Commit graph

1816 commits

Author SHA1 Message Date
Lior David
2c129a1b71 Fix cipher suite selector default value in RSNE for DMG
According to IEEE Std 802.11-2016, 9.4.2.25 when fields of an RSNE are
not included, the default values are used. The cipher suite defaults
were hardcoded to CCMP in the previous implementation, but the default
is actually different for DMG: GCMP (per 9.4.2.25.2).

It is not possible to find out from the RSNE if the network is non-DMG
or DMG, so callers of wpa_parse_wpa_ie_rsn() need to handle this case
based on context, which can be different for each caller.

In order to fix this issue, add flags to the wpa_ie_data indicating
whether pairwise/group ciphers were included in the RSNE. Callers can
check these flags and fill in the appropriate ciphers. The
wpa_parse_wpa_ie_rsn() function still initializes the ciphers to CCMP by
default so existing callers will not break. This change also fixes some
callers which need to handle the DMG network case.

Signed-off-by: Lior David <liord@codeaurora.org>
2019-02-21 12:42:24 +02:00
Davina Lu
66819b07b5 hostapd: Support Multi-AP backhaul STA onboarding with WPS
The Wi-Fi Alliance Multi-AP Specification v1.0 allows onboarding of a
backhaul STA through WPS. To enable this, the WPS Registrar offers a
different set of credentials (backhaul credentials instead of fronthaul
credentials) when the Multi-AP subelement is present in the WFA vendor
extension element of the WSC M1 message.

Add new configuration options to specify the backhaul credentials for
the hostapd internal registrar: multi_ap_backhaul_ssid,
multi_ap_backhaul_wpa_psk, multi_ap_backhaul_wpa_passphrase. These are
only relevant for a fronthaul SSID, i.e., where multi_ap is set to 2 or
3. When these options are set, pass the backhaul credentials instead of
the normal credentials when the Multi-AP subelement is present.

Ignore the Multi-AP subelement if the backhaul config options are not
set. Note that for an SSID which is fronthaul and backhaul at the same
time (i.e., multi_ap == 3), this results in the correct credentials
being sent anyway.

The security to be used for the backaul BSS is fixed to WPA2PSK. The
Multi-AP Specification only allows Open and WPA2PSK networks to be
configured. Although not stated explicitly, the backhaul link is
intended to be always encrypted, hence WPA2PSK.

To build the credentials, the credential-building code is essentially
copied and simplified. Indeed, the backhaul credentials are always
WPA2PSK and never use per-device PSK. All the options set for the
fronthaul BSS WPS are simply ignored.

Signed-off-by: Davina Lu <ylu@quantenna.com>
Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Marianna Carrera <marianna.carrera.so@quantenna.com>
2019-02-18 22:35:41 +02:00
Arnout Vandecappelle (Essensium/Mind)
bfcdac1c8b Multi-AP: Don't reject backhaul STA on fronthaul BSS
The Multi-AP specification only specifies that information elements have
to be added to the Association Request and Association Response frame;
it doesn't specify anything about what should be done in case they are
missing. Previously, we rejected non-backhaul associations on a
backhaul-only BSS, and non-fronthaul associations on a fronthaul-only
BSS.

However, this makes WPS fail when fronthaul and backhaul are separate
SSIDs. Indeed, WPS for the backhaul link is performed on the *fronthaul*
SSID. Thus, the Association Request frmae used for WPS *will* contain
the Multi-AP IE indicating a backhaul STA. Rejecting that association
makes WPS fail.

Therefore, accept a multi-AP backhaul STA Association Request frame on a
fronthaul-only BSS. Still issue a warning about it, but only at level
DEBUG intead of INFO. Also change the condition checking to make it
clearer.

While we're at it, also fix the handling of unexpected bits in the
Multi-AP IE. 4 bits are reserved in the specification, so these
certainly have to be ignored. The specification also doesn't say that
setting one of the other bits is not allowed. Therefore, only report
unexpected values in the Multi-AP IE, don't reject because of it. Note
that a malformed IE (containing more than one byte) still triggers a
rejection.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-02-18 20:21:01 +02:00
Jouni Malinen
2fae58fdc1 Fix wpa_psk_file parser error case handling
str_token() can return NULL for the name if the remaining token contains
only the delimiter. Fix this to avoid NULL pointer dereference with a
corner case of an invalid value used in the configuration.

