mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2025-02-08 08:27:00 +00:00
Code Issues Releases Activity

wpa: Import wpa_supplicant/hostapd commit e8662e9d4

Browse Source 
This is the June update to vendor/wpa committed upstream 2021/06/03.
This commit is contained in:
Cy Schubert 2021-06-03 09:15:01 -07:00
parent efec822389
commit 40c7ff83e7
73 changed files with 1618 additions and 388 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
hostapd/Android.mk
View File

@ -34,6 +34,10 @@ ifeq ($(BOARD_HOSTAPD_PRIVATE_LIB),)
L_CFLAGS += -DANDROID_LIB_STUB
endif
ifneq ($(BOARD_HOSTAPD_PRIVATE_LIB_EVENT),)
L_CFLAGS += -DANDROID_LIB_EVENT
endif
# Use Android specific directory for control interface sockets
L_CFLAGS += -DCONFIG_CTRL_IFACE_CLIENT_DIR=\"/data/misc/wifi/sockets\"
L_CFLAGS += -DCONFIG_CTRL_IFACE_DIR=\"/data/system/hostapd\"

2
hostapd/config_file.c
View File

@ -3511,6 +3511,8 @@ static int hostapd_config_fill(struct hostapd_config *conf,
conf->he_op.he_default_pe_duration = atoi(pos);
} else if (os_strcmp(buf, "he_twt_required") == 0) {
conf->he_op.he_twt_required = atoi(pos);
} else if (os_strcmp(buf, "he_twt_responder") == 0) {
conf->he_op.he_twt_responder = atoi(pos);
} else if (os_strcmp(buf, "he_rts_threshold") == 0) {
conf->he_op.he_rts_threshold = atoi(pos);
} else if (os_strcmp(buf, "he_basic_mcs_nss_set") == 0) {

68
hostapd/ctrl_iface.c
View File

@ -1946,6 +1946,52 @@ static int hostapd_ctrl_iface_eapol_rx(struct hostapd_data *hapd, char *cmd)
}
static int hostapd_ctrl_iface_eapol_tx(struct hostapd_data *hapd, char *cmd)
{
char *pos, *pos2;
u8 dst[ETH_ALEN], *buf;
int used, ret;
size_t len;
unsigned int prev;
int encrypt = 0;
wpa_printf(MSG_DEBUG, "External EAPOL TX: %s", cmd);
pos = cmd;
used = hwaddr_aton2(pos, dst);
if (used < 0)
return -1;
pos += used;
while (*pos == ' ')
pos++;
pos2 = os_strchr(pos, ' ');
if (pos2) {
len = pos2 - pos;
encrypt = os_strstr(pos2, "encrypt=1") != NULL;
} else {
len = os_strlen(pos);
}
if (len & 1)
return -1;
len /= 2;
buf = os_malloc(len);
if (!buf || hexstr2bin(pos, buf, len) < 0) {
os_free(buf);
return -1;
}
prev = hapd->ext_eapol_frame_io;
hapd->ext_eapol_frame_io = 0;
ret = hostapd_wpa_auth_send_eapol(hapd, dst, buf, len, encrypt);
hapd->ext_eapol_frame_io = prev;
os_free(buf);
return ret;
}
static u16 ipv4_hdr_checksum(const void *buf, size_t len)
{
size_t i;
@ -2524,6 +2570,22 @@ static int hostapd_ctrl_resend_group_m1(struct hostapd_data *hapd,
}
static int hostapd_ctrl_rekey_ptk(struct hostapd_data *hapd, const char *cmd)
{
struct sta_info *sta;
u8 addr[ETH_ALEN];
if (hwaddr_aton(cmd, addr))
return -1;
sta = ap_get_sta(hapd, addr);
if (!sta || !sta->wpa_sm)
return -1;
return wpa_auth_rekey_ptk(hapd->wpa_auth, sta->wpa_sm);
}
static int hostapd_ctrl_get_pmksa_pmk(struct hostapd_data *hapd, const u8 *addr,
char *buf, size_t buflen)
{
@ -3635,6 +3697,9 @@ static int hostapd_ctrl_iface_receive_process(struct hostapd_data *hapd,
} else if (os_strncmp(buf, "EAPOL_RX ", 9) == 0) {
if (hostapd_ctrl_iface_eapol_rx(hapd, buf + 9) < 0)
reply_len = -1;
} else if (os_strncmp(buf, "EAPOL_TX ", 9) == 0) {
if (hostapd_ctrl_iface_eapol_tx(hapd, buf + 9) < 0)
reply_len = -1;
} else if (os_strncmp(buf, "DATA_TEST_CONFIG ", 17) == 0) {
if (hostapd_ctrl_iface_data_test_config(hapd, buf + 17) < 0)
reply_len = -1;
@ -3670,6 +3735,9 @@ static int hostapd_ctrl_iface_receive_process(struct hostapd_data *hapd,
} else if (os_strncmp(buf, "RESEND_GROUP_M1 ", 16) == 0) {
if (hostapd_ctrl_resend_group_m1(hapd, buf + 16) < 0)
reply_len = -1;
} else if (os_strncmp(buf, "REKEY_PTK ", 10) == 0) {
if (hostapd_ctrl_rekey_ptk(hapd, buf + 10) < 0)
reply_len = -1;
} else if (os_strcmp(buf, "REKEY_GTK") == 0) {
if (wpa_auth_rekey_gtk(hapd->wpa_auth) < 0)
reply_len = -1;

10
hostapd/hostapd.conf
View File

@ -831,12 +831,22 @@ wmm_ac_vo_acm=0
# 1 = required
#he_twt_required=0
#he_twt_responder: Whether TWT (HE) responder is enabled
# 0 = disabled
# 1 = enabled if supported by the driver (default)
#he_twt_responder=1
#he_rts_threshold: Duration of STA transmission
# 0 = not set (default)
# unsigned integer = duration in units of 16 us
#he_rts_threshold=0
# HE operating channel information; see matching vht_* parameters for details.
# he_oper_centr_freq_seg0_idx field is used to indicate center frequency of 80
# and 160 MHz bandwidth operation. In 80+80 MHz operation, it is the center
# frequency of the lower frequency segment. he_oper_centr_freq_seg1_idx field
# is used only with 80+80 MHz bandwidth operation and it is used to transmit
# the center frequency of the second segment.
# On the 6 GHz band the center freq calculation starts from 5.950 GHz offset.
# For example idx=3 would result in 5965 MHz center frequency. In addition,
# he_oper_chwidth is ignored, and the channel width is derived from the

52
src/ap/acs.c
View File

@ -372,40 +372,47 @@ acs_survey_chan_interference_factor(struct hostapd_iface *iface,
}
static int acs_usable_ht40_chan(const struct hostapd_channel_data *chan)
static int acs_usable_bw40_chan(const struct hostapd_channel_data *chan)
{
const int allowed[] = { 36, 44, 52, 60, 100, 108, 116, 124, 132, 149,
157, 184, 192 };
const int allowed[] = { 5180, 5220, 5260, 5300, 5500, 5540, 5580, 5620,
5660, 5745, 5785, 4920, 4960, 5955, 5995, 6035,
6075, 6115, 6155, 6195, 6235, 6275, 6315, 6355,
6395, 6435, 6475, 6515, 6555, 6595, 6635, 6675,
6715, 6755, 6795, 6835, 6875, 6915, 6955, 6995,
7035, 7075 };
unsigned int i;
for (i = 0; i < ARRAY_SIZE(allowed); i++)
if (chan->chan == allowed[i])
if (chan->freq == allowed[i])
return 1;
return 0;
}
static int acs_usable_vht80_chan(const struct hostapd_channel_data *chan)
static int acs_usable_bw80_chan(const struct hostapd_channel_data *chan)
{
const int allowed[] = { 36, 52, 100, 116, 132, 149 };
const int allowed[] = { 5180, 5260, 5550, 5580, 5660, 5745, 5955, 6035,
6115, 6195, 6275, 6355, 6435, 6515, 6595, 6675,
6755, 6835, 6915, 6995 };
unsigned int i;
for (i = 0; i < ARRAY_SIZE(allowed); i++)
if (chan->chan == allowed[i])
if (chan->freq == allowed[i])
return 1;
return 0;
}
static int acs_usable_vht160_chan(const struct hostapd_channel_data *chan)
static int acs_usable_bw160_chan(const struct hostapd_channel_data *chan)
{
const int allowed[] = { 36, 100 };
const int allowed[] = { 5180, 5500, 5955, 6115, 6275, 6435, 6595, 6755,
6915 };
unsigned int i;
for (i = 0; i < ARRAY_SIZE(allowed); i++)
if (chan->chan == allowed[i])
if (chan->freq == allowed[i])
return 1;
return 0;
@ -678,10 +685,12 @@ acs_find_ideal_chan_mode(struct hostapd_iface *iface,
/* HT40 on 5 GHz has a limited set of primary channels as per
* 11n Annex J */
if (mode->mode == HOSTAPD_MODE_IEEE80211A &&
iface->conf->ieee80211n &&
iface->conf->secondary_channel &&
!acs_usable_ht40_chan(chan)) {
wpa_printf(MSG_DEBUG, "ACS: Channel %d: not allowed as primary channel for HT40",
((iface->conf->ieee80211n &&
iface->conf->secondary_channel) ||
is_6ghz_freq(chan->freq)) &&
!acs_usable_bw40_chan(chan)) {
wpa_printf(MSG_DEBUG,
"ACS: Channel %d: not allowed as primary channel for 40 MHz bandwidth",
chan->chan);
continue;
}
@ -690,18 +699,18 @@ acs_find_ideal_chan_mode(struct hostapd_iface *iface,
(iface->conf->ieee80211ac || iface->conf->ieee80211ax)) {
if (hostapd_get_oper_chwidth(iface->conf) ==
CHANWIDTH_80MHZ &&
!acs_usable_vht80_chan(chan)) {
!acs_usable_bw80_chan(chan)) {
wpa_printf(MSG_DEBUG,
"ACS: Channel %d: not allowed as primary channel for VHT80",
"ACS: Channel %d: not allowed as primary channel for 80 MHz bandwidth",
chan->chan);
continue;
}
if (hostapd_get_oper_chwidth(iface->conf) ==
CHANWIDTH_160MHZ &&
!acs_usable_vht160_chan(chan)) {
!acs_usable_bw160_chan(chan)) {
wpa_printf(MSG_DEBUG,
"ACS: Channel %d: not allowed as primary channel for VHT160",
"ACS: Channel %d: not allowed as primary channel for 160 MHz bandwidth",
chan->chan);
continue;
}
@ -832,6 +841,12 @@ acs_find_ideal_chan(struct hostapd_iface *iface)
u32 bw;
struct hostapd_hw_modes *mode;
if (is_6ghz_op_class(iface->conf->op_class)) {
bw = op_class_to_bandwidth(iface->conf->op_class);
n_chans = bw / 20;
goto bw_selected;
}
/* TODO: HT40- support */
if (iface->conf->ieee80211n &&
@ -857,6 +872,7 @@ acs_find_ideal_chan(struct hostapd_iface *iface)
bw = num_chan_to_bw(n_chans);
bw_selected:
/* TODO: VHT/HE80+80. Update acs_adjust_center_freq() too. */
wpa_printf(MSG_DEBUG,

1
src/ap/ap_config.c
View File

@ -274,6 +274,7 @@ struct hostapd_config * hostapd_config_defaults(void)
conf->he_op.he_bss_color_disabled = 1;
conf->he_op.he_bss_color_partial = 0;
conf->he_op.he_bss_color = 1;
conf->he_op.he_twt_responder = 1;
conf->he_6ghz_max_mpdu = 2;
conf->he_6ghz_max_ampdu_len_exp = 7;
conf->he_6ghz_rx_ant_pat = 1;

1
src/ap/ap_config.h
View File

@ -914,6 +914,7 @@ struct he_operation {
u8 he_bss_color_partial;
u8 he_default_pe_duration;
u8 he_twt_required;
u8 he_twt_responder;
u16 he_rts_threshold;
u16 he_basic_mcs_nss_set;
};

5
src/ap/beacon.c
View File

@ -1753,6 +1753,11 @@ int ieee802_11_set_beacon(struct hostapd_data *hapd)
struct wpabuf *beacon, *proberesp, *assocresp;
int res, ret = -1;
if (!hapd->drv_priv) {
wpa_printf(MSG_ERROR, "Interface is disabled");
return -1;
}
if (hapd->csa_in_progress) {
wpa_printf(MSG_ERROR, "Cannot set beacons during CSA period");
return -1;

9
src/ap/dpp_hostapd.c
View File

@ -757,7 +757,7 @@ static void hostapd_dpp_rx_auth_req(struct hostapd_data *hapd, const u8 *src,
if (!own_bi) {
if (dpp_relay_rx_action(hapd->iface->interfaces->dpp,
src, hdr, buf, len, freq, i_bootstrap,
r_bootstrap) == 0)
r_bootstrap, hapd) == 0)
return;
}
#endif /* CONFIG_DPP2 */
@ -1276,7 +1276,7 @@ hostapd_dpp_rx_presence_announcement(struct hostapd_data *hapd, const u8 *src,
if (!peer_bi) {
if (dpp_relay_rx_action(hapd->iface->interfaces->dpp,
src, hdr, buf, len, freq, NULL,
r_bootstrap) == 0)
r_bootstrap, hapd) == 0)
return;
wpa_printf(MSG_DEBUG,
"DPP: No matching bootstrapping information found");
@ -1366,7 +1366,7 @@ hostapd_dpp_rx_reconfig_announcement(struct hostapd_data *hapd, const u8 *src,
if (!conf) {
if (dpp_relay_rx_action(hapd->iface->interfaces->dpp,
src, hdr, buf, len, freq, NULL,
NULL) == 0)
NULL, hapd) == 0)
return;
wpa_printf(MSG_DEBUG,
"DPP: No matching Configurator information found");
@ -1892,7 +1892,8 @@ void hostapd_dpp_rx_action(struct hostapd_data *hapd, const u8 *src,
#ifdef CONFIG_DPP2
if (dpp_relay_rx_action(hapd->iface->interfaces->dpp,
src, hdr, buf, len, freq, NULL, NULL) == 0)
src, hdr, buf, len, freq, NULL, NULL,
hapd) == 0)
return;
#endif /* CONFIG_DPP2 */

21
src/ap/hostapd.c
View File

@ -1674,6 +1674,26 @@ static int configured_fixed_chan_to_freq(struct hostapd_iface *iface)
}
static void hostapd_set_6ghz_sec_chan(struct hostapd_iface *iface)
{
int bw, seg0;
if (!is_6ghz_op_class(iface->conf->op_class))
return;
seg0 = hostapd_get_oper_centr_freq_seg0_idx(iface->conf);
bw = center_idx_to_bw_6ghz(seg0);
/* Assign the secondary channel if absent in config for
* bandwidths > 20 MHz */
if (bw > 20 && !iface->conf->secondary_channel) {
if (((iface->conf->channel - 1) / 4) % 2)
iface->conf->secondary_channel = -1;
else
iface->conf->secondary_channel = 1;
}
}
static int setup_interface2(struct hostapd_iface *iface)
{
iface->wait_channel_update = 0;
@ -1693,6 +1713,7 @@ static int setup_interface2(struct hostapd_iface *iface)
ch_width = op_class_to_ch_width(iface->conf->op_class);
hostapd_set_oper_chwidth(iface->conf, ch_width);
hostapd_set_6ghz_sec_chan(iface);
}
ret = hostapd_select_hw_mode(iface);

10
src/ap/hw_features.c
View File

@ -917,8 +917,14 @@ static int hostapd_is_usable_chans(struct hostapd_iface *iface)
return 1;
if (hostapd_is_usable_chan(iface, iface->freq +
iface->conf->secondary_channel * 20, 0))
return 1;
iface->conf->secondary_channel * 20, 0)) {
if (iface->conf->secondary_channel == 1 &&
(pri_chan->allowed_bw & HOSTAPD_CHAN_WIDTH_40P))
return 1;
if (iface->conf->secondary_channel == -1 &&
(pri_chan->allowed_bw & HOSTAPD_CHAN_WIDTH_40M))
return 1;
}
if (!iface->conf->ht40_plus_minus_allowed)
return 0;

24
src/ap/ieee802_11_he.c
View File

@ -216,7 +216,10 @@ u8 * hostapd_eid_he_operation(struct hostapd_data *hapd, u8 *eid)
params |= HE_OPERATION_6GHZ_OPER_INFO;
/* 6 GHz Operation Information field */
/* 6 GHz Operation Information field
* IEEE P802.11ax/D8.0, 9.4.2.249 HE Operation element,
* Figure 9-788k
*/
*pos++ = hapd->iconf->channel; /* Primary Channel */
/* Control: Channel Width */
@ -226,6 +229,18 @@ u8 * hostapd_eid_he_operation(struct hostapd_data *hapd, u8 *eid)
*pos++ = center_idx_to_bw_6ghz(seg0);
/* Channel Center Freq Seg0/Seg1 */
if (hapd->iconf->he_oper_chwidth == 2) {
/*
* Seg 0 indicates the channel center frequency index of
* the 160 MHz channel.
*/
seg1 = seg0;
if (hapd->iconf->channel < seg0)
seg0 -= 8;
else
seg0 += 8;
}
*pos++ = seg0;
*pos++ = seg1;
/* Minimum Rate */
@ -434,8 +449,8 @@ u16 copy_sta_he_capab(struct hostapd_data *hapd, struct sta_info *sta,
enum ieee80211_op_mode opmode, const u8 *he_capab,
size_t he_capab_len)
{
if (!he_capab || !hapd->iconf->ieee80211ax ||
hapd->conf->disable_11ax ||
if (!he_capab || !(sta->flags & WLAN_STA_WMM) ||
!hapd->iconf->ieee80211ax || hapd->conf->disable_11ax ||
!check_valid_he_mcs(hapd, he_capab, opmode) ||
ieee80211_invalid_he_cap_size(he_capab, he_capab_len) ||
he_capab_len > sizeof(struct ieee80211_he_capabilities)) {
@ -499,5 +514,6 @@ int hostapd_get_he_twt_responder(struct hostapd_data *hapd,
mac_cap = hapd->iface->current_mode->he_capab[mode].mac_cap;
return !!(mac_cap[HE_MAC_CAPAB_0] & HE_MACCAP_TWT_RESPONDER);
return !!(mac_cap[HE_MAC_CAPAB_0] & HE_MACCAP_TWT_RESPONDER) &&
hapd->iface->conf->he_op.he_twt_responder;
}

2
src/ap/ieee802_11_vht.c
View File

@ -171,7 +171,7 @@ u16 copy_sta_vht_capab(struct hostapd_data *hapd, struct sta_info *sta,
const u8 *vht_capab)
{
/* Disable VHT caps for STAs associated to no-VHT BSSes. */
if (!vht_capab ||
if (!vht_capab || !(sta->flags & WLAN_STA_WMM) ||
!hapd->iconf->ieee80211ac || hapd->conf->disable_11ac ||
!check_valid_vht_mcs(hapd->iface->current_mode, vht_capab)) {
sta->flags &= ~WLAN_STA_VHT;

3
src/ap/pmksa_cache_auth.c
View File

@ -516,7 +516,8 @@ struct rsn_pmksa_cache_entry * pmksa_cache_get_okc(
for (entry = pmksa->pmksa; entry; entry = entry->next) {
if (os_memcmp(entry->spa, spa, ETH_ALEN) != 0)
continue;
if (wpa_key_mgmt_sae(entry->akmp)) {
if (wpa_key_mgmt_sae(entry->akmp) ||
wpa_key_mgmt_fils(entry->akmp)) {
if (os_memcmp(entry->pmkid, pmkid, PMKID_LEN) == 0)
return entry;
continue;

32
src/ap/wpa_auth.c
View File

@ -1001,6 +1001,18 @@ static int wpa_try_alt_snonce(struct wpa_state_machine *sm, u8 *data,
}
static bool wpa_auth_gtk_rekey_in_process(struct wpa_authenticator *wpa_auth)
{
struct wpa_group *group;
for (group = wpa_auth->group; group; group = group->next) {
if (group->GKeyDoneStations)
return true;
}
return false;
}
void wpa_receive(struct wpa_authenticator *wpa_auth,
struct wpa_state_machine *sm,
u8 *data, size_t data_len)
@ -1368,7 +1380,11 @@ continue_processing:
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
"received EAPOL-Key Request for GTK rekeying");
eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
wpa_rekey_gtk(wpa_auth, NULL);
if (wpa_auth_gtk_rekey_in_process(wpa_auth))
wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG,
"skip new GTK rekey - already in process");
else
wpa_rekey_gtk(wpa_auth, NULL);
}
} else {
/* Do not allow the same key replay counter to be reused. */
@ -3678,6 +3694,8 @@ SM_STATE(WPA_PTK, PTKINITDONE)
wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
"pairwise key handshake completed (%s)",
sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
wpa_msg(sm->wpa_auth->conf.msg_ctx, MSG_INFO, "EAPOL-4WAY-HS-COMPLETED "
MACSTR, MAC2STR(sm->addr));
#ifdef CONFIG_IEEE80211R_AP
wpa_ft_push_pmk_r1(sm->wpa_auth, sm->addr);
@ -5627,6 +5645,18 @@ int wpa_auth_rekey_gtk(struct wpa_authenticator *wpa_auth)
}
int wpa_auth_rekey_ptk(struct wpa_authenticator *wpa_auth,
struct wpa_state_machine *sm)
{
if (!wpa_auth || !sm)
return -1;
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "rekeying PTK");
wpa_request_new_ptk(sm);
wpa_sm_step(sm);
return 0;
}
void wpa_auth_set_ft_rsnxe_used(struct wpa_authenticator *wpa_auth, int val)
{
if (wpa_auth)

5
src/ap/wpa_auth.h
View File

@ -553,7 +553,12 @@ int wpa_auth_resend_m3(struct wpa_state_machine *sm,
int wpa_auth_resend_group_m1(struct wpa_state_machine *sm,
void (*cb)(void *ctx1, void *ctx2),
void *ctx1, void *ctx2);
int wpa_auth_rekey_ptk(struct wpa_authenticator *wpa_auth,
struct wpa_state_machine *sm);
int wpa_auth_rekey_gtk(struct wpa_authenticator *wpa_auth);
int hostapd_wpa_auth_send_eapol(void *ctx, const u8 *addr,
const u8 *data, size_t data_len,
int encrypt);
void wpa_auth_set_ptk_rekey_timer(struct wpa_state_machine *sm);
void wpa_auth_set_ft_rsnxe_used(struct wpa_authenticator *wpa_auth, int val);

6
src/ap/wpa_auth_glue.c
View File

@ -505,9 +505,9 @@ static int hostapd_wpa_auth_get_seqnum(void *ctx, const u8 *addr, int idx,
}
static int hostapd_wpa_auth_send_eapol(void *ctx, const u8 *addr,
const u8 *data, size_t data_len,
int encrypt)
int hostapd_wpa_auth_send_eapol(void *ctx, const u8 *addr,
const u8 *data, size_t data_len,
int encrypt)
{
struct hostapd_data *hapd = ctx;
struct sta_info *sta;

3
src/common/dpp.h
View File

@ -669,7 +669,8 @@ int dpp_relay_add_controller(struct dpp_global *dpp,
struct dpp_relay_config *config);
int dpp_relay_rx_action(struct dpp_global *dpp, const u8 *src, const u8 *hdr,
const u8 *buf, size_t len, unsigned int freq,
const u8 *i_bootstrap, const u8 *r_bootstrap);
const u8 *i_bootstrap, const u8 *r_bootstrap,
void *cb_ctx);
int dpp_relay_rx_gas_req(struct dpp_global *dpp, const u8 *src, const u8 *data,
size_t data_len);
int dpp_controller_start(struct dpp_global *dpp,

