From 40c7ff83e74eabba5a7e2caefeea12372b2d3f9a Mon Sep 17 00:00:00 2001 From: Cy Schubert Date: Thu, 3 Jun 2021 09:15:01 -0700 Subject: wpa: Import wpa_supplicant/hostapd commit e8662e9d4 This is the June update to vendor/wpa committed upstream 2021/06/03. --- hostapd/Android.mk | 4 + hostapd/config_file.c | 2 + hostapd/ctrl_iface.c | 68 ++++ hostapd/hostapd.conf | 10 + src/ap/acs.c | 52 ++- src/ap/ap_config.c | 1 + src/ap/ap_config.h | 1 + src/ap/beacon.c | 5 + src/ap/dpp_hostapd.c | 9 +- src/ap/hostapd.c | 21 ++ src/ap/hw_features.c | 10 +- src/ap/ieee802_11_he.c | 24 +- src/ap/ieee802_11_vht.c | 2 +- src/ap/pmksa_cache_auth.c | 3 +- src/ap/wpa_auth.c | 32 +- src/ap/wpa_auth.h | 5 + src/ap/wpa_auth_glue.c | 6 +- src/common/dpp.h | 3 +- src/common/dpp_tcp.c | 40 ++- src/common/ieee802_11_defs.h | 2 +- src/common/qca-vendor.h | 365 ++++++++++++++++++++- src/drivers/driver.h | 1 + src/drivers/driver_nl80211.c | 43 ++- src/drivers/nl80211_copy.h | 22 ++ src/rsn_supp/pmksa_cache.c | 3 +- src/rsn_supp/tdls.c | 2 + tests/fuzzing/eap-aka-peer/eap-aka-peer.c | 4 +- tests/fuzzing/eap-sim-peer/eap-sim-peer.c | 4 +- tests/hwsim/auth_serv/index.txt | 2 +- tests/hwsim/auth_serv/ocsp-multi-server-cache.der | Bin 493 -> 493 bytes tests/hwsim/auth_serv/ocsp-req.der | Bin 76 -> 76 bytes tests/hwsim/auth_serv/ocsp-responder.pem | 52 +-- tests/hwsim/auth_serv/ocsp-server-cache.der | Bin 490 -> 490 bytes tests/hwsim/auth_serv/server-certpol.pem | 54 +-- tests/hwsim/auth_serv/server-certpol2.pem | 54 +-- tests/hwsim/auth_serv/server-eku-client-server.pem | 52 +-- tests/hwsim/auth_serv/server-eku-client.pem | 54 +-- tests/hwsim/auth_serv/server-expired.pem | 48 +-- tests/hwsim/auth_serv/server-extra.pkcs12 | Bin 3418 -> 3562 bytes tests/hwsim/auth_serv/server-long-duration.pem | 52 +-- tests/hwsim/auth_serv/server-no-dnsname.pem | 54 +-- tests/hwsim/auth_serv/server.pem | 52 +-- tests/hwsim/auth_serv/server.pkcs12 | Bin 2549 -> 2549 bytes tests/hwsim/auth_serv/user.pem | 54 +-- tests/hwsim/auth_serv/user.pkcs12 | Bin 2517 -> 2517 bytes tests/hwsim/auth_serv/user2.pkcs12 | Bin 3558 -> 3558 bytes tests/hwsim/auth_serv/user3.pkcs12 | Bin 3524 -> 3524 bytes tests/hwsim/test_ap_eap.py | 4 +- tests/hwsim/test_ap_psk.py | 20 ++ tests/hwsim/test_ap_vht.py | 5 + tests/hwsim/test_dpp.py | 59 ++++ tests/hwsim/test_eap_proto.py | 2 +- tests/hwsim/test_fils.py | 49 +++ tests/hwsim/test_hapd_ctrl.py | 6 + tests/hwsim/test_he.py | 35 +- tests/hwsim/test_owe.py | 25 ++ tests/hwsim/test_sae.py | 55 ++++ wlantest/ccmp.c | 2 +- wlantest/gcmp.c | 2 +- wlantest/rx_data.c | 49 ++- wlantest/test_vectors.c | 2 +- wlantest/tkip.c | 76 ++++- wlantest/wlantest.c | 2 + wlantest/wlantest.h | 18 +- wpa_supplicant/ctrl_iface.c | 43 +++ wpa_supplicant/dpp_supplicant.c | 3 +- wpa_supplicant/events.c | 2 +- wpa_supplicant/scan.c | 219 ++++++++++++- wpa_supplicant/scan.h | 6 +- wpa_supplicant/wpa_supplicant.c | 42 ++- wpa_supplicant/wpa_supplicant_i.h | 2 + wpa_supplicant/wpas_glue.c | 4 +- wpa_supplicant/wpas_glue.h | 2 + 73 files changed, 1618 insertions(+), 388 deletions(-) diff --git a/hostapd/Android.mk b/hostapd/Android.mk index b3af96886996..dd8aa2450d7e 100644 --- a/hostapd/Android.mk +++ b/hostapd/Android.mk @@ -34,6 +34,10 @@ ifeq ($(BOARD_HOSTAPD_PRIVATE_LIB),) L_CFLAGS += -DANDROID_LIB_STUB endif +ifneq ($(BOARD_HOSTAPD_PRIVATE_LIB_EVENT),) +L_CFLAGS += -DANDROID_LIB_EVENT +endif + # Use Android specific directory for control interface sockets L_CFLAGS += -DCONFIG_CTRL_IFACE_CLIENT_DIR=\"/data/misc/wifi/sockets\" L_CFLAGS += -DCONFIG_CTRL_IFACE_DIR=\"/data/system/hostapd\" diff --git a/hostapd/config_file.c b/hostapd/config_file.c index e05c81366d9b..9bc1dc7756e9 100644 --- a/hostapd/config_file.c +++ b/hostapd/config_file.c @@ -3511,6 +3511,8 @@ static int hostapd_config_fill(struct hostapd_config *conf, conf->he_op.he_default_pe_duration = atoi(pos); } else if (os_strcmp(buf, "he_twt_required") == 0) { conf->he_op.he_twt_required = atoi(pos); + } else if (os_strcmp(buf, "he_twt_responder") == 0) { + conf->he_op.he_twt_responder = atoi(pos); } else if (os_strcmp(buf, "he_rts_threshold") == 0) { conf->he_op.he_rts_threshold = atoi(pos); } else if (os_strcmp(buf, "he_basic_mcs_nss_set") == 0) { diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c index b39f40252f29..4a2d60627070 100644 --- a/hostapd/ctrl_iface.c +++ b/hostapd/ctrl_iface.c @@ -1946,6 +1946,52 @@ static int hostapd_ctrl_iface_eapol_rx(struct hostapd_data *hapd, char *cmd) } +static int hostapd_ctrl_iface_eapol_tx(struct hostapd_data *hapd, char *cmd) +{ + char *pos, *pos2; + u8 dst[ETH_ALEN], *buf; + int used, ret; + size_t len; + unsigned int prev; + int encrypt = 0; + + wpa_printf(MSG_DEBUG, "External EAPOL TX: %s", cmd); + + pos = cmd; + used = hwaddr_aton2(pos, dst); + if (used < 0) + return -1; + pos += used; + while (*pos == ' ') + pos++; + + pos2 = os_strchr(pos, ' '); + if (pos2) { + len = pos2 - pos; + encrypt = os_strstr(pos2, "encrypt=1") != NULL; + } else { + len = os_strlen(pos); + } + if (len & 1) + return -1; + len /= 2; + + buf = os_malloc(len); + if (!buf || hexstr2bin(pos, buf, len) < 0) { + os_free(buf); + return -1; + } + + prev = hapd->ext_eapol_frame_io; + hapd->ext_eapol_frame_io = 0; + ret = hostapd_wpa_auth_send_eapol(hapd, dst, buf, len, encrypt); + hapd->ext_eapol_frame_io = prev; + os_free(buf); + + return ret; +} + + static u16 ipv4_hdr_checksum(const void *buf, size_t len) { size_t i; @@ -2524,6 +2570,22 @@ static int hostapd_ctrl_resend_group_m1(struct hostapd_data *hapd, } +static int hostapd_ctrl_rekey_ptk(struct hostapd_data *hapd, const char *cmd) +{ + struct sta_info *sta; + u8 addr[ETH_ALEN]; + + if (hwaddr_aton(cmd, addr)) + return -1; + + sta = ap_get_sta(hapd, addr); + if (!sta || !sta->wpa_sm) + return -1; + + return wpa_auth_rekey_ptk(hapd->wpa_auth, sta->wpa_sm); +} + + static int hostapd_ctrl_get_pmksa_pmk(struct hostapd_data *hapd, const u8 *addr, char *buf, size_t buflen) { @@ -3635,6 +3697,9 @@ static int hostapd_ctrl_iface_receive_process(struct hostapd_data *hapd, } else if (os_strncmp(buf, "EAPOL_RX ", 9) == 0) { if (hostapd_ctrl_iface_eapol_rx(hapd, buf + 9) < 0) reply_len = -1; + } else if (os_strncmp(buf, "EAPOL_TX ", 9) == 0) { + if (hostapd_ctrl_iface_eapol_tx(hapd, buf + 9) < 0) + reply_len = -1; } else if (os_strncmp(buf, "DATA_TEST_CONFIG ", 17) == 0) { if (hostapd_ctrl_iface_data_test_config(hapd, buf + 17) < 0) reply_len = -1; @@ -3670,6 +3735,9 @@ static int hostapd_ctrl_iface_receive_process(struct hostapd_data *hapd, } else if (os_strncmp(buf, "RESEND_GROUP_M1 ", 16) == 0) { if (hostapd_ctrl_resend_group_m1(hapd, buf + 16) < 0) reply_len = -1; + } else if (os_strncmp(buf, "REKEY_PTK ", 10) == 0) { + if (hostapd_ctrl_rekey_ptk(hapd, buf + 10) < 0) + reply_len = -1; } else if (os_strcmp(buf, "REKEY_GTK") == 0) { if (wpa_auth_rekey_gtk(hapd->wpa_auth) < 0) reply_len = -1; diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf index 7932cb862f48..b5d15061f850 100644 --- a/hostapd/hostapd.conf +++ b/hostapd/hostapd.conf @@ -831,12 +831,22 @@ wmm_ac_vo_acm=0 # 1 = required #he_twt_required=0 +#he_twt_responder: Whether TWT (HE) responder is enabled +# 0 = disabled +# 1 = enabled if supported by the driver (default) +#he_twt_responder=1 + #he_rts_threshold: Duration of STA transmission # 0 = not set (default) # unsigned integer = duration in units of 16 us #he_rts_threshold=0 # HE operating channel information; see matching vht_* parameters for details. +# he_oper_centr_freq_seg0_idx field is used to indicate center frequency of 80 +# and 160 MHz bandwidth operation. In 80+80 MHz operation, it is the center +# frequency of the lower frequency segment. he_oper_centr_freq_seg1_idx field +# is used only with 80+80 MHz bandwidth operation and it is used to transmit +# the center frequency of the second segment. # On the 6 GHz band the center freq calculation starts from 5.950 GHz offset. # For example idx=3 would result in 5965 MHz center frequency. In addition, # he_oper_chwidth is ignored, and the channel width is derived from the diff --git a/src/ap/acs.c b/src/ap/acs.c index aa2ceb0d1848..a112045364e3 100644 --- a/src/ap/acs.c +++ b/src/ap/acs.c @@ -372,40 +372,47 @@ acs_survey_chan_interference_factor(struct hostapd_iface *iface, } -static int acs_usable_ht40_chan(const struct hostapd_channel_data *chan) +static int acs_usable_bw40_chan(const struct hostapd_channel_data *chan) { - const int allowed[] = { 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, - 157, 184, 192 }; + const int allowed[] = { 5180, 5220, 5260, 5300, 5500, 5540, 5580, 5620, + 5660, 5745, 5785, 4920, 4960, 5955, 5995, 6035, + 6075, 6115, 6155, 6195, 6235, 6275, 6315, 6355, + 6395, 6435, 6475, 6515, 6555, 6595, 6635, 6675, + 6715, 6755, 6795, 6835, 6875, 6915, 6955, 6995, + 7035, 7075 }; unsigned int i; for (i = 0; i < ARRAY_SIZE(allowed); i++) - if (chan->chan == allowed[i]) + if (chan->freq == allowed[i]) return 1; return 0; } -static int acs_usable_vht80_chan(const struct hostapd_channel_data *chan) +static int acs_usable_bw80_chan(const struct hostapd_channel_data *chan) { - const int allowed[] = { 36, 52, 100, 116, 132, 149 }; + const int allowed[] = { 5180, 5260, 5550, 5580, 5660, 5745, 5955, 6035, + 6115, 6195, 6275, 6355, 6435, 6515, 6595, 6675, + 6755, 6835, 6915, 6995 }; unsigned int i; for (i = 0; i < ARRAY_SIZE(allowed); i++) - if (chan->chan == allowed[i]) + if (chan->freq == allowed[i]) return 1; return 0; } -static int acs_usable_vht160_chan(const struct hostapd_channel_data *chan) +static int acs_usable_bw160_chan(const struct hostapd_channel_data *chan) { - const int allowed[] = { 36, 100 }; + const int allowed[] = { 5180, 5500, 5955, 6115, 6275, 6435, 6595, 6755, + 6915 }; unsigned int i; for (i = 0; i < ARRAY_SIZE(allowed); i++) - if (chan->chan == allowed[i]) + if (chan->freq == allowed[i]) return 1; return 0; @@ -678,10 +685,12 @@ acs_find_ideal_chan_mode(struct hostapd_iface *iface, /* HT40 on 5 GHz has a limited set of primary channels as per * 11n Annex J */ if (mode->mode == HOSTAPD_MODE_IEEE80211A && - iface->conf->ieee80211n && - iface->conf->secondary_channel && - !acs_usable_ht40_chan(chan)) { - wpa_printf(MSG_DEBUG, "ACS: Channel %d: not allowed as primary channel for HT40", + ((iface->conf->ieee80211n && + iface->conf->secondary_channel) || + is_6ghz_freq(chan->freq)) && + !acs_usable_bw40_chan(chan)) { + wpa_printf(MSG_DEBUG, + "ACS: Channel %d: not allowed as primary channel for 40 MHz bandwidth", chan->chan); continue; } @@ -690,18 +699,18 @@ acs_find_ideal_chan_mode(struct hostapd_iface *iface, (iface->conf->ieee80211ac || iface->conf->ieee80211ax)) { if (hostapd_get_oper_chwidth(iface->conf) == CHANWIDTH_80MHZ && - !acs_usable_vht80_chan(chan)) { + !acs_usable_bw80_chan(chan)) { wpa_printf(MSG_DEBUG, - "ACS: Channel %d: not allowed as primary channel for VHT80", + "ACS: Channel %d: not allowed as primary channel for 80 MHz bandwidth", chan->chan); continue; } if (hostapd_get_oper_chwidth(iface->conf) == CHANWIDTH_160MHZ && - !acs_usable_vht160_chan(chan)) { + !acs_usable_bw160_chan(chan)) { wpa_printf(MSG_DEBUG, - "ACS: Channel %d: not allowed as primary channel for VHT160", + "ACS: Channel %d: not allowed as primary channel for 160 MHz bandwidth", chan->chan); continue; } @@ -832,6 +841,12 @@ acs_find_ideal_chan(struct hostapd_iface *iface) u32 bw; struct hostapd_hw_modes *mode; + if (is_6ghz_op_class(iface->conf->op_class)) { + bw = op_class_to_bandwidth(iface->conf->op_class); + n_chans = bw / 20; + goto bw_selected; + } + /* TODO: HT40- support */ if (iface->conf->ieee80211n && @@ -857,6 +872,7 @@ acs_find_ideal_chan(struct hostapd_iface *iface) bw = num_chan_to_bw(n_chans); +bw_selected: /* TODO: VHT/HE80+80. Update acs_adjust_center_freq() too. */ wpa_printf(MSG_DEBUG, diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c index 7b6249bbe5cf..7b6d54c35fc2 100644 --- a/src/ap/ap_config.c +++ b/src/ap/ap_config.c @@ -274,6 +274,7 @@ struct hostapd_config * hostapd_config_defaults(void) conf->he_op.he_bss_color_disabled = 1; conf->he_op.he_bss_color_partial = 0; conf->he_op.he_bss_color = 1; + conf->he_op.he_twt_responder = 1; conf->he_6ghz_max_mpdu = 2; conf->he_6ghz_max_ampdu_len_exp = 7; conf->he_6ghz_rx_ant_pat = 1; diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h index 95bd79873a59..ced36f9cc828 100644 --- a/src/ap/ap_config.h +++ b/src/ap/ap_config.h @@ -914,6 +914,7 @@ struct he_operation { u8 he_bss_color_partial; u8 he_default_pe_duration; u8 he_twt_required; + u8 he_twt_responder; u16 he_rts_threshold; u16 he_basic_mcs_nss_set; }; diff --git a/src/ap/beacon.c b/src/ap/beacon.c index 7d9e8b9230c2..15fc2b3db064 100644 --- a/src/ap/beacon.c +++ b/src/ap/beacon.c @@ -1753,6 +1753,11 @@ int ieee802_11_set_beacon(struct hostapd_data *hapd) struct wpabuf *beacon, *proberesp, *assocresp; int res, ret = -1; + if (!hapd->drv_priv) { + wpa_printf(MSG_ERROR, "Interface is disabled"); + return -1; + } + if (hapd->csa_in_progress) { wpa_printf(MSG_ERROR, "Cannot set beacons during CSA period"); return -1; diff --git a/src/ap/dpp_hostapd.c b/src/ap/dpp_hostapd.c index aaeb94c2f53b..93ffd8cf7c36 100644 --- a/src/ap/dpp_hostapd.c +++ b/src/ap/dpp_hostapd.c @@ -757,7 +757,7 @@ static void hostapd_dpp_rx_auth_req(struct hostapd_data *hapd, const u8 *src, if (!own_bi) { if (dpp_relay_rx_action(hapd->iface->interfaces->dpp, src, hdr, buf, len, freq, i_bootstrap, - r_bootstrap) == 0) + r_bootstrap, hapd) == 0) return; } #endif /* CONFIG_DPP2 */ @@ -1276,7 +1276,7 @@ hostapd_dpp_rx_presence_announcement(struct hostapd_data *hapd, const u8 *src, if (!peer_bi) { if (dpp_relay_rx_action(hapd->iface->interfaces->dpp, src, hdr, buf, len, freq, NULL, - r_bootstrap) == 0) + r_bootstrap, hapd) == 0) return; wpa_printf(MSG_DEBUG, "DPP: No matching bootstrapping information found"); @@ -1366,7 +1366,7 @@ hostapd_dpp_rx_reconfig_announcement(struct hostapd_data *hapd, const u8 *src, if (!conf) { if (dpp_relay_rx_action(hapd->iface->interfaces->dpp, src, hdr, buf, len, freq, NULL, - NULL) == 0) + NULL, hapd) == 0) return; wpa_printf(MSG_DEBUG, "DPP: No matching Configurator information found"); @@ -1892,7 +1892,8 @@ void hostapd_dpp_rx_action(struct hostapd_data *hapd, const u8 *src, #ifdef CONFIG_DPP2 if (dpp_relay_rx_action(hapd->iface->interfaces->dpp, - src, hdr, buf, len, freq, NULL, NULL) == 0) + src, hdr, buf, len, freq, NULL, NULL, + hapd) == 0) return; #endif /* CONFIG_DPP2 */ diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c index e9aae6dcf2f5..913a8e29e16d 100644 --- a/src/ap/hostapd.c +++ b/src/ap/hostapd.c @@ -1674,6 +1674,26 @@ static int configured_fixed_chan_to_freq(struct hostapd_iface *iface) } +static void hostapd_set_6ghz_sec_chan(struct hostapd_iface *iface) +{ + int bw, seg0; + + if (!is_6ghz_op_class(iface->conf->op_class)) + return; + + seg0 = hostapd_get_oper_centr_freq_seg0_idx(iface->conf); + bw = center_idx_to_bw_6ghz(seg0); + /* Assign the secondary channel if absent in config for + * bandwidths > 20 MHz */ + if (bw > 20 && !iface->conf->secondary_channel) { + if (((iface->conf->channel - 1) / 4) % 2) + iface->conf->secondary_channel = -1; + else + iface->conf->secondary_channel = 1; + } +} + + static int setup_interface2(struct hostapd_iface *iface) { iface->wait_channel_update = 0; @@ -1693,6 +1713,7 @@ static int setup_interface2(struct hostapd_iface *iface) ch_width = op_class_to_ch_width(iface->conf->op_class); hostapd_set_oper_chwidth(iface->conf, ch_width); + hostapd_set_6ghz_sec_chan(iface); } ret = hostapd_select_hw_mode(iface); diff --git a/src/ap/hw_features.c b/src/ap/hw_features.c index 7849be181c21..bb5404fa7dd4 100644 --- a/src/ap/hw_features.c +++ b/src/ap/hw_features.c @@ -917,8 +917,14 @@ static int hostapd_is_usable_chans(struct hostapd_iface *iface) return 1; if (hostapd_is_usable_chan(iface, iface->freq + - iface->conf->secondary_channel * 20, 0)) - return 1; + iface->conf->secondary_channel * 20, 0)) { + if (iface->conf->secondary_channel == 1 && + (pri_chan->allowed_bw & HOSTAPD_CHAN_WIDTH_40P)) + return 1; + if (iface->conf->secondary_channel == -1 && + (pri_chan->allowed_bw & HOSTAPD_CHAN_WIDTH_40M)) + return 1; + } if (!iface->conf->ht40_plus_minus_allowed) return 0; diff --git a/src/ap/ieee802_11_he.c b/src/ap/ieee802_11_he.c index c27bb1fcdbd0..cbe5e639588f 100644 --- a/src/ap/ieee802_11_he.c +++ b/src/ap/ieee802_11_he.c @@ -216,7 +216,10 @@ u8 * hostapd_eid_he_operation(struct hostapd_data *hapd, u8 *eid) params |= HE_OPERATION_6GHZ_OPER_INFO; - /* 6 GHz Operation Information field */ + /* 6 GHz Operation Information field + * IEEE P802.11ax/D8.0, 9.4.2.249 HE Operation element, + * Figure 9-788k + */ *pos++ = hapd->iconf->channel; /* Primary Channel */ /* Control: Channel Width */ @@ -226,6 +229,18 @@ u8 * hostapd_eid_he_operation(struct hostapd_data *hapd, u8 *eid) *pos++ = center_idx_to_bw_6ghz(seg0); /* Channel Center Freq Seg0/Seg1 */ + if (hapd->iconf->he_oper_chwidth == 2) { + /* + * Seg 0 indicates the channel center frequency index of + * the 160 MHz channel. + */ + seg1 = seg0; + if (hapd->iconf->channel < seg0) + seg0 -= 8; + else + seg0 += 8; + } + *pos++ = seg0; *pos++ = seg1; /* Minimum Rate */ @@ -434,8 +449,8 @@ u16 copy_sta_he_capab(struct hostapd_data *hapd, struct sta_info *sta, enum ieee80211_op_mode opmode, const u8 *he_capab, size_t he_capab_len) { - if (!he_capab || !hapd->iconf->ieee80211ax || - hapd->conf->disable_11ax || + if (!he_capab || !(sta->flags & WLAN_STA_WMM) || + !hapd->iconf->ieee80211ax || hapd->conf->disable_11ax || !check_valid_he_mcs(hapd, he_capab, opmode) || ieee80211_invalid_he_cap_size(he_capab, he_capab_len) || he_capab_len > sizeof(struct ieee80211_he_capabilities)) { @@ -499,5 +514,6 @@ int hostapd_get_he_twt_responder(struct hostapd_data *hapd, mac_cap = hapd->iface->current_mode->he_capab[mode].mac_cap; - return !!