Fixes: ec5c39a557 ("AP: Allow identifying which passphrase station used with wpa_psk_file")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-18 18:41:32 +02:00
Jouni Malinen
b0e91e3877 SAE: VLAN assignment based on SAE Password Identifier
The new sae_password parameter [|vlanid=<VLAN ID>] can now be used to
assign stations to a specific VLAN based on which SAE Password
Identifier they use. This is similar to the WPA2-Enterprise case where
the RADIUS server can assign stations to different VLANs and the
WPA2-Personal case where vlanid parameter in wpa_psk_file is used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-17 17:24:23 +02:00
Jouni Malinen
dbfa691df4 VLAN assignment based on used WPA/WPA2 passphrase/PSK
Extend wpa_psk_file to allow an optional VLAN ID to be specified with
"vlanid=<VLAN ID>" prefix on the line. If VLAN ID is specified and the
particular wpa_psk_file entry is used for a station, that station is
bound to the specified VLAN. This can be used to operate a single
WPA2-Personal BSS with multiple VLANs based on the used passphrase/PSK.
This is similar to the WPA2-Enterprise case where the RADIUS server can
assign stations to different VLANs.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-14 13:36:54 +02:00
Jouni Malinen
f3a841bbff Do not disassociate not-associated STA on timeout
If the ap_handle_timer() timeout is reached for a not-associated STA, do
not default to disassociating that STA first since Disassociation frame
is not really appropriate to send to a STA that is not in associated
state. Instead, skip directly to deauthentication and STA entry removal.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-11 17:42:53 +02:00
Jouni Malinen
525923b1d7 tests: EAPOL-Key fuzzing tool
Add test-eapol program that can be used for fuzzing the EAPOL-Key
Supplicant and Authenticator implementations. This tool can write
Supplicant or Authenticator messages into a file as an initialization
step and for the fuzzing step, that file (with potential modifications)
can be used to replace the internally generated message contents.

The TEST_FUZZ=y build parameter is used to make a special build where a
hardcoded random number generator and hardcoded timestamp are used to
force deterministic behavior for the EAPOL-Key operations. This will
also make the implementation ignore Key MIC and AES keywrap errors to
allow processing of modified messages to continue further.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-11 02:35:29 +02:00
Jouni Malinen
e34cd9f06e WNM: Fix WNM-Sleep Mode Request bounds checking
ieee802_11_rx_wnmsleep_req() might have been called for a short frame
that has no more payload after the Public Action field, i.e., with len
== 0. The bounds checking for the payload length was done only for the
information elements while the one octet Dialog Token field was read
unconditionally. In the original implementation, this could have
resulted in reading one octet beyond the end of the received frame data.

This case has not been reachable after the commit e0785ebbbd ("Use
more consistent Action frame RX handling in both AP mode paths"), but it
is better to address the specific issue in ieee802_11_rx_wnmsleep_req()
as well for additional protection against accidential removal of the
check and also to have something that can be merged into an older
version (pre-v2.7) if desired. The comments below apply for such older
versions where the case could have been reachable.

Depending on driver interface specific mechanism used for fetching the
frame, this could result in reading one octet beyond the end of a
stack/hash buffer or reading an uninitialized octet from within a
buffer. The actual value that was read as the Dialog Token field is not
used since the function returns immediately after having read this value
when there is no information elements following the field.

This issue was initially added in commit d32d94dbf4 ("WNM: Add
WNM-Sleep Mode implementation for AP") (with CONFIG_IEEE80211V=y build
option) and it remained in place during number of cleanup and fix
changes in this area and renaming of the build parameter to
CONFIG_WNM=y. The impacted function was not included in any default
build without one of the these optional build options being explicitly
enabled. CONFIG_WNM=y is still documented as "experimental and not
complete implementation" in hostapd/defconfig. In addition, commit
114f2830d2 ("WNM: Ignore WNM-Sleep Mode Request in wnm_sleep_mode=0
case") made this function exit before the impact read if WNM-Sleep Mode
support was not explicitly enabled in runtime configuration
(wnm_sleep_mode=1 in hostapd.conf). Commit e0785ebbbd ("Use more
consistent Action frame RX handling in both AP mode paths") made this
code unreachable in practice.