40
src/common/dpp_tcp.c
View File

@ -82,6 +82,7 @@ static void dpp_controller_auth_success(struct dpp_connection *conn,
int initiator);
static void dpp_tcp_build_csr(void *eloop_ctx, void *timeout_ctx);
static void dpp_tcp_gas_query_comeback(void *eloop_ctx, void *timeout_ctx);
static void dpp_relay_conn_timeout(void *eloop_ctx, void *timeout_ctx);
static void dpp_connection_free(struct dpp_connection *conn)
@ -97,6 +98,7 @@ static void dpp_connection_free(struct dpp_connection *conn)
conn, NULL);
eloop_cancel_timeout(dpp_tcp_build_csr, conn, NULL);
eloop_cancel_timeout(dpp_tcp_gas_query_comeback, conn, NULL);
eloop_cancel_timeout(dpp_relay_conn_timeout, conn, NULL);
wpabuf_free(conn->msg);
wpabuf_free(conn->msg_out);
dpp_auth_deinit(conn->auth);
@ -154,6 +156,24 @@ dpp_relay_controller_get(struct dpp_global *dpp, const u8 *pkhash)
}
static struct dpp_relay_controller *
dpp_relay_controller_get_ctx(struct dpp_global *dpp, void *cb_ctx)
{
struct dpp_relay_controller *ctrl;
if (!dpp)
return NULL;
dl_list_for_each(ctrl, &dpp->controllers, struct dpp_relay_controller,
list) {
if (cb_ctx == ctrl->cb_ctx)
return ctrl;
}
return NULL;
}
static void dpp_controller_gas_done(struct dpp_connection *conn)
{
struct dpp_authentication *auth = conn->auth;
@ -352,6 +372,16 @@ static int dpp_ipaddr_to_sockaddr(struct sockaddr *addr, socklen_t *addrlen,
}
static void dpp_relay_conn_timeout(void *eloop_ctx, void *timeout_ctx)
{
struct dpp_connection *conn = eloop_ctx;
wpa_printf(MSG_DEBUG,
"DPP: Timeout while waiting for relayed connection to complete");
dpp_connection_remove(conn);
}
static struct dpp_connection *
dpp_relay_new_conn(struct dpp_relay_controller *ctrl, const u8 *src,
unsigned int freq)
@ -412,8 +442,8 @@ dpp_relay_new_conn(struct dpp_relay_controller *ctrl, const u8 *src,
goto fail;
conn->write_eloop = 1;
/* TODO: eloop timeout to clear a connection if it does not complete
* properly */
eloop_cancel_timeout(dpp_relay_conn_timeout, conn, NULL);
eloop_register_timeout(20, 0, dpp_relay_conn_timeout, conn, NULL);
dl_list_add(&ctrl->conn, &conn->list);
return conn;
@ -465,7 +495,8 @@ static int dpp_relay_tx(struct dpp_connection *conn, const u8 *hdr,
int dpp_relay_rx_action(struct dpp_global *dpp, const u8 *src, const u8 *hdr,
const u8 *buf, size_t len, unsigned int freq,
const u8 *i_bootstrap, const u8 *r_bootstrap)
const u8 *i_bootstrap, const u8 *r_bootstrap,
void *cb_ctx)
{
struct dpp_relay_controller *ctrl;
struct dpp_connection *conn;
@ -493,8 +524,7 @@ int dpp_relay_rx_action(struct dpp_global *dpp, const u8 *src, const u8 *hdr,
type == DPP_PA_RECONFIG_ANNOUNCEMENT) {
/* TODO: Could send this to all configured Controllers. For now,
* only the first Controller is supported. */
ctrl = dl_list_first(&dpp->controllers,
struct dpp_relay_controller, list);
ctrl = dpp_relay_controller_get_ctx(dpp, cb_ctx);
} else {
if (!r_bootstrap)
return -1;

2
src/common/ieee802_11_defs.h
View File

@ -22,7 +22,7 @@
#define WLAN_FC_PWRMGT 0x1000
#define WLAN_FC_MOREDATA 0x2000
#define WLAN_FC_ISWEP 0x4000
#define WLAN_FC_ORDER 0x8000
#define WLAN_FC_HTC 0x8000
#define WLAN_FC_GET_TYPE(fc) (((fc) & 0x000c) >> 2)
#define WLAN_FC_GET_STYPE(fc) (((fc) & 0x00f0) >> 4)

365
src/common/qca-vendor.h
View File

@ -512,7 +512,9 @@ enum qca_radiotap_vendor_ids {
* @QCA_NL80211_VENDOR_SUBCMD_PEER_CFR_CAPTURE_CFG: This command is used to
* configure parameters per peer to capture Channel Frequency Response
* (CFR) and enable Periodic CFR capture. The attributes for this command
* are defined in enum qca_wlan_vendor_peer_cfr_capture_attr.
* are defined in enum qca_wlan_vendor_peer_cfr_capture_attr. This command
* can also be used to send CFR data from the driver to userspace when
* netlink events are used to send CFR data.
*
* @QCA_NL80211_VENDOR_SUBCMD_THROUGHPUT_CHANGE_EVENT: Event to indicate changes
* in throughput dynamically. The driver estimates the throughput based on
@ -700,6 +702,23 @@ enum qca_radiotap_vendor_ids {
* used with this event are defined in enum
* qca_wlan_vendor_attr_mbssid_tx_vdev_status.
*
* @QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_MULTI_STA_POLICY: Vendor command to
* configure the concurrent session policies when multiple STA interfaces
* are (getting) active. The attributes used by this command are defined
* in enum qca_wlan_vendor_attr_concurrent_sta_policy.
*
* @QCA_NL80211_VENDOR_SUBCMD_USABLE_CHANNELS: Userspace can use this command
* to query usable channels for different interface types such as STA,
* AP, P2P GO, P2P Client, NAN, etc. The driver shall report all usable
* channels in the response based on country code, different static
* configurations, concurrency combinations, etc. The attributes used
* with this command are defined in
* enum qca_wlan_vendor_attr_usable_channels.
*
* @QCA_NL80211_VENDOR_SUBCMD_GET_RADAR_HISTORY: This vendor subcommand is used
* to get DFS radar history from the driver to userspace. The driver
* returns QCA_WLAN_VENDOR_ATTR_RADAR_HISTORY_ENTRIES attribute with an
* array of nested entries.
*/
enum qca_nl80211_vendor_subcmds {
QCA_NL80211_VENDOR_SUBCMD_UNSPEC = 0,
@ -886,6 +905,9 @@ enum qca_nl80211_vendor_subcmds {
QCA_NL80211_VENDOR_SUBCMD_UPDATE_SSID = 194,
QCA_NL80211_VENDOR_SUBCMD_WIFI_FW_STATS = 195,
QCA_NL80211_VENDOR_SUBCMD_MBSSID_TX_VDEV_STATUS = 196,
QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_MULTI_STA_POLICY = 197,
QCA_NL80211_VENDOR_SUBCMD_USABLE_CHANNELS = 198,
QCA_NL80211_VENDOR_SUBCMD_GET_RADAR_HISTORY = 199,
};
enum qca_wlan_vendor_attr {
@ -2399,6 +2421,33 @@ enum qca_wlan_vendor_attr_config {
*/
QCA_WLAN_VENDOR_ATTR_CONFIG_RX_NSS = 78,
/*
* 8-bit unsigned value. This attribute, when set, indicates whether the
* specified interface is the primary STA interface when there are more
* than one STA interfaces concurrently active.
*
* This configuration helps the firmware/hardware to support certain
* features (e.g., roaming) on this primary interface, if the same
* cannot be supported on the concurrent STA interfaces simultaneously.
*
* This configuration is only applicable for a single STA interface on
* a device and gives the priority for it only over other concurrent STA
* interfaces.
*
* If the device is a multi wiphy/soc, this configuration applies to a
* single STA interface across the wiphys.
*
* 1-Enable (is the primary STA), 0-Disable (is not the primary STA)
*/
QCA_WLAN_VENDOR_ATTR_CONFIG_CONCURRENT_STA_PRIMARY = 79,
/*
* 8-bit unsigned value. This attribute can be used to configure the
* driver to enable/disable FT-over-DS feature. Possible values for
* this attribute are 1-Enable and 0-Disable.
*/
QCA_WLAN_VENDOR_ATTR_CONFIG_FT_OVER_DS = 80,
/* keep last */
QCA_WLAN_VENDOR_ATTR_CONFIG_AFTER_LAST,
QCA_WLAN_VENDOR_ATTR_CONFIG_MAX =
@ -4545,7 +4594,13 @@ enum qca_vendor_attr_roam_candidate_selection_criteria {
* @QCA_ATTR_ROAM_CONTROL_CANDIDATE_RSSI_THRESHOLD: Signed 32-bit value in dBm,
* signifying the RSSI threshold of the candidate AP, indicating
* the driver to trigger roam only to the candidate AP with RSSI
* better than this threshold.
* better than this threshold. If RSSI thresholds for candidate APs found
* in the 2.4 GHz, 5 GHz, and 6 GHz bands are configured separately using
* QCA_ATTR_ROAM_CONTROL_CANDIDATE_RSSI_THRESHOLD_2P4GHZ,
* QCA_ATTR_ROAM_CONTROL_CANDIDATE_RSSI_THRESHOLD_5GHZ, and/or
* QCA_ATTR_ROAM_CONTROL_CANDIDATE_RSSI_THRESHOLD_6GHZ, those values will
* take precedence over the value configured using the
* QCA_ATTR_ROAM_CONTROL_CANDIDATE_RSSI_THRESHOLD attribute.
*
* @QCA_ATTR_ROAM_CONTROL_USER_REASON: Unsigned 32-bit value. Represents the
* user defined reason code to be sent to the AP in response to AP's
@ -4564,6 +4619,31 @@ enum qca_vendor_attr_roam_candidate_selection_criteria {
* If both QCA_ATTR_ROAM_CONTROL_SCAN_SCHEME and
* QCA_ATTR_ROAM_CONTROL_SCAN_SCHEME_TRIGGERS are not specified, the
* driver shall proceed with the default behavior.
*
* @QCA_ATTR_ROAM_CONTROL_CANDIDATE_RSSI_THRESHOLD_2P4GHZ: Signed 32-bit value
* in dBm, signifying the RSSI threshold of the candidate AP found in the
* 2.4 GHz band. The driver/firmware shall trigger roaming to the candidate
* AP found in the 2.4 GHz band only if its RSSI value is better than this
* threshold. Optional attribute. If this attribute is not included, the
* threshold value specified by the
* QCA_ATTR_ROAM_CONTROL_CANDIDATE_RSSI_THRESHOLD attribute shall be used.
*
* @QCA_ATTR_ROAM_CONTROL_CANDIDATE_RSSI_THRESHOLD_5GHZ: Signed 32-bit value in
* dBm, signifying the RSSI threshold of the candidate AP found in the 5
* GHz band. The driver/firmware shall trigger roaming to the candidate AP
* found in the 5 GHz band only if its RSSI value is better than this
* threshold. Optional attribute. If this attribute is not included, the
* threshold value specified by tge
* QCA_ATTR_ROAM_CONTROL_CANDIDATE_RSSI_THRESHOLD attribute shall be used.
*
* @QCA_ATTR_ROAM_CONTROL_CANDIDATE_RSSI_THRESHOLD_6GHZ: Signed 32-bit value in
* dBm, signifying the RSSI threshold of the candidate AP found in the 6
* GHz band. The driver/firmware shall trigger roaming to the candidate AP
* found in the 6 GHz band only if its RSSI value is better than this
* threshold. Optional attribute. If this attribute is not included, the
* threshold value specified by the
* QCA_ATTR_ROAM_CONTROL_CANDIDATE_RSSI_THRESHOLD attribute shall be used.
*
*/
enum qca_vendor_attr_roam_control {
QCA_ATTR_ROAM_CONTROL_ENABLE = 1,
@ -4579,6 +4659,9 @@ enum qca_vendor_attr_roam_control {
QCA_ATTR_ROAM_CONTROL_CANDIDATE_RSSI_THRESHOLD = 11,
QCA_ATTR_ROAM_CONTROL_USER_REASON = 12,
QCA_ATTR_ROAM_CONTROL_SCAN_SCHEME_TRIGGERS = 13,
QCA_ATTR_ROAM_CONTROL_CANDIDATE_RSSI_THRESHOLD_2P4GHZ = 14,
QCA_ATTR_ROAM_CONTROL_CANDIDATE_RSSI_THRESHOLD_5GHZ = 15,
QCA_ATTR_ROAM_CONTROL_CANDIDATE_RSSI_THRESHOLD_6GHZ = 16,
/* keep last */
QCA_ATTR_ROAM_CONTROL_AFTER_LAST,
@ -6486,6 +6569,8 @@ enum qca_wlan_vendor_hang_reason {
QCA_WLAN_HANG_SUSPEND_NO_CREDIT = 25,
/* Bus failure */
QCA_WLAN_HANG_BUS_FAILURE = 26,
/* tasklet/credit latency found */
QCA_WLAN_HANG_TASKLET_CREDIT_LATENCY_DETECT = 27,
};
/**
@ -7491,6 +7576,21 @@ enum qca_wlan_he_om_ctrl_ch_bw {
QCA_WLAN_HE_OM_CTRL_BW_160M = 3,
};
/**
* enum qca_wlan_keep_alive_data_type - Keep alive data type configuration
*
* Indicates the frame types to use for keep alive data.
*
* @QCA_WLAN_KEEP_ALIVE_DEFAULT: Driver default type used for keep alive.
* @QCA_WLAN_KEEP_ALIVE_DATA: Data frame type for keep alive.
* @QCA_WLAN_KEEP_ALIVE_MGMT: Management frame type for keep alive.
*/
enum qca_wlan_keep_alive_data_type {
QCA_WLAN_KEEP_ALIVE_DEFAULT = 0,
QCA_WLAN_KEEP_ALIVE_DATA = 1,
QCA_WLAN_KEEP_ALIVE_MGMT = 2,
};
/**
* enum qca_wlan_vendor_attr_he_omi_tx: Represents attributes for
* HE operating mode control transmit request. These attributes are
@ -8004,6 +8104,22 @@ enum qca_wlan_vendor_attr_wifi_test_config {
*/
QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_6GHZ_SECURITY_TEST_MODE = 51,
/* 8-bit unsigned value to configure the driver to transmit data with
* ER SU PPDU type.
*
* 0 - Default behavior, 1 - Enable ER SU PPDU type TX.
* This attribute is used for testing purposes.
*/
QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_ER_SU_PPDU_TYPE = 52,
/* 8-bit unsigned value to configure the driver to use Data or
* Management frame type for keep alive data.
* Uses enum qca_wlan_keep_alive_data_type values.
*
* This attribute is used for testing purposes.
*/
QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_KEEP_ALIVE_FRAME_TYPE = 53,
/* keep last */
QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_AFTER_LAST,
QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_MAX =
@ -8412,14 +8528,17 @@ enum qca_wlan_twt_setup_state {
* @QCA_WLAN_VENDOR_ATTR_TWT_SETUP_MAC_ADDR: 6-byte MAC address
* Represents the MAC address of the peer for which the TWT session
* is being configured. This is used in AP mode to represent the respective
* client. In AP mode, this is an optional parameter for response and is
* a required parameter for
* 1. TWT SET Request
* 2. TWT GET Request
* 3. TWT TERMINATE Request
* 4. TWT SUSPEND Request
* client.
* In AP mode, this is a required parameter in response for
* 1. TWT SET
* 2. TWT GET
* 3. TWT TERMINATE
* 4. TWT SUSPEND
* In STA mode, this is an optional parameter in request and response for
* the above four TWT operations.
* In AP mode, this is a required parameter in request for
* 1. TWT GET
* 2. TWT TERMINATE
*
* @QCA_WLAN_VENDOR_ATTR_TWT_SETUP_MIN_WAKE_INTVL: Optional (u32)
* Minimum tolerance limit of wake interval parameter in microseconds.
@ -8551,6 +8670,8 @@ enum qca_wlan_vendor_attr_twt_setup {
* request due to roaming in progress.
* @QCA_WLAN_VENDOR_TWT_STATUS_CHANNEL_SWITCH_IN_PROGRESS: FW rejected the TWT
* setup request due to channel switch in progress.
* @QCA_WLAN_VENDOR_TWT_STATUS_SCAN_IN_PROGRESS: FW rejected the TWT setup
* request due to scan in progress.
*/
enum qca_wlan_vendor_twt_status {
QCA_WLAN_VENDOR_TWT_STATUS_OK = 0,
@ -8574,6 +8695,7 @@ enum qca_wlan_vendor_twt_status {
QCA_WLAN_VENDOR_TWT_STATUS_SCC_MCC_CONCURRENCY_TERMINATE = 18,
QCA_WLAN_VENDOR_TWT_STATUS_ROAMING_IN_PROGRESS = 19,
QCA_WLAN_VENDOR_TWT_STATUS_CHANNEL_SWITCH_IN_PROGRESS = 20,
QCA_WLAN_VENDOR_TWT_STATUS_SCAN_IN_PROGRESS = 21,
};
/**
@ -8919,6 +9041,22 @@ enum qca_wlan_vendor_attr_roam_scan {
QCA_WLAN_VENDOR_ATTR_ROAM_SCAN_AFTER_LAST - 1,
};
/**
* enum qca_wlan_vendor_cfr_data_transport_modes - Defines QCA vendor CFR data
* transport modes and is used by the attribute
* QCA_WLAN_VENDOR_ATTR_PEER_CFR_DATA_TRANSPORT_MODE as a part of the vendor
* command QCA_NL80211_VENDOR_SUBCMD_PEER_CFR_CAPTURE_CFG.
* @QCA_WLAN_VENDOR_CFR_DATA_RELAY_FS: Use relayfs to send CFR data.
* @QCA_WLAN_VENDOR_CFR_DATA_NETLINK_EVENTS: Use netlink events to send CFR
* data. The data shall be encapsulated within
* QCA_WLAN_VENDOR_ATTR_PEER_CFR_RESP_DATA along with the vendor sub command
* QCA_NL80211_VENDOR_SUBCMD_PEER_CFR_CAPTURE_CFG as an asynchronous event.
*/
enum qca_wlan_vendor_cfr_data_transport_modes {
QCA_WLAN_VENDOR_CFR_DATA_RELAY_FS = 0,
QCA_WLAN_VENDOR_CFR_DATA_NETLINK_EVENTS = 1,
};
/**
* enum qca_wlan_vendor_cfr_method - QCA vendor CFR methods used by
* attribute QCA_WLAN_VENDOR_ATTR_PEER_CFR_METHOD as part of vendor
@ -9109,6 +9247,27 @@ enum qca_wlan_vendor_cfr_capture_type {
* MAC for CFR capture. This is a bitmask in which each bit represents the
* corresponding Data frame subtype value per IEEE Std 802.11-2016,
* 9.2.4.1.3 Type and Subtype subfields. This is for CFR version 2 only.
*
* @QCA_WLAN_VENDOR_ATTR_PEER_CFR_DATA_TRANSPORT_MODE: Optional (u8)
* Userspace can use this attribute to specify the driver about which transport
* mode shall be used by the driver to send CFR data to userspace. Uses values
* from enum qca_wlan_vendor_cfr_data_transport_modes. When this attribute is
* not present, the driver shall use the default transport mechanism which is
* QCA_WLAN_VENDOR_CFR_DATA_RELAY_FS.
*
* @QCA_WLAN_VENDOR_ATTR_PEER_CFR_DATA_RECEIVER_PID: Optional (u32)
* Userspace can use this attribute to specify the nl port id of the application
* which receives the CFR data and processes it further so that the drivers can
* unicast the netlink events to a specific application. Optionally included
* when QCA_WLAN_VENDOR_ATTR_PEER_CFR_DATA_TRANSPORT_MODE is set to
* QCA_WLAN_VENDOR_CFR_DATA_NETLINK_EVENTS, not required otherwise. The drivers
* shall multicast the netlink events when this attribute is not included.
*
* @QCA_WLAN_VENDOR_ATTR_PEER_CFR_RESP_DATA: Required (NLA_BINARY).
* This attribute will be used by the driver to encapsulate and send CFR data
* to userspace along with QCA_NL80211_VENDOR_SUBCMD_PEER_CFR_CAPTURE_CFG as an
* asynchronous event when the driver is configured to send CFR data using
* netlink events with %QCA_WLAN_VENDOR_CFR_DATA_NETLINK_EVENTS.
*/
enum qca_wlan_vendor_peer_cfr_capture_attr {
QCA_WLAN_VENDOR_ATTR_PEER_CFR_CAPTURE_INVALID = 0,
@ -9137,6 +9296,9 @@ enum qca_wlan_vendor_peer_cfr_capture_attr {
QCA_WLAN_VENDOR_ATTR_PEER_CFR_GROUP_MGMT_FILTER = 23,
QCA_WLAN_VENDOR_ATTR_PEER_CFR_GROUP_CTRL_FILTER = 24,
QCA_WLAN_VENDOR_ATTR_PEER_CFR_GROUP_DATA_FILTER = 25,
QCA_WLAN_VENDOR_ATTR_PEER_CFR_DATA_TRANSPORT_MODE = 26,
QCA_WLAN_VENDOR_ATTR_PEER_CFR_DATA_RECEIVER_PID = 27,
QCA_WLAN_VENDOR_ATTR_PEER_CFR_RESP_DATA = 28,
/* Keep last */
QCA_WLAN_VENDOR_ATTR_PEER_CFR_AFTER_LAST,
@ -10708,6 +10870,58 @@ enum qca_wlan_vendor_attr_mbssid_tx_vdev_status {
QCA_WLAN_VENDOR_ATTR_MBSSID_TX_VDEV_STATUS_AFTER_LAST - 1,
};
/**
* enum qca_wlan_concurrent_sta_policy_config - Concurrent STA policies
*
* @QCA_WLAN_CONCURRENT_STA_POLICY_PREFER_PRIMARY: Preference to the primary
* STA interface has to be given while selecting the connection policies
* (e.g., BSSID, band, TX/RX chains, etc.) for the subsequent STA interface.
* An interface is set as primary through the attribute
* QCA_WLAN_VENDOR_ATTR_CONFIG_CONCURRENT_STA_PRIMARY. This policy is not
* applicable if the primary interface has not been set earlier.
*
* The intention is not to downgrade the primary STA performance, such as:
* - Do not reduce the number of TX/RX chains of primary connection.
* - Do not optimize DBS vs. MCC/SCC, if DBS ends up reducing the number of
* chains.
* - If using MCC, should set the MCC duty cycle of the primary connection to
* be higher than the secondary connection.
*
* @QCA_WLAN_CONCURRENT_STA_POLICY_UNBIASED: The connection policies for the
* subsequent STA connection shall be chosen to balance with the existing
* concurrent STA's performance.
* Such as
* - Can choose MCC or DBS mode depending on the MCC efficiency and hardware
* capability.
* - If using MCC, set the MCC duty cycle of the primary connection to be equal
* to the secondary.
* - Prefer BSSID candidates which will help provide the best "overall"
* performance for all the STA connections.
*/
enum qca_wlan_concurrent_sta_policy_config {
QCA_WLAN_CONCURRENT_STA_POLICY_PREFER_PRIMARY = 0,
QCA_WLAN_CONCURRENT_STA_POLICY_UNBIASED = 1,
};
/**
* enum qca_wlan_vendor_attr_concurrent_sta_policy - Defines attributes
* used by QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_MULTI_STA_POLICY vendor command.
*
* @QCA_WLAN_VENDOR_ATTR_CONCURRENT_STA_POLICY_CONFIG:
* u8 attribute. Configures the concurrent STA policy configuration.
* Possible values are defined in enum qca_wlan_concurrent_sta_policy_config.
*/
enum qca_wlan_vendor_attr_concurrent_sta_policy {
QCA_WLAN_VENDOR_ATTR_CONCURRENT_STA_POLICY_INVALID = 0,
QCA_WLAN_VENDOR_ATTR_CONCURRENT_STA_POLICY_CONFIG = 1,
/* keep last */
QCA_WLAN_VENDOR_ATTR_CONCURRENT_STA_POLICY_AFTER_LAST,
QCA_WLAN_VENDOR_ATTR_CONCURRENT_STA_POLICY_MAX =
QCA_WLAN_VENDOR_ATTR_CONCURRENT_STA_POLICY_AFTER_LAST - 1,
};
/**
* enum qca_sta_connect_fail_reason_codes - Defines values carried
* by QCA_WLAN_VENDOR_ATTR_GET_STA_INFO_CONNECT_FAIL_REASON_CODE vendor
@ -10736,4 +10950,139 @@ enum qca_sta_connect_fail_reason_codes {
QCA_STA_CONNECT_FAIL_REASON_ASSOC_NO_RESP_RECEIVED = 7,
};
/**
* enum qca_wlan_vendor_usable_channels_filter - Bitmask of different
* filters defined in this enum are used in attribute
* %QCA_WLAN_VENDOR_ATTR_USABLE_CHANNELS_FILTER_MASK.
*
* @QCA_WLAN_VENDOR_FILTER_CELLULAR_COEX: When this bit is set, the driver
* shall filter the channels which are not usable because of coexistence with
* cellular radio.
* @QCA_WLAN_VENDOR_FILTER_WLAN_CONCURRENCY: When this bit is set, the driver
* shall filter the channels which are not usable because of existing active
* interfaces in the driver and will result in Multi Channel Concurrency, etc.
*
*/
enum qca_wlan_vendor_usable_channels_filter {
QCA_WLAN_VENDOR_FILTER_CELLULAR_COEX = 0,
QCA_WLAN_VENDOR_FILTER_WLAN_CONCURRENCY = 1,
};
/**
* enum qca_wlan_vendor_attr_chan_info - Attributes used inside
* %QCA_WLAN_VENDOR_ATTR_USABLE_CHANNELS_CHAN_INFO nested attribute.
*
* @QCA_WLAN_VENDOR_ATTR_CHAN_INFO_PRIMARY_FREQ:
* u32 attribute, required. Indicates the center frequency of the primary
* channel in MHz.
*
* @QCA_WLAN_VENDOR_ATTR_CHAN_INFO_SEG0_FREQ:
* u32 attribute. Indicates the center frequency of the primary segment of the
* channel in MHz. This attribute is required when reporting 40 MHz, 80 MHz,
* 160 MHz, and 320 MHz channels.
*
* @QCA_WLAN_VENDOR_ATTR_CHAN_INFO_SEG1_FREQ:
* u32 attribute. Indicates the center frequency of the secondary segment of
* 80+80 channel in MHz. This attribute is required only when
* QCA_WLAN_VENDOR_ATTR_CHAN_INFO_BANDWIDTH is set to NL80211_CHAN_WIDTH_80P80.
*
* @QCA_WLAN_VENDOR_ATTR_CHAN_INFO_BANDWIDTH:
* u32 attribute, required. Indicates the bandwidth of the channel, possible
* values are defined in enum nl80211_chan_width.
*
* @QCA_WLAN_VENDOR_ATTR_CHAN_INFO_IFACE_MODE_MASK:
* u32 attribute, required. Indicates all the interface types for which this
* channel is usable. This attribute encapsulates bitmasks of interface types
* defined in enum nl80211_iftype.
*
*/
enum qca_wlan_vendor_attr_chan_info {
QCA_WLAN_VENDOR_ATTR_CHAN_INFO_INVALID = 0,
QCA_WLAN_VENDOR_ATTR_CHAN_INFO_PRIMARY_FREQ = 1,
QCA_WLAN_VENDOR_ATTR_CHAN_INFO_SEG0_FREQ = 2,
QCA_WLAN_VENDOR_ATTR_CHAN_INFO_SEG1_FREQ = 3,
QCA_WLAN_VENDOR_ATTR_CHAN_INFO_BANDWIDTH = 4,
QCA_WLAN_VENDOR_ATTR_CHAN_INFO_IFACE_MODE_MASK = 5,
/* keep last */
QCA_WLAN_VENDOR_ATTR_CHAN_INFO_AFTER_LAST,
QCA_WLAN_VENDOR_ATTR_CHAN_INFO_MAX =
QCA_WLAN_VENDOR_ATTR_CHAN_INFO_AFTER_LAST - 1,
};
/**
* enum qca_wlan_vendor_attr_usable_channels - Attributes used by
* %QCA_NL80211_VENDOR_SUBCMD_USABLE_CHANNELS vendor command.
*
* @QCA_WLAN_VENDOR_ATTR_USABLE_CHANNELS_BAND_MASK:
* u32 attribute. Indicates the bands from which the channels should be reported
* in response. This attribute encapsulates bit masks of bands defined in enum
* nl80211_band. Optional attribute, if not present in the request the driver
* shall return channels from all supported bands.
*
* @QCA_WLAN_VENDOR_ATTR_USABLE_CHANNELS_IFACE_MODE_MASK:
* u32 attribute. Indicates all the interface types for which the usable
* channels information is requested. This attribute encapsulates bitmasks of
* interface types defined in enum nl80211_iftype. Optional attribute, if not
* present in the request the driver shall send information of all supported
* interface modes.
*
* @QCA_WLAN_VENDOR_ATTR_USABLE_CHANNELS_FILTER_MASK:
* u32 attribute. This attribute carries information of all filters that shall
* be applied while populating usable channels information by the driver. This
* attribute carries bit masks of different filters defined in enum
* qca_wlan_vendor_usable_channels_filter. Optional attribute, if not present
* in the request the driver shall send information of channels without applying
* any of the filters that can be configured through this attribute.
*
* @QCA_WLAN_VENDOR_ATTR_USABLE_CHANNELS_CHAN_INFO:
* Nested attribute. This attribute shall be used by the driver to send
* usability information of each channel. The attributes defined in enum
* qca_wlan_vendor_attr_chan_info are used inside this attribute.
*/
enum qca_wlan_vendor_attr_usable_channels {
QCA_WLAN_VENDOR_ATTR_USABLE_CHANNELS_INVALID = 0,
QCA_WLAN_VENDOR_ATTR_USABLE_CHANNELS_BAND_MASK = 1,
QCA_WLAN_VENDOR_ATTR_USABLE_CHANNELS_IFACE_MODE_MASK = 2,
QCA_WLAN_VENDOR_ATTR_USABLE_CHANNELS_FILTER_MASK = 3,
QCA_WLAN_VENDOR_ATTR_USABLE_CHANNELS_CHAN_INFO = 4,
/* keep last */
QCA_WLAN_VENDOR_ATTR_USABLE_CHANNELS_AFTER_LAST,
QCA_WLAN_VENDOR_ATTR_USABLE_CHANNELS_MAX =
QCA_WLAN_VENDOR_ATTR_USABLE_CHANNELS_AFTER_LAST - 1,
};
/**
* enum qca_wlan_vendor_attr_radar_history: Used by the vendor command
* QCA_NL80211_VENDOR_SUBCMD_GET_RADAR_HISTORY to get DFS radar history.
*
* @QCA_WLAN_VENDOR_ATTR_RADAR_HISTORY_ENTRIES: Nested attribute to carry
* the list of radar history entries.
* Each entry contains freq, timestamp, and radar signal detect flag.
* The driver shall add an entry when CAC has finished, or radar signal
* has been detected post AP beaconing. The driver shall maintain at least
* 8 entries in order to save CAC result for a 160 MHz channel.
* @QCA_WLAN_VENDOR_ATTR_RADAR_HISTORY_FREQ: u32 attribute.
* Channel frequency in MHz.
* @QCA_WLAN_VENDOR_ATTR_RADAR_HISTORY_TIMESTAMP: u64 nanoseconds.
* CLOCK_BOOTTIME timestamp when this entry is updated due to CAC
* or radar detection.
* @QCA_WLAN_VENDOR_ATTR_RADAR_HISTORY_DETECTED: NLA_FLAG attribute.
* This flag indicates radar signal has been detected.
*/
enum qca_wlan_vendor_attr_radar_history {
QCA_WLAN_VENDOR_ATTR_RADAR_HISTORY_INVALID = 0,
QCA_WLAN_VENDOR_ATTR_RADAR_HISTORY_ENTRIES = 1,
QCA_WLAN_VENDOR_ATTR_RADAR_HISTORY_FREQ = 2,
QCA_WLAN_VENDOR_ATTR_RADAR_HISTORY_TIMESTAMP = 3,
QCA_WLAN_VENDOR_ATTR_RADAR_HISTORY_DETECTED = 4,
/* keep last */
QCA_WLAN_VENDOR_ATTR_RADAR_HISTORY_LAST,
QCA_WLAN_VENDOR_ATTR_RADAR_HISTORY_MAX =
QCA_WLAN_VENDOR_ATTR_RADAR_HISTORY_LAST - 1,
};
#endif /* QCA_VENDOR_H */