(mac_cap[HE_MAC_CAPAB_0] & HE_MACCAP_TWT_RESPONDER); + return !!(mac_cap[HE_MAC_CAPAB_0] & HE_MACCAP_TWT_RESPONDER) && + hapd->iface->conf->he_op.he_twt_responder; } diff --git a/src/ap/ieee802_11_vht.c b/src/ap/ieee802_11_vht.c index d0370229c417..828f0abb5aad 100644 --- a/src/ap/ieee802_11_vht.c +++ b/src/ap/ieee802_11_vht.c @@ -171,7 +171,7 @@ u16 copy_sta_vht_capab(struct hostapd_data *hapd, struct sta_info *sta, const u8 *vht_capab) { /* Disable VHT caps for STAs associated to no-VHT BSSes. */ - if (!vht_capab || + if (!vht_capab || !(sta->flags & WLAN_STA_WMM) || !hapd->iconf->ieee80211ac || hapd->conf->disable_11ac || !check_valid_vht_mcs(hapd->iface->current_mode, vht_capab)) { sta->flags &= ~WLAN_STA_VHT; diff --git a/src/ap/pmksa_cache_auth.c b/src/ap/pmksa_cache_auth.c index fe5f8171754b..b67b8522e744 100644 --- a/src/ap/pmksa_cache_auth.c +++ b/src/ap/pmksa_cache_auth.c @@ -516,7 +516,8 @@ struct rsn_pmksa_cache_entry * pmksa_cache_get_okc( for (entry = pmksa->pmksa; entry; entry = entry->next) { if (os_memcmp(entry->spa, spa, ETH_ALEN) != 0) continue; - if (wpa_key_mgmt_sae(entry->akmp)) { + if (wpa_key_mgmt_sae(entry->akmp) || + wpa_key_mgmt_fils(entry->akmp)) { if (os_memcmp(entry->pmkid, pmkid, PMKID_LEN) == 0) return entry; continue; diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index 59cd46aa4601..83805681ed97 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -1001,6 +1001,18 @@ static int wpa_try_alt_snonce(struct wpa_state_machine *sm, u8 *data, } +static bool wpa_auth_gtk_rekey_in_process(struct wpa_authenticator *wpa_auth) +{ + struct wpa_group *group; + + for (group = wpa_auth->group; group; group = group->next) { + if (group->GKeyDoneStations) + return true; + } + return false; +} + + void wpa_receive(struct wpa_authenticator *wpa_auth, struct wpa_state_machine *sm, u8 *data, size_t data_len) @@ -1368,7 +1380,11 @@ continue_processing: wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, "received EAPOL-Key Request for GTK rekeying"); eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL); - wpa_rekey_gtk(wpa_auth, NULL); + if (wpa_auth_gtk_rekey_in_process(wpa_auth)) + wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, + "skip new GTK rekey - already in process"); + else + wpa_rekey_gtk(wpa_auth, NULL); } } else { /* Do not allow the same key replay counter to be reused. */ @@ -3678,6 +3694,8 @@ SM_STATE(WPA_PTK, PTKINITDONE) wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO, "pairwise key handshake completed (%s)", sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN"); + wpa_msg(sm->wpa_auth->conf.msg_ctx, MSG_INFO, "EAPOL-4WAY-HS-COMPLETED " + MACSTR, MAC2STR(sm->addr)); #ifdef CONFIG_IEEE80211R_AP wpa_ft_push_pmk_r1(sm->wpa_auth, sm->addr); @@ -5627,6 +5645,18 @@ int wpa_auth_rekey_gtk(struct wpa_authenticator *wpa_auth) } +int wpa_auth_rekey_ptk(struct wpa_authenticator *wpa_auth, + struct wpa_state_machine *sm) +{ + if (!wpa_auth || !sm) + return -1; + wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "rekeying PTK"); + wpa_request_new_ptk(sm); + wpa_sm_step(sm); + return 0; +} + + void wpa_auth_set_ft_rsnxe_used(struct wpa_authenticator *wpa_auth, int val) { if (wpa_auth) diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h index eaa2cafc8088..fe47723b9e6b 100644 --- a/src/ap/wpa_auth.h +++ b/src/ap/wpa_auth.h @@ -553,7 +553,12 @@ int wpa_auth_resend_m3(struct wpa_state_machine *sm, int wpa_auth_resend_group_m1(struct wpa_state_machine *sm, void (*cb)(void *ctx1, void *ctx2), void *ctx1, void *ctx2); +int wpa_auth_rekey_ptk(struct wpa_authenticator *wpa_auth, + struct wpa_state_machine *sm); int wpa_auth_rekey_gtk(struct wpa_authenticator *wpa_auth); +int hostapd_wpa_auth_send_eapol(void *ctx, const u8 *addr, + const u8 *data, size_t data_len, + int encrypt); void wpa_auth_set_ptk_rekey_timer(struct wpa_state_machine *sm); void wpa_auth_set_ft_rsnxe_used(struct wpa_authenticator *wpa_auth, int val); diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c index c3b2e81e2e72..7ca292530dc1 100644 --- a/src/ap/wpa_auth_glue.c +++ b/src/ap/wpa_auth_glue.c @@ -505,9 +505,9 @@ static int hostapd_wpa_auth_get_seqnum(void *ctx, const u8 *addr, int idx, } -static int hostapd_wpa_auth_send_eapol(void *ctx, const u8 *addr, - const u8 *data, size_t data_len, - int encrypt) +int hostapd_wpa_auth_send_eapol(void *ctx, const u8 *addr, + const u8 *data, size_t data_len, + int encrypt) { struct hostapd_data *hapd = ctx; struct sta_info *sta; diff --git a/src/common/dpp.h b/src/common/dpp.h index 65ee905a78f9..75de3cae93e9 100644 --- a/src/common/dpp.h +++ b/src/common/dpp.h @@ -669,7 +669,8 @@ int dpp_relay_add_controller(struct dpp_global *dpp, struct dpp_relay_config *config); int dpp_relay_rx_action(struct dpp_global *dpp, const u8 *src, const u8 *hdr, const u8 *buf, size_t len, unsigned int freq, - const u8 *i_bootstrap, const u8 *r_bootstrap); + const u8 *i_bootstrap, const u8 *r_bootstrap, + void *cb_ctx); int dpp_relay_rx_gas_req(struct dpp_global *dpp, const u8 *src, const u8 *data, size_t data_len); int dpp_controller_start(struct dpp_global *dpp, diff --git a/src/common/dpp_tcp.c b/src/common/dpp_tcp.c index 609c243a6856..c373f107791c 100644 --- a/src/common/dpp_tcp.c +++ b/src/common/dpp_tcp.c @@ -82,6 +82,7 @@ static void dpp_controller_auth_success(struct dpp_connection *conn, int initiator); static void dpp_tcp_build_csr(void *eloop_ctx, void *timeout_ctx); static void dpp_tcp_gas_query_comeback(void *eloop_ctx, void *timeout_ctx); +static void dpp_relay_conn_timeout(void *eloop_ctx, void *timeout_ctx); static void dpp_connection_free(struct dpp_connection *conn) @@ -97,6 +98,7 @@ static void dpp_connection_free(struct dpp_connection *conn) conn, NULL); eloop_cancel_timeout(dpp_tcp_build_csr, conn, NULL); eloop_cancel_timeout(dpp_tcp_gas_query_comeback, conn, NULL); + eloop_cancel_timeout(dpp_relay_conn_timeout, conn, NULL); wpabuf_free(conn->msg); wpabuf_free(conn->msg_out); dpp_auth_deinit(conn->auth); @@ -154,6 +156,24 @@ dpp_relay_controller_get(struct dpp_global *dpp, const u8 *pkhash) } +static struct dpp_relay_controller * +dpp_relay_controller_get_ctx(struct dpp_global *dpp, void *cb_ctx) +{ + struct dpp_relay_controller *ctrl; + + if (!dpp) + return NULL; + + dl_list_for_each(ctrl, &dpp->controllers, struct dpp_relay_controller, + list) { + if (cb_ctx == ctrl->cb_ctx) + return ctrl; + } + + return NULL; +} + + static void dpp_controller_gas_done(struct dpp_connection *conn) { struct dpp_authentication *auth = conn->auth; @@ -352,6 +372,16 @@ static int dpp_ipaddr_to_sockaddr(struct sockaddr *addr, socklen_t *addrlen, } +static void dpp_relay_conn_timeout(void *eloop_ctx, void *timeout_ctx) +{ + struct dpp_connection *conn = eloop_ctx; + + wpa_printf(MSG_DEBUG, + "DPP: Timeout while waiting for relayed connection to complete"); + dpp_connection_remove(conn); +} + + static struct dpp_connection * dpp_relay_new_conn(struct dpp_relay_controller *ctrl, const u8 *src, unsigned int freq) @@ -412,8 +442,8 @@ dpp_relay_new_conn(struct dpp_relay_controller *ctrl, const u8 *src, goto fail; conn->write_eloop = 1; - /* TODO: eloop timeout to clear a connection if it does not complete - * properly */ + eloop_cancel_timeout(dpp_relay_conn_timeout, conn, NULL); + eloop_register_timeout(20, 0, dpp_relay_conn_timeout, conn, NULL); dl_list_add(&ctrl->conn, &conn->list); return conn; @@ -465,7 +495,8 @@ static int dpp_relay_tx(struct dpp_connection *conn, const u8 *hdr, int dpp_relay_rx_action(struct dpp_global *dpp, const u8 *src, const u8 *hdr, const u8 *buf, size_t len, unsigned int freq, - const u8 *i_bootstrap, const u8 *r_bootstrap) + const u8 *i_bootstrap, const u8 *r_bootstrap, + void *cb_ctx) { struct dpp_relay_controller *ctrl; struct dpp_connection *conn; @@ -493,8 +524,7 @@ int dpp_relay_rx_action(struct dpp_global *dpp, const u8 *src, const u8 *hdr, type == DPP_PA_RECONFIG_ANNOUNCEMENT) { /* TODO: Could send this to all configured Controllers. For now, * only the first Controller is supported. */ - ctrl = dl_list_first(&dpp->controllers, - struct dpp_relay_controller, list); + ctrl = dpp_relay_controller_get_ctx(dpp, cb_ctx); } else { if (!r_bootstrap) return -1; diff --git a/src/common/ieee802_11_defs.h b/src/common/ieee802_11_defs.h index 710186e5d36a..7d2f36b8f1e6 100644 --- a/src/common/ieee802_11_defs.h +++ b/src/common/ieee802_11_defs.h @@ -22,7 +22,7 @@ #define WLAN_FC_PWRMGT 0x1000 #define WLAN_FC_MOREDATA 0x2000 #define WLAN_FC_ISWEP 0x4000 -#define WLAN_FC_ORDER 0x8000 +#define WLAN_FC_HTC 0x8000 #define WLAN_FC_GET_TYPE(fc) (((fc) & 0x000c) >> 2) #define WLAN_FC_GET_STYPE(fc) (((fc) & 0x00f0) >> 4) diff --git a/src/common/qca-vendor.h b/src/common/qca-vendor.h index 32c93bb84d54..ce588cc00a59 100644 --- a/src/common/qca-vendor.h +++ b/src/common/qca-vendor.h @@ -512,7 +512,9 @@ enum qca_radiotap_vendor_ids { * @QCA_NL80211_VENDOR_SUBCMD_PEER_CFR_CAPTURE_CFG: This command is used to * configure parameters per peer to capture Channel Frequency Response * (CFR) and enable Periodic CFR capture. The attributes for this command - * are defined in enum qca_wlan_vendor_peer_cfr_capture_attr. + * are defined in enum qca_wlan_vendor_peer_cfr_capture_attr. This command + * can also be used to send CFR data from the driver to userspace when + * netlink events are used to send CFR data. * * @QCA_NL80211_VENDOR_SUBCMD_THROUGHPUT_CHANGE_EVENT: Event to indicate changes * in throughput dynamically. The driver estimates the throughput based on @@ -700,6 +702,23 @@ enum qca_radiotap_vendor_ids { * used with this event are defined in enum * qca_wlan_vendor_attr_mbssid_tx_vdev_status. * + * @QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_MULTI_STA_POLICY: Vendor command to + * configure the concurrent session policies when multiple STA interfaces + * are (getting) active. The attributes used by this command are defined + * in enum qca_wlan_vendor_attr_concurrent_sta_policy. + * + * @QCA_NL80211_VENDOR_SUBCMD_USABLE_CHANNELS: Userspace can use this command + * to query usable channels for different interface types such as STA, + * AP, P2P GO, P2P Client, NAN, etc. The driver shall report all usable + * channels in the response based on country code, different static + * configurations, concurrency combinations, etc. The attributes used + * with this command are defined in + * enum qca_wlan_vendor_attr_usable_channels. + * + * @QCA_NL80211_VENDOR_SUBCMD_GET_RADAR_HISTORY: This vendor subcommand is used + * to get DFS radar history from the driver to userspace. The driver + * returns QCA_WLAN_VENDOR_ATTR_RADAR_HISTORY_ENTRIES attribute with an + * array of nested entries. */ enum qca_nl80211_vendor_subcmds { QCA_NL80211_VENDOR_SUBCMD_UNSPEC = 0, @@ -886,6 +905,9 @@ enum qca_nl80211_vendor_subcmds { QCA_NL80211_VENDOR_SUBCMD_UPDATE_SSID = 194, QCA_NL80211_VENDOR_SUBCMD_WIFI_FW_STATS = 195, QCA_NL80211_VENDOR_SUBCMD_MBSSID_TX_VDEV_STATUS = 196, + QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_MULTI_STA_POLICY = 197, + QCA_NL80211_VENDOR_SUBCMD_USABLE_CHANNELS = 198, + QCA_NL80211_VENDOR_SUBCMD_GET_RADAR_HISTORY = 199, }; enum qca_wlan_vendor_attr { @@ -2399,6 +2421,33 @@ enum qca_wlan_vendor_attr_config { */ QCA_WLAN_VENDOR_ATTR_CONFIG_RX_NSS = 78, + /* + * 8-bit unsigned value. This attribute, when set, indicates whether the + * specified interface is the primary STA interface when there are more + * than one STA interfaces concurrently active. + * + * This configuration helps the firmware/hardware to support certain + * features (e.g., roaming) on this primary interface, if the same + * cannot be supported on the concurrent STA interfaces simultaneously. + * + * This configuration is only applicable for a single STA interface on + * a device and gives the priority for it only over other concurrent STA + * interfaces. + * + * If the device is a multi wiphy/soc, this configuration applies to a + * single STA interface across the wiphys. + * + * 1-Enable (is the primary STA), 0-Disable (is not the primary STA) + */ + QCA_WLAN_VENDOR_ATTR_CONFIG_CONCURRENT_STA_PRIMARY = 79, + + /* + * 8-bit unsigned value. This attribute can be used to configure the + * driver to enable/disable FT-over-DS feature. Possible values for + * this attribute are 1-Enable and 0-Disable. + */ + QCA_WLAN_VENDOR_ATTR_CONFIG_FT_OVER_DS = 80, + /* keep last */ QCA_WLAN_VENDOR_ATTR_CONFIG_AFTER_LAST, QCA_WLAN_VENDOR_ATTR_CONFIG_MAX = @@ -4545,7 +4594,13 @@ enum qca_vendor_attr_roam_candidate_selection_criteria { * @QCA_ATTR_ROAM_CONTROL_CANDIDATE_RSSI_THRESHOLD: Signed 32-bit value in dBm, * signifying the RSSI threshold of the candidate AP, indicating * the driver to trigger roam only to the candidate AP with RSSI - * better than this threshold. + * better than this threshold. If RSSI thresholds for candidate APs found + * in the 2.4 GHz, 5 GHz, and 6 GHz bands are configured separately using + * QCA_ATTR_ROAM_CONTROL_CANDIDATE_RSSI_THRESHOLD_2P4GHZ, + * QCA_ATTR_ROAM_CONTROL_CANDIDATE_RSSI_THRESHOLD_5GHZ, and/or + * QCA_ATTR_ROAM_CONTROL_CANDIDATE_RSSI_THRESHOLD_6GHZ, those values will + * take precedence over the value configured using the + * QCA_ATTR_ROAM_CONTROL_CANDIDATE_RSSI_THRESHOLD attribute. * * @QCA_ATTR_ROAM_CONTROL_USER_REASON: Unsigned 32-bit value. Represents the * user defined reason code to be sent to the AP in response to AP's @@ -4564,6 +4619,31 @@ enum qca_vendor_attr_roam_candidate_selection_criteria { * If both QCA_ATTR_ROAM_CONTROL_SCAN_SCHEME and * QCA_ATTR_ROAM_CONTROL_SCAN_SCHEME_TRIGGERS are not specified, the * driver shall proceed with the default behavior. + * + * @QCA_ATTR_ROAM_CONTROL_CANDIDATE_RSSI_THRESHOLD_2P4GHZ: Signed 32-bit value + * in dBm, signifying the RSSI threshold of the candidate AP found in the + * 2.4 GHz band. The driver/firmware shall trigger roaming to the candidate + * AP found in the 2.4 GHz band only if its RSSI value is better than this + * threshold. Optional attribute. If this attribute is not included, the + * threshold value specified by the + * QCA_ATTR_ROAM_CONTROL_CANDIDATE_RSSI_THRESHOLD attribute shall be used. + * + * @QCA_ATTR_ROAM_CONTROL_CANDIDATE_RSSI_THRESHOLD_5GHZ: Signed 32-bit value in + * dBm, signifying the RSSI threshold of the candidate AP found in the 5 + * GHz band. The driver/firmware shall trigger roaming to the candidate AP + * found in the 5 GHz band only if its RSSI value is better than this + * threshold. Optional attribute. If this attribute is not included, the + * threshold value specified by tge + * QCA_ATTR_ROAM_CONTROL_CANDIDATE_RSSI_THRESHOLD attribute shall be used. + * + * @QCA_ATTR_ROAM_CONTROL_CANDIDATE_RSSI_THRESHOLD_6GHZ: Signed 32-bit value in + * dBm, signifying the RSSI threshold of the candidate AP found in the 6 + * GHz band. The driver/firmware shall trigger roaming to the candidate AP + * found in the 6 GHz band only if its RSSI value is better than this + * threshold. Optional attribute. If this attribute is not included, the + * threshold value specified by the + * QCA_ATTR_ROAM_CONTROL_CANDIDATE_RSSI_THRESHOLD attribute shall be used. + * */ enum qca_vendor_attr_roam_control { QCA_ATTR_ROAM_CONTROL_ENABLE = 1, @@ -4579,6 +4659,9 @@ enum qca_vendor_attr_roam_control { QCA_ATTR_ROAM_CONTROL_CANDIDATE_RSSI_THRESHOLD = 11, QCA_ATTR_ROAM_CONTROL_USER_REASON = 12, QCA_ATTR_ROAM_CONTROL_SCAN_SCHEME_TRIGGERS = 13, + QCA_ATTR_ROAM_CONTROL_CANDIDATE_RSSI_THRESHOLD_2P4GHZ = 14, + QCA_ATTR_ROAM_CONTROL_CANDIDATE_RSSI_THRESHOLD_5GHZ = 15, + QCA_ATTR_ROAM_CONTROL_CANDIDATE_RSSI_THRESHOLD_6GHZ = 16, /* keep last */ QCA_ATTR_ROAM_CONTROL_AFTER_LAST, @@ -6486,6 +6569,8 @@ enum qca_wlan_vendor_hang_reason { QCA_WLAN_HANG_SUSPEND_NO_CREDIT = 25, /* Bus failure */ QCA_WLAN_HANG_BUS_FAILURE = 26, + /* tasklet/credit latency found */ + QCA_WLAN_HANG_TASKLET_CREDIT_LATENCY_DETECT = 27, }; /** @@ -7491,6 +7576,21 @@ enum qca_wlan_he_om_ctrl_ch_bw { QCA_WLAN_HE_OM_CTRL_BW_160M = 3, }; +/** + * enum qca_wlan_keep_alive_data_type - Keep alive data type configuration + * + * Indicates the frame types to use for keep alive data. + * + * @QCA_WLAN_KEEP_ALIVE_DEFAULT: Driver default type used for keep alive. + * @QCA_WLAN_KEEP_ALIVE_DATA: Data frame type for keep alive. + * @QCA_WLAN_KEEP_ALIVE_MGMT: Management frame type for keep alive. + */ +enum qca_wlan_keep_alive_data_type { + QCA_WLAN_KEEP_ALIVE_DEFAULT = 0, + QCA_WLAN_KEEP_ALIVE_DATA = 1, + QCA_WLAN_KEEP_ALIVE_MGMT = 2, +}; + /** * enum qca_wlan_vendor_attr_he_omi_tx: Represents attributes for * HE operating mode control transmit request. These attributes are @@ -8004,6 +8104,22 @@ enum qca_wlan_vendor_attr_wifi_test_config { */ QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_6GHZ_SECURITY_TEST_MODE = 51, + /* 8-bit unsigned value to configure the driver to transmit data with + * ER SU PPDU type. + * + * 0 - Default behavior, 1 - Enable ER SU PPDU type TX. + * This attribute is used for testing purposes. + */ + QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_ER_SU_PPDU_TYPE = 52, + + /* 8-bit unsigned value to configure the driver to use Data or + * Management frame type for keep alive data. + * Uses enum qca_wlan_keep_alive_data_type values. + * + * This attribute is used for testing purposes. + */ + QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_KEEP_ALIVE_FRAME_TYPE = 53, + /* keep last */ QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_AFTER_LAST, QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_MAX = @@ -8412,14 +8528,17 @@ enum qca_wlan_twt_setup_state { * @QCA_WLAN_VENDOR_ATTR_TWT_SETUP_MAC_ADDR: 6-byte MAC address * Represents the MAC address of the peer for which the TWT session * is being configured. This is used in AP mode to represent the respective - * client. In AP mode, this is an optional parameter for response and is - * a required parameter for - * 1. TWT SET Request - * 