This makes it easier for test scripts to track completion of 4-way
handshake from hostapd, e.g., when going through PTK rekeying.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
"REKEY_PTK <STA MAC address>" can now be used to force rekeying of the
PTK for the specified associated STA.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Do not start yet another rekeying of GTK when receiving an EAPOL-Key
request frame at the point when the GTK is already being rekeyed. This
fixes issues where the AP might end up configuring a different GTK than
the one it sends to the associated stations.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Simplify the implementation by using shared functions for parsing the
capabilities instead of using various similar but not exactly identical
checks throughout the implementation.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previous debug print used IGTK instead of BIGTK, so fix that to use the
correct key. Actual generation of the BIGTK subelement itself was using
the correct key, though, so this is only needed to fix the debug print.
Signed-off-by: Jouni Malinen <j@w1.fi>
This function can get called with hapd->wpa_auth == NULL from the
control interface handler, so explicitly check for that.
Signed-off-by: Jouni Malinen <j@w1.fi>
When the AP advertised RSNE, RSNXE, and WPA IE, hostapd incorrectly
removed the RSNE in the EAPOL-Key msg 3/4 if the STA associates with
WPA, leaving only RSNXE instead of WPA IE. WPA STA fails to connect to
such AP as the WPA IE is missing.
Since RSNXE is not really used in non-RSN connection, just remove it
here with RSNE.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Derive the KDK as part of PMK to PTK derivation if forced by
configuration or in case both the local AP and the peer station declare
support for secure LTF.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Extend the fils_pmk_to_ptk() to also derive Key Derivation
Key (KDK) which can later be used for secure LTF measurements.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Extend the wpa_pmk_r1_to_ptk() to also derive Key Derivation
Key (KDK), which can later be used for secure LTF measurements.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Extend the wpa_pmk_to_ptk() to also derive Key Derivation
Key (KDK), which can later be used for secure LTF measurements.
Update the wpa_supplicant and hostapd configuration and the
corresponding WPA and WPA Auth state machine, to allow enabling of KDK
derivation. For now, use a testing parameter to control whether KDK is
derived.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
When SAE is used, the local pointer pmk may point to sm->PMK. Skip the
memcpy operation in such a case since it is not really needed and use of
overlapping memory buffers is undefined behavior for memcpy().
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Some legacy stations copy previously reserved RSN capability bits,
including OCVC, in (Re)Association Request frames from the AP's RSNE but
do not indicate MFP capability and/or do not send OCI in RSN handshakes.
This is causing connection failures with such erroneous STAs.
To improve interoperability with such legacy STAs allow a workaround OCV
mode to be enabled to ignore OCVC=1 from the STA if it does not follow
OCV requirements in the first protected exchange. This covers cases
where a STA claims to have OCV capability, but it does not negotiate use
of management frame protection or does not include OCI in EAPOL Key msg
2/4, FT Reassociation Request frame, or FILS (Re)Association Reqest.
The previous behavior with ocv=1 is maintained, i.e., misbehaving STAs
are not allowed to connect. When the new workaround mode is enabled with
ocv=2, the AP considers STA as OCV capable on below criteria
- STA indicates both OCV and MFP capability
- STA sends OCI during connection attempt in a protected frame
Enabling this workaround mode reduced OCV protection to some extend
since it allows misbehavior to go through. As such, this should be
enabled only if interoperability with misbehaving STAs is needed.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
Enhance the return values of ocv_verify_tx_params with enum to indicate
different OCI verification failures to caller.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
This is mainly for testing purposes to allow more convenient checking of
station behavior when a transition mode is disabled.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add hostapd configuration parameters oci_freq_override_* to allow the
OCI channel information to be overridden for various frames for testing
purposes. This can be set in the configuration and also updated during
the runtime of a BSS.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
OSEN STAs are not authenticated, so do not send the actual BIGTK for
them so that they cannot generate forged protected Beacon frames. This
means that OSEN STAs cannot enable beacon protection.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Do not include the actual GTK/IGTK value in WNM Sleep Mode Response
frame if WNM Sleep Mode is used in OSEN or in a network where use of GTK
