| /* |
| * hostapd / IEEE 802.11be EHT |
| * Copyright (c) 2021-2022, Qualcomm Innovation Center, Inc. |
| * |
| * This software may be distributed under the terms of the BSD license. |
| * See README for more details. |
| */ |
| |
| #include "utils/includes.h" |
| #include "utils/common.h" |
| #include "crypto/crypto.h" |
| #include "crypto/dh_groups.h" |
| #include "hostapd.h" |
| #include "sta_info.h" |
| #include "ieee802_11.h" |
| |
| |
| static u16 ieee80211_eht_ppet_size(u16 ppe_thres_hdr, const u8 *phy_cap_info) |
| { |
| u8 ru; |
| u16 sz = 0; |
| |
| if ((phy_cap_info[EHT_PHYCAP_PPE_THRESHOLD_PRESENT_IDX] & |
| EHT_PHYCAP_PPE_THRESHOLD_PRESENT) == 0) |
| return 0; |
| |
| ru = (ppe_thres_hdr & |
| EHT_PPE_THRES_RU_INDEX_MASK) >> EHT_PPE_THRES_RU_INDEX_SHIFT; |
| while (ru) { |
| if (ru & 0x1) |
| sz++; |
| ru >>= 1; |
| } |
| |
| sz = sz * (1 + ((ppe_thres_hdr & EHT_PPE_THRES_NSS_MASK) >> |
| EHT_PPE_THRES_NSS_SHIFT)); |
| sz = (sz * 6) + 9; |
| if (sz % 8) |
| sz += 8; |
| sz /= 8; |
| |
| return sz; |
| } |
| |
| |
| static u8 ieee80211_eht_mcs_set_size(enum hostapd_hw_mode mode, u8 opclass, |
| u8 he_oper_chwidth, const u8 *he_phy_cap, |
| const u8 *eht_phy_cap) |
| { |
| u8 sz = EHT_PHYCAP_MCS_NSS_LEN_20MHZ_PLUS; |
| bool band24, band5, band6; |
| u8 he_phy_cap_chwidth = ~HE_PHYCAP_CHANNEL_WIDTH_MASK; |
| |
| switch (he_oper_chwidth) { |
| case CONF_OPER_CHWIDTH_80P80MHZ: |
| he_phy_cap_chwidth |= |
| HE_PHYCAP_CHANNEL_WIDTH_SET_80PLUS80MHZ_IN_5G; |
| /* fall through */ |
| case CONF_OPER_CHWIDTH_160MHZ: |
| he_phy_cap_chwidth |= HE_PHYCAP_CHANNEL_WIDTH_SET_160MHZ_IN_5G; |
| /* fall through */ |
| case CONF_OPER_CHWIDTH_80MHZ: |
| case CONF_OPER_CHWIDTH_USE_HT: |
| he_phy_cap_chwidth |= HE_PHYCAP_CHANNEL_WIDTH_SET_40MHZ_IN_2G | |
| HE_PHYCAP_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G; |
| break; |
| } |
| |
| he_phy_cap_chwidth &= he_phy_cap[HE_PHYCAP_CHANNEL_WIDTH_SET_IDX]; |
| |
| band24 = mode == HOSTAPD_MODE_IEEE80211B || |
| mode == HOSTAPD_MODE_IEEE80211G || |
| mode == NUM_HOSTAPD_MODES; |
| band5 = mode == HOSTAPD_MODE_IEEE80211A || |
| mode == NUM_HOSTAPD_MODES; |
| band6 = is_6ghz_op_class(opclass); |
| |
| if (band24 && |
| (he_phy_cap_chwidth & HE_PHYCAP_CHANNEL_WIDTH_SET_40MHZ_IN_2G) == 0) |
| return EHT_PHYCAP_MCS_NSS_LEN_20MHZ_ONLY; |
| |
| if (band5 && |
| (he_phy_cap_chwidth & |
| (HE_PHYCAP_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G | |
| HE_PHYCAP_CHANNEL_WIDTH_SET_160MHZ_IN_5G | |
| HE_PHYCAP_CHANNEL_WIDTH_SET_80PLUS80MHZ_IN_5G)) == 0) |
| return EHT_PHYCAP_MCS_NSS_LEN_20MHZ_ONLY; |
| |
| if (band5 && |
| (he_phy_cap_chwidth & |
| (HE_PHYCAP_CHANNEL_WIDTH_SET_160MHZ_IN_5G | |
| HE_PHYCAP_CHANNEL_WIDTH_SET_80PLUS80MHZ_IN_5G))) |
| sz += EHT_PHYCAP_MCS_NSS_LEN_20MHZ_PLUS; |
| |
| if (band6 && |
| (eht_phy_cap[EHT_PHYCAP_320MHZ_IN_6GHZ_SUPPORT_IDX] & |
| EHT_PHYCAP_320MHZ_IN_6GHZ_SUPPORT_MASK)) |
| sz += EHT_PHYCAP_MCS_NSS_LEN_20MHZ_PLUS; |
| |
| return sz; |
| } |
| |
| |
| size_t hostapd_eid_eht_capab_len(struct hostapd_data *hapd, |
| enum ieee80211_op_mode opmode) |
| { |
| struct hostapd_hw_modes *mode; |
| struct eht_capabilities *eht_cap; |
| size_t len = 3 + 2 + EHT_PHY_CAPAB_LEN; |
| |
| mode = hapd->iface->current_mode; |
| if (!mode) |
| return 0; |
| |
| eht_cap = &mode->eht_capab[opmode]; |
| if (!eht_cap->eht_supported) |
| return 0; |
| |
| len += ieee80211_eht_mcs_set_size(mode->mode, hapd->iconf->op_class, |
| hapd->iconf->he_oper_chwidth, |
| mode->he_capab[opmode].phy_cap, |
| eht_cap->phy_cap); |
| len += ieee80211_eht_ppet_size(WPA_GET_LE16(&eht_cap->ppet[0]), |
| eht_cap->phy_cap); |
| |
| return len; |
| } |
| |
| |
| u8 * hostapd_eid_eht_capab(struct hostapd_data *hapd, u8 *eid, |
| enum ieee80211_op_mode opmode) |
| { |
| struct hostapd_hw_modes *mode; |
| struct eht_capabilities *eht_cap; |
| struct ieee80211_eht_capabilities *cap; |