1
src/drivers/driver.h
View File

@ -2392,6 +2392,7 @@ enum tdls_peer_capability {
TDLS_PEER_HT = BIT(0),
TDLS_PEER_VHT = BIT(1),
TDLS_PEER_WMM = BIT(2),
TDLS_PEER_HE = BIT(3),
};
/* valid info in the wmm_params struct */

43
src/drivers/driver_nl80211.c
View File

@ -9200,6 +9200,28 @@ static int nl80211_start_radar_detection(void *priv,
#ifdef CONFIG_TDLS
static int nl80211_add_peer_capab(struct nl_msg *msg,
enum tdls_peer_capability capa)
{
u32 peer_capab = 0;
if (!capa)
return 0;
if (capa & TDLS_PEER_HT)
peer_capab |= NL80211_TDLS_PEER_HT;
if (capa & TDLS_PEER_VHT)
peer_capab |= NL80211_TDLS_PEER_VHT;
if (capa & TDLS_PEER_WMM)
peer_capab |= NL80211_TDLS_PEER_WMM;
if (capa & TDLS_PEER_HE)
peer_capab |= NL80211_TDLS_PEER_HE;
return nla_put_u32(msg, NL80211_ATTR_TDLS_PEER_CAPABILITY,
peer_capab);
}
static int nl80211_send_tdls_mgmt(void *priv, const u8 *dst, u8 action_code,
u8 dialog_token, u16 status_code,
u32 peer_capab, int initiator, const u8 *buf,
@ -9219,21 +9241,9 @@ static int nl80211_send_tdls_mgmt(void *priv, const u8 *dst, u8 action_code,
nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
nla_put_u8(msg, NL80211_ATTR_TDLS_ACTION, action_code) ||
nla_put_u8(msg, NL80211_ATTR_TDLS_DIALOG_TOKEN, dialog_token) ||
nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, status_code))
goto fail;
if (peer_capab) {
/*
* The internal enum tdls_peer_capability definition is
* currently identical with the nl80211 enum
* nl80211_tdls_peer_capability, so no conversion is needed
* here.
*/
if (nla_put_u32(msg, NL80211_ATTR_TDLS_PEER_CAPABILITY,
peer_capab))
goto fail;
}
if ((initiator &&
nla_put_flag(msg, NL80211_ATTR_TDLS_INITIATOR)) ||
nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, status_code) ||
nl80211_add_peer_capab(msg, peer_capab) ||
(initiator && nla_put_flag(msg, NL80211_ATTR_TDLS_INITIATOR)) ||
nla_put(msg, NL80211_ATTR_IE, len, buf))
goto fail;
@ -10953,7 +10963,8 @@ static int add_acs_ch_list(struct nl_msg *msg, const int *freq_list)
* compatibility.
*/
if (!(freq >= 2412 && freq <= 2484) &&
!(freq >= 5180 && freq <= 5900))
!(freq >= 5180 && freq <= 5900) &&
!(freq >= 5945 && freq <= 7115))
continue;
hw_mode = ieee80211_freq_to_chan(freq, &ch_list[num_channels]);
if (hw_mode != NUM_HOSTAPD_MODES)

22
src/drivers/nl80211_copy.h
View File

@ -655,6 +655,9 @@
* When a security association was established on an 802.1X network using
* fast transition, this event should be followed by an
* %NL80211_CMD_PORT_AUTHORIZED event.
* Following a %NL80211_CMD_ROAM event userspace can issue
* %NL80211_CMD_GET_SCAN in order to obtain the scan information for the
* new BSS the card/driver roamed to.
* @NL80211_CMD_DISCONNECT: drop a given connection; also used to notify
* userspace that a connection was dropped by the AP or due to other
* reasons, for this the %NL80211_ATTR_DISCONNECTED_BY_AP and
@ -5937,6 +5940,16 @@ enum nl80211_feature_flags {
* @NL80211_EXT_FEATURE_BEACON_RATE_HE: Driver supports beacon rate
* configuration (AP/mesh) with HE rates.
*
* @NL80211_EXT_FEATURE_SECURE_LTF: Device supports secure LTF measurement
* exchange protocol.
*
* @NL80211_EXT_FEATURE_SECURE_RTT: Device supports secure RTT measurement
* exchange protocol.
*
* @NL80211_EXT_FEATURE_PROT_RANGE_NEGO_AND_MEASURE: Device supports management
* frame protection for all management frames exchanged during the
* negotiation and range measurement procedure.
*
* @NUM_NL80211_EXT_FEATURES: number of extended features.
* @MAX_NL80211_EXT_FEATURES: highest extended feature index.
*/
@ -5998,6 +6011,9 @@ enum nl80211_ext_feature_index {
NL80211_EXT_FEATURE_FILS_DISCOVERY,
NL80211_EXT_FEATURE_UNSOL_BCAST_PROBE_RESP,
NL80211_EXT_FEATURE_BEACON_RATE_HE,
NL80211_EXT_FEATURE_SECURE_LTF,
NL80211_EXT_FEATURE_SECURE_RTT,
NL80211_EXT_FEATURE_PROT_RANGE_NEGO_AND_MEASURE,
/* add new features before the definition below */
NUM_NL80211_EXT_FEATURES,
@ -6295,11 +6311,13 @@ struct nl80211_vendor_cmd_info {
* @NL80211_TDLS_PEER_HT: TDLS peer is HT capable.
* @NL80211_TDLS_PEER_VHT: TDLS peer is VHT capable.
* @NL80211_TDLS_PEER_WMM: TDLS peer is WMM capable.
* @NL80211_TDLS_PEER_HE: TDLS peer is HE capable.
*/
enum nl80211_tdls_peer_capability {
NL80211_TDLS_PEER_HT = 1<<0,
NL80211_TDLS_PEER_VHT = 1<<1,
NL80211_TDLS_PEER_WMM = 1<<2,
NL80211_TDLS_PEER_HE = 1<<3,
};
/**
@ -6891,6 +6909,9 @@ enum nl80211_peer_measurement_ftm_capa {
* if neither %NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED nor
* %NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED is set, EDCA based
* ranging will be used.
* @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK: negotiate for LMR feedback. Only
* valid if either %NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED or
* %NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED is set.
*
* @NUM_NL80211_PMSR_FTM_REQ_ATTR: internal
* @NL80211_PMSR_FTM_REQ_ATTR_MAX: highest attribute number
@ -6909,6 +6930,7 @@ enum nl80211_peer_measurement_ftm_req {
NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC,
NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED,
NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED,
NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK,
/* keep last */
NUM_NL80211_PMSR_FTM_REQ_ATTR,

3
src/rsn_supp/pmksa_cache.c
View File

@ -376,7 +376,8 @@ pmksa_cache_clone_entry(struct rsn_pmksa_cache *pmksa,
os_time_t old_expiration = old_entry->expiration;
const u8 *pmkid = NULL;
if (wpa_key_mgmt_sae(old_entry->akmp))
if (wpa_key_mgmt_sae(old_entry->akmp) ||
wpa_key_mgmt_fils(old_entry->akmp))
pmkid = old_entry->pmkid;
new_entry = pmksa_cache_add(pmksa, old_entry->pmk, old_entry->pmk_len,
pmkid, NULL, 0,

2
src/rsn_supp/tdls.c
View File

@ -1418,6 +1418,8 @@ static int wpa_tdls_send_tpk_m3(struct wpa_sm *sm,
skip_ies:
if (peer->he_capabilities)
peer_capab |= TDLS_PEER_HE;
if (peer->vht_capabilities)
peer_capab |= TDLS_PEER_VHT;
if (peer->ht_capabilities)

4
tests/fuzzing/eap-aka-peer/eap-aka-peer.c
View File

@ -91,6 +91,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
struct eap_sm *sm;
void *priv;
struct eap_method_ret ret;
unsigned int count = 0;
wpa_fuzzer_set_debug_level();
@ -104,7 +105,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
pos = data;
end = pos + size;
while (end - pos > 2) {
while (end - pos > 2 && count < 100) {
u16 flen;
struct wpabuf *buf, *req;
@ -121,6 +122,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
wpabuf_free(req);
wpabuf_free(buf);
pos += flen;
count++;
}
registered_eap_method->deinit(sm, priv);

4
tests/fuzzing/eap-sim-peer/eap-sim-peer.c
View File

@ -85,6 +85,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
struct eap_sm *sm;
void *priv;
struct eap_method_ret ret;
unsigned int count = 0;
wpa_fuzzer_set_debug_level();
@ -98,7 +99,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
pos = data;
end = pos + size;
while (end - pos > 2) {
while (end - pos > 2 && count < 100) {
u16 flen;
struct wpabuf *buf, *req;
@ -115,6 +116,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
wpabuf_free(req);
wpabuf_free(buf);
pos += flen;
count++;
}
registered_eap_method->deinit(sm, priv);

2
tests/hwsim/auth_serv/index.txt
View File

@ -5,4 +5,4 @@ V 150215083008Z D8D3E3A6CBE3CCCB unknown /C=FI/O=w1.fi/CN=server5.w1.fi
V 150228224144Z D8D3E3A6CBE3CCCC unknown /C=FI/O=w1.fi/CN=server6.w1.fi
V 160111185024Z D8D3E3A6CBE3CCCD unknown /C=FI/O=w1.fi/CN=ocsp.w1.fi
V 150929211300Z D8D3E3A6CBE3CCD1 unknown /C=FI/O=w1.fi/CN=Test User
V 210502195538Z D8D3E3A6CBE3CD5F unknown /C=FI/O=w1.fi/CN=server.w1.fi
V 220503170253Z D8D3E3A6CBE3CD69 unknown /C=FI/O=w1.fi/CN=server.w1.fi

BIN
tests/hwsim/auth_serv/ocsp-multi-server-cache.der
View File

Binary file not shown.

BIN
tests/hwsim/auth_serv/ocsp-req.der
View File

Binary file not shown.

52
tests/hwsim/auth_serv/ocsp-responder.pem
View File

@ -2,12 +2,12 @@ Certificate:
Data:
Version: 3 (0x2)
Serial Number:
d8:d3:e3:a6:cb:e3:cd:67
d8:d3:e3:a6:cb:e3:cd:72
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA
Validity
Not Before: May 3 14:01:18 2020 GMT
Not After : May 3 14:01:18 2021 GMT
Not Before: May 3 17:02:53 2021 GMT
Not After : May 3 17:02:53 2022 GMT
Subject: C=FI, O=w1.fi, CN=ocsp.w1.fi
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
@ -40,25 +40,25 @@ Certificate:
X509v3 Extended Key Usage:
OCSP Signing
Signature Algorithm: sha256WithRSAEncryption
5d:f3:28:20:86:b7:cd:da:e2:e8:15:7a:97:52:79:63:69:0b:
92:96:53:89:69:a5:79:19:d1:7e:75:71:9c:e4:33:26:99:cc:
b9:fe:28:1a:40:a7:5f:83:ee:51:cd:fc:e4:cf:71:45:90:ba:
36:25:51:37:4c:19:9f:0e:fc:36:d5:64:05:8e:10:20:aa:53:
1e:e5:49:64:ae:54:7d:f3:51:a1:31:af:5f:30:46:5c:d0:db:
6d:fc:07:68:7e:63:26:24:82:52:cd:e0:3e:d1:fd:9b:e8:00:
93:e7:94:8c:d6:14:51:23:82:3b:51:ac:39:3d:6f:81:c7:ff:
fb:7a:92:eb:ec:c4:7e:0b:e6:16:5c:31:5f:a1:84:28:b3:ad:
75:8c:c3:c6:0c:b2:1a:23:4d:6c:a5:c7:e4:47:aa:5c:0d:ab:
75:40:a2:bd:9a:76:cb:50:ff:18:8c:c1:c0:bd:02:dd:51:1d:
d3:64:43:2c:a6:a8:40:42:c5:90:59:4c:76:56:a8:28:4d:df:
2d:8f:99:c3:2a:a9:f2:cc:5a:90:fc:29:6b:8e:f0:8e:89:79:
c1:b1:70:8b:2e:cb:98:d6:cf:46:ed:1a:c4:f7:32:78:5d:ca:
b1:0c:5a:05:99:45:f1:1a:80:48:1d:4f:83:7f:30:e9:ca:8f:
83:ff:f3:0b
b9:ef:0b:f2:ad:4b:e1:ac:0b:34:e2:ed:a7:db:20:3d:51:12:
62:f8:1a:e4:b7:25:8a:3e:fa:be:98:2e:e0:33:d8:d1:97:a6:
27:2a:c7:ba:05:ef:9b:f4:36:a2:b7:55:fc:85:fe:39:99:aa:
fe:b6:a0:cd:68:6b:3a:fd:a5:cc:63:e3:b2:90:70:bd:85:d8:
29:47:ba:d8:ae:46:46:4a:af:e6:19:4f:7e:b3:42:74:3b:1f:
c4:00:8f:a5:15:eb:cc:3d:d6:9d:92:c5:0a:61:78:10:0b:2a:
18:4e:eb:cd:74:32:c0:fb:d1:7d:00:3e:c3:00:4e:a6:c0:4e:
9b:b7:78:b7:5f:aa:96:d8:91:88:d5:83:fa:a3:65:69:b3:94:
e0:a9:4f:90:8d:64:ef:2e:bf:86:37:8a:61:3c:e9:a1:81:39:
08:75:d9:ea:c8:d6:5b:56:b0:f2:1a:36:2d:82:93:41:45:71:
c0:a1:f0:25:39:30:ef:44:79:ad:8b:18:fd:06:4c:c0:4b:62:
cf:f1:fb:bc:7b:ee:38:09:05:44:fa:4a:3c:c4:53:b9:68:18:
c1:6c:e4:ae:e0:ce:00:70:67:d1:37:ce:90:c6:0e:dc:c0:e3:
c8:01:5d:33:32:ab:c4:cb:45:1c:27:36:f7:b2:31:f7:99:8c:
b1:72:65:89
-----BEGIN CERTIFICATE-----
MIIDJTCCAg2gAwIBAgIJANjT46bL481nMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
MIIDJTCCAg2gAwIBAgIJANjT46bL481yMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE
AwwHUm9vdCBDQTAeFw0yMDA1MDMxNDAxMThaFw0yMTA1MDMxNDAxMThaMDIxCzAJ
AwwHUm9vdCBDQTAeFw0yMTA1MDMxNzAyNTNaFw0yMjA1MDMxNzAyNTNaMDIxCzAJ
BgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTETMBEGA1UEAwwKb2NzcC53MS5maTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKcihV27OxwCmgFzqohjbqFD
M7X9Av4fyCMEi4xRUlvgzGJgKqq6iE9BOWv7NMCiencu4Vae78quZ9X5i1+rrofh
@ -67,10 +67,10 @@ S+siwl2+/zZvQifYS8bhvvgIz6z9UTCi6IATAAW2BVVCC/oeQIRQCYwlNVQlRTmf
TnwK2cRKDBZOPmh/G63JUwhcuATU1pNi/a/5tB30lj6bnRRtHGwjrj3HtM8xkCBq
gJliflzp1dW9WU2j2dzp++h7ZYfV+Umevg7zqSHelOhU/IDP2uOPmsZMdhgO/qsC
AwEAAaMvMC0wCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwEwYDVR0lBAwwCgYIKwYB
BQUHAwkwDQYJKoZIhvcNAQELBQADggEBAF3zKCCGt83a4ugVepdSeWNpC5KWU4lp
pXkZ0X51cZzkMyaZzLn+KBpAp1+D7lHN/OTPcUWQujYlUTdMGZ8O/DbVZAWOECCq
Ux7lSWSuVH3zUaExr18wRlzQ2238B2h+YyYkglLN4D7R/ZvoAJPnlIzWFFEjgjtR
rDk9b4HH//t6kuvsxH4L5hZcMV+hhCizrXWMw8YMshojTWylx+RHqlwNq3VAor2a
dstQ/xiMwcC9At1RHdNkQyymqEBCxZBZTHZWqChN3y2PmcMqqfLMWpD8KWuO8I6J
ecGxcIsuy5jWz0btGsT3MnhdyrEMWgWZRfEagEgdT4N/MOnKj4P/8ws=
BQUHAwkwDQYJKoZIhvcNAQELBQADggEBALnvC/KtS+GsCzTi7afbID1REmL4GuS3
JYo++r6YLuAz2NGXpicqx7oF75v0NqK3VfyF/jmZqv62oM1oazr9pcxj47KQcL2F
2ClHutiuRkZKr+YZT36zQnQ7H8QAj6UV68w91p2SxQpheBALKhhO6810MsD70X0A
PsMATqbATpu3eLdfqpbYkYjVg/qjZWmzlOCpT5CNZO8uv4Y3imE86aGBOQh12erI
1ltWsPIaNi2Ck0FFccCh8CU5MO9Eea2LGP0GTMBLYs/x+7x77jgJBUT6SjzEU7lo
GMFs5K7gzgBwZ9E3zpDGDtzA48gBXTMyq8TLRRwnNveyMfeZjLFyZYk=
-----END CERTIFICATE-----

BIN
tests/hwsim/auth_serv/ocsp-server-cache.der
View File

Binary file not shown.

