/* * hostapd / IEEE 802.11be EHT * Copyright (c) 2021-2022, Qualcomm Innovation Center, Inc. * * This software may be distributed under the terms of the BSD license. * See README for more details. */ #include "utils/includes.h" #include "utils/common.h" #include "crypto/crypto.h" #include "crypto/dh_groups.h" #include "hostapd.h" #include "sta_info.h" #include "ieee802_11.h" static u16 ieee80211_eht_ppet_size(u16 ppe_thres_hdr, const u8 *phy_cap_info) { u8 ru; u16 sz = 0; if ((phy_cap_info[EHT_PHYCAP_PPE_THRESHOLD_PRESENT_IDX] & EHT_PHYCAP_PPE_THRESHOLD_PRESENT) == 0) return 0; ru = (ppe_thres_hdr & EHT_PPE_THRES_RU_INDEX_MASK) >> EHT_PPE_THRES_RU_INDEX_SHIFT; while (ru) { if (ru & 0x1) sz++; ru >>= 1; } sz = sz * (1 + ((ppe_thres_hdr & EHT_PPE_THRES_NSS_MASK) >> EHT_PPE_THRES_NSS_SHIFT)); sz = (sz * 6) + 9; if (sz % 8) sz += 8; sz /= 8; return sz; } static u8 ieee80211_eht_mcs_set_size(enum hostapd_hw_mode mode, u8 opclass, u8 he_oper_chwidth, const u8 *he_phy_cap, const u8 *eht_phy_cap) { u8 sz = EHT_PHYCAP_MCS_NSS_LEN_20MHZ_PLUS; bool band24, band5, band6; u8 he_phy_cap_chwidth = ~HE_PHYCAP_CHANNEL_WIDTH_MASK; switch (he_oper_chwidth) { case CONF_OPER_CHWIDTH_80P80MHZ: he_phy_cap_chwidth |= HE_PHYCAP_CHANNEL_WIDTH_SET_80PLUS80MHZ_IN_5G; /* fall through */ case CONF_OPER_CHWIDTH_160MHZ: he_phy_cap_chwidth |= HE_PHYCAP_CHANNEL_WIDTH_SET_160MHZ_IN_5G; /* fall through */ case CONF_OPER_CHWIDTH_80MHZ: case CONF_OPER_CHWIDTH_USE_HT: he_phy_cap_chwidth |= HE_PHYCAP_CHANNEL_WIDTH_SET_40MHZ_IN_2G | HE_PHYCAP_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G; break; } he_phy_cap_chwidth &= he_phy_cap[HE_PHYCAP_CHANNEL_WIDTH_SET_IDX]; band24 = mode == HOSTAPD_MODE_IEEE80211B || mode == HOSTAPD_MODE_IEEE80211G || mode == NUM_HOSTAPD_MODES; band5 = mode == HOSTAPD_MODE_IEEE80211A || mode == NUM_HOSTAPD_MODES; band6 = is_6ghz_op_class(opclass); if (band24 && (he_phy_cap_chwidth & HE_PHYCAP_CHANNEL_WIDTH_SET_40MHZ_IN_2G) == 0) return EHT_PHYCAP_MCS_NSS_LEN_20MHZ_ONLY; if (band5 && (he_phy_cap_chwidth & (HE_PHYCAP_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G | HE_PHYCAP_CHANNEL_WIDTH_SET_160MHZ_IN_5G | HE_PHYCAP_CHANNEL_WIDTH_SET_80PLUS80MHZ_IN_5G)) == 0) return EHT_PHYCAP_MCS_NSS_LEN_20MHZ_ONLY; if (band5 && (he_phy_cap_chwidth & (HE_PHYCAP_CHANNEL_WIDTH_SET_160MHZ_IN_5G | HE_PHYCAP_CHANNEL_WIDTH_SET_80PLUS80MHZ_IN_5G))) sz += EHT_PHYCAP_MCS_NSS_LEN_20MHZ_PLUS; if (band6 && (eht_phy_cap[EHT_PHYCAP_320MHZ_IN_6GHZ_SUPPORT_IDX] & EHT_PHYCAP_320MHZ_IN_6GHZ_SUPPORT_MASK)) sz += EHT_PHYCAP_MCS_NSS_LEN_20MHZ_PLUS; return sz; } size_t hostapd_eid_eht_capab_len(struct hostapd_data *hapd, enum ieee80211_op_mode opmode) { struct hostapd_hw_modes *mode; struct eht_capabilities *eht_cap; size_t len = 3 + 2 + EHT_PHY_CAPAB_LEN; mode = hapd->iface->current_mode; if (!mode) return 0; eht_cap = &mode->eht_capab[opmode]; if (!eht_cap->eht_supported) return 0; len += ieee80211_eht_mcs_set_size(mode->mode, hapd->iconf->op_class, hapd->iconf->he_oper_chwidth, mode->he_capab[opmode].phy_cap, eht_cap->phy_cap); len += ieee80211_eht_ppet_size(WPA_GET_LE16(&eht_cap->ppet[0]), eht_cap->phy_cap); return len; } u8 * hostapd_eid_eht_capab(struct hostapd_data *hapd, u8 *eid, enum ieee80211_op_mode opmode) { struct hostapd_hw_modes *mode; struct eht_capabilities *eht_cap; struct