| size_t mcs_nss_len, ppe_thresh_len; |
| u8 *pos = eid, *length_pos; |
| |
| mode = hapd->iface->current_mode; |
| if (!mode) |
| return eid; |
| |
| eht_cap = &mode->eht_capab[opmode]; |
| if (!eht_cap->eht_supported) |
| return eid; |
| |
| *pos++ = WLAN_EID_EXTENSION; |
| length_pos = pos++; |
| *pos++ = WLAN_EID_EXT_EHT_CAPABILITIES; |
| |
| cap = (struct ieee80211_eht_capabilities *) pos; |
| os_memset(cap, 0, sizeof(*cap)); |
| cap->mac_cap = host_to_le16(eht_cap->mac_cap); |
| os_memcpy(cap->phy_cap, eht_cap->phy_cap, EHT_PHY_CAPAB_LEN); |
| |
| if (!is_6ghz_op_class(hapd->iconf->op_class)) |
| cap->phy_cap[EHT_PHYCAP_320MHZ_IN_6GHZ_SUPPORT_IDX] &= |
| ~EHT_PHYCAP_320MHZ_IN_6GHZ_SUPPORT_MASK; |
| if (!hapd->iface->conf->eht_phy_capab.su_beamformer) |
| cap->phy_cap[EHT_PHYCAP_SU_BEAMFORMER_IDX] &= |
| ~EHT_PHYCAP_SU_BEAMFORMER; |
| |
| if (!hapd->iface->conf->eht_phy_capab.su_beamformee) |
| cap->phy_cap[EHT_PHYCAP_SU_BEAMFORMEE_IDX] &= |
| ~EHT_PHYCAP_SU_BEAMFORMEE; |
| |
| if (!hapd->iface->conf->eht_phy_capab.mu_beamformer) |
| cap->phy_cap[EHT_PHYCAP_MU_BEAMFORMER_IDX] &= |
| ~EHT_PHYCAP_MU_BEAMFORMER_MASK; |
| |
| pos = cap->optional; |
| |
| mcs_nss_len = ieee80211_eht_mcs_set_size(mode->mode, |
| hapd->iconf->op_class, |
| hapd->iconf->he_oper_chwidth, |
| mode->he_capab[opmode].phy_cap, |
| eht_cap->phy_cap); |
| if (mcs_nss_len) { |
| os_memcpy(pos, eht_cap->mcs, mcs_nss_len); |
| pos += mcs_nss_len; |
| } |
| |
| ppe_thresh_len = ieee80211_eht_ppet_size( |
| WPA_GET_LE16(&eht_cap->ppet[0]), |
| eht_cap->phy_cap); |
| if (ppe_thresh_len) { |
| os_memcpy(pos, eht_cap->ppet, ppe_thresh_len); |
| pos += ppe_thresh_len; |
| } |
| |
| *length_pos = pos - (eid + 2); |
| return pos; |
| } |
| |
| |
| u8 * hostapd_eid_eht_operation(struct hostapd_data *hapd, u8 *eid) |
| { |
| struct hostapd_config *conf = hapd->iconf; |
| struct ieee80211_eht_operation *oper; |
| u8 *pos = eid, seg0 = 0, seg1 = 0; |
| enum oper_chan_width chwidth; |
| size_t elen = 1 + 4 + 3; |
| |
| if (!hapd->iface->current_mode) |
| return eid; |
| |
| if (hapd->iconf->punct_bitmap) |
| elen += EHT_OPER_DISABLED_SUBCHAN_BITMAP_SIZE; |
| |
| *pos++ = WLAN_EID_EXTENSION; |
| *pos++ = 1 + elen; |
| *pos++ = WLAN_EID_EXT_EHT_OPERATION; |
| |
| oper = (struct ieee80211_eht_operation *) pos; |
| oper->oper_params = EHT_OPER_INFO_PRESENT; |
| |
| /* TODO: Fill in appropriate EHT-MCS max Nss information */ |
| oper->basic_eht_mcs_nss_set[0] = 0x11; |
| oper->basic_eht_mcs_nss_set[1] = 0x00; |
| oper->basic_eht_mcs_nss_set[2] = 0x00; |
| oper->basic_eht_mcs_nss_set[3] = 0x00; |
| |
| if (is_6ghz_op_class(conf->op_class)) |
| chwidth = op_class_to_ch_width(conf->op_class); |
| else |
| chwidth = conf->eht_oper_chwidth; |
| |
| seg0 = hostapd_get_oper_centr_freq_seg0_idx(conf); |
| |
| switch (chwidth) { |
| case CONF_OPER_CHWIDTH_320MHZ: |
| oper->oper_info.control |= EHT_OPER_CHANNEL_WIDTH_320MHZ; |
| seg1 = seg0; |
| if (hapd->iconf->channel < seg0) |
| seg0 -= 16; |
| else |
| seg0 += 16; |
| break; |
| case CONF_OPER_CHWIDTH_160MHZ: |
| oper->oper_info.control |= EHT_OPER_CHANNEL_WIDTH_160MHZ; |
| seg1 = seg0; |
| if (hapd->iconf->channel < seg0) |
| seg0 -= 8; |
| else |
| seg0 += 8; |
| break; |
| case CONF_OPER_CHWIDTH_80MHZ: |
| oper->oper_info.control |= EHT_OPER_CHANNEL_WIDTH_80MHZ; |
| break; |
| case CONF_OPER_CHWIDTH_USE_HT: |
| if (seg0) |
| oper->oper_info.control |= EHT_OPER_CHANNEL_WIDTH_40MHZ; |
| break; |
| default: |
| return eid; |
| } |
| |
| oper->oper_info.ccfs0 = seg0 ? seg0 : hapd->iconf->channel; |
| oper->oper_info.ccfs1 = seg1; |
| |
| if (hapd->iconf->punct_bitmap) { |
| oper->oper_params |= EHT_OPER_DISABLED_SUBCHAN_BITMAP_PRESENT; |
| oper->oper_info.disabled_chan_bitmap = |
| host_to_le16(hapd->iconf->punct_bitmap); |
| } |
| |
| return pos + elen; |
| } |
| |
| |
| static bool check_valid_eht_mcs_nss(struct hostapd_data *hapd, const u8 *ap_mcs, |