54
tests/hwsim/auth_serv/server-certpol.pem
View File

@ -2,12 +2,12 @@ Certificate:
Data:
Version: 3 (0x2)
Serial Number:
d8:d3:e3:a6:cb:e3:cd:63
d8:d3:e3:a6:cb:e3:cd:6f
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA
Validity
Not Before: May 2 19:55:38 2020 GMT
Not After : May 2 19:55:38 2021 GMT
Not Before: May 3 17:02:53 2021 GMT
Not After : May 3 17:02:53 2022 GMT
Subject: C=FI, O=w1.fi, CN=server-policies.w1.fi
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
@ -59,25 +59,25 @@ Certificate:
X509v3 Extended Key Usage:
TLS Web Server Authentication
Signature Algorithm: sha256WithRSAEncryption
b8:ef:8e:09:f5:67:a3:d6:5c:92:d2:55:f8:f2:52:e4:cd:ea:
87:a6:aa:42:73:b2:b4:30:d8:80:3f:aa:d5:f2:65:32:b9:88:
7d:f1:b2:c2:c1:fe:17:c7:76:7e:d9:7b:4b:1a:87:dc:1f:f6:
57:0d:8b:5f:2a:5d:e2:7f:f4:8d:39:3a:a4:9e:9d:f3:c1:58:
cf:04:fd:72:40:c2:9a:ef:98:b2:6a:67:86:27:2c:f6:e6:dd:
b1:a0:20:b1:c0:cf:fb:00:43:1f:6f:ac:b2:3f:02:a6:87:80:
18:74:6b:0b:26:07:d3:7a:72:1c:c7:1d:a7:dc:13:cb:70:ac:
24:2e:45:9c:bf:53:de:ea:eb:50:4a:60:87:26:8a:28:4e:16:
76:91:b1:b3:e2:4d:66:fd:12:60:ed:24:59:f4:f9:47:59:d1:
4c:6e:d1:9d:55:d4:72:d8:c4:da:2f:b4:73:20:d3:7e:f7:9f:
6e:99:b8:06:1d:5f:8c:18:ab:a3:a8:fa:50:52:50:e5:2b:c9:
fa:1d:fe:f0:ce:33:19:d5:38:e6:ba:90:c9:5e:e6:67:60:e0:
50:16:7c:4c:08:89:d2:e2:fe:bc:57:0f:ef:83:75:ec:1d:f3:
10:07:ce:c2:d6:30:44:f2:ec:b9:78:71:c2:41:8d:78:e4:d6:
67:42:d7:f5
ae:91:58:d8:0f:03:02:4e:84:da:cd:13:7d:5c:d0:52:04:08:
7f:ea:12:73:5d:ad:a1:64:a2:0d:e6:83:ca:fa:35:7d:1e:35:
bd:24:5d:19:b7:1b:f4:dd:75:a0:86:60:65:e0:73:69:55:ae:
37:13:82:99:ad:8a:fb:de:73:51:45:b6:38:e0:3a:6c:b0:f1:
e8:b3:09:10:f9:89:87:c9:64:be:ac:27:c2:cc:e9:1b:dc:0f:
c4:37:8e:1e:a3:16:2c:42:ed:da:c9:27:c0:ee:fd:45:62:b1:
e6:71:ca:a5:a3:3b:6b:62:03:fb:a3:aa:fd:b4:0e:e2:3f:d1:
c1:27:92:54:e8:fa:34:01:d3:4f:22:6e:00:24:e7:34:7a:e6:
ef:6e:d3:6b:ae:f2:a9:df:dd:79:1b:1f:ee:52:56:69:26:dc:
0e:e8:48:9f:36:11:0e:c7:7c:48:ec:0a:c2:d6:ea:f7:9a:06:
65:e1:6c:77:45:76:51:2d:74:2d:16:6a:0b:1b:76:d7:46:2f:
e1:30:ea:59:c9:0f:da:43:c6:bf:4b:0e:31:9c:ae:80:0a:bb:
86:d0:ee:91:0d:9a:72:3e:8d:c4:bc:08:43:d2:31:ba:06:2b:
b6:27:ba:f1:bb:56:22:1a:f8:b4:46:32:da:bf:0a:1c:a6:1e:
4b:03:23:c1
-----BEGIN CERTIFICATE-----
MIIEWDCCA0CgAwIBAgIJANjT46bL481jMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
MIIEWDCCA0CgAwIBAgIJANjT46bL481vMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE
AwwHUm9vdCBDQTAeFw0yMDA1MDIxOTU1MzhaFw0yMTA1MDIxOTU1MzhaMD0xCzAJ
AwwHUm9vdCBDQTAeFw0yMTA1MDMxNzAyNTNaFw0yMjA1MDMxNzAyNTNaMD0xCzAJ
BgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEeMBwGA1UEAwwVc2VydmVyLXBvbGlj
aWVzLncxLmZpMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA0qbvm71g
Y6F1rUvTb1lehPpkoGQkC3hI/I1miy9uHUQrrsNtlLrLozS+C05HjVvZmaaoBwmH
@ -92,11 +92,11 @@ gdYwgdMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUPq0NTX76okrV9THqtrS/g7FVfscw
HwYDVR0jBBgwFoAUpP25ORuBs6rriB3Ugam1EXDMp+EwNQYIKwYBBQUHAQEEKTAn
MCUGCCsGAQUFBzABhhlodHRwOi8vc2VydmVyLncxLmZpOjg4ODgvMCAGA1UdEQQZ
MBeCFXNlcnZlci1wb2xpY2llcy53MS5maTAYBgNVHSAEETAPMA0GCysGAQQBgr5o
AQMBMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQC4744J
9Wej1lyS0lX48lLkzeqHpqpCc7K0MNiAP6rV8mUyuYh98bLCwf4Xx3Z+2XtLGofc
H/ZXDYtfKl3if/SNOTqknp3zwVjPBP1yQMKa75iyameGJyz25t2xoCCxwM/7AEMf
b6yyPwKmh4AYdGsLJgfTenIcxx2n3BPLcKwkLkWcv1Pe6utQSmCHJoooThZ2kbGz
4k1m/RJg7SRZ9PlHWdFMbtGdVdRy2MTaL7RzINN+959umbgGHV+MGKujqPpQUlDl
K8n6Hf7wzjMZ1TjmupDJXuZnYOBQFnxMCInS4v68Vw/vg3XsHfMQB87C1jBE8uy5
eHHCQY145NZnQtf1
AQMBMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQCukVjY
DwMCToTazRN9XNBSBAh/6hJzXa2hZKIN5oPK+jV9HjW9JF0Ztxv03XWghmBl4HNp
Va43E4KZrYr73nNRRbY44DpssPHoswkQ+YmHyWS+rCfCzOkb3A/EN44eoxYsQu3a
ySfA7v1FYrHmccqloztrYgP7o6r9tA7iP9HBJ5JU6Po0AdNPIm4AJOc0eubvbtNr
rvKp3915Gx/uUlZpJtwO6EifNhEOx3xI7ArC1ur3mgZl4Wx3RXZRLXQtFmoLG3bX
Ri/hMOpZyQ/aQ8a/Sw4xnK6ACruG0O6RDZpyPo3EvAhD0jG6Biu2J7rxu1YiGvi0
RjLavwocph5LAyPB
-----END CERTIFICATE-----

54
tests/hwsim/auth_serv/server-certpol2.pem
View File

@ -2,12 +2,12 @@ Certificate:
Data:
Version: 3 (0x2)
Serial Number:
d8:d3:e3:a6:cb:e3:cd:64
d8:d3:e3:a6:cb:e3:cd:70
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA
Validity
Not Before: May 2 19:55:38 2020 GMT
Not After : May 2 19:55:38 2021 GMT
Not Before: May 3 17:02:53 2021 GMT
Not After : May 3 17:02:53 2022 GMT
Subject: C=FI, O=w1.fi, CN=server-policies2.w1.fi
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
@ -59,25 +59,25 @@ Certificate:
X509v3 Extended Key Usage:
TLS Web Server Authentication
Signature Algorithm: sha256WithRSAEncryption
7d:38:98:e6:21:03:e4:1a:44:08:91:ca:21:31:5c:97:66:74:
4c:0a:84:21:83:92:22:63:53:8d:06:1f:48:62:c1:e3:ce:e9:
74:2a:63:0b:2b:f9:b5:d0:63:37:39:4c:b4:29:9e:98:49:48:
1f:cd:bc:28:5f:81:56:ee:d9:d9:f7:51:6b:31:62:3a:a4:59:
98:f3:18:3d:f9:c1:d8:71:6d:85:e1:67:0e:d6:cc:ab:61:22:
46:f1:38:11:53:74:41:44:22:63:ac:e7:6b:12:b6:39:20:7f:
fe:e2:c7:aa:e6:80:64:d7:24:92:4e:79:fa:9d:41:75:45:30:
4b:2b:ce:d9:b0:38:25:79:81:b3:c4:4b:60:a1:24:9f:ad:c7:
37:b9:44:d5:02:7c:2a:05:7f:d3:f1:76:21:6a:67:d7:a9:ab:
e0:3e:4c:90:30:28:8a:75:58:ae:6a:98:39:b6:6c:f6:eb:9f:
c8:24:11:a3:33:0f:aa:30:05:23:ab:1f:4f:f4:55:f3:b8:6b:
c5:dc:dc:32:15:58:fd:cc:cf:ba:f5:9a:1b:4e:58:68:85:b7:
eb:b0:db:e9:a9:87:f9:b0:4e:c9:43:79:26:97:75:ff:d4:55:
01:f7:c6:f5:21:56:8b:f7:f3:80:a2:f4:3f:50:2a:e3:60:52:
b6:5c:83:14
58:a7:cd:3e:71:b1:2c:df:ab:0e:bb:37:68:95:6d:20:75:c0:
38:96:e2:56:eb:57:4a:d7:43:93:d2:28:a7:d9:82:ff:eb:aa:
03:c3:c4:06:09:04:1e:1b:f0:18:2a:27:32:30:22:97:93:21:
06:e8:2b:4f:73:dc:84:39:6f:e9:ad:2e:d6:e3:c1:e9:36:59:
aa:7c:d0:a5:3e:23:9a:bc:db:d9:bf:38:f6:21:ef:bd:0e:4b:
4d:4d:5d:0e:8a:ae:fe:d0:47:ae:8f:4d:fc:c2:bb:5b:8f:a4:
06:4d:0b:26:e3:9e:f8:dd:d1:e0:21:92:55:17:85:49:09:ad:
45:24:e5:05:55:68:b9:45:36:af:0d:b8:6f:eb:66:3d:fb:ab:
68:c4:d2:e7:7e:6a:a9:ad:23:4a:25:72:db:ae:96:03:a5:c7:
3f:a4:8e:f8:7c:16:5a:c4:32:53:9f:56:eb:a4:f1:99:dc:ac:
0b:4f:2d:0f:f1:03:ca:ba:b2:0b:6f:9f:4d:90:84:66:3a:a5:
b3:f0:a2:50:59:cb:1b:19:af:6d:62:95:73:a4:94:76:8d:3e:
18:49:72:be:42:a1:66:a6:ee:d7:08:51:da:8b:d8:d6:6d:36:
e2:2f:4b:78:74:2c:10:17:0c:84:16:14:ba:b8:10:28:dc:0b:
22:aa:40:93
-----BEGIN CERTIFICATE-----
MIIEWjCCA0KgAwIBAgIJANjT46bL481kMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
MIIEWjCCA0KgAwIBAgIJANjT46bL481wMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE
AwwHUm9vdCBDQTAeFw0yMDA1MDIxOTU1MzhaFw0yMTA1MDIxOTU1MzhaMD4xCzAJ
AwwHUm9vdCBDQTAeFw0yMTA1MDMxNzAyNTNaFw0yMjA1MDMxNzAyNTNaMD4xCzAJ
BgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEfMB0GA1UEAwwWc2VydmVyLXBvbGlj
aWVzMi53MS5maTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAOZQ0SgF
J2zUQtNCx8xTqWvCo6sgbxc0neQdMdDEaGVC1ei9qrjk6fbuLnXNaoz2jqqvbHzr
@ -92,11 +92,11 @@ o4HXMIHUMAkGA1UdEwQCMAAwHQYDVR0OBBYEFE4Bi37Cd5ThaLPEKTUkBQvehEqJ
MB8GA1UdIwQYMBaAFKT9uTkbgbOq64gd1IGptRFwzKfhMDUGCCsGAQUFBwEBBCkw
JzAlBggrBgEFBQcwAYYZaHR0cDovL3NlcnZlci53MS5maTo4ODg4LzAhBgNVHREE
GjAYghZzZXJ2ZXItcG9saWNpZXMyLncxLmZpMBgGA1UdIAQRMA8wDQYLKwYBBAGC
vmgBAwIwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAH04
mOYhA+QaRAiRyiExXJdmdEwKhCGDkiJjU40GH0hiwePO6XQqYwsr+bXQYzc5TLQp
nphJSB/NvChfgVbu2dn3UWsxYjqkWZjzGD35wdhxbYXhZw7WzKthIkbxOBFTdEFE
ImOs52sStjkgf/7ix6rmgGTXJJJOefqdQXVFMEsrztmwOCV5gbPES2ChJJ+txze5
RNUCfCoFf9PxdiFqZ9epq+A+TJAwKIp1WK5qmDm2bPbrn8gkEaMzD6owBSOrH0/0
VfO4a8Xc3DIVWP3Mz7r1mhtOWGiFt+uw2+mph/mwTslDeSaXdf/UVQH3xvUhVov3
84Ci9D9QKuNgUrZcgxQ=
vmgBAwIwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAFin
zT5xsSzfqw67N2iVbSB1wDiW4lbrV0rXQ5PSKKfZgv/rqgPDxAYJBB4b8BgqJzIw
IpeTIQboK09z3IQ5b+mtLtbjwek2Wap80KU+I5q829m/OPYh770OS01NXQ6Krv7Q
R66PTfzCu1uPpAZNCybjnvjd0eAhklUXhUkJrUUk5QVVaLlFNq8NuG/rZj37q2jE
0ud+aqmtI0olctuulgOlxz+kjvh8FlrEMlOfVuuk8ZncrAtPLQ/xA8q6sgtvn02Q
hGY6pbPwolBZyxsZr21ilXOklHaNPhhJcr5CoWam7tcIUdqL2NZtNuIvS3h0LBAX
DIQWFLq4ECjcCyKqQJM=
-----END CERTIFICATE-----

52
tests/hwsim/auth_serv/server-eku-client-server.pem
View File

@ -2,12 +2,12 @@ Certificate:
Data:
Version: 3 (0x2)
Serial Number:
d8:d3:e3:a6:cb:e3:cd:62
d8:d3:e3:a6:cb:e3:cd:6d
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA
Validity
Not Before: May 2 19:55:38 2020 GMT
Not After : May 2 19:55:38 2021 GMT
Not Before: May 3 17:02:53 2021 GMT
Not After : May 3 17:02:53 2022 GMT
Subject: C=FI, O=w1.fi, CN=server6.w1.fi
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
@ -46,25 +46,25 @@ Certificate:
X509v3 Extended Key Usage:
TLS Web Client Authentication, TLS Web Server Authentication
Signature Algorithm: sha256WithRSAEncryption
5f:6e:13:f9:af:c4:47:4d:78:19:5e:d2:bb:21:55:c3:4b:64:
42:94:fe:37:7b:3a:4a:fc:42:f1:fc:b3:c3:05:93:46:39:cd:
a3:40:c9:90:47:a2:6b:af:d8:21:a9:1e:11:02:c8:84:e2:b2:
8b:52:ad:30:49:e7:80:16:98:d2:0c:01:56:c2:f5:6c:a4:98:
b0:a2:af:6c:e8:6e:6d:9b:31:21:22:91:51:81:e1:f0:0d:eb:
97:96:98:58:84:b3:29:a6:8f:d2:b5:ce:37:a7:64:b8:7f:fb:
f7:15:3c:c0:c7:2a:7f:bb:50:67:a0:5b:55:65:5d:1f:0a:90:
10:16:c1:93:cd:a3:ab:8b:4b:9a:f0:e2:e7:ac:e6:5a:fd:bf:
46:37:92:3e:f7:f5:d8:57:87:c2:88:cc:b1:40:06:92:d5:f0:
f2:3d:c5:d0:fd:48:5c:bf:bf:5b:da:82:11:55:6d:95:17:f2:
43:be:8e:e7:f5:0e:d3:b3:de:65:ea:8c:85:4b:bd:4d:93:f0:
6f:8b:2f:0e:fb:9f:cb:65:e8:72:68:92:43:08:1d:3e:1f:5a:
e5:1c:5d:7e:16:06:04:23:9e:c0:82:8a:a6:33:66:c3:3f:2a:
ad:1a:5a:90:02:56:3a:e6:45:d9:f1:02:a5:cd:16:63:03:04:
42:85:1c:49
97:a5:19:d6:b9:1e:74:53:d4:38:5d:95:2a:8c:6f:88:10:c4:
47:28:29:4e:08:65:51:8f:af:34:1e:17:7a:62:7c:8e:f4:c4:
6d:ed:94:a9:fa:03:85:9d:7d:01:f8:e3:03:a4:a7:52:0c:6e:
46:db:de:44:bc:ce:b3:5a:fc:72:01:a0:b2:49:b2:b2:ce:de:
46:d4:68:d7:70:94:7b:48:b9:c9:6c:78:d3:68:3d:4f:66:15:
7d:99:ac:65:70:0f:62:ed:b5:a5:b4:69:c4:bc:57:f5:ea:1d:
3c:cd:99:36:6f:86:bc:57:69:76:58:fd:15:5d:8d:ed:0c:ca:
d8:bb:8e:7d:72:39:ff:04:e9:35:88:88:fa:5c:d7:f5:10:f5:
19:4f:2d:90:2f:f3:82:36:7f:4f:45:c5:98:97:f5:f0:61:86:
64:ce:b7:24:98:85:f1:59:59:67:ee:51:d0:e7:37:fb:2f:a7:
5d:a5:91:a3:f9:97:a8:54:4d:df:ec:22:d1:3e:0e:4d:5c:40:
11:2a:43:7d:69:36:73:5e:be:c8:73:d4:74:99:5f:c8:87:c1:
99:c0:e6:38:af:f2:8c:39:b7:65:90:a8:58:fa:a2:99:69:e6:
ad:77:3e:94:fc:82:38:cf:5f:17:77:e8:4e:6a:8b:75:21:ce:
9b:7f:6c:00
-----BEGIN CERTIFICATE-----
MIIDnjCCAoagAwIBAgIJANjT46bL481iMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
MIIDnjCCAoagAwIBAgIJANjT46bL481tMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE
AwwHUm9vdCBDQTAeFw0yMDA1MDIxOTU1MzhaFw0yMTA1MDIxOTU1MzhaMDUxCzAJ
AwwHUm9vdCBDQTAeFw0yMTA1MDMxNzAyNTNaFw0yMjA1MDMxNzAyNTNaMDUxCzAJ
BgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEWMBQGA1UEAwwNc2VydmVyNi53MS5m
aTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAj9IASvkpkTa+Zr1Lv
jfVzmhooK5Lo1JAlPoVHn8nEuXo1JIQvHlEWZtOsMerxY6RM6ibw+mHHn/J0aWp4
@ -76,10 +76,10 @@ kXECAwEAAaOBpDCBoTAJBgNVHRMEAjAAMB0GA1UdDgQWBBSr0ojKnEQmiS7AuY1G
3VxpAp4ByzAfBgNVHSMEGDAWgBSk/bk5G4GzquuIHdSBqbURcMyn4TA1BggrBgEF
BQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9zZXJ2ZXIudzEuZmk6ODg4OC8w
HQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IB
AQBfbhP5r8RHTXgZXtK7IVXDS2RClP43ezpK/ELx/LPDBZNGOc2jQMmQR6Jrr9gh
qR4RAsiE4rKLUq0wSeeAFpjSDAFWwvVspJiwoq9s6G5tmzEhIpFRgeHwDeuXlphY
hLMppo/Stc43p2S4f/v3FTzAxyp/u1BnoFtVZV0fCpAQFsGTzaOri0ua8OLnrOZa
/b9GN5I+9/XYV4fCiMyxQAaS1fDyPcXQ/Uhcv79b2oIRVW2VF/JDvo7n9Q7Ts95l
6oyFS71Nk/Bviy8O+5/LZehyaJJDCB0+H1rlHF1+FgYEI57AgoqmM2bDPyqtGlqQ
AlY65kXZ8QKlzRZjAwRChRxJ
AQCXpRnWuR50U9Q4XZUqjG+IEMRHKClOCGVRj680Hhd6YnyO9MRt7ZSp+gOFnX0B
+OMDpKdSDG5G295EvM6zWvxyAaCySbKyzt5G1GjXcJR7SLnJbHjTaD1PZhV9maxl
cA9i7bWltGnEvFf16h08zZk2b4a8V2l2WP0VXY3tDMrYu459cjn/BOk1iIj6XNf1
EPUZTy2QL/OCNn9PRcWYl/XwYYZkzrckmIXxWVln7lHQ5zf7L6ddpZGj+ZeoVE3f
7CLRPg5NXEARKkN9aTZzXr7Ic9R0mV/Ih8GZwOY4r/KMObdlkKhY+qKZaeatdz6U
/II4z18Xd+hOaot1Ic6bf2wA
-----END CERTIFICATE-----

