Commit graph

937 commits

Author SHA1 Message Date
xiaofeis
1ff8605775 mka: Support GCM-AES-256
GCM-AES-256 cipher suite is defined in IEEE Std 802.1AEbn-2011.

If authenticator configured as GCM-AES-256, the distributed SAK will be
256 bits indicated by the GCM-AES-256 ID in the MKA packet.

This patch will make AES Key Unwrap to 32 bytes of SAK when identify the
ID.

Signed-off-by: xiaofeis <xiaofeis@codeaurora.org>
2018-08-21 19:28:20 +03:00
Kiran Kumar Lokere
cbdf5a49c8 Define test config vendor attribute to override MU EDCA
Add a new test config QCA vendor attribute to override the MU EDCA
parameters to default values in the driver for test configuration. This
is used for configuring the testbed device.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-01 17:38:47 +03:00
Kiran Kumar Lokere
420b5dd814 Define test config QCA vendor attribute for HE MAC padding duration
Add a new wifi test config QCA vendor attribute to configure HE
trigger frame MAC padding duration value in the driver.
This is used for testbed configuration.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-07-06 21:27:01 +03:00
Kiran Kumar Lokere
7bf86e4416 Define test config QCA vendor attribute for HE MU EDCA params
Add a new wifi test config QCA vendor attributes to configure
HE MU EDCA parameters value in the driver.
This is used for testbed configuration.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-07-03 18:12:44 +03:00
Kiran Kumar Lokere
6cc77193c6 Define test config QCA vendor attribute for Tx beamformee NSTS
Add a new wifi test config QCA vendor attribute to configure Tx
beamformee number of space-time streams value in the driver.
This is used for testbed configuration.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-06-28 18:37:01 +03:00
Jouni Malinen
a10f5714cc HS 2.0: Allow Hotspot 2.0 version number to be overridden for build
This can be used for testing and development purposes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-06-18 20:11:52 +03:00
Jouni Malinen
c3e4f40cd6 FT: Derive PMKR0Name/PMKR1Name using SHA-384 with AKM 00-0F-AC:13
The AKM 00-0F-AC:13 is supposed to use cryptographic algorithms
consistently, but the current IEEE 802.11 standard is not doing so for
the key names: PMKID (uses SHA-1), PMKR0Name/PMKR1Name (uses SHA-256).
The PMKID case was already implemented with SHA-384 and this commit
replaces use of SHA-256 with SHA-384 for PMKR0Name/PMKR1Name derivation
to be consistent in SHA-384. While this is not compliant with the
current IEEE 802.11 standard, this is clearly needed to meet CNSA Suite
requirements. Matching change is being proposed in REVmd to get the IEEE
802.11 standard to meet the use case requirements.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-06-06 23:59:46 +03:00
Jouni Malinen
df3bf6870b FT: Debug print of IE parsing element details
This makes it easier to debug issues in processing FT frames.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 20:16:37 +03:00
Jouni Malinen
9a33737a0b FT: FTE parsing for SHA384-based AKM
The MIC field is now a variable length field, so make the FTE parser
aware of the two different field lengths.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 19:29:53 +03:00
Jouni Malinen
994eac7e61 FT: PMK-R0 derivation using SHA384-based AKM
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 19:29:53 +03:00
Jouni Malinen
1655e81c97 FT: PMKID derivation using SHA384-based AKM
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 19:29:53 +03:00
Jouni Malinen
40a2eb1164 FT: PTK derivation using SHA384-based AKM
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 19:29:53 +03:00
Jouni Malinen
7880a6a2b8 FT: PMK-R1 derivation using SHA384-based AKM
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 19:29:52 +03:00
Jouni Malinen
b327026a72 FT: FTE MIC calculation using SHA384-based AKM
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 19:29:52 +03:00
Jouni Malinen
c49a9d6b99 FT: EAPOL-Key MIC calculation using SHA384-based AKM
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 19:29:52 +03:00
Jouni Malinen
a3e18dbb6a FT: Support variable length keys
This is a step in adding support for SHA384-based FT AKM.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 19:29:52 +03:00
Jouni Malinen
c22bb5bba6 FT: SHA384-based AKM in RSNE processing
This defines key lengths for SHA384-based FT AKM and handles writing and
parsing for RSNE AKMs with the new value.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 01:11:41 +03:00
Sachin Ahuja
b829e4b694 Add a QCA vendor command attribute to enable/disable GTX
This commit adds a new vendor command attribute
QCA_WLAN_VENDOR_ATTR_CONFIG_GTX in
QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION to enable/disable green
Tx power saving feature.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-24 18:47:48 +03:00
Jouni Malinen
9be19d0b9c SAE: Add support for using the optional Password Identifier
This extends the SAE implementation in both infrastructure and mesh BSS
cases to allow an optional Password Identifier to be used. This uses the
mechanism added in P802.11REVmd/D1.0. The Password Identifier is
configured in a wpa_supplicant network profile as a new string parameter
sae_password_id. In hostapd configuration, the existing sae_password
parameter has been extended to allow the password identifier (and also a
peer MAC address) to be set. In addition, multiple sae_password entries
can now be provided to hostapd to allow multiple per-peer and
per-identifier passwords to be set.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-19 17:30:29 +03:00
Naveen Rawat
4e47eec5a9 Add QCA NAN vendor attributes to provide IPv6 information
Add NAN attributes to communicate IPv6 address, port, and protocol
between wifihal and host driver.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-17 22:10:15 +03:00
Jeff Johnson
6965705bf5 Fix style issues in qca-vendor.h
Over time a number of style issues have crept into qca-vendor.h,
so fix most of them. There are some identifiers and comments which
exceed 80 columns, but these are left as-is for readability.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-16 01:16:54 +03:00
Kiran Kumar Lokere
7d66e7c408 Define new QCA feature flag for self managed regulatory support
This can be used to determine which mechanism to use for configuring
country code from trusted sources.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-16 01:16:54 +03:00
Kiran Kumar Lokere
38f60142d2 Define test config vendor attribute for Tx beamformee configuration
Add a new wifi test config QCA vendor attribute to configure Tx
beamformee in the driver. This is used for testbed configuration.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-16 01:16:54 +03:00
Edayilliam Jayadev
98b806b03d Add QCA vendor attribute for spectral hardware generation
Add spectral hardware generation attribute to
QCA_NL80211_VENDOR_SUBCMD_SPECTRAL_SCAN_GET_CAP_INFO vendor command.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-04 20:44:05 +03:00
Jouni Malinen
2439714f90 DPP: Fix testing code for invalid keys with OpenSSL 1.1.1
OpenSSL started reporting failures from
EC_POINT_set_affine_coordinates_GFp() similarly to BoringSSL, so use the
same workaround to enable this protocol testing case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-05-01 12:02:57 +03:00
Karthikeyan Periyasamy
6b21df0bb7 Add QCA vendor command/attr to filter frames from other BSSs
Add commands to allow an AP to configure filtering rules to capture
frames from stations that are active on the operating channel, but
not associated to this AP. Operations include add/delete the filter
and get the statistics information of the unassociated stations.