| const u8 *sta_mcs, u8 mcs_count, u8 map_len) |
| { |
| unsigned int i, j; |
| |
| for (i = 0; i < mcs_count; i++) { |
| ap_mcs += i * 3; |
| sta_mcs += i * 3; |
| |
| for (j = 0; j < map_len; j++) { |
| if (((ap_mcs[j] >> 4) & 0xFF) == 0) |
| continue; |
| |
| if ((sta_mcs[j] & 0xFF) == 0) |
| continue; |
| |
| return true; |
| } |
| } |
| |
| wpa_printf(MSG_DEBUG, |
| "No matching EHT MCS found between AP TX and STA RX"); |
| return false; |
| } |
| |
| |
| static bool check_valid_eht_mcs(struct hostapd_data *hapd, |
| const u8 *sta_eht_capab, |
| enum ieee80211_op_mode opmode) |
| { |
| struct hostapd_hw_modes *mode; |
| const struct ieee80211_eht_capabilities *capab; |
| const u8 *ap_mcs, *sta_mcs; |
| u8 mcs_count = 1; |
| |
| mode = hapd->iface->current_mode; |
| if (!mode) |
| return true; |
| |
| ap_mcs = mode->eht_capab[opmode].mcs; |
| capab = (const struct ieee80211_eht_capabilities *) sta_eht_capab; |
| sta_mcs = capab->optional; |
| |
| if (ieee80211_eht_mcs_set_size(mode->mode, hapd->iconf->op_class, |
| hapd->iconf->he_oper_chwidth, |
| mode->he_capab[opmode].phy_cap, |
| mode->eht_capab[opmode].phy_cap) == |
| EHT_PHYCAP_MCS_NSS_LEN_20MHZ_ONLY) |
| return check_valid_eht_mcs_nss( |
| hapd, ap_mcs, sta_mcs, 1, |
| EHT_PHYCAP_MCS_NSS_LEN_20MHZ_ONLY); |
| |
| switch (hapd->iface->conf->eht_oper_chwidth) { |
| case CONF_OPER_CHWIDTH_320MHZ: |
| mcs_count++; |
| /* fall through */ |
| case CONF_OPER_CHWIDTH_80P80MHZ: |
| case CONF_OPER_CHWIDTH_160MHZ: |
| mcs_count++; |
| break; |
| default: |
| break; |
| } |
| |
| return check_valid_eht_mcs_nss(hapd, ap_mcs, sta_mcs, mcs_count, |
| EHT_PHYCAP_MCS_NSS_LEN_20MHZ_PLUS); |
| } |
| |
| |
| static bool ieee80211_invalid_eht_cap_size(enum hostapd_hw_mode mode, |
| u8 opclass, u8 he_oper_chwidth, |
| const u8 *he_cap, const u8 *eht_cap, |
| size_t len) |
| { |
| const struct ieee80211_he_capabilities *he_capab; |
| struct ieee80211_eht_capabilities *cap; |
| const u8 *he_phy_cap; |
| size_t cap_len; |
| u16 ppe_thres_hdr; |
| |
| he_capab = (const struct ieee80211_he_capabilities *) he_cap; |
| he_phy_cap = he_capab->he_phy_capab_info; |
| cap = (struct ieee80211_eht_capabilities *) eht_cap; |
| cap_len = sizeof(*cap) - sizeof(cap->optional); |
| if (len < cap_len) |
| return true; |
| |
| cap_len += ieee80211_eht_mcs_set_size(mode, opclass, he_oper_chwidth, |
| he_phy_cap, cap->phy_cap); |
| if (len < cap_len) |
| return true; |
| |
| ppe_thres_hdr = len > cap_len + 1 ? |
| WPA_GET_LE16(&eht_cap[cap_len]) : 0x01ff; |
| cap_len += ieee80211_eht_ppet_size(ppe_thres_hdr, cap->phy_cap); |
| |
| return len < cap_len; |
| } |
| |
| |
| u16 copy_sta_eht_capab(struct hostapd_data *hapd, struct sta_info *sta, |
| enum ieee80211_op_mode opmode, |
| const u8 *he_capab, size_t he_capab_len, |
| const u8 *eht_capab, size_t eht_capab_len) |
| { |
| struct hostapd_hw_modes *c_mode = hapd->iface->current_mode; |
| enum hostapd_hw_mode mode = c_mode ? c_mode->mode : NUM_HOSTAPD_MODES; |
| |
| if (!hapd->iconf->ieee80211be || hapd->conf->disable_11be || |
| !he_capab || he_capab_len < IEEE80211_HE_CAPAB_MIN_LEN || |
| !eht_capab || |
| ieee80211_invalid_eht_cap_size(mode, hapd->iconf->op_class, |
| hapd->iconf->he_oper_chwidth, |
| he_capab, eht_capab, |
| eht_capab_len) || |
| !check_valid_eht_mcs(hapd, eht_capab, opmode)) { |
| sta->flags &= ~WLAN_STA_EHT; |
| os_free(sta->eht_capab); |
| sta->eht_capab = NULL; |
| return WLAN_STATUS_SUCCESS; |
| } |
| |
| os_free(sta->eht_capab); |
| sta->eht_capab = os_memdup(eht_capab, eht_capab_len); |
| if (!sta->eht_capab) { |
| sta->eht_capab_len = 0; |
| return WLAN_STATUS_UNSPECIFIED_FAILURE; |
| } |
| |
| sta->flags |= WLAN_STA_EHT; |
| sta->eht_capab_len = eht_capab_len; |
| |
| return WLAN_STATUS_SUCCESS; |
| } |
| |
| |
| void hostapd_get_eht_capab(struct hostapd_data *hapd, |
| const struct ieee80211_eht_capabilities *src, |