is disabled. This was already the case for the EAPOL-Key cases of
providing GTK/IGTK, but the WNM Sleep Mode exit case was missed.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add the OCV-FAILURE control interface event to notify upper layers of
OCV validation issues in EAPOL-Key msg 2/4 and group 2/2.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Make reporting of OCV validation failure reasons more flexible by
removing the fixed prefix from ocv_verify_tx_params() output in
ocv_errorstr so that the caller can use whatever prefix or encapsulation
that is most appropriate for each case.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
"SET dpp_version_override <ver>" can now be used to request
wpa_supplicant and hostapd to support a subset of DPP versions. In
practice, the only valid case for now is to fall back from DPP version 2
support to version 1 in builds that include CONFIG_DPP2=y.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Do not allow association to continue if the local configuration enables
PFS and the station indicates it supports PFS, but PFS was not
negotiated for the association.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
IEEE 802.11 defines reason codes for indicating 4-way handshake and
group key handshake timeouts. Use those reason codes instead of the more
generic one for these particular cases in the Authenticator state
machine.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Allow hostapd to be requested to override the RSNXE Used subfield in FT
reassociation case for testing purposes with "ft_rsnxe_used=<0/1/2>"
where 0 = no override, 1 = override to 1, and 2 = override to 0.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Allow STA entry to be removed and re-added to the driver with PMF is
used with FT. Previously, this case resulted in cfg80211 rejecting STA
entry update after successful FT protocol use if the association had not
been dropped and it could not be dropped for the PMF case in
handle_auth().
Signed-off-by: Jouni Malinen <j@w1.fi>
Use local variables to avoid sm->wpa_auth->conf type of dereferences
where multiple instances within a function can be cleaned up.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new hostapd configuration parameter transition_disable can now be
used to configure the AP to advertise that use of a transition mode is
disabled. This allows stations to automatically disable transition mode
by disabling less secure network profile parameters.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Support Extended Key ID in hostapd according to IEEE Std 802.11-2016.
Extended Key ID allows to rekey pairwise keys without the otherwise
unavoidable MPDU losses on a busy link. The standard is fully backward
compatible, allowing an AP to serve STAs with and without Extended Key
ID support in the same BSS.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
This is a workaround needed to keep FT protocol backwards compatible for
the cases where either the AP or the STA uses RSNXE, but the other one
does not. This commit adds setting of the new field to 1 in
Reassociation Request/Response frame during FT protocol when the STA/AP
uses RSNXE in other frames. This mechanism is described in 20/332r3.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The new hostapd configuration parameter rsne_override_eapol can now be
used similarly to the previously added rsnxe_override_eapol to override
(replace contents or remove) RSNE in EAPOL-Key msg 3/4. This can be used
for station protocol testing to verify sufficient checks for RSNE
modification between the Beacon/Probe Response frames and EAPOL-Key msg
3/4.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previous implementation was determining whether the override value was
set based on its length being larger than zero. Replace this with an
explicit indication of whether the parameter is set to allow zero length
replacement, i.e., remove of RSNXE from EAPOL-Key msg 3/4.
In addition, move IE replacement into a more generic helper function to
allow this to be used with other IEs as well.
Signed-off-by: Jouni Malinen <j@w1.fi>
The initial implementation of the PTK derivation workaround for
interoperability with older OWE implementations forced
WPA_KEY_MGMT_PSK_SHA256 to be used for all of PTK derivation. While that
is needed for selecting which hash algorithm to use, this was also
changing the length of the PTK components and by doing so, did not
actually address the backwards compatibility issue.
Fix this by forcing SHA256 as the hash algorithm in PTK derivation
without changing the PTK length calculation for OWE when
owe_ptk_workaround is enabled.
Fixes: 65a44e849a ("OWE: PTK derivation workaround in AP mode")
Fixes: 8b138d2826 ("OWE: PTK derivation workaround in STA mode")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Rekeying a pairwise key using only keyid 0 (PTK0 rekey) has many broken
implementations and should be avoided when using or interacting with
one. The effects can be triggered by either end of the connection and
range from hardly noticeable disconnects over long connection freezes up
to leaking clear text MPDUs.
