Cumulative patch from commit 077232f603dbbef3ac06b33cc793d346be8c5af8
077232f60 OCE: Add OCE capability attribute only when associating to an OCE AP
2ac433340 OCE: Send scan parameters when OCE_STA functionality is enabled
d6801b054 nl80211: Support OCE features (driver capability and scan params)
938dd97a8 driver: Add OCE scan parameters
830eacf9d Sync with mac80211-next.git include/uapi/linux/nl80211.h
2543b19e4 random: Remove write-only variable random_entropy_file_read
b5ebe5dd5 hostapd: Send an event before throwing a station on re-authentication
57151ae98 atheros: Fix atheros_send_mgmt() dependency on CONFIG_FILS
410e2dd1d OWE: Fix build error in AP code without CONFIG_IEEE80211W=y
560e30bf3 Parse sae_password option when CONFIG_SAE is enabled
b898b6558 nl80211: Do not ignore disconnect event in case of !drv->associated
20f612d99 DPP: Set group id through DPP_AUTH_INIT or dpp_configurator_params
495aebd39 Add new QCA vendor command and attributes to enhance NAN
28c7f77a8 Correct the documentation of NAN vendor command
b3f24b06e mka: Fix confidentiality offset issue in macsec_qca driver interface
bed30e8d3 mka: Fix sci port mask issue in macsec_qca driver interface
1bac151ea Change the ADDBA buffer size attribute type to U16 from U8
d35003e50 Vendor attribute to get max blacklist BSSIDs capability
8bfbb295d nl80211: Fix sending of WDS STA event to the correct BSS context
af835d75b FILS: Fix FILS connect failures after ERP key invalidation
1ff860577 mka: Support GCM-AES-256
47abe29aa hostapd: SET ht_capab support for disabling 40 MHz bandwidth
567df5501 Re-configure WEP keys on hostapd interface re-enable
1e1245bc8 Fix QoS Mapping ext capab bit setting
373c79694 OpenSSL: Fix compile with OpenSSL 1.1.0 and deprecated APIs
c6e1a9a0b Clarify the TODO comment regarding PMKID KDE in EAPOL-Key msg 1/4
3e34cfdff WPA: Ignore unauthenticated encrypted EAPOL-Key data
c06cd3e0a HS 2.0: Fix hs20-osu-client handling of HomeSP/HomeOIList/<X+>/HomeOI
ecec4878b Provide more details of WPA3 modes in wpa_supplicant.conf
e7d73c378 Provide more details of WPA3 modes in hostapd.conf
cbdf5a49c Define test config vendor attribute to override MU EDCA
Bug: 113905758
Test: Device boots up and connects to wifi networks.
Test: Able to turn on/off softap.
Test: Regression test passed (Bug: 114246387)
Change-Id: I81d5922c7af382322cc78a5a2dc51a2aec9ff234
diff --git a/src/ap/dpp_hostapd.c b/src/ap/dpp_hostapd.c
index 4d2b71a..4ec044e 100644
--- a/src/ap/dpp_hostapd.c
+++ b/src/ap/dpp_hostapd.c
@@ -518,6 +518,7 @@
size_t pass_len = 0;
u8 psk[PMK_LEN];
int psk_set = 0;
+ char *group_id = NULL;
if (!cmd)
return;
@@ -553,6 +554,20 @@
psk_set = 1;
}
+ pos = os_strstr(cmd, " group_id=");
+ if (pos) {
+ size_t group_id_len;
+
+ pos += 10;
+ end = os_strchr(pos, ' ');
+ group_id_len = end ? (size_t) (end - pos) : os_strlen(pos);
+ group_id = os_malloc(group_id_len + 1);
+ if (!group_id)
+ goto fail;
+ os_memcpy(group_id, pos, group_id_len);
+ group_id[group_id_len] = '\0';
+ }
+
if (os_strstr(cmd, " conf=sta-")) {
conf_sta = os_zalloc(sizeof(struct dpp_configuration));
if (!conf_sta)
@@ -580,6 +595,10 @@
} else {
goto fail;
}
+ if (os_strstr(cmd, " group_id=")) {
+ conf_sta->group_id = group_id;
+ group_id = NULL;
+ }
}
if (os_strstr(cmd, " conf=ap-")) {
@@ -609,6 +628,10 @@
} else {
goto fail;
}
+ if (os_strstr(cmd, " group_id=")) {
+ conf_ap->group_id = group_id;
+ group_id = NULL;
+ }
}
pos = os_strstr(cmd, " expiry=");
@@ -639,12 +662,14 @@
auth->conf_sta = conf_sta;
auth->conf_ap = conf_ap;
auth->conf = conf;
+ os_free(group_id);
return;
fail:
wpa_printf(MSG_DEBUG, "DPP: Failed to set configurator parameters");