ieee80211_eht_capabilities *cap; size_t mcs_nss_len, ppe_thresh_len; u8 *pos = eid, *length_pos; mode = hapd->iface->current_mode; if (!mode) return eid; eht_cap = &mode->eht_capab[opmode]; if (!eht_cap->eht_supported) return eid; *pos++ = WLAN_EID_EXTENSION; length_pos = pos++; *pos++ = WLAN_EID_EXT_EHT_CAPABILITIES; cap = (struct ieee80211_eht_capabilities *) pos; os_memset(cap, 0, sizeof(*cap)); cap->mac_cap = host_to_le16(eht_cap->mac_cap); os_memcpy(cap->phy_cap, eht_cap->phy_cap, EHT_PHY_CAPAB_LEN); if (!is_6ghz_op_class(hapd->iconf->op_class)) cap->phy_cap[EHT_PHYCAP_320MHZ_IN_6GHZ_SUPPORT_IDX] &= ~EHT_PHYCAP_320MHZ_IN_6GHZ_SUPPORT_MASK; if (!hapd->iface->conf->eht_phy_capab.su_beamformer) cap->phy_cap[EHT_PHYCAP_SU_BEAMFORMER_IDX] &= ~EHT_PHYCAP_SU_BEAMFORMER; if (!hapd->iface->conf->eht_phy_capab.su_beamformee) cap->phy_cap[EHT_PHYCAP_SU_BEAMFORMEE_IDX] &= ~EHT_PHYCAP_SU_BEAMFORMEE; if (!hapd->iface->conf->eht_phy_capab.mu_beamformer) cap->phy_cap[EHT_PHYCAP_MU_BEAMFORMER_IDX] &= ~EHT_PHYCAP_MU_BEAMFORMER_MASK; pos = cap->optional; mcs_nss_len = ieee80211_eht_mcs_set_size(mode->mode, hapd->iconf->op_class, hapd->iconf->he_oper_chwidth, mode->he_capab[opmode].phy_cap, eht_cap->phy_cap); if (mcs_nss_len) { os_memcpy(pos, eht_cap->mcs, mcs_nss_len); pos += mcs_nss_len; } ppe_thresh_len = ieee80211_eht_ppet_size( WPA_GET_LE16(&eht_cap->ppet[0]), eht_cap->phy_cap); if (ppe_thresh_len) { os_memcpy(pos, eht_cap->ppet, ppe_thresh_len); pos += ppe_thresh_len; } *length_pos = pos - (eid + 2); return pos; } u8 * hostapd_eid_eht_operation(struct hostapd_data *hapd, u8 *eid) { struct hostapd_config *conf = hapd->iconf; struct ieee80211_eht_operation *oper; u8 *pos = eid, seg0 = 0, seg1 = 0; enum oper_chan_width chwidth; size_t elen = 1 + 4 + 3; if (!hapd->iface->current_mode) return eid; if (hapd->iconf->punct_bitmap) elen += EHT_OPER_DISABLED_SUBCHAN_BITMAP_SIZE; *pos++ = WLAN_EID_EXTENSION; *pos++ = 1 + elen; *pos++ = WLAN_EID_EXT_EHT_OPERATION; oper = (struct ieee80211_eht_operation *) pos; oper->oper_params = EHT_OPER_INFO_PRESENT; /* TODO: Fill in appropriate EHT-MCS max Nss information */ oper->basic_eht_mcs_nss_set[0] = 0x11; oper->basic_eht_mcs_nss_set[1] = 0x00; oper->basic_eht_mcs_nss_set[2] = 0x00; oper->basic_eht_mcs_nss_set[3] = 0x00; if (is_6ghz_op_class(conf->op_class)) chwidth = op_class_to_ch_width(conf->op_class); else chwidth = conf->eht_oper_chwidth; seg0 = hostapd_get_oper_centr_freq_seg0_idx(conf); switch (chwidth) { case CONF_OPER_CHWIDTH_320MHZ: oper->oper_info.control |= EHT_OPER_CHANNEL_WIDTH_320MHZ; seg1 = seg0; if (hapd->iconf->channel < seg0) seg0 -= 16; else seg0 += 16; break; case CONF_OPER_CHWIDTH_160MHZ: oper->oper_info.control |= EHT_OPER_CHANNEL_WIDTH_160MHZ; seg1 = seg0; if (hapd->iconf->channel < seg0) seg0 -= 8; else seg0 += 8; break; case CONF_OPER_CHWIDTH_80MHZ: oper->oper_info.control |= EHT_OPER_CHANNEL_WIDTH_80MHZ; break; case CONF_OPER_CHWIDTH_USE_HT: if (seg0) oper->oper_info.control |= EHT_OPER_CHANNEL_WIDTH_40MHZ; break; default: return eid; } oper->oper_info.ccfs0 = seg0 ? seg0 : hapd->iconf->channel; oper->oper_info.ccfs1 = seg1; if (hapd->iconf->punct_bitmap) { oper->oper_params |= EHT_OPER_DISABLED_SUBCHAN_BITMAP_PRESENT; oper->oper_info.disabled_chan_bitmap = host_to_le16(hapd->iconf->punct_bitmap); } return pos + elen; } static