54
tests/hwsim/auth_serv/server-eku-client.pem
View File

@ -2,12 +2,12 @@ Certificate:
Data:
Version: 3 (0x2)
Serial Number:
d8:d3:e3:a6:cb:e3:cd:61
d8:d3:e3:a6:cb:e3:cd:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA
Validity
Not Before: May 2 19:55:38 2020 GMT
Not After : May 2 19:55:38 2021 GMT
Not Before: May 3 17:02:53 2021 GMT
Not After : May 3 17:02:53 2022 GMT
Subject: C=FI, O=w1.fi, CN=server5.w1.fi
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
@ -46,25 +46,25 @@ Certificate:
X509v3 Extended Key Usage:
TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
22:02:38:3d:90:2f:5d:54:b9:36:61:fd:29:40:c0:88:5d:eb:
63:ec:b3:6d:9b:55:8f:10:6b:b7:4b:8a:3f:89:79:fa:52:87:
8d:91:3b:2e:ee:84:ae:f8:2d:8e:1d:35:72:cd:b8:7d:9d:98:
d3:88:9d:05:c7:85:e7:1a:29:4d:cb:00:da:a3:21:a0:f5:f3:
52:f5:80:88:cb:2a:4f:d9:9b:56:c0:37:13:61:74:64:61:fb:
8c:25:18:9c:96:e2:f8:bb:e2:48:60:e3:12:d8:a9:d9:9e:93:
e8:cd:46:f5:eb:b3:17:62:66:d1:5d:ea:c2:09:d1:7a:34:d2:
e0:88:1d:7f:6f:71:25:70:50:d8:51:93:61:8e:70:da:c2:ba:
f0:44:81:be:81:54:d6:3c:da:a6:54:62:40:bd:d1:2e:ce:1c:
dd:29:49:ba:b5:12:7e:42:64:54:b2:99:93:60:67:6e:1a:63:
4b:da:b4:96:28:90:81:c4:28:05:28:64:ff:c6:7a:b3:8c:68:
12:e3:28:64:00:82:88:bc:75:46:d2:e7:f9:0a:93:4c:5d:c8:
99:27:4c:40:65:0d:ec:b2:86:ea:76:e2:28:c5:77:6b:3d:fc:
91:30:89:0a:0b:e0:d4:59:cf:30:de:5f:f6:50:15:5a:40:01:
e2:a5:39:cf
95:fa:5c:72:fc:2e:aa:a2:b4:f9:22:11:d2:84:33:91:f4:2c:
27:59:b9:2d:0c:46:b1:cb:58:2e:66:bd:ed:8d:f8:ad:45:a2:
37:7c:51:41:42:5a:ca:8a:c6:8b:3d:60:0f:6e:88:d9:44:25:
d2:e1:5c:92:fb:38:2e:90:a1:c4:d0:81:07:59:79:58:50:23:
f5:1d:f9:ac:11:99:51:eb:78:49:64:11:84:4c:ce:6f:6a:5d:
51:1d:2f:99:10:e9:f2:46:33:94:5c:8c:be:0d:26:bb:27:57:
e7:c8:f1:c3:9e:8f:10:04:2f:8a:a0:cd:39:af:01:1c:19:b0:
f9:da:38:6f:e8:2e:df:7d:ec:05:0c:09:bc:56:01:50:15:63:
50:a5:06:55:37:04:7e:74:a0:08:20:e3:29:c6:c3:36:87:76:
1f:f2:98:dc:cf:58:cd:c6:17:51:46:d2:ff:3a:97:4d:b2:27:
bb:8c:f0:13:79:53:2b:a7:cf:e5:88:7c:eb:33:b8:54:c4:2e:
64:de:34:af:4e:74:05:b1:13:fd:ed:54:60:2c:31:b8:7f:a6:
0d:4f:dd:9d:e3:0d:aa:ad:ba:0d:25:07:c2:0d:53:a8:f4:93:
37:75:60:2b:75:5f:db:53:d8:44:fd:4d:c9:91:4e:6a:ca:6d:
a5:ae:ba:74
-----BEGIN CERTIFICATE-----
MIIDlDCCAnygAwIBAgIJANjT46bL481hMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
MIIDlDCCAnygAwIBAgIJANjT46bL481sMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE
AwwHUm9vdCBDQTAeFw0yMDA1MDIxOTU1MzhaFw0yMTA1MDIxOTU1MzhaMDUxCzAJ
AwwHUm9vdCBDQTAeFw0yMTA1MDMxNzAyNTNaFw0yMjA1MDMxNzAyNTNaMDUxCzAJ
BgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEWMBQGA1UEAwwNc2VydmVyNS53MS5m
aTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKWUYIC4yGEYjAKd3MzE
dNEXtTtHnDgPO5J0++onRUSKmipNECWOd84aCclzGf7ccDZejPqPTIS793LklE/8
@ -75,11 +75,11 @@ u9jjFCVw3tHHnVnPJEbH9W5vg2btGx0+UQSUZ2TfUSI8wOEkCjdq3GqL/UVbli0D
rGMCAwEAAaOBmjCBlzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQyn58wJHNzy41TOoAj
61tdTN0GATAfBgNVHSMEGDAWgBSk/bk5G4GzquuIHdSBqbURcMyn4TA1BggrBgEF
BQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9zZXJ2ZXIudzEuZmk6ODg4OC8w
EwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBACICOD2QL11U
uTZh/SlAwIhd62Pss22bVY8Qa7dLij+JefpSh42ROy7uhK74LY4dNXLNuH2dmNOI
nQXHhecaKU3LANqjIaD181L1gIjLKk/Zm1bANxNhdGRh+4wlGJyW4vi74khg4xLY
qdmek+jNRvXrsxdiZtFd6sIJ0Xo00uCIHX9vcSVwUNhRk2GOcNrCuvBEgb6BVNY8
2qZUYkC90S7OHN0pSbq1En5CZFSymZNgZ24aY0vatJYokIHEKAUoZP/GerOMaBLj
KGQAgoi8dUbS5/kKk0xdyJknTEBlDeyyhup24ijFd2s9/JEwiQoL4NRZzzDeX/ZQ
FVpAAeKlOc8=
EwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAJX6XHL8Lqqi
tPkiEdKEM5H0LCdZuS0MRrHLWC5mve2N+K1Fojd8UUFCWsqKxos9YA9uiNlEJdLh
XJL7OC6QocTQgQdZeVhQI/Ud+awRmVHreElkEYRMzm9qXVEdL5kQ6fJGM5RcjL4N
JrsnV+fI8cOejxAEL4qgzTmvARwZsPnaOG/oLt997AUMCbxWAVAVY1ClBlU3BH50
oAgg4ynGwzaHdh/ymNzPWM3GF1FG0v86l02yJ7uM8BN5Uyunz+WIfOszuFTELmTe
NK9OdAWxE/3tVGAsMbh/pg1P3Z3jDaqtug0lB8INU6j0kzd1YCt1X9tT2ET9TcmR
TmrKbaWuunQ=
-----END CERTIFICATE-----

48
tests/hwsim/auth_serv/server-expired.pem
View File

@ -2,7 +2,7 @@ Certificate:
Data:
Version: 3 (0x2)
Serial Number:
d8:d3:e3:a6:cb:e3:cd:66
d8:d3:e3:a6:cb:e3:cd:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA
Validity
@ -46,23 +46,23 @@ Certificate:
X509v3 Extended Key Usage:
TLS Web Server Authentication
Signature Algorithm: sha256WithRSAEncryption
89:4d:ee:04:3e:50:fc:a2:6e:4c:3e:4a:9e:3b:9c:2e:74:29:
06:86:1b:bb:96:01:70:f7:46:21:b4:ef:6f:73:93:31:bd:58:
f5:2f:40:61:f1:53:86:20:75:cf:0e:75:70:2c:94:b8:c5:4e:
ec:24:0f:42:d6:8b:80:b9:fa:b5:48:83:d6:cf:c8:47:3d:09:
50:11:4a:5d:83:c5:41:8b:4b:4e:1e:ff:96:95:f0:14:7a:7e:
cd:a6:4f:ce:0b:37:e8:f2:27:a2:72:e2:6b:18:d7:f8:86:f0:
14:db:4c:c5:8a:76:9b:fc:55:15:49:3f:eb:df:5c:c7:7a:64:
86:70:44:97:7e:ba:83:39:25:3b:23:8e:dc:b3:9e:59:cb:e0:
a2:ac:7e:9f:d2:60:91:a7:de:a9:a9:30:e1:97:81:e3:13:91:
75:68:08:11:e0:ca:f9:eb:39:28:72:ab:8c:18:d2:3c:2c:cc:
38:e5:73:1a:4e:7f:e6:74:25:8b:a2:40:45:59:28:b4:ec:ec:
5f:c9:f5:6f:ab:02:03:70:0d:11:9b:62:df:73:7b:e0:c6:c1:
c1:ee:da:69:9a:91:a3:6b:2b:15:d6:fb:e4:35:38:86:fe:ac:
ad:77:a5:a3:03:a5:9f:f4:e7:34:91:83:9e:5b:1e:88:e1:48:
5f:15:d8:de
55:80:01:89:67:34:7c:4b:99:71:f5:5e:49:ea:51:f4:21:a4:
0f:3d:85:1c:ac:70:bf:a6:ef:50:85:de:df:1f:c6:93:44:3a:
0b:4d:e9:d9:25:e4:23:4b:c6:d5:6d:bc:ad:19:bc:be:05:e7:
5a:16:c5:6b:97:b4:8c:fc:9c:4e:52:3d:73:58:9e:df:0d:1f:
ae:a5:95:59:ed:5b:d6:8f:02:aa:c1:76:81:66:c9:46:f6:c3:
18:f2:a9:fb:e3:42:92:09:5f:7c:82:2e:fb:21:96:93:d1:63:
56:1e:3f:68:d4:96:f0:a7:2d:2f:f1:f1:39:ff:2a:56:1b:59:
4a:7a:b2:e9:11:ad:c0:66:59:ae:b5:d4:88:ce:65:d7:98:d8:
bf:77:96:9d:50:59:1b:28:6f:e7:0c:c5:dc:99:55:2e:62:11:
19:f2:bc:22:f9:35:91:7b:c5:ea:59:48:be:b1:90:a2:b6:5c:
f4:da:3a:48:98:7a:9a:74:55:f3:85:bb:ab:31:8b:d1:75:68:
f0:c3:dd:f1:ba:42:c7:4b:43:18:77:77:32:c1:80:61:22:48:
39:39:5c:ad:c0:b0:3a:73:5f:43:89:8e:32:40:3d:48:c7:dd:
20:d3:ba:15:b4:ac:0a:b4:86:0e:34:53:21:e5:91:c8:8e:56:
6e:9f:ce:62
-----BEGIN CERTIFICATE-----
MIIDlDCCAnygAwIBAgIJANjT46bL481mMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
MIIDlDCCAnygAwIBAgIJANjT46bL481rMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE
AwwHUm9vdCBDQTAeFw0yMDAxMDEwMDAwMDBaFw0yMDAxMDIwMDAwMDBaMDUxCzAJ
BgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEWMBQGA1UEAwwNc2VydmVyNC53MS5m
@ -75,11 +75,11 @@ c+GT2FEtu0WDj7aTQTlBhF9LrQAlkT0WCuvwuJLgXHVlhRfSgOZeZqKk38cIdjNJ
zx0CAwEAAaOBmjCBlzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQhsDHGFNS9XN9wJFE0
npP1GLMcoTAfBgNVHSMEGDAWgBSk/bk5G4GzquuIHdSBqbURcMyn4TA1BggrBgEF
BQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9zZXJ2ZXIudzEuZmk6ODg4OC8w
EwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAIlN7gQ+UPyi
bkw+Sp47nC50KQaGG7uWAXD3RiG0729zkzG9WPUvQGHxU4Ygdc8OdXAslLjFTuwk
D0LWi4C5+rVIg9bPyEc9CVARSl2DxUGLS04e/5aV8BR6fs2mT84LN+jyJ6Jy4msY
1/iG8BTbTMWKdpv8VRVJP+vfXMd6ZIZwRJd+uoM5JTsjjtyznlnL4KKsfp/SYJGn
3qmpMOGXgeMTkXVoCBHgyvnrOShyq4wY0jwszDjlcxpOf+Z0JYuiQEVZKLTs7F/J
9W+rAgNwDRGbYt9ze+DGwcHu2mmakaNrKxXW++Q1OIb+rK13paMDpZ/05zSRg55b
HojhSF8V2N4=
EwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAFWAAYlnNHxL
mXH1XknqUfQhpA89hRyscL+m71CF3t8fxpNEOgtN6dkl5CNLxtVtvK0ZvL4F51oW
xWuXtIz8nE5SPXNYnt8NH66llVntW9aPAqrBdoFmyUb2wxjyqfvjQpIJX3yCLvsh
lpPRY1YeP2jUlvCnLS/x8Tn/KlYbWUp6sukRrcBmWa611IjOZdeY2L93lp1QWRso
b+cMxdyZVS5iERnyvCL5NZF7xepZSL6xkKK2XPTaOkiYepp0VfOFu6sxi9F1aPDD
3fG6QsdLQxh3dzLBgGEiSDk5XK3AsDpzX0OJjjJAPUjH3SDTuhW0rAq0hg40UyHl
kciOVm6fzmI=
-----END CERTIFICATE-----

BIN
tests/hwsim/auth_serv/server-extra.pkcs12
View File

Binary file not shown.

52
tests/hwsim/auth_serv/server-long-duration.pem
View File

@ -2,12 +2,12 @@ Certificate:
Data:
Version: 3 (0x2)
Serial Number:
d8:d3:e3:a6:cb:e3:cd:68
d8:d3:e3:a6:cb:e3:cd:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA
Validity
Not Before: May 3 14:07:41 2020 GMT
Not After : Apr 21 14:07:41 2070 GMT
Not Before: May 3 17:02:53 2021 GMT
Not After : Apr 21 17:02:53 2071 GMT
Subject: C=FI, O=w1.fi, CN=server7.w1.fi
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
@ -63,25 +63,25 @@ Certificate:
X509v3 Extended Key Usage:
TLS Web Server Authentication
Signature Algorithm: sha256WithRSAEncryption
01:87:4b:93:49:c5:28:8b:2f:8a:45:f3:ed:a2:1e:2f:b0:d0:
0b:d3:cc:dc:a5:bd:ff:f5:df:86:45:f3:3e:94:ff:32:16:de:
f4:08:4a:2d:24:f3:5b:da:a8:ea:21:6d:06:c9:9c:08:1c:0e:
dc:a1:82:b9:5f:67:e4:e1:1c:29:b3:b1:58:af:ce:6c:2f:e1:
9b:dd:98:53:45:aa:d2:02:81:fd:a1:74:e4:75:69:07:9c:cc:
5d:b7:1a:25:ba:52:3b:8e:5c:62:12:0c:0e:a2:38:2f:b5:d3:
33:97:fe:d1:ec:6a:5d:15:93:67:98:d9:d0:93:03:bd:78:90:
df:bd:4f:50:af:79:83:70:02:9e:eb:bc:6d:d7:0f:9b:65:8d:
4e:79:79:d1:03:18:3d:47:3e:78:05:1d:f5:23:d2:f8:8f:fb:
56:a1:ce:ee:e0:40:25:57:cc:4d:4c:f2:ca:65:90:e0:f8:7f:
ed:4f:12:5f:1d:9c:5e:15:3c:5e:fa:a4:5f:85:3c:a1:47:a3:
3a:db:3f:93:3a:21:f4:55:be:fb:7c:3a:3d:58:ec:91:a0:83:
d5:b0:b9:79:08:12:1d:3b:3c:31:8d:f5:f6:da:20:d3:ca:76:
fb:83:c9:20:36:32:e5:4a:44:25:c6:d5:4d:04:59:06:71:9a:
cc:b9:47:e7
aa:73:6c:8d:3b:7e:cb:87:82:2f:b8:05:f7:79:1c:5d:ec:37:
76:ac:c1:e3:27:73:1b:71:0a:85:ba:55:ce:53:a2:70:38:b4:
e4:09:f4:19:c1:b5:0e:a1:52:d3:9f:3b:3b:dd:a9:86:97:3d:
e7:40:b8:16:9f:47:51:e5:39:2e:93:cb:61:a8:b1:f2:f6:53:
9f:50:04:c6:88:5c:ce:69:ed:cc:c3:39:0a:76:af:64:8f:ce:
6c:88:62:b7:46:ce:fc:fe:4a:e2:ea:f7:a8:af:5b:f5:43:a1:
96:fe:3c:db:a1:a2:72:3f:47:f3:5b:ae:50:27:7b:11:f8:e8:
22:a6:8d:73:32:56:c8:dd:d5:95:51:aa:9f:f7:4d:53:e7:0b:
e6:fa:c2:4e:59:55:92:44:78:df:e5:b0:1d:cc:69:3e:86:73:
3a:9f:69:30:54:9c:6b:55:7c:79:ba:62:d5:0a:de:18:b3:0c:
29:34:7b:ef:0d:5c:54:71:ad:69:f5:63:93:49:31:03:2e:dc:
3c:2b:78:82:ff:4f:b7:59:77:5d:34:0b:4a:41:3e:51:47:83:
4e:2a:cb:88:28:33:42:df:8f:81:c3:89:01:f4:8a:ef:56:db:
ca:07:95:53:c6:68:bf:21:5f:1d:20:da:55:c7:0a:7f:a5:4b:
7c:f4:04:32
-----BEGIN CERTIFICATE-----
MIIEljCCA36gAwIBAgIJANjT46bL481oMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
MIIEljCCA36gAwIBAgIJANjT46bL481uMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE
AwwHUm9vdCBDQTAgFw0yMDA1MDMxNDA3NDFaGA8yMDcwMDQyMTE0MDc0MVowNTEL
AwwHUm9vdCBDQTAgFw0yMTA1MDMxNzAyNTNaGA8yMDcxMDQyMTE3MDI1M1owNTEL
MAkGA1UEBhMCRkkxDjAMBgNVBAoMBXcxLmZpMRYwFAYDVQQDDA1zZXJ2ZXI3Lncx
LmZpMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvxDC67+9DyFoRCZ4
1pAP3pxneAdvLjThUaY0bh1P8R8at5N6GgE2BNTjNfCbUo3MLYCTaDcACV/hDYo1
@ -98,10 +98,10 @@ fbuUpDl734zsZMjFjYZUb/GHk1ECAwEAAaOBmjCBlzAJBgNVHRMEAjAAMB0GA1Ud
DgQWBBQwyUXY08iO5kG4Kb1I3r/NmqWBzjAfBgNVHSMEGDAWgBSk/bk5G4GzquuI
HdSBqbURcMyn4TA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9z
ZXJ2ZXIudzEuZmk6ODg4OC8wEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcN
AQELBQADggEBAAGHS5NJxSiLL4pF8+2iHi+w0AvTzNylvf/134ZF8z6U/zIW3vQI
Si0k81vaqOohbQbJnAgcDtyhgrlfZ+ThHCmzsVivzmwv4ZvdmFNFqtICgf2hdOR1
aQeczF23GiW6UjuOXGISDA6iOC+10zOX/tHsal0Vk2eY2dCTA714kN+9T1CveYNw
Ap7rvG3XD5tljU55edEDGD1HPngFHfUj0viP+1ahzu7gQCVXzE1M8splkOD4f+1P
El8dnF4VPF76pF+FPKFHozrbP5M6IfRVvvt8Oj1Y7JGgg9WwuXkIEh07PDGN9fba
INPKdvuDySA2MuVKRCXG1U0EWQZxmsy5R+c=
AQELBQADggEBAKpzbI07fsuHgi+4Bfd5HF3sN3asweMncxtxCoW6Vc5TonA4tOQJ
9BnBtQ6hUtOfOzvdqYaXPedAuBafR1HlOS6Ty2GosfL2U59QBMaIXM5p7czDOQp2
r2SPzmyIYrdGzvz+SuLq96ivW/VDoZb+PNuhonI/R/NbrlAnexH46CKmjXMyVsjd
1ZVRqp/3TVPnC+b6wk5ZVZJEeN/lsB3MaT6GczqfaTBUnGtVfHm6YtUK3hizDCk0
e+8NXFRxrWn1Y5NJMQMu3DwreIL/T7dZd100C0pBPlFHg04qy4goM0Lfj4HDiQH0
iu9W28oHlVPGaL8hXx0g2lXHCn+lS3z0BDI=
-----END CERTIFICATE-----