2. TWT GET Request - * 3. TWT TERMINATE Request - * 4. TWT SUSPEND Request + * client. + * In AP mode, this is a required parameter in response for + * 1. TWT SET + * 2. TWT GET + * 3. TWT TERMINATE + * 4. TWT SUSPEND * In STA mode, this is an optional parameter in request and response for * the above four TWT operations. + * In AP mode, this is a required parameter in request for + * 1. TWT GET + * 2. TWT TERMINATE * * @QCA_WLAN_VENDOR_ATTR_TWT_SETUP_MIN_WAKE_INTVL: Optional (u32) * Minimum tolerance limit of wake interval parameter in microseconds. @@ -8551,6 +8670,8 @@ enum qca_wlan_vendor_attr_twt_setup { * request due to roaming in progress. * @QCA_WLAN_VENDOR_TWT_STATUS_CHANNEL_SWITCH_IN_PROGRESS: FW rejected the TWT * setup request due to channel switch in progress. + * @QCA_WLAN_VENDOR_TWT_STATUS_SCAN_IN_PROGRESS: FW rejected the TWT setup + * request due to scan in progress. */ enum qca_wlan_vendor_twt_status { QCA_WLAN_VENDOR_TWT_STATUS_OK = 0, @@ -8574,6 +8695,7 @@ enum qca_wlan_vendor_twt_status { QCA_WLAN_VENDOR_TWT_STATUS_SCC_MCC_CONCURRENCY_TERMINATE = 18, QCA_WLAN_VENDOR_TWT_STATUS_ROAMING_IN_PROGRESS = 19, QCA_WLAN_VENDOR_TWT_STATUS_CHANNEL_SWITCH_IN_PROGRESS = 20, + QCA_WLAN_VENDOR_TWT_STATUS_SCAN_IN_PROGRESS = 21, }; /** @@ -8919,6 +9041,22 @@ enum qca_wlan_vendor_attr_roam_scan { QCA_WLAN_VENDOR_ATTR_ROAM_SCAN_AFTER_LAST - 1, }; +/** + * enum qca_wlan_vendor_cfr_data_transport_modes - Defines QCA vendor CFR data + * transport modes and is used by the attribute + * QCA_WLAN_VENDOR_ATTR_PEER_CFR_DATA_TRANSPORT_MODE as a part of the vendor + * command QCA_NL80211_VENDOR_SUBCMD_PEER_CFR_CAPTURE_CFG. + * @QCA_WLAN_VENDOR_CFR_DATA_RELAY_FS: Use relayfs to send CFR data. + * @QCA_WLAN_VENDOR_CFR_DATA_NETLINK_EVENTS: Use netlink events to send CFR + * data. The data shall be encapsulated within + * QCA_WLAN_VENDOR_ATTR_PEER_CFR_RESP_DATA along with the vendor sub command + * QCA_NL80211_VENDOR_SUBCMD_PEER_CFR_CAPTURE_CFG as an asynchronous event. + */ +enum qca_wlan_vendor_cfr_data_transport_modes { + QCA_WLAN_VENDOR_CFR_DATA_RELAY_FS = 0, + QCA_WLAN_VENDOR_CFR_DATA_NETLINK_EVENTS = 1, +}; + /** * enum qca_wlan_vendor_cfr_method - QCA vendor CFR methods used by * attribute QCA_WLAN_VENDOR_ATTR_PEER_CFR_METHOD as part of vendor @@ -9109,6 +9247,27 @@ enum qca_wlan_vendor_cfr_capture_type { * MAC for CFR capture. This is a bitmask in which each bit represents the * corresponding Data frame subtype value per IEEE Std 802.11-2016, * 9.2.4.1.3 Type and Subtype subfields. This is for CFR version 2 only. + * + * @QCA_WLAN_VENDOR_ATTR_PEER_CFR_DATA_TRANSPORT_MODE: Optional (u8) + * Userspace can use this attribute to specify the driver about which transport + * mode shall be used by the driver to send CFR data to userspace. Uses values + * from enum qca_wlan_vendor_cfr_data_transport_modes. When this attribute is + * not present, the driver shall use the default transport mechanism which is + * QCA_WLAN_VENDOR_CFR_DATA_RELAY_FS. + * + * @QCA_WLAN_VENDOR_ATTR_PEER_CFR_DATA_RECEIVER_PID: Optional (u32) + * Userspace can use this attribute to specify the nl port id of the application + * which receives the CFR data and processes it further so that the drivers can + * unicast the netlink events to a specific application. Optionally included + * when QCA_WLAN_VENDOR_ATTR_PEER_CFR_DATA_TRANSPORT_MODE is set to + * QCA_WLAN_VENDOR_CFR_DATA_NETLINK_EVENTS, not required otherwise. The drivers + * shall multicast the netlink events when this attribute is not included. + * + * @QCA_WLAN_VENDOR_ATTR_PEER_CFR_RESP_DATA: Required (NLA_BINARY). + * This attribute will be used by the driver to encapsulate and send CFR data + * to userspace along with QCA_NL80211_VENDOR_SUBCMD_PEER_CFR_CAPTURE_CFG as an + * asynchronous event when the driver is configured to send CFR data using + * netlink events with %QCA_WLAN_VENDOR_CFR_DATA_NETLINK_EVENTS. */ enum qca_wlan_vendor_peer_cfr_capture_attr { QCA_WLAN_VENDOR_ATTR_PEER_CFR_CAPTURE_INVALID = 0, @@ -9137,6 +9296,9 @@ enum qca_wlan_vendor_peer_cfr_capture_attr { QCA_WLAN_VENDOR_ATTR_PEER_CFR_GROUP_MGMT_FILTER = 23, QCA_WLAN_VENDOR_ATTR_PEER_CFR_GROUP_CTRL_FILTER = 24, QCA_WLAN_VENDOR_ATTR_PEER_CFR_GROUP_DATA_FILTER = 25, + QCA_WLAN_VENDOR_ATTR_PEER_CFR_DATA_TRANSPORT_MODE = 26, + QCA_WLAN_VENDOR_ATTR_PEER_CFR_DATA_RECEIVER_PID = 27, + QCA_WLAN_VENDOR_ATTR_PEER_CFR_RESP_DATA = 28, /* Keep last */ QCA_WLAN_VENDOR_ATTR_PEER_CFR_AFTER_LAST, @@ -10708,6 +10870,58 @@ enum qca_wlan_vendor_attr_mbssid_tx_vdev_status { QCA_WLAN_VENDOR_ATTR_MBSSID_TX_VDEV_STATUS_AFTER_LAST - 1, }; +/** + * enum qca_wlan_concurrent_sta_policy_config - Concurrent STA policies + * + * @QCA_WLAN_CONCURRENT_STA_POLICY_PREFER_PRIMARY: Preference to the primary + * STA interface has to be given while selecting the connection policies + * (e.g., BSSID, band, TX/RX chains, etc.) for the subsequent STA interface. + * An interface is set as primary through the attribute + * QCA_WLAN_VENDOR_ATTR_CONFIG_CONCURRENT_STA_PRIMARY. This policy is not + * applicable if the primary interface has not been set earlier. + * + * The intention is not to downgrade the primary STA performance, such as: + * - Do not reduce the number of TX/RX chains of primary connection. + * - Do not optimize DBS vs. MCC/SCC, if DBS ends up reducing the number of + * chains. + * - If using MCC, should set the MCC duty cycle of the primary connection to + * be higher than the secondary connection. + * + * @QCA_WLAN_CONCURRENT_STA_POLICY_UNBIASED: The connection policies for the + * subsequent STA connection shall be chosen to balance with the existing + * concurrent STA's performance. + * Such as + * - Can choose MCC or DBS mode depending on the MCC efficiency and hardware + * capability. + * - If using MCC, set the MCC duty cycle of the primary connection to be equal + * to the secondary. + * - Prefer BSSID candidates which will help provide the best "overall" + * performance for all the STA connections. + */ +enum qca_wlan_concurrent_sta_policy_config { + QCA_WLAN_CONCURRENT_STA_POLICY_PREFER_PRIMARY = 0, + QCA_WLAN_CONCURRENT_STA_POLICY_UNBIASED = 1, +}; + +/** + * enum qca_wlan_vendor_attr_concurrent_sta_policy - Defines attributes + * used by QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_MULTI_STA_POLICY vendor command. + * + * @QCA_WLAN_VENDOR_ATTR_CONCURRENT_STA_POLICY_CONFIG: + * u8 attribute. Configures the concurrent STA policy configuration. + * Possible values are defined in enum qca_wlan_concurrent_sta_policy_config. + */ +enum qca_wlan_vendor_attr_concurrent_sta_policy { + QCA_WLAN_VENDOR_ATTR_CONCURRENT_STA_POLICY_INVALID = 0, + QCA_WLAN_VENDOR_ATTR_CONCURRENT_STA_POLICY_CONFIG = 1, + + /* keep last */ + QCA_WLAN_VENDOR_ATTR_CONCURRENT_STA_POLICY_AFTER_LAST, + QCA_WLAN_VENDOR_ATTR_CONCURRENT_STA_POLICY_MAX = + QCA_WLAN_VENDOR_ATTR_CONCURRENT_STA_POLICY_AFTER_LAST - 1, + +}; + /** * enum qca_sta_connect_fail_reason_codes - Defines values carried * by QCA_WLAN_VENDOR_ATTR_GET_STA_INFO_CONNECT_FAIL_REASON_CODE vendor @@ -10736,4 +10950,139 @@ enum qca_sta_connect_fail_reason_codes { QCA_STA_CONNECT_FAIL_REASON_ASSOC_NO_RESP_RECEIVED = 7, }; +/** + * enum qca_wlan_vendor_usable_channels_filter - Bitmask of different + * filters defined in this enum are used in attribute + * %QCA_WLAN_VENDOR_ATTR_USABLE_CHANNELS_FILTER_MASK. + * + * @QCA_WLAN_VENDOR_FILTER_CELLULAR_COEX: When this bit is set, the driver + * shall filter the channels which are not usable because of coexistence with + * cellular radio. + * @QCA_WLAN_VENDOR_FILTER_WLAN_CONCURRENCY: When this bit is set, the driver + * shall filter the channels which are not usable because of existing active + * interfaces in the driver and will result in Multi Channel Concurrency, etc. + * + */ +enum qca_wlan_vendor_usable_channels_filter { + QCA_WLAN_VENDOR_FILTER_CELLULAR_COEX = 0, + QCA_WLAN_VENDOR_FILTER_WLAN_CONCURRENCY = 1, +}; + +/** + * enum qca_wlan_vendor_attr_chan_info - Attributes used inside + * %QCA_WLAN_VENDOR_ATTR_USABLE_CHANNELS_CHAN_INFO nested attribute. + * + * @QCA_WLAN_VENDOR_ATTR_CHAN_INFO_PRIMARY_FREQ: + * u32 attribute, required. Indicates the center frequency of the primary + * channel in MHz. + * + * @QCA_WLAN_VENDOR_ATTR_CHAN_INFO_SEG0_FREQ: + * u32 attribute. Indicates the center frequency of the primary segment of the + * channel in MHz. This attribute is required when reporting 40 MHz, 80 MHz, + * 160 MHz, and 320 MHz channels. + * + * @QCA_WLAN_VENDOR_ATTR_CHAN_INFO_SEG1_FREQ: + * u32 attribute. Indicates the center frequency of the secondary segment of + * 80+80 channel in MHz. This attribute is required only when + * QCA_WLAN_VENDOR_ATTR_CHAN_INFO_BANDWIDTH is set to NL80211_CHAN_WIDTH_80P80. + * + * @QCA_WLAN_VENDOR_ATTR_CHAN_INFO_BANDWIDTH: + * u32 attribute, required. Indicates the bandwidth of the channel, possible + * values are defined in enum nl80211_chan_width. + * + * @QCA_WLAN_VENDOR_ATTR_CHAN_INFO_IFACE_MODE_MASK: + * u32 attribute, required. Indicates all the interface types for which this + * channel is usable. This attribute encapsulates bitmasks of interface types + * defined in enum nl80211_iftype. + * + */ +enum qca_wlan_vendor_attr_chan_info { + QCA_WLAN_VENDOR_ATTR_CHAN_INFO_INVALID = 0, + QCA_WLAN_VENDOR_ATTR_CHAN_INFO_PRIMARY_FREQ = 1, + QCA_WLAN_VENDOR_ATTR_CHAN_INFO_SEG0_FREQ = 2, + QCA_WLAN_VENDOR_ATTR_CHAN_INFO_SEG1_FREQ = 3, + QCA_WLAN_VENDOR_ATTR_CHAN_INFO_BANDWIDTH = 4, + QCA_WLAN_VENDOR_ATTR_CHAN_INFO_IFACE_MODE_MASK = 5, + + /* keep last */ + QCA_WLAN_VENDOR_ATTR_CHAN_INFO_AFTER_LAST, + QCA_WLAN_VENDOR_ATTR_CHAN_INFO_MAX = + QCA_WLAN_VENDOR_ATTR_CHAN_INFO_AFTER_LAST - 1, +}; + +/** + * enum qca_wlan_vendor_attr_usable_channels - Attributes used by + * %QCA_NL80211_VENDOR_SUBCMD_USABLE_CHANNELS vendor command. + * + * @QCA_WLAN_VENDOR_ATTR_USABLE_CHANNELS_BAND_MASK: + * u32 attribute. Indicates the bands from which the channels should be reported + * in response. This attribute encapsulates bit masks of bands defined in enum + * nl80211_band. Optional attribute, if not present in the request the driver + * shall return channels from all supported bands. + * + * @QCA_WLAN_VENDOR_ATTR_USABLE_CHANNELS_IFACE_MODE_MASK: + * u32 attribute. Indicates all the interface types for which the usable + * channels information is requested. This attribute encapsulates bitmasks of + * interface types defined in enum nl80211_iftype. Optional attribute, if not + * present in the request the driver shall send information of all supported + * interface modes. + * + * @QCA_WLAN_VENDOR_ATTR_USABLE_CHANNELS_FILTER_MASK: + * u32 attribute. This attribute carries information of all filters that shall + * be applied while populating usable channels information by the driver. This + * attribute carries bit masks of different filters defined in enum + * qca_wlan_vendor_usable_channels_filter. Optional attribute, if not present + * in the request the driver shall send information of channels without applying + * any of the filters that can be configured through this attribute. + * + * @QCA_WLAN_VENDOR_ATTR_USABLE_CHANNELS_CHAN_INFO: + * Nested attribute. This attribute shall be used by the driver to send + * usability information of each channel. The attributes defined in enum + * qca_wlan_vendor_attr_chan_info are used inside this attribute. + */ +enum qca_wlan_vendor_attr_usable_channels { + QCA_WLAN_VENDOR_ATTR_USABLE_CHANNELS_INVALID = 0, + QCA_WLAN_VENDOR_ATTR_USABLE_CHANNELS_BAND_MASK = 1, + QCA_WLAN_VENDOR_ATTR_USABLE_CHANNELS_IFACE_MODE_MASK = 2, + QCA_WLAN_VENDOR_ATTR_USABLE_CHANNELS_FILTER_MASK = 3, + QCA_WLAN_VENDOR_ATTR_USABLE_CHANNELS_CHAN_INFO = 4, + + /* keep last */ + QCA_WLAN_VENDOR_ATTR_USABLE_CHANNELS_AFTER_LAST, + QCA_WLAN_VENDOR_ATTR_USABLE_CHANNELS_MAX = + QCA_WLAN_VENDOR_ATTR_USABLE_CHANNELS_AFTER_LAST - 1, +}; + +/** + * enum qca_wlan_vendor_attr_radar_history: Used by the vendor command + * QCA_NL80211_VENDOR_SUBCMD_GET_RADAR_HISTORY to get DFS radar history. + * + * @QCA_WLAN_VENDOR_ATTR_RADAR_HISTORY_ENTRIES: Nested attribute to carry + * the list of radar history entries. + * Each entry contains freq, timestamp, and radar signal detect flag. + * The driver shall add an entry when CAC has finished, or radar signal + * has been detected post AP beaconing. The driver shall maintain at least + * 8 entries in order to save CAC result for a 160 MHz channel. + * @QCA_WLAN_VENDOR_ATTR_RADAR_HISTORY_FREQ: u32 attribute. + * Channel frequency in MHz. + * @QCA_WLAN_VENDOR_ATTR_RADAR_HISTORY_TIMESTAMP: u64 nanoseconds. + * CLOCK_BOOTTIME timestamp when this entry is updated due to CAC + * or radar detection. + * @QCA_WLAN_VENDOR_ATTR_RADAR_HISTORY_DETECTED: NLA_FLAG attribute. + * This flag indicates radar signal has been detected. + */ +enum qca_wlan_vendor_attr_radar_history { + QCA_WLAN_VENDOR_ATTR_RADAR_HISTORY_INVALID = 0, + + QCA_WLAN_VENDOR_ATTR_RADAR_HISTORY_ENTRIES = 1, + QCA_WLAN_VENDOR_ATTR_RADAR_HISTORY_FREQ = 2, + QCA_WLAN_VENDOR_ATTR_RADAR_HISTORY_TIMESTAMP = 3, + QCA_WLAN_VENDOR_ATTR_RADAR_HISTORY_DETECTED = 4, + + /* keep last */ + QCA_WLAN_VENDOR_ATTR_RADAR_HISTORY_LAST, + QCA_WLAN_VENDOR_ATTR_RADAR_HISTORY_MAX = + QCA_WLAN_VENDOR_ATTR_RADAR_HISTORY_LAST - 1, +}; + #endif /* QCA_VENDOR_H */ diff --git a/src/drivers/driver.h b/src/drivers/driver.h index 8ef9ea23a986..561882d0d024 100644 --- a/src/drivers/driver.h +++ b/src/drivers/driver.h @@ -2392,6 +2392,7 @@ enum tdls_peer_capability { TDLS_PEER_HT = BIT(0), TDLS_PEER_VHT = BIT(1), TDLS_PEER_WMM = BIT(2), + TDLS_PEER_HE = BIT(3), }; /* valid info in the wmm_params struct */ diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c index ed194be2a8a6..8eb033c78cf9 100644 --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c @@ -9200,6 +9200,28 @@ static int nl80211_start_radar_detection(void *priv, #ifdef CONFIG_TDLS +static int nl80211_add_peer_capab(struct nl_msg *msg, + enum tdls_peer_capability capa) +{ + u32 peer_capab = 0; + + if (!capa) + return 0; + + if (capa & TDLS_PEER_HT) + peer_capab |= NL80211_TDLS_PEER_HT; + if (capa & TDLS_PEER_VHT) + peer_capab |= NL80211_TDLS_PEER_VHT; + if (capa & TDLS_PEER_WMM) + peer_capab |= NL80211_TDLS_PEER_WMM; + if (capa & TDLS_PEER_HE) + peer_capab |= NL80211_TDLS_PEER_HE; + + return nla_put_u32(msg, NL80211_ATTR_TDLS_PEER_CAPABILITY, + peer_capab); +} + + static int nl80211_send_tdls_mgmt(void *priv, const u8 *dst, u8 action_code, u8 dialog_token, u16 status_code, u32 peer_capab, int initiator, const u8 *buf, @@ -9219,21 +9241,9 @@ static int nl80211_send_tdls_mgmt(void *priv, const u8 *dst, u8 action_code, nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) || nla_put_u8(msg, NL80211_ATTR_TDLS_ACTION, action_code) || nla_put_u8(msg, NL80211_ATTR_TDLS_DIALOG_TOKEN, dialog_token) || - nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, status_code)) - goto fail; - if (peer_capab) { - /* - * The internal enum tdls_peer_capability definition is - * currently identical with the nl80211 enum - * nl80211_tdls_peer_capability, so no conversion is needed - * here. - */ - if (nla_put_u32(msg, NL80211_ATTR_TDLS_PEER_CAPABILITY, - peer_capab)) - goto fail; - } - if ((initiator && - nla_put_flag(msg, NL80211_ATTR_TDLS_INITIATOR)) || + nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, status_code) || + nl80211_add_peer_capab(msg, peer_capab) || + (initiator && nla_put_flag(msg, NL80211_ATTR_TDLS_INITIATOR)) || nla_put(msg, NL80211_ATTR_IE, len, buf)) goto fail; @@ -10953,7 +10963,8 @@ static int add_acs_ch_list(struct nl_msg *msg, const int *freq_list) * compatibility. */ if (!(freq >= 2412 && freq <= 2484) && - !(freq >= 5180 && freq <= 5900)) + !(freq >= 5180 && freq <= 5900) && + !