| struct ieee80211_eht_capabilities *dest, |
| size_t len) |
| { |
| if (!src || !dest) |
| return; |
| |
| if (len > sizeof(*dest)) |
| len = sizeof(*dest); |
| /* TODO: mask out unsupported features */ |
| |
| os_memset(dest, 0, sizeof(*dest)); |
| os_memcpy(dest, src, len); |
| } |
| |
| |
| u8 * hostapd_eid_eht_basic_ml(struct hostapd_data *hapd, u8 *eid, |
| struct sta_info *info, bool include_mld_id) |
| { |
| struct wpabuf *buf; |
| u16 control; |
| u8 *pos = eid; |
| const u8 *ptr; |
| size_t len, slice_len; |
| u8 link_id; |
| u8 common_info_len; |
| |
| /* |
| * As the Multi-Link element can exceed the size of 255 bytes need to |
| * first build it and then handle fragmentation. |
| */ |
| buf = wpabuf_alloc(1024); |
| if (!buf) |
| return pos; |
| |
| /* Multi-Link Control field */ |
| control = MULTI_LINK_CONTROL_TYPE_BASIC | |
| BASIC_MULTI_LINK_CTRL_PRES_LINK_ID | |
| BASIC_MULTI_LINK_CTRL_PRES_BSS_PARAM_CH_COUNT | |
| BASIC_MULTI_LINK_CTRL_PRES_EML_CAPA | |
| BASIC_MULTI_LINK_CTRL_PRES_MLD_CAPA; |
| |
| /* |
| * Set the basic Multi-Link common information. Hard code the common |
| * info length to 13 based on the length of the present fields: |
| * Length (1) + MLD address (6) + Link ID (1) + |
| * BSS Parameters Change Count (1) + EML Capabilities (2) + |
| * MLD Capabilities and Operations (2) |
| */ |
| common_info_len = 13; |
| |
| if (include_mld_id) { |
| /* AP MLD ID */ |
| control |= BASIC_MULTI_LINK_CTRL_PRES_AP_MLD_ID; |
| common_info_len++; |
| } |
| |
| wpabuf_put_le16(buf, control); |
| |
| wpabuf_put_u8(buf, common_info_len); |
| |
| /* Own MLD MAC Address */ |
| wpabuf_put_data(buf, hapd->mld_addr, ETH_ALEN); |
| |
| /* Own Link ID */ |
| wpabuf_put_u8(buf, hapd->mld_link_id); |
| |
| /* Currently hard code the BSS Parameters Change Count to 0x1 */ |
| wpabuf_put_u8(buf, 0x1); |
| |
| wpa_printf(MSG_DEBUG, "MLD: EML Capabilities=0x%x", |
| hapd->iface->mld_eml_capa); |
| wpabuf_put_le16(buf, hapd->iface->mld_eml_capa); |
| |
| wpa_printf(MSG_DEBUG, "MLD: MLD Capabilities and Operations=0x%x", |
| hapd->iface->mld_mld_capa); |
| wpabuf_put_le16(buf, hapd->iface->mld_mld_capa); |
| |
| if (include_mld_id) { |
| wpa_printf(MSG_DEBUG, "MLD: AP MLD ID=0x%x", |
| hapd->conf->mld_id); |
| wpabuf_put_u8(buf, hapd->conf->mld_id); |
| } |
| |
| if (!info) |
| goto out; |
| |
| /* Add link info for the other links */ |
| for (link_id = 0; link_id < MAX_NUM_MLD_LINKS; link_id++) { |
| struct mld_link_info *link = &info->mld_info.links[link_id]; |
| struct hostapd_data *link_bss; |
| |
| /* |
| * control (2) + station info length (1) + MAC address (6) + |
| * beacon interval (2) + TSF offset (8) + DTIM info (2) + BSS |
| * parameters change counter (1) + station profile length. |
| */ |
| const size_t fixed_len = 22; |
| size_t total_len = fixed_len + link->resp_sta_profile_len; |
| |
| /* Skip the local one */ |
| if (link_id == hapd->mld_link_id || !link->valid) |
| continue; |
| |
| link_bss = hostapd_mld_get_link_bss(hapd, link_id); |
| if (!link_bss) { |
| wpa_printf(MSG_ERROR, |
| "MLD: Couldn't find link BSS - skip it"); |
| continue; |
| } |
| |
| /* Per-STA Profile subelement */ |
| wpabuf_put_u8(buf, EHT_ML_SUB_ELEM_PER_STA_PROFILE); |
| |
| if (total_len <= 255) |
| wpabuf_put_u8(buf, total_len); |
| else |
| wpabuf_put_u8(buf, 255); |
| |
| /* STA Control */ |
| control = (link_id & 0xf) | |
| EHT_PER_STA_CTRL_MAC_ADDR_PRESENT_MSK | |
| EHT_PER_STA_CTRL_COMPLETE_PROFILE_MSK | |
| EHT_PER_STA_CTRL_TSF_OFFSET_PRESENT_MSK | |
| EHT_PER_STA_CTRL_BEACON_INTERVAL_PRESENT_MSK | |
| EHT_PER_STA_CTRL_DTIM_INFO_PRESENT_MSK | |
| EHT_PER_STA_CTRL_BSS_PARAM_CNT_PRESENT_MSK; |
| wpabuf_put_le16(buf, control); |
| |
| /* STA Info */ |
| |
| /* STA Info Length */ |
| wpabuf_put_u8(buf, fixed_len - 2); |
| wpabuf_put_data(buf, link->local_addr, ETH_ALEN); |
| wpabuf_put_le16(buf, link_bss->iconf->beacon_int); |
| |