Add an explicit check that the frame has enough payload before reading
the Dialog Token field in ieee802_11_rx_wnmsleep_req().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-01-28 14:58:17 +02:00
Jared Bents
159a7fbdea crl_reload_interval: Add CRL reloading support
This patch adds a new flag 'crl_reload_interval' to reload CRL
periodically. This can be used to reload ca_cert file and the included
CRL information on every new TLS session if difference between the last
reload and the current time in seconds is greater than
crl_reload_interval.

This reloading is used for cases where check_crl is 1 or 2 and the CRL
is included in the ca_file.

Signed-off-by: Paresh Chaudhary <paresh.chaudhary@rockwellcollins.com>
Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
2019-01-27 18:45:07 +02:00
Michal Kazior
ec5c39a557 AP: Allow identifying which passphrase station used with wpa_psk_file
It is now possible to optionally specify keyid for
each wpa_psk_file entry:

 keyid=something 00:00:00:00:00:00 secretpassphrase

When station connects and the passphrase it used
has an associated keyid it will be appended to the
AP-STA-CONNECTED event string:

 wlan0: AP-STA-CONNECTED 00:36:76:21:dc:7b keyid=something

It's also possible to retrieve it through the control interface:

 $ hostapd_cli all_sta
 Selected interface 'ap0'
 00:36:76:21:dc:7b
 ...
 keyid=something

New hostapd is able to read old wpa_psk_file. However, old hostapd will
not be able to read the new wpa_psk_file if it includes keyids.

Signed-off-by: Michal Kazior <michal@plume.com>
2019-01-26 17:52:04 +02:00
Michal Kazior
b08c9ad0c7 AP: Expose PMK outside of wpa_auth module
This doesn't change any behavior on its own. It's going to be used to
expose per-station keyids and allow reloading passphrases in runtime.

Signed-off-by: Michal Kazior <michal@plume.com>
2019-01-26 17:52:04 +02:00
Jouni Malinen
42d308635f SAE: Advertise Password Identifier use
Support the new Extended Capabilities field bits 81 and 82 to indicate
whether SAe Password Identifiers are in use.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-01-24 00:20:49 +02:00
Siva Mullati
11ce7a1bc3 HE: Add MU EDCA Parameter Set element (AP)
Add support for configuring parameters for the MU EDCA Parameter Set
element per IEEE P802.11ax/D3.0.

Signed-off-by: Siva Mullati <siva.mullati@intel.com>
2019-01-08 17:22:43 +02:00
Zefir Kurtisi
10de40c0c8 DFS: Restart pending CAC on interface enable
When an interface is re-enabled after it was disabled during CAC, it
won't ever get active since hostapd is waiting for a CAC_FINISHED while
kernel side is waiting for a CMD_RADAR_DETECT to start a CAC.

This commit checks for a pending CAC when an interface is enabled and if
so restarts its DFS processing.

Signed-off-by: Zefir Kurtisi <zefir.kurtisi@neratec.com>
2019-01-08 01:11:56 +02:00
Janusz Dziedzic
bb35e2d214 hostapd: Work around an interop connection issue in FT-PSK + WPA-PSK
While the AP is configured to enable both FT-PSK and WPA-PSK, an HP
printer request both AKMs (copied from AP?) in Association Request
frame, but don't add MDIE and don't use FT. This results in the
connection failing.

Next in logs we see:

RSN: Trying to use FT, but MDIE not included
IE - hexdump(len=26): 30 18 01 00 00 0f ac 04 01 00 00 0f ac 04
                      02 00 00 0f ac 02 00 0f ac 04 00 00

This is seen with some HP and Epson printers. Work around this by
stripping FT AKM(s) when MDE is not present and there is still a non-FT
AKM available.

Signed-off-by: Janusz Dziedzic <janusz@plumewifi.com>
2019-01-06 21:10:08 +02:00
Dmitry Lebed
59bf0f9713 DFS: Add supported channel bandwidth checking
While selecting a new channel as a reaction to radar event we need to
take into account supported bandwidth for each channel provided via
nl80211. Without this modification hostapd might select an unsupported
channel that would fail during AP startup.