Signed-off-by: Karthikeyan Periyasamy <periyasa@codeaurora.org>
2018-04-26 17:56:22 +03:00
Jouni Malinen
f456940ef3 HS 2.0: CoA-Request processing for Terms and Conditions filtering
Extend RADIUS DAS to support CoA-Request packets for the case where the
HS 2.0 Terms And Conditions filtering VSA is used to remove filtering.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-25 12:57:46 +03:00
mazumdar
d239ab3962 DFS: Mark channels required DFS based on reg-domain info from the driver
Mark a channel as required DFS based on regulatory information received
from the driver/kernel rather than deciding based on hardcoded
boundaries on the frequency. Previously few channels were being marked
as requiring DFS even though they were non-DFS in a particular country.

If the driver does not provide channel list information, fall back to
the previously used frequency-based determination.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-24 00:35:47 +03:00
Jouni Malinen
7fc6a024f9 HS 2.0: Process received Terms and Conditions Acceptance notification
Extend wpa_supplicant WNM-Notification RX handling to parse and process
received Terms and Conditions Acceptance notifications. If PMF is
enabled for the association, this frame results in control interface
indication (HS20-T-C-ACCEPTANCE <URL>) to get upper layers to guide the
user through the required acceptance steps.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-24 00:35:47 +03:00
Jouni Malinen
8760b9848c HS 2.0: Send Terms and Conditions Acceptance notification
This extends hostapd Access-Accept processing to check if the RADIUS
server indicated that Terms and Conditions Acceptance is required. The
new hs20_t_c_server_url parameter is used to specify the server URL
template that the STA is requested to visit.