bool check_valid_eht_mcs_nss(struct hostapd_data *hapd, const u8 *ap_mcs, const u8 *sta_mcs, u8 mcs_count, u8 map_len) { unsigned int i, j; for (i = 0; i < mcs_count; i++) { ap_mcs += i * 3; sta_mcs += i * 3; for (j = 0; j < map_len; j++) { if (((ap_mcs[j] >> 4) & 0xFF) == 0) continue; if ((sta_mcs[j] & 0xFF) == 0) continue; return true; } } wpa_printf(MSG_DEBUG, "No matching EHT MCS found between AP TX and STA RX"); return false; } static bool check_valid_eht_mcs(struct hostapd_data *hapd, const u8 *sta_eht_capab, enum ieee80211_op_mode opmode) { struct hostapd_hw_modes *mode; const struct ieee80211_eht_capabilities *capab; const u8 *ap_mcs, *sta_mcs; u8 mcs_count = 1; mode = hapd->iface->current_mode; if (!mode) return true; ap_mcs = mode->eht_capab[opmode].mcs; capab = (const struct ieee80211_eht_capabilities *) sta_eht_capab; sta_mcs = capab->optional; if (ieee80211_eht_mcs_set_size(mode->mode, hapd->iconf->op_class, hapd->iconf->he_oper_chwidth, mode->he_capab[opmode].phy_cap, mode->eht_capab[opmode].phy_cap) == EHT_PHYCAP_MCS_NSS_LEN_20MHZ_ONLY) return check_valid_eht_mcs_nss( hapd, ap_mcs, sta_mcs, 1, EHT_PHYCAP_MCS_NSS_LEN_20MHZ_ONLY); switch (hapd->iface->conf->eht_oper_chwidth) { case CONF_OPER_CHWIDTH_320MHZ: mcs_count++; /* fall through */ case CONF_OPER_CHWIDTH_80P80MHZ: case CONF_OPER_CHWIDTH_160MHZ: mcs_count++; break; default: break; } return check_valid_eht_mcs_nss(hapd, ap_mcs, sta_mcs, mcs_count, EHT_PHYCAP_MCS_NSS_LEN_20MHZ_PLUS); } static bool ieee80211_invalid_eht_cap_size(enum hostapd_hw_mode mode, u8 opclass, u8 he_oper_chwidth, const u8 *he_cap, const u8 *eht_cap, size_t len) { const struct ieee80211_he_capabilities *he_capab; struct ieee80211_eht_capabilities *cap; const u8 *he_phy_cap; size_t cap_len; u16 ppe_thres_hdr; he_capab = (const struct ieee80211_he_capabilities *) he_cap; he_phy_cap = he_capab->he_phy_capab_info; cap = (struct ieee80211_eht_capabilities *) eht_cap; cap_len = sizeof(*cap) - sizeof(cap->optional); if (len < cap_len) return true; cap_len += ieee80211_eht_mcs_set_size(mode, opclass, he_oper_chwidth, he_phy_cap, cap->phy_cap); if (len < cap_len) return true; ppe_thres_hdr = len > cap_len + 1 ? WPA_GET_LE16(&eht_cap[cap_len]) : 0x01ff; cap_len += ieee80211_eht_ppet_size(ppe_thres_hdr, cap->phy_cap); return len < cap_len; } u16 copy_sta_eht_capab(struct hostapd_data *hapd, struct sta_info *sta, enum ieee80211_op_mode opmode, const u8 *he_capab, size_t he_capab_len, const u8 *eht_capab, size_t eht_capab_len) { struct hostapd_hw_modes *c_mode = hapd->iface->current_mode; enum hostapd_hw_mode mode = c_mode ? c_mode->mode : NUM_HOSTAPD_MODES; if (!hapd->iconf->ieee80211be || hapd->conf->disable_11be || !he_capab || he_capab_len < IEEE80211_HE_CAPAB_MIN_LEN || !eht_capab || ieee80211_invalid_eht_cap_size(mode, hapd->iconf->op_class, hapd->iconf->he_oper_chwidth, he_capab, eht_capab, eht_capab_len) || !check_valid_eht_mcs(hapd, eht_capab, opmode)) { sta->flags &= ~WLAN_STA_EHT; os_free(sta->eht_capab); sta->eht_capab = NULL; return WLAN_STATUS_SUCCESS; } os_free(sta->eht_capab); sta->eht_capab = os_memdup(eht_capab, eht_capab_len); if (!sta->eht_capab) { sta->eht_capab_len = 0; return WLAN_STATUS_UNSPECIFIED_FAILURE; } sta->flags |= WLAN_STA_EHT; sta->eht_capab_len = eht_capab_len; return WLAN_STATUS_SUCCESS; } void