54
tests/hwsim/auth_serv/server-no-dnsname.pem
View File

@ -2,12 +2,12 @@ Certificate:
Data:
Version: 3 (0x2)
Serial Number:
d8:d3:e3:a6:cb:e3:cd:60
d8:d3:e3:a6:cb:e3:cd:6a
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA
Validity
Not Before: May 2 19:55:38 2020 GMT
Not After : May 2 19:55:38 2021 GMT
Not Before: May 3 17:02:53 2021 GMT
Not After : May 3 17:02:53 2022 GMT
Subject: C=FI, O=w1.fi, CN=server3.w1.fi
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
@ -46,25 +46,25 @@ Certificate:
X509v3 Extended Key Usage:
TLS Web Server Authentication
Signature Algorithm: sha256WithRSAEncryption
47:5a:18:97:c2:3a:a5:4a:6c:f6:11:53:ac:d3:3f:d7:0c:7f:
e5:cb:9c:7d:02:f3:b7:ab:0c:a6:8d:d9:77:6c:bd:2a:41:47:
fb:70:7f:0d:09:53:fc:e4:a4:5e:0b:1c:4d:84:05:71:ab:f9:
68:9a:df:4f:b6:73:20:fd:05:cc:e2:f1:8a:9d:20:7a:27:8a:
60:a6:ed:0e:eb:cf:5f:13:32:1b:89:ec:f6:dc:eb:5f:42:f0:
a8:f9:42:dd:e5:e6:19:28:82:61:df:07:24:7b:c6:c9:ce:a5:
44:f0:d7:ba:4b:2b:9d:d7:97:1c:13:e9:da:0a:58:26:97:48:
6e:33:ec:d5:d3:32:96:23:b6:40:01:a8:e0:88:ea:2a:73:82:
d7:41:58:9b:b3:dc:6b:41:2f:ae:33:38:43:05:ed:04:ff:b9:
63:b7:7e:9b:fa:85:ab:df:12:36:24:cf:ec:8d:f8:d5:1c:95:
4e:a8:9c:e4:8a:90:ac:db:a0:4b:d8:14:e0:84:97:f7:cb:da:
95:cd:02:11:65:23:8b:ad:f1:c3:46:2d:2d:20:4d:cb:63:ef:
ae:be:ea:19:1d:2d:c5:35:c8:aa:b9:d3:8c:4f:cd:44:9c:fc:
a4:37:f5:b8:80:06:af:5e:ce:bc:81:23:cd:6b:de:31:c2:4c:
e8:e6:68:71
8a:b4:ef:15:b7:6f:b7:cd:e6:c0:3b:e2:bb:67:5e:d0:0a:81:
53:84:60:b8:60:05:9b:c7:b9:b9:87:34:1f:33:a4:fb:db:ed:
e9:0f:83:a4:3d:8b:4e:ff:aa:35:a8:f4:8c:35:78:a0:fb:e0:
b3:a3:11:92:ce:76:b2:3a:06:4f:3f:bb:9c:ca:e3:95:ec:44:
cb:72:1f:93:5d:df:d7:9e:76:41:4c:61:cb:70:03:5d:45:69:
da:c6:f5:60:68:83:f9:c7:73:8e:fb:4c:47:28:8e:b7:c9:e4:
cc:12:44:46:cc:97:77:6c:aa:02:57:d9:5a:f9:92:0c:a6:81:
12:b3:e0:fd:e1:9b:46:83:c8:bc:b5:85:4e:bd:9a:1b:9b:a5:
bd:cb:af:9b:dc:ce:62:3b:b3:ff:0f:85:e3:47:66:d0:dc:c6:
c4:02:36:e0:01:42:4c:c5:1f:de:da:92:1f:09:f3:22:f5:37:
ef:55:ca:7c:12:f7:2f:34:a1:ff:fe:b8:fc:32:34:ee:a4:ff:
f1:ba:c5:f5:d3:9e:d2:f8:3d:d9:fa:81:8f:40:80:7f:67:b5:
4d:0a:03:f7:f9:4e:3f:f8:74:29:f8:26:6d:5e:9e:dd:6d:f2:
0a:1d:6a:41:0c:5b:c2:27:81:2b:c1:86:0e:24:64:37:92:2a:
09:fb:ae:c7
-----BEGIN CERTIFICATE-----
MIIDlDCCAnygAwIBAgIJANjT46bL481gMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
MIIDlDCCAnygAwIBAgIJANjT46bL481qMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE
AwwHUm9vdCBDQTAeFw0yMDA1MDIxOTU1MzhaFw0yMTA1MDIxOTU1MzhaMDUxCzAJ
AwwHUm9vdCBDQTAeFw0yMTA1MDMxNzAyNTNaFw0yMjA1MDMxNzAyNTNaMDUxCzAJ
BgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEWMBQGA1UEAwwNc2VydmVyMy53MS5m
aTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLrrQRvTOsjuJJOddwA
0A3ZrQkh+BJKLc3bfWOhMhKOuOO935U5OhdlVPgg1nE3fbe0cjF6ej26dHLzrJ0W
@ -75,11 +75,11 @@ hq6aTH1T9rEOgs0GYXfdRlz9RWry6CLKY4vTHPZPEOzqGggeOD2AbKNIR/IWKgdb
94kCAwEAAaOBmjCBlzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRehNYxmBdx+GNcMlt9
M8DU+janajAfBgNVHSMEGDAWgBSk/bk5G4GzquuIHdSBqbURcMyn4TA1BggrBgEF
BQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9zZXJ2ZXIudzEuZmk6ODg4OC8w
EwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAEdaGJfCOqVK
bPYRU6zTP9cMf+XLnH0C87erDKaN2XdsvSpBR/twfw0JU/zkpF4LHE2EBXGr+Wia
30+2cyD9Bczi8YqdIHonimCm7Q7rz18TMhuJ7Pbc619C8Kj5Qt3l5hkogmHfByR7
xsnOpUTw17pLK53XlxwT6doKWCaXSG4z7NXTMpYjtkABqOCI6ipzgtdBWJuz3GtB
L64zOEMF7QT/uWO3fpv6havfEjYkz+yN+NUclU6onOSKkKzboEvYFOCEl/fL2pXN
AhFlI4ut8cNGLS0gTctj766+6hkdLcU1yKq504xPzUSc/KQ39biABq9ezryBI81r
3jHCTOjmaHE=
EwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAIq07xW3b7fN
5sA74rtnXtAKgVOEYLhgBZvHubmHNB8zpPvb7ekPg6Q9i07/qjWo9Iw1eKD74LOj
EZLOdrI6Bk8/u5zK45XsRMtyH5Nd39eedkFMYctwA11FadrG9WBog/nHc477TEco
jrfJ5MwSREbMl3dsqgJX2Vr5kgymgRKz4P3hm0aDyLy1hU69mhubpb3Lr5vczmI7
s/8PheNHZtDcxsQCNuABQkzFH97akh8J8yL1N+9VynwS9y80of/+uPwyNO6k//G6
xfXTntL4Pdn6gY9AgH9ntU0KA/f5Tj/4dCn4Jm1ent1t8godakEMW8IngSvBhg4k
ZDeSKgn7rsc=
-----END CERTIFICATE-----

52
tests/hwsim/auth_serv/server.pem
View File

@ -2,12 +2,12 @@ Certificate:
Data:
Version: 3 (0x2)
Serial Number:
d8:d3:e3:a6:cb:e3:cd:5f
d8:d3:e3:a6:cb:e3:cd:69
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA
Validity
Not Before: May 2 19:55:38 2020 GMT
Not After : May 2 19:55:38 2021 GMT
Not Before: May 3 17:02:53 2021 GMT
Not After : May 3 17:02:53 2022 GMT
Subject: C=FI, O=w1.fi, CN=server.w1.fi
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
@ -48,25 +48,25 @@ Certificate:
X509v3 Extended Key Usage:
TLS Web Server Authentication
Signature Algorithm: sha256WithRSAEncryption
62:10:9c:ed:50:98:34:2e:7c:ef:1a:11:93:a5:f0:ad:8d:03:
71:9a:a1:be:c0:24:9a:4d:28:cd:28:ea:55:7e:7b:b3:9c:f4:
ad:94:44:7b:9c:e2:0a:c0:35:7e:80:a6:aa:9c:ae:36:22:fd:
4e:25:b3:1f:66:1d:2e:66:4b:d4:8c:ad:3e:0d:92:7d:3a:93:
05:c6:51:e4:75:fc:b4:6c:24:cb:c4:79:06:2f:d1:b3:6c:0c:
d8:82:76:08:cc:9a:c4:61:14:1b:3d:38:f4:a2:2c:49:0e:d5:
82:58:46:52:3c:cd:12:d9:57:dd:58:25:34:0b:d7:7b:2a:2f:
60:ce:da:9f:f2:98:e2:8e:0b:6c:69:42:1c:27:75:3a:7c:ae:
a5:9a:19:bc:6c:67:fc:04:a9:f4:fd:2c:17:79:56:52:a3:3b:
01:60:ae:ea:9b:ed:a4:30:53:fc:ef:57:bb:f1:fc:04:2a:5c:
2b:74:d0:1f:0b:30:ec:0a:b2:8b:4d:4a:b4:33:0d:cd:dc:28:
29:0a:d1:eb:36:09:bc:15:a7:c7:f0:f0:9c:7e:48:75:14:75:
2d:ed:fb:7a:14:e4:69:4a:54:b9:ad:25:ba:bb:d9:c0:eb:a0:
81:53:c7:07:ea:34:73:1f:9d:43:63:8e:f9:06:c9:4d:15:bf:
68:f9:91:de
b1:d9:6f:63:a1:39:81:55:10:cd:05:c1:cc:14:7d:33:0a:9a:
ef:c0:34:dc:77:76:5b:41:92:20:15:a3:c6:01:af:1f:05:7c:
bb:37:4a:1d:1f:00:5e:4a:17:6b:7a:6a:6c:a4:fb:c7:e4:1e:
e2:38:7f:25:d1:45:9b:eb:68:95:f9:1b:ba:9f:40:b9:5d:c7:
6c:a0:46:6b:05:ac:f4:38:4d:64:0b:5d:e0:7b:30:31:b8:a6:
da:d0:a5:3e:81:7b:6a:1a:b5:4f:2d:4a:f2:00:68:13:68:b8:
83:6b:79:f9:b2:63:a7:df:52:de:8e:12:9d:87:73:ec:4b:47:
38:a2:98:29:a8:c8:8b:8e:b1:2b:47:dd:eb:cf:6a:dd:21:02:
00:5e:7d:8d:4c:19:aa:7d:1b:f4:9b:a6:a8:f8:f3:a7:9d:66:
e8:54:0c:dc:7f:e9:af:a2:4c:88:8b:87:54:28:33:c5:53:87:
b0:41:e4:2e:33:7b:aa:c0:29:82:c2:bd:54:10:29:f9:2d:a4:
99:d1:e7:c7:57:07:66:cc:d0:2e:74:5d:98:28:0a:fe:8a:32:
3c:62:3d:30:7c:75:0c:16:31:ce:cb:e7:41:1e:4f:3c:92:1a:
3e:80:b1:13:78:b5:53:b2:6a:44:9f:c1:3b:92:cf:08:0e:08:
32:10:27:1b
-----BEGIN CERTIFICATE-----
MIIDrDCCApSgAwIBAgIJANjT46bL481fMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
MIIDrDCCApSgAwIBAgIJANjT46bL481pMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE
AwwHUm9vdCBDQTAeFw0yMDA1MDIxOTU1MzhaFw0yMTA1MDIxOTU1MzhaMDQxCzAJ
AwwHUm9vdCBDQTAeFw0yMTA1MDMxNzAyNTNaFw0yMjA1MDMxNzAyNTNaMDQxCzAJ
BgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEVMBMGA1UEAwwMc2VydmVyLncxLmZp
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/Q5ezRksakGD2SwONs0J
sI+yyYzI0gM4blS8Q+7O+Fmx6T9t1F7jxXMZPQu8KdfQbnUANfz3ZbG2D8sGSc+p
@ -78,10 +78,10 @@ c6xGrsvreTZXrcNwAhVt8KVDc6tyBLEWYHQOSsGPUigalX6r0AT2+hHaG9GZpE+e
MRBpSdDnMB8GA1UdIwQYMBaAFKT9uTkbgbOq64gd1IGptRFwzKfhMDUGCCsGAQUF
BwEBBCkwJzAlBggrBgEFBQcwAYYZaHR0cDovL3NlcnZlci53MS5maTo4ODg4LzAX
BgNVHREEEDAOggxzZXJ2ZXIudzEuZmkwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJ
KoZIhvcNAQELBQADggEBAGIQnO1QmDQufO8aEZOl8K2NA3Gaob7AJJpNKM0o6lV+
e7Oc9K2URHuc4grANX6ApqqcrjYi/U4lsx9mHS5mS9SMrT4Nkn06kwXGUeR1/LRs
JMvEeQYv0bNsDNiCdgjMmsRhFBs9OPSiLEkO1YJYRlI8zRLZV91YJTQL13sqL2DO
2p/ymOKOC2xpQhwndTp8rqWaGbxsZ/wEqfT9LBd5VlKjOwFgruqb7aQwU/zvV7vx
/AQqXCt00B8LMOwKsotNSrQzDc3cKCkK0es2CbwVp8fw8Jx+SHUUdS3t+3oU5GlK
VLmtJbq72cDroIFTxwfqNHMfnUNjjvkGyU0Vv2j5kd4=
KoZIhvcNAQELBQADggEBALHZb2OhOYFVEM0FwcwUfTMKmu/ANNx3dltBkiAVo8YB
rx8FfLs3Sh0fAF5KF2t6amyk+8fkHuI4fyXRRZvraJX5G7qfQLldx2ygRmsFrPQ4
TWQLXeB7MDG4ptrQpT6Be2oatU8tSvIAaBNouINrefmyY6ffUt6OEp2Hc+xLRzii
mCmoyIuOsStH3evPat0hAgBefY1MGap9G/Sbpqj486edZuhUDNx/6a+iTIiLh1Qo
M8VTh7BB5C4ze6rAKYLCvVQQKfktpJnR58dXB2bM0C50XZgoCv6KMjxiPTB8dQwW
Mc7L50EeTzySGj6AsRN4tVOyakSfwTuSzwgOCDIQJxs=
-----END CERTIFICATE-----

BIN
tests/hwsim/auth_serv/server.pkcs12
View File

Binary file not shown.

54
tests/hwsim/auth_serv/user.pem
View File

@ -2,12 +2,12 @@ Certificate:
Data:
Version: 3 (0x2)
Serial Number:
d8:d3:e3:a6:cb:e3:cd:65
d8:d3:e3:a6:cb:e3:cd:71
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=FI, L=Tuusula, O=w1.fi, CN=Root CA
Validity
Not Before: May 2 19:55:38 2020 GMT
Not After : May 2 19:55:38 2021 GMT
Not Before: May 3 17:02:53 2021 GMT
Not After : May 3 17:02:53 2022 GMT
Subject: C=FI, O=w1.fi, CN=Test User
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
@ -46,25 +46,25 @@ Certificate:
X509v3 Extended Key Usage:
TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
94:10:ec:75:db:4d:98:80:bd:b7:b2:b1:4d:b8:99:0a:ba:e1:
47:d4:ef:50:48:5b:89:97:8b:ee:ee:56:2e:e6:ba:2d:0c:90:
59:29:a1:c9:10:08:9a:c7:e9:57:42:5a:f6:7e:72:cd:d9:ff:
8b:b2:13:6f:6e:e1:49:04:a5:82:cd:10:59:37:a5:9a:b2:2c:
6e:a7:9e:ba:1f:e3:b7:79:79:37:65:a8:9b:49:39:c2:13:7d:
6d:a8:37:23:c4:10:c9:73:25:67:1f:78:fb:b6:86:00:c1:1a:
60:d7:5e:b9:63:c6:43:41:dd:37:0f:39:c9:fa:ff:8a:f9:62:
59:00:e6:91:cd:79:28:82:db:30:88:c5:b8:79:8e:63:4c:65:
50:3d:d2:65:b3:45:62:e5:d1:6f:1c:c1:1f:c2:b5:1a:0f:31:
75:62:b3:7d:0b:8d:36:f9:43:eb:26:59:59:29:39:ad:37:0c:
4f:95:7e:86:05:f5:70:fa:45:de:3c:f5:7e:e1:29:bc:82:d3:
a0:63:73:a3:e1:25:f3:5a:14:2d:c7:78:da:aa:e2:8a:df:08:
c5:be:1f:d3:9f:70:0b:7d:ea:5b:f4:2d:22:94:e6:95:92:50:
e2:55:72:13:c5:a1:3a:44:c4:25:18:9d:9d:a9:c8:c0:ea:7a:
d6:76:91:4e
a1:96:48:41:04:5c:06:bd:0b:34:59:c0:49:fa:d6:08:e4:30:
79:cf:0d:42:36:10:a1:4a:8d:41:f9:c4:91:1b:8c:cf:36:24:
21:e8:cc:d8:7e:ac:cc:ca:79:fd:49:fa:6d:0b:20:3f:cc:1e:
0b:df:bc:ac:3d:f6:19:c6:99:f9:5f:86:17:ce:00:63:8a:95:
42:4c:92:5e:d7:5c:6d:1c:3a:13:b9:3e:d1:dd:d0:78:0d:7e:
b4:13:19:95:4b:e0:7f:11:97:41:c2:92:de:f0:43:0f:8b:36:
53:0f:5d:d9:12:16:85:22:bf:8f:e6:b1:95:94:0b:dc:ff:3a:
a3:ce:27:f9:1d:58:20:bc:0c:45:d7:96:fc:76:de:26:57:58:
d0:e2:57:d3:32:e1:c5:1b:37:0c:54:36:ed:5b:0d:d4:ef:cc:
43:c6:a6:66:0f:ce:33:4f:96:b9:22:6d:1d:1d:3f:4c:6c:05:
68:8d:48:2b:12:37:2a:d5:05:33:e0:b5:12:8f:00:73:43:64:
0e:28:75:04:b8:6f:29:da:22:e7:2c:78:97:f8:b0:37:8e:f6:
0d:04:98:e1:2f:6e:fd:40:97:54:50:2c:ca:cf:68:16:55:ca:
c0:37:bd:d5:3c:5e:50:64:4b:dd:3c:d3:b4:88:25:a9:11:d3:
60:bc:a7:88
-----BEGIN CERTIFICATE-----
MIIDkDCCAnigAwIBAgIJANjT46bL481lMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
MIIDkDCCAnigAwIBAgIJANjT46bL481xMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
BAYTAkZJMRAwDgYDVQQHDAdUdXVzdWxhMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UE
AwwHUm9vdCBDQTAeFw0yMDA1MDIxOTU1MzhaFw0yMTA1MDIxOTU1MzhaMDExCzAJ
AwwHUm9vdCBDQTAeFw0yMTA1MDMxNzAyNTNaFw0yMjA1MDMxNzAyNTNaMDExCzAJ
BgNVBAYTAkZJMQ4wDAYDVQQKDAV3MS5maTESMBAGA1UEAwwJVGVzdCBVc2VyMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvCQI2QdtGQ6UXGvZioQbAyLi
GgZC0wtgjV8xBAb6okBqDCQpWM2DvzqdfzcNTSdd1VdXHPO+dT86TERvAi9biyyw
@ -75,11 +75,11 @@ HaUhPfA1YpTIzzM/2KJd38xYAAiN7bEExSs/GhX2kgjU8ULNbNvy/+BuaYTYiwID
AQABo4GaMIGXMAkGA1UdEwQCMAAwHQYDVR0OBBYEFPuFAKjf1gwOp+M5Ydm+zirv
bSjYMB8GA1UdIwQYMBaAFKT9uTkbgbOq64gd1IGptRFwzKfhMDUGCCsGAQUFBwEB
BCkwJzAlBggrBgEFBQcwAYYZaHR0cDovL3NlcnZlci53MS5maTo4ODg4LzATBgNV
HSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAlBDsddtNmIC9t7Kx
TbiZCrrhR9TvUEhbiZeL7u5WLua6LQyQWSmhyRAImsfpV0Ja9n5yzdn/i7ITb27h
SQSlgs0QWTelmrIsbqeeuh/jt3l5N2Wom0k5whN9bag3I8QQyXMlZx94+7aGAMEa
YNdeuWPGQ0HdNw85yfr/ivliWQDmkc15KILbMIjFuHmOY0xlUD3SZbNFYuXRbxzB
H8K1Gg8xdWKzfQuNNvlD6yZZWSk5rTcMT5V+hgX1cPpF3jz1fuEpvILToGNzo+El
81oULcd42qriit8Ixb4f059wC33qW/QtIpTmlZJQ4lVyE8WhOkTEJRidnanIwOp6
1naRTg==
HSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAoZZIQQRcBr0LNFnA
SfrWCOQwec8NQjYQoUqNQfnEkRuMzzYkIejM2H6szMp5/Un6bQsgP8weC9+8rD32
GcaZ+V+GF84AY4qVQkySXtdcbRw6E7k+0d3QeA1+tBMZlUvgfxGXQcKS3vBDD4s2
Uw9d2RIWhSK/j+axlZQL3P86o84n+R1YILwMRdeW/HbeJldY0OJX0zLhxRs3DFQ2
7VsN1O/MQ8amZg/OM0+WuSJtHR0/TGwFaI1IKxI3KtUFM+C1Eo8Ac0NkDih1BLhv
Kdoi5yx4l/iwN472DQSY4S9u/UCXVFAsys9oFlXKwDe91TxeUGRL3TzTtIglqRHT
YLyniA==
-----END CERTIFICATE-----

BIN
tests/hwsim/auth_serv/user.pkcs12
View File

Binary file not shown.

BIN
tests/hwsim/auth_serv/user2.pkcs12
View File

Binary file not shown.

BIN
tests/hwsim/auth_serv/user3.pkcs12
View File

Binary file not shown.

4
tests/hwsim/test_ap_eap.py
View File

@ -2732,7 +2732,7 @@ def test_ap_wpa2_eap_ttls_server_cert_hash(dev, apdev):
"""WPA2-Enterprise connection using EAP-TTLS and server certificate hash"""
check_cert_probe_support(dev[0])
skip_with_fips(dev[0])
srv_cert_hash = "f75a953c1aa9967926525d4d860d1ff7e872f7088782f060768d12aecbd5f25e"
srv_cert_hash = "5891bd91eaf977684e70d4376d1514621d18f09ab2020bea1ad293d59a6e8944"
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
@ -4176,7 +4176,7 @@ def ocsp_req(outfile):
"-reqout", outfile,
'-issuer', 'auth_serv/ca.pem',
'-sha256',
'-serial', '0xD8D3E3A6CBE3CD5F',
'-serial', '0xD8D3E3A6CBE3CD69',
'-no_nonce']
run_openssl(arg)
if not os.path.exists(outfile):

20
tests/hwsim/test_ap_psk.py
View File

@ -516,6 +516,26 @@ def test_ap_wpa2_gtk_rekey_failure(dev, apdev):
raise Exception("GTK rekey timed out")
dev[0].wait_disconnected()
def test_ap_wpa2_gtk_rekey_request(dev, apdev):
"""WPA2-PSK AP and GTK rekey request from multiple stations"""
ssid = "test-wpa2-psk"
passphrase = 'qwertyuiop'
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
hapd = hostapd.add_ap(apdev[0], params)
for i in range(3):
dev[i].connect(ssid, psk=passphrase, scan_freq="2412")
hapd.wait_sta()
for i in range(3):
if "OK" not in dev[i].request("KEY_REQUEST 0 0"):
raise Exception("KEY_REQUEST failed")
for i in range(3):
ev = dev[i].wait_event(["WPA: Group rekeying completed"], timeout=2)
if ev is None:
raise Exception("GTK rekey timed out")
time.sleep(1)
for i in range(3):
hwsim_utils.test_connectivity(dev[i], hapd)
@remote_compatible
def test_ap_wpa_gtk_rekey(dev, apdev):
"""WPA-PSK/TKIP AP and GTK rekey enforced by AP"""

5
tests/hwsim/test_ap_vht.py
View File

@ -369,6 +369,7 @@ def test_ap_vht160(dev, apdev):
'ieee80211d': '1',
'ieee80211h': '1'}
hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
bssid = apdev[0]['bssid']
ev = wait_dfs_event(hapd, "DFS-CAC-START", 5)
if "DFS-CAC-START" not in ev:
@ -408,6 +409,10 @@ def test_ap_vht160(dev, apdev):
if "WIDTH=160 MHz" not in sig:
raise Exception("Unexpected SIGNAL_POLL value(2): " + str(sig))
est = dev[0].get_bss(bssid)['est_throughput']
if est != "780001":
raise Exception("Unexpected BSS est_throughput: " + est)
sta = hapd.get_sta(dev[0].own_addr())
if 'supp_op_classes' not in sta or len(sta['supp_op_classes']) < 2:
raise Exception("No Supported Operating Classes information for STA")