This commit does not enable any kind of filtering, i.e., only the part
of forwarding a request from Access-Accept to the STA using
WNM-Notification is covered.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-24 00:35:47 +03:00
Bhagavathi Perumal S
1952b626ba hostapd: Add ctrl iface indications for WDS STA interface
This allows user to get event indication when a new interface is
added/removed for 4addr WDS STA and also WDS STA ifname is informed
through the STA command.

Signed-off-by: Bhagavathi Perumal S <bperumal@codeaurora.org>
2018-04-24 00:35:47 +03:00
Jouni Malinen
2598e69303 FILS: Enable SHA256 KDF even without PMF/SAE in the build
While it is unlikely that FILS would be used without PMF or SAE in the
build, it is possible to generate such a build and as such, it would be
good for the KDF selection to work properly. Add CONFIG_FILS as an
independent condition for the SHA256-based KDF. Previously, this
combination would have resulted in failure to derive keys and terminated
key management exchange.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-24 00:35:47 +03:00
Jouni Malinen
67cca34645 HS 2.0: Copy Roaming Consortium OI from (Re)AssocReq to Access-Request
This extends hostapd processing of (Re)Association Request frames to
store a local copy of the Consortium OI within the Roaming Consortium
Selection element, if present, and then add that in HS 2.0 Roaming
Consortium attribute into RADIUS Access-Request messages.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-17 16:40:47 +03:00
Jouni Malinen
6a8a04d742 HS 2.0: Add fetching of Operator Icon Metadata ANQP-element
This extends wpa_supplicant Hotspot 2.0 ANQP routines to allow the
Operator Icon Metadata ANQP-element to be fetched with "ANQP_GET <bssid>
hs20:12". The result is available in the new hs20_operator_icon_metadata
entry in the "BSS <bssid>" output.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-17 16:40:42 +03:00
Jouni Malinen
5ecdf06c8c DPP: Fix build with LibreSSL v2.5
The ECDSA_SIG_{set,get}0() wrappers are needed with LibreSSL v2.5 (but
not v2.7.2).

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-04-15 00:01:35 +03:00
Jouni Malinen
4b603f01de DPP: Fix X509_ALGOR_get0() use with LibreSSL
At least LibreSSL v2.7.2 indicates support for OpenSSL API 1.1.0, but it
does not apparently use const ASN1_OBJECT * with X509_ALGOR_get0(). Use
the older non-const version here with LibreSSL to fix compilation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-04-15 00:01:35 +03:00
Jouni Malinen
8e402d1657 WPA: Fix a typo in a debug message
"PT derivation" was supposed to be saying "PTK derivation".

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-04-08 19:44:53 +03:00
Jouni Malinen
1bd131105b Clear pmk_len more consistently for extra protection
This gives more protection against unexpected behavior if RSN supplicant
code ends up trying to use sm->pmk[] with a stale value. Couple of the
code paths did not clear sm->pmk_len explicitly in cases where the old
PMK is being removed, so cover those cases as well to make sure these
will result in PMK-to-PTK derivation failures rather than use of
incorrect PMK value if such a code path could be reached somehow.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-04-08 19:44:05 +03:00
Kiran Kumar Lokere
26e0ada47f Define new test config attribute for HE LTF configuration
Add a new wifi test config attribute to configure HE LTF in the
driver. This is used for testbed configuration.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-06 23:41:06 +03:00
Ahmed ElArabawy
45f7574d31 Propagate the EAP method error code
In the current implementation, upon an EAP method failure, followed by
an EAP failure, the EAP Status is propagated up in wpa_supplicant with a
general failure parameter string "failure". This parameter is used for a
notification on the dbus.

This commit reports the EAP method failure error code in a separate
callback.

The solution in this commit is generic to all EAP methods, and can be
used by any method that need to pass its error code. However, this
commit only implements the reporting for EAP-SIM and EAP-AKA methods
where the Notification Code (in AT_NOTIFICATION) is used as the method
specific error code value.

Signed-off-by: Ahmed ElArabawy <arabawy@google.com>
2018-03-31 11:57:33 +03:00
Kabilan Kannan
7cfe2f0011 Add SAR V2 power selection capability (QCA vendor attributes)
Add changes to select SAR V2 power limits using the existing QCA vendor
command.

