghz_capab(p2p, peer->info.p2p_device_addr);
+ if (p2p->num_pref_freq) {
+ bool go = p2p->go_intent == 15;
+ struct p2p_channels pref_chanlist;
+
+ p2p_pref_channel_filter(&p2p->channels, p2p->pref_freq_list,
+ p2p->num_pref_freq, &pref_chanlist, go);
+ p2p_channels_dump(p2p, "channel list after filtering",
+ &pref_chanlist);
+ p2p_buf_add_channel_list(buf, p2p->cfg->country,
+ &pref_chanlist, is_6ghz_capab);
+ } else {
+ p2p_buf_add_channel_list(buf, p2p->cfg->country,
+ &p2p->channels, is_6ghz_capab);
+ }
p2p_buf_add_device_info(buf, p2p, peer);
p2p_buf_add_operating_channel(buf, p2p->cfg->country,
p2p->op_reg_class, p2p->op_channel);
@@ -278,6 +294,8 @@
u8 group_capab;
size_t extra = 0;
u16 pw_id;
+ bool is_6ghz_capab;
+ struct p2p_channels pref_chanlist;
p2p_dbg(p2p, "Building GO Negotiation Response");
@@ -328,17 +346,35 @@
p2p->op_channel);
}
p2p_buf_add_intended_addr(buf, p2p->intended_addr);
+ if (p2p->num_pref_freq) {
+ bool go = (peer && peer->go_state == LOCAL_GO) ||
+ p2p->go_intent == 15;
+
+ p2p_pref_channel_filter(&p2p->channels, p2p->pref_freq_list,
+ p2p->num_pref_freq, &pref_chanlist, go);
+ p2p_channels_dump(p2p, "channel list after filtering",
+ &pref_chanlist);
+ } else {
+ p2p_copy_channels(&pref_chanlist, &p2p->channels,
+ p2p->allow_6ghz);
+ }
if (status || peer == NULL) {
p2p_buf_add_channel_list(buf, p2p->cfg->country,
- &p2p->channels);
+ &pref_chanlist, false);
} else if (peer->go_state == REMOTE_GO) {
+ is_6ghz_capab = is_p2p_6ghz_capable(p2p) &&
+ p2p_is_peer_6ghz_capab(p2p, peer->info.p2p_device_addr);
p2p_buf_add_channel_list(buf, p2p->cfg->country,
- &p2p->channels);
+ &pref_chanlist, is_6ghz_capab);
} else {
struct p2p_channels res;
- p2p_channels_intersect(&p2p->channels, &peer->channels,
+
+ is_6ghz_capab = is_p2p_6ghz_capable(p2p) &&
+ p2p_is_peer_6ghz_capab(p2p, peer->info.p2p_device_addr);
+ p2p_channels_intersect(&pref_chanlist, &peer->channels,
&res);
- p2p_buf_add_channel_list(buf, p2p->cfg->country, &res);
+ p2p_buf_add_channel_list(buf, p2p->cfg->country, &res,
+ is_6ghz_capab);
}
p2p_buf_add_device_info(buf, p2p, peer);
if (peer && peer->go_state == LOCAL_GO) {
@@ -562,7 +598,8 @@
static void p2p_check_pref_chan_no_recv(struct p2p_data *p2p, int go,
struct p2p_device *dev,
struct p2p_message *msg,
- unsigned freq_list[], unsigned int size)
+ const struct weighted_pcl freq_list[],
+ unsigned int size)
{
u8 op_class, op_channel;
unsigned int oper_freq = 0, i, j;
@@ -577,10 +614,11 @@
*/
for (i = 0; i < size && !found; i++) {
/* Make sure that the common frequency is supported by peer. */
- oper_freq = freq_list[i];
+ oper_freq = freq_list[i].freq;
if (p2p_freq_to_channel(oper_freq, &op_class,
- &op_channel) < 0)
- continue; /* cannot happen due to earlier check */
+ &op_channel) < 0 ||
+ !p2p_pref_freq_allowed(&freq_list[i], go))
+ continue;
for (j = 0; j < msg->channel_list_len; j++) {
if (!msg->channel_list ||
op_channel != msg->channel_list[j])
@@ -609,7 +647,8 @@
static void p2p_check_pref_chan_recv(struct p2p_data *p2p, int go,
struct p2p_device *dev,
struct p2p_message *msg,
- unsigned freq_list[], unsigned int size)
+ const struct weighted_pcl freq_list[],
+ unsigned int size)
{
u8 op_class, op_channel;
unsigned int oper_freq = 0, i, j;
@@ -625,11 +664,13 @@
oper_freq = p2p_channel_to_freq(
msg->pref_freq_list[2 * j],
msg->pref_freq_list[2 * j + 1]);
- if (freq_list[i] != oper_freq)
+ if (freq_list[i].freq != oper_freq)
continue;
if (p2p_freq_to_channel(oper_freq, &op_class,
&op_channel) < 0)
continue; /* cannot happen */
+ if (!p2p_pref_freq_allowed(&freq_list[i], go))
+ break;
p2p->op_reg_class = op_class;
p2p->op_channel = op_channel;
os_memcpy(&p2p->channels, &p2p->cfg->channels,
@@ -652,7 +693,7 @@
void p2p_check_pref_chan(struct p2p_data *p2p, int go,
struct p2p_device *dev, struct p2p_message *msg)
{
- unsigned int freq_list[P2P_MAX_PREF_CHANNELS], size;
+ unsigned int size;
unsigned int i;
u8 op_class, op_channel;
char txt[100], *pos, *end;
@@ -669,25 +710,30 @@
/* Obtain our preferred frequency list from driver based on P2P role. */
size = P2P_MAX_PREF_CHANNELS;
- if (p2p->cfg->get_pref_freq_list(p2p->cfg->cb_ctx, go, &size,
- freq_list))
+ if (p2p->cfg->get_pref_freq_list(p2p->cfg->cb_ctx, go,
+ &p2p->num_pref_freq,
+ p2p->pref_freq_list))
+ return;
+ size = p2p->num_pref_freq;
+ if (!size)
return;
/* Filter out frequencies that are not acceptable for P2P use */
i = 0;
while (i < size) {
- if (p2p_freq_to_channel(freq_list[i], &op_class,
- &op_channel) < 0 ||
+ if (p2p_freq_to_channel(p2p->pref_freq_list[i].freq,
+ &op_class, &op_channel) < 0 ||
(!p2p_channels_includes(&p2p->cfg->channels,
op_class, op_channel) &&
(go || !p2p_channels_includes(&p2p->cfg->cli_channels,
op_class, op_channel)))) {
p2p_dbg(p2p,
"Ignore local driver frequency preference %u MHz since it is not acceptable for P2P use (go=%d)",
- freq_list[i], go);
+ p2p->pref_freq_list[i].freq, go);
if (size - i - 1 > 0)
- os_memmove(&freq_list[i], &freq_list[i + 1],
+ os_memmove(&p2p->pref_freq_list[i],
+ &p2p->pref_freq_list[i + 1],
(size - i - 1) *
- sizeof(unsigned int));
+ sizeof(struct weighted_pcl));
size--;
continue;
}
@@ -699,7 +745,8 @@
pos = txt;
end = pos + sizeof(txt);
for (i = 0; i < size; i++) {
- res = os_snprintf(pos, end - pos, " %u", freq_list[i]);
+ res = os_snprintf(pos, end - pos, " %u",
+ p2p->pref_freq_list[i].freq);
if (os_snprintf_error(end - pos, res))
break;
pos += res;
@@ -713,11 +760,14 @@
* our preferred channel list.
*/
for (i = 0; i < size; i++) {
- if (freq_list[i] == (unsigned int) dev->oper_freq)
+ if (p2p->pref_freq_list[i].freq ==
+ (unsigned int) dev->oper_freq &&
+ p2p_pref_freq_allowed(&p2p->pref_freq_list[i], go))
break;
}
if (i != size &&
- p2p_freq_to_channel(freq_list[i], &op_class, &op_channel) == 0) {
+ p2p_freq_to_channel(p2p->pref_freq_list[i].freq, &op_class,
+ &op_channel) == 0) {
/* Peer operating channel preference matches our preference */
p2p->op_reg_class = op_class;
p2p->op_channel = op_channel;
@@ -735,9 +785,11 @@
* _not_ included in the GO Negotiation Request or Invitation Request.
*/
if (msg->pref_freq_list_len == 0)
- p2p_check_pref_chan_no_recv(p2p, go, dev, msg, freq_list, size);
+ p2p_check_pref_chan_no_recv(p2p, go, dev, msg,
+ p2p->pref_freq_list, size);
else
- p2p_check_pref_chan_recv(p2p, go, dev, msg, freq_list, size);
+ p2p_check_pref_chan_recv(p2p, go, dev, msg,
+ p2p->pref_freq_list, size);
}
@@ -1085,6 +1137,7 @@
struct p2p_channels res;
u8 group_capab;
size_t extra = 0;
+ bool is_6ghz_capab;
p2p_dbg(p2p, "Building GO Negotiation Confirm");
@@ -1128,7 +1181,9 @@
p2p_buf_add_operating_channel(buf, (const char *) resp_chan,
resp_chan[3], resp_chan[4]);
p2p_channels_intersect(&p2p->channels, &peer->channels, &res);
- p2p_buf_add_channel_list(buf, p2p->cfg->country, &res);
+ is_6ghz_capab = is_p2p_6ghz_capable(p2p) &&
+ p2p_is_peer_6ghz_capab(p2p, peer->info.p2p_device_addr);
+ p2p_buf_add_channel_list(buf, p2p->cfg->country, &res, is_6ghz_capab);
if (go) {
p2p_buf_add_group_id(buf, p2p->cfg->dev_addr, p2p->ssid,
p2p->ssid_len);
diff --git a/src/p2p/p2p_i.h b/src/p2p/p2p_i.h
index b5e5c2b..bebc5e2 100644
--- a/src/p2p/p2p_i.h
+++ b/src/p2p/p2p_i.h
@@ -10,6 +10,7 @@
#define P2P_I_H
#include "utils/list.h"
+#include "drivers/driver.h"
#include "p2p.h"
#include "ap/ap_config.h"
@@ -553,7 +554,7 @@
struct wpabuf **vendor_elem;
- unsigned int pref_freq_list[P2P_MAX_PREF_CHANNELS];
+ struct weighted_pcl pref_freq_list[P2P_MAX_PREF_CHANNELS];
unsigned int num_pref_freq;
/* Override option for preferred operating channel in GO Negotiation */
@@ -769,7 +770,7 @@
void p2p_buf_add_operating_channel(struct wpabuf *buf, const char *country,
u8 reg_class, u8 channel);
void p2p_buf_add_channel_list(struct wpabuf *buf, const char *country,
- struct p2p_channels *chan);
+ struct p2p_channels *chan, bool is_6ghz_capab);
void p2p_buf_add_config_timeout(struct wpabuf *buf, u8 go_timeout,
u8 client_timeout);
void p2p_buf_add_intended_addr(struct wpabuf *buf, const u8 *interface_addr);
@@ -800,7 +801,7 @@
int p2p_build_wps_ie(struct p2p_data *p2p, struct wpabuf *buf, int pw_id,
int all_attr);
void p2p_buf_add_pref_channel_list(struct wpabuf *buf,
- const unsigned int *preferred_freq_list,
+ const struct weighted_pcl *pref_freq_list,
unsigned int size);
/* p2p_sd.c */
@@ -902,6 +903,10 @@
void p2p_go_neg_wait_timeout(void *eloop_ctx, void *timeout_ctx);
int p2p_go_select_channel(struct p2p_data *p2p, struct p2p_device *dev,
u8 *status);
+void p2p_pref_channel_filter(const struct p2p_channels *a,
+ const struct weighted_pcl *freq_list,
+ unsigned int num_channels,
+ struct p2p_channels *res, bool go);
void p2p_dbg(struct p2p_data *p2p, const char *fmt, ...)