Signed-off-by: Dmitry Lebed <dlebed@quantenna.com>
2019-01-06 12:09:21 +02:00
Dmitry Lebed
75ce63e063 ACS: Add supported channel bandwidth checking
While doing automatic channel selection we need to take into account
supported bandwidth for each channel provided via nl80211. Without this
modification hostapd might select an unsupported channel which would
fail during AP startup.

Signed-off-by: Dmitry Lebed <dlebed@quantenna.com>
2019-01-06 12:04:15 +02:00
Dmitry Lebed
ce6d9ce15b hostapd: Add supported channel bandwidth checking infrastructure
This adds checks to common code to verify supported bandwidth options
for each channel using nl80211-provided info. No support of additional
modes is added, just additional checks. Such checks are needed because
driver/hardware can declare more strict limitations than declared in the
IEEE 802.11 standard. Without this patch hostapd might select
unsupported channel and that will fail because Linux kernel does check
channel bandwidth limitations.

Signed-off-by: Dmitry Lebed <dlebed@quantenna.com>
2019-01-06 11:54:34 +02:00
Dmitry Lebed
22dcafc20c ACS: Add support for 160 MHz bandwidth
Add support for 160 MHz BW channels to automatic channel selection
algorithm. Only 36 and 100 channels are supported as 160 MHz channels.

Signed-off-by: Dmitry Lebed <lebed.dmitry@gmail.com>
2019-01-06 01:44:06 +02:00
Jouni Malinen
4cf5efece3 FT: Allow STA entry to be removed/re-added with FT-over-the-DS
FT-over-the-DS has a special case where the STA entry (and as such, the
TK) has not yet been configured to the driver depending on which driver
interface is used. For that case, allow add-STA operation to be used
(instead of set-STA). This is needed to allow mac80211-based drivers to
accept the STA parameter configuration. Since this is after a new
FT-over-DS exchange, a new TK has been derived after the last STA entry
was added to the driver, so key reinstallation is not a concern for this
case.

Fixes: 0e3bd7ac68 ("hostapd: Avoid key reinstallation in FT handshake")
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-04 23:22:46 +02:00
Nils Nieuwejaar
ba4f3224ae Allow remote RADIUS authentication with local VLAN management
The documentation in the hostapd.conf file says that the dynamic_vlan
variable is used to control whether VLAN assignments are accepted from a
RADIUS server. The implication seems to be that a static VLAN assignment
will come from the accept_mac_file if dynamic_vlan is set to 0, and a
dynamic assignment will come from the RADIUS server if dynamic_vlan is
set to 1. Instead, I'm seeing that the static settings from the
accept_mac_file are ignored if dynamic_vlan is set to 0, but used if
dynamic_vlan is set to 1. If dynamic_vlan is set to 1 and the RADIUS
server does not provide a VLAN, then the accept_mac_file assignment is
overridden and the STA is assigned to the default non-VLANed interface.

If my understanding of the expected behavior is correct, then I believe
the problem is in ap_sta_set_vlan(). That routine checks the
dynamic_vlan setting, but has no way of determining whether the incoming
vlan_desc is static (i.e., from accept_mac_file) or dynamic (i.e., from
a RADIUS server).

I've attached a patch that gets hostapd working as I believe it's meant
to, and updates the documentation to make the implicit behavior
explicit.

The functional changes are:

- hostapd_allowed_address() will always extract the vlan_id from the
  accept_macs file. It will not update the vlan_id from the RADIUS cache
  if dynamic_vlan is DISABLED.

- hostapd_acl_recv_radius() will not update the cached vlan_id if
  dynamic_vlan is DISABLED.

- ieee802_1x_receive_auth() will not update the vlan_id if dynamic_vlan
  is DISABLED.

More cosmetic:

Most of the delta is just moving code out of ieee802_1x_receive_auth()
into a new ieee802_1x_update_vlan() routine. While I initially did this
because the new DISABLED check introduced excessive indentation, it has
the added advantage of eliminating the vlan_description allocation and
os_memset() call for all DYNAMIC_VLAN_DISABLED configs.