59
tests/hwsim/test_dpp.py
View File

@ -15,6 +15,10 @@ import socket
import struct
import subprocess
import time
try:
from socketserver import StreamRequestHandler, TCPServer
except ImportError:
from SocketServer import StreamRequestHandler, TCPServer
import hostapd
import hwsim_utils
@ -5284,6 +5288,61 @@ def run_dpp_controller_relay(dev, apdev, params, chirp=False):
time.sleep(0.5)
wt.close()
class MyTCPServer(TCPServer):
def __init__(self, addr, handler):
self.allow_reuse_address = True
TCPServer.__init__(self, addr, handler)
class DPPControllerServer(StreamRequestHandler):
def handle(self):
data = self.rfile.read()
# Do not reply
def test_dpp_relay_incomplete_connections(dev, apdev):
"""DPP Relay and incomplete connections"""
check_dpp_capab(dev[0], min_ver=2)
check_dpp_capab(dev[1], min_ver=2)
id_c = dev[1].dpp_bootstrap_gen()
uri_c = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c)
res = dev[1].request("DPP_BOOTSTRAP_INFO %d" % id_c)
pkhash = None
for line in res.splitlines():
name, value = line.split('=')
if name == "pkhash":
pkhash = value
break
if not pkhash:
raise Exception("Could not fetch public key hash from Controller")
params = {"ssid": "unconfigured",
"channel": "6",
"dpp_controller": "ipaddr=127.0.0.1 pkhash=" + pkhash}
hapd = hostapd.add_ap(apdev[0], params)
check_dpp_capab(hapd)
server = MyTCPServer(("127.0.0.1", 8908), DPPControllerServer)
server.timeout = 30
hapd.set("ext_mgmt_frame_handling", "1")
dev[0].dpp_auth_init(uri=uri_c, role="enrollee")
msg = hapd.mgmt_rx()
if msg is None:
raise Exception("MGMT RX wait timed out")
dev[0].request("DPP_STOP_LISTEN")
frame = msg['frame']
for i in range(20):
if i == 14:
time.sleep(20)
addr = struct.pack('6B', 0x02, 0, 0, 0, 0, i)
tmp = frame[0:10] + addr + frame[16:]
hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(tmp).decode())
ev = hapd.wait_event(["DPP-FAIL"], timeout=0.1)
if ev:
raise Exception("DPP relay failed [%d]: %s" % (i + 1, ev))
server.server_close()
def test_dpp_tcp(dev, apdev, params):
"""DPP over TCP"""
prefix = "dpp_tcp"

2
tests/hwsim/test_eap_proto.py
View File

@ -983,7 +983,7 @@ def test_eap_proto_sake_server(dev, apdev):
# Unknown session
# --> EAP-SAKE: Session ID mismatch
sess, = struct.unpack('B', binascii.unhexlify(resp[20:22]))
sess = binascii.hexlify(struct.pack('B', sess + 1)).decode()
sess = binascii.hexlify(struct.pack('B', (sess + 1) % 256)).decode()
msg = resp[0:4] + "0008" + resp[8:12] + "0008" + "3002" + sess + "00"
tx_msg(dev[0], hapd, msg)
# Unknown subtype

49
tests/hwsim/test_fils.py
View File

@ -2409,3 +2409,52 @@ def run_fils_offload_to_driver(dev, apdev, params):
raise Exception("DRIVER_EVENT ASSOC did not succeed")
dev.wait_connected()
def test_fils_sk_okc(dev, apdev, params):
"""FILS SK and opportunistic key caching"""
check_fils_capa(dev[0])
check_erp_capa(dev[0])
start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
bssid = apdev[0]['bssid']
params = hostapd.wpa2_eap_params(ssid="fils")
params['wpa_key_mgmt'] = "FILS-SHA256"
params['okc'] = '1'
params['auth_server_port'] = "18128"
params['erp_domain'] = 'example.com'
params['fils_realm'] = 'example.com'
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
dev[0].scan_for_bss(bssid, freq=2412)
dev[0].request("ERP_FLUSH")
id = dev[0].connect("fils", key_mgmt="FILS-SHA256",
eap="PSK", identity="psk.user@example.com",
password_hex="0123456789abcdef0123456789abcdef",
erp="1", okc=True, scan_freq="2412")
pmksa = dev[0].get_pmksa(bssid)
if pmksa is None:
raise Exception("No PMKSA cache entry created")
hapd.wait_sta()
hapd2 = hostapd.add_ap(apdev[1], params)
bssid2 = hapd2.own_addr()
dev[0].scan_for_bss(bssid2, freq=2412)
if "OK" not in dev[0].request("ROAM " + bssid2):
raise Exception("ROAM failed")
ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
"CTRL-EVENT-CONNECTED"], timeout=10)
if ev is None:
raise Exception("Connection using OKC/PMKSA caching timed out")
if "CTRL-EVENT-EAP-STARTED" in ev:
raise Exception("Unexpected EAP exchange")
hapd2.wait_sta()
hwsim_utils.test_connectivity(dev[0], hapd2)
pmksa2 = dev[0].get_pmksa(bssid2)
if pmksa2 is None:
raise Exception("No PMKSA cache entry found")
if 'opportunistic' not in pmksa2 or pmksa2['opportunistic'] != '1':
raise Exception("OKC not indicated in PMKSA entry")
if pmksa['pmkid'] != pmksa2['pmkid']:
raise Exception("Unexpected PMKID change")

6
tests/hwsim/test_hapd_ctrl.py
View File

@ -1002,6 +1002,12 @@ def test_hapd_ctrl_update_beacon(dev, apdev):
if "FAIL" not in hapd.request("UPDATE_BEACON"):
raise Exception("UPDATE_BEACON succeeded unexpectedly")
dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
dev[0].request("DISCONNECT")
if "OK" not in hapd.request("UPDATE_BEACON"):
raise Exception("UPDATE_BEACON failed")
hapd.disable()
if "FAIL" not in hapd.request("UPDATE_BEACON"):
raise Exception("UPDATE_BEACON did not indicate failure when disabled")
def test_hapd_ctrl_test_fail(dev, apdev):
"""hostapd and TEST_ALLOC_FAIL/TEST_FAIL"""

35
tests/hwsim/test_he.py
View File

@ -150,7 +150,7 @@ def test_he80(dev, apdev):
if "WIDTH=80 MHz" not in sig:
raise Exception("Unexpected SIGNAL_POLL value(2): " + str(sig))
est = dev[0].get_bss(bssid)['est_throughput']
if est != "390001":
if est != "600502":
raise Exception("Unexpected BSS est_throughput: " + est)
status = dev[0].get_status()
if status["ieee80211ac"] != "1":
@ -492,6 +492,7 @@ def test_he160(dev, apdev):
'ieee80211d': '1',
'ieee80211h': '1'}
hapd = hostapd.add_ap(apdev[0], params, wait_enabled=False)
bssid = apdev[0]['bssid']
ev = wait_dfs_event(hapd, "DFS-CAC-START", 5)
if "DFS-CAC-START" not in ev:
@ -530,6 +531,9 @@ def test_he160(dev, apdev):
raise Exception("Unexpected SIGNAL_POLL value(1): " + str(sig))
if "WIDTH=160 MHz" not in sig:
raise Exception("Unexpected SIGNAL_POLL value(2): " + str(sig))
est = dev[0].get_bss(bssid)['est_throughput']
if est != "1201002":
raise Exception("Unexpected BSS est_throughput: " + est)
except Exception as e:
if isinstance(e, Exception) and str(e) == "AP startup failed":
if not he_supported():
@ -1186,3 +1190,32 @@ def test_he_6ghz_security(dev, apdev):
hapd.set("group_cipher", "TKIP")
if "FAIL" not in hapd.request("ENABLE"):
raise Exception("Invalid configuration accepted(5)")
def test_he_prefer_he20(dev, apdev):
"""Preference on HE20 over HT20"""
params = {"ssid": "he",
"channel": "1",
"ieee80211ax": "0",
"ieee80211n": "1"}
hapd = hostapd.add_ap(apdev[0], params)
bssid = apdev[0]['bssid']
params = {"ssid": "test",
"channel": "1",
"ieee80211ax": "1",
"ieee80211n": "1"}
hapd2 = hostapd.add_ap(apdev[1], params)
bssid2 = apdev[1]['bssid']
dev[0].scan_for_bss(bssid, freq=2412)
dev[0].scan_for_bss(bssid2, freq=2412)
dev[0].connect("test", key_mgmt="NONE", scan_freq="2412")
if dev[0].get_status_field('bssid') != bssid2:
raise Exception("Unexpected BSS selected")
est = dev[0].get_bss(bssid)['est_throughput']
if est != "65000":
raise Exception("Unexpected BSS0 est_throughput: " + est)
est = dev[0].get_bss(bssid2)['est_throughput']
if est != "143402":
raise Exception("Unexpected BSS1 est_throughput: " + est)

25
tests/hwsim/test_owe.py
View File

@ -926,3 +926,28 @@ def test_owe_transition_mode_disable(dev, apdev):
dev[0].wait_disconnected()
dev[0].request("RECONNECT")
dev[0].wait_connected()
def test_owe_sa_query(dev, apdev):
"""Opportunistic Wireless Encryption - SA Query"""
if "OWE" not in dev[0].get_capability("key_mgmt"):
raise HwsimSkip("OWE not supported")
params = {"ssid": "owe",
"wpa": "2",
"ieee80211w": "2",
"wpa_key_mgmt": "OWE",
"rsn_pairwise": "CCMP"}
hapd = hostapd.add_ap(apdev[0], params)
bssid = hapd.own_addr()
dev[0].scan_for_bss(bssid, freq="2412")
dev[0].connect("owe", key_mgmt="OWE", owe_group="19", ieee80211w="2",
scan_freq="2412")
hapd.wait_sta()
hapd.set("ext_mgmt_frame_handling", "1")
dev[0].request("DISCONNECT")
dev[0].wait_disconnected(timeout=10)
hapd.set("ext_mgmt_frame_handling", "0")
dev[0].request("PMKSA_FLUSH")
dev[0].request("REASSOCIATE")
dev[0].wait_connected(timeout=10, error="Timeout on re-connection")

55
tests/hwsim/test_sae.py
View File

@ -336,6 +336,61 @@ def test_sae_and_psk2(dev, apdev):
dev[0].connect("test-psk", psk="12345678", key_mgmt="SAE WPA-PSK",
scan_freq="2412")
def test_sae_wpa3_roam(dev, apdev):
"""SAE and WPA3-Personal transition mode roaming"""
check_sae_capab(dev[0])
# WPA3-Personal only AP
params = hostapd.wpa2_params(ssid="test", passphrase="12345678")
params['ieee80211w'] = '2'
params['wpa_key_mgmt'] = 'SAE'
hapd0 = hostapd.add_ap(apdev[0], params)
# WPA2-Personal only AP
params = hostapd.wpa2_params(ssid="test", passphrase="12345678")
hapd1 = hostapd.add_ap(apdev[1], params)
dev[0].set("sae_groups", "")
dev[0].connect("test", psk="12345678", key_mgmt="SAE WPA-PSK",
ieee80211w="1", scan_freq="2412")
bssid = dev[0].get_status_field('bssid')
# Disable the current AP to force roam to the other one
if bssid == apdev[0]['bssid']:
hapd0.disable()
else:
hapd1.disable()
dev[0].wait_connected()
# Disable the current AP to force roam to the other (previous) one
if bssid == apdev[0]['bssid']:
hapd0.enable()
hapd1.disable()
else:
hapd1.enable()
hapd0.disable()
dev[0].wait_connected()
# Force roam to an AP in WPA3-Personal transition mode
if bssid == apdev[0]['bssid']:
hapd1.set("ieee80211w", "1")
hapd1.set("sae_require_mfp", "1")
hapd1.set("wpa_key_mgmt", "SAE WPA-PSK")
hapd1.enable()
hapd0.disable()
else:
hapd0.set("ieee80211w", "1")
hapd0.set("sae_require_mfp", "1")
hapd0.set("wpa_key_mgmt", "SAE WPA-PSK")
hapd0.enable()
hapd1.disable()
dev[0].wait_connected()
status = dev[0].get_status()
if status['key_mgmt'] != "SAE":
raise Exception("Did not use SAE with WPA3-Personal transition mode AP")
if status['pmf'] != "1":
raise Exception("Did not use PMF with WPA3-Personal transition mode AP")
def test_sae_mixed_mfp(dev, apdev):
"""Mixed SAE and non-SAE network and MFP required with SAE"""
check_sae_capab(dev[0])

2
wlantest/ccmp.c
View File

@ -35,7 +35,7 @@ static void ccmp_aad_nonce(const struct ieee80211_hdr *hdr, const u8 *data,
if (stype & 0x08) {
const u8 *qc;
qos = 1;
fc &= ~WLAN_FC_ORDER;
fc &= ~WLAN_FC_HTC;
qc = (const u8 *) (hdr + 1);
if (addr4)
qc += ETH_ALEN;

2
wlantest/gcmp.c
View File

@ -33,7 +33,7 @@ static void gcmp_aad_nonce(const struct ieee80211_hdr *hdr, const u8 *data,
if (stype & 0x08) {
const u8 *qc;
qos = 1;
fc &= ~WLAN_FC_ORDER;
fc &= ~WLAN_FC_HTC;
qc = (const u8 *) (hdr + 1);
if (addr4)
qc += ETH_ALEN;

49
wlantest/rx_data.c
View File

@ -150,8 +150,8 @@ static void rx_data_process(struct wlantest *wt, struct wlantest_bss *bss,
}
static u8 * try_ptk(int pairwise_cipher, struct wpa_ptk *ptk,
const struct ieee80211_hdr *hdr,
static u8 * try_ptk(struct wlantest *wt, int pairwise_cipher,
struct wpa_ptk *ptk, const struct ieee80211_hdr *hdr,
const u8 *data, size_t data_len, size_t *decrypted_len)
{
u8 *decrypted;
@ -174,8 +174,15 @@ static u8 * try_ptk(int pairwise_cipher, struct wpa_ptk *ptk,
data, data_len, decrypted_len);
} else if ((pairwise_cipher == WPA_CIPHER_TKIP ||
pairwise_cipher == 0) && tk_len == 32) {
enum michael_mic_result mic_res;
decrypted = tkip_decrypt(ptk->tk, hdr, data, data_len,
decrypted_len);
decrypted_len, &mic_res,
&wt->tkip_frag);
if (decrypted && mic_res == MICHAEL_MIC_INCORRECT)
add_note(wt, MSG_INFO, "Invalid Michael MIC");
else if (decrypted && mic_res == MICHAEL_MIC_NOT_VERIFIED)
add_note(wt, MSG_DEBUG, "Michael MIC not verified");
}
return decrypted;
@ -192,7 +199,7 @@ static u8 * try_all_ptk(struct wlantest *wt, int pairwise_cipher,
wpa_debug_level = MSG_WARNING;
dl_list_for_each(ptk, &wt->ptk, struct wlantest_ptk, list) {
decrypted = try_ptk(pairwise_cipher, &ptk->ptk, hdr,
decrypted = try_ptk(wt, pairwise_cipher, &ptk->ptk, hdr,
data, data_len, decrypted_len);
if (decrypted) {
wpa_debug_level = prev_level;
@ -318,21 +325,28 @@ static void rx_data_bss_prot_group(struct wlantest *wt,
}
skip_replay_det:
if (bss->group_cipher == WPA_CIPHER_TKIP)
if (bss->group_cipher == WPA_CIPHER_TKIP) {
enum michael_mic_result mic_res;
decrypted = tkip_decrypt(bss->gtk[keyid], hdr, data, len,
&dlen);
else if (bss->group_cipher == WPA_CIPHER_WEP40)
&dlen, &mic_res, &wt->tkip_frag);
if (decrypted && mic_res == MICHAEL_MIC_INCORRECT)
add_note(wt, MSG_INFO, "Invalid Michael MIC");
else if (decrypted && mic_res == MICHAEL_MIC_NOT_VERIFIED)
add_note(wt, MSG_DEBUG, "Michael MIC not verified");
} else if (bss->group_cipher == WPA_CIPHER_WEP40) {
decrypted = wep_decrypt(wt, hdr, data, len, &dlen);
else if (bss->group_cipher == WPA_CIPHER_CCMP)
} else if (bss->group_cipher == WPA_CIPHER_CCMP) {
decrypted = ccmp_decrypt(bss->gtk[keyid], hdr, data, len,
&dlen);
else if (bss->group_cipher == WPA_CIPHER_CCMP_256)
} else if (bss->group_cipher == WPA_CIPHER_CCMP_256) {
decrypted = ccmp_256_decrypt(bss->gtk[keyid], hdr, data, len,
&dlen);
else if (bss->group_cipher == WPA_CIPHER_GCMP ||
bss->group_cipher == WPA_CIPHER_GCMP_256)
} else if (bss->group_cipher == WPA_CIPHER_GCMP ||
bss->group_cipher == WPA_CIPHER_GCMP_256) {
decrypted = gcmp_decrypt(bss->gtk[keyid], bss->gtk_len[keyid],
hdr, data, len, &dlen);
}
if (decrypted) {
char gtk[65];
@ -603,7 +617,14 @@ skip_replay_det:
write_decrypted_note(wt, decrypted, tk, 16, keyid);
}
} else if (sta->pairwise_cipher == WPA_CIPHER_TKIP) {
decrypted = tkip_decrypt(sta->ptk.tk, hdr, data, len, &dlen);
enum michael_mic_result mic_res;
decrypted = tkip_decrypt(sta->ptk.tk, hdr, data, len, &dlen,
&mic_res, &wt->tkip_frag);
if (decrypted && mic_res == MICHAEL_MIC_INCORRECT)
add_note(wt, MSG_INFO, "Invalid Michael MIC");
else if (decrypted && mic_res == MICHAEL_MIC_NOT_VERIFIED)
add_note(wt, MSG_DEBUG, "Michael MIC not verified");
write_decrypted_note(wt, decrypted, sta->ptk.tk, 32, keyid);
} else if (sta->pairwise_cipher == WPA_CIPHER_WEP40) {
decrypted = wep_decrypt(wt, hdr, data, len, &dlen);
@ -631,7 +652,7 @@ check_zero_tk:
os_memset(&zero_ptk, 0, sizeof(zero_ptk));
zero_ptk.tk_len = wpa_cipher_key_len(sta->pairwise_cipher);
wpa_debug_level = MSG_ERROR;
decrypted = try_ptk(sta->pairwise_cipher, &zero_ptk, hdr,
decrypted = try_ptk(wt, sta->pairwise_cipher, &zero_ptk, hdr,
data, len, &dlen);
wpa_debug_level = old_debug_level;
if (decrypted) {
@ -847,6 +868,8 @@ void rx_data(struct wlantest *wt, const u8 *data, size_t len)
qos = data + hdrlen;
hdrlen += 2;
}
if ((fc & WLAN_FC_HTC) && (stype & 0x08))
hdrlen += 4; /* HT Control field */
if (len < hdrlen)
return;
wt->rx_data++;

2
wlantest/test_vectors.c
View File

@ -63,7 +63,7 @@ static void test_vector_tkip(void)
wpa_debug_level = MSG_INFO;
plain = tkip_decrypt(tk, (const struct ieee80211_hdr *) enc,
enc + 24, enc_len - 24, &plain_len);
enc + 24, enc_len - 24, &plain_len, NULL, NULL);
wpa_debug_level = MSG_EXCESSIVE;
os_free(enc);

76
wlantest/tkip.c
View File

@ -1,5 +1,5 @@
/*
* Temporal Key Integrity Protocol (CCMP)
* Temporal Key Integrity Protocol (TKIP)
* Copyright (c) 2010, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
@ -290,7 +290,8 @@ static void michael_mic_hdr(const struct ieee80211_hdr *hdr11, u8 *hdr)
u8 * tkip_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr,
const u8 *data, size_t data_len, size_t *decrypted_len)
const u8 *data, size_t data_len, size_t *decrypted_len,
enum michael_mic_result *mic_res, struct tkip_frag *frag)
{
u16 iv16;
u32 iv32;
@ -303,6 +304,11 @@ u8 * tkip_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr,
u8 michael_hdr[16];
u8 mic[8];
u16 fc = le_to_host16(hdr->frame_control);
const u8 *full_payload;
size_t full_payload_len;
u16 sc = le_to_host16(hdr->seq_ctrl);
u16 sn;
u8 fn;
if (data_len < 8 + 4)
return NULL;
@ -335,9 +341,57 @@ u8 * tkip_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr,
}
plain_len -= 4;
/* TODO: MSDU reassembly */
full_payload = plain;
full_payload_len = plain_len;
if (plain_len < 8) {
sn = WLAN_GET_SEQ_SEQ(sc);
fn = WLAN_GET_SEQ_FRAG(sc);
if (frag) {
/* MSDU reassembly for Michael MIC validation */
if (fn == 0 && (fc & WLAN_FC_MOREFRAG)) {
/* Start of a new fragmented MSDU */
wpabuf_free(frag->buf);
frag->buf = NULL;
frag->buf = wpabuf_alloc_copy(plain, plain_len);
os_memcpy(frag->ra, hdr->addr1, ETH_ALEN);
os_memcpy(frag->ta, hdr->addr2, ETH_ALEN);
frag->sn = sn;
frag->fn = 0;
}
if (frag->buf && (fn || (fc & WLAN_FC_MOREFRAG)) &&
sn == frag->sn && fn == frag->fn + 1 &&
os_memcmp(frag->ra, hdr->addr1, ETH_ALEN) == 0 &&
os_memcmp(frag->ta, hdr->addr2, ETH_ALEN) == 0) {
/* Add the next fragment */
if (wpabuf_resize(&frag->buf, plain_len) == 0) {
wpabuf_put_data(frag->buf, plain, plain_len);
frag->fn = fn;
if (!(fc & WLAN_FC_MOREFRAG)) {
full_payload = wpabuf_head(frag->buf);
full_payload_len =
wpabuf_len(frag->buf);
wpa_hexdump(MSG_MSGDUMP,
"TKIP reassembled full payload",
full_payload,
full_payload_len);
}
}
}
}
if ((fc & WLAN_FC_MOREFRAG) || (fn > 0 && full_payload == plain)) {
/* Return the decrypted fragment and do not check the
* Michael MIC value since no reassembled frame is available. */
*decrypted_len = plain_len;
if (mic_res) {
*mic_res = MICHAEL_MIC_NOT_VERIFIED;
return plain;
}
}
if (full_payload_len < 8) {
wpa_printf(MSG_INFO, "TKIP: Not enough room for Michael MIC "
"in a frame from " MACSTR, MAC2STR(hdr->addr2));
os_free(plain);
@ -346,15 +400,23 @@ u8 * tkip_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr,
michael_mic_hdr(hdr, michael_hdr);
mic_key = tk + ((fc & WLAN_FC_FROMDS) ? 16 : 24);
michael_mic(mic_key, michael_hdr, plain, plain_len - 8, mic);
if (os_memcmp(mic, plain + plain_len - 8, 8) != 0) {
michael_mic(mic_key, michael_hdr, full_payload, full_payload_len - 8,
mic);
if (os_memcmp(mic, full_payload + full_payload_len - 8, 8) != 0) {
wpa_printf(MSG_INFO, "TKIP: Michael MIC mismatch in a frame "
"from " MACSTR, MAC2STR(hdr->addr2));
wpa_hexdump(MSG_DEBUG, "TKIP: Calculated MIC", mic, 8);
wpa_hexdump(MSG_DEBUG, "TKIP: Received MIC",
plain + plain_len - 8, 8);
full_payload + full_payload_len - 8, 8);
if (mic_res) {
*decrypted_len = plain_len - 8;
*mic_res = MICHAEL_MIC_INCORRECT;
return plain;
}
os_free(plain);
return NULL;
} else if (mic_res) {
*mic_res = MICHAEL_MIC_OK;
}
*decrypted_len = plain_len - 8;

2
wlantest/wlantest.c
View File

@ -110,6 +110,8 @@ static void wlantest_deinit(struct wlantest *wt)
clear_notes(wt);
os_free(wt->decrypted);
wt->decrypted = NULL;
wpabuf_free(wt->tkip_frag.buf);
wt->tkip_frag.buf = NULL;
}