| /* TSF Offset */ |
| /* |
| * TODO: Currently setting TSF offset to zero. However, this |
| * information needs to come from the driver. |
| */ |
| wpabuf_put_le64(buf, 0); |
| |
| /* DTIM Info */ |
| wpabuf_put_le16(buf, link_bss->conf->dtim_period); |
| |
| /* BSS Parameters Change Count */ |
| /* TODO: Currently hard code the BSS Parameters Change Count to |
| * 0x1 */ |
| wpabuf_put_u8(buf, 0x1); |
| |
| /* Fragment the sub element if needed */ |
| if (total_len <= 255) { |
| wpabuf_put_data(buf, link->resp_sta_profile, |
| link->resp_sta_profile_len); |
| } else { |
| ptr = link->resp_sta_profile; |
| len = link->resp_sta_profile_len; |
| |
| slice_len = 255 - fixed_len; |
| |
| wpabuf_put_data(buf, ptr, slice_len); |
| len -= slice_len; |
| ptr += slice_len; |
| |
| while (len) { |
| if (len <= 255) |
| slice_len = len; |
| else |
| slice_len = 255; |
| |
| wpabuf_put_u8(buf, EHT_ML_SUB_ELEM_FRAGMENT); |
| wpabuf_put_u8(buf, slice_len); |
| wpabuf_put_data(buf, ptr, slice_len); |
| |
| len -= slice_len; |
| ptr += slice_len; |
| } |
| } |
| } |
| |
| out: |
| /* Fragment the Multi-Link element, if needed */ |
| len = wpabuf_len(buf); |
| ptr = wpabuf_head(buf); |
| |
| if (len <= 254) |
| slice_len = len; |
| else |
| slice_len = 254; |
| |
| *pos++ = WLAN_EID_EXTENSION; |
| *pos++ = slice_len + 1; |
| *pos++ = WLAN_EID_EXT_MULTI_LINK; |
| os_memcpy(pos, ptr, slice_len); |
| |
| ptr += slice_len; |
| pos += slice_len; |
| len -= slice_len; |
| |
| while (len) { |
| if (len <= 255) |
| slice_len = len; |
| else |
| slice_len = 255; |
| |
| *pos++ = WLAN_EID_FRAGMENT; |
| *pos++ = slice_len; |
| os_memcpy(pos, ptr, slice_len); |
| |
| ptr += slice_len; |
| pos += slice_len; |
| len -= slice_len; |
| } |
| |
| wpabuf_free(buf); |
| return pos; |
| } |
| |
| |
| struct wpabuf * hostapd_ml_auth_resp(struct hostapd_data *hapd) |
| { |
| struct wpabuf *buf = wpabuf_alloc(12); |
| |
| if (!buf) |
| return NULL; |
| |
| wpabuf_put_u8(buf, WLAN_EID_EXTENSION); |
| wpabuf_put_u8(buf, 10); |
| wpabuf_put_u8(buf, WLAN_EID_EXT_MULTI_LINK); |
| wpabuf_put_le16(buf, MULTI_LINK_CONTROL_TYPE_BASIC); |
| wpabuf_put_u8(buf, ETH_ALEN + 1); |
| wpabuf_put_data(buf, hapd->mld_addr, ETH_ALEN); |
| |
| return buf; |
| } |
| |
| |
| #ifdef CONFIG_SAE |
| |
| static const u8 * |
| sae_commit_skip_fixed_fields(const struct ieee80211_mgmt *mgmt, size_t len, |
| const u8 *pos, u16 status_code) |
| { |
| u16 group; |
| size_t prime_len; |
| struct crypto_ec *ec; |
| |
| if (status_code != WLAN_STATUS_SAE_HASH_TO_ELEMENT) |
| return pos; |
| |
| /* SAE H2E commit message (group, scalar, FFE) */ |
| if (len < 2) { |
| wpa_printf(MSG_DEBUG, |
| "EHT: SAE Group is not present"); |
| return NULL; |
| } |
| |
| group = WPA_GET_LE16(pos); |
| pos += 2; |
| |
| /* TODO: How to parse when the group is unknown? */ |
| ec = crypto_ec_init(group); |
| if (!ec) { |
| const struct dh_group *dh = dh_groups_get(group); |
| |
| if (!dh) { |
| wpa_printf(MSG_DEBUG, "EHT: Unknown SAE group %u", |
| group); |
| return NULL; |
| } |
| |
| prime_len = dh->prime_len; |
| } else { |
| prime_len = crypto_ec_prime_len(ec); |
| } |
| |
| wpa_printf(MSG_DEBUG, "EHT: SAE scalar length is %zu", prime_len); |
| |
| /* scalar */ |
| pos += prime_len; |
| |
| if (ec) { |
| pos += prime_len * 2; |
| crypto_ec_deinit(ec); |
| } else { |
| pos += prime_len; |
| } |
| |
| if (pos - mgmt->u.auth.variable > (int) len) { |
| wpa_printf(MSG_DEBUG, |
| "EHT: Too short SAE commit Authentication frame"); |
| return NULL; |
| } |
| |
| wpa_hexdump(MSG_DEBUG, "EHT: SAE: Authentication frame elements", |
| pos, (int) len - (pos - mgmt->u.auth.variable)); |
| |
| return pos; |
| } |
| |
| |
| static const u8 * |
| sae_confirm_skip_fixed_fields(struct hostapd_data *hapd, |
| const struct ieee80211_mgmt *mgmt, size_t len, |
| const u8 *pos, u16 status_code) |
| { |
| struct sta_info *sta; |
| |