I've done a couple rounds of review offline with Michael Braun (who has
done much of the work in this part of the code) and incorporated his
feedback.

If dynamic_vlan=0 (disabled), vlan assignments will be managed using the
local accept_mac_file ACL file, even if a RADIUS server is being used
for user authentication. This allows us to manage users and devices
independently.

Signed-off-by: Nils Nieuwejaar <nils.nieuwejaar@gmail.com>
2019-01-02 23:27:49 +02:00
Markus Theil
6ca4949ae1 RRM: Update own neighbor report on channel switch
After performing a successful channel switch, the AP should update its
own neighbor report element, so do this from src/ap/drv_callbacks.c
after a successful switch.

Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2019-01-02 16:47:12 +02:00
Markus Theil
0998d9bd41 RRM: Move neighbor report functions
Move functions corresponding to neighbor report elements to
src/ap/neighbor_db.[c,h] in preparation to using them after channel
switch from src/ap/drv_callbacks.c.

Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2019-01-02 16:47:09 +02:00
Jouni Malinen
dc67982381 hostapd: Fix a typo in function name
This was supposed to use "hostapd_" prefix.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-02 16:40:34 +02:00
Sergey Matyukevich
fb60dbdcec vlan: Use new bridge ioctl()
Legacy ioctl() through SIOCDEVPRIVATE are deprecated. Follow the
approach taken by bridge-utils and make use of new bridge ioctl's
whenever possible.

For example, using legacy ioctl() breaks dynamic VLAN mode on 32-bit
Linux systems running 64-bit kernels.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
2019-01-02 00:23:43 +02:00
Jouni Malinen
28ab9344b5 Use internal EAP server identity as dot1xAuthSessionUserName
If the internal EAP server is used instead of an external RADIUS server,
sm->identity does not get set. Use the identity from the internal EAP
server in such case to get the dot1xAuthSessionUserName value in STA MIB
information.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-01 21:27:54 +02:00
Jouni Malinen
2ea1fce3d6 OCE: RSSI-based rejection to consider Authentication frames (AP)
Try to make RSSI-based rejection of associating stations a bit less
likely to trigger false rejections by considering RSSI from the last
received Authentication frame. Association is rejected only if both the
Authentication and (Re)Association Request frames are below the RSSI
threshold.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-01 18:18:53 +02:00
Beni Lev
076f1ea1d9 OCE: Add RSSI based association rejection support (AP)
An AP might reject a STA association request due to low RSSI. In such
case, the AP informs the STA the desired RSSI improvement and a retry
timeout. The STA might retry to associate even if the RSSI hasn't
improved if the retry timeout expired.

Signed-off-by: Beni Lev <beni.lev@intel.com>
2019-01-01 18:18:50 +02:00
Sam Voss
dd5d325b0a hostapd: Add configuration option check_crl_strict
Add the ability to ignore time-based CRL errors from OpenSSL by
specifying a new configuration parameter, check_crl_strict=0.

This causes the following:

- This setting does nothing when CRL checking is not enabled.

- When CRL is enabled, "strict mode" will cause CRL time errors to not
  be ignored and will continue behaving as it currently does.

- When CRL is enabled, disabling strict mode will cause CRL time
  errors to be ignored and will allow connections.

By default, check_crl_strict is set to 1, or strict mode, to keep
current functionality.

Signed-off-by: Sam Voss <sam.voss@rockwellcollins.com>
2018-12-31 12:51:51 +02:00
Hristo Venev
d01203cafc hostapd: Add openssl_ecdh_curves configuration parameter
This makes it possible to use ECDSA certificates with EAP-TLS/TTLS/etc.
It should be noted that when using Suite B, different mechanism is used
to specify the allowed ECDH curves and this new parameter must not be
used in such cases.

Signed-off-by: Hristo Venev <hristo@venev.name>
2018-12-30 17:27:34 +02:00
Jouni Malinen
b98933eafc HS 2.0: DHCP broadcast-to-unicast conversion before address learning
handle_dhcp() was first trying to learn the IP address of an associated
STA before doing broadcast-to-unicast conversion. This could result in
not converting some DHCPACK messages since the address learning part
aborts processing by returning from the function in various cases.