PRINTF_FORMAT(2, 3);
void p2p_info(struct p2p_data *p2p, const char *fmt, ...)
diff --git a/src/p2p/p2p_invitation.c b/src/p2p/p2p_invitation.c
index ab00722..bca5b90 100644
--- a/src/p2p/p2p_invitation.c
+++ b/src/p2p/p2p_invitation.c
@@ -24,6 +24,7 @@
u8 *len;
const u8 *dev_addr;
size_t extra = 0;
+ bool is_6ghz_capab;
#ifdef CONFIG_WIFI_DISPLAY
struct wpabuf *wfd_ie = p2p->wfd_ie_invitation;
@@ -74,7 +75,10 @@
p2p->op_channel);
if (p2p->inv_bssid_set)
p2p_buf_add_group_bssid(buf, p2p->inv_bssid);
- p2p_buf_add_channel_list(buf, p2p->cfg->country, &p2p->channels);
+ is_6ghz_capab = is_p2p_6ghz_capable(p2p) &&
+ p2p_is_peer_6ghz_capab(p2p, peer->info.p2p_device_addr);
+ p2p_buf_add_channel_list(buf, p2p->cfg->country, &p2p->channels,
+ is_6ghz_capab);
if (go_dev_addr)
dev_addr = go_dev_addr;
else if (p2p->inv_role == P2P_INVITE_ROLE_CLIENT)
@@ -155,8 +159,14 @@
reg_class, channel);
if (group_bssid)
p2p_buf_add_group_bssid(buf, group_bssid);
- if (channels)
- p2p_buf_add_channel_list(buf, p2p->cfg->country, channels);
+ if (channels) {
+ bool is_6ghz_capab;
+
+ is_6ghz_capab = is_p2p_6ghz_capable(p2p) &&
+ p2p_is_peer_6ghz_capab(p2p, peer->info.p2p_device_addr);
+ p2p_buf_add_channel_list(buf, p2p->cfg->country, channels,
+ is_6ghz_capab);
+ }
p2p_buf_update_ie_hdr(buf, len);
#ifdef CONFIG_WIFI_DISPLAY
diff --git a/src/p2p/p2p_pd.c b/src/p2p/p2p_pd.c
index 338b47e..1a78e14 100644
--- a/src/p2p/p2p_pd.c
+++ b/src/p2p/p2p_pd.c
@@ -124,9 +124,15 @@
}
if (shared_group ||
- (prov->conncap & (P2PS_SETUP_CLIENT | P2PS_SETUP_NEW)))
+ (prov->conncap & (P2PS_SETUP_CLIENT | P2PS_SETUP_NEW))) {
+ bool is_6ghz_capab;
+
+ is_6ghz_capab = is_p2p_6ghz_capable(p2p) &&
+ p2p_is_peer_6ghz_capab(
+ p2p, dev->info.p2p_device_addr);
p2p_buf_add_channel_list(buf, p2p->cfg->country,
- &p2p->channels);
+ &p2p->channels, is_6ghz_capab);
+ }
if ((shared_group && !is_zero_ether_addr(intended_addr)) ||
(prov->conncap & (P2PS_SETUP_GROUP_OWNER | P2PS_SETUP_NEW)))
@@ -356,9 +362,15 @@
}
if (persist ||
- (conncap & (P2PS_SETUP_CLIENT | P2PS_SETUP_GROUP_OWNER)))
+ (conncap & (P2PS_SETUP_CLIENT | P2PS_SETUP_GROUP_OWNER))) {
+ bool is_6ghz_capab;
+
+ is_6ghz_capab = is_p2p_6ghz_capable(p2p) &&
+ p2p_is_peer_6ghz_capab(
+ p2p, dev->info.p2p_device_addr);
p2p_buf_add_channel_list(buf, p2p->cfg->country,
- &p2p->channels);
+ &p2p->channels, is_6ghz_capab);
+ }
if (!persist && conncap)
p2p_buf_add_connection_capability(buf, conncap);
diff --git a/src/p2p/p2p_utils.c b/src/p2p/p2p_utils.c
index a203606..c1f0084 100644
--- a/src/p2p/p2p_utils.c
+++ b/src/p2p/p2p_utils.c
@@ -519,14 +519,14 @@
}
-int p2p_remove_6ghz_channels(unsigned int *pref_freq_list, int size)
+int p2p_remove_6ghz_channels(struct weighted_pcl *pref_freq_list, int size)
{
int i;
for (i = 0; i < size; i++) {
- if (is_6ghz_freq(pref_freq_list[i])) {
+ if (is_6ghz_freq(pref_freq_list[i].freq)) {
wpa_printf(MSG_DEBUG, "P2P: Remove 6 GHz channel %d",
- pref_freq_list[i]);
+ pref_freq_list[i].freq);
size--;
os_memmove(&pref_freq_list[i], &pref_freq_list[i + 1],
(size - i) * sizeof(pref_freq_list[0]));
@@ -535,3 +535,79 @@
}
return i;
}
+
+
+/**
+ * p2p_pref_freq_allowed - Based on the flags set, check if the preferred
+ * frequency is allowed
+ * @freq_list: Weighted preferred channel list
+ * @go: Whether the local device is the group owner
+ * Returns: Whether the preferred frequency is allowed
+ */
+bool p2p_pref_freq_allowed(const struct weighted_pcl *freq_list, bool go)
+{
+ if (freq_list->flag & WEIGHTED_PCL_EXCLUDE)
+ return false;
+ if (!(freq_list->flag & WEIGHTED_PCL_CLI) && !go)
+ return false;
+ if (!(freq_list->flag & WEIGHTED_PCL_GO) && go)
+ return false;
+ return true;
+}
+
+
+static int p2p_check_pref_channel(int channel, u8 op_class,
+ const struct weighted_pcl *freq_list,
+ unsigned int num_channels, bool go)
+{
+ unsigned int i;
+
+ /* If the channel is present in the preferred channel list, check if it
+ * has appropriate flags for the role.
+ */
+ for (i = 0; i < num_channels; i++) {
+ if (p2p_channel_to_freq(op_class, channel) !=
+ (int) freq_list[i].freq)
+ continue;
+ if (!p2p_pref_freq_allowed(&freq_list[i], go))
+ return -1;
+ break;
+ }
+
+ return 0;
+}
+
+
+void p2p_pref_channel_filter(const struct p2p_channels *p2p_chan,
+ const struct weighted_pcl *freq_list,
+ unsigned int num_channels,
+ struct p2p_channels *res, bool go)
+{
+ size_t i, j;
+
+ os_memset(res, 0, sizeof(*res));
+
+ for (i = 0; i < p2p_chan->reg_classes; i++) {
+ const struct p2p_reg_class *reg = &p2p_chan->reg_class[i];
+ struct p2p_reg_class *res_reg = &res->reg_class[i];
+
+ if (num_channels > 0) {
+ for (j = 0; j < reg->channels; j++) {
+ if (p2p_check_pref_channel(reg->channel[j],
+ reg->reg_class,
+ freq_list,
+ num_channels,
+ go) < 0)
+ continue;
+
+ res_reg->channel[res_reg->channels++] =
+ reg->channel[j];
+ }
+ }
+
+ if (res_reg->channels == 0)
+ continue;
+ res->reg_classes++;
+ res_reg->reg_class = reg->reg_class;
+ }
+}
diff --git a/src/rsn_supp/preauth.c b/src/rsn_supp/preauth.c
index 1a38bf6..a96655f 100644
--- a/src/rsn_supp/preauth.c
+++ b/src/rsn_supp/preauth.c
@@ -75,7 +75,8 @@
return;
}
- eapol_sm_rx_eapol(sm->preauth_eapol, src_addr, buf, len);
+ eapol_sm_rx_eapol(sm->preauth_eapol, src_addr, buf, len,
+ FRAME_ENCRYPTION_UNKNOWN);
}
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 00b7e84..17a79f9 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -187,7 +187,7 @@
u8 bssid[ETH_ALEN], *rbuf, *key_mic, *mic;
if (pairwise && sm->wpa_deny_ptk0_rekey && !sm->use_ext_key_id &&
- wpa_sm_get_state(sm) == WPA_COMPLETED) {
+ wpa_sm_get_state(sm) == WPA_COMPLETED && !error) {
wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
"WPA: PTK0 rekey not allowed, reconnecting");
wpa_sm_reconnect(sm);
@@ -553,6 +553,8 @@
sm->proto == WPA_PROTO_OSEN) ?
EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
key_info = ver | WPA_KEY_INFO_KEY_TYPE;
+ if (sm->ptk_set && sm->proto != WPA_PROTO_WPA)
+ key_info |= WPA_KEY_INFO_SECURE;
if (mic_len)
key_info |= WPA_KEY_INFO_MIC;
else
@@ -673,7 +675,8 @@
const unsigned char *src_addr,
const struct wpa_eapol_key *key,
u16 ver, const u8 *key_data,
- size_t key_data_len)
+ size_t key_data_len,
+ enum frame_encryption encrypted)
{
struct wpa_eapol_ie_parse ie;
struct wpa_ptk *ptk;
@@ -681,6 +684,13 @@
u8 *kde, *kde_buf = NULL;
size_t kde_len;
+ if (encrypted == FRAME_NOT_ENCRYPTED && sm->tk_set &&
+ wpa_sm_pmf_enabled(sm)) {
+ wpa_printf(MSG_DEBUG,
+ "RSN: Discard unencrypted EAPOL-Key msg 1/4 when TK is set and PMF is enabled");
+ return;
+ }
+
if (wpa_sm_get_network_ctx(sm) == NULL) {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No SSID info "
"found (msg 1 of 4)");
@@ -695,7 +705,6 @@
return;
}
- wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
wpa_dbg(sm->ctx->msg_ctx, MSG_INFO, "WPA: RX message 1 of 4-Way "
"Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
@@ -705,8 +714,11 @@
/* RSN: msg 1/4 should contain PMKID for the selected PMK */
wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data",
key_data, key_data_len);
- if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0)
- goto failed;
+ if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0) {
+ wpa_printf(MSG_DEBUG,
+ "RSN: Discard EAPOL-Key msg 1/4 with invalid IEs/KDEs");
+ return;
+ }
if (ie.pmkid) {
wpa_hexdump(MSG_DEBUG, "RSN: PMKID from "
"Authenticator", ie.pmkid, PMKID_LEN);
@@ -722,6 +734,8 @@
if (res)
goto failed;
+ wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
+
if (sm->renew_snonce) {
if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
@@ -969,6 +983,7 @@
os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
sm->ptk.tk_len = 0;
sm->ptk.installed = 1;
+ sm->tk_set = true;
if (sm->wpa_ptk_rekey) {
eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
@@ -2476,6 +2491,7 @@
* @src_addr: Source MAC address of the EAPOL packet
* @buf: Pointer to the beginning of the EAPOL data (EAPOL header)
* @len: Length of the EAPOL frame
+ * @encrypted: Whether the frame was encrypted
* Returns: 1 = WPA EAPOL-Key processed, 0 = not a WPA EAPOL-Key, -1 failure
*
* This function is called for each received EAPOL frame. Other than EAPOL-Key
@@ -2487,7 +2503,7 @@
* successful key handshake.
