K and z can be derived already based on information available at the
time the PKEX Exchange Request is being processed, so move these there
from the PKEX Commit-Reveal Request processing since that matches the
DPP tech spec description close and allows PKEX exchange to be aborted
earlier if anything unexpected happens.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add limit on number of failed attempts that could have used PKEX code.
If the limit (5) is reached, drop the PKEX state (including the code)
and report this on the control interface to indicate that a new code
needs to be entered due to possible attack.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Clean up the pending PKEX exchange if Commit-Reveal Request processing
indicates a mismatch in the PKEX code. Previously, the this case was
silently ignored and the session was left in pending state that
prevented new PKEX exchanges from getting initated. Now, a new attempt
is allowed to be initiated.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Number of places writing BIGNUM values with left-padding were open
coding this helper functionality unnecessarily.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Report mismatching finite cyclic group with PKEX Exchange Response using
STATUS_BAD_GROUP and provide more detailed error report over the control
interface on the peer device when this happens.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The optional channel information was removed from the discovery object
in the DPP tech spec, so no need to maintain this TODO note anymore.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The previously used WLAN_REASON_MICHAEL_MIC_FAILURE (14) value as a
response to Authentication frame or (Re)Association Request frame is not
correct since the resp value is encoded in the Status Code (not Reason
Code) field. Status Code 14 is WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION
which is really what this value would have meant in the response frames.
There is no Michael MIC failure status code, so have to use the generic
"Unspecified failure" (1) reason code for these cases.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This cleans up dpp_pkex_rx_commit_reveal_req() a bit and makes it easier
to add protocol testing functionality to PKEX exchange similarly to the
previously added DPP Authentication case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This cleans up dpp_pkex_rx_exchange_resp() a bit and makes it easier to
add protocol testing functionality to PKEX exchange similarly to the
previously added DPP Authentication case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This cleans up dpp_pkex_rx_exchange_req() a bit and makes it easier to
add protocol testing functionality to PKEX exchange similarly to the
previously added DPP Authentication case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Indicate to upper layers if PKEX Commit-Reveal Request frame AES-SIV
decryption fails. That is a likely sign of the PKEX code mismatch
between the devices.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
DPP AKM should really require PMF to be used, but since that is not yet
explicitly required in the specification, make PMF enabled for now. For
legacy PSK cases, configure PMF to be enabled as well to support both
APs in no-PMF, optional-PMF, and required-PMF configuration.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Build breakage was introduced by commit
d8afdb210e ('Allow EAPOL-Key messages 1/4
and 3/4 to be retransmitted for testing') for some
CONFIG_TESTING_OPTIONS=y builds without CONFIG_IEEE80211W=y.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
This provides access to the Minimum/Maximum Transmit Power Capabilitie
fileds (the nominal minimum/maximum transmit power with which the STA
is capable of transmitting in the current channel; signed integer in
units of decibels relative to 1 mW).
Signed-off-by: bhagavathi perumal s <bperumal@qti.qualcomm.com>
Handle OWE DH exchange and key setup when processing the association
event from a driver that implements AP SME.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
While most places using this should be for cases where the hw_features
functionality is required, there seem to be some paths that are getting
exposed in new OWE related operations where that might not be the case.
Add explicit NULL pointer checks to avoid dereferencing the pointer if
it is not set when operating with driver wrappers that do not provide
sufficient information.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Change the test condition from "is OpenSSL 1.0.2" to "is not OpenSSL
1.0.1", so that the TLSv1.2 test step gets executed with OpenSSL 1.0.2
and 1.1 (and newer).
Signed-off-by: Jouni Malinen <j@w1.fi>
Normally, WNM-Sleep Mode exit with management frame protection
negotiated would result in the current GTK/IGTK getting added into the
WNM-Sleep Mode Response frame. Some station implementations may have a
vulnerability that results in GTK/IGTK reinstallation based on this
frame being replayed. Add a new hostapd configuration parameter that can
be used to disable that behavior and use EAPOL-Key frames for GTK/IGTK
update instead. This would likely be only used with
wpa_disable_eapol_key_retries=1 that enables a workaround for similar
issues with EAPOL-Key. This is related to station side vulnerabilities
CVE-2017-13087 and CVE-2017-13088. To enable this AP-side workaround,
set wnm_sleep_mode_no_keys=1.
Signed-off-by: Jouni Malinen <j@w1.fi>
When strict group rekeying is in effect, every station that leaves will
cause a rekeying to happen 0.5 s after leaving. However, if a lot of
stations join/leave, the previous code could postpone this rekeying
forever, since it always re-registers the handling with a 0.5 s timeout.
Use eloop_deplete_timeout() to address that, only registering the
timeout from scratch if it wasn't pending.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
In order to test the WoWLAN GTK rekeying KRACK mitigation, add a
REKEY_GTK hostapd control interface command that can be used at certain
points of the test.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Recent versions of tshark/wireshark renamed these fields, deal
with that in the tshark wrapper code.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Allow the Initiator to request a different channel to be used for DPP
Authentication and DPP Configuration exchanges. This commit adds support
for this in wpa_supplicant with the optional neg_freq=<freq in MHz>
parameter in DPP_AUTH_INIT.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