Reorder these operations to allow broadcast-to-unicast conversion to
happen even if an associated STA entry is not updated based on a
DHCPACK.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-30 01:05:18 +02:00
Jouni Malinen
e422a819d0 Check snprintf result to avoid compiler warnings
These do not really get truncated in practice, but it looks like some
newer compilers warn about the prints, so silence those by checking the
result and do something a bit more useful if the output would actually
get truncated.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-24 11:09:22 +02:00
Felix Fietkau
4d663233e6 hostapd: Support for overriding the bridge name per VLAN via vlan_file
This makes it easier to integrate dynamic VLANs in custom network
configurations. The bridge name is added after the interface name in the
vlan_file line, also separated by whitespace.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-12-21 12:02:57 +02:00
Andrei Otcheretianski
d2c4d1ee11 AP: Configure FTM responder parameters
Enable FTM responder and configure LCI and civic if ftm_responder
configuration option is set. Since ftm_responder configuration existed
before and was used to set extended capability bits, don't fail AP setup
flow if ftm_responder is set, but the driver doesn't advertise FTM
responder support.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2018-12-21 11:19:25 +02:00
Venkateswara Naralasetty
9c06f0f6ae hostapd: Add Multi-AP protocol support
The purpose of Multi-AP specification is to enable inter-operability
across Wi-Fi access points (APs) from different vendors.

This patch introduces one new configuration parameter 'multi_ap' to
enable Multi-AP functionality and to configure the BSS as a backhaul
and/or fronthaul BSS.

Advertise vendor specific Multi-AP capabilities in (Re)Association
Response frame, if Multi-AP functionality is enabled through the
configuration parameter.

A backhaul AP must support receiving both 3addr and 4addr frames from a
backhaul STA, so create a VLAN for it just like is done for WDS, i.e.,
by calling hostapd_set_wds_sta(). Since Multi-AP requires WPA2 (never
WEP), we can safely call hostapd_set_wds_encryption() as well and we can
reuse the entire WDS condition.

To parse the Multi-AP Extension subelement, we use get_ie(): even though
that function is meant for parsing IEs, it works for subelements.

Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org>
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2018-12-20 01:04:14 +02:00
Mathy Vanhoef
fa97981265 OCV: Include and verify OCI in WNM-Sleep Exit frames
Include and verify the OCI element in WNM-Sleep Exit Request and
Response frames. In case verification fails, the frame is silently
ignored.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 15:50:12 +02:00
Mathy Vanhoef
716ed96e8d OCV: Pass ocv parameter to mesh configuration
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 15:50:12 +02:00
Mathy Vanhoef
99621dc16c OCV: Include and verify OCI in the FILS handshake
Include and verify the OCI element in FILS (Re)Association Request and
Response frames.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 15:50:12 +02:00
Mathy Vanhoef
f91e68e903 OCV: Perform an SA Query after a channel switch
After the network changed to a new channel, perform an SA Query with the
AP after a random delay if OCV was negotiated for the association. This
is used to confirm that we are still operating on the real operating
channel of the network. This commit is adding only the station side
functionality for this, i.e., the AP behavior is not changed to
disconnect stations with OCV that do not go through SA Query.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 15:50:12 +02:00
Mathy Vanhoef
f9da7505bf OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.

On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.

Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.