*/
int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
- const u8 *buf, size_t len)
+ const u8 *buf, size_t len, enum frame_encryption encrypted)
{
size_t plen, data_len, key_data_len;
const struct ieee802_1x_hdr *hdr;
@@ -2722,7 +2738,8 @@
/* 1/4 4-Way Handshake */
wpa_supplicant_process_1_of_4(sm, src_addr, key,
ver, key_data,
- key_data_len);
+ key_data_len,
+ encrypted);
}
} else {
if ((mic_len && (key_info & WPA_KEY_INFO_MIC)) ||
@@ -3063,6 +3080,7 @@
os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
os_memset(&sm->igtk, 0, sizeof(sm->igtk));
os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
+ sm->tk_set = false;
}
#ifdef CONFIG_TDLS
@@ -3850,6 +3868,7 @@
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PMK and PTK");
sm->ptk_set = 0;
sm->tptk_set = 0;
+ sm->tk_set = false;
sm->pmk_len = 0;
os_memset(sm->pmk, 0, sizeof(sm->pmk));
os_memset(&sm->ptk, 0, sizeof(sm->ptk));
@@ -3886,7 +3905,7 @@
{
if (!sm)
return 0;
- return sm->ptk.installed;
+ return sm->tk_set || sm->ptk.installed;
}
@@ -5033,6 +5052,7 @@
os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
sm->ptk.tk_len = 0;
sm->ptk.installed = 1;
+ sm->tk_set = true;
/* FILS HLP Container */
fils_process_hlp_container(sm, ie_start, end - ie_start);
diff --git a/src/rsn_supp/wpa.h b/src/rsn_supp/wpa.h
index 00fa0bc..7cca718 100644
--- a/src/rsn_supp/wpa.h
+++ b/src/rsn_supp/wpa.h
@@ -19,6 +19,7 @@
struct wpa_config_blob;
struct hostapd_freq_params;
struct wpa_channel_info;
+enum frame_encryption;
struct wpa_sm_ctx {
void *ctx; /* pointer to arbitrary upper level context */
@@ -184,7 +185,7 @@
void wpa_sm_aborted_cached(struct wpa_sm *sm);
void wpa_sm_aborted_external_cached(struct wpa_sm *sm);
int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
- const u8 *buf, size_t len);
+ const u8 *buf, size_t len, enum frame_encryption encrypted);
int wpa_sm_parse_own_wpa_ie(struct wpa_sm *sm, struct wpa_ie_data *data);
int wpa_sm_pmksa_cache_list(struct wpa_sm *sm, char *buf, size_t len);
struct rsn_pmksa_cache_entry * wpa_sm_pmksa_cache_head(struct wpa_sm *sm);
@@ -368,7 +369,8 @@
}
static inline int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
- const u8 *buf, size_t len)
+ const u8 *buf, size_t len,
+ enum frame_encryption encrypted)
{
return -1;
}
diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
index 9d3b538..6d4b07b 100644
--- a/src/rsn_supp/wpa_ft.c
+++ b/src/rsn_supp/wpa_ft.c
@@ -467,6 +467,7 @@
wpa_printf(MSG_WARNING, "FT: Failed to set PTK to the driver");
return -1;
}
+ sm->tk_set = true;
wpa_sm_store_ptk(sm, sm->bssid, sm->pairwise_cipher,
sm->dot11RSNAConfigPMKLifetime, &sm->ptk);
diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
index 579616f..fabd6cb 100644
--- a/src/rsn_supp/wpa_i.h
+++ b/src/rsn_supp/wpa_i.h
@@ -27,6 +27,7 @@
size_t pmk_len;
struct wpa_ptk ptk, tptk;
int ptk_set, tptk_set;
+ bool tk_set; /* Whether any TK is configured to the driver */
unsigned int msg_3_of_4_ok:1;
u8 snonce[WPA_NONCE_LEN];
u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
diff --git a/src/utils/wpa_debug.c b/src/utils/wpa_debug.c
index a338a20..9875b0e 100644
--- a/src/utils/wpa_debug.c
+++ b/src/utils/wpa_debug.c
@@ -621,12 +621,17 @@
#ifndef CONFIG_NO_WPA_MSG
static wpa_msg_cb_func wpa_msg_cb = NULL;
+static wpa_msg_cb_func wpa_msg_aidl_cb = NULL;
void wpa_msg_register_cb(wpa_msg_cb_func func)
{
wpa_msg_cb = func;
}
+void wpa_msg_register_aidl_cb(wpa_msg_cb_func func)
+{
+ wpa_msg_aidl_cb = func;
+}
static wpa_msg_get_ifname_func wpa_msg_ifname_cb = NULL;
@@ -670,6 +675,8 @@
wpa_printf(level, "%s%s", prefix, buf);
if (wpa_msg_cb)
wpa_msg_cb(ctx, level, WPA_MSG_PER_INTERFACE, buf, len);
+ if (wpa_msg_aidl_cb)
+ wpa_msg_aidl_cb(ctx, level, WPA_MSG_PER_INTERFACE, buf, len);
bin_clear_free(buf, buflen);
}
@@ -681,7 +688,7 @@
int buflen;
int len;
- if (!wpa_msg_cb)
+ if (!wpa_msg_cb && !wpa_msg_aidl_cb)
return;
va_start(ap, fmt);
@@ -697,7 +704,10 @@
va_start(ap, fmt);
len = vsnprintf(buf, buflen, fmt, ap);
va_end(ap);
- wpa_msg_cb(ctx, level, WPA_MSG_PER_INTERFACE, buf, len);
+ if (wpa_msg_cb)
+ wpa_msg_cb(ctx, level, WPA_MSG_PER_INTERFACE, buf, len);
+ if (wpa_msg_aidl_cb)
+ wpa_msg_aidl_cb(ctx, level, WPA_MSG_PER_INTERFACE, buf, len);
bin_clear_free(buf, buflen);
}
@@ -725,6 +735,8 @@
wpa_printf(level, "%s", buf);
if (wpa_msg_cb)
wpa_msg_cb(ctx, level, WPA_MSG_GLOBAL, buf, len);
+ if (wpa_msg_aidl_cb)
+ wpa_msg_aidl_cb(ctx, level, WPA_MSG_GLOBAL, buf, len);
bin_clear_free(buf, buflen);
}
@@ -736,7 +748,7 @@
int buflen;
int len;
- if (!wpa_msg_cb)
+ if (!wpa_msg_cb && !wpa_msg_aidl_cb)
return;
va_start(ap, fmt);
@@ -752,7 +764,10 @@
va_start(ap, fmt);
len = vsnprintf(buf, buflen, fmt, ap);
va_end(ap);
- wpa_msg_cb(ctx, level, WPA_MSG_GLOBAL, buf, len);
+ if (wpa_msg_cb)
+ wpa_msg_cb(ctx, level, WPA_MSG_GLOBAL, buf, len);
+ if (wpa_msg_aidl_cb)
+ wpa_msg_aidl_cb(ctx, level, WPA_MSG_GLOBAL, buf, len);
bin_clear_free(buf, buflen);
}
@@ -780,6 +795,9 @@
wpa_printf(level, "%s", buf);
if (wpa_msg_cb)
wpa_msg_cb(ctx, level, WPA_MSG_NO_GLOBAL, buf, len);
+ if (wpa_msg_aidl_cb)
+ wpa_msg_aidl_cb(ctx, level, WPA_MSG_NO_GLOBAL, buf, len);
+
bin_clear_free(buf, buflen);
}
@@ -807,6 +825,8 @@
wpa_printf(level, "%s", buf);
if (wpa_msg_cb)
wpa_msg_cb(ctx, level, WPA_MSG_ONLY_GLOBAL, buf, len);
+ if (wpa_msg_aidl_cb)
+ wpa_msg_aidl_cb(ctx, level, WPA_MSG_ONLY_GLOBAL, buf, len);
os_free(buf);
}
diff --git a/src/utils/wpa_debug.h b/src/utils/wpa_debug.h
index c6d5cc6..29fc48a 100644
--- a/src/utils/wpa_debug.h
+++ b/src/utils/wpa_debug.h
@@ -167,6 +167,7 @@
#define wpa_msg_no_global(args...) do { } while (0)
#define wpa_msg_global_only(args...) do { } while (0)
#define wpa_msg_register_cb(f) do { } while (0)
+#define wpa_msg_register_aidl_cb(f) do { } while (0)
#define wpa_msg_register_ifname_cb(f) do { } while (0)
#else /* CONFIG_NO_WPA_MSG */
/**
@@ -274,7 +275,7 @@
* @func: Callback function (%NULL to unregister)
*/
void wpa_msg_register_cb(wpa_msg_cb_func func);
-
+void wpa_msg_register_aidl_cb(wpa_msg_cb_func func);
typedef const char * (*wpa_msg_get_ifname_func)(void *ctx);
void wpa_msg_register_ifname_cb(wpa_msg_get_ifname_func func);
diff --git a/wpa_supplicant/Android.mk b/wpa_supplicant/Android.mk
index d1436e2..1eaebde 100644
--- a/wpa_supplicant/Android.mk
+++ b/wpa_supplicant/Android.mk
@@ -276,6 +276,7 @@
OBJS += src/common/sae.c
ifdef CONFIG_SAE_PK
L_CFLAGS += -DCONFIG_SAE_PK
+NEED_AES_SIV=y
OBJS += src/common/sae_pk.c
endif
NEED_ECC=y
diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
index 1c6911b..0a71558 100644
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@@ -266,6 +266,7 @@
OBJS += ../src/common/sae.o
ifdef CONFIG_SAE_PK
CFLAGS += -DCONFIG_SAE_PK
+NEED_AES_SIV=y
OBJS += ../src/common/sae_pk.o
endif
NEED_ECC=y
diff --git a/wpa_supplicant/README-HS20 b/wpa_supplicant/README-HS20
index a099a85..0cc5f39 100644
--- a/wpa_supplicant/README-HS20
+++ b/wpa_supplicant/README-HS20
@@ -168,11 +168,16 @@
# milenage: Milenage parameters for SIM/USIM simulator in <Ki>:<OPc>:<SQN>
# format
#
-# imsi_privacy_key: IMSI privacy key (PEM encoded X.509v3 certificate)
+# imsi_privacy_cert: IMSI privacy certificate (PEM encoded X.509v3 certificate)
# This field is used with EAP-SIM/AKA/AKA' to encrypt the permanent
# identity (IMSI) to improve privacy. The X.509v3 certificate needs to
# include a 2048-bit RSA public key and this is from the operator who
# authenticates the SIM/USIM.
+# imsi_privacy_attr: IMSI privacy attribute
+# This field is used to help the EAP-SIM/AKA/AKA' server to identify
+# the used certificate (and as such, the matching private key). This
+# is set to an attribute in name=value format if the operator needs
+# this information.
#
# domain_suffix_match: Constraint for server domain name
# If set, this FQDN is used as a suffix match requirement for the AAA
diff --git a/wpa_supplicant/aidl/aidl_manager.cpp b/wpa_supplicant/aidl/aidl_manager.cpp
index da90c38..1791b2b 100644
--- a/wpa_supplicant/aidl/aidl_manager.cpp
+++ b/wpa_supplicant/aidl/aidl_manager.cpp
@@ -400,6 +400,7 @@
{
// Create the main aidl service object and register it.
wpa_printf(MSG_INFO, "Starting AIDL supplicant");
+ wpa_printf(MSG_INFO, "Interface version: %d", Supplicant::version);
supplicant_object_ = ndk::SharedRefBase::make<Supplicant>(global);
wpa_global_ = global;
std::string instance = std::string() + Supplicant::descriptor + "/default";
diff --git a/wpa_supplicant/aidl/p2p_iface.cpp b/wpa_supplicant/aidl/p2p_iface.cpp
index 06c4545..105fb8e 100644
--- a/wpa_supplicant/aidl/p2p_iface.cpp
+++ b/wpa_supplicant/aidl/p2p_iface.cpp
@@ -2018,11 +2018,16 @@
if (enable) {
wpa_s->conf->p2p_device_random_mac_addr = 1;
wpa_s->conf->p2p_interface_random_mac_addr = 1;
+ int status = wpas_p2p_mac_setup(wpa_s);
// restore config if it failed to set up MAC address.