(freq >= 5945 && freq <= 7115)) continue; hw_mode = ieee80211_freq_to_chan(freq, &ch_list[num_channels]); if (hw_mode != NUM_HOSTAPD_MODES) diff --git a/src/drivers/nl80211_copy.h b/src/drivers/nl80211_copy.h index ac78da99fccd..f962c06e9818 100644 --- a/src/drivers/nl80211_copy.h +++ b/src/drivers/nl80211_copy.h @@ -655,6 +655,9 @@ * When a security association was established on an 802.1X network using * fast transition, this event should be followed by an * %NL80211_CMD_PORT_AUTHORIZED event. + * Following a %NL80211_CMD_ROAM event userspace can issue + * %NL80211_CMD_GET_SCAN in order to obtain the scan information for the + * new BSS the card/driver roamed to. * @NL80211_CMD_DISCONNECT: drop a given connection; also used to notify * userspace that a connection was dropped by the AP or due to other * reasons, for this the %NL80211_ATTR_DISCONNECTED_BY_AP and @@ -5937,6 +5940,16 @@ enum nl80211_feature_flags { * @NL80211_EXT_FEATURE_BEACON_RATE_HE: Driver supports beacon rate * configuration (AP/mesh) with HE rates. * + * @NL80211_EXT_FEATURE_SECURE_LTF: Device supports secure LTF measurement + * exchange protocol. + * + * @NL80211_EXT_FEATURE_SECURE_RTT: Device supports secure RTT measurement + * exchange protocol. + * + * @NL80211_EXT_FEATURE_PROT_RANGE_NEGO_AND_MEASURE: Device supports management + * frame protection for all management frames exchanged during the + * negotiation and range measurement procedure. + * * @NUM_NL80211_EXT_FEATURES: number of extended features. * @MAX_NL80211_EXT_FEATURES: highest extended feature index. */ @@ -5998,6 +6011,9 @@ enum nl80211_ext_feature_index { NL80211_EXT_FEATURE_FILS_DISCOVERY, NL80211_EXT_FEATURE_UNSOL_BCAST_PROBE_RESP, NL80211_EXT_FEATURE_BEACON_RATE_HE, + NL80211_EXT_FEATURE_SECURE_LTF, + NL80211_EXT_FEATURE_SECURE_RTT, + NL80211_EXT_FEATURE_PROT_RANGE_NEGO_AND_MEASURE, /* add new features before the definition below */ NUM_NL80211_EXT_FEATURES, @@ -6295,11 +6311,13 @@ struct nl80211_vendor_cmd_info { * @NL80211_TDLS_PEER_HT: TDLS peer is HT capable. * @NL80211_TDLS_PEER_VHT: TDLS peer is VHT capable. * @NL80211_TDLS_PEER_WMM: TDLS peer is WMM capable. + * @NL80211_TDLS_PEER_HE: TDLS peer is HE capable. */ enum nl80211_tdls_peer_capability { NL80211_TDLS_PEER_HT = 1<<0, NL80211_TDLS_PEER_VHT = 1<<1, NL80211_TDLS_PEER_WMM = 1<<2, + NL80211_TDLS_PEER_HE = 1<<3, }; /** @@ -6891,6 +6909,9 @@ enum nl80211_peer_measurement_ftm_capa { * if neither %NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED nor * %NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED is set, EDCA based * ranging will be used. + * @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK: negotiate for LMR feedback. Only + * valid if either %NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED or + * %NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED is set. * * @NUM_NL80211_PMSR_FTM_REQ_ATTR: internal * @NL80211_PMSR_FTM_REQ_ATTR_MAX: highest attribute number @@ -6909,6 +6930,7 @@ enum nl80211_peer_measurement_ftm_req { NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC, NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED, NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED, + NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK, /* keep last */ NUM_NL80211_PMSR_FTM_REQ_ATTR, diff --git a/src/rsn_supp/pmksa_cache.c b/src/rsn_supp/pmksa_cache.c index e481dd5d6943..cb2a8674a81b 100644 --- a/src/rsn_supp/pmksa_cache.c +++ b/src/rsn_supp/pmksa_cache.c @@ -376,7 +376,8 @@ pmksa_cache_clone_entry(struct rsn_pmksa_cache *pmksa, os_time_t old_expiration = old_entry->expiration; const u8 *pmkid = NULL; - if (wpa_key_mgmt_sae(old_entry->akmp)) + if (wpa_key_mgmt_sae(old_entry->akmp) || + wpa_key_mgmt_fils(old_entry->akmp)) pmkid = old_entry->pmkid; new_entry = pmksa_cache_add(pmksa, old_entry->pmk, old_entry->pmk_len, pmkid, NULL, 0, diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c index af692680c5fe..411cbf46a40d 100644 --- a/src/rsn_supp/tdls.c +++ b/src/rsn_supp/tdls.c @@ -1418,6 +1418,8 @@ static int wpa_tdls_send_tpk_m3(struct wpa_sm *sm, skip_ies: + if (peer->he_capabilities) + peer_capab |= TDLS_PEER_HE; if (peer->vht_capabilities) peer_capab |= TDLS_PEER_VHT; if (peer->ht_capabilities) diff --git a/tests/fuzzing/eap-aka-peer/eap-aka-peer.c b/tests/fuzzing/eap-aka-peer/eap-aka-peer.c index db06ed52b1de..ce7b0438c6b8 100644 --- a/tests/fuzzing/eap-aka-peer/eap-aka-peer.c +++ b/tests/fuzzing/eap-aka-peer/eap-aka-peer.c @@ -91,6 +91,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) struct eap_sm *sm; void *priv; struct eap_method_ret ret; + unsigned int count = 0; wpa_fuzzer_set_debug_level(); @@ -104,7 +105,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) pos = data; end = pos + size; - while (end - pos > 2) { + while (end - pos > 2 && count < 100) { u16 flen; struct wpabuf *buf, *req; @@ -121,6 +122,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) wpabuf_free(req); wpabuf_free(buf); pos += flen; + count++; } registered_eap_method->deinit(sm, priv); diff --git a/tests/fuzzing/eap-sim-peer/eap-sim-peer.c b/tests/fuzzing/eap-sim-peer/eap-sim-peer.c index b6798ee47869..743a94bbfd67 100644 --- a/tests/fuzzing/eap-sim-peer/eap-sim-peer.c +++ b/tests/fuzzing/eap-sim-peer/eap-sim-peer.c @@ -85,6 +85,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) struct eap_sm *sm; void *priv; struct eap_method_ret ret; + unsigned int count = 0; wpa_fuzzer_set_debug_level(); @@ -98,7 +99,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) pos = data; end = pos + size; - while (end - pos > 2) { + while (end - pos > 2 && count < 100) { u16 flen; struct wpabuf *buf, *req; @@ -115,6 +116,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) wpabuf_free(req); wpabuf_free(buf); pos += flen; + count++; } registered_eap_method->deinit(sm, priv); diff --git a/tests/hwsim/auth_serv/index.txt b/tests/hwsim/auth_serv/index.txt index 090cb9235bcf..94f59ea3798e 100644 --- a/tests/hwsim/auth_serv/index.txt +++ b/tests/hwsim/auth_serv/index.txt @@ -5,4 +5,4 @@ V 150215083008Z D8D3E3A6CBE3CCCB unknown /C=FI/O=w1.fi/CN=server5.w1.fi V 150228224144Z D8D3E3A6CBE3CCCC unknown /C=FI/O=w1.fi/CN=server6.w1.fi V 160111185024Z D8D3E3A6CBE3CCCD unknown /C=FI/O=w1.fi/CN=ocsp.w1.fi V 150929211300Z D8D3E3A6CBE3CCD1 unknown /C=FI/O=w1.fi/CN=Test User -V 210502195538Z D8D3E3A6CBE3CD5F unknown /C=FI/O=w1.fi/CN=server.w1.fi +V 220503170253Z D8D3E3A6CBE3CD69 unknown /C=FI/O=w1.fi/CN=server.w1.fi diff --git a/tests/hwsim/auth_serv/ocsp-multi-server-cache.der b/tests/hwsim/auth_serv/ocsp-multi-server-cache.der index 15ea6647d812..8f76fc838e16 100644 Binary files a/tests/hwsim/auth_serv/ocsp-multi-server-cache.der and b/tests/hwsim/auth_serv/ocsp-multi-server-cache.der differ diff --git a/tests/hwsim/auth_serv/ocsp-req.der b/tests/hwsim/auth_serv/ocsp-req.der index ebab4a025204..5d33b6972b16 100644 Binary files a/tests/hwsim/auth_serv/ocsp-req.der and b/tests/hwsim/auth_serv/ocsp-req.der differ diff --git a/tests/hwsim/auth_serv/ocsp-responder.pem b/tests/hwsim/auth_serv/ocsp-responder.pem index 778f1b8f6734..18fecde142d2 100644 --- a/tests/hwsim/auth_serv/ocsp-responder.pem +++ b/tests/hwsim/auth_serv/ocsp-responder.pem @@ -2,12 +2,12 @@ Certificate: Data: Version: 3 (0x2) Serial Number: - d8:d3:e3:a6:cb:e3:cd:67 + d8:d3:e3:a6:cb:e3:cd:72 Signature Algorithm: sha256WithRSAEncryption Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA Validity - Not Before: May 3 14:01:18 2020 GMT - Not After : May 3 14:01:18 2021 GMT + Not Before: May 3 17:02:53 2021 GMT + Not After : May 3 17:02:53 2022 GMT Subject: C=FI, O=w1.fi, CN=ocsp.w1.fi Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -40,25 +40,25 @@ Certificate: X509v3 Extended Key Usage: OCSP Signing Signature Algorithm: sha256WithRSAEncryption - 5d:f3:28:20:86:b7:cd:da:e2:e8:15:7a:97:52:79:63:69:0b: - 92:96:53:89:69:a5:79:19:d1:7e:75:71:9c:e4:33:26:99:cc: - b9:fe:28:1a:40:a7:5f:83:ee:51:cd:fc:e4:cf:71:45:90:ba: - 36:25:51:37:4c:19:9f:0e:fc:36:d5:64:05:8e:10:20:aa:53: - 1e:e5:49:64:ae:54:7d:f3:51:a1:31:af:5f:30:46:5c:d0:db: - 6d:fc:07:68:7e:63:26:24:82:52:cd:e0:3e:d1:fd:9b:e8:00: - 93:e7:94:8c:d6:14:51:23:82:3b:51:ac:39:3d:6f:81:c7:ff: - fb:7a:92:eb:ec:c4:7e:0b:e6:16:5c:31:5f:a1:84:28:b3:ad: - 75:8c:c3:c6:0c:b2:1a:23:4d:6c:a5:c7:e4:47:aa:5c:0d:ab: - 75:40:a2:bd:9a:76:cb:50:ff:18:8c:c1:c0:bd:02:dd:51:1d: - d3:64:43:2c:a6:a8:40:42:c5:90:59:4c:76:56:a8:28:4d:df: - 2d:8f:99:c3:2a:a9:f2:cc:5a:90:fc:29:6b:8e:f0:8e:89:79: - c1:b1:70:8b:2e:cb:98:d6:cf:46:ed:1a:c4:f7:32:78:5d:ca: - b1:0c:5a:05:99:45:f1:1a:80:48:1d:4f:83:7f:30:e9:ca:8f: - 83:ff:f3:0b + b9:ef:0b:f2:ad:4b:e1:ac:0b:34:e2:ed:a7:db:20:3d:51:12: + 62:f8:1a:e4:b7:25:8a:3e:fa:be:98:2e:e0:33:d8:d1:97:a6: + 27:2a:c7:ba:05:ef:9b:f4:36:a2:b7:55:fc:85:fe:39:99:aa: + fe:b6:a0:cd:68:6b:3a:fd:a5:cc:63:e3:b2:90:70:bd:85:d8: + 29:47:ba:d8:ae:46:46:4a:af:e6:19:4f:7e:b3:42:74:3b:1f: + c4:00:8f:a5:15:eb:cc:3d:d6:9d:92:c5:0a:61:78:10:0b:2a: + 18:4e:eb:cd:74:32:c0:fb:d1:7d:00:3e:c3:00:4e:a6:c0:4e: + 9b:b7:78:b7:5f:aa:96:d8:91:88:d5:83:fa:a3:65:69:b3:94: + e0:a9:4f:90:8d:64:ef:2e:bf:86:37:8a:61:3c:e9:a1:81:39: + 08:75:d9:ea:c8:d6:5b:56:b0:f2:1a:36:2d:82:93:41:45:71: + c0:a1:f0:25:39:30:ef:44:79:ad:8b:18:fd:06:4c:c0:4b:62: + cf:f1:fb:bc:7b:ee:38:09:05:44:fa:4a:3c:c4:53:b9:68:18: + c1:6c:e4:ae:e0:ce:00:70:67:d1:37:ce:90:c6:0e:dc:c0:e3: + c8:01:5d:33:32:ab:c4:cb:45:1c:27:36:f7:b2:31:f7:99:8c: + b1:72:65:89 -----BEGIN CERTIFICATE----- -MIIDJTCCAg2gAwIBAgIJANjT46bL481nMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV +MIIDJTCCAg2gAwIBAgIJANjT46bL481yMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE -AwwHUm9vdCBDQTAeFw0yMDA1MDMxNDAxMThaFw0yMTA1MDMxNDAxMThaMDIxCzAJ +AwwHUm9vdCBDQTAeFw0yMTA1MDMxNzAyNTNaFw0yMjA1MDMxNzAyNTNaMDIxCzAJ BgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTETMBEGA1UEAwwKb2NzcC53MS5maTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKcihV27OxwCmgFzqohjbqFD M7X9Av4fyCMEi4xRUlvgzGJgKqq6iE9BOWv7NMCiencu4Vae78quZ9X5i1+rrofh @@ -67,10 +67,10 @@ S+siwl2+/zZvQifYS8bhvvgIz6z9UTCi6IATAAW2BVVCC/oeQIRQCYwlNVQlRTmf TnwK2cRKDBZOPmh/G63JUwhcuATU1pNi/a/5tB30lj6bnRRtHGwjrj3HtM8xkCBq gJliflzp1dW9WU2j2dzp++h7ZYfV+Umevg7zqSHelOhU/IDP2uOPmsZMdhgO/qsC AwEAAaMvMC0wCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwEwYDVR0lBAwwCgYIKwYB -BQUHAwkwDQYJKoZIhvcNAQELBQADggEBAF3zKCCGt83a4ugVepdSeWNpC5KWU4lp -pXkZ0X51cZzkMyaZzLn+KBpAp1+D7lHN/OTPcUWQujYlUTdMGZ8O/DbVZAWOECCq -Ux7lSWSuVH3zUaExr18wRlzQ2238B2h+YyYkglLN4D7R/ZvoAJPnlIzWFFEjgjtR -rDk9b4HH//t6kuvsxH4L5hZcMV+hhCizrXWMw8YMshojTWylx+RHqlwNq3VAor2a -dstQ/xiMwcC9At1RHdNkQyymqEBCxZBZTHZWqChN3y2PmcMqqfLMWpD8KWuO8I6J -ecGxcIsuy5jWz0btGsT3MnhdyrEMWgWZRfEagEgdT4N/MOnKj4P/8ws= +BQUHAwkwDQYJKoZIhvcNAQELBQADggEBALnvC/KtS+GsCzTi7afbID1REmL4GuS3 +JYo++r6YLuAz2NGXpicqx7oF75v0NqK3VfyF/jmZqv62oM1oazr9pcxj47KQcL2F +2ClHutiuRkZKr+YZT36zQnQ7H8QAj6UV68w91p2SxQpheBALKhhO6810MsD70X0A +PsMATqbATpu3eLdfqpbYkYjVg/qjZWmzlOCpT5CNZO8uv4Y3imE86aGBOQh12erI +1ltWsPIaNi2Ck0FFccCh8CU5MO9Eea2LGP0GTMBLYs/x+7x77jgJBUT6SjzEU7lo +GMFs5K7gzgBwZ9E3zpDGDtzA48gBXTMyq8TLRRwnNveyMfeZjLFyZYk= -----END CERTIFICATE----- diff --git a/tests/hwsim/auth_serv/ocsp-server-cache.der b/tests/hwsim/auth_serv/ocsp-server-cache.der index a1661ef668f3..342215977079 100644 Binary files a/tests/hwsim/auth_serv/ocsp-server-cache.der and b/tests/hwsim/auth_serv/ocsp-server-cache.der differ diff --git a/tests/hwsim/auth_serv/server-certpol.pem b/tests/hwsim/auth_serv/server-certpol.pem index d0145426458d..b72f528fe294 100644 --- a/tests/hwsim/auth_serv/server-certpol.pem +++ b/tests/hwsim/auth_serv/server-certpol.pem @@ -2,12 +2,12 @@ Certificate: Data: Version: 3 (0x2) Serial Number: - d8:d3:e3:a6:cb:e3:cd:63 + d8:d3:e3:a6:cb:e3:cd:6f Signature Algorithm: sha256WithRSAEncryption Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA Validity - Not Before: May 2 19:55:38 2020 GMT - Not After : May 2 19:55:38 2021 GMT + Not Before: May 3 17:02:53 2021 GMT + Not After : May 3 17:02:53 2022 GMT Subject: C=FI, O=w1.fi, CN=server-policies.w1.fi Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -59,25 +59,25 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication Signature Algorithm: sha256WithRSAEncryption - b8:ef:8e:09:f5:67:a3:d6:5c:92:d2:55:f8:f2:52:e4:cd:ea: - 87:a6:aa:42:73:b2:b4:30:d8:80:3f:aa:d5:f2:65:32:b9:88: - 7d:f1:b2:c2:c1:fe:17:c7:76:7e:d9:7b:4b:1a:87:dc:1f:f6: - 57:0d:8b:5f:2a:5d:e2:7f:f4:8d:39:3a:a4:9e:9d:f3:c1:58: - cf:04:fd:72:40:c2:9a:ef:98:b2:6a:67:86:27:2c:f6:e6:dd: - b1:a0:20:b1:c0:cf:fb:00:43:1f:6f:ac:b2:3f:02:a6:87:80: - 18:74:6b:0b:26:07:d3:7a:72:1c:c7:1d:a7:dc:13:cb:70:ac: - 24:2e:45:9c:bf:53:de:ea:eb:50:4a:60:87:26:8a:28:4e:16: - 76:91:b1:b3:e2:4d:66:fd:12:60:ed:24:59:f4:f9:47:59:d1: - 4c:6e:d1:9d:55:d4:72:d8:c4:da:2f:b4:73:20:d3:7e:f7:9f: - 6e:99:b8:06:1d:5f:8c:18:ab:a3:a8:fa:50:52:50:e5:2b:c9: - fa:1d:fe:f0:ce:33:19:d5:38:e6:ba:90:c9:5e:e6:67:60:e0: - 50:16:7c:4c:08:89:d2:e2:fe:bc:57:0f:ef:83:75:ec:1d:f3: - 10:07:ce:c2:d6:30:44:f2:ec:b9:78:71:c2:41:8d:78:e4:d6: - 67:42:d7:f5 + ae:91:58:d8:0f:03:02:4e:84:da:cd:13:7d:5c:d0:52:04:08: + 7f:ea:12:73:5d:ad:a1:64:a2:0d:e6:83:ca:fa:35:7d:1e:35: + bd:24:5d:19:b7:1b:f4:dd:75:a0:86:60:65:e0:73:69:55:ae: + 37:13:82:99:ad:8a:fb:de:73:51:45:b6:38:e0:3a:6c:b0:f1: + e8:b3:09:10:f9:89:87:c9:64:be:ac:27:c2:cc:e9:1b:dc:0f: + c4:37:8e:1e:a3:16:2c:42:ed:da:c9:27:c0:ee:fd:45:62:b1: + e6:71:ca:a5:a3:3b:6b:62:03:fb:a3:aa:fd:b4:0e:e2:3f:d1: + c1:27:92:54:e8:fa:34:01:d3:4f:22:6e:00:24:e7:34:7a:e6: + ef:6e:d3:6b:ae:f2:a9:df:dd:79:1b:1f:ee:52:56:69:26:dc: + 0e:e8:48:9f:36:11:0e:c7:7c:48:ec:0a:c2:d6:ea:f7:9a:06: + 65:e1:6c:77:45:76:51:2d:74:2d:16:6a:0b:1b:76:d7:46:2f: + e1:30:ea:59:c9:0f:da:43:c6:bf:4b:0e:31:9c:ae:80:0a:bb: + 86:d0:ee:91:0d:9a:72:3e:8d:c4:bc:08:43:d2:31:ba:06:2b: + b6:27:ba:f1:bb:56:22:1a:f8:b4:46:32:da:bf:0a:1c:a6:1e: + 4b:03:23:c1 -----BEGIN CERTIFICATE----- -MIIEWDCCA0CgAwIBAgIJANjT46bL481jMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV +MIIEWDCCA0CgAwIBAgIJANjT46bL481vMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE -AwwHUm9vdCBDQTAeFw0yMDA1MDIxOTU1MzhaFw0yMTA1MDIxOTU1MzhaMD0xCzAJ +AwwHUm9vdCBDQTAeFw0yMTA1MDMxNzAyNTNaFw0yMjA1MDMxNzAyNTNaMD0xCzAJ BgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEeMBwGA1UEAwwVc2VydmVyLXBvbGlj aWVzLncxLmZpMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA0qbvm71g Y6F1rUvTb1lehPpkoGQkC3hI/I1miy9uHUQrrsNtlLrLozS+C05HjVvZmaaoBwmH @@ -92,11 +92,11 @@ gdYwgdMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUPq0NTX76okrV9THqtrS/g7FVfscw HwYDVR0jBBgwFoAUpP25ORuBs6rriB3Ugam1EXDMp+EwNQYIKwYBBQUHAQEEKTAn MCUGCCsGAQUFBzABhhlodHRwOi8vc2VydmVyLncxLmZpOjg4ODgvMCAGA1UdEQQZ MBeCFXNlcnZlci1wb2xpY2llcy53MS5maTAYBgNVHSAEETAPMA0GCysGAQQBgr5o -AQMBMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQC4744J -9Wej1lyS0lX48lLkzeqHpqpCc7K0MNiAP6rV8mUyuYh98bLCwf4Xx3Z+2XtLGofc -H/ZXDYtfKl3if/SNOTqknp3zwVjPBP1yQMKa75iyameGJyz25t2xoCCxwM/7AEMf -b6yyPwKmh4AYdGsLJgfTenIcxx2n3BPLcKwkLkWcv1Pe6utQSmCHJoooThZ2kbGz -4k1m/RJg7SRZ9PlHWdFMbtGdVdRy2MTaL7RzINN+959umbgGHV+MGKujqPpQUlDl -K8n6Hf7wzjMZ1TjmupDJXuZnYOBQFnxMCInS4v68Vw/vg3XsHfMQB87C1jBE8uy5 -eHHCQY145NZnQtf1 +AQMBMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQCukVjY +DwMCToTazRN9XNBSBAh/6hJzXa2hZKIN5oPK+jV9HjW9JF0Ztxv03XWghmBl4HNp +Va43E4KZrYr73nNRRbY44DpssPHoswkQ+YmHyWS+rCfCzOkb3A/EN44eoxYsQu3a +ySfA7v1FYrHmccqloztrYgP7o6r9tA7iP9HBJ5JU6Po0AdNPIm4AJOc0eubvbtNr +rvKp3915Gx/uUlZpJtwO6EifNhEOx3xI7ArC1ur3mgZl4Wx3RXZRLXQtFmoLG3bX +Ri/hMOpZyQ/aQ8a/Sw4xnK6ACruG0O6RDZpyPo3EvAhD0jG6Biu2J7rxu1YiGvi0 +RjLavwocph5LAyPB -----END CERTIFICATE----- diff --git a/tests/hwsim/auth_serv/server-certpol2.pem b/tests/hwsim/auth_serv/server-certpol2.pem index 92c853da2fa8..cc8ff5789e4a 100644 --- a/tests/hwsim/auth_serv/server-certpol2.pem +++ b/tests/hwsim/auth_serv/server-certpol2.pem @@ -2,12 +2,12 @@ Certificate: Data: Version: 3 (0x2) Serial Number: - d8:d3:e3:a6:cb:e3:cd:64 + d8:d3:e3:a6:cb:e3:cd:70 Signature Algorithm: sha256WithRSAEncryption Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA Validity - Not Before: May 2 19:55:38 2020 GMT - Not After : May 2 19:55:38 2021 GMT + Not Before: May 3 17:02:53 2021 GMT + Not After : May 3 17:02:53 2022 GMT Subject: C=FI, O=w1.fi, CN=server-policies2.w1.fi Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -59,25 +59,25 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication Signature Algorithm: sha256WithRSAEncryption - 7d:38:98:e6:21:03:e4:1a:44:08:91:ca:21:31:5c:97:66:74: - 4c:0a:84:21:83:92:22:63:53:8d:06:1f:48:62:c1:e3:ce:e9: - 74:2a:63:0b:2b:f9:b5:d0:63:37:39:4c:b4:29:9e:98:49:48: - 1f:cd:bc:28:5f:81:56:ee:d9:d9:f7:51:6b:31:62:3a:a4:59: - 98:f3:18:3d:f9:c1:d8:71:6d:85:e1:67:0e:d6:cc:ab:61:22: - 46:f1:38:11:53:74:41:44:22:63:ac:e7:6b:12:b6:39:20:7f: - fe:e2:c7:aa:e6:80:64:d7:24:92:4e:79:fa:9d:41:75:45:30: - 4b:2b:ce:d9:b0:38:25:79:81:b3:c4:4b:60:a1:24:9f:ad:c7: - 37:b9:44:d5:02:7c:2a:05:7f:d3:f1:76:21:6a:67:d7:a9:ab: - e0:3e:4c:90:30:28:8a:75:58:ae:6a:98:39:b6:6c:f6:eb:9f: - c8:24:11:a3:33:0f:aa:30:05:23:ab:1f:4f:f4:55:f3:b8:6b: - c5:dc:dc:32:15:58:fd:cc:cf:ba:f5:9a:1b:4e:58:68:85:b7: - eb:b0:db:e9:a9:87:f9:b0:4e:c9:43:79:26:97:75:ff:d4:55: - 01:f7:c6:f5:21:56:8b:f7:f3:80:a2:f4:3f:50:2a:e3:60:52: - b6:5c:83:14 + 58:a7:cd:3e:71:b1:2c:df:ab:0e:bb:37:68:95:6d:20:75:c0: + 38:96:e2:56:eb:57:4a:d7:43:93:d2:28:a7:d9:82:ff:eb:aa: + 03:c3:c4:06:09:04:1e:1b:f0:18:2a:27:32:30:22:97:93:21: + 06:e8:2b:4f:73:dc:84:39:6f:e9:ad:2e:d6:e3:c1:e9:36:59: + aa:7c:d0:a5:3e:23:9a:bc:db:d9:bf:38:f6:21:ef:bd:0e:4b: + 4d:4d:5d:0e:8a:ae:fe:d0:47:ae:8f:4d:fc:c2:bb:5b:8f:a4: + 06:4d:0b:26:e3:9e:f8:dd:d1:e0:21:92:55:17:85:49:09:ad: + 45:24:e5:05:55:68:b9:45:36:af:0d:b8:6f:eb:66:3d:fb:ab: + 68:c4:d2:e7:7e:6a:a9:ad:23:4a:25:72:db:ae:96:03:a5:c7: + 3f:a4:8e:f8:7c:16:5a:c4:32:53:9f:56:eb:a4:f1:99:dc:ac: + 0b:4f:2d:0f:f1:03:ca:ba:b2:0b:6f:9f:4d:90:84:66:3a:a5: + b3:f0:a2:50:59:cb:1b:19:af:6d:62:95:73:a4:94:76:8d:3e: + 18:49:72:be:42:a1:66:a6:ee:d7:08:51:da:8b:d8:d6:6d:36: + e2:2f:4b:78:74:2c:10:17:0c:84:16:14:ba:b8:10:28:dc:0b: + 22:aa:40:93 -----BEGIN CERTIFICATE----- -MIIEWjCCA0KgAwIBAgIJANjT46bL481kMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV +MIIEWjCCA0KgAwIBAgIJANjT46bL481wMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE -AwwHUm9vdCBDQTAeFw0yMDA1MDIxOTU1MzhaFw0yMTA1MDIxOTU1MzhaMD4xCzAJ +AwwHUm9vdCBDQTAeFw0yMTA1MDMxNzAyNTNaFw0yMjA1MDMxNzAyNTNaMD4xCzAJ BgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEfMB0GA1UEAwwWc2VydmVyLXBvbGlj aWVzMi53MS5maTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAOZQ0SgF J2zUQtNCx8xTqWvCo6sgbxc0neQdMdDEaGVC1ei9qrjk6fbuLnXNaoz2jqqvbHzr @@ -92,11 +92,11 @@ o4HXMIHUMAkGA1UdEwQCMAAwHQYDVR0OBBYEFE4Bi37Cd5ThaLPEKTUkBQvehEqJ MB8GA1UdIwQYMBaAFKT9uTkbgbOq64gd1IGptRFwzKfhMDUGCCsGAQUFBwEBBCkw JzAlBggrBgEFBQcwAYYZaHR0cDovL3NlcnZlci53MS5maTo4ODg4LzAhBgNVHREE GjAYghZzZXJ2ZXItcG9saWNpZXMyLncxLmZpMBgGA1UdIAQRMA8wDQYLKwYBBAGC -vmgBAwIwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAH04 -mOYhA+QaRAiRyiExXJdmdEwKhCGDkiJjU40GH0hiwePO6XQqYwsr+bXQYzc5TLQp -nphJSB/NvChfgVbu2dn3UWsxYjqkWZjzGD35wdhxbYXhZw7WzKthIkbxOBFTdEFE -ImOs52sStjkgf/7ix6rmgGTXJJJOefqdQXVFMEsrztmwOCV5gbPES2ChJJ+txze5 -RNUCfCoFf9PxdiFqZ9epq+A+TJAwKIp1WK5qmDm2bPbrn8gkEaMzD6owBSOrH0/0 -VfO4a8Xc3DIVWP3Mz7r1mhtOWGiFt+uw2+mph/mwTslDeSaXdf/UVQH3xvUhVov3 -84Ci9D9QKuNgUrZcgxQ= +vmgBAwIwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAFin +zT5xsSzfqw67N2iVbSB1wDiW4lbrV0rXQ5PSKKfZgv/rqgPDxAYJBB4b8BgqJzIw +IpeTIQboK09z3IQ5b+mtLtbjwek2Wap80KU+I5q829m/OPYh770OS01NXQ6Krv7Q +R66PTfzCu1uPpAZNCybjnvjd0eAhklUXhUkJrUUk5QVVaLlFNq8NuG/rZj37q2jE +0ud+aqmtI0olctuulgOlxz+kjvh8FlrEMlOfVuuk8ZncrAtPLQ/xA8q6sgtvn02Q +hGY6pbPwolBZyxsZr21ilXOklHaNPhhJcr5CoWam7tcIUdqL2NZtNuIvS3h0LBAX +DIQWFLq4ECjcCyKqQJM= -----END CERTIFICATE----- diff --git a/tests/hwsim/auth_serv/server-eku-client-server.pem b/tests/hwsim/auth_serv/server-eku-client-server.pem index b44f82c54a12..6286160390f0 100644 --- a/tests/hwsim/auth_serv/server-eku-client-server.pem +++ b/tests/hwsim/auth_serv/server-eku-client-server.pem @@ -2,12 +2,12 @@ Certificate: Data: Version: 3 (0x2) Serial Number: - d8:d3:e3:a6:cb:e3:cd:62 + d8:d3:e3:a6:cb:e3:cd:6d Signature Algorithm: sha256WithRSAEncryption Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA Validity - Not Before: May 2 19:55:38 2020 GMT - Not After : May 2 19:55:38 2021 GMT + Not Before: May 3 17:02:53 2021 GMT + Not After : May 3 17:02:53 2022 GMT Subject: C=FI, O=w1.fi, CN=server6.w1.fi Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -46,25 +46,25 @@ Certificate: X509v3 Extended Key Usage: TLS Web Client Authentication, TLS Web Server Authentication Signature Algorithm: sha256WithRSAEncryption - 5f:6e:13:f9:af:c4:47:4d:78:19:5e:d2:bb:21:55:c3:4b:64: - 42:94:fe:37:7b:3a:4a:fc:42:f1:fc:b3:c3:05:93:46:39:cd: - a3:40:c9:90:47:a2:6b:af:d8:21:a9:1e:11:02:c8:84:e2:b2: - 8b:52:ad:30:49:e7:80:16:98:d2:0c:01:56:c2:f5:6c:a4:98: - b0:a2:af:6c:e8:6e:6d:9b:31:21:22:91:51:81:e1:f0:0d:eb: - 97:96:98:58:84:b3:29:a6:8f:d2:b5:ce:37:a7:64:b8:7f:fb: - f7:15:3c:c0:c7:2a:7f:bb:50:67:a0:5b:55:65:5d:1f:0a:90: - 10:16:c1:93:cd:a3:ab:8b:4b:9a:f0:e2:e7:ac:e6:5a:fd:bf: - 46:37:92:3e:f7:f5:d8:57:87:c2:88:cc:b1:40:06:92:d5:f0: - f2:3d:c5:d0:fd:48:5c:bf:bf:5b:da:82:11:55:6d:95:17:f2: - 43:be:8e:e7:f5:0e:d3:b3:de:65:ea:8c:85:4b:bd:4d:93:f0: - 6f:8b:2f:0e:fb:9f:cb:65:e8:72:68:92:43:08:1d:3e:1f:5a: - e5:1c:5d:7e:16:06:04:23:9e:c0:82:8a:a6:33:66:c3:3f:2a: - ad:1a:5a:90:02:56:3a:e6:45:d9:f1:02:a5:cd:16:63:03:04: - 42:85:1c:49 + 97:a5:19:d6:b9:1e:74:53:d4:38:5d:95:2a:8c:6f:88:10:c4: + 47:28:29:4e:08:65:51:8f:af:34:1e:17:7a:62:7c:8e:f4:c4: + 6d:ed:94:a9:fa:03:85:9d:7d:01:f8:e3:03:a4:a7:52:0c:6e: + 46:db:de:44:bc:ce:b3:5a:fc:72:01:a0:b2:49:b2:b2:ce:de: + 46:d4:68:d7:70:94:7b:48:b9:c9:6c:78:d3:68:3d:4f:66:15: + 7d:99:ac:65:70:0f:62:ed:b5:a5:b4:69:c4:bc:57:f5:ea:1d: + 3c:cd:99:36:6f:86:bc:57:69:76:58:fd:15:5d:8d:ed:0c:ca: + d8:bb:8e:7d:72:39:ff:04:e9:35:88:88:fa:5c:d7:f5:10:f5: + 19:4f:2d:90:2f:f3:82:36:7f:4f:45:c5:98:97:f5:f0:61:86: + 64:ce:b7:24:98:85:f1:59:59:67:ee:51:d0:e7:37:fb:2f:a7: + 5d:a5:91:a3:f9:97:a8:54:4d:df:ec:22:d1:3e:0e:4d:5c:40: + 11:2a:43:7d:69:36:73:5e:be:c8:73:d4:74:99:5f:c8:87:c1: + 99:c0:e6:38:af:f2:8c:39:b7:65:90:a8:58:fa:a2:99:69:e6: + ad:77:3e:94:fc:82:38:cf:5f:17:77:e8:4e:6a:8b:75:21:ce: + 9b:7f:6c:00 -----BEGIN CERTIFICATE----- -MIIDnjCCAoagAwIBAgIJANjT46bL481iMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV +MIIDnjCCAoagAwIBAgIJANjT46bL481tMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE -AwwHUm9vdCBDQTAeFw0yMDA1MDIxOTU1MzhaFw0yMTA1MDIxOTU1MzhaMDUxCzAJ +AwwHUm9vdCBDQTAeFw0yMTA1MDMxNzAyNTNaFw0yMjA1MDMxNzAyNTNaMDUxCzAJ BgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEWMBQGA1UEAwwNc2VydmVyNi53MS5m aTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAj9IASvkpkTa+Zr1Lv jfVzmhooK5Lo1JAlPoVHn8nEuXo1JIQvHlEWZtOsMerxY6RM6ibw+mHHn/J0aWp4 @@ -76,10 +76,10 @@ kXECAwEAAaOBpDCBoTAJBgNVHRMEAjAAMB0GA1UdDgQWBBSr0ojKnEQmiS7AuY1G 3VxpAp4ByzAfBgNVHSMEGDAWgBSk/bk5G4GzquuIHdSBqbURcMyn4TA1BggrBgEF BQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9zZXJ2ZXIudzEuZmk6ODg4OC8w HQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IB -AQBfbhP5r8RHTXgZXtK7IVXDS2RClP43ezpK/ELx/LPDBZNGOc2jQMmQR6Jrr9gh -qR4RAsiE4rKLUq0wSeeAFpjSDAFWwvVspJiwoq9s6G5tmzEhIpFRgeHwDeuXlphY -hLMppo/Stc43p2S4f/v3FTzAxyp/u1BnoFtVZV0fCpAQFsGTzaOri0ua8OLnrOZa -/b9GN5I+9/XYV4fCiMyxQAaS1fDyPcXQ/Uhcv79b2oIRVW2VF/JDvo7n9Q7Ts95l -6oyFS71Nk/Bviy8O+5/LZehyaJJDCB0+H1rlHF1+FgYEI57AgoqmM2bDPyqtGlqQ -AlY65kXZ8QKlzRZjAwRChRxJ +AQCXpRnWuR50U9Q4XZUqjG+IEMRHKClOCGVRj680Hhd6YnyO9MRt7ZSp+gOFnX0B ++OMDpKdSDG5G295EvM6zWvxyAaCySbKyzt5G1GjXcJR7SLnJbHjTaD1PZhV9maxl +cA9i7bWltGnEvFf16h08zZk2b4a8V2l2WP0VXY3tDMrYu459cjn/BOk1iIj6XNf1 +EPUZTy2QL/OCNn9PRcWYl/XwYYZkzrckmIXxWVln7lHQ5zf7L6ddpZGj+ZeoVE3f +7CLRPg5NXEARKkN9aTZzXr7Ic9R0mV/Ih8GZwOY4r/KMObdlkKhY+qKZaeatdz6U +/II4z18Xd+hOaot1Ic6bf2wA -----END CERTIFICATE----- diff --git a/tests/hwsim/auth_serv/server-eku-client.pem b/tests/hwsim/auth_serv/server-eku-client.pem index 2e6afa2876c3..af5c5c24eb86 100644 --- a/tests/hwsim/auth_serv/server-eku-client.pem +++ b/tests/hwsim/auth_serv/server-eku-client.pem @@ -2,12 +2,12 @@ Certificate: Data: Version: 3 (0x2) Serial Number: - d8:d3:e3:a6:cb:e3:cd:61 + d8:d3:e3:a6:cb:e3:cd:6c Signature Algorithm: sha256WithRSAEncryption Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA Validity - Not Before: May 2 19:55:38 2020 GMT - Not After : May 2 19:55:38 2021 GMT + Not Before: May 3 17:02:53 2021 GMT + Not After : May 3 17:02:53 2022 GMT Subject: C=FI, O=w1.fi, CN=server5.w1.fi Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -46,25 +46,25 @@ Certificate: X509v3 Extended Key Usage: TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - 22:02:38:3d:90:2f:5d:54:b9:36:61:fd:29:40:c0:88:5d:eb: - 63:ec:b3:6d:9b:55:8f:10:6b:b7:4b:8a:3f:89:79:fa:52:87: - 8d:91:3b:2e:ee:84:ae:f8:2d:8e:1d:35:72:cd:b8:7d:9d:98: - d3:88:9d:05:c7:85:e7:1a:29:4d:cb:00:da:a3:21:a0:f5:f3: - 52:f5:80:88:cb:2a:4f:d9:9b:56:c0:37:13:61:74:64:61:fb: - 8c:25:18:9c:96:e2:f8:bb:e2:48:60:e3:12:d8:a9:d9:9e:93: - e8:cd:46:f5:eb:b3:17:62:66:d1:5d:ea:c2:09:d1:7a:34:d2: - e0:88:1d:7f:6f:71:25:70:50:d8:51:93:61:8e:70:da:c2:ba: - f0:44:81:be:81:54:d6:3c:da:a6:54:62:40:bd:d1:2e:ce:1c: - dd:29:49:ba:b5:12:7e:42:64:54:b2:99:93:60:67:6e:1a:63: - 4b:da:b4:96:28:90:81:c4:28:05:28:64:ff:c6:7a:b3:8c:68: - 12:e3:28:64:00:82:88:bc:75:46:d2:e7:f9:0a:93:4c:5d:c8: - 99:27:4c:40:65:0d:ec:b2:86:ea:76:e2:28:c5:77:6b:3d:fc: - 91:30:89:0a:0b:e0:d4:59:cf:30:de:5f:f6:50:15:5a:40:01: - e2:a5:39:cf + 95:fa:5c:72:fc:2e:aa:a2:b4:f9:22:11:d2:84:33:91:f4:2c: + 27:59:b9:2d:0c:46:b1:cb:58:2e:66:bd:ed:8d:f8:ad:45:a2: + 37:7c:51:41:42:5a:ca:8a:c6:8b:3d:60:0f:6e:88:d9:44:25: + d2:e1:5c:92:fb:38:2e:90:a1:c4:d0:81:07:59:79:58:50:23: + f5:1d:f9:ac:11:99:51:eb:78:49:64:11:84:4c:ce:6f:6a:5d: + 51:1d:2f:99:10:e9:f2:46:33:94:5c:8c:be:0d:26:bb:27:57: + e7:c8:f1:c3:9e:8f:10:04:2f:8a:a0:cd:39:af:01:1c:19:b0: + f9:da:38:6f:e8:2e:df:7d:ec:05:0c:09:bc:56:01:50:15:63: + 50:a5:06:55:37:04:7e:74:a0:08:20:e3:29:c6:c3:36:87:76: + 1f:f2:98:dc:cf:58:cd:c6:17:51:46:d2:ff:3a:97:4d:b2:27: + bb:8c:f0:13:79:53:2b:a7:cf:e5:88:7c:eb:33:b8:54:c4:2e: + 64:de:34:af:4e:74:05:b1:13:fd:ed:54:60:2c:31:b8:7f:a6: + 0d:4f:dd:9d:e3:0d:aa:ad:ba:0d:25:07:c2:0d:53:a8:f4:93: + 37:75:60:2b:75:5f:db:53:d8:44:fd:4d:c9:91:4e:6a:ca:6d: + a5:ae:ba:74 -----BEGIN CERTIFICATE----- -MIIDlDCCAnygAwIBAgIJANjT46bL481hMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV +MIIDlDCCAnygAwIBAgIJANjT46bL481sMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE -AwwHUm9vdCBDQTAeFw0yMDA1MDIxOTU1MzhaFw0yMTA1MDIxOTU1MzhaMDUxCzAJ +AwwHUm9vdCBDQTAeFw0yMTA1MDMxNzAyNTNaFw0yMjA1MDMxNzAyNTNaMDUxCzAJ BgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEWMBQGA1UEAwwNc2VydmVyNS53MS5m aTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKWUYIC4yGEYjAKd3MzE dNEXtTtHnDgPO5J0++onRUSKmipNECWOd84aCclzGf7ccDZejPqPTIS793LklE/8 @@ -75,11 +75,11 @@ u9jjFCVw3tHHnVnPJEbH9W5vg2btGx0+UQSUZ2TfUSI8wOEkCjdq3GqL/UVbli0D rGMCAwEAAaOBmjCBlzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQyn58wJHNzy41TOoAj 61tdTN0GATAfBgNVHSMEGDAWgBSk/bk5G4GzquuIHdSBqbURcMyn4TA1BggrBgEF BQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9zZXJ2ZXIudzEuZmk6ODg4OC8w -EwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBACICOD2QL11U -uTZh/SlAwIhd62Pss22bVY8Qa7dLij+JefpSh42ROy7uhK74LY4dNXLNuH2dmNOI -nQXHhecaKU3LANqjIaD181L1gIjLKk/Zm1bANxNhdGRh+4wlGJyW4vi74khg4xLY -qdmek+jNRvXrsxdiZtFd6sIJ0Xo00uCIHX9vcSVwUNhRk2GOcNrCuvBEgb6BVNY8 -2qZUYkC90S7OHN0pSbq1En5CZFSymZNgZ24aY0vatJYokIHEKAUoZP/GerOMaBLj -KGQAgoi8dUbS5/kKk0xdyJknTEBlDeyyhup24ijFd2s9/JEwiQoL4NRZzzDeX/ZQ -FVpAAeKlOc8= +EwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAJX6XHL8Lqqi +tPkiEdKEM5H0LCdZuS0MRrHLWC5mve2N+K1Fojd8UUFCWsqKxos9YA9uiNlEJdLh +XJL7OC6QocTQgQdZeVhQI/Ud+awRmVHreElkEYRMzm9qXVEdL5kQ6fJGM5RcjL4N +JrsnV+fI8cOejxAEL4qgzTmvARwZsPnaOG/oLt997AUMCbxWAVAVY1ClBlU3BH50 +oAgg4ynGwzaHdh/ymNzPWM3GF1FG0v86l02yJ7uM8BN5Uyunz+WIfOszuFTELmTe +NK9OdAWxE/3tVGAsMbh/pg1P3Z3jDaqtug0lB8INU6j0kzd1YCt1X9tT2ET9TcmR +TmrKbaWuunQ= -----END CERTIFICATE----- diff --git a/tests/hwsim/auth_serv/server-expired.pem b/tests/hwsim/auth_serv/server-expired.pem index 308d57fad51c..301ff6082ad3 100644 --- a/tests/hwsim/auth_serv/server-expired.pem +++ b/tests/hwsim/auth_serv/server-expired.pem @@ -2,7 +2,7 @@ Certificate: Data: Version: 3 (0x2) Serial Number: - d8:d3:e3:a6:cb:e3:cd:66 + d8:d3:e3:a6:cb:e3:cd:6b Signature Algorithm: sha256WithRSAEncryption Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA Validity @@ -46,23 +46,23 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication Signature Algorithm: sha256WithRSAEncryption - 89:4d:ee:04:3e:50:fc:a2:6e:4c:3e:4a:9e:3b:9c:2e:74:29: - 06:86:1b:bb:96:01:70:f7:46:21:b4:ef:6f:73:93:31:bd:58: - f5:2f:40:61:f1:53:86:20:75:cf:0e:75:70:2c:94:b8:c5:4e: - ec:24:0f:42:d6:8b:80:b9:fa:b5:48:83:d6:cf:c8:47:3d:09: - 50:11:4a:5d:83:c5:41:8b:4b:4e:1e:ff:96:95:f0:14:7a:7e: - cd:a6:4f:ce:0b:37:e8:f2:27:a2:72:e2:6b:18:d7:f8:86:f0: - 14:db:4c:c5:8a:76:9b:fc:55:15:49:3f:eb:df:5c:c7:7a:64: - 86:70:44:97:7e:ba:83:39:25:3b:23:8e:dc:b3:9e:59:cb:e0: - a2:ac:7e:9f:d2:60:91:a7:de:a9:a9:30:e1:97:81:e3:13:91: - 75:68:08:11:e0:ca:f9:eb:39:28:72:ab:8c:18:d2:3c:2c:cc: - 38:e5:73:1a:4e:7f:e6:74:25:8b:a2:40:45:59:28:b4:ec:ec: - 5f:c9:f5:6f:ab:02:03:70:0d:11:9b:62:df:73:7b:e0:c6:c1: - c1:ee:da:69:9a:91:a3:6b:2b:15:d6:fb:e4:35:38:86:fe:ac: - ad:77:a5:a3:03:a5:9f:f4:e7:34:91:83:9e:5b:1e:88:e1:48: - 5f:15:d8:de + 55:80:01:89:67:34:7c:4b:99:71:f5:5e:49:ea:51:f4:21:a4: + 0f:3d:85:1c:ac:70:bf:a6:ef:50:85:de:df:1f:c6:93:44:3a: + 0b:4d:e9:d9:25:e4:23:4b:c6:d5:6d:bc:ad:19:bc:be:05:e7: + 5a:16:c5:6b:97:b4:8c:fc:9c:4e:52:3d:73:58:9e:df:0d:1f: + ae:a5:95:59:ed:5b:d6:8f:02:aa:c1:76:81:66:c9:46:f6:c3: + 18:f2:a9:fb:e3:42:92:09:5f:7c:82:2e:fb:21:96:93:d1:63: + 56:1e:3f:68:d4:96:f0:a7:2d:2f:f1:f1:39:ff:2a:56:1b:59: + 4a:7a:b2:e9:11:ad:c0:66:59:ae:b5:d4:88:ce:65:d7:98:d8: + bf:77:96:9d:50:59:1b:28:6f:e7:0c:c5:dc:99:55:2e:62:11: + 19:f2:bc:22:f9:35:91:7b:c5:ea:59:48:be:b1:90:a2:b6:5c: + f4:da:3a:48:98:7a:9a:74:55:f3:85:bb:ab:31:8b:d1:75:68: + f0:c3:dd:f1:ba:42:c7:4b:43:18:77:77:32:c1:80:61:22:48: + 39:39:5c:ad:c0:b0:3a:73:5f:43:89:8e:32:40:3d:48:c7:dd: + 20:d3:ba:15:b4:ac:0a:b4:86:0e:34:53:21:e5:91:c8:8e:56: + 6e:9f:ce:62 -----BEGIN CERTIFICATE----- -MIIDlDCCAnygAwIBAgIJANjT46bL481mMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV +MIIDlDCCAnygAwIBAgIJANjT46bL481rMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE AwwHUm9vdCBDQTAeFw0yMDAxMDEwMDAwMDBaFw0yMDAxMDIwMDAwMDBaMDUxCzAJ BgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEWMBQGA1UEAwwNc2VydmVyNC53MS5m @@ -75,11 +75,11 @@ c+GT2FEtu0WDj7aTQTlBhF9LrQAlkT0WCuvwuJLgXHVlhRfSgOZeZqKk38cIdjNJ zx0CAwEAAaOBmjCBlzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQhsDHGFNS9XN9wJFE0 npP1GLMcoTAfBgNVHSMEGDAWgBSk/bk5G4GzquuIHdSBqbURcMyn4TA1BggrBgEF BQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9zZXJ2ZXIudzEuZmk6ODg4OC8w -EwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAIlN7gQ+UPyi -bkw+Sp47nC50KQaGG7uWAXD3RiG0729zkzG9WPUvQGHxU4Ygdc8OdXAslLjFTuwk -D0LWi4C5+rVIg9bPyEc9CVARSl2DxUGLS04e/5aV8BR6fs2mT84LN+jyJ6Jy4msY -1/iG8BTbTMWKdpv8VRVJP+vfXMd6ZIZwRJd+uoM5JTsjjtyznlnL4KKsfp/SYJGn -3qmpMOGXgeMTkXVoCBHgyvnrOShyq4wY0jwszDjlcxpOf+Z0JYuiQEVZKLTs7F/J -9W+rAgNwDRGbYt9ze+DGwcHu2mmakaNrKxXW++Q1OIb+rK13paMDpZ/05zSRg55b -HojhSF8V2N4= +EwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAFWAAYlnNHxL +mXH1XknqUfQhpA89hRyscL+m71CF3t8fxpNEOgtN6dkl5CNLxtVtvK0ZvL4F51oW +xWuXtIz8nE5SPXNYnt8NH66llVntW9aPAqrBdoFmyUb2wxjyqfvjQpIJX3yCLvsh +lpPRY1YeP2jUlvCnLS/x8Tn/KlYbWUp6sukRrcBmWa611IjOZdeY2L93lp1QWRso +b+cMxdyZVS5iERnyvCL5NZF7xepZSL6xkKK2XPTaOkiYepp0VfOFu6sxi9F1aPDD +3fG6QsdLQxh3dzLBgGEiSDk5XK3AsDpzX0OJjjJAPUjH3SDTuhW0rAq0hg40UyHl +kciOVm6fzmI= -----END CERTIFICATE----- diff --git a/tests/hwsim/auth_serv/server-extra.pkcs12 b/tests/hwsim/auth_serv/server-extra.pkcs12 index 47231039647a..d9cd6e2ff0be 100644 Binary files a/tests/hwsim/auth_serv/server-extra.pkcs12 and b/tests/hwsim/auth_serv/server-extra.pkcs12 differ diff --git a/tests/hwsim/auth_serv/server-long-duration.pem b/tests/hwsim/auth_serv/server-long-duration.pem index 88bd6afc919e..930550df8f94 100644 --- a/tests/hwsim/auth_serv/server-long-duration.pem +++ b/tests/hwsim/auth_serv/server-long-duration.pem @@ -2,12 +2,12 @@ Certificate: Data: Version: 3 (0x2) Serial Number: - d8:d3:e3:a6:cb:e3:cd:68 + d8:d3:e3:a6:cb:e3:cd:6e Signature Algorithm: sha256WithRSAEncryption Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA Validity - Not Before: May 3 14:07:41 2020 GMT - Not After : Apr 21 14:07:41 2070 GMT + Not Before: May 3 17:02:53 2021 GMT + Not After : Apr 21 17:02:53 2071 GMT Subject: C=FI, O=w1.fi, CN=server7.w1.fi Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -63,25 +63,25 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication Signature Algorithm: sha256WithRSAEncryption - 01:87:4b:93:49:c5:28:8b:2f:8a:45:f3:ed:a2:1e:2f:b0:d0: - 0b:d3:cc:dc:a5:bd:ff:f5:df:86:45:f3:3e:94:ff:32:16:de: - f4:08:4a:2d:24:f3:5b:da:a8:ea:21:6d:06:c9:9c:08:1c:0e: - dc:a1:82:b9:5f:67:e4:e1:1c:29:b3:b1:58:af:ce:6c:2f:e1: - 9b:dd:98:53:45:aa:d2:02:81:fd:a1:74:e4:75:69:07:9c:cc: - 5d:b7:1a:25:ba:52:3b:8e:5c:62:12:0c:0e:a2:38:2f:b5:d3: - 33:97:fe:d1:ec:6a:5d:15:93:67:98:d9:d0:93:03:bd:78:90: - df:bd:4f:50:af:79:83:70:02:9e:eb:bc:6d:d7:0f:9b:65:8d: - 4e:79:79:d1:03:18:3d:47:3e:78:05:1d:f5:23:d2:f8:8f:fb: - 56:a1:ce:ee:e0:40:25:57:cc:4d:4c:f2:ca:65:90:e0:f8:7f: - ed:4f:12:5f:1d:9c:5e:15:3c:5e:fa:a4:5f:85:3c:a1:47:a3: - 3a:db:3f:93:3a:21:f4:55:be:fb:7c:3a:3d:58:ec:91:a0:83: - d5:b0:b9:79:08:12:1d:3b:3c:31:8d:f5:f6:da:20:d3:ca:76: - fb:83:c9:20:36:32:e5:4a:44:25:c6:d5:4d:04:59:06:71:9a: - cc:b9:47:e7 + aa:73:6c:8d:3b:7e:cb:87:82:2f:b8:05:f7:79:1c:5d:ec:37: + 76:ac:c1:e3:27:73:1b:71:0a:85:ba:55:ce:53:a2:70:38:b4: + e4:09:f4:19:c1:b5:0e:a1:52:d3:9f:3b:3b:dd:a9:86:97:3d: + e7:40:b8:16:9f:47:51:e5:39:2e:93:cb:61:a8:b1:f2:f6:53: + 9f:50:04:c6:88:5c:ce:69:ed:cc:c3:39:0a:76:af:64:8f:ce: + 6c:88:62:b7:46:ce:fc:fe:4a:e2:ea:f7:a8:af:5b:f5:43:a1: + 96:fe:3c:db:a1:a2:72:3f:47:f3:5b:ae:50:27:7b:11:f8:e8: + 22:a6:8d:73:32:56:c8:dd:d5:95:51:aa:9f:f7:4d:53:e7:0b: + e6:fa:c2:4e:59:55:92:44:78:df:e5:b0:1d:cc:69:3e:86:73: + 3a:9f:69:30:54:9c:6b:55:7c:79:ba:62:d5:0a:de:18:b3:0c: + 29:34:7b:ef:0d:5c:54:71:ad:69:f5:63:93:49:31:03:2e:dc: + 3c:2b:78:82:ff:4f:b7:59:77:5d:34:0b:4a:41:3e:51:47:83: + 4e:2a:cb:88:28:33:42:df:8f:81:c3:89:01:f4:8a:ef:56:db: + ca:07:95:53:c6:68:bf:21:5f:1d:20:da:55:c7:0a:7f:a5:4b: + 7c:f4:04:32 -----BEGIN CERTIFICATE----- -MIIEljCCA36gAwIBAgIJANjT46bL481oMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV +MIIEljCCA36gAwIBAgIJANjT46bL481uMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE -AwwHUm9vdCBDQTAgFw0yMDA1MDMxNDA3NDFaGA8yMDcwMDQyMTE0MDc0MVowNTEL +AwwHUm9vdCBDQTAgFw0yMTA1MDMxNzAyNTNaGA8yMDcxMDQyMTE3MDI1M1owNTEL MAkGA1UEBhMCRkkxDjAMBgNVBAoMBXcxLmZpMRYwFAYDVQQDDA1zZXJ2ZXI3Lncx LmZpMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvxDC67+9DyFoRCZ4 1pAP3pxneAdvLjThUaY0bh1P8R8at5N6GgE2BNTjNfCbUo3MLYCTaDcACV/hDYo1 @@ -98,10 +98,10 @@ fbuUpDl734zsZMjFjYZUb/GHk1ECAwEAAaOBmjCBlzAJBgNVHRMEAjAAMB0GA1Ud DgQWBBQwyUXY08iO5kG4Kb1I3r/NmqWBzjAfBgNVHSMEGDAWgBSk/bk5G4GzquuI HdSBqbURcMyn4TA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9z ZXJ2ZXIudzEuZmk6ODg4OC8wEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcN -AQELBQADggEBAAGHS5NJxSiLL4pF8+2iHi+w0AvTzNylvf/134ZF8z6U/zIW3vQI -Si0k81vaqOohbQbJnAgcDtyhgrlfZ+ThHCmzsVivzmwv4ZvdmFNFqtICgf2hdOR1 -aQeczF23GiW6UjuOXGISDA6iOC+10zOX/tHsal0Vk2eY2dCTA714kN+9T1CveYNw -Ap7rvG3XD5tljU55edEDGD1HPngFHfUj0viP+1ahzu7gQCVXzE1M8splkOD4f+1P -El8dnF4VPF76pF+FPKFHozrbP5M6IfRVvvt8Oj1Y7JGgg9WwuXkIEh07PDGN9fba -INPKdvuDySA2MuVKRCXG1U0EWQZxmsy5R+c= +AQELBQADggEBAKpzbI07fsuHgi+4Bfd5HF3sN3asweMncxtxCoW6Vc5TonA4tOQJ +9BnBtQ6hUtOfOzvdqYaXPedAuBafR1HlOS6Ty2GosfL2U59QBMaIXM5p7czDOQp2 +r2SPzmyIYrdGzvz+SuLq96ivW/VDoZb+PNuhonI/R/NbrlAnexH46CKmjXMyVsjd +1ZVRqp/3TVPnC+b6wk5ZVZJEeN/lsB3MaT6GczqfaTBUnGtVfHm6YtUK3hizDCk0 +e+8NXFRxrWn1Y5NJMQMu3DwreIL/T7dZd100C0pBPlFHg04qy4goM0Lfj4HDiQH0 +iu9W28oHlVPGaL8hXx0g2lXHCn+lS3z0BDI= -----END CERTIFICATE----- diff --git a/tests/hwsim/auth_serv/server-no-dnsname.pem b/tests/hwsim/auth_serv/server-no-dnsname.pem index a09e5116c7d3..170098dc18c9 100644 --- a/tests/hwsim/auth_serv/server-no-dnsname.pem +++ b/tests/hwsim/auth_serv/server-no-dnsname.pem @@ -2,12 +2,12 @@ Certificate: Data: Version: 3 (0x2) Serial Number: - d8:d3:e3:a6:cb:e3:cd:60 + d8:d3:e3:a6:cb:e3:cd:6a Signature Algorithm: sha256WithRSAEncryption Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA Validity - Not Before: May 2 19:55:38 2020 GMT - Not After : May 2 19:55:38 2021 GMT + Not Before: May 3 17:02:53 2021 GMT + Not After : May 3 17:02:53 2022 GMT Subject: C=FI, O=w1.fi, CN=server3.w1.fi Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -46,25 +46,25 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication Signature Algorithm: sha256WithRSAEncryption - 47:5a:18:97:c2:3a:a5:4a:6c:f6:11:53:ac:d3:3f:d7:0c:7f: - e5:cb:9c:7d:02:f3:b7:ab:0c:a6:8d:d9:77:6c:bd:2a:41:47: - fb:70:7f:0d:09:53:fc:e4:a4:5e:0b:1c:4d:84:05:71:ab:f9: - 68:9a:df:4f:b6:73:20:fd:05:cc:e2:f1:8a:9d:20:7a:27:8a: - 60:a6:ed:0e:eb:cf:5f:13:32:1b:89:ec:f6:dc:eb:5f:42:f0: - a8:f9:42:dd:e5:e6:19:28:82:61:df:07:24:7b:c6:c9:ce:a5: - 44:f0:d7:ba:4b:2b:9d:d7:97:1c:13:e9:da:0a:58:26:97:48: - 6e:33:ec:d5:d3:32:96:23:b6:40:01:a8:e0:88:ea:2a:73:82: - d7:41:58:9b:b3:dc:6b:41:2f:ae:33:38:43:05:ed:04:ff:b9: - 63:b7:7e:9b:fa:85:ab:df:12:36:24:cf:ec:8d:f8:d5:1c:95: - 4e:a8:9c:e4:8a:90:ac:db:a0:4b:d8:14:e0:84:97:f7:cb:da: - 95:cd:02:11:65:23:8b:ad:f1:c3:46:2d:2d:20:4d:cb:63:ef: - ae:be:ea:19:1d:2d:c5:35:c8:aa:b9:d3:8c:4f:cd:44:9c:fc: - a4:37:f5:b8:80:06:af:5e:ce:bc:81:23:cd:6b:de:31:c2:4c: - e8:e6:68:71 + 8a:b4:ef:15:b7:6f:b7:cd:e6:c0:3b:e2:bb:67:5e:d0:0a:81: + 53:84:60:b8:60:05:9b:c7:b9:b9:87:34:1f:33:a4:fb:db:ed: + e9:0f:83:a4:3d:8b:4e:ff:aa:35:a8:f4:8c:35:78:a0:fb:e0: + b3:a3:11:92:ce:76:b2:3a:06:4f:3f:bb:9c:ca:e3:95:ec:44: + cb:72:1f:93:5d:df:d7:9e:76:41:4c:61:cb:70:03:5d:45:69: + da:c6:f5:60:68:83:f9:c7:73:8e:fb:4c:47:28:8e:b7:c9:e4: + cc:12:44:46:cc:97:77:6c:aa:02:57:d9:5a:f9:92:0c:a6:81: + 12:b3:e0:fd:e1:9b:46:83:c8:bc:b5:85:4e:bd:9a:1b:9b:a5: + bd:cb:af:9b:dc:ce:62:3b:b3:ff:0f:85:e3:47:66:d0:dc:c6: + c4:02:36:e0:01:42:4c:c5:1f:de:da:92:1f:09:f3:22:f5:37: + ef:55:ca:7c:12:f7:2f:34:a1:ff:fe:b8:fc:32:34:ee:a4:ff: + f1:ba:c5:f5:d3:9e:d2:f8:3d:d9:fa:81:8f:40:80:7f:67:b5: + 4d:0a:03:f7:f9:4e:3f:f8:74:29:f8:26:6d:5e:9e:dd:6d:f2: + 0a:1d:6a:41:0c:5b:c2:27:81:2b:c1:86:0e:24:64:37:92:2a: + 09:fb:ae:c7 -----BEGIN CERTIFICATE----- -MIIDlDCCAnygAwIBAgIJANjT46bL481gMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV +MIIDlDCCAnygAwIBAgIJANjT46bL481qMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE -AwwHUm9vdCBDQTAeFw0yMDA1MDIxOTU1MzhaFw0yMTA1MDIxOTU1MzhaMDUxCzAJ +AwwHUm9vdCBDQTAeFw0yMTA1MDMxNzAyNTNaFw0yMjA1MDMxNzAyNTNaMDUxCzAJ BgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEWMBQGA1UEAwwNc2VydmVyMy53MS5m aTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLrrQRvTOsjuJJOddwA 0A3ZrQkh+BJKLc3bfWOhMhKOuOO935U5OhdlVPgg1nE3fbe0cjF6ej26dHLzrJ0W @@ -75,11 +75,11 @@ hq6aTH1T9rEOgs0GYXfdRlz9RWry6CLKY4vTHPZPEOzqGggeOD2AbKNIR/IWKgdb 94kCAwEAAaOBmjCBlzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRehNYxmBdx+GNcMlt9 M8DU+janajAfBgNVHSMEGDAWgBSk/bk5G4GzquuIHdSBqbURcMyn4TA1BggrBgEF BQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9zZXJ2ZXIudzEuZmk6ODg4OC8w -EwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAEdaGJfCOqVK -bPYRU6zTP9cMf+XLnH0C87erDKaN2XdsvSpBR/twfw0JU/zkpF4LHE2EBXGr+Wia -30+2cyD9Bczi8YqdIHonimCm7Q7rz18TMhuJ7Pbc619C8Kj5Qt3l5hkogmHfByR7 -xsnOpUTw17pLK53XlxwT6doKWCaXSG4z7NXTMpYjtkABqOCI6ipzgtdBWJuz3GtB -L64zOEMF7QT/uWO3fpv6havfEjYkz+yN+NUclU6onOSKkKzboEvYFOCEl/fL2pXN -AhFlI4ut8cNGLS0gTctj766+6hkdLcU1yKq504xPzUSc/KQ39biABq9ezryBI81r -3jHCTOjmaHE= +EwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAIq07xW3b7fN +5sA74rtnXtAKgVOEYLhgBZvHubmHNB8zpPvb7ekPg6Q9i07/qjWo9Iw1eKD74LOj +EZLOdrI6Bk8/u5zK45XsRMtyH5Nd39eedkFMYctwA11FadrG9WBog/nHc477TEco +jrfJ5MwSREbMl3dsqgJX2Vr5kgymgRKz4P3hm0aDyLy1hU69mhubpb3Lr5vczmI7 +s/8PheNHZtDcxsQCNuABQkzFH97akh8J8yL1N+9VynwS9y80of/+uPwyNO6k//G6 +xfXTntL4Pdn6gY9AgH9ntU0KA/f5Tj/4dCn4Jm1ent1t8godakEMW8IngSvBhg4k +ZDeSKgn7rsc= -----END CERTIFICATE----- diff --git a/tests/hwsim/auth_serv/server.pem b/tests/hwsim/auth_serv/server.pem index 98fc032a43bd..bc95b1bb2ff2 100644 --- a/tests/hwsim/auth_serv/server.pem +++ b/tests/hwsim/auth_serv/server.pem @@ -2,12 +2,12 @@ Certificate: Data: Version: 3 (0x2) Serial Number: - d8:d3:e3:a6:cb:e3:cd:5f + d8:d3:e3:a6:cb:e3:cd:69 Signature Algorithm: sha256WithRSAEncryption Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA Validity - Not Before: May 2 19:55:38 2020 GMT - Not After : May 2 19:55:38 2021 GMT + Not Before: May 3 17:02:53 2021 GMT + Not After : May 3 17:02:53 2022 GMT Subject: C=FI, O=w1.fi, CN=server.w1.fi Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -48,25 +48,25 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication Signature Algorithm: sha256WithRSAEncryption - 62:10:9c:ed:50:98:34:2e:7c:ef:1a:11:93:a5:f0:ad:8d:03: - 71:9a:a1:be:c0:24:9a:4d:28:cd:28:ea:55:7e:7b:b3:9c:f4: - ad:94:44:7b:9c:e2:0a:c0:35:7e:80:a6:aa:9c:ae:36:22:fd: - 4e:25:b3:1f:66:1d:2e:66:4b:d4:8c:ad:3e:0d:92:7d:3a:93: - 05:c6:51:e4:75:fc:b4:6c:24:cb:c4:79:06:2f:d1:b3:6c:0c: - d8:82:76:08:cc:9a:c4:61:14:1b:3d:38:f4:a2:2c:49:0e:d5: - 82:58:46:52:3c:cd:12:d9:57:dd:58:25:34:0b:d7:7b:2a:2f: - 60:ce:da:9f:f2:98:e2:8e:0b:6c:69:42:1c:27:75:3a:7c:ae: - a5:9a:19:bc:6c:67:fc:04:a9:f4:fd:2c:17:79:56:52:a3:3b: - 01:60:ae:ea:9b:ed:a4:30:53:fc:ef:57:bb:f1:fc:04:2a:5c: - 2b:74:d0:1f:0b:30:ec:0a:b2:8b:4d:4a:b4:33:0d:cd:dc:28: - 29:0a:d1:eb:36:09:bc:15:a7:c7:f0:f0:9c:7e:48:75:14:75: - 2d:ed:fb:7a:14:e4:69:4a:54:b9:ad:25:ba:bb:d9:c0:eb:a0: - 81:53:c7:07:ea:34:73:1f:9d:43:63:8e:f9:06:c9:4d:15:bf: - 68:f9:91:de + b1:d9:6f:63:a1:39:81:55:10:cd:05:c1:cc:14:7d:33:0a:9a: + ef:c0:34:dc:77:76:5b:41:92:20:15:a3:c6:01:af:1f:05:7c: + bb:37:4a:1d:1f:00:5e:4a:17:6b:7a:6a:6c:a4:fb:c7:e4:1e: + e2:38:7f:25:d1:45:9b:eb:68:95:f9:1b:ba:9f:40:b9:5d:c7: + 6c:a0:46:6b:05:ac:f4:38:4d:64:0b:5d:e0:7b:30:31:b8:a6: + da:d0:a5:3e:81:7b:6a:1a:b5:4f:2d:4a:f2:00:68:13:68:b8: + 83:6b:79:f9:b2:63:a7:df:52:de:8e:12:9d:87:73:ec:4b:47: + 38:a2:98:29:a8:c8:8b:8e:b1:2b:47:dd:eb:cf:6a:dd:21:02: + 00:5e:7d:8d:4c:19:aa:7d:1b:f4:9b:a6:a8:f8:f3:a7:9d:66: + e8:54:0c:dc:7f:e9:af:a2:4c:88:8b:87:54:28:33:c5:53:87: + b0:41:e4:2e:33:7b:aa:c0:29:82:c2:bd:54:10:29:f9:2d:a4: + 99:d1:e7:c7:57:07:66:cc:d0:2e:74:5d:98:28:0a:fe:8a:32: + 3c:62:3d:30:7c:75:0c:16:31:ce:cb:e7:41:1e:4f:3c:92:1a: + 3e:80:b1:13:78:b5:53:b2:6a:44:9f:c1:3b:92:cf:08:0e:08: + 32:10:27:1b -----BEGIN CERTIFICATE----- -MIIDrDCCApSgAwIBAgIJANjT46bL481fMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV +MIIDrDCCApSgAwIBAgIJANjT46bL481pMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE -AwwHUm9vdCBDQTAeFw0yMDA1MDIxOTU1MzhaFw0yMTA1MDIxOTU1MzhaMDQxCzAJ +AwwHUm9vdCBDQTAeFw0yMTA1MDMxNzAyNTNaFw0yMjA1MDMxNzAyNTNaMDQxCzAJ BgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEVMBMGA1UEAwwMc2VydmVyLncxLmZp MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/Q5ezRksakGD2SwONs0J sI+yyYzI0gM4blS8Q+7O+Fmx6T9t1F7jxXMZPQu8KdfQbnUANfz3ZbG2D8sGSc+p @@ -78,10 +78,10 @@ c6xGrsvreTZXrcNwAhVt8KVDc6tyBLEWYHQOSsGPUigalX6r0AT2+hHaG9GZpE+e MRBpSdDnMB8GA1UdIwQYMBaAFKT9uTkbgbOq64gd1IGptRFwzKfhMDUGCCsGAQUF BwEBBCkwJzAlBggrBgEFBQcwAYYZaHR0cDovL3NlcnZlci53MS5maTo4ODg4LzAX BgNVHREEEDAOggxzZXJ2ZXIudzEuZmkwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJ -KoZIhvcNAQELBQADggEBAGIQnO1QmDQufO8aEZOl8K2NA3Gaob7AJJpNKM0o6lV+ -e7Oc9K2URHuc4grANX6ApqqcrjYi/U4lsx9mHS5mS9SMrT4Nkn06kwXGUeR1/LRs -JMvEeQYv0bNsDNiCdgjMmsRhFBs9OPSiLEkO1YJYRlI8zRLZV91YJTQL13sqL2DO -2p/ymOKOC2xpQhwndTp8rqWaGbxsZ/wEqfT9LBd5VlKjOwFgruqb7aQwU/zvV7vx -/AQqXCt00B8LMOwKsotNSrQzDc3cKCkK0es2CbwVp8fw8Jx+SHUUdS3t+3oU5GlK -VLmtJbq72cDroIFTxwfqNHMfnUNjjvkGyU0Vv2j5kd4= +KoZIhvcNAQELBQADggEBALHZb2OhOYFVEM0FwcwUfTMKmu/ANNx3dltBkiAVo8YB +rx8FfLs3Sh0fAF5KF2t6amyk+8fkHuI4fyXRRZvraJX5G7qfQLldx2ygRmsFrPQ4 +TWQLXeB7MDG4ptrQpT6Be2oatU8tSvIAaBNouINrefmyY6ffUt6OEp2Hc+xLRzii +mCmoyIuOsStH3evPat0hAgBefY1MGap9G/Sbpqj486edZuhUDNx/6a+iTIiLh1Qo +M8VTh7BB5C4ze6rAKYLCvVQQKfktpJnR58dXB2bM0C50XZgoCv6KMjxiPTB8dQwW +Mc7L50EeTzySGj6AsRN4tVOyakSfwTuSzwgOCDIQJxs= -----END CERTIFICATE----- diff --git a/tests/hwsim/auth_serv/server.pkcs12 b/tests/hwsim/auth_serv/server.pkcs12 index a72b1644a658..310e988a9ef8 100644 Binary files a/tests/hwsim/auth_serv/server.pkcs12 and b/tests/hwsim/auth_serv/server.pkcs12 differ diff --git a/tests/hwsim/auth_serv/user.pem b/tests/hwsim/auth_serv/user.pem index 66be8f81a188..08ee21e5c38b 100644 --- a/tests/hwsim/auth_serv/user.pem +++ b/tests/hwsim/auth_serv/user.pem @@ -2,12 +2,12 @@ Certificate: Data: Version: 3 (0x2) Serial Number: - d8:d3:e3:a6:cb:e3:cd:65 + d8:d3:e3:a6:cb:e3:cd:71 Signature Algorithm: sha256WithRSAEncryption Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA Validity - Not Before: May 2 19:55:38 2020 GMT - Not After : May 2 19:55:38 2021 GMT + Not Before: May 3 17:02:53 2021 GMT + Not After : May 3 17:02:53 2022 GMT Subject: C=FI, O=w1.fi, CN=Test User Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -46,25 +46,25 @@ Certificate: X509v3 Extended Key Usage: TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - 94:10:ec:75:db:4d:98:80:bd:b7:b2:b1:4d:b8:99:0a:ba:e1: - 47:d4:ef:50:48:5b:89:97:8b:ee:ee:56:2e:e6:ba:2d:0c:90: - 59:29:a1:c9:10:08:9a:c7:e9:57:42:5a:f6:7e:72:cd:d9:ff: - 8b:b2:13:6f:6e:e1:49:04:a5:82:cd:10:59:37:a5:9a:b2:2c: - 6e:a7:9e:ba:1f:e3:b7:79:79:37:65:a8:9b:49:39:c2:13:7d: - 6d:a8:37:23:c4:10:c9:73:25:67:1f:78:fb:b6:86:00:c1:1a: - 60:d7:5e:b9:63:c6:43:41:dd:37:0f:39:c9:fa:ff:8a:f9:62: - 59:00:e6:91:cd:79:28:82:db:30:88:c5:b8:79:8e:63:4c:65: - 50:3d:d2:65:b3:45:62:e5:d1:6f:1c:c1:1f:c2:b5:1a:0f:31: - 75:62:b3:7d:0b:8d:36:f9:43:eb:26:59:59:29:39:ad:37:0c: - 4f:95:7e:86:05:f5:70:fa:45:de:3c:f5:7e:e1:29:bc:82:d3: - a0:63:73:a3:e1:25:f3:5a:14:2d:c7:78:da:aa:e2:8a:df:08: - c5:be:1f:d3:9f:70:0b:7d:ea:5b:f4:2d:22:94:e6:95:92:50: - e2:55:72:13:c5:a1:3a:44:c4:25:18:9d:9d:a9:c8:c0:ea:7a: - d6:76:91:4e + a1:96:48:41:04:5c:06:bd:0b:34:59:c0:49:fa:d6:08:e4:30: + 79:cf:0d:42:36:10:a1:4a:8d:41:f9:c4:91:1b:8c:cf:36:24: + 21:e8:cc:d8:7e:ac:cc:ca:79:fd:49:fa:6d:0b:20:3f:cc:1e: + 0b:df:bc:ac:3d:f6:19:c6:99:f9:5f:86:17:ce:00:63:8a:95: + 42:4c:92:5e:d7:5c:6d:1c:3a:13:b9:3e:d1:dd:d0:78:0d:7e: + b4:13:19:95:4b:e0:7f:11:97:41:c2:92:de:f0:43:0f:8b:36: + 53:0f:5d:d9:12:16:85:22:bf:8f:e6:b1:95:94:0b:dc:ff:3a: + a3:ce:27:f9:1d:58:20:bc:0c:45:d7:96:fc:76:de:26:57:58: + d0:e2:57:d3:32:e1:c5:1b:37:0c:54:36:ed:5b:0d:d4:ef:cc: + 43:c6:a6:66:0f:ce:33:4f:96:b9:22:6d:1d:1d:3f:4c:6c:05: + 68:8d:48:2b:12:37:2a:d5:05:33:e0:b5:12:8f:00:73:43:64: + 0e:28:75:04:b8:6f:29:da:22:e7:2c:78:97:f8:b0:37:8e:f6: + 0d:04:98:e1:2f:6e:fd:40:97:54:50:2c:ca:cf:68:16:55:ca: + c0:37:bd:d5:3c:5e:50:64:4b:dd:3c:d3:b4:88:25:a9:11:d3: + 60:bc:a7:88 -----BEGIN CERTIFICATE----- -MIIDkDCCAnigAwIBAgIJANjT46bL481lMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV +MIIDkDCCAnigAwIBAgIJANjT46bL481xMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE -AwwHUm9vdCBDQTAeFw0yMDA1MDIxOTU1MzhaFw0yMTA1MDIxOTU1MzhaMDExCzAJ +AwwHUm9vdCBDQTAeFw0yMTA1MDMxNzAyNTNaFw0yMjA1MDMxNzAyNTNaMDExCzAJ BgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTESMBAGA1UEAwwJVGVzdCBVc2VyMIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvCQI2QdtGQ6UXGvZioQbAyLi GgZC0wtgjV8xBAb6okBqDCQpWM2DvzqdfzcNTSdd1VdXHPO+dT86TERvAi9biyyw @@ -75,11 +75,11 @@ HaUhPfA1YpTIzzM/2KJd38xYAAiN7bEExSs/GhX2kgjU8ULNbNvy/+BuaYTYiwID AQABo4GaMIGXMAkGA1UdEwQCMAAwHQYDVR0OBBYEFPuFAKjf1gwOp+M5Ydm+zirv bSjYMB8GA1UdIwQYMBaAFKT9uTkbgbOq64gd1IGptRFwzKfhMDUGCCsGAQUFBwEB BCkwJzAlBggrBgEFBQcwAYYZaHR0cDovL3NlcnZlci53MS5maTo4ODg4LzATBgNV -HSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAlBDsddtNmIC9t7Kx -TbiZCrrhR9TvUEhbiZeL7u5WLua6LQyQWSmhyRAImsfpV0Ja9n5yzdn/i7ITb27h -SQSlgs0QWTelmrIsbqeeuh/jt3l5N2Wom0k5whN9bag3I8QQyXMlZx94+7aGAMEa -YNdeuWPGQ0HdNw85yfr/ivliWQDmkc15KILbMIjFuHmOY0xlUD3SZbNFYuXRbxzB -H8K1Gg8xdWKzfQuNNvlD6yZZWSk5rTcMT5V+hgX1cPpF3jz1fuEpvILToGNzo+El -81oULcd42qriit8Ixb4f059wC33qW/QtIpTmlZJQ4lVyE8WhOkTEJRidnanIwOp6 -1naRTg== +HSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAoZZIQQRcBr0LNFnA +SfrWCOQwec8NQjYQoUqNQfnEkRuMzzYkIejM2H6szMp5/Un6bQsgP8weC9+8rD32 +GcaZ+V+GF84AY4qVQkySXtdcbRw6E7k+0d3QeA1+tBMZlUvgfxGXQcKS3vBDD4s2 +Uw9d2RIWhSK/j+axlZQL3P86o84n+R1YILwMRdeW/HbeJldY0OJX0zLhxRs3DFQ2 +7VsN1O/MQ8amZg/OM0+WuSJtHR0/TGwFaI1IKxI3KtUFM+C1Eo8Ac0NkDih1BLhv +Kdoi5yx4l/iwN472DQSY4S9u/UCXVFAsys9oFlXKwDe91TxeUGRL3TzTtIglqRHT +YLyniA== -----END CERTIFICATE----- diff --git a/tests/hwsim/auth_serv/user.pkcs12 b/tests/hwsim/auth_serv/user.pkcs12 index 13d97acc9db0..96108f24b192 100644 Binary files a/tests/hwsim/auth_serv/user.pkcs12 and b/tests/hwsim/auth_serv/user.pkcs12 differ diff --git a/tests/hwsim/auth_serv/user2.pkcs12 b/tests/hwsim/auth_serv/user2.pkcs12 index 8957a56556a6..1ede5d977834 100644 Binary files a/tests/hwsim/auth_serv/user2.pkcs12 and b/tests/hwsim/auth_serv/user2.pkcs12 differ diff --git a/tests/hwsim/auth_serv/user3.pkcs12 b/tests/hwsim/auth_serv/user3.pkcs12 index 46ae62e82451..a5dfb755041b 100644 Binary files a/tests/hwsim/auth_serv/user3.pkcs12 and b/tests/hwsim/auth_serv/user3.pkcs12 differ diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py index d5e1d995b81e..c53ce75ca826 100644 --- a/tests/hwsim/test_ap_eap.py +++ b/tests/hwsim/test_ap_eap.py @@ -2732,7 +2732,7 @@ def test_ap_wpa2_eap_ttls_server_cert_hash(dev, apdev): """WPA2-Enterprise connection using EAP-TTLS and server certificate hash""" check_cert_probe_support(dev[0]) skip_with_fips(dev[0]) - srv_cert_hash = "f75a953c1aa9967926525d4d860d1ff7e872f7088782f060768d12aecbd5f25e" + srv_cert_hash = "5891bd91eaf977684e70d4376d1514621d18f09ab2020bea1ad293d59a6e8944" params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") hapd = hostapd.add_ap(apdev[0], params) dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS", @@ -4176,7 +4176,7 @@ def ocsp_req(outfile): "-reqout", outfile, '-issuer', 'auth_serv/ca.pem', '-sha256', - '-serial', '0xD8D3E3A6CBE3CD5F', + '-serial', '0xD8D3E3A6CBE3CD69', '-no_nonce'] run_openssl(arg) if not os.path.exists(outfile): diff --git a/tests/hwsim/test_ap_psk.py b/tests/hwsim/test_ap_psk.py index b6048be13844..2271fc3539dd 100644 --- a/tests/hwsim/test_ap_psk.py +++ b/tests/hwsim/test_ap_psk.py @@ -516,6 +516,26 @@ def test_ap_wpa2_gtk_rekey_failure(dev, apdev): raise Exception("GTK rekey timed out") dev[0].wait_disconnected() +def test_ap_wpa2_gtk_rekey_request(dev, apdev): + """WPA2-PSK AP and GTK rekey request from multiple stations""" + ssid = "test-wpa2-psk" + passphrase = 'qwertyuiop' + params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) + hapd = hostapd.add_ap(apdev[0], params) + for i in range(3): + dev[i].connect(ssid, psk=passphrase, scan_freq="2412") + hapd.wait_sta() + for i in range(3): + if "OK" not in dev[i].request("KEY_REQUEST 0 0"): + raise Exception("KEY_REQUEST failed") + for i in range(3): + ev = dev[i].wait_event(["WPA: Group rekeying completed"], timeout=2) + if ev is None: + raise Exception("GTK rekey timed out") + time.sleep(1) + for i in range(3): + hwsim_utils.test_connectivity(dev[i], hapd) + @remote_compatible def test_ap_wpa_gtk_rekey(dev, apdev): """WPA-PSK/TKIP AP and GTK rekey enforced by AP""" diff --git a/tests/hwsim/test_ap_vht.py b/tests/hwsim/test_ap_vht.py index 0123697f4813..b47aaa2a43f7 100644 --- a/tests/hwsim/test_ap_vht.py +++ b/tests/hwsim/test_ap_vht.py @@ -369,6 +369,7 @@ def test_ap_vht160(dev, apdev): 'ieee80211d': '1', 'ieee80211h': '1'} hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False) + bssid = apdev[0]['bssid'] ev = wait_dfs_event(hapd, "DFS-CAC-START", 5) if "DFS-CAC-START" not in ev: @@ -408,6 +409,10 @@ def test_ap_vht160(dev, apdev): if "WIDTH=160 MHz" not in sig: raise Exception("Unexpected SIGNAL_POLL value(2): " + str(sig)) + est = dev[0].get_bss(bssid)['est_throughput'] + if est != "780001": + raise Exception("Unexpected BSS est_throughput: " + est) + sta = hapd.get_sta(dev[0].own_addr()) if 'supp_op_classes' not in sta or len(sta['supp_op_classes']) < 2: raise Exception("No Supported Operating Classes information for STA") diff --git a/tests/hwsim/test_dpp.py b/tests/hwsim/test_dpp.py index b696c5d1dc2e..71df7fc64148 100644 --- a/tests/hwsim/test_dpp.py +++ b/tests/hwsim/test_dpp.py @@ -15,6 +15,10 @@ import socket import struct import subprocess import time +try: + from socketserver import StreamRequestHandler, TCPServer +except ImportError: + from SocketServer import StreamRequestHandler, TCPServer import hostapd import hwsim_utils @@ -5284,6 +5288,61 @@ def run_dpp_controller_relay(dev, apdev, params, chirp=False): time.sleep(0.5) wt.close() +class MyTCPServer(TCPServer): + def __init__(self, addr, handler): + self.allow_reuse_address = True + TCPServer.__init__(self, addr, handler) + +class DPPControllerServer(StreamRequestHandler): + def handle(self): + data = self.rfile.read() + # Do not reply + +def test_dpp_relay_incomplete_connections(dev, apdev): + """DPP Relay and incomplete connections""" + check_dpp_capab(dev[0], min_ver=2) + check_dpp_capab(dev[1], min_ver=2) + + id_c = dev[1].dpp_bootstrap_gen() + uri_c = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c) + res = dev[1].request("DPP_BOOTSTRAP_INFO %d" % id_c) + pkhash = None + for line in res.splitlines(): + name, value = line.split('=') + if name == "pkhash": + pkhash = value + break + if not pkhash: + raise Exception("Could not fetch public key hash from Controller") + + params = {"ssid": "unconfigured", + "channel": "6", + "dpp_controller": "ipaddr=127.0.0.1 pkhash=" + pkhash} + hapd = hostapd.add_ap(apdev[0], params) + check_dpp_capab(hapd) + + server = MyTCPServer(("127.0.0.1", 8908), DPPControllerServer) + server.timeout = 30 + + hapd.set("ext_mgmt_frame_handling", "1") + dev[0].dpp_auth_init(uri=uri_c, role="enrollee") + msg = hapd.mgmt_rx() + if msg is None: + raise Exception("MGMT RX wait timed out") + dev[0].request("DPP_STOP_LISTEN") + frame = msg['frame'] + for i in range(20): + if i == 14: + time.sleep(20) + addr = struct.pack('6B', 0x02, 0, 0, 0, 0, i) + tmp = frame[0:10] + addr + frame[16:] + hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(tmp).decode()) + ev = hapd.wait_event(["DPP-FAIL"], timeout=0.1) + if ev: + raise Exception("DPP relay failed [%d]: %s" % (i + 1, ev)) + + server.server_close() + def test_dpp_tcp(dev, apdev, params): """DPP over TCP""" prefix = "dpp_tcp" diff --git a/tests/hwsim/test_eap_proto.py b/tests/hwsim/test_eap_proto.py index afdc45d70ee2..a8f4aeb36483 100644 --- a/tests/hwsim/test_eap_proto.py +++ b/tests/hwsim/test_eap_proto.py @@ -983,7 +983,7 @@ def test_eap_proto_sake_server(dev, apdev): # Unknown session # --> EAP-SAKE: Session ID mismatch sess, = struct.unpack('B', binascii.unhexlify(resp[20:22])) - sess = binascii.hexlify(struct.pack('B', sess + 1)).decode() + sess = binascii.hexlify(struct.pack('B', (sess + 1) % 256)).decode() msg = resp[0:4] + "0008" + resp[8:12] + "0008" + "3002" + sess + "00" tx_msg(dev[0], hapd, msg) # Unknown subtype diff --git a/tests/hwsim/test_fils.py b/tests/hwsim/test_fils.py index 9998299d81a8..4d4ddc39a837 100644 --- a/tests/hwsim/test_fils.py +++ b/tests/hwsim/test_fils.py @@ -2409,3 +2409,52 @@ def run_fils_offload_to_driver(dev, apdev, params): raise Exception("DRIVER_EVENT ASSOC did not succeed") dev.wait_connected() + +def test_fils_sk_okc(dev, apdev, params): + """FILS SK and opportunistic key caching""" + check_fils_capa(dev[0]) + check_erp_capa(dev[0]) + + start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst")) + + bssid = apdev[0]['bssid'] + params = hostapd.wpa2_eap_params(ssid="fils") + params['wpa_key_mgmt'] = "FILS-SHA256" + params['okc'] = '1' + params['auth_server_port'] = "18128" + params['erp_domain'] = 'example.com' + params['fils_realm'] = 'example.com' + hapd = hostapd.add_ap(apdev[0]['ifname'], params) + + dev[0].scan_for_bss(bssid, freq=2412) + dev[0].request("ERP_FLUSH") + id = dev[0].connect("fils", key_mgmt="FILS-SHA256", + eap="PSK", identity="psk.user@example.com", + password_hex="0123456789abcdef0123456789abcdef", + erp="1", okc=True, scan_freq="2412") + pmksa = dev[0].get_pmksa(bssid) + if pmksa is None: + raise Exception("No PMKSA cache entry created") + hapd.wait_sta() + + hapd2 = hostapd.add_ap(apdev[1], params) + bssid2 = hapd2.own_addr() + + dev[0].scan_for_bss(bssid2, freq=2412) + if "OK" not in dev[0].request("ROAM " + bssid2): + raise Exception("ROAM failed") + ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED", + "CTRL-EVENT-CONNECTED"], timeout=10) + if ev is None: + raise Exception("Connection using OKC/PMKSA caching timed out") + if "CTRL-EVENT-EAP-STARTED" in ev: + raise Exception("Unexpected EAP exchange") + hapd2.wait_sta() + hwsim_utils.test_connectivity(dev[0], hapd2) + pmksa2 = dev[0].get_pmksa(bssid2) + if pmksa2 is None: + raise Exception("No PMKSA cache entry found") + if 'opportunistic' not in pmksa2 or pmksa2['opportunistic'] != '1': + raise Exception("OKC not indicated in PMKSA entry") + if pmksa['pmkid'] != pmksa2['pmkid']: + raise Exception("Unexpected PMKID change") diff --git a/tests/hwsim/test_hapd_ctrl.py b/tests/hwsim/test_hapd_ctrl.py index 93d3d177eeee..9cf8ac73ce33 100644 --- a/tests/hwsim/test_hapd_ctrl.py +++ b/tests/hwsim/test_hapd_ctrl.py @@ -1002,6 +1002,12 @@ def test_hapd_ctrl_update_beacon(dev, apdev): if "FAIL" not in hapd.request("UPDATE_BEACON"): raise Exception("UPDATE_BEACON succeeded unexpectedly") dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412") + dev[0].request("DISCONNECT") + if "OK" not in hapd.request("UPDATE_BEACON"): + raise Exception("UPDATE_BEACON failed") + hapd.disable() + if "FAIL" not in hapd.request("UPDATE_BEACON"): + raise Exception("UPDATE_BEACON did not indicate failure when disabled") def test_hapd_ctrl_test_fail(dev, apdev): """hostapd and TEST_ALLOC_FAIL/TEST_FAIL""" diff --git a/tests/hwsim/test_he.py b/tests/hwsim/test_he.py index 2593f35f0bf1..43dfa5e6531f 100644 --- a/tests/hwsim/test_he.py +++ b/tests/hwsim/test_he.py @@ -150,7 +150,7 @@ def test_he80(dev, apdev): if "WIDTH=80 MHz" not in sig: raise Exception("Unexpected SIGNAL_POLL value(2): " + str(sig)) est = dev[0].get_bss(bssid)['est_throughput'] - if est != "390001": + if est != "600502": raise Exception("Unexpected BSS est_throughput: " + est) status = dev[0].get_status() if status["ieee80211ac"] != "1": @@ -492,6 +492,7 @@ def test_he160(dev, apdev): 'ieee80211d': '1', 'ieee80211h': '1'} hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False) + bssid = apdev[0]['bssid'] ev = wait_dfs_event(hapd, "DFS-CAC-START", 5) if "DFS-CAC-START" not in ev: @@ -530,6 +531,9 @@ def test_he160(dev, apdev): raise Exception("Unexpected SIGNAL_POLL value(1): " + str(sig)) if "WIDTH=160 MHz" not in sig: raise Exception("Unexpected SIGNAL_POLL value(2): " + str(sig)) + est = dev[0].get_bss(bssid)['est_throughput'] + if est != "1201002": + raise Exception("Unexpected BSS est_throughput: " + est) except Exception as e: if isinstance(e, Exception) and str(e) == "AP startup failed": if not he_supported(): @@ -1186,3 +1190,32 @@ def test_he_6ghz_security(dev, apdev): hapd.set("group_cipher", "TKIP") if "FAIL" not in hapd.request("ENABLE"): raise Exception("Invalid configuration accepted(5)") + +def test_he_prefer_he20(dev, apdev): + """Preference on HE20 over HT20""" + params = {"ssid": "he", + "channel": "1", + "ieee80211ax": "0", + "ieee80211n": "1"} + hapd = hostapd.add_ap(apdev[0], params) + bssid = apdev[0]['bssid'] + params = {"ssid": "test", + "channel": "1", + "ieee80211ax": "1", + "ieee80211n": "1"} + hapd2 = hostapd.add_ap(apdev[1], params) + bssid2 = apdev[1]['bssid'] + + dev[0].scan_for_bss(bssid, freq=2412) + dev[0].scan_for_bss(bssid2, freq=2412) + dev[0].connect("test", key_mgmt="NONE", scan_freq="2412") + if dev[0].get_status_field('bssid') != bssid2: + raise Exception("Unexpected BSS selected") + + est = dev[0].get_bss(bssid)['est_throughput'] + if est != "65000": + raise Exception("Unexpected BSS0 est_throughput: " + est) + + est = dev[0].get_bss(bssid2)['est_throughput'] + if est != "143402": + raise Exception("Unexpected BSS1 est_throughput: " + est) diff --git a/tests/hwsim/test_owe.py b/tests/hwsim/test_owe.py index 3f29913cf532..f72c60682595 100644 --- a/tests/hwsim/test_owe.py +++ b/tests/hwsim/test_owe.py @@ -926,3 +926,28 @@ def test_owe_transition_mode_disable(dev, apdev): dev[0].wait_disconnected() dev[0].request("RECONNECT") dev[0].wait_connected() + +def test_owe_sa_query(dev, apdev): + """Opportunistic Wireless Encryption - SA Query""" + if "OWE" not in dev[0].get_capability("key_mgmt"): + raise HwsimSkip("OWE not supported") + params = {"ssid": "owe", + "wpa": "2", + "ieee80211w": "2", + "wpa_key_mgmt": "OWE", + "rsn_pairwise": "CCMP"} + hapd = hostapd.add_ap(apdev[0], params) + bssid = hapd.own_addr() + + dev[0].scan_for_bss(bssid, freq="2412") + dev[0].connect("owe", key_mgmt="OWE", owe_group="19", ieee80211w="2", + scan_freq="2412") + hapd.wait_sta() + + hapd.set("ext_mgmt_frame_handling", "1") + dev[0].request("DISCONNECT") + dev[0].wait_disconnected(timeout=10) + hapd.set("ext_mgmt_frame_handling", "0") + dev[0].request("PMKSA_FLUSH") + dev[0].request("REASSOCIATE") + dev[0].wait_connected(timeout=10, error="Timeout on re-connection") diff --git a/tests/hwsim/test_sae.py b/tests/hwsim/test_sae.py index 124dded80ce4..159678e0c7be 100644 --- a/tests/hwsim/test_sae.py +++ b/tests/hwsim/test_sae.py @@ -336,6 +336,61 @@ def test_sae_and_psk2(dev, apdev): dev[0].connect("test-psk", psk="12345678", key_mgmt="SAE WPA-PSK", scan_freq="2412") +def test_sae_wpa3_roam(dev, apdev): + """SAE and WPA3-Personal transition mode roaming""" + check_sae_capab(dev[0]) + + # WPA3-Personal only AP + params = hostapd.wpa2_params(ssid="test", passphrase="12345678") + params['ieee80211w'] = '2' + params['wpa_key_mgmt'] = 'SAE' + hapd0 = hostapd.add_ap(apdev[0], params) + + # WPA2-Personal only AP + params = hostapd.wpa2_params(ssid="test", passphrase="12345678") + hapd1 = hostapd.add_ap(apdev[1], params) + + dev[0].set("sae_groups", "") + dev[0].connect("test", psk="12345678", key_mgmt="SAE WPA-PSK", + ieee80211w="1", scan_freq="2412") + bssid = dev[0].get_status_field('bssid') + + # Disable the current AP to force roam to the other one + if bssid == apdev[0]['bssid']: + hapd0.disable() + else: + hapd1.disable() + dev[0].wait_connected() + + # Disable the current AP to force roam to the other (previous) one + if bssid == apdev[0]['bssid']: + hapd0.enable() + hapd1.disable() + else: + hapd1.enable() + hapd0.disable() + dev[0].wait_connected() + + # Force roam to an AP in WPA3-Personal transition mode + if bssid == apdev[0]['bssid']: + hapd1.set("ieee80211w", "1") + hapd1.set("sae_require_mfp", "1") + hapd1.set("wpa_key_mgmt", "SAE WPA-PSK") + hapd1.enable() + hapd0.disable() + else: + hapd0.set("ieee80211w", "1") + hapd0.set("sae_require_mfp", "1") + hapd0.set("wpa_key_mgmt", "SAE WPA-PSK") + hapd0.enable() + hapd1.disable() + dev[0].wait_connected() + status = dev[0].get_status() + if status['key_mgmt'] != "SAE": + raise Exception("Did not use SAE with WPA3-Personal transition mode AP") + if status['pmf'] != "1": + raise Exception("Did not use PMF with WPA3-Personal transition mode AP") + def test_sae_mixed_mfp(dev, apdev): """Mixed SAE and non-SAE network and MFP required with SAE""" check_sae_capab(dev[0]) diff --git a/wlantest/ccmp.c b/wlantest/ccmp.c index 2a1ad83c9ee2..5d393d43dd24 100644 --- a/wlantest/ccmp.c +++ b/wlantest/ccmp.c @@ -35,7 +35,7 @@ static void ccmp_aad_nonce(const struct ieee80211_hdr *hdr, const u8 *data, if (stype & 0x08) { const u8 *qc; qos = 1; - fc &= ~WLAN_FC_ORDER; + fc &= ~WLAN_FC_HTC; qc = (const u8 *) (hdr + 1); if (addr4) qc += ETH_ALEN; diff --git a/wlantest/gcmp.c b/wlantest/gcmp.c index d92f4edae6e7..f9f95b23db31 100644 --- a/wlantest/gcmp.c +++ b/wlantest/gcmp.c @@ -33,7 +33,7 @@ static void gcmp_aad_nonce(const struct ieee80211_hdr *hdr, const u8 *data, if (stype & 0x08) { const u8 *qc; qos = 1; - fc &= ~WLAN_FC_ORDER; + fc &= ~WLAN_FC_HTC; qc = (const u8 *) (hdr + 1); if (addr4) qc += ETH_ALEN; diff --git a/wlantest/rx_data.c b/wlantest/rx_data.c index 8cb2d37187eb..16e0f53bc22f 100644 --- a/wlantest/rx_data.c +++ b/wlantest/rx_data.c @@ -150,8 +150,8 @@ static void rx_data_process(struct wlantest *wt, struct wlantest_bss *bss, } -static u8 * try_ptk(int pairwise_cipher, struct wpa_ptk *ptk, - const struct ieee80211_hdr *hdr, +static u8 * try_ptk(struct wlantest *wt, int pairwise_cipher, + struct wpa_ptk *ptk, const struct ieee80211_hdr *hdr, const u8 *data, size_t data_len, size_t *decrypted_len) { u8 *decrypted; @@ -174,8 +174,15 @@ static u8 * try_ptk(int pairwise_cipher, struct wpa_ptk *ptk, data, data_len, decrypted_len); } else if ((pairwise_cipher == WPA_CIPHER_TKIP || pairwise_cipher == 0) && tk_len == 32) { + enum michael_mic_result mic_res; + decrypted = tkip_decrypt(ptk->tk, hdr, data, data_len, - decrypted_len); + decrypted_len, &mic_res, + &wt->tkip_frag); + if (decrypted && mic_res == MICHAEL_MIC_INCORRECT) + add_note(wt, MSG_INFO, "Invalid Michael MIC"); + else if (decrypted && mic_res == MICHAEL_MIC_NOT_VERIFIED) + add_note(wt, MSG_DEBUG, "Michael MIC not verified"); } return decrypted; @@ -192,7 +199,7 @@ static u8 * try_all_ptk(struct wlantest *wt, int pairwise_cipher, wpa_debug_level = MSG_WARNING; dl_list_for_each(ptk, &wt->ptk, struct wlantest_ptk, list) { - decrypted = try_ptk(pairwise_cipher, &ptk->ptk, hdr, + decrypted = try_ptk(wt, pairwise_cipher, &ptk->ptk, hdr, data, data_len, decrypted_len); if (decrypted) { wpa_debug_level = prev_level; @@ -318,21 +325,28 @@ static void rx_data_bss_prot_group(struct wlantest *wt, } skip_replay_det: - if (bss->group_cipher == WPA_CIPHER_TKIP) + if (bss->group_cipher == WPA_CIPHER_TKIP) { + enum michael_mic_result mic_res; + decrypted = tkip_decrypt(bss->gtk[keyid], hdr, data, len, - &dlen); - else if (bss->group_cipher == WPA_CIPHER_WEP40) + &dlen, &mic_res, &wt->tkip_frag); + if (decrypted && mic_res == MICHAEL_MIC_INCORRECT) + add_note(wt, MSG_INFO, "Invalid Michael MIC"); + else if (decrypted && mic_res == MICHAEL_MIC_NOT_VERIFIED) + add_note(wt, MSG_DEBUG, "Michael MIC not verified"); + } else if (bss->group_cipher == WPA_CIPHER_WEP40) { decrypted = wep_decrypt(wt, hdr, data, len, &dlen); - else if (bss->group_cipher == WPA_CIPHER_CCMP) + } else if (bss->group_cipher == WPA_CIPHER_CCMP) { decrypted = ccmp_decrypt(bss->gtk[keyid], hdr, data, len, &dlen); - else if (bss->group_cipher == WPA_CIPHER_CCMP_256) + } else if (bss->group_cipher == WPA_CIPHER_CCMP_256) { decrypted = ccmp_256_decrypt(bss->gtk[keyid], hdr, data, len, &dlen); - else if (bss->group_cipher == WPA_CIPHER_GCMP || - bss->group_cipher == WPA_CIPHER_GCMP_256) + } else if (bss->group_cipher == WPA_CIPHER_GCMP || + bss->group_cipher == WPA_CIPHER_GCMP_256) { decrypted = gcmp_decrypt(bss->gtk[keyid], bss->gtk_len[keyid], hdr, data, len, &dlen); + } if (decrypted) { char gtk[65]; @@ -603,7 +617,14 @@ skip_replay_det: write_decrypted_note(wt, decrypted, tk, 16, keyid); } } else if (sta->pairwise_cipher == WPA_CIPHER_TKIP) { - decrypted = tkip_decrypt(sta->ptk.tk, hdr, data, len, &dlen); + enum michael_mic_result mic_res; + + decrypted = tkip_decrypt(sta->ptk.tk, hdr, data, len, &dlen, + &mic_res, &wt->tkip_frag); + if (decrypted && mic_res == MICHAEL_MIC_INCORRECT) + add_note(wt, MSG_INFO, "Invalid Michael MIC"); + else if (decrypted && mic_res == MICHAEL_MIC_NOT_VERIFIED) + add_note(wt, MSG_DEBUG, "Michael MIC not verified"); write_decrypted_note(wt, decrypted, sta->ptk.tk, 32, keyid); } else if (sta->pairwise_cipher == WPA_CIPHER_WEP40) { decrypted = wep_decrypt(wt, hdr, data, len, &dlen); @@ -631,7 +652,7 @@ check_zero_tk: os_memset(&zero_ptk, 0, sizeof(zero_ptk)); zero_ptk.tk_len = wpa_cipher_key_len(sta->pairwise_cipher); wpa_debug_level = MSG_ERROR; - decrypted = try_ptk(sta->pairwise_cipher, &zero_ptk, hdr, + decrypted = try_ptk(wt, sta->pairwise_cipher, &zero_ptk, hdr, data, len, &dlen); wpa_debug_level = old_debug_level; if (decrypted) { @@ -847,6 +868,8 @@ void rx_data(struct wlantest *wt, const u8 *data, size_t len) qos = data + hdrlen; hdrlen += 2; } + if ((fc & WLAN_FC_HTC) && (stype & 0x08)) + hdrlen += 4; /* HT Control field */ if (len < hdrlen) return; wt->rx_data++; diff --git a/wlantest/test_vectors.c b/wlantest/test_vectors.c index ab9c0a39d37a..7f39c426433b 100644 --- a/wlantest/test_vectors.c +++ b/wlantest/test_vectors.c @@ -63,7 +63,7 @@ static void test_vector_tkip(void) wpa_debug_level = MSG_INFO; plain = tkip_decrypt(tk, (const struct ieee80211_hdr *) enc, - enc + 24, enc_len - 24, &plain_len); + enc + 24, enc_len - 24, &plain_len, NULL, NULL); wpa_debug_level = MSG_EXCESSIVE; os_free(enc); diff --git a/wlantest/tkip.c b/wlantest/tkip.c index d616d4308ccd..843f6518a382 100644 --- a/wlantest/tkip.c +++ b/wlantest/tkip.c @@ -1,5 +1,5 @@ /* - * Temporal Key Integrity Protocol (CCMP) + * Temporal Key Integrity Protocol (TKIP) * Copyright (c) 2010, Jouni Malinen * * This software may be distributed under the terms of the BSD license. @@ -290,7 +290,8 @@ static void michael_mic_hdr(const struct ieee80211_hdr *hdr11, u8 *hdr) u8 * tkip_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr, - const u8 *data, size_t data_len, size_t *decrypted_len) + const u8 *data, size_t data_len, size_t *decrypted_len, + enum michael_mic_result *mic_res, struct tkip_frag *frag) { u16 iv16; u32 iv32; @@ -303,6 +304,11 @@ u8 * tkip_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr, u8 michael_hdr[16]; u8 mic[8]; u16 fc = le_to_host16(hdr->frame_control); + const u8 *full_payload; + size_t full_payload_len; + u16 sc = le_to_host16(hdr->seq_ctrl); + u16 sn; + u8 fn; if (data_len < 8 + 4) return NULL; @@ -335,9 +341,57 @@ u8 * tkip_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr, } plain_len -= 4; - /* TODO: MSDU reassembly */ + full_payload = plain; + full_payload_len = plain_len; + + sn = WLAN_GET_SEQ_SEQ(sc); + fn = WLAN_GET_SEQ_FRAG(sc); + + if (frag) { + /* MSDU reassembly for Michael MIC validation */ + if (fn == 0 && (fc & WLAN_FC_MOREFRAG)) { + /* Start of a new fragmented MSDU */ + wpabuf_free(frag->buf); + frag->buf = NULL; + frag->buf = wpabuf_alloc_copy(plain, plain_len); + os_memcpy(frag->ra, hdr->addr1, ETH_ALEN); + os_memcpy(frag->ta, hdr->addr2, ETH_ALEN); + frag->sn = sn; + frag->fn = 0; + } + + if (frag->buf && (fn || (fc & WLAN_FC_MOREFRAG)) && + sn == frag->sn && fn == frag->fn + 1 && + os_memcmp(frag->ra, hdr->addr1, ETH_ALEN) == 0 && + os_memcmp(frag->ta, hdr->addr2, ETH_ALEN) == 0) { + /* Add the next fragment */ + if (wpabuf_resize(&frag->buf, plain_len) == 0) { + wpabuf_put_data(frag->buf, plain, plain_len); + frag->fn = fn; + if (!(fc & WLAN_FC_MOREFRAG)) { + full_payload = wpabuf_head(frag->buf); + full_payload_len = + wpabuf_len(frag->buf); + wpa_hexdump(MSG_MSGDUMP, + "TKIP reassembled full payload", + full_payload, + full_payload_len); + } + } + } + } + + if ((fc & WLAN_FC_MOREFRAG) || (fn > 0 && full_payload == plain)) { + /* Return the decrypted fragment and do not check the + * Michael MIC value since no reassembled frame is available. */ + *decrypted_len = plain_len; + if (mic_res) { + *mic_res = MICHAEL_MIC_NOT_VERIFIED; + return plain; + } + } - if (plain_len < 8) { + if (full_payload_len < 8) { wpa_printf(MSG_INFO, "TKIP: Not enough room for Michael MIC " "in a frame from " MACSTR, MAC2STR(hdr->addr2)); os_free(plain); @@ -346,15 +400,23 @@ u8 * tkip_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr, michael_mic_hdr(hdr, michael_hdr); mic_key = tk + ((fc & WLAN_FC_FROMDS) ? 