hostapd_get_eht_capab(struct hostapd_data *hapd, const struct ieee80211_eht_capabilities *src, struct ieee80211_eht_capabilities *dest, size_t len) { if (!src || !dest) return; if (len > sizeof(*dest)) len = sizeof(*dest); /* TODO: mask out unsupported features */ os_memset(dest, 0, sizeof(*dest)); os_memcpy(dest, src, len); } u8 * hostapd_eid_eht_basic_ml(struct hostapd_data *hapd, u8 *eid, struct sta_info *info, bool include_mld_id) { struct wpabuf *buf; u16 control; u8 *pos = eid; const u8 *ptr; size_t len, slice_len; u8 link_id; u8 common_info_len; /* * As the Multi-Link element can exceed the size of 255 bytes need to * first build it and then handle fragmentation. */ buf = wpabuf_alloc(1024); if (!buf) return pos; /* Multi-Link Control field */ control = MULTI_LINK_CONTROL_TYPE_BASIC | BASIC_MULTI_LINK_CTRL_PRES_LINK_ID | BASIC_MULTI_LINK_CTRL_PRES_BSS_PARAM_CH_COUNT | BASIC_MULTI_LINK_CTRL_PRES_EML_CAPA | BASIC_MULTI_LINK_CTRL_PRES_MLD_CAPA; /* * Set the basic Multi-Link common information. Hard code the common * info length to 13 based on the length of the present fields: * Length (1) + MLD address (6) + Link ID (1) + * BSS Parameters Change Count (1) + EML Capabilities (2) + * MLD Capabilities and Operations (2) */ common_info_len = 13; if (include_mld_id) { /* AP MLD ID */ control |= BASIC_MULTI_LINK_CTRL_PRES_AP_MLD_ID; common_info_len++; } wpabuf_put_le16(buf, control); wpabuf_put_u8(buf, common_info_len); /* Own MLD MAC Address */ wpabuf_put_data(buf, hapd->mld_addr, ETH_ALEN); /* Own Link ID */ wpabuf_put_u8(buf, hapd->mld_link_id); /* Currently hard code the BSS Parameters Change Count to 0x1 */ wpabuf_put_u8(buf, 0x1); wpa_printf(MSG_DEBUG, "MLD: EML Capabilities=0x%x", hapd->iface->mld_eml_capa); wpabuf_put_le16(buf, hapd->iface->mld_eml_capa); wpa_printf(MSG_DEBUG, "MLD: MLD Capabilities and Operations=0x%x", hapd->iface->mld_mld_capa); wpabuf_put_le16(buf, hapd->iface->mld_mld_capa); if (include_mld_id) { wpa_printf(MSG_DEBUG, "MLD: AP MLD ID=0x%x", hapd->conf->mld_id); wpabuf_put_u8(buf, hapd->conf->mld_id); } if (!info) goto out; /* Add link info for the other links */ for (link_id = 0; link_id < MAX_NUM_MLD_LINKS; link_id++) { struct mld_link_info *link = &info->mld_info.links[link_id]; struct hostapd_data *link_bss; /* * control (2) + station info length (1) + MAC address (6) + * beacon interval (2) + TSF offset (8) + DTIM info (2) + BSS * parameters change counter (1) + station profile length. */ const size_t fixed_len = 22; size_t total_len = fixed_len + link->resp_sta_profile_len; /* Skip the local one */ if (link_id == hapd->mld_link_id || !link->valid) continue; link_bss = hostapd_mld_get_link_bss(hapd, link_id); if (!link_bss) { wpa_printf(MSG_ERROR, "MLD: Couldn't find link BSS - skip it"); continue; } /* Per-STA Profile subelement */ wpabuf_put_u8(buf, EHT_ML_SUB_ELEM_PER_STA_PROFILE); if (total_len <= 255) wpabuf_put_u8(buf, total_len); else wpabuf_put_u8(buf, 255); /* STA Control */ control = (link_id & 0xf) | EHT_PER_STA_CTRL_MAC_ADDR_PRESENT_MSK | EHT_PER_STA_CTRL_COMPLETE_PROFILE_MSK | EHT_PER_STA_CTRL_TSF_OFFSET_PRESENT_MSK | EHT_PER_STA_CTRL_BEACON_INTERVAL_PRESENT_MSK | EHT_PER_STA_CTRL_DTIM_INFO_PRESENT_MSK | EHT_PER_STA_CTRL_BSS_PARAM_CNT_PRESENT_MSK; wpabuf_put_le16(buf, control); /* STA Info */ /* STA Info Length */ wpabuf_put_u8(buf, fixed_len - 2); wpabuf_put_data(buf, link->local_addr, ETH_ALEN); wpabuf_put_le16(buf, link_bss->iconf->beacon_int); /* TSF Offset */ /* * TODO: Currently setting TSF offset to zero. However, this * information needs to come from the driver. */ wpabuf_put_le64(buf, 0); /* DTIM Info */ wpabuf_put_le16(buf, link_bss->conf->dtim_period); /* BSS Parameters Change Count */ /* TODO: Currently hard code the BSS Parameters Change Count to * 0x1 */ wpabuf_put_u8(buf, 0x1); /* Fragment the sub element if needed */ if (total_len <= 255) { wpabuf_put_data(buf, link->resp_sta_profile, link->resp_sta_profile_len); } else { ptr = link->resp_sta_profile; len = link->resp_sta_profile_len; slice_len = 255 - fixed_len; wpabuf_put_data(buf, ptr, slice_len); len -= slice_len; ptr += slice_len; while (len) { if (len <= 255) slice_len = len; else slice_len = 255; wpabuf_put_u8(buf, EHT_ML_SUB_ELEM_FRAGMENT); wpabuf_put_u8(buf, slice_len); wpabuf_put_data(buf, ptr, slice_len); len -= slice_len; ptr += slice_len; } } } out: /* Fragment the Multi-Link element, if needed */ len = wpabuf_len(buf); ptr = wpabuf_head(buf); if (len <= 254) slice_len = len; else slice_len = 254; *pos++ = WLAN_EID_EXTENSION; *pos++ = slice_len + 1; *pos++ = WLAN_EID_EXT_MULTI_LINK; os_memcpy(pos, ptr, slice_len); ptr += slice_len; pos += slice_len; len -= slice_len; while (len) { if (len <= 255) slice_len = len; else slice_len = 255; *pos++ = WLAN_EID_FRAGMENT; *pos++ = slice_len; os_memcpy(pos, ptr, slice_len); ptr += slice_len; pos += slice_len; len -= slice_len; } wpabuf_free(buf); return pos; } struct wpabuf * hostapd_ml_auth_resp(struct hostapd_data *hapd) { struct wpabuf *buf = wpabuf_alloc(12); if (!buf) return NULL; wpabuf_put_u8(buf, WLAN_EID_EXTENSION); wpabuf_put_u8(buf, 10); wpabuf_put_u8(buf, WLAN_EID_EXT_MULTI_LINK); wpabuf_put_le16(buf, MULTI_LINK_CONTROL_TYPE_BASIC); wpabuf_put_u8(buf, ETH_ALEN + 1); wpabuf_put_data(buf, hapd->mld_addr, ETH_ALEN); return buf; } #ifdef CONFIG_SAE static const u8 * sae_commit_skip_fixed_fields(const struct ieee80211_mgmt *mgmt, size_t len, const u8 *pos, u16 status_code) { u16 group; size_t prime_len; struct crypto_ec *ec; if (status_code != WLAN_STATUS_SAE_HASH_TO_ELEMENT) return pos; /* SAE H2E commit message (group, scalar, FFE) */ if (len < 2) { wpa_printf(MSG_DEBUG, "EHT: SAE Group is not present"); return NULL; } group = WPA_GET_LE16(pos); pos += 2; /* TODO: How to parse when the group is unknown? */ ec = crypto_ec_init(group); if (!ec) { const struct dh_group *dh = dh_groups_get(group); if (!dh) { wpa_printf(MSG_DEBUG, "EHT: Unknown SAE group %u", group); return NULL; } prime_len = dh->prime_len; } else { prime_len = crypto_ec_prime_len(ec); } wpa_printf(MSG_DEBUG, "EHT: SAE scalar length is %zu", prime_len); /* scalar */ pos += prime_len; if (ec) { pos += prime_len * 2; crypto_ec_deinit(ec); } else { pos += prime_len; } if (pos - mgmt->u.auth.variable > (int) len) { wpa_printf(MSG_DEBUG, "EHT: Too short SAE commit Authentication frame"); return NULL; } wpa_hexdump(MSG_DEBUG, "EHT: SAE: Authentication frame elements", pos, (int) len - (pos - mgmt->u.auth.variable)); return pos; } static const u8 * sae_confirm_skip_fixed_fields(struct hostapd_data *hapd, const struct ieee80211_mgmt *mgmt, size_t len, const u8 *pos, u16 status_code) { struct sta_info *sta; if (status_code == WLAN_STATUS_REJECTED_WITH_SUGGESTED_BSS_TRANSITION) return pos; /* send confirm integer */ pos += 2; /* * At this stage we should already have an MLD station and actually SA * will be replaced with the MLD MAC address by the driver. */ sta = ap_get_sta(hapd, mgmt->sa); if (!sta) { wpa_printf(MSG_DEBUG, "SAE: No MLD STA for SAE confirm"); return NULL; } if (!sta->sae || sta->sae->state < SAE_COMMITTED || !sta->sae->tmp) { if (sta->sae) wpa_printf(MSG_DEBUG, "SAE: Invalid state=%u", sta->sae->state); else wpa_printf(MSG_DEBUG, "SAE: No SAE context"); return NULL; } wpa_printf(MSG_DEBUG, "SAE: confirm: kck_len=%zu", sta->sae->tmp->kck_len); pos += sta->sae->tmp->kck_len; if (pos - mgmt->u.auth.variable > (int) len) { wpa_printf(MSG_DEBUG, "EHT: Too short SAE confirm Authentication frame"); return NULL; } return pos; } #endif /* CONFIG_SAE */ static const u8 * auth_skip_fixed_fields(struct hostapd_data *hapd, const struct ieee80211_mgmt *mgmt, size_t len) { u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); #ifdef CONFIG_SAE u16 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction); u16 status_code = le_to_host16(mgmt->u.auth.status_code); #endif /* CONFIG_SAE */ const u8 *pos = mgmt->u.auth.variable; /* Skip fixed fields as based on IEE P802.11-REVme/D3.0, Table 9-69 * (Presence of fields and elements in Authentications frames) */ switch (auth_alg) { case WLAN_AUTH_OPEN: return pos; #ifdef CONFIG_SAE case WLAN_AUTH_SAE: if (auth_transaction == 1) { if (status_code == WLAN_STATUS_SUCCESS) { wpa_printf(MSG_DEBUG, "EHT: SAE H2E is mandatory for MLD"); goto out; } return sae_commit_skip_fixed_fields(mgmt, len, pos, status_code); } else if (auth_transaction == 2) { return sae_confirm_skip_fixed_fields(hapd, mgmt, len, pos, status_code); } return pos; #endif /* CONFIG_SAE */ /* TODO: Support additional algorithms that can be used for MLO */ case WLAN_AUTH_FT: case WLAN_AUTH_FILS_SK: case WLAN_AUTH_FILS_SK_PFS: case WLAN_AUTH_FILS_PK: case WLAN_AUTH_PASN: default: break; } #ifdef CONFIG_SAE out: #endif /* CONFIG_SAE */ wpa_printf(MSG_DEBUG, "TODO: Authentication algorithm %u not supported with MLD", auth_alg); return NULL; } const u8 * hostapd_process_ml_auth(struct hostapd_data *hapd, const struct ieee80211_mgmt *mgmt, size_t len) { struct ieee802_11_elems elems; const u8 *pos; if (!hapd->conf->mld_ap) return NULL; len -= offsetof(struct ieee80211_mgmt, u.auth.variable); pos = auth_skip_fixed_fields(hapd, mgmt, len); if (!pos) return NULL; if (ieee802_11_parse_elems(pos, (int)len - (pos - mgmt->u.auth.variable), &elems, 0) == ParseFailed) { wpa_printf(MSG_DEBUG, "MLD: Failed parsing Authentication frame"); } if (!elems.basic_mle || !elems.basic_mle_len) return NULL; return get_basic_mle_mld_addr(elems.basic_mle, elems.basic_mle_len); } static int hostapd_mld_validate_assoc_info(struct hostapd_data *hapd, struct mld_info *info) { u8 i, link_id; if (!info->mld_sta) { wpa_printf(MSG_DEBUG, "MLD: Not a non-AP MLD"); return 0; } /* * Iterate over the links negotiated in the (Re)Association Request * frame and validate that they are indeed valid links in the local AP * MLD. * * While at it, also update the local address for the links in the * mld_info, so it could be easily available for later flows, e.g., for * the RSN Authenticator, etc. */ for (link_id = 0; link_id < MAX_NUM_MLD_LINKS; link_id++) { struct hostapd_data *other_hapd; if (!info->links[link_id].valid) continue; for (i = 0; i < hapd->iface->interfaces->count; i++) { other_hapd = hapd->iface->interfaces->iface[i]->bss[0]; if (hapd == other_hapd) continue; if (other_hapd->conf->mld_ap && other_hapd->conf->mld_id == hapd->conf->mld_id && link_id == other_hapd->mld_link_id) break; } if (i == hapd->iface->interfaces->count && link_id != hapd->mld_link_id) { wpa_printf(MSG_DEBUG, "MLD: Invalid link ID=%u", link_id); return -1; } if (i < hapd->iface->interfaces->count) os_memcpy(info->links[link_id].local_addr, other_hapd->own_addr, ETH_ALEN); } return 0; } u16 hostapd_process_ml_assoc_req(struct hostapd_data *hapd, struct ieee802_11_elems *elems, struct sta_info *sta) { struct wpabuf *mlbuf; const struct ieee80211_eht_ml *ml; const struct eht_ml_basic_common_info *common_info; size_t ml_len, common_info_len; struct mld_link_info *link_info; struct mld_info *info = &sta->mld_info; const u8 *pos; int ret = -1; u16 ml_control; mlbuf = ieee802_11_defrag_mle(elems, MULTI_LINK_CONTROL_TYPE_BASIC); if (!mlbuf) return WLAN_STATUS_SUCCESS; ml = wpabuf_head(mlbuf); ml_len = wpabuf_len(mlbuf); ml_control = le_to_host16(ml->ml_control); if ((ml_control & MULTI_LINK_CONTROL_TYPE_MASK) != MULTI_LINK_CONTROL_TYPE_BASIC) { wpa_printf(MSG_DEBUG, "MLD: Invalid ML type=%u", ml_control & MULTI_LINK_CONTROL_TYPE_MASK); goto out; } /* Common Info length and MLD MAC address must always be present */ common_info_len = 1 + ETH_ALEN; if (ml_control & BASIC_MULTI_LINK_CTRL_PRES_LINK_ID) { wpa_printf(MSG_DEBUG, "MLD: Link ID info not expected"); goto out; } if (ml_control & BASIC_MULTI_LINK_CTRL_PRES_BSS_PARAM_CH_COUNT) { wpa_printf(MSG_DEBUG, "MLD: BSS params change not expected"); goto out; } if (ml_control & BASIC_MULTI_LINK_CTRL_PRES_MSD_INFO) { wpa_printf(MSG_DEBUG, "MLD: Sync delay not expected"); goto out; } if (ml_control & BASIC_MULTI_LINK_CTRL_PRES_EML_CAPA) { common_info_len += 2; } else { wpa_printf(MSG_DEBUG, "MLD: EML capabilities not present"); } if (ml_control & BASIC_MULTI_LINK_CTRL_PRES_MLD_CAPA) { common_info_len += 2; } else { wpa_printf(MSG_DEBUG, "MLD: MLD capabilities not present"); goto out; } wpa_printf(MSG_DEBUG, "MLD: expected_common_info_len=%zu", common_info_len); if (sizeof(*ml) + common_info_len > ml_len) { wpa_printf(MSG_DEBUG, "MLD: Not enough bytes for common info"); goto out; } common_info = (const struct eht_ml_basic_common_info *) ml->variable; /* Common information length includes the length octet */ if (common_info->len != common_info_len) { wpa_printf(MSG_DEBUG, "MLD: Invalid common info len=%u (expected %zu)", common_info->len, common_info_len); goto out; } pos = common_info->variable; if (ml_control & BASIC_MULTI_LINK_CTRL_PRES_EML_CAPA) { info->common_info.eml_capa = WPA_GET_LE16(pos); pos += 2; } else { info->common_info.eml_capa = 0; } info->common_info.mld_capa = WPA_GET_LE16(pos); pos += 2; wpa_printf(MSG_DEBUG, "MLD: addr=" MACSTR ", eml=0x%x, mld=0x%x", MAC2STR(info->common_info.mld_addr), info->common_info.eml_capa, info->common_info.mld_capa); /* Check the MLD MAC Address */ if (os_memcmp(info->common_info.mld_addr, common_info->mld_addr, ETH_ALEN) != 0) { wpa_printf(MSG_DEBUG, "MLD: MLD address mismatch between