| if (status_code == WLAN_STATUS_REJECTED_WITH_SUGGESTED_BSS_TRANSITION) |
| return pos; |
| |
| /* send confirm integer */ |
| pos += 2; |
| |
| /* |
| * At this stage we should already have an MLD station and actually SA |
| * will be replaced with the MLD MAC address by the driver. |
| */ |
| sta = ap_get_sta(hapd, mgmt->sa); |
| if (!sta) { |
| wpa_printf(MSG_DEBUG, "SAE: No MLD STA for SAE confirm"); |
| return NULL; |
| } |
| |
| if (!sta->sae || sta->sae->state < SAE_COMMITTED || !sta->sae->tmp) { |
| if (sta->sae) |
| wpa_printf(MSG_DEBUG, "SAE: Invalid state=%u", |
| sta->sae->state); |
| else |
| wpa_printf(MSG_DEBUG, "SAE: No SAE context"); |
| return NULL; |
| } |
| |
| wpa_printf(MSG_DEBUG, "SAE: confirm: kck_len=%zu", |
| sta->sae->tmp->kck_len); |
| |
| pos += sta->sae->tmp->kck_len; |
| |
| if (pos - mgmt->u.auth.variable > (int) len) { |
| wpa_printf(MSG_DEBUG, |
| "EHT: Too short SAE confirm Authentication frame"); |
| return NULL; |
| } |
| |
| return pos; |
| } |
| |
| #endif /* CONFIG_SAE */ |
| |
| |
| static const u8 * auth_skip_fixed_fields(struct hostapd_data *hapd, |
| const struct ieee80211_mgmt *mgmt, |
| size_t len) |
| { |
| u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); |
| #ifdef CONFIG_SAE |
| u16 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction); |
| u16 status_code = le_to_host16(mgmt->u.auth.status_code); |
| #endif /* CONFIG_SAE */ |
| const u8 *pos = mgmt->u.auth.variable; |
| |
| /* Skip fixed fields as based on IEE P802.11-REVme/D3.0, Table 9-69 |
| * (Presence of fields and elements in Authentications frames) */ |
| switch (auth_alg) { |
| case WLAN_AUTH_OPEN: |
| return pos; |
| #ifdef CONFIG_SAE |
| case WLAN_AUTH_SAE: |
| if (auth_transaction == 1) { |
| if (status_code == WLAN_STATUS_SUCCESS) { |
| wpa_printf(MSG_DEBUG, |
| "EHT: SAE H2E is mandatory for MLD"); |
| goto out; |
| } |
| |
| return sae_commit_skip_fixed_fields(mgmt, len, pos, |
| status_code); |
| } else if (auth_transaction == 2) { |
| return sae_confirm_skip_fixed_fields(hapd, mgmt, len, |
| pos, status_code); |
| } |
| |
| return pos; |
| #endif /* CONFIG_SAE */ |
| /* TODO: Support additional algorithms that can be used for MLO */ |
| case WLAN_AUTH_FT: |
| case WLAN_AUTH_FILS_SK: |
| case WLAN_AUTH_FILS_SK_PFS: |
| case WLAN_AUTH_FILS_PK: |
| case WLAN_AUTH_PASN: |
| default: |
| break; |
| } |
| |
| #ifdef CONFIG_SAE |
| out: |
| #endif /* CONFIG_SAE */ |
| wpa_printf(MSG_DEBUG, |
| "TODO: Authentication algorithm %u not supported with MLD", |
| auth_alg); |
| return NULL; |
| } |
| |
| |
| const u8 * hostapd_process_ml_auth(struct hostapd_data *hapd, |
| const struct ieee80211_mgmt *mgmt, |
| size_t len) |
| { |
| struct ieee802_11_elems elems; |
| const u8 *pos; |
| |
| if (!hapd->conf->mld_ap) |
| return NULL; |
| |
| len -= offsetof(struct ieee80211_mgmt, u.auth.variable); |
| |
| pos = auth_skip_fixed_fields(hapd, mgmt, len); |
| if (!pos) |
| return NULL; |
| |
| if (ieee802_11_parse_elems(pos, |
| (int)len - (pos - mgmt->u.auth.variable), |
| &elems, 0) == ParseFailed) { |
| wpa_printf(MSG_DEBUG, |
| "MLD: Failed parsing Authentication frame"); |
| } |
| |
| if (!elems.basic_mle || !elems.basic_mle_len) |
| return NULL; |
| |
| return get_basic_mle_mld_addr(elems.basic_mle, elems.basic_mle_len); |
| } |
| |
| |
| static int hostapd_mld_validate_assoc_info(struct hostapd_data *hapd, |
| struct mld_info *info) |
| { |
| u8 i, link_id; |
| |
| if (!info->mld_sta) { |
| wpa_printf(MSG_DEBUG, "MLD: Not a non-AP MLD"); |
| return 0; |
| } |
| |
| /* |
| * Iterate over the links negotiated in the (Re)Association Request |
| * frame and validate that they are indeed valid links in the local AP |
| * MLD. |
| * |
| * While at it, also update the local address for the links in the |
| * mld_info, so it could be easily available for later flows, e.g., for |
| * the RSN Authenticator, etc. |
| */ |