To allow affected users to mitigate the issues, add a new hostapd
configuration option "wpa_deny_ptk0_rekey" to replace all PTK0 rekeys
with disconnection. This requires the station to reassociate to get
connected again and as such, can result in connectivity issues as well.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
Initial OWE implementation used SHA256 when deriving the PTK for all OWE
groups. This was supposed to change to SHA384 for group 20 and SHA512
for group 21. The new owe_ptk_workaround parameter can be used to enable
workaround for interoperability with stations that use SHA256 with
groups 20 and 21. By default, only the appropriate hash function is
accepted. When workaround is enabled (owe_ptk_workaround=1), the
appropriate hash function is tried first and if that fails, SHA256-based
PTK derivation is attempted. This workaround can result in reduced
security for groups 20 and 21, but is required for interoperability with
older implementations. There is no impact to group 19 behavior.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add the new set_key() parameter "key_flag" to provide more specific
description of what type of a key is being configured. This is needed to
be able to add support for "Extended Key ID for Individually Addressed
Frames" from IEEE Std 802.11-2016. In addition, this may be used to
replace the set_tx boolean eventually once all the driver wrappers have
moved to using the new key_flag.
The following flag are defined:
KEY_FLAG_MODIFY
Set when an already installed key must be updated.
So far the only use-case is changing RX/TX status of installed
keys. Must not be set when deleting a key.
KEY_FLAG_DEFAULT
Set when the key is also a default key. Must not be set when
deleting a key. (This is the replacement for set_tx.)
KEY_FLAG_RX
The key is valid for RX. Must not be set when deleting a key.
KEY_FLAG_TX
The key is valid for TX. Must not be set when deleting a key.
KEY_FLAG_GROUP
The key is a broadcast or group key.
KEY_FLAG_PAIRWISE
The key is a pairwise key.
KEY_FLAG_PMK
The key is a Pairwise Master Key (PMK).
Predefined and needed flag combinations so far are:
KEY_FLAG_GROUP_RX_TX
WEP key not used as default key (yet).
KEY_FLAG_GROUP_RX_TX_DEFAULT
Default WEP or WPA-NONE key.
KEY_FLAG_GROUP_RX
GTK key valid for RX only.
KEY_FLAG_GROUP_TX_DEFAULT
GTK key valid for TX only, immediately taking over TX.
KEY_FLAG_PAIRWISE_RX_TX
Pairwise key immediately becoming the active pairwise key.
KEY_FLAG_PAIRWISE_RX
Pairwise key not yet valid for TX. (Only usable with Extended Key ID
support.)
KEY_FLAG_PAIRWISE_RX_TX_MODIFY
Enable TX for a pairwise key installed with KEY_FLAG_PAIRWISE_RX.
KEY_FLAG_RX_TX
Not a valid standalone key type and can only used in combination
with other flags to mark a key for RX/TX.
This commit is not changing any functionality. It just adds the new
key_flag to all hostapd/wpa_supplicant set_key() functions without using
it, yet.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
The new hostapd gtk_rsc_override and igtk_rsc_override configuration
parameters can be used to set an override value for the RSC that the AP
advertises for STAs for GTK/IGTK. The contents of those parameters is a
hexdump of the RSC in little endian byte order.
This functionality is available only in CONFIG_TESTING_OPTIONS=y builds.
This can be used to verify that stations implement initial RSC
configuration correctly for GTK/ and IGTK.
Signed-off-by: Jouni Malinen <j@w1.fi>
EAPOL-Key message 1/4 without PMKID KDE was sent with 22 bytes of stray
data following a zero length key data field. These 22 bytes happens to
be the exact size of an PMKID KDE. Strip these trailing bytes by
checking whether a PMKID is available and adjust pmkid_len to 0 if not.
This was seen for example in capture files created by hwsim test case
suite_b_192 but code modified to handle also the other cases without
PMKID (Suite B no-KCK, FILS without PMKID available, SAE without PMKID
available).
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sony.com>
This new hostapd configuration parameter rsnxe_override_eapol=<hexdump>
can be used to override RSNXE value in EAPOL-Key msg 3/4 for testing
purposes.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
If the STA advertises RSN Extension element, it has to be advertised
consistently in the unprotected ((Re)Association Request) and protected
(EAPOL-Key msg 2/4) frames. Verify that this is the case.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Tom Barthe
Jouni Malinen
Jouni Malinen
Andrei Otcheretianski
Ilan Peer
Veerendranath Jakkam
Alexander Wetzel
Hu Wang
Mikael Kanstrup