- if (wpas_p2p_mac_setup(wpa_s) < 0) {
+ if (status < 0) {
wpa_s->conf->p2p_device_random_mac_addr = 0;
wpa_s->conf->p2p_interface_random_mac_addr = 0;
+ if (status == -ENOTSUP) {
+ return createStatusWithMsg(SupplicantStatusCode::FAILURE_UNSUPPORTED,
+ "Failed to set up MAC address, feature not supported.");
+ }
return createStatusWithMsg(SupplicantStatusCode::FAILURE_UNKNOWN,
"Failed to set up MAC address.");
}
diff --git a/wpa_supplicant/ap.c b/wpa_supplicant/ap.c
index 7b31d8e..7de9249 100644
--- a/wpa_supplicant/ap.c
+++ b/wpa_supplicant/ap.c
@@ -90,7 +90,7 @@
&conf->op_class,
&conf->channel);
- if (hostapd_get_oper_chwidth(conf) == CHANWIDTH_80P80MHZ) {
+ if (hostapd_get_oper_chwidth(conf) == CONF_OPER_CHWIDTH_80P80MHZ) {
ieee80211_freq_to_chan(ssid->vht_center_freq2,
&freq_seg_idx);
hostapd_set_oper_centr_freq_seg1_idx(conf, freq_seg_idx);
@@ -112,15 +112,15 @@
#ifdef CONFIG_P2P
switch (hostapd_get_oper_chwidth(conf)) {
- case CHANWIDTH_80MHZ:
- case CHANWIDTH_80P80MHZ:
+ case CONF_OPER_CHWIDTH_80MHZ:
+ case CONF_OPER_CHWIDTH_80P80MHZ:
center_chan = wpas_p2p_get_vht80_center(wpa_s, mode, channel,
conf->op_class);
wpa_printf(MSG_DEBUG,
"VHT center channel %u for 80 or 80+80 MHz bandwidth",
center_chan);
break;
- case CHANWIDTH_160MHZ:
+ case CONF_OPER_CHWIDTH_160MHZ:
center_chan = wpas_p2p_get_vht160_center(wpa_s, mode, channel,
conf->op_class);
wpa_printf(MSG_DEBUG,
@@ -133,7 +133,7 @@
* try oper_cwidth 160 MHz first then VHT 80 MHz, if 160 MHz is
* not supported.
*/
- hostapd_set_oper_chwidth(conf, CHANWIDTH_160MHZ);
+ hostapd_set_oper_chwidth(conf, CONF_OPER_CHWIDTH_160MHZ);
ieee80211_freq_to_channel_ext(ssid->frequency, 0,
conf->vht_oper_chwidth,
&conf->op_class,
@@ -145,7 +145,7 @@
"VHT center channel %u for auto-selected 160 MHz bandwidth",
center_chan);
} else {
- hostapd_set_oper_chwidth(conf, CHANWIDTH_80MHZ);
+ hostapd_set_oper_chwidth(conf, CONF_OPER_CHWIDTH_80MHZ);
ieee80211_freq_to_channel_ext(ssid->frequency, 0,
conf->vht_oper_chwidth,
&conf->op_class,
@@ -174,7 +174,7 @@
conf->channel);
hostapd_set_oper_centr_freq_seg0_idx(
conf, conf->channel + conf->secondary_channel * 2);
- hostapd_set_oper_chwidth(conf, CHANWIDTH_USE_HT);
+ hostapd_set_oper_chwidth(conf, CONF_OPER_CHWIDTH_USE_HT);
}
@@ -201,14 +201,14 @@
static int get_max_oper_chwidth_6ghz(int chwidth)
{
switch (chwidth) {
- case CHANWIDTH_USE_HT:
+ case CONF_OPER_CHWIDTH_USE_HT:
return 20;
- case CHANWIDTH_40MHZ_6GHZ:
+ case CONF_OPER_CHWIDTH_40MHZ_6GHZ:
return 40;
- case CHANWIDTH_80MHZ:
+ case CONF_OPER_CHWIDTH_80MHZ:
return 80;
- case CHANWIDTH_80P80MHZ:
- case CHANWIDTH_160MHZ:
+ case CONF_OPER_CHWIDTH_80P80MHZ:
+ case CONF_OPER_CHWIDTH_160MHZ:
return 160;
default:
return 0;
@@ -249,8 +249,8 @@
wpa_printf(MSG_DEBUG,
"Secondary channel offset %d for P2P group",
conf->secondary_channel);
- if (ssid->max_oper_chwidth == CHANWIDTH_40MHZ_6GHZ)
- ssid->max_oper_chwidth = CHANWIDTH_USE_HT;
+ if (ssid->max_oper_chwidth == CONF_OPER_CHWIDTH_40MHZ_6GHZ)
+ ssid->max_oper_chwidth = CONF_OPER_CHWIDTH_USE_HT;
}
if ((is_chanwidth_40_80 || is_chanwidth_160) && ssid->p2p_group &&
@@ -266,7 +266,7 @@
struct hostapd_config *conf)
{
conf->hw_mode = ieee80211_freq_to_channel_ext(ssid->frequency, 0,
- CHANWIDTH_USE_HT,
+ CONF_OPER_CHWIDTH_USE_HT,
&conf->op_class,
&conf->channel);
if (conf->hw_mode == NUM_HOSTAPD_MODES) {
@@ -1234,9 +1234,11 @@
void wpa_supplicant_ap_rx_eapol(struct wpa_supplicant *wpa_s,
- const u8 *src_addr, const u8 *buf, size_t len)
+ const u8 *src_addr, const u8 *buf, size_t len,
+ enum frame_encryption encrypted)
{
- ieee802_1x_receive(wpa_s->ap_iface->bss[0], src_addr, buf, len);
+ ieee802_1x_receive(wpa_s->ap_iface->bss[0], src_addr, buf, len,
+ encrypted);
}
diff --git a/wpa_supplicant/ap.h b/wpa_supplicant/ap.h
index ccd3e7b..865429e 100644
--- a/wpa_supplicant/ap.h
+++ b/wpa_supplicant/ap.h
@@ -16,7 +16,8 @@
struct wpa_ssid *ssid);
void wpa_supplicant_ap_deinit(struct wpa_supplicant *wpa_s);
void wpa_supplicant_ap_rx_eapol(struct wpa_supplicant *wpa_s,
- const u8 *src_addr, const u8 *buf, size_t len);
+ const u8 *src_addr, const u8 *buf, size_t len,
+ enum frame_encryption encrypted);
int wpa_supplicant_ap_wps_pbc(struct wpa_supplicant *wpa_s, const u8 *bssid,
const u8 *p2p_dev_addr);
int wpa_supplicant_ap_wps_pin(struct wpa_supplicant *wpa_s, const u8 *bssid,
diff --git a/wpa_supplicant/bss.c b/wpa_supplicant/bss.c
index 429c6e7..eb97a61 100644
--- a/wpa_supplicant/bss.c
+++ b/wpa_supplicant/bss.c
@@ -1281,12 +1281,16 @@
end = pos + bss->beacon_ie_len;
while (end - pos > 1) {
- if (2 + pos[1] > end - pos)
+ u8 id, len;
+
+ id = *pos++;
+ len = *pos++;
+ if (len > end - pos)
break;
- if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 &&
- vendor_type == WPA_GET_BE32(&pos[2]))
- wpabuf_put_data(buf, pos + 2 + 4, pos[1] - 4);
- pos += 2 + pos[1];
+ if (id == WLAN_EID_VENDOR_SPECIFIC && len >= 4 &&
+ vendor_type == WPA_GET_BE32(pos))
+ wpabuf_put_data(buf, pos + 4, len - 4);
+ pos += len;
}
if (wpabuf_len(buf) == 0) {
diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
index c8844bb..aa775ca 100644
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
@@ -2434,8 +2434,8 @@
{ INT_RANGE(ht, 0, 1) },
{ INT_RANGE(vht, 0, 1) },
{ INT_RANGE(ht40, -1, 1) },
- { INT_RANGE(max_oper_chwidth, CHANWIDTH_USE_HT,
- CHANWIDTH_80P80MHZ) },
+ { INT_RANGE(max_oper_chwidth, CONF_OPER_CHWIDTH_USE_HT,
+ CONF_OPER_CHWIDTH_80P80MHZ) },
{ INT(vht_center_freq1) },
{ INT(vht_center_freq2) },
#ifdef IEEE8021X_EAPOL
@@ -2503,7 +2503,8 @@
{ INTe(machine_ocsp, machine_cert.ocsp) },
{ INT(eapol_flags) },
{ INTe(sim_num, sim_num) },
- { STRe(imsi_privacy_key, imsi_privacy_key) },
+ { STRe(imsi_privacy_cert, imsi_privacy_cert) },
+ { STRe(imsi_privacy_attr, imsi_privacy_attr) },
{ STRe(openssl_ciphers, openssl_ciphers) },
{ INTe(erp, erp) },
#endif /* IEEE8021X_EAPOL */
@@ -2771,7 +2772,8 @@
bin_clear_free(eap->identity, eap->identity_len);
os_free(eap->anonymous_identity);
os_free(eap->imsi_identity);
- os_free(eap->imsi_privacy_key);
+ os_free(eap->imsi_privacy_cert);
+ os_free(eap->imsi_privacy_attr);
os_free(eap->machine_identity);
bin_clear_free(eap->password, eap->password_len);
bin_clear_free(eap->machine_password, eap->machine_password_len);
@@ -2875,7 +2877,8 @@
os_free(cred->req_conn_capab_port[i]);
os_free(cred->req_conn_capab_port);
os_free(cred->req_conn_capab_proto);
- os_free(cred->imsi_privacy_key);
+ os_free(cred->imsi_privacy_cert);
+ os_free(cred->imsi_privacy_attr);
os_free(cred);
}
@@ -3911,9 +3914,15 @@
return 0;
}
- if (os_strcmp(var, "imsi_privacy_key") == 0) {
- os_free(cred->imsi_privacy_key);
- cred->imsi_privacy_key = val;
+ if (os_strcmp(var, "imsi_privacy_cert") == 0) {
+ os_free(cred->imsi_privacy_cert);
+ cred->imsi_privacy_cert = val;
+ return 0;
+ }
+
+ if (os_strcmp(var, "imsi_privacy_attr") == 0) {
+ os_free(cred->imsi_privacy_attr);
+ cred->imsi_privacy_attr = val;
return 0;
}
@@ -4067,8 +4076,11 @@
if (os_strcmp(var, "imsi") == 0)
return alloc_strdup(cred->imsi);
- if (os_strcmp(var, "imsi_privacy_key") == 0)
- return alloc_strdup(cred->imsi_privacy_key);
+ if (os_strcmp(var, "imsi_privacy_cert") == 0)
+ return alloc_strdup(cred->imsi_privacy_cert);
+
+ if (os_strcmp(var, "imsi_privacy_attr") == 0)
+ return alloc_strdup(cred->imsi_privacy_attr);
if (os_strcmp(var, "milenage") == 0) {
if (!(cred->milenage))
diff --git a/wpa_supplicant/config.h b/wpa_supplicant/config.h
index 77d6ab5..f33618c 100644
--- a/wpa_supplicant/config.h
+++ b/wpa_supplicant/config.h
@@ -182,14 +182,24 @@
char *milenage;
/**
- * imsi_privacy_key - IMSI privacy key (PEM encoded X.509v3 certificate)
+ * imsi_privacy_cert - IMSI privacy certificate
*
* This field is used with EAP-SIM/AKA/AKA' to encrypt the permanent
- * identity (IMSI) to improve privacy. The X.509v3 certificate needs to
- * include a 2048-bit RSA public key and this is from the operator who
- * authenticates the SIM/USIM.