| for (link_id = 0; link_id < MAX_NUM_MLD_LINKS; link_id++) { |
| struct hostapd_data *other_hapd; |
| |
| if (!info->links[link_id].valid) |
| continue; |
| |
| for (i = 0; i < hapd->iface->interfaces->count; i++) { |
| other_hapd = hapd->iface->interfaces->iface[i]->bss[0]; |
| |
| if (hapd == other_hapd) |
| continue; |
| |
| if (other_hapd->conf->mld_ap && |
| other_hapd->conf->mld_id == hapd->conf->mld_id && |
| link_id == other_hapd->mld_link_id) |
| break; |
| } |
| |
| if (i == hapd->iface->interfaces->count && |
| link_id != hapd->mld_link_id) { |
| wpa_printf(MSG_DEBUG, "MLD: Invalid link ID=%u", |
| link_id); |
| return -1; |
| } |
| |
| if (i < hapd->iface->interfaces->count) |
| os_memcpy(info->links[link_id].local_addr, |
| other_hapd->own_addr, |
| ETH_ALEN); |
| } |
| |
| return 0; |
| } |
| |
| |
| u16 hostapd_process_ml_assoc_req(struct hostapd_data *hapd, |
| struct ieee802_11_elems *elems, |
| struct sta_info *sta) |
| { |
| struct wpabuf *mlbuf; |
| const struct ieee80211_eht_ml *ml; |
| const struct eht_ml_basic_common_info *common_info; |
| size_t ml_len, common_info_len; |
| struct mld_link_info *link_info; |
| struct mld_info *info = &sta->mld_info; |
| const u8 *pos; |
| int ret = -1; |
| u16 ml_control; |
| |
| mlbuf = ieee802_11_defrag_mle(elems, MULTI_LINK_CONTROL_TYPE_BASIC); |
| if (!mlbuf) |
| return WLAN_STATUS_SUCCESS; |
| |
| ml = wpabuf_head(mlbuf); |
| ml_len = wpabuf_len(mlbuf); |
| |
| ml_control = le_to_host16(ml->ml_control); |
| if ((ml_control & MULTI_LINK_CONTROL_TYPE_MASK) != |
| MULTI_LINK_CONTROL_TYPE_BASIC) { |
| wpa_printf(MSG_DEBUG, "MLD: Invalid ML type=%u", |
| ml_control & MULTI_LINK_CONTROL_TYPE_MASK); |
| goto out; |
| } |
| |
| /* Common Info length and MLD MAC address must always be present */ |
| common_info_len = 1 + ETH_ALEN; |
| |
| if (ml_control & BASIC_MULTI_LINK_CTRL_PRES_LINK_ID) { |
| wpa_printf(MSG_DEBUG, "MLD: Link ID info not expected"); |
| goto out; |
| } |
| |
| if (ml_control & BASIC_MULTI_LINK_CTRL_PRES_BSS_PARAM_CH_COUNT) { |
| wpa_printf(MSG_DEBUG, "MLD: BSS params change not expected"); |
| goto out; |
| } |
| |
| if (ml_control & BASIC_MULTI_LINK_CTRL_PRES_MSD_INFO) { |
| wpa_printf(MSG_DEBUG, "MLD: Sync delay not expected"); |
| goto out; |
| } |
| |
| if (ml_control & BASIC_MULTI_LINK_CTRL_PRES_EML_CAPA) { |
| common_info_len += 2; |
| } else { |
| wpa_printf(MSG_DEBUG, "MLD: EML capabilities not present"); |
| } |
| |
| if (ml_control & BASIC_MULTI_LINK_CTRL_PRES_MLD_CAPA) { |
| common_info_len += 2; |
| |
| } else { |
| wpa_printf(MSG_DEBUG, "MLD: MLD capabilities not present"); |
| goto out; |
| } |
| |
| wpa_printf(MSG_DEBUG, "MLD: expected_common_info_len=%lu", |
| common_info_len); |
| |
| if (sizeof(*ml) + common_info_len > ml_len) { |
| wpa_printf(MSG_DEBUG, "MLD: Not enough bytes for common info"); |
| goto out; |
| } |
| |
| common_info = (const struct eht_ml_basic_common_info *) ml->variable; |
| |
| /* Common information length includes the length octet */ |
| if (common_info->len != common_info_len) { |
| wpa_printf(MSG_DEBUG, |
| "MLD: Invalid common info len=%u (expected %zu)", |
| common_info->len, common_info_len); |
| goto out; |
| } |
| |
| pos = common_info->variable; |
| |
| if (ml_control & BASIC_MULTI_LINK_CTRL_PRES_EML_CAPA) { |
| info->common_info.eml_capa = WPA_GET_LE16(pos); |
| pos += 2; |
| } else { |
| info->common_info.eml_capa = 0; |
| } |
| |
| info->common_info.mld_capa = WPA_GET_LE16(pos); |
| pos += 2; |
| |
| wpa_printf(MSG_DEBUG, "MLD: addr=" MACSTR ", eml=0x%x, mld=0x%x", |
| MAC2STR(info->common_info.mld_addr), |
| info->common_info.eml_capa, info->common_info.mld_capa); |
| |
| /* Check the MLD MAC Address */ |
| if (os_memcmp(info->common_info.mld_addr, common_info->mld_addr, |
| ETH_ALEN) != 0) { |
| wpa_printf(MSG_DEBUG, |
| "MLD: MLD address mismatch between authentication (" |
| MACSTR ") and association (" MACSTR ")", |