Signed-off-by: Kabilan Kannan <kabilank@codeaurora.org>
2018-03-30 10:49:11 +03:00
Jouni Malinen
2f37387812 FILS: Add more complete support for FT-FILS use cases
This extends the original IEEE Std 802.11ai-2016 functionality with the
changes added in REVmd to describe how additional keys are derived to
protect the FT protocol using keys derived through FILS authentication.

This allows key_mgmt=FT-FILS-SHA256 to be used with FT protocol since
the FTE MIC can now be calculated following the changes in REVmd. The
FT-FILS-SHA384 case is still unsupported (it needs support for variable
length MIC field in FTE).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-26 12:31:04 +03:00
Jouni Malinen
1778f1e9a4 SAE: Fix PTK derivation to use KDF-SHA256
The previous implementation ended up defaulting to using PRF-SHA1 for
deriving PTK from PMK when SAE was used. This is not correct since the
SAE AKM is defined to be using SHA-256 -based KDF instead. Fix that.

Note: This change is not backwards compatible. Both the AP and station
side implementations will need to be updated at the same time to
maintain functionality.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-23 18:44:48 +02:00
Tamizh chelvam
ec2b5173ce Make STA opmode change event available to upper layers
Add an event callback for EVENT_STATION_OPMODE_CHANGED to allow
user/application to get the notification whenever there is a change in a
station's HT/VHT op mode.

The new events:
STA-OPMODE-MAX-BW-CHANGED <addr> <20(no-HT)|20|40|80|80+80|160>
STA-OPMODE-SMPS-MODE-CHANGED <addr> <automatic|off|dynamic|static>
STA-OPMODE-N_SS-CHANGED <addr> <N_SS>

Signed-off-by: Tamizh chelvam <tamizhr@codeaurora.org>
2018-03-19 20:07:22 +02:00
Purushottam Kushwaha
8179ae3a2a DPP: Support retrieving of configurator's private key
To retain configurator information across hostapd/wpa_supplicant
restart, private key need to be maintained to generate a valid pair of
authentication keys (connector, netaccess_key, csign) for new enrollees
in the network.

Add a DPP_CONFIGURATOR_GET_KEY control interface API through which the
private key of an existing configurator can be fetched.

Command format:
DPP_CONFIGURATOR_GET_KEY <configurator_id>

The output from this command can then be used with
"DPP_CONFIGURATOR_ADD key=<hexdump>" to create the same key again.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-16 20:55:32 +02:00
Jouni Malinen
4bc801ab42 SAE: Fix EAPOL-Key integrity and key-wrap algorithm selection
The SAE AKM 00-0F-AC:8 is supposed to use EAPOL-Key Key Descriptor
Version 0 (AKM-defined) with AES-128-CMAC and NIST AES Key Wrap.
However, the previous implementation ended up using Key Descriptor
Version 2 (HMAC-SHA-1-128 and NIST AES Key Wrap). Fix this by using the
appropriate Key Descriptor Version and integrity algorithm. Use helper
functions to keep the selection clearer and more consistent between
wpa_supplicant and hostapd uses.

Note: This change is not backwards compatible. Both the AP and station
side implementations will need to be updated at the same time to
maintain functionality.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-16 13:36:42 +02:00
Kiran Kumar Lokere
01542e6517 Add new WiFi test config attributes to configure BA params
Define a new WiFi test configuration attributes in QCA vendor
command to configure BA session parameters and to add or
delete a BA session and to configure no ack policy.
This is used for configuring the testbed device.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-03 00:12:39 +02:00
Kiran Kumar Lokere
ba60804419 Add new WiFi test config attribute to allow WEP/TKIP in HE
Define a new WiFi test configuration attribute in QCA vendor
command to allow or not to allow WEP/TKIP in HT/VHT/HE mode.
This is used for configuring the testbed device.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-03 00:09:19 +02:00
Jouni Malinen
087474512f SAE: Debug print group support in the crypto library
This makes it easier to understand why "SAE: Failed to select group"
debug entry shows up in cases the selected crypto library does not
support a specific group.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-02 21:27:30 +02:00
Ben Greear
4ab0f11b80 Allow HT40 on 5 GHz channels 165 and 169
India supports 5 GHz channels 169 and 173 now. Enable HT40 across
channels 165 and 169. Leave channel 173 to remain HT20 only.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2018-02-17 18:52:01 +02:00