authentication (" MACSTR ") and association (" MACSTR ")", MAC2STR(info->common_info.mld_addr), MAC2STR(common_info->mld_addr)); goto out; } info->links[hapd->mld_link_id].valid = true; /* Parse the link info field */ ml_len -= sizeof(*ml) + common_info_len; while (ml_len > 2) { size_t sub_elem_len = *(pos + 1); size_t sta_info_len; u16 control; wpa_printf(MSG_DEBUG, "MLD: sub element len=%zu", sub_elem_len); if (2 + sub_elem_len > ml_len) { wpa_printf(MSG_DEBUG, "MLD: Invalid link info len: %zu %zu", 2 + sub_elem_len, ml_len); goto out; } if (*pos == MULTI_LINK_SUB_ELEM_ID_VENDOR) { wpa_printf(MSG_DEBUG, "MLD: Skip vendor specific subelement"); pos += 2 + sub_elem_len; ml_len -= 2 + sub_elem_len; continue; } if (*pos != MULTI_LINK_SUB_ELEM_ID_PER_STA_PROFILE) { wpa_printf(MSG_DEBUG, "MLD: Unexpected Multi-Link element subelement ID=%u", *pos); goto out; } /* Skip the subelement ID and the length */ pos += 2; ml_len -= 2; /* Get the station control field */ if (sub_elem_len < 2) { wpa_printf(MSG_DEBUG, "MLD: Too short Per-STA Profile subelement"); goto out; } control = WPA_GET_LE16(pos); link_info = &info->links[control & EHT_PER_STA_CTRL_LINK_ID_MSK]; pos += 2; ml_len -= 2; sub_elem_len -= 2; if (!(control & EHT_PER_STA_CTRL_COMPLETE_PROFILE_MSK)) { wpa_printf(MSG_DEBUG, "MLD: Per-STA complete profile expected"); goto out; } if (!(control & EHT_PER_STA_CTRL_MAC_ADDR_PRESENT_MSK)) { wpa_printf(MSG_DEBUG, "MLD: Per-STA MAC address not present"); goto out; } if ((control & (EHT_PER_STA_CTRL_BEACON_INTERVAL_PRESENT_MSK | EHT_PER_STA_CTRL_DTIM_INFO_PRESENT_MSK))) { wpa_printf(MSG_DEBUG, "MLD: Beacon/DTIM interval not expected"); goto out; } /* The length octet and the MAC address must be present */ sta_info_len = 1 + ETH_ALEN; if (control & EHT_PER_STA_CTRL_NSTR_LINK_PAIR_PRESENT_MSK) { if (control & EHT_PER_STA_CTRL_NSTR_BM_SIZE_MSK) link_info->nstr_bitmap_len = 2; else link_info->nstr_bitmap_len = 1; } sta_info_len += link_info->nstr_bitmap_len; if (sta_info_len > ml_len || sta_info_len != *pos || sta_info_len > sub_elem_len) { wpa_printf(MSG_DEBUG, "MLD: Invalid STA Info length"); goto out; } /* skip the length */ pos++; ml_len--; /* get the link address */ os_memcpy(link_info->peer_addr, pos, ETH_ALEN); wpa_printf(MSG_DEBUG, "MLD: assoc: link id=%u, addr=" MACSTR, control & EHT_PER_STA_CTRL_LINK_ID_MSK, MAC2STR(link_info->peer_addr)); pos += ETH_ALEN; ml_len -= ETH_ALEN; /* Get the NSTR bitmap */ if (link_info->nstr_bitmap_len) { os_memcpy(link_info->nstr_bitmap, pos, link_info->nstr_bitmap_len); pos += link_info->nstr_bitmap_len; ml_len -= link_info->nstr_bitmap_len; } sub_elem_len -= sta_info_len; wpa_printf(MSG_DEBUG, "MLD: STA Profile len=%zu", sub_elem_len); if (sub_elem_len > ml_len) goto out; if (sub_elem_len > 2) link_info->capability = WPA_GET_LE16(pos); pos += sub_elem_len; ml_len -= sub_elem_len; wpa_printf(MSG_DEBUG, "MLD: link ctrl=0x%x, " MACSTR ", nstr bitmap len=%zu", control, MAC2STR(link_info->peer_addr), link_info->nstr_bitmap_len); link_info->valid = true; } if (ml_len) { wpa_printf(MSG_DEBUG, "MLD: %zu bytes left after parsing. fail", ml_len); goto out; } ret = hostapd_mld_validate_assoc_info(hapd, info); out: wpabuf_free(mlbuf); if (ret) { os_memset(info, 0, sizeof(*info)); return WLAN_STATUS_UNSPECIFIED_FAILURE; } return WLAN_STATUS_SUCCESS; }