16 : 24); - michael_mic(mic_key, michael_hdr, plain, plain_len - 8, mic); - if (os_memcmp(mic, plain + plain_len - 8, 8) != 0) { + michael_mic(mic_key, michael_hdr, full_payload, full_payload_len - 8, + mic); + if (os_memcmp(mic, full_payload + full_payload_len - 8, 8) != 0) { wpa_printf(MSG_INFO, "TKIP: Michael MIC mismatch in a frame " "from " MACSTR, MAC2STR(hdr->addr2)); wpa_hexdump(MSG_DEBUG, "TKIP: Calculated MIC", mic, 8); wpa_hexdump(MSG_DEBUG, "TKIP: Received MIC", - plain + plain_len - 8, 8); + full_payload + full_payload_len - 8, 8); + if (mic_res) { + *decrypted_len = plain_len - 8; + *mic_res = MICHAEL_MIC_INCORRECT; + return plain; + } os_free(plain); return NULL; + } else if (mic_res) { + *mic_res = MICHAEL_MIC_OK; } *decrypted_len = plain_len - 8; diff --git a/wlantest/wlantest.c b/wlantest/wlantest.c index 62c89e226150..ac20b068eb8a 100644 --- a/wlantest/wlantest.c +++ b/wlantest/wlantest.c @@ -110,6 +110,8 @@ static void wlantest_deinit(struct wlantest *wt) clear_notes(wt); os_free(wt->decrypted); wt->decrypted = NULL; + wpabuf_free(wt->tkip_frag.buf); + wt->tkip_frag.buf = NULL; } diff --git a/wlantest/wlantest.h b/wlantest/wlantest.h index af29f578f0e5..33ab42229a54 100644 --- a/wlantest/wlantest.h +++ b/wlantest/wlantest.h @@ -184,6 +184,14 @@ struct wlantest_radius { #define MAX_CTRL_CONNECTIONS 10 #define MAX_NOTES 10 +struct tkip_frag { + struct wpabuf *buf; + u8 ra[ETH_ALEN]; + u8 ta[ETH_ALEN]; + u16 sn; + u8 fn; +}; + struct wlantest { int monitor_sock; int monitor_wired; @@ -227,6 +235,8 @@ struct wlantest { const char *write_file; const char *pcapng_file; + + struct tkip_frag tkip_frag; }; void add_note(struct wlantest *wt, int level, const char *fmt, ...) @@ -304,8 +314,14 @@ u8 * ccmp_256_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr, u8 * ccmp_256_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen, u8 *qos, u8 *pn, int keyid, size_t *encrypted_len); +enum michael_mic_result { + MICHAEL_MIC_OK, + MICHAEL_MIC_INCORRECT, + MICHAEL_MIC_NOT_VERIFIED +}; u8 * tkip_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr, - const u8 *data, size_t data_len, size_t *decrypted_len); + const u8 *data, size_t data_len, size_t *decrypted_len, + enum michael_mic_result *mic_res, struct tkip_frag *frag); u8 * tkip_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen, u8 *qos, u8 *pn, int keyid, size_t *encrypted_len); void tkip_get_pn(u8 *pn, const u8 *data); diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c index bf83e41686a0..ba91cfb11d14 100644 --- a/wpa_supplicant/ctrl_iface.c +++ b/wpa_supplicant/ctrl_iface.c @@ -39,6 +39,7 @@ #include "driver_i.h" #include "wps_supplicant.h" #include "ibss_rsn.h" +#include "wpas_glue.h" #include "ap.h" #include "p2p_supplicant.h" #include "p2p/p2p.h" @@ -9519,6 +9520,45 @@ static int wpas_ctrl_iface_eapol_rx(struct wpa_supplicant *wpa_s, char *cmd) } +static int wpas_ctrl_iface_eapol_tx(struct wpa_supplicant *wpa_s, char *cmd) +{ + char *pos; + u8 dst[ETH_ALEN], *buf; + int used, ret; + size_t len; + unsigned int prev; + + wpa_printf(MSG_DEBUG, "External EAPOL TX: %s", cmd); + + pos = cmd; + used = hwaddr_aton2(pos, dst); + if (used < 0) + return -1; + pos += used; + while (*pos == ' ') + pos++; + + len = os_strlen(pos); + if (len & 1) + return -1; + len /= 2; + + buf = os_malloc(len); + if (!buf || hexstr2bin(pos, buf, len) < 0) { + os_free(buf); + return -1; + } + + prev = wpa_s->ext_eapol_frame_io; + wpa_s->ext_eapol_frame_io = 0; + ret = wpa_ether_send(wpa_s, dst, ETH_P_EAPOL, buf, len); + wpa_s->ext_eapol_frame_io = prev; + os_free(buf); + + return ret; +} + + static u16 ipv4_hdr_checksum(const void *buf, size_t len) { size_t i; @@ -11514,6 +11554,9 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s, } else if (os_strncmp(buf, "EAPOL_RX ", 9) == 0) { if (wpas_ctrl_iface_eapol_rx(wpa_s, buf + 9) < 0) reply_len = -1; + } else if (os_strncmp(buf, "EAPOL_TX ", 9) == 0) { + if (wpas_ctrl_iface_eapol_tx(wpa_s, buf + 9) < 0) + reply_len = -1; } else if (os_strncmp(buf, "DATA_TEST_CONFIG ", 17) == 0) { if (wpas_ctrl_iface_data_test_config(wpa_s, buf + 17) < 0) reply_len = -1; diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c index 2bcf10b4e259..40ef8aeb510f 100644 --- a/wpa_supplicant/dpp_supplicant.c +++ b/wpa_supplicant/dpp_supplicant.c @@ -3546,7 +3546,7 @@ static void wpas_dpp_chirp_scan_res_handler(struct wpa_supplicant *wpa_s, struct hostapd_hw_modes *mode; int c; struct wpa_bss *bss; - bool chan6; + bool chan6 = wpa_s->hw.modes == NULL; if (!bi && !wpa_s->dpp_reconfig_ssid) return; @@ -3566,7 +3566,6 @@ static void wpas_dpp_chirp_scan_res_handler(struct wpa_supplicant *wpa_s, /* Preferred chirping channels */ mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes, HOSTAPD_MODE_IEEE80211G, false); - chan6 = mode == NULL; if (mode) { for (c = 0; c < mode->num_channels; c++) { struct hostapd_channel_data *chan = &mode->channels[c]; diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c index b3c07f926b69..b511d1cc1457 100644 --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c @@ -1853,7 +1853,7 @@ wpas_get_est_throughput_from_bss_snr(const struct wpa_supplicant *wpa_s, const u8 *ies = wpa_bss_ie_ptr(bss); size_t ie_len = bss->ie_len ? bss->ie_len : bss->beacon_ie_len; - return wpas_get_est_tpt(wpa_s, ies, ie_len, rate, snr); + return wpas_get_est_tpt(wpa_s, ies, ie_len, rate, snr, bss->freq); } diff --git a/wpa_supplicant/scan.c b/wpa_supplicant/scan.c index c53474dae26b..c194806cd7f2 100644 --- a/wpa_supplicant/scan.c +++ b/wpa_supplicant/scan.c @@ -2039,14 +2039,22 @@ static int wpa_scan_result_compar(const void *a, const void *b) snr_b = snr_b_full = wb->level; } - /* if SNR is close, decide by max rate or frequency band */ - if (snr_a && snr_b && abs(snr_b - snr_a) < 7) { + /* If SNR is close, decide by max rate or frequency band. For cases + * involving the 6 GHz band, use the throughput estimate irrespective + * of the SNR difference since the LPI/VLP rules may result in + * significant differences in SNR for cases where the estimated + * throughput can be considerably higher with the lower SNR. */ + if (snr_a && snr_b && (abs(snr_b - snr_a) < 7 || + is_6ghz_freq(wa->freq) || + is_6ghz_freq(wb->freq))) { if (wa->est_throughput != wb->est_throughput) return (int) wb->est_throughput - (int) wa->est_throughput; } if ((snr_a && snr_b && abs(snr_b - snr_a) < 5) || (wa->qual && wb->qual && abs(wb->qual - wa->qual) < 10)) { + if (is_6ghz_freq(wa->freq) ^ is_6ghz_freq(wb->freq)) + return is_6ghz_freq(wa->freq) ? -1 : 1; if (IS_5GHZ(wa->freq) ^ IS_5GHZ(wb->freq)) return IS_5GHZ(wa->freq) ? -1 : 1; } @@ -2207,9 +2215,10 @@ void filter_scan_res(struct wpa_supplicant *wpa_s, void scan_snr(struct wpa_scan_res *res) { if (res->flags & WPA_SCAN_NOISE_INVALID) { - res->noise = IS_5GHZ(res->freq) ? - DEFAULT_NOISE_FLOOR_5GHZ : - DEFAULT_NOISE_FLOOR_2GHZ; + res->noise = is_6ghz_freq(res->freq) ? + DEFAULT_NOISE_FLOOR_6GHZ : + (IS_5GHZ(res->freq) ? + DEFAULT_NOISE_FLOOR_5GHZ : DEFAULT_NOISE_FLOOR_2GHZ); } if (res->flags & WPA_SCAN_LEVEL_DBM) { @@ -2276,6 +2285,92 @@ static const struct minsnr_bitrate_entry vht80_table[] = { }; +static const struct minsnr_bitrate_entry vht160_table[] = { + { 0, 0 }, + { 11, 58500 }, /* VHT160 MCS0 */ + { 14, 117000 }, /* VHT160 MCS1 */ + { 18, 175500 }, /* VHT160 MCS2 */ + { 20, 234000 }, /* VHT160 MCS3 */ + { 24, 351000 }, /* VHT160 MCS4 */ + { 27, 468000 }, /* VHT160 MCS5 */ + { 29, 526500 }, /* VHT160 MCS6 */ + { 34, 585000 }, /* VHT160 MCS7 */ + { 38, 702000 }, /* VHT160 MCS8 */ + { 40, 780000 }, /* VHT160 MCS9 */ + { -1, 780000 } /* SNR > 37 */ +}; + + +static const struct minsnr_bitrate_entry he20_table[] = { + { 0, 0 }, + { 2, 8600 }, /* HE20 MCS0 */ + { 5, 17200 }, /* HE20 MCS1 */ + { 9, 25800 }, /* HE20 MCS2 */ + { 11, 34400 }, /* HE20 MCS3 */ + { 15, 51600 }, /* HE20 MCS4 */ + { 18, 68800 }, /* HE20 MCS5 */ + { 20, 77400 }, /* HE20 MCS6 */ + { 25, 86000 }, /* HE20 MCS7 */ + { 29, 103200 }, /* HE20 MCS8 */ + { 31, 114700 }, /* HE20 MCS9 */ + { 34, 129000 }, /* HE20 MCS10 */ + { 36, 143400 }, /* HE20 MCS11 */ + { -1, 143400 } /* SNR > 29 */ +}; + +static const struct minsnr_bitrate_entry he40_table[] = { + { 0, 0 }, + { 5, 17200 }, /* HE40 MCS0 */ + { 8, 34400 }, /* HE40 MCS1 */ + { 12, 51600 }, /* HE40 MCS2 */ + { 14, 68800 }, /* HE40 MCS3 */ + { 18, 103200 }, /* HE40 MCS4 */ + { 21, 137600 }, /* HE40 MCS5 */ + { 23, 154900 }, /* HE40 MCS6 */ + { 28, 172100 }, /* HE40 MCS7 */ + { 32, 206500 }, /* HE40 MCS8 */ + { 34, 229400 }, /* HE40 MCS9 */ + { 37, 258100 }, /* HE40 MCS10 */ + { 39, 286800 }, /* HE40 MCS11 */ + { -1, 286800 } /* SNR > 34 */ +}; + +static const struct minsnr_bitrate_entry he80_table[] = { + { 0, 0 }, + { 8, 36000 }, /* HE80 MCS0 */ + { 11, 72100 }, /* HE80 MCS1 */ + { 15, 108100 }, /* HE80 MCS2 */ + { 17, 144100 }, /* HE80 MCS3 */ + { 21, 216200 }, /* HE80 MCS4 */ + { 24, 288200 }, /* HE80 MCS5 */ + { 26, 324300 }, /* HE80 MCS6 */ + { 31, 360300 }, /* HE80 MCS7 */ + { 35, 432400 }, /* HE80 MCS8 */ + { 37, 480400 }, /* HE80 MCS9 */ + { 40, 540400 }, /* HE80 MCS10 */ + { 42, 600500 }, /* HE80 MCS11 */ + { -1, 600500 } /* SNR > 37 */ +}; + + +static const struct minsnr_bitrate_entry he160_table[] = { + { 0, 0 }, + { 11, 72100 }, /* HE160 MCS0 */ + { 14, 144100 }, /* HE160 MCS1 */ + { 18, 216200 }, /* HE160 MCS2 */ + { 20, 288200 }, /* HE160 MCS3 */ + { 24, 432400 }, /* HE160 MCS4 */ + { 27, 576500 }, /* HE160 MCS5 */ + { 29, 648500 }, /* HE160 MCS6 */ + { 34, 720600 }, /* HE160 MCS7 */ + { 38, 864700 }, /* HE160 MCS8 */ + { 40, 960800 }, /* HE160 MCS9 */ + { 43, 1080900 }, /* HE160 MCS10 */ + { 45, 1201000 }, /* HE160 MCS11 */ + { -1, 1201000 } /* SNR > 37 */ +}; + + static unsigned int interpolate_rate(int snr, int snr0, int snr1, int rate0, int rate1) { @@ -2320,11 +2415,34 @@ static unsigned int max_vht80_rate(int snr) } +static unsigned int max_vht160_rate(int snr) +{ + return max_rate(vht160_table, snr, 1); +} + + +static unsigned int max_he_rate(const struct minsnr_bitrate_entry table[], + int snr) +{ + const struct minsnr_bitrate_entry *prev, *entry = table; + + while (entry->minsnr != -1 && snr >= entry->minsnr) + entry++; + if (entry == table) + return 0; + prev = entry - 1; + if (entry->minsnr == -1) + return prev->bitrate; + return interpolate_rate(snr, prev->minsnr, entry->minsnr, + prev->bitrate, entry->bitrate); +} + + unsigned int wpas_get_est_tpt(const struct wpa_supplicant *wpa_s, const u8 *ies, size_t ies_len, int rate, - int snr) + int snr, int freq) { - enum local_hw_capab capab = wpa_s->hw_capab; + struct hostapd_hw_modes *hw_mode; unsigned int est, tmp; const u8 *ie; @@ -2369,7 +2487,10 @@ unsigned int wpas_get_est_tpt(const struct wpa_supplicant *wpa_s, rate = 54 * 2; est = rate * 500; - if (capab == CAPAB_HT || capab == CAPAB_HT40 || capab == CAPAB_VHT) { + hw_mode = get_mode_with_freq(wpa_s->hw.modes, wpa_s->hw.num_modes, + freq); + + if (hw_mode && hw_mode->ht_capab) { ie = get_ie(ies, ies_len, WLAN_EID_HT_CAP); if (ie) { tmp = max_ht20_rate(snr, false); @@ -2378,7 +2499,8 @@ unsigned int wpas_get_est_tpt(const struct wpa_supplicant *wpa_s, } } - if (capab == CAPAB_HT40 || capab == CAPAB_VHT) { + if (hw_mode && + (hw_mode->ht_capab & HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) { ie = get_ie(ies, ies_len, WLAN_EID_HT_OPERATION); if (ie && ie[1] >= 2 && (ie[3] & HT_INFO_HT_PARAM_SECONDARY_CHNL_OFF_MASK)) { @@ -2388,10 +2510,12 @@ unsigned int wpas_get_est_tpt(const struct wpa_supplicant *wpa_s, } } - if (capab == CAPAB_VHT) { + if (hw_mode && hw_mode->vht_capab) { /* Use +1 to assume VHT is always faster than HT */ ie = get_ie(ies, ies_len, WLAN_EID_VHT_CAP); if (ie) { + bool vht80 = false, vht160 = false; + tmp = max_ht20_rate(snr, true) + 1; if (tmp > est) est = tmp; @@ -2405,13 +2529,82 @@ unsigned int wpas_get_est_tpt(const struct wpa_supplicant *wpa_s, est = tmp; } + /* Determine VHT BSS bandwidth based on IEEE Std + * 802.11-2020, Table 11-23 (VHT BSs bandwidth) */ ie = get_ie(ies, ies_len, WLAN_EID_VHT_OPERATION); - if (ie && ie[1] >= 1 && - (ie[2] & VHT_OPMODE_CHANNEL_WIDTH_MASK)) { + if (ie && ie[1] >= 3) { + u8 cw = ie[2] & VHT_OPMODE_CHANNEL_WIDTH_MASK; + u8 seg0 = ie[3]; + u8 seg1 = ie[4]; + + if (cw) + vht80 = true; + if (cw == 2 || + (cw == 3 && + (seg1 > 0 && abs(seg1 - seg0) == 16))) + vht160 = true; + if (cw == 1 && + ((seg1 > 0 && abs(seg1 - seg0) == 8) || + (seg1 > 0 && abs(seg1 - seg0) == 16))) + vht160 = true; + } + + if (vht80) { tmp = max_vht80_rate(snr) + 1; if (tmp > est) est = tmp; } + + if (vht160 && + (hw_mode->vht_capab & + (VHT_CAP_SUPP_CHAN_WIDTH_160MHZ | + VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ))) { + tmp = max_vht160_rate(snr) + 1; + if (tmp > est) + est = tmp; + } + } + } + + if (hw_mode && hw_mode->he_capab[IEEE80211_MODE_INFRA].he_supported) { + /* Use +2 to assume HE is always faster than HT/VHT */ + struct ieee80211_he_capabilities *he; + struct he_capabilities *own_he; + u8 cw; + + ie = get_ie_ext(ies, ies_len, WLAN_EID_EXT_HE_CAPABILITIES); + if (!ie || (ie[1] < 1 + IEEE80211_HE_CAPAB_MIN_LEN)) + return est; + he = (struct ieee80211_he_capabilities *) &ie[3]; + own_he = &hw_mode->he_capab[IEEE80211_MODE_INFRA]; + + tmp = max_he_rate(he20_table, snr) + 2; + if (tmp > est) + est = tmp; + + cw = he->he_phy_capab_info[HE_PHYCAP_CHANNEL_WIDTH_SET_IDX] & + own_he->phy_cap[HE_PHYCAP_CHANNEL_WIDTH_SET_IDX]; + if (cw & + (IS_2P4GHZ(freq) ? HE_PHYCAP_CHANNEL_WIDTH_SET_40MHZ_IN_2G : + HE_PHYCAP_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G)) { + tmp = max_he_rate(he40_table, snr) + 2; + if (tmp > est) + est = tmp; + } + + if (!IS_2P4GHZ(freq) && + (cw & HE_PHYCAP_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G)) { + tmp = max_he_rate(he80_table, snr) + 2; + if (tmp > est) + est = tmp; + } + + if (!IS_2P4GHZ(freq) && + (cw & (HE_PHYCAP_CHANNEL_WIDTH_SET_160MHZ_IN_5G | + HE_PHYCAP_CHANNEL_WIDTH_SET_80PLUS80MHZ_IN_5G))) { + tmp = max_he_rate(he160_table, snr) + 2; + if (tmp > est) + est = tmp; } } @@ -2436,7 +2629,7 @@ void scan_est_throughput(struct wpa_supplicant *wpa_s, if (!ie_len) ie_len = res->beacon_ie_len; res->est_throughput = - wpas_get_est_tpt(wpa_s, ies, ie_len, rate, snr); + wpas_get_est_tpt(wpa_s, ies, ie_len, rate, snr, res->freq); /* TODO: channel utilization and AP load (e.g., from AP Beacon) */ } diff --git a/wpa_supplicant/scan.h b/wpa_supplicant/scan.h index 8eb5c73e275e..d1780eb09979 100644 --- a/wpa_supplicant/scan.h +++ b/wpa_supplicant/scan.h @@ -16,6 +16,7 @@ */ #define DEFAULT_NOISE_FLOOR_2GHZ (-89) #define DEFAULT_NOISE_FLOOR_5GHZ (-92) +#define DEFAULT_NOISE_FLOOR_6GHZ (-92) /* * Channels with a great SNR can operate at full rate. What is a great SNR? @@ -29,7 +30,8 @@ */ #define GREAT_SNR 25 -#define IS_5GHZ(n) (n > 4000) +#define IS_2P4GHZ(n) (n >= 2412 && n <= 2484) +#define IS_5GHZ(n) (n > 4000 && n < 5895) int wpa_supplicant_enabled_networks(struct wpa_supplicant *wpa_s); void wpa_supplicant_req_scan(struct wpa_supplicant *wpa_s, int sec, int usec); @@ -84,7 +86,7 @@ void scan_est_throughput(struct wpa_supplicant *wpa_s, struct wpa_scan_res *res); unsigned int wpas_get_est_tpt(const struct wpa_supplicant *wpa_s, const u8 *ies, size_t ies_len, int rate, - int snr); + int snr, int freq); void wpa_supplicant_set_default_scan_ies(struct wpa_supplicant *wpa_s); int wpa_add_scan_freqs_list(struct wpa_supplicant *wpa_s, enum hostapd_hw_mode band, diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c index 835b33575760..0d9b9caa5906 100644 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c @@ -461,16 +461,22 @@ void free_hw_features(struct wpa_supplicant *wpa_s) } +static void remove_bss_tmp_disallowed_entry(struct wpa_supplicant *wpa_s, + struct wpa_bss_tmp_disallowed *bss) +{ + eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout, wpa_s, bss); + dl_list_del(&bss->list); + os_free(bss); +} + + void free_bss_tmp_disallowed(struct wpa_supplicant *wpa_s) { struct wpa_bss_tmp_disallowed *bss, *prev; dl_list_for_each_safe(bss, prev, &wpa_s->bss_tmp_disallowed, - struct wpa_bss_tmp_disallowed, list) { - eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout, wpa_s, bss); - dl_list_del(&bss->list); - os_free(bss); - } + struct wpa_bss_tmp_disallowed, list) + remove_bss_tmp_disallowed_entry(wpa_s, bss); } @@ -4780,6 +4786,8 @@ void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr, } #ifdef CONFIG_TESTING_OPTIONS + wpa_msg_ctrl(wpa_s, MSG_INFO, "EAPOL-RX " MACSTR " %zu", + MAC2STR(src_addr), len); if (wpa_s->ignore_auth_resp) { wpa_printf(MSG_INFO, "RX EAPOL - ignore_auth_resp active!"); return; @@ -8111,6 +8119,22 @@ struct hostapd_hw_modes * get_mode(struct hostapd_hw_modes *modes, } +struct hostapd_hw_modes * get_mode_with_freq(struct hostapd_hw_modes *modes, + u16 num_modes, int freq) +{ + int i, j; + + for (i = 0; i < num_modes; i++) { + for (j = 0; j < modes[i].num_channels; j++) { + if (freq == modes[i].channels[j].freq) + return &modes[i]; + } + } + + return NULL; +} + + static struct wpa_bss_tmp_disallowed * wpas_get_disallowed_bss(struct wpa_supplicant *wpa_s, const u8 *bssid) @@ -8158,8 +8182,7 @@ static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx, void *timeout_ctx) dl_list_for_each(tmp, &wpa_s->bss_tmp_disallowed, struct wpa_bss_tmp_disallowed, list) { if (bss == tmp) { - dl_list_del(&tmp->list); - os_free(tmp); + remove_bss_tmp_disallowed_entry(wpa_s, tmp); wpa_set_driver_tmp_disallow_list(wpa_s); break; } @@ -8212,8 +8235,11 @@ int wpa_is_bss_tmp_disallowed(struct wpa_supplicant *wpa_s, return 0; if (disallowed->rssi_threshold != 0 && - bss->level > disallowed->rssi_threshold) + bss->level > disallowed->rssi_threshold) { + remove_bss_tmp_disallowed_entry(wpa_s, disallowed); + wpa_set_driver_tmp_disallow_list(wpa_s); return 0; + } return 1; } diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h index 49007cfc2e8f..6877f5a9960d 100644 --- a/wpa_supplicant/wpa_supplicant_i.h +++ b/wpa_supplicant/wpa_supplicant_i.h @@ -1701,6 +1701,8 @@ int wpas_sched_scan_plans_set(struct wpa_supplicant *wpa_s, const char *cmd); struct hostapd_hw_modes * get_mode(struct hostapd_hw_modes *modes, u16 num_modes, enum hostapd_hw_mode mode, bool is_6ghz); +struct hostapd_hw_modes * get_mode_with_freq(struct hostapd_hw_modes *modes, + u16 num_modes, int freq); void wpa_bss_tmp_disallow(struct wpa_supplicant *wpa_s, const u8 *bssid, unsigned int sec, int rssi_threshold); diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c index 240e3d2d9ba9..96818697882f 100644 --- a/wpa_supplicant/wpas_glue.c +++ b/wpa_supplicant/wpas_glue.c @@ -95,8 +95,8 @@ static u8 * wpa_alloc_eapol(const struct wpa_supplicant *wpa_s, u8 type, * @len: Frame payload length * Returns: >=0 on success, <0 on failure */ -static int wpa_ether_send(struct wpa_supplicant *wpa_s, const u8 *dest, - u16 proto, const u8 *buf, size_t len) +int wpa_ether_send(struct wpa_supplicant *wpa_s, const u8 *dest, + u16 proto, const u8 *buf, size_t len) { #ifdef CONFIG_TESTING_OPTIONS if (wpa_s->ext_eapol_frame_io && proto == ETH_P_EAPOL) { diff --git a/wpa_supplicant/wpas_glue.h b/wpa_supplicant/wpas_glue.h index 5585e5615a65..338af4e650a7 100644 --- a/wpa_supplicant/wpas_glue.h +++ b/wpa_supplicant/wpas_glue.h @@ -15,6 +15,8 @@ int wpa_supplicant_init_eapol(struct wpa_supplicant *wpa_s); int wpa_supplicant_init_wpa(struct wpa_supplicant *wpa_s); void wpa_supplicant_rsn_supp_set_config(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid); +int wpa_ether_send(struct wpa_supplicant *wpa_s, const u8 *dest, + u16 proto, const u8 *buf, size_t len); const char * wpa_supplicant_ctrl_req_to_string(enum wpa_ctrl_req_type field, const char *default_txt, -- cgit v1.2.3