18
wlantest/wlantest.h
View File

@ -184,6 +184,14 @@ struct wlantest_radius {
#define MAX_CTRL_CONNECTIONS 10
#define MAX_NOTES 10
struct tkip_frag {
struct wpabuf *buf;
u8 ra[ETH_ALEN];
u8 ta[ETH_ALEN];
u16 sn;
u8 fn;
};
struct wlantest {
int monitor_sock;
int monitor_wired;
@ -227,6 +235,8 @@ struct wlantest {
const char *write_file;
const char *pcapng_file;
struct tkip_frag tkip_frag;
};
void add_note(struct wlantest *wt, int level, const char *fmt, ...)
@ -304,8 +314,14 @@ u8 * ccmp_256_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr,
u8 * ccmp_256_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen,
u8 *qos, u8 *pn, int keyid, size_t *encrypted_len);
enum michael_mic_result {
MICHAEL_MIC_OK,
MICHAEL_MIC_INCORRECT,
MICHAEL_MIC_NOT_VERIFIED
};
u8 * tkip_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr,
const u8 *data, size_t data_len, size_t *decrypted_len);
const u8 *data, size_t data_len, size_t *decrypted_len,
enum michael_mic_result *mic_res, struct tkip_frag *frag);
u8 * tkip_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen, u8 *qos,
u8 *pn, int keyid, size_t *encrypted_len);
void tkip_get_pn(u8 *pn, const u8 *data);

43
wpa_supplicant/ctrl_iface.c
View File

@ -39,6 +39,7 @@
#include "driver_i.h"
#include "wps_supplicant.h"
#include "ibss_rsn.h"
#include "wpas_glue.h"
#include "ap.h"
#include "p2p_supplicant.h"
#include "p2p/p2p.h"
@ -9519,6 +9520,45 @@ static int wpas_ctrl_iface_eapol_rx(struct wpa_supplicant *wpa_s, char *cmd)
}
static int wpas_ctrl_iface_eapol_tx(struct wpa_supplicant *wpa_s, char *cmd)
{
char *pos;
u8 dst[ETH_ALEN], *buf;
int used, ret;
size_t len;
unsigned int prev;
wpa_printf(MSG_DEBUG, "External EAPOL TX: %s", cmd);
pos = cmd;
used = hwaddr_aton2(pos, dst);
if (used < 0)
return -1;
pos += used;
while (*pos == ' ')
pos++;
len = os_strlen(pos);
if (len & 1)
return -1;
len /= 2;
buf = os_malloc(len);
if (!buf || hexstr2bin(pos, buf, len) < 0) {
os_free(buf);
return -1;
}
prev = wpa_s->ext_eapol_frame_io;
wpa_s->ext_eapol_frame_io = 0;
ret = wpa_ether_send(wpa_s, dst, ETH_P_EAPOL, buf, len);
wpa_s->ext_eapol_frame_io = prev;
os_free(buf);
return ret;
}
static u16 ipv4_hdr_checksum(const void *buf, size_t len)
{
size_t i;
@ -11514,6 +11554,9 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
} else if (os_strncmp(buf, "EAPOL_RX ", 9) == 0) {
if (wpas_ctrl_iface_eapol_rx(wpa_s, buf + 9) < 0)
reply_len = -1;
} else if (os_strncmp(buf, "EAPOL_TX ", 9) == 0) {
if (wpas_ctrl_iface_eapol_tx(wpa_s, buf + 9) < 0)
reply_len = -1;
} else if (os_strncmp(buf, "DATA_TEST_CONFIG ", 17) == 0) {
if (wpas_ctrl_iface_data_test_config(wpa_s, buf + 17) < 0)
reply_len = -1;

3
wpa_supplicant/dpp_supplicant.c
View File

@ -3546,7 +3546,7 @@ static void wpas_dpp_chirp_scan_res_handler(struct wpa_supplicant *wpa_s,
struct hostapd_hw_modes *mode;
int c;
struct wpa_bss *bss;
bool chan6;
bool chan6 = wpa_s->hw.modes == NULL;
if (!bi && !wpa_s->dpp_reconfig_ssid)
return;
@ -3566,7 +3566,6 @@ static void wpas_dpp_chirp_scan_res_handler(struct wpa_supplicant *wpa_s,
/* Preferred chirping channels */
mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes,
HOSTAPD_MODE_IEEE80211G, false);
chan6 = mode == NULL;
if (mode) {
for (c = 0; c < mode->num_channels; c++) {
struct hostapd_channel_data *chan = &mode->channels[c];

2
wpa_supplicant/events.c
View File

@ -1853,7 +1853,7 @@ wpas_get_est_throughput_from_bss_snr(const struct wpa_supplicant *wpa_s,
const u8 *ies = wpa_bss_ie_ptr(bss);
size_t ie_len = bss->ie_len ? bss->ie_len : bss->beacon_ie_len;
return wpas_get_est_tpt(wpa_s, ies, ie_len, rate, snr);
return wpas_get_est_tpt(wpa_s, ies, ie_len, rate, snr, bss->freq);
}

219
wpa_supplicant/scan.c
View File

@ -2039,14 +2039,22 @@ static int wpa_scan_result_compar(const void *a, const void *b)
snr_b = snr_b_full = wb->level;
}
/* if SNR is close, decide by max rate or frequency band */
if (snr_a && snr_b && abs(snr_b - snr_a) < 7) {
/* If SNR is close, decide by max rate or frequency band. For cases
* involving the 6 GHz band, use the throughput estimate irrespective
* of the SNR difference since the LPI/VLP rules may result in
* significant differences in SNR for cases where the estimated
* throughput can be considerably higher with the lower SNR. */
if (snr_a && snr_b && (abs(snr_b - snr_a) < 7 ||
is_6ghz_freq(wa->freq) ||
is_6ghz_freq(wb->freq))) {
if (wa->est_throughput != wb->est_throughput)
return (int) wb->est_throughput -
(int) wa->est_throughput;
}
if ((snr_a && snr_b && abs(snr_b - snr_a) < 5) ||
(wa->qual && wb->qual && abs(wb->qual - wa->qual) < 10)) {
if (is_6ghz_freq(wa->freq) ^ is_6ghz_freq(wb->freq))
return is_6ghz_freq(wa->freq) ? -1 : 1;
if (IS_5GHZ(wa->freq) ^ IS_5GHZ(wb->freq))
return IS_5GHZ(wa->freq) ? -1 : 1;
}
@ -2207,9 +2215,10 @@ void filter_scan_res(struct wpa_supplicant *wpa_s,
void scan_snr(struct wpa_scan_res *res)
{
if (res->flags & WPA_SCAN_NOISE_INVALID) {
res->noise = IS_5GHZ(res->freq) ?
DEFAULT_NOISE_FLOOR_5GHZ :
DEFAULT_NOISE_FLOOR_2GHZ;
res->noise = is_6ghz_freq(res->freq) ?
DEFAULT_NOISE_FLOOR_6GHZ :
(IS_5GHZ(res->freq) ?
DEFAULT_NOISE_FLOOR_5GHZ : DEFAULT_NOISE_FLOOR_2GHZ);
}
if (res->flags & WPA_SCAN_LEVEL_DBM) {
@ -2276,6 +2285,92 @@ static const struct minsnr_bitrate_entry vht80_table[] = {
};
static const struct minsnr_bitrate_entry vht160_table[] = {
{ 0, 0 },
{ 11, 58500 }, /* VHT160 MCS0 */
{ 14, 117000 }, /* VHT160 MCS1 */
{ 18, 175500 }, /* VHT160 MCS2 */
{ 20, 234000 }, /* VHT160 MCS3 */
{ 24, 351000 }, /* VHT160 MCS4 */
{ 27, 468000 }, /* VHT160 MCS5 */
{ 29, 526500 }, /* VHT160 MCS6 */
{ 34, 585000 }, /* VHT160 MCS7 */
{ 38, 702000 }, /* VHT160 MCS8 */
{ 40, 780000 }, /* VHT160 MCS9 */
{ -1, 780000 } /* SNR > 37 */
};
static const struct minsnr_bitrate_entry he20_table[] = {
{ 0, 0 },
{ 2, 8600 }, /* HE20 MCS0 */
{ 5, 17200 }, /* HE20 MCS1 */
{ 9, 25800 }, /* HE20 MCS2 */
{ 11, 34400 }, /* HE20 MCS3 */
{ 15, 51600 }, /* HE20 MCS4 */
{ 18, 68800 }, /* HE20 MCS5 */
{ 20, 77400 }, /* HE20 MCS6 */
{ 25, 86000 }, /* HE20 MCS7 */
{ 29, 103200 }, /* HE20 MCS8 */
{ 31, 114700 }, /* HE20 MCS9 */
{ 34, 129000 }, /* HE20 MCS10 */
{ 36, 143400 }, /* HE20 MCS11 */
{ -1, 143400 } /* SNR > 29 */
};
static const struct minsnr_bitrate_entry he40_table[] = {
{ 0, 0 },
{ 5, 17200 }, /* HE40 MCS0 */
{ 8, 34400 }, /* HE40 MCS1 */
{ 12, 51600 }, /* HE40 MCS2 */
{ 14, 68800 }, /* HE40 MCS3 */
{ 18, 103200 }, /* HE40 MCS4 */
{ 21, 137600 }, /* HE40 MCS5 */
{ 23, 154900 }, /* HE40 MCS6 */
{ 28, 172100 }, /* HE40 MCS7 */
{ 32, 206500 }, /* HE40 MCS8 */
{ 34, 229400 }, /* HE40 MCS9 */
{ 37, 258100 }, /* HE40 MCS10 */
{ 39, 286800 }, /* HE40 MCS11 */
{ -1, 286800 } /* SNR > 34 */
};
static const struct minsnr_bitrate_entry he80_table[] = {
{ 0, 0 },
{ 8, 36000 }, /* HE80 MCS0 */
{ 11, 72100 }, /* HE80 MCS1 */
{ 15, 108100 }, /* HE80 MCS2 */
{ 17, 144100 }, /* HE80 MCS3 */
{ 21, 216200 }, /* HE80 MCS4 */
{ 24, 288200 }, /* HE80 MCS5 */
{ 26, 324300 }, /* HE80 MCS6 */
{ 31, 360300 }, /* HE80 MCS7 */
{ 35, 432400 }, /* HE80 MCS8 */
{ 37, 480400 }, /* HE80 MCS9 */
{ 40, 540400 }, /* HE80 MCS10 */
{ 42, 600500 }, /* HE80 MCS11 */
{ -1, 600500 } /* SNR > 37 */
};
static const struct minsnr_bitrate_entry he160_table[] = {
{ 0, 0 },
{ 11, 72100 }, /* HE160 MCS0 */
{ 14, 144100 }, /* HE160 MCS1 */
{ 18, 216200 }, /* HE160 MCS2 */
{ 20, 288200 }, /* HE160 MCS3 */
{ 24, 432400 }, /* HE160 MCS4 */
{ 27, 576500 }, /* HE160 MCS5 */
{ 29, 648500 }, /* HE160 MCS6 */
{ 34, 720600 }, /* HE160 MCS7 */
{ 38, 864700 }, /* HE160 MCS8 */
{ 40, 960800 }, /* HE160 MCS9 */
{ 43, 1080900 }, /* HE160 MCS10 */
{ 45, 1201000 }, /* HE160 MCS11 */
{ -1, 1201000 } /* SNR > 37 */
};
static unsigned int interpolate_rate(int snr, int snr0, int snr1,
int rate0, int rate1)
{
@ -2320,11 +2415,34 @@ static unsigned int max_vht80_rate(int snr)
}
static unsigned int max_vht160_rate(int snr)
{
return max_rate(vht160_table, snr, 1);
}
static unsigned int max_he_rate(const struct minsnr_bitrate_entry table[],
int snr)
{
const struct minsnr_bitrate_entry *prev, *entry = table;
while (entry->minsnr != -1 && snr >= entry->minsnr)
entry++;
if (entry == table)
return 0;
prev = entry - 1;
if (entry->minsnr == -1)
return prev->bitrate;
return interpolate_rate(snr, prev->minsnr, entry->minsnr,
prev->bitrate, entry->bitrate);
}
unsigned int wpas_get_est_tpt(const struct wpa_supplicant *wpa_s,
const u8 *ies, size_t ies_len, int rate,
int snr)
int snr, int freq)
{
enum local_hw_capab capab = wpa_s->hw_capab;
struct hostapd_hw_modes *hw_mode;
unsigned int est, tmp;
const u8 *ie;
@ -2369,7 +2487,10 @@ unsigned int wpas_get_est_tpt(const struct wpa_supplicant *wpa_s,
rate = 54 * 2;
est = rate * 500;
if (capab == CAPAB_HT || capab == CAPAB_HT40 || capab == CAPAB_VHT) {
hw_mode = get_mode_with_freq(wpa_s->hw.modes, wpa_s->hw.num_modes,
freq);
if (hw_mode && hw_mode->ht_capab) {
ie = get_ie(ies, ies_len, WLAN_EID_HT_CAP);
if (ie) {
tmp = max_ht20_rate(snr, false);
@ -2378,7 +2499,8 @@ unsigned int wpas_get_est_tpt(const struct wpa_supplicant *wpa_s,
}
}
if (capab == CAPAB_HT40 || capab == CAPAB_VHT) {
if (hw_mode &&
(hw_mode->ht_capab & HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) {
ie = get_ie(ies, ies_len, WLAN_EID_HT_OPERATION);
if (ie && ie[1] >= 2 &&
(ie[3] & HT_INFO_HT_PARAM_SECONDARY_CHNL_OFF_MASK)) {
@ -2388,10 +2510,12 @@ unsigned int wpas_get_est_tpt(const struct wpa_supplicant *wpa_s,
}
}
if (capab == CAPAB_VHT) {
if (hw_mode && hw_mode->vht_capab) {
/* Use +1 to assume VHT is always faster than HT */
ie = get_ie(ies, ies_len, WLAN_EID_VHT_CAP);
if (ie) {
bool vht80 = false, vht160 = false;
tmp = max_ht20_rate(snr, true) + 1;
if (tmp > est)
est = tmp;
@ -2405,13 +2529,82 @@ unsigned int wpas_get_est_tpt(const struct wpa_supplicant *wpa_s,
est = tmp;
}
/* Determine VHT BSS bandwidth based on IEEE Std
* 802.11-2020, Table 11-23 (VHT BSs bandwidth) */
ie = get_ie(ies, ies_len, WLAN_EID_VHT_OPERATION);
if (ie && ie[1] >= 1 &&
(ie[2] & VHT_OPMODE_CHANNEL_WIDTH_MASK)) {
if (ie && ie[1] >= 3) {
u8 cw = ie[2] & VHT_OPMODE_CHANNEL_WIDTH_MASK;
u8 seg0 = ie[3];
u8 seg1 = ie[4];
if (cw)
vht80 = true;
if (cw == 2 ||
(cw == 3 &&
(seg1 > 0 && abs(seg1 - seg0) == 16)))
vht160 = true;
if (cw == 1 &&
((seg1 > 0 && abs(seg1 - seg0) == 8) ||
(seg1 > 0 && abs(seg1 - seg0) == 16)))
vht160 = true;
}
if (vht80) {
tmp = max_vht80_rate(snr) + 1;
if (tmp > est)
est = tmp;
}
if (vht160 &&
(hw_mode->vht_capab &
(VHT_CAP_SUPP_CHAN_WIDTH_160MHZ |
VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ))) {
tmp = max_vht160_rate(snr) + 1;
if (tmp > est)
est = tmp;
}
}
}
if (hw_mode && hw_mode->he_capab[IEEE80211_MODE_INFRA].he_supported) {
/* Use +2 to assume HE is always faster than HT/VHT */
struct ieee80211_he_capabilities *he;
struct he_capabilities *own_he;
u8 cw;
ie = get_ie_ext(ies, ies_len, WLAN_EID_EXT_HE_CAPABILITIES);
if (!ie || (ie[1] < 1 + IEEE80211_HE_CAPAB_MIN_LEN))
return est;
he = (struct ieee80211_he_capabilities *) &ie[3];
own_he = &hw_mode->he_capab[IEEE80211_MODE_INFRA];
tmp = max_he_rate(he20_table, snr) + 2;
if (tmp > est)
est = tmp;
cw = he->he_phy_capab_info[HE_PHYCAP_CHANNEL_WIDTH_SET_IDX] &
own_he->phy_cap[HE_PHYCAP_CHANNEL_WIDTH_SET_IDX];
if (cw &
(IS_2P4GHZ(freq) ? HE_PHYCAP_CHANNEL_WIDTH_SET_40MHZ_IN_2G :
HE_PHYCAP_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G)) {
tmp = max_he_rate(he40_table, snr) + 2;
if (tmp > est)
est = tmp;
}
if (!IS_2P4GHZ(freq) &&
(cw & HE_PHYCAP_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G)) {
tmp = max_he_rate(he80_table, snr) + 2;
if (tmp > est)
est = tmp;
}
if (!IS_2P4GHZ(freq) &&
(cw & (HE_PHYCAP_CHANNEL_WIDTH_SET_160MHZ_IN_5G |
HE_PHYCAP_CHANNEL_WIDTH_SET_80PLUS80MHZ_IN_5G))) {
tmp = max_he_rate(he160_table, snr) + 2;
if (tmp > est)
est = tmp;
}
}
@ -2436,7 +2629,7 @@ void scan_est_throughput(struct wpa_supplicant *wpa_s,
if (!ie_len)
ie_len = res->beacon_ie_len;
res->est_throughput =
wpas_get_est_tpt(wpa_s, ies, ie_len, rate, snr);
wpas_get_est_tpt(wpa_s, ies, ie_len, rate, snr, res->freq);
/* TODO: channel utilization and AP load (e.g., from AP Beacon) */
}

6
wpa_supplicant/scan.h
View File

@ -16,6 +16,7 @@
*/
#define DEFAULT_NOISE_FLOOR_2GHZ (-89)
#define DEFAULT_NOISE_FLOOR_5GHZ (-92)
#define DEFAULT_NOISE_FLOOR_6GHZ (-92)
/*
* Channels with a great SNR can operate at full rate. What is a great SNR?
@ -29,7 +30,8 @@
*/
#define GREAT_SNR 25
#define IS_5GHZ(n) (n > 4000)
#define IS_2P4GHZ(n) (n >= 2412 && n <= 2484)
#define IS_5GHZ(n) (n > 4000 && n < 5895)
int wpa_supplicant_enabled_networks(struct wpa_supplicant *wpa_s);
void wpa_supplicant_req_scan(struct wpa_supplicant *wpa_s, int sec, int usec);
@ -84,7 +86,7 @@ void scan_est_throughput(struct wpa_supplicant *wpa_s,
struct wpa_scan_res *res);
unsigned int wpas_get_est_tpt(const struct wpa_supplicant *wpa_s,
const u8 *ies, size_t ies_len, int rate,
int snr);
int snr, int freq);
void wpa_supplicant_set_default_scan_ies(struct wpa_supplicant *wpa_s);
int wpa_add_scan_freqs_list(struct wpa_supplicant *wpa_s,
enum hostapd_hw_mode band,

42
wpa_supplicant/wpa_supplicant.c
View File

@ -461,16 +461,22 @@ void free_hw_features(struct wpa_supplicant *wpa_s)
}
static void remove_bss_tmp_disallowed_entry(struct wpa_supplicant *wpa_s,
struct wpa_bss_tmp_disallowed *bss)
{
eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout, wpa_s, bss);
dl_list_del(&bss->list);
os_free(bss);
}
void free_bss_tmp_disallowed(struct wpa_supplicant *wpa_s)
{
struct wpa_bss_tmp_disallowed *bss, *prev;
dl_list_for_each_safe(bss, prev, &wpa_s->bss_tmp_disallowed,
struct wpa_bss_tmp_disallowed, list) {
eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout, wpa_s, bss);
dl_list_del(&bss->list);
os_free(bss);
}
struct wpa_bss_tmp_disallowed, list)
remove_bss_tmp_disallowed_entry(wpa_s, bss);
}
@ -4780,6 +4786,8 @@ void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
}
#ifdef CONFIG_TESTING_OPTIONS
wpa_msg_ctrl(wpa_s, MSG_INFO, "EAPOL-RX " MACSTR " %zu",
MAC2STR(src_addr), len);
if (wpa_s->ignore_auth_resp) {
wpa_printf(MSG_INFO, "RX EAPOL - ignore_auth_resp active!");
return;
@ -8111,6 +8119,22 @@ struct hostapd_hw_modes * get_mode(struct hostapd_hw_modes *modes,
}
struct hostapd_hw_modes * get_mode_with_freq(struct hostapd_hw_modes *modes,
u16 num_modes, int freq)
{
int i, j;
for (i = 0; i < num_modes; i++) {
for (j = 0; j < modes[i].num_channels; j++) {
if (freq == modes[i].channels[j].freq)
return &modes[i];
}
}
return NULL;
}
static struct
wpa_bss_tmp_disallowed * wpas_get_disallowed_bss(struct wpa_supplicant *wpa_s,
const u8 *bssid)
@ -8158,8 +8182,7 @@ static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx, void *timeout_ctx)
dl_list_for_each(tmp, &wpa_s->bss_tmp_disallowed,
struct wpa_bss_tmp_disallowed, list) {
if (bss == tmp) {
dl_list_del(&tmp->list);
os_free(tmp);
remove_bss_tmp_disallowed_entry(wpa_s, tmp);
wpa_set_driver_tmp_disallow_list(wpa_s);
break;
}
@ -8212,8 +8235,11 @@ int wpa_is_bss_tmp_disallowed(struct wpa_supplicant *wpa_s,
return 0;
if (disallowed->rssi_threshold != 0 &&
bss->level > disallowed->rssi_threshold)
bss->level > disallowed->rssi_threshold) {
remove_bss_tmp_disallowed_entry(wpa_s, disallowed);
wpa_set_driver_tmp_disallow_list(wpa_s);
return 0;
}
return 1;
}

2
wpa_supplicant/wpa_supplicant_i.h
View File

@ -1701,6 +1701,8 @@ int wpas_sched_scan_plans_set(struct wpa_supplicant *wpa_s, const char *cmd);
struct hostapd_hw_modes * get_mode(struct hostapd_hw_modes *modes,
u16 num_modes, enum hostapd_hw_mode mode,
bool is_6ghz);
struct hostapd_hw_modes * get_mode_with_freq(struct hostapd_hw_modes *modes,
u16 num_modes, int freq);
void wpa_bss_tmp_disallow(struct wpa_supplicant *wpa_s, const u8 *bssid,
unsigned int sec, int rssi_threshold);

4
wpa_supplicant/wpas_glue.c
View File

@ -95,8 +95,8 @@ static u8 * wpa_alloc_eapol(const struct wpa_supplicant *wpa_s, u8 type,
* @len: Frame payload length
* Returns: >=0 on success, <0 on failure
*/
static int wpa_ether_send(struct wpa_supplicant *wpa_s, const u8 *dest,
u16 proto, const u8 *buf, size_t len)
int wpa_ether_send(struct wpa_supplicant *wpa_s, const u8 *dest,
u16 proto, const u8 *buf, size_t len)
{
#ifdef CONFIG_TESTING_OPTIONS
if (wpa_s->ext_eapol_frame_io && proto == ETH_P_EAPOL) {

2
wpa_supplicant/wpas_glue.h
View File

@ -15,6 +15,8 @@ int wpa_supplicant_init_eapol(struct wpa_supplicant *wpa_s);
int wpa_supplicant_init_wpa(struct wpa_supplicant *wpa_s);
void wpa_supplicant_rsn_supp_set_config(struct wpa_supplicant *wpa_s,
struct wpa_ssid *ssid);
int wpa_ether_send(struct wpa_supplicant *wpa_s, const u8 *dest,
u16 proto, const u8 *buf, size_t len);
const char * wpa_supplicant_ctrl_req_to_string(enum wpa_ctrl_req_type field,
const char *default_txt,