+ * identity (IMSI) to improve privacy. The referenced PEM-encoded
+ * X.509v3 certificate needs to include a 2048-bit RSA public key and
+ * this is from the operator who authenticates the SIM/USIM.
*/
- char *imsi_privacy_key;
+ char *imsi_privacy_cert;
+
+ /**
+ * imsi_privacy_attr - IMSI privacy attribute
+ *
+ * This field is used to help the EAP-SIM/AKA/AKA' server to identify
+ * the used certificate (and as such, the matching private key). This
+ * is set to an attribute in name=value format if the operator needs
+ * this information.
+ */
+ char *imsi_privacy_attr;
/**
* engine - Use an engine for private key operations
diff --git a/wpa_supplicant/config_file.c b/wpa_supplicant/config_file.c
index 978cc6a..3b9f60b 100644
--- a/wpa_supplicant/config_file.c
+++ b/wpa_supplicant/config_file.c
@@ -1036,6 +1036,13 @@
fprintf(f, "\tcert_id=\"%s\"\n", cred->cert_id);
if (cred->ca_cert_id)
fprintf(f, "\tca_cert_id=\"%s\"\n", cred->ca_cert_id);
+
+ if (cred->imsi_privacy_cert)
+ fprintf(f, "\timsi_privacy_cert=\"%s\"\n",
+ cred->imsi_privacy_cert);
+ if (cred->imsi_privacy_attr)
+ fprintf(f, "\timsi_privacy_attr=\"%s\"\n",
+ cred->imsi_privacy_attr);
}
diff --git a/wpa_supplicant/config_ssid.h b/wpa_supplicant/config_ssid.h
index 4d3d114..f1f6cc4 100644
--- a/wpa_supplicant/config_ssid.h
+++ b/wpa_supplicant/config_ssid.h
@@ -560,7 +560,7 @@
int he;
- int max_oper_chwidth;
+ enum oper_chan_width max_oper_chwidth;
unsigned int vht_center_freq1;
unsigned int vht_center_freq2;
diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index e8a8118..8cc02a6 100644
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -866,6 +866,8 @@
} else if (os_strcasecmp(cmd,
"dpp_ignore_netaccesskey_mismatch") == 0) {
wpa_s->dpp_ignore_netaccesskey_mismatch = atoi(value);
+ } else if (os_strcasecmp(cmd, "dpp_discard_public_action") == 0) {
+ wpa_s->dpp_discard_public_action = atoi(value);
} else if (os_strcasecmp(cmd, "dpp_test") == 0) {
dpp_test = atoi(value);
#endif /* CONFIG_DPP */
@@ -5978,17 +5980,19 @@
if (freq2 < 0)
return -1;
if (freq2)
- return CHANWIDTH_80P80MHZ;
+ return CONF_OPER_CHWIDTH_80P80MHZ;
switch (chwidth) {
case 0:
case 20:
case 40:
- return CHANWIDTH_USE_HT;
+ return CONF_OPER_CHWIDTH_USE_HT;
case 80:
- return CHANWIDTH_80MHZ;
+ return CONF_OPER_CHWIDTH_80MHZ;
case 160:
- return CHANWIDTH_160MHZ;
+ return CONF_OPER_CHWIDTH_160MHZ;
+ case 320:
+ return CONF_OPER_CHWIDTH_320MHZ;
default:
wpa_printf(MSG_DEBUG, "Unknown max oper bandwidth: %d",
chwidth);
@@ -6095,7 +6099,7 @@
return -1;
if (allow_6ghz && chwidth == 40)
- max_oper_chwidth = CHANWIDTH_40MHZ_6GHZ;
+ max_oper_chwidth = CONF_OPER_CHWIDTH_40MHZ_6GHZ;
pos2 = os_strstr(pos, " ssid=");
if (pos2) {
@@ -6751,7 +6755,7 @@
allow_6ghz = os_strstr(cmd, " allow_6ghz") != NULL;
if (allow_6ghz && chwidth == 40)
- max_oper_chwidth = CHANWIDTH_40MHZ_6GHZ;
+ max_oper_chwidth = CONF_OPER_CHWIDTH_40MHZ_6GHZ;
return wpas_p2p_invite(wpa_s, _peer, ssid, NULL, freq, freq2, ht40, vht,
max_oper_chwidth, pref_freq, he, edmg,
@@ -6897,7 +6901,7 @@
return -1;
if (allow_6ghz && chwidth == 40)
- max_oper_chwidth = CHANWIDTH_40MHZ_6GHZ;
+ max_oper_chwidth = CONF_OPER_CHWIDTH_40MHZ_6GHZ;
/* Allow DFS to be used for Autonomous GO */
wpa_s->p2p_go_allow_dfs = !!(wpa_s->drv_flags &
@@ -8123,7 +8127,7 @@
int wpas_ctrl_iface_get_pref_freq_list_override(struct wpa_supplicant *wpa_s,
enum wpa_driver_if_type if_type,
unsigned int *num,
- unsigned int *freq_list)
+ struct weighted_pcl *freq_list)
{
char *pos = wpa_s->get_pref_freq_list_override;
char *end;
@@ -8147,7 +8151,8 @@
pos++;
end = os_strchr(pos, ' ');
while (pos && (!end || pos < end) && count < *num) {
- freq_list[count++] = atoi(pos);
+ freq_list[count].freq = atoi(pos);
+ freq_list[count++].flag = WEIGHTED_PCL_GO | WEIGHTED_PCL_CLI;
pos = os_strchr(pos, ',');
if (pos)
pos++;
@@ -8162,10 +8167,11 @@
static int wpas_ctrl_iface_get_pref_freq_list(
struct wpa_supplicant *wpa_s, char *cmd, char *buf, size_t buflen)
{
- unsigned int freq_list[100], num = 100, i;
+ unsigned int num = 100, i;
int ret;
enum wpa_driver_if_type iface_type;
char *pos, *end;
+ struct weighted_pcl freq_list[100];
pos = buf;
end = buf + buflen;
@@ -8196,7 +8202,7 @@
for (i = 0; i < num; i++) {
ret = os_snprintf(pos, end - pos, "%s%u",
- i > 0 ? "," : "", freq_list[i]);
+ i > 0 ? "," : "", freq_list[i].freq);
if (os_snprintf_error(end - pos, ret))
return -1;
pos += ret;
@@ -8556,6 +8562,8 @@
wpa_s->dpp_discovery_override = NULL;
os_free(wpa_s->dpp_groups_override);
wpa_s->dpp_groups_override = NULL;
+ wpa_s->dpp_ignore_netaccesskey_mismatch = 0;
+ wpa_s->dpp_discard_public_action = 0;
dpp_test = DPP_TEST_DISABLED;
#endif /* CONFIG_DPP */
#endif /* CONFIG_TESTING_OPTIONS */
@@ -8840,6 +8848,7 @@
unsigned int manual_scan_only_new = 0;
unsigned int scan_only = 0;
unsigned int scan_id_count = 0;
+ unsigned int manual_non_coloc_6ghz = 0;
int scan_id[MAX_SCAN_ID];
void (*scan_res_handler)(struct wpa_supplicant *wpa_s,
struct wpa_scan_results *scan_res);
@@ -8917,6 +8926,10 @@
os_strstr(params, "wildcard_ssid=1") != NULL;
}
+ pos = os_strstr(params, "non_coloc_6ghz=");
+ if (pos)
+ manual_non_coloc_6ghz = !!atoi(pos + 15);
+
pos = params;
while (pos && *pos != '\0') {
if (os_strncmp(pos, "ssid ", 5) == 0) {
@@ -8986,6 +8999,7 @@
wpa_s->manual_scan_use_id = manual_scan_use_id;
wpa_s->manual_scan_only_new = manual_scan_only_new;
wpa_s->scan_id_count = scan_id_count;
+ wpa_s->manual_non_coloc_6ghz = manual_non_coloc_6ghz;
os_memcpy(wpa_s->scan_id, scan_id, scan_id_count * sizeof(int));
wpa_s->scan_res_handler = scan_res_handler;
os_free(wpa_s->manual_scan_freqs);
@@ -9009,6 +9023,7 @@
wpa_s->manual_scan_use_id = manual_scan_use_id;
wpa_s->manual_scan_only_new = manual_scan_only_new;
wpa_s->scan_id_count = scan_id_count;
+ wpa_s->manual_non_coloc_6ghz = manual_non_coloc_6ghz;
os_memcpy(wpa_s->scan_id, scan_id, scan_id_count * sizeof(int));
wpa_s->scan_res_handler = scan_res_handler;
os_free(wpa_s->manual_scan_freqs);
@@ -9523,7 +9538,7 @@
return -1;
}
- wpa_supplicant_rx_eapol(wpa_s, src, buf, len);
+ wpa_supplicant_rx_eapol(wpa_s, src, buf, len, FRAME_ENCRYPTION_UNKNOWN);
os_free(buf);
return 0;
@@ -10022,8 +10037,9 @@
setup_cmd = atoi(tok_s + os_strlen(" setup_cmd="));
tok_s = os_strstr(cmd, " twt=");
- if (tok_s)
- sscanf(tok_s + os_strlen(" twt="), "%llu", &twt);
+ if (tok_s &&
+ sscanf(tok_s + os_strlen(" twt="), "%llu", &twt) != 1)
+ return -1;
tok_s = os_strstr(cmd, " requestor=");
if (tok_s)
diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c
index b6dbc98..60342cd 100644
--- a/wpa_supplicant/dpp_supplicant.c
+++ b/wpa_supplicant/dpp_supplicant.c
@@ -802,7 +802,17 @@
}
addr = get_param(cmd, " tcp_addr=");
- if (addr) {