dpp_configuration_free(conf_sta);
dpp_configuration_free(conf_ap);
+ os_free(group_id);
}
diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
index 3994278..98a2eec 100644
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -109,10 +109,10 @@
struct ieee802_11_elems elems;
const u8 *ie;
size_t ielen;
-#if defined(CONFIG_IEEE80211R_AP) || defined(CONFIG_IEEE80211W) || defined(CONFIG_FILS)
+#if defined(CONFIG_IEEE80211R_AP) || defined(CONFIG_IEEE80211W) || defined(CONFIG_FILS) || defined(CONFIG_OWE)
u8 buf[sizeof(struct ieee80211_mgmt) + 1024];
u8 *p = buf;
-#endif /* CONFIG_IEEE80211R_AP || CONFIG_IEEE80211W || CONFIG_FILS */
+#endif /* CONFIG_IEEE80211R_AP || CONFIG_IEEE80211W || CONFIG_FILS || CONFIG_OWE */
u16 reason = WLAN_REASON_UNSPECIFIED;
u16 status = WLAN_STATUS_SUCCESS;
const u8 *p2p_dev_addr = NULL;
@@ -1711,7 +1711,10 @@
* Try to re-enable interface if the driver stopped it
* when the interface got disabled.
*/
- wpa_auth_reconfig_group_keys(hapd->wpa_auth);
+ if (hapd->wpa_auth)
+ wpa_auth_reconfig_group_keys(hapd->wpa_auth);
+ else
+ hostapd_reconfig_encryption(hapd);
hapd->reenable_beacon = 1;
ieee802_11_set_beacon(hapd);
}
diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c
index f095586..23d2720 100644
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -78,6 +78,16 @@
}
+void hostapd_reconfig_encryption(struct hostapd_data *hapd)
+{
+ if (hapd->wpa_auth)
+ return;
+
+ hostapd_set_privacy(hapd, 0);
+ hostapd_setup_encryption(hapd->conf->iface, hapd);
+}
+
+
static void hostapd_reload_bss(struct hostapd_data *hapd)
{
struct hostapd_ssid *ssid;
diff --git a/src/ap/hostapd.h b/src/ap/hostapd.h
index 6c41726..28b3a1c 100644
--- a/src/ap/hostapd.h
+++ b/src/ap/hostapd.h
@@ -539,6 +539,7 @@
int (*cb)(struct hostapd_iface *iface,
void *ctx), void *ctx);
int hostapd_reload_config(struct hostapd_iface *iface);
+void hostapd_reconfig_encryption(struct hostapd_data *hapd);
struct hostapd_data *
hostapd_alloc_bss_data(struct hostapd_iface *hapd_iface,
struct hostapd_config *conf,
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index d7e7210..d8b34fa 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -2014,6 +2014,7 @@
* updated. To handle this, station's added_unassoc flag is
* cleared once the station has completed association.
*/
+ ap_sta_set_authorized(hapd, sta, 0);
hostapd_drv_sta_remove(hapd, sta->addr);
sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_AUTH |
WLAN_STA_AUTHORIZED);
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 126d98c..34969e7 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -2026,8 +2026,18 @@
wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
"sending 1/4 msg of 4-Way Handshake");
/*
- * TODO: Could add PMKID even with WPA2-PSK, but only if there is only
- * one possible PSK for this STA.
+ * For infrastructure BSS cases, it is better for the AP not to include
+ * the PMKID KDE in EAPOL-Key msg 1/4 since it could be used to initiate
+ * offline search for the passphrase/PSK without having to be able to
+ * capture a 4-way handshake from a STA that has access to the network.
+ *
+ * For IBSS cases, addition of PMKID KDE could be considered even with
+ * WPA2-PSK cases that use multiple PSKs, but only if there is a single
+ * possible PSK for this STA. However, this should not be done unless
+ * there is support for using that information on the supplicant side.
+ * The concern about exposing PMKID unnecessarily in infrastructure BSS
+ * cases would also apply here, but at least in the IBSS case, this
+ * would cover a potential real use case.
*/
if (sm->wpa == WPA_VERSION_WPA2 &&
(wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) ||