| MAC2STR(info->common_info.mld_addr), |
| MAC2STR(common_info->mld_addr)); |
| goto out; |
| } |
| |
| info->links[hapd->mld_link_id].valid = true; |
| |
| /* Parse the link info field */ |
| ml_len -= sizeof(*ml) + common_info_len; |
| |
| while (ml_len > 2) { |
| size_t sub_elem_len = *(pos + 1); |
| size_t sta_info_len; |
| u16 control; |
| |
| wpa_printf(MSG_DEBUG, "MLD: sub element len=%zu", |
| sub_elem_len); |
| |
| if (2 + sub_elem_len > ml_len) { |
| wpa_printf(MSG_DEBUG, |
| "MLD: Invalid link info len: %zu %zu", |
| 2 + sub_elem_len, ml_len); |
| goto out; |
| } |
| |
| if (*pos == MULTI_LINK_SUB_ELEM_ID_VENDOR) { |
| wpa_printf(MSG_DEBUG, |
| "MLD: Skip vendor specific subelement"); |
| |
| pos += 2 + sub_elem_len; |
| ml_len -= 2 + sub_elem_len; |
| continue; |
| } |
| |
| if (*pos != MULTI_LINK_SUB_ELEM_ID_PER_STA_PROFILE) { |
| wpa_printf(MSG_DEBUG, |
| "MLD: Unexpected Multi-Link element subelement ID=%u", |
| *pos); |
| goto out; |
| } |
| |
| /* Skip the subelement ID and the length */ |
| pos += 2; |
| ml_len -= 2; |
| |
| /* Get the station control field */ |
| if (sub_elem_len < 2) { |
| wpa_printf(MSG_DEBUG, |
| "MLD: Too short Per-STA Profile subelement"); |
| goto out; |
| } |
| control = WPA_GET_LE16(pos); |
| link_info = &info->links[control & |
| EHT_PER_STA_CTRL_LINK_ID_MSK]; |
| pos += 2; |
| ml_len -= 2; |
| sub_elem_len -= 2; |
| |
| if (!(control & EHT_PER_STA_CTRL_COMPLETE_PROFILE_MSK)) { |
| wpa_printf(MSG_DEBUG, |
| "MLD: Per-STA complete profile expected"); |
| goto out; |
| } |
| |
| if (!(control & EHT_PER_STA_CTRL_MAC_ADDR_PRESENT_MSK)) { |
| wpa_printf(MSG_DEBUG, |
| "MLD: Per-STA MAC address not present"); |
| goto out; |
| } |
| |
| if ((control & (EHT_PER_STA_CTRL_BEACON_INTERVAL_PRESENT_MSK | |
| EHT_PER_STA_CTRL_DTIM_INFO_PRESENT_MSK))) { |
| wpa_printf(MSG_DEBUG, |
| "MLD: Beacon/DTIM interval not expected"); |
| goto out; |
| } |
| |
| /* The length octet and the MAC address must be present */ |
| sta_info_len = 1 + ETH_ALEN; |
| |
| if (control & EHT_PER_STA_CTRL_NSTR_LINK_PAIR_PRESENT_MSK) { |
| if (control & EHT_PER_STA_CTRL_NSTR_BM_SIZE_MSK) |
| link_info->nstr_bitmap_len = 2; |
| else |
| link_info->nstr_bitmap_len = 1; |
| } |
| |
| sta_info_len += link_info->nstr_bitmap_len; |
| |
| if (sta_info_len > ml_len || sta_info_len != *pos || |
| sta_info_len > sub_elem_len) { |
| wpa_printf(MSG_DEBUG, "MLD: Invalid STA Info length"); |
| goto out; |
| } |
| |
| /* skip the length */ |
| pos++; |
| ml_len--; |
| |
| /* get the link address */ |
| os_memcpy(link_info->peer_addr, pos, ETH_ALEN); |
| wpa_printf(MSG_DEBUG, |
| "MLD: assoc: link id=%u, addr=" MACSTR, |
| control & EHT_PER_STA_CTRL_LINK_ID_MSK, |
| MAC2STR(link_info->peer_addr)); |
| |
| pos += ETH_ALEN; |
| ml_len -= ETH_ALEN; |
| |
| /* Get the NSTR bitmap */ |
| if (link_info->nstr_bitmap_len) { |
| os_memcpy(link_info->nstr_bitmap, pos, |
| link_info->nstr_bitmap_len); |
| pos += link_info->nstr_bitmap_len; |
| ml_len -= link_info->nstr_bitmap_len; |
| } |
| |
| sub_elem_len -= sta_info_len; |
| |
| wpa_printf(MSG_DEBUG, "MLD: STA Profile len=%zu", sub_elem_len); |
| if (sub_elem_len > ml_len) |
| goto out; |
| |
| if (sub_elem_len > 2) |
| link_info->capability = WPA_GET_LE16(pos); |
| |
| pos += sub_elem_len; |
| ml_len -= sub_elem_len; |
| |
| wpa_printf(MSG_DEBUG, "MLD: link ctrl=0x%x, " MACSTR |
| ", nstr bitmap len=%lu", |
| control, MAC2STR(link_info->peer_addr), |
| link_info->nstr_bitmap_len); |
| |
| link_info->valid = true; |
| } |
| |
| if (ml_len) { |
| wpa_printf(MSG_DEBUG, "MLD: %zu bytes left after parsing. fail", |
| ml_len); |
| goto out; |
| } |
| |
| ret = hostapd_mld_validate_assoc_info(hapd, info); |
| out: |
| wpabuf_free(mlbuf); |
| if (ret) { |
| os_memset(info, 0, sizeof(*info)); |
| return WLAN_STATUS_UNSPECIFIED_FAILURE; |
| } |
| |
| return WLAN_STATUS_SUCCESS; |
| } |