+ if (addr && os_strcmp(addr, "from-uri") == 0) {
+ os_free(addr);
+ if (!peer_bi->host) {
+ wpa_printf(MSG_INFO,
+ "DPP: TCP address not available in peer URI");
+ return -1;
+ }
+ tcp = 1;
+ os_memcpy(&ipaddr, peer_bi->host, sizeof(ipaddr));
+ tcp_port = peer_bi->port;
+ } else if (addr) {
int res;
res = hostapd_parse_ip_addr(addr, &ipaddr);
@@ -3140,6 +3150,13 @@
return;
if (WPA_GET_BE24(buf) != OUI_WFA || buf[3] != DPP_OUI_TYPE)
return;
+#ifdef CONFIG_TESTING_OPTIONS
+ if (wpa_s->dpp_discard_public_action) {
+ wpa_printf(MSG_DEBUG,
+ "TESTING: Discard received DPP Public Action frame");
+ return;
+ }
+#endif /* CONFIG_TESTING_OPTIONS */
hdr = buf;
buf += 4;
len -= 4;
diff --git a/wpa_supplicant/driver_i.h b/wpa_supplicant/driver_i.h
index 237f4e0..b0af1cd 100644
--- a/wpa_supplicant/driver_i.h
+++ b/wpa_supplicant/driver_i.h
@@ -964,7 +964,7 @@
static inline int wpa_drv_get_pref_freq_list(struct wpa_supplicant *wpa_s,
enum wpa_driver_if_type if_type,
unsigned int *num,
- unsigned int *freq_list)
+ struct weighted_pcl *freq_list)
{
#ifdef CONFIG_TESTING_OPTIONS
if (wpa_s->get_pref_freq_list_override)
diff --git a/wpa_supplicant/eapol_test.c b/wpa_supplicant/eapol_test.c
index f806895..efec31c 100644
--- a/wpa_supplicant/eapol_test.c
+++ b/wpa_supplicant/eapol_test.c
@@ -714,7 +714,7 @@
printf("Sending fake EAP-Request-Identity\n");
eapol_sm_rx_eapol(wpa_s->eapol, wpa_s->bssid, buf,
- sizeof(*hdr) + 5);
+ sizeof(*hdr) + 5, FRAME_ENCRYPTION_UNKNOWN);
}
@@ -842,7 +842,8 @@
wpabuf_len(eap));
eapol_sm_rx_eapol(e->wpa_s->eapol, e->wpa_s->bssid,
(u8 *) dot1x,
- sizeof(*dot1x) + wpabuf_len(eap));
+ sizeof(*dot1x) + wpabuf_len(eap),
+ FRAME_ENCRYPTION_UNKNOWN);
os_free(dot1x);
}
}
diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index 7234de4..6080eb3 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -3665,7 +3665,8 @@
wpa_supplicant_rx_eapol(
wpa_s, wpa_s->pending_eapol_rx_src,
wpabuf_head(wpa_s->pending_eapol_rx),
- wpabuf_len(wpa_s->pending_eapol_rx));
+ wpabuf_len(wpa_s->pending_eapol_rx),
+ wpa_s->pending_eapol_encrypted);
}
wpabuf_free(wpa_s->pending_eapol_rx);
wpa_s->pending_eapol_rx = NULL;
@@ -5647,7 +5648,8 @@
case EVENT_EAPOL_RX:
wpa_supplicant_rx_eapol(wpa_s, data->eapol_rx.src,
data->eapol_rx.data,
- data->eapol_rx.data_len);
+ data->eapol_rx.data_len,
+ data->eapol_rx.encrypted);
break;
case EVENT_SIGNAL_CHANGE:
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SIGNAL_CHANGE
diff --git a/wpa_supplicant/gas_query.c b/wpa_supplicant/gas_query.c
index a6172d6..802f120 100644
--- a/wpa_supplicant/gas_query.c
+++ b/wpa_supplicant/gas_query.c
@@ -30,6 +30,8 @@
#define GAS_QUERY_WAIT_TIME_INITIAL 1000
#define GAS_QUERY_WAIT_TIME_COMEBACK 150
+#define GAS_QUERY_MAX_COMEBACK_DELAY 60000
+
/**
* struct gas_query_pending - Pending GAS query
*/
@@ -589,6 +591,8 @@
if (pos + 2 > data + len)
return 0;
comeback_delay = WPA_GET_LE16(pos);
+ if (comeback_delay > GAS_QUERY_MAX_COMEBACK_DELAY)
+ comeback_delay = GAS_QUERY_MAX_COMEBACK_DELAY;
pos += 2;
/* Advertisement Protocol element */
diff --git a/wpa_supplicant/ibss_rsn.c b/wpa_supplicant/ibss_rsn.c
index 02e6390..874c2bf 100644
--- a/wpa_supplicant/ibss_rsn.c
+++ b/wpa_supplicant/ibss_rsn.c
@@ -772,7 +772,8 @@
static int ibss_rsn_process_rx_eapol(struct ibss_rsn *ibss_rsn,
struct ibss_rsn_peer *peer,
- const u8 *buf, size_t len)
+ const u8 *buf, size_t len,
+ enum frame_encryption encrypted)
{
int supp;
u8 *tmp;
@@ -788,7 +789,7 @@
peer->authentication_status |= IBSS_RSN_AUTH_EAPOL_BY_PEER;
wpa_printf(MSG_DEBUG, "RSN: IBSS RX EAPOL for Supplicant from "
MACSTR, MAC2STR(peer->addr));
- wpa_sm_rx_eapol(peer->supp, peer->addr, tmp, len);
+ wpa_sm_rx_eapol(peer->supp, peer->addr, tmp, len, encrypted);
} else {
if (ibss_rsn_is_auth_started(peer) == 0) {
wpa_printf(MSG_DEBUG, "RSN: IBSS EAPOL for "
@@ -809,7 +810,8 @@
int ibss_rsn_rx_eapol(struct ibss_rsn *ibss_rsn, const u8 *src_addr,
- const u8 *buf, size_t len)
+ const u8 *buf, size_t len,
+ enum frame_encryption encrypted)
{
struct ibss_rsn_peer *peer;
@@ -818,7 +820,8 @@
peer = ibss_rsn_get_peer(ibss_rsn, src_addr);
if (peer)
- return ibss_rsn_process_rx_eapol(ibss_rsn, peer, buf, len);
+ return ibss_rsn_process_rx_eapol(ibss_rsn, peer, buf, len,
+ encrypted);
if (ibss_rsn_eapol_dst_supp(buf, len) > 0) {
/*
@@ -836,7 +839,7 @@
IBSS_RSN_AUTH_EAPOL_BY_US);
return ibss_rsn_process_rx_eapol(ibss_rsn, ibss_rsn->peers,
- buf, len);
+ buf, len, encrypted);
}
return 0;
diff --git a/wpa_supplicant/ibss_rsn.h b/wpa_supplicant/ibss_rsn.h
index 626c543..cff45a7 100644
--- a/wpa_supplicant/ibss_rsn.h
+++ b/wpa_supplicant/ibss_rsn.h
@@ -57,7 +57,8 @@
int ibss_rsn_start(struct ibss_rsn *ibss_rsn, const u8 *addr);
void ibss_rsn_stop(struct ibss_rsn *ibss_rsn, const u8 *peermac);
int ibss_rsn_rx_eapol(struct ibss_rsn *ibss_rsn, const u8 *src_addr,
- const u8 *buf, size_t len);
+ const u8 *buf, size_t len,
+ enum frame_encryption encrypted);
void ibss_rsn_set_psk(struct ibss_rsn *ibss_rsn, const u8 *psk);
void ibss_rsn_handle_auth(struct ibss_rsn *ibss_rsn, const u8 *auth_frame,
size_t len);
diff --git a/wpa_supplicant/interworking.c b/wpa_supplicant/interworking.c
index 9a459c2..6198bd7 100644
--- a/wpa_supplicant/interworking.c
+++ b/wpa_supplicant/interworking.c
@@ -1065,9 +1065,15 @@
goto fail;
}
- if (cred->imsi_privacy_key && cred->imsi_privacy_key[0]) {
- if (wpa_config_set_quoted(ssid, "imsi_privacy_key",
- cred->imsi_privacy_key) < 0)
+ if (cred->imsi_privacy_cert && cred->imsi_privacy_cert[0]) {
+ if (wpa_config_set_quoted(ssid, "imsi_privacy_cert",
+ cred->imsi_privacy_cert) < 0)
+ goto fail;
+ }
+
+ if (cred->imsi_privacy_attr && cred->imsi_privacy_attr[0]) {
+ if (wpa_config_set_quoted(ssid, "imsi_privacy_attr",
+ cred->imsi_privacy_attr) < 0)
goto fail;
}
diff --git a/wpa_supplicant/mesh.c b/wpa_supplicant/mesh.c
index b67396d..16530fb 100644
--- a/wpa_supplicant/mesh.c
+++ b/wpa_supplicant/mesh.c
@@ -643,18 +643,20 @@
switch (params->freq.bandwidth) {
case 80:
if (params->freq.center_freq2) {
- ssid->max_oper_chwidth = CHANWIDTH_80P80MHZ;
+ ssid->max_oper_chwidth =
+ CONF_OPER_CHWIDTH_80P80MHZ;
ssid->vht_center_freq2 =
params->freq.center_freq2;
} else {
- ssid->max_oper_chwidth = CHANWIDTH_80MHZ;
+ ssid->max_oper_chwidth =
+ CONF_OPER_CHWIDTH_80MHZ;
}
break;
case 160:
- ssid->max_oper_chwidth = CHANWIDTH_160MHZ;
+ ssid->max_oper_chwidth = CONF_OPER_CHWIDTH_160MHZ;
break;
default:
- ssid->max_oper_chwidth = CHANWIDTH_USE_HT;
+ ssid->max_oper_chwidth = CONF_OPER_CHWIDTH_USE_HT;
break;
}
}
diff --git a/wpa_supplicant/op_classes.c b/wpa_supplicant/op_classes.c
index bd53c5c..5dca8f7 100644
--- a/wpa_supplicant/op_classes.c
+++ b/wpa_supplicant/op_classes.c
@@ -470,8 +470,9 @@
* or used.
*/
if (wpas_sta_secondary_channel_offset(bss, ¤t, &chan) < 0 &&
- ieee80211_freq_to_channel_ext(bss->freq, 0, CHANWIDTH_USE_HT,
- ¤t, &chan) == NUM_HOSTAPD_MODES)
+ ieee80211_freq_to_channel_ext(bss->freq, 0,
+ CONF_OPER_CHWIDTH_USE_HT, ¤t,
+ &chan) == NUM_HOSTAPD_MODES)
return 0;
/*
diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c
index c8f2e5c..ccbb1b7 100644
--- a/wpa_supplicant/p2p_supplicant.c
+++ b/wpa_supplicant/p2p_supplicant.c
@@ -129,7 +129,7 @@
const u8 *ssid, size_t ssid_len);
static int wpas_p2p_setup_freqs(struct wpa_supplicant *wpa_s, int freq,
int *force_freq, int *pref_freq, int go,
- unsigned int *pref_freq_list,
+ struct weighted_pcl *pref_freq_list,
unsigned int *num_pref_freq);
static void wpas_p2p_join_scan_req(struct wpa_supplicant *wpa_s, int freq,
const u8 *ssid, size_t ssid_len);
@@ -705,7 +705,8 @@
struct wpa_supplicant *go_wpa_s, *cli_wpa_s;
struct wpa_ssid *persistent_go;
int p2p_no_group_iface;
- unsigned int pref_freq_list[P2P_MAX_PREF_CHANNELS], size;
+ struct weighted_pcl pref_freq_list[P2P_MAX_PREF_CHANNELS];
+ unsigned int size;
wpa_printf(MSG_DEBUG, "P2P: Conncap - in:%d role:%d", incoming, role);
@@ -4732,7 +4733,7 @@
static int wpas_p2p_get_pref_freq_list(void *ctx, int go,
unsigned int *len,
- unsigned int *freq_list)
+ struct weighted_pcl *freq_list)
{
struct wpa_supplicant *wpa_s = ctx;
@@ -5708,7 +5709,7 @@
static int wpas_p2p_setup_freqs(struct wpa_supplicant *wpa_s, int freq,
int *force_freq, int *pref_freq, int go,
- unsigned int *pref_freq_list,
+ struct weighted_pcl *pref_freq_list,
unsigned int *num_pref_freq)
{
struct wpa_used_freq_data *freqs;
@@ -5822,16 +5823,19 @@
i = 0;
while (i < *num_pref_freq &&
(!p2p_supported_freq(wpa_s->global->p2p,
- pref_freq_list[i]) ||
- wpas_p2p_disallowed_freq(wpa_s->global,
- pref_freq_list[i]))) {
+ pref_freq_list[i].freq) ||
+ wpas_p2p_disallowed_freq(
+ wpa_s->global,
+ pref_freq_list[i].freq) ||
+ !p2p_pref_freq_allowed(&pref_freq_list[i],
+ go))) {
wpa_printf(MSG_DEBUG,
"P2P: preferred_freq_list[%d]=%d is disallowed",
- i, pref_freq_list[i]);
+ i, pref_freq_list[i].freq);
i++;
}
if (i != *num_pref_freq) {
- best_freq = pref_freq_list[i];
+ best_freq = pref_freq_list[i].freq;
wpa_printf(MSG_DEBUG,
"P2P: Using preferred_freq_list[%d]=%d",
i, best_freq);
@@ -5955,7 +5959,8 @@
enum wpa_driver_if_type iftype;
const u8 *if_addr;
struct wpa_ssid *ssid = NULL;
- unsigned int pref_freq_list[P2P_MAX_PREF_CHANNELS], size;
+ struct weighted_pcl pref_freq_list[P2P_MAX_PREF_CHANNELS];
+ unsigned int size;
if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL)
return -1;
@@ -6240,7 +6245,7 @@
if (!wpa_s->conf->num_p2p_pref_chan && !freq) {
unsigned int i, size = P2P_MAX_PREF_CHANNELS;
- unsigned int pref_freq_list[P2P_MAX_PREF_CHANNELS];
+ struct weighted_pcl pref_freq_list[P2P_MAX_PREF_CHANNELS];
int res;
res = wpa_drv_get_pref_freq_list(wpa_s, WPA_IF_P2P_GO,
@@ -6252,16 +6257,19 @@
i = 0;
while (i < size &&
(!p2p_supported_freq(wpa_s->global->p2p,
- pref_freq_list[i]) ||
- wpas_p2p_disallowed_freq(wpa_s->global,
- pref_freq_list[i]))) {
+ pref_freq_list[i].freq) ||
+ wpas_p2p_disallowed_freq(
+ wpa_s->global,
+ pref_freq_list[i].freq) ||
+ !p2p_pref_freq_allowed(&pref_freq_list[i],
+ true))) {
wpa_printf(MSG_DEBUG,
"P2P: preferred_freq_list[%d]=%d is disallowed",
- i, pref_freq_list[i]);
+ i, pref_freq_list[i].freq);
i++;
}
if (i != size) {
- freq = pref_freq_list[i];
+ freq = pref_freq_list[i].freq;
wpa_printf(MSG_DEBUG,
"P2P: Using preferred_freq_list[%d]=%d",
i, freq);
@@ -6740,8 +6748,8 @@
if (!is_6ghz &&
ieee80211_freq_to_channel_ext(
- cand, -1, CHANWIDTH_USE_HT, &op_class,
- &chan) != NUM_HOSTAPD_MODES &&
+ cand, -1, CONF_OPER_CHWIDTH_USE_HT,
+ &op_class, &chan) != NUM_HOSTAPD_MODES &&
wpas_p2p_verify_channel(
wpa_s, hwmode, op_class, chan,
BW40MINUS) == ALLOWED)
@@ -6749,8 +6757,8 @@
if (!supported && !is_6ghz &&
ieee80211_freq_to_channel_ext(
- cand, 1, CHANWIDTH_USE_HT, &op_class,
- &chan) != NUM_HOSTAPD_MODES &&
+ cand, 1, CONF_OPER_CHWIDTH_USE_HT,
+ &op_class, &chan) != NUM_HOSTAPD_MODES &&
wpas_p2p_verify_channel(
wpa_s, hwmode, op_class, chan,
BW40PLUS) == ALLOWED)
@@ -7636,7 +7644,8 @@
int force_freq = 0;
int res;
int no_pref_freq_given = pref_freq == 0;
- unsigned int pref_freq_list[P2P_MAX_PREF_CHANNELS], size;
+ struct weighted_pcl pref_freq_list[P2P_MAX_PREF_CHANNELS];
+ unsigned int size;
if (wpas_p2p_check_6ghz(wpa_s, NULL, allow_6ghz, freq))
return -1;
@@ -7725,7 +7734,8 @@
int persistent;
int freq = 0, force_freq = 0, pref_freq = 0;
int res;
- unsigned int pref_freq_list[P2P_MAX_PREF_CHANNELS], size;
+ struct weighted_pcl pref_freq_list[P2P_MAX_PREF_CHANNELS];
+ unsigned int size;
wpa_s->p2p_persistent_go_freq = 0;
wpa_s->p2p_go_ht40 = 0;
@@ -9781,13 +9791,15 @@
csa_settings.freq_params.center_freq2 = freq2;
switch (conf->vht_oper_chwidth) {
- case CHANWIDTH_80MHZ:
- case CHANWIDTH_80P80MHZ:
+ case CONF_OPER_CHWIDTH_80MHZ:
+ case CONF_OPER_CHWIDTH_80P80MHZ:
csa_settings.freq_params.bandwidth = 80;
break;
- case CHANWIDTH_160MHZ:
+ case CONF_OPER_CHWIDTH_160MHZ:
csa_settings.freq_params.bandwidth = 160;
break;
+ default:
+ break;
}
}
diff --git a/wpa_supplicant/robust_av.c b/wpa_supplicant/robust_av.c
index 6110797..f269fb6 100644
--- a/wpa_supplicant/robust_av.c
+++ b/wpa_supplicant/robust_av.c
@@ -1294,11 +1294,17 @@
attr = qos_ie + 6;
rem_attrs_len = qos_ie[1] - 4;
- while (rem_attrs_len > 2 && rem_attrs_len >= 2 + attr[1]) {
- wpas_fill_dscp_policy(&policy, attr[0], attr[1],
- &attr[2]);
- rem_attrs_len -= 2 + attr[1];
- attr += 2 + attr[1];
+ while (rem_attrs_len > 2) {
+ u8 attr_id, attr_len;
+
+ attr_id = *attr++;
+ attr_len = *attr++;
+ rem_attrs_len -= 2;
+ if (attr_len > rem_attrs_len)
+ break;
+ wpas_fill_dscp_policy(&policy, attr_id, attr_len, attr);
+ rem_attrs_len -= attr_len;
+ attr += attr_len;
}
rem_len -= ie_len;
diff --git a/wpa_supplicant/rrm.c b/wpa_supplicant/rrm.c
index 4457b6c..238fe68 100644
--- a/wpa_supplicant/rrm.c
+++ b/wpa_supplicant/rrm.c
@@ -731,24 +731,24 @@
vht_oper = (struct ieee80211_vht_operation *) (ie + 2);
switch (vht_oper->vht_op_info_chwidth) {
- case 1:
+ case CHANWIDTH_80MHZ:
seg0 = vht_oper->vht_op_info_chan_center_freq_seg0_idx;
seg1 = vht_oper->vht_op_info_chan_center_freq_seg1_idx;
if (seg1 && abs(seg1 - seg0) == 8)
- vht = CHANWIDTH_160MHZ;
+ vht = CONF_OPER_CHWIDTH_160MHZ;
else if (seg1)
- vht = CHANWIDTH_80P80MHZ;
+ vht = CONF_OPER_CHWIDTH_80P80MHZ;
else
- vht = CHANWIDTH_80MHZ;
+ vht = CONF_OPER_CHWIDTH_80MHZ;
break;
- case 2:
- vht = CHANWIDTH_160MHZ;
+ case CHANWIDTH_160MHZ:
+ vht = CONF_OPER_CHWIDTH_160MHZ;
break;
- case 3:
- vht = CHANWIDTH_80P80MHZ;
+ case CHANWIDTH_80P80MHZ:
+ vht = CONF_OPER_CHWIDTH_80P80MHZ;
break;
default:
- vht = CHANWIDTH_USE_HT;
+ vht = CONF_OPER_CHWIDTH_USE_HT;
break;
}
}
diff --git a/wpa_supplicant/scan.c b/wpa_supplicant/scan.c
index a683eac..0e0937e 100644
--- a/wpa_supplicant/scan.c
+++ b/wpa_supplicant/scan.c
@@ -1341,6 +1341,12 @@
}
}
+ if (wpa_s->last_scan_req == MANUAL_SCAN_REQ &&
+ wpa_s->manual_non_coloc_6ghz) {
+ wpa_dbg(wpa_s, MSG_DEBUG, "Collocated 6 GHz logic is disabled");
+ params.non_coloc_6ghz = 1;
+ }
+
scan_params = ¶ms;
scan:
@@ -2915,6 +2921,7 @@
params->relative_adjust_band = src->relative_adjust_band;
params->relative_adjust_rssi = src->relative_adjust_rssi;
params->p2p_include_6ghz = src->p2p_include_6ghz;
+ params->non_coloc_6ghz = src->non_coloc_6ghz;
return params;
failed:
diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index cc55fa6..80cb6bb 100644
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -1297,21 +1297,24 @@
token_len = len - sizeof(le16);
h2e = wpa_s->sme.sae.h2e;
if (h2e) {
+ u8 id, elen, extid;
+
if (token_len < 3) {
wpa_dbg(wpa_s, MSG_DEBUG,
"SME: Too short SAE anti-clogging token container");
return -1;
}
- if (token_pos[0] != WLAN_EID_EXTENSION ||
- token_pos[1] == 0 ||
- token_pos[1] > token_len - 2 ||
- token_pos[2] != WLAN_EID_EXT_ANTI_CLOGGING_TOKEN) {
+ id = *token_pos++;
+ elen = *token_pos++;
+ extid = *token_pos++;
+ if (id != WLAN_EID_EXTENSION ||
+ elen == 0 || elen > token_len - 2 ||
+ extid != WLAN_EID_EXT_ANTI_CLOGGING_TOKEN) {
wpa_dbg(wpa_s, MSG_DEBUG,
"SME: Invalid SAE anti-clogging token container header");
return -1;
}
- token_len = token_pos[1] - 1;
- token_pos += 3;
+ token_len = elen - 1;
}
wpa_s->sme.sae_token = wpabuf_alloc_copy(token_pos, token_len);
wpa_hexdump_buf(MSG_DEBUG, "SME: Requested anti-clogging token",
diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c
index 4c7e6dc..5393f1c 100644
--- a/wpa_supplicant/wnm_sta.c
+++ b/wpa_supplicant/wnm_sta.c
@@ -921,7 +921,8 @@
{
const u8 *ie;
u8 op_class, chan;
- int sec_chan = 0, vht = 0;
+ int sec_chan = 0;
+ enum oper_chan_width vht = CONF_OPER_CHWIDTH_USE_HT;
enum phy_type phy_type;
u32 info;
struct ieee80211_ht_operation *ht_oper = NULL;
@@ -1457,15 +1458,22 @@
if (wpa_s->wnm_mode & WNM_BSS_TM_REQ_ESS_DISASSOC_IMMINENT) {
char url[256];
+ u8 url_len;
- if (end - pos < 1 || 1 + pos[0] > end - pos) {
+ if (end - pos < 1) {
wpa_printf(MSG_DEBUG, "WNM: Invalid BSS Transition "
"Management Request (URL)");
return;
}
- os_memcpy(url, pos + 1, pos[0]);
- url[pos[0]] = '\0';
- pos += 1 + pos[0];
+ url_len = *pos++;
+ if (url_len > end - pos) {
+ wpa_printf(MSG_DEBUG,
+ "WNM: Invalid BSS Transition Management Request (URL truncated)");
+ return;
+ }
+ os_memcpy(url, pos, url_len);
+ url[url_len] = '\0';
+ pos += url_len;
wpa_msg(wpa_s, MSG_INFO, ESS_DISASSOC_IMMINENT "%d %u %s",
wpa_sm_pmf_enabled(wpa_s->wpa),
diff --git a/wpa_supplicant/wpa_priv.c b/wpa_supplicant/wpa_priv.c
index c5d7168..ff1fb67 100644
--- a/wpa_supplicant/wpa_priv.c
+++ b/wpa_supplicant/wpa_priv.c
@@ -1134,7 +1134,8 @@
void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
- const u8 *buf, size_t len)
+ const u8 *buf, size_t len,
+ enum frame_encryption encrypted)
{
struct wpa_priv_interface *iface = ctx;
struct msghdr msg;
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 24c8818..8ee8ca6 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -17,6 +17,7 @@
#endif /* CONFIG_MATCH_IFACE */
#include "common.h"
+#include "crypto/crypto.h"
#include "crypto/random.h"
#include "crypto/sha1.h"
#include "eapol_supp/eapol_supp_sm.h"
@@ -2708,7 +2709,7 @@
if (!ibss_mesh_is_80mhz_avail(channel, mode))
return;
- chwidth = CHANWIDTH_80MHZ;
+ chwidth = CONF_OPER_CHWIDTH_80MHZ;
seg0 = channel + 6;
seg1 = 0;
@@ -2724,14 +2725,14 @@
for (j = 0; j < ARRAY_SIZE(bw160); j++) {
if (freq->freq == bw160[j]) {
- chwidth = CHANWIDTH_160MHZ;
+ chwidth = CONF_OPER_CHWIDTH_160MHZ;
seg0 = channel + 14;
break;
}
}
}
- if (ssid->max_oper_chwidth == CHANWIDTH_80P80MHZ) {
+ if (ssid->max_oper_chwidth == CONF_OPER_CHWIDTH_80P80MHZ) {
/* setup center_freq2, bandwidth */
for (k = 0; k < ARRAY_SIZE(bw80); k++) {
/* Only accept 80 MHz segments separated by a gap */
@@ -2755,28 +2756,28 @@
continue;
/* Found a suitable second segment for 80+80 */
- chwidth = CHANWIDTH_80P80MHZ;
+ chwidth = CONF_OPER_CHWIDTH_80P80MHZ;
if (!is_6ghz)
vht_caps |=
VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ;
seg1 = channel + 6;
}
- if (chwidth == CHANWIDTH_80P80MHZ)
+ if (chwidth == CONF_OPER_CHWIDTH_80P80MHZ)
break;
}
- } else if (ssid->max_oper_chwidth == CHANWIDTH_160MHZ) {
+ } else if (ssid->max_oper_chwidth == CONF_OPER_CHWIDTH_160MHZ) {
if (freq->freq == 5180) {
- chwidth = CHANWIDTH_160MHZ;
+ chwidth = CONF_OPER_CHWIDTH_160MHZ;
vht_caps |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
seg0 = 50;
} else if (freq->freq == 5520) {
- chwidth = CHANWIDTH_160MHZ;
+ chwidth = CONF_OPER_CHWIDTH_160MHZ;
vht_caps |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
seg0 = 114;
}
- } else if (ssid->max_oper_chwidth == CHANWIDTH_USE_HT) {
- chwidth = CHANWIDTH_USE_HT;
+ } else if (ssid->max_oper_chwidth == CONF_OPER_CHWIDTH_USE_HT) {
+ chwidth = CONF_OPER_CHWIDTH_USE_HT;
seg0 = channel + 2;
#ifdef CONFIG_HT_OVERRIDES
if (ssid->disable_ht40)
@@ -3797,6 +3798,11 @@
wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
}
+ /* Set current_ssid before changing state to ASSOCIATING, so that the
+ * selected SSID is available to wpas_notify_state_changed(). */
+ old_ssid = wpa_s->current_ssid;
+ wpa_s->current_ssid = ssid;
+
wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
if (bss) {
params.ssid = bss->ssid;
@@ -4042,7 +4048,7 @@
#endif /* CONFIG_P2P */
if (wpa_s->reassoc_same_ess && !is_zero_ether_addr(prev_bssid) &&
- wpa_s->current_ssid)
+ old_ssid)
params.prev_bssid = prev_bssid;
#ifdef CONFIG_SAE
@@ -4112,15 +4118,13 @@
}
#endif /* CONFIG_WEP */
- if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
+ if (old_ssid && old_ssid != ssid) {
/*
* Do not allow EAP session resumption between different
* network configurations.
*/
eapol_sm_invalidate_cached_session(wpa_s->eapol);
}
- old_ssid = wpa_s->current_ssid;
- wpa_s->current_ssid = ssid;
if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set) {
wpa_s->current_bss = bss;
@@ -5031,6 +5035,7 @@
* @src_addr: Source address of the EAPOL frame
* @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
* @len: Length of the EAPOL data
+ * @encrypted: Whether the frame was encrypted
*
* This function is called for each received EAPOL frame. Most driver
* interfaces rely on more generic OS mechanism for receiving frames through
@@ -5039,11 +5044,13 @@
* code by calling this function.
*/
void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
- const u8 *buf, size_t len)
+ const u8 *buf, size_t len,
+ enum frame_encryption encrypted)
{
struct wpa_supplicant *wpa_s = ctx;
- wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
+ wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " (encrypted=%d)",
+ MAC2STR(src_addr), encrypted);
wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
if (wpa_s->own_disconnect_req) {
@@ -5089,6 +5096,7 @@
os_get_reltime(&wpa_s->pending_eapol_rx_time);
os_memcpy(wpa_s->pending_eapol_rx_src, src_addr,
ETH_ALEN);
+ wpa_s->pending_eapol_encrypted = encrypted;
}
return;
}
@@ -5098,7 +5106,8 @@
#ifdef CONFIG_AP
if (wpa_s->ap_iface) {
- wpa_supplicant_ap_rx_eapol(wpa_s, src_addr, buf, len);
+ wpa_supplicant_ap_rx_eapol(wpa_s, src_addr, buf, len,
+ encrypted);
return;
}
#endif /* CONFIG_AP */
@@ -5158,7 +5167,8 @@
#ifdef CONFIG_IBSS_RSN
if (wpa_s->current_ssid &&
wpa_s->current_ssid->mode == WPAS_MODE_IBSS) {
- ibss_rsn_rx_eapol(wpa_s->ibss_rsn, src_addr, buf, len);
+ ibss_rsn_rx_eapol(wpa_s->ibss_rsn, src_addr, buf, len,
+ encrypted);
return;
}
#endif /* CONFIG_IBSS_RSN */
@@ -5173,11 +5183,12 @@
if (!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) &&
wpa_s->key_mgmt != WPA_KEY_MGMT_OWE &&
wpa_s->key_mgmt != WPA_KEY_MGMT_DPP &&
- eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
+ eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len,
+ encrypted) > 0)
return;
wpa_drv_poll(wpa_s);
if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK))
- wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
+ wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len, encrypted);
else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
/*
* Set portValid = true here since we are going to skip 4-way
@@ -5190,6 +5201,14 @@
}
+static void wpa_supplicant_rx_eapol_cb(void *ctx, const u8 *src_addr,
+ const u8 *buf, size_t len)
+{
+ wpa_supplicant_rx_eapol(ctx, src_addr, buf, len,
+ FRAME_ENCRYPTION_UNKNOWN);
+}
+
+
static int wpas_eapol_needs_l2_packet(struct wpa_supplicant *wpa_s)
{
return !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_CONTROL_PORT) ||
@@ -5207,7 +5226,7 @@
wpa_drv_get_mac_addr(wpa_s),
ETH_P_EAPOL,
wpas_eapol_needs_l2_packet(wpa_s) ?
- wpa_supplicant_rx_eapol : NULL,
+ wpa_supplicant_rx_eapol_cb : NULL,
wpa_s, 0);
if (wpa_s->l2 == NULL)
return -1;
@@ -5261,7 +5280,7 @@
wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
" (bridge)", MAC2STR(src_addr), MAC2STR(eth->h_dest));
wpa_supplicant_rx_eapol(wpa_s, src_addr, buf + sizeof(*eth),
- len - sizeof(*eth));
+ len - sizeof(*eth), FRAME_ENCRYPTION_UNKNOWN);
}
@@ -5987,6 +6006,7 @@
void fst_wpa_supplicant_fill_iface_obj(struct wpa_supplicant *wpa_s,
struct fst_wpa_obj *iface_obj)
{
+ os_memset(iface_obj, 0, sizeof(*iface_obj));
iface_obj->ctx = wpa_s;
iface_obj->get_bssid = wpas_fst_get_bssid_cb;
iface_obj->get_channel_info = wpas_fst_get_channel_info_cb;
@@ -8063,6 +8083,24 @@
!ssid->mem_only_psk)
return 1;
+#ifdef CRYPTO_RSA_OAEP_SHA256
+ if (ssid->eap.imsi_privacy_cert) {
+ struct crypto_rsa_key *key;
+ bool failed = false;
+
+ key = crypto_rsa_key_read(ssid->eap.imsi_privacy_cert, false);
+ if (!key)
+ failed = true;
+ crypto_rsa_key_free(key);
+ if (failed) {
+ wpa_printf(MSG_DEBUG,
+ "Invalid imsi_privacy_cert (%s) - disable network",
+ ssid->eap.imsi_privacy_cert);
+ return 1;
+ }
+ }
+#endif /* CRYPTO_RSA_OAEP_SHA256 */
+
return 0;
}
diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h
index 3adb819..9daf908 100644
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -902,6 +902,7 @@
unsigned int own_scan_requested:1;
unsigned int own_scan_running:1;
unsigned int clear_driver_scan_cache:1;
+ unsigned int manual_non_coloc_6ghz:1;
unsigned int manual_scan_id;
int scan_interval; /* time in sec between scans to find suitable AP */
int normal_scans; /* normal scans run before sched_scan */
@@ -966,6 +967,7 @@
struct wpabuf *pending_eapol_rx;
struct os_reltime pending_eapol_rx_time;
u8 pending_eapol_rx_src[ETH_ALEN];
+ enum frame_encryption pending_eapol_encrypted;
unsigned int last_eapol_matches_bssid:1;
unsigned int eapol_failed:1;
unsigned int eap_expected_failure:1;
@@ -1522,6 +1524,7 @@
char *dpp_discovery_override;
char *dpp_groups_override;
unsigned int dpp_ignore_netaccesskey_mismatch:1;
+ unsigned int dpp_discard_public_action:1;
#endif /* CONFIG_TESTING_OPTIONS */
#endif /* CONFIG_DPP */
@@ -1653,7 +1656,8 @@
struct wpa_ssid *ssid);
void wpa_supplicant_terminate_proc(struct wpa_global *global);
void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
- const u8 *buf, size_t len);
+ const u8 *buf, size_t len,
+ enum frame_encryption encrypted);
void wpa_supplicant_update_config(struct wpa_supplicant *wpa_s);
void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s);
void wpas_connection_failed(struct wpa_supplicant *wpa_s, const u8 *bssid);
@@ -1890,7 +1894,7 @@
int wpas_ctrl_iface_get_pref_freq_list_override(struct wpa_supplicant *wpa_s,
enum wpa_driver_if_type if_type,
unsigned int *num,
- unsigned int *freq_list);
+ struct weighted_pcl *freq_list);
int wpa_is_fils_supported(struct wpa_supplicant *wpa_s);
int wpa_is_fils_sk_pfs_supported(struct wpa_supplicant *wpa_s);
diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c
index c2bd45f..8a0fe8d 100644
--- a/wpa_supplicant/wpas_glue.c
+++ b/wpa_supplicant/wpas_glue.c
@@ -1183,6 +1183,16 @@
wpas_notify_open_ssl_failure(wpa_s, reason_string);
}
+
+static bool wpas_encryption_required(void *ctx)
+{
+ struct wpa_supplicant *wpa_s = ctx;
+
+ return wpa_s->wpa &&
+ wpa_sm_has_ptk_installed(wpa_s->wpa) &&
+ wpa_sm_pmf_enabled(wpa_s->wpa);
+}
+
#endif /* IEEE8021X_EAPOL */
@@ -1231,6 +1241,7 @@
ctx->set_anon_id = wpa_supplicant_set_anon_id;
ctx->eap_method_selected_cb = wpa_supplicant_eap_method_selected_cb;
ctx->open_ssl_failure_cb = wpa_supplicant_open_ssl_failure_cb;
+ ctx->encryption_required = wpas_encryption_required;
ctx->cb_ctx = wpa_s;
wpa_s->eapol = eapol_sm_init(ctx);
if (wpa_s->eapol == NULL) {