As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 15:42:23 +02:00
Mathy Vanhoef
dd8df6af0b OCV: Include and verify OCI in the FT handshake
Include and verify the the OCI element in (Re)Association Request and
Response frames of the FT handshake. In case verification fails, the
handshake message is silently ignored.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 15:42:23 +02:00
Mathy Vanhoef
aed61c4efa OCV: Verify OCI in 4-way and group key handshake
Verify the received OCI element in the 4-way and group key handshakes.
If verification fails, the handshake message is silently dropped.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 15:42:23 +02:00
Mathy Vanhoef
1034f67bf1 OCV: Add function to derive Tx parameters to a specific STA
Use the information elements that were present in the (Re)Association
Request frame to derive the maximum bandwidth the AP will use to
transmit frames to a specific STA. By using this approach, we don't need
to query the kernel for this information, and avoid having to add a
driver API for that.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 15:42:19 +02:00
Mathy Vanhoef
f53aeff415 OCV: Parse all types of OCI information elements
Add functionality to parse all variations of the OCI element.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 00:02:14 +02:00
Mathy Vanhoef
17c2559caf OCV: Insert OCI in 4-way and group key handshake
If Operating Channel Verification is negotiated, include the OCI KDE
element in EAPOL-Key msg 2/4 and 3/4 of the 4-way handshake and both
messages of the group key handshake.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 00:02:14 +02:00
Mathy Vanhoef
1e93e4239f OCV: Track STA OCV capability in AP mode
Check and store OCV capability indication for each STA.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 20:49:13 +02:00
Mathy Vanhoef
875ab60d73 OCV: Advertise OCV capability in RSN capabilities (AP)
Set the OCV bit in RSN capabilities (RSNE) based on AP mode
configuration. Do the same for OSEN since it follows the RSNE field
definitions.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 20:48:48 +02:00
Mathy Vanhoef
9c55fdb023 OCV: Add hostapd config parameter
Add hostapd.conf parameter ocv to disable or enable Operating Channel
Verification (OCV) support.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 20:31:21 +02:00
Mathy Vanhoef
ad20a1367f Store the VHT Operation element of an associated STA
APs and mesh peers use the VHT Operation element to advertise certain
channel properties (e.g., the bandwidth of the channel). Save this
information element so we can later access this information.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 18:35:30 +02:00
Mathy Vanhoef
bef4d07a28 Make channel_info available to authenticator
This adds the necessary functions and callbacks to make the channel_info
driver API available to the authenticator state machine that implements
the 4-way and group key handshake. This is needed for OCV.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 18:35:30 +02:00
Mathy Vanhoef
7f00dc6e15 Add driver API to get current channel parameters
This adds driver API functions to get the current operating channel
parameters. This encompasses the center frequency, channel bandwidth,
frequency segment 1 index (for 80+80 channels), and so on.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 18:35:30 +02:00
Jouni Malinen
7bd8c76a4f HS 2.0 server: RADIUS server support for SIM provisioning
This adds support for hostapd-as-RADIUS-authentication-server to request
subscription remediation for SIM-based credentials. The new hostapd.conf
parameter hs20_sim_provisioning_url is used to set the URL prefix for
the remediation server for SIM provisioning. The random
hotspot2dot0-mobile-identifier-hash value will be added to the end of
this URL prefix and the same value is stored in a new SQLite database
table sim_provisioning for the subscription server implementation to
use.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-15 18:01:38 +02:00
Jouni Malinen
f3784a6b94 HS 2.0: Reject Hotspot 2.0 Rel 2 or newer association without PMF
Hotspot 2.0 Rel 2 requires PMF to be enabled.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-08 14:06:58 +02:00
Jouni Malinen
6ae04d7b34 HS 2.0: Allow Hotspot 2.0 release number to be configured
The new hostapd configuration parameter hs20_release can be used to
configure the AP to advertise a specific Hotspot 2.0 release number
instead of the latest supported release. This is mainly for testing
purposes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-08 14:06:54 +02:00
Jouni Malinen
17adac9ef9 FILS: Do not process FILS HLP request again while previous one is pending
It is better not to process a new (most likely repeated) FILS HLP
request if a station retransmits (Re)Association Request frame before
the previous HLP response has either been received or timed out. The
previous implementation ended up doing this and also ended up
rescheduling the fils_hlp_timeout timer in a manner that prevented the
initial timeout from being reached if the STA continued retransmitting
the frame. This could result in failed association due to a timeout on
the station side.

Make this more robust by processing (and relaying to the server) the HLP
request once and then ignoring any new HLP request while the response
for the relayed request is still pending. The new (Re)Association
Request frames are otherwise processed, but they do not result in actual
state change on the AP side before the HLP process from the first
pending request is completed.

This fixes hwsim test case fils_sk_hlp_oom failures with unmodified
mac80211 implementation (i.e., with a relatively short retransmission
timeout for (Re)Association Request frame).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-07 16:03:40 +02:00
Jouni Malinen
678d8410af Move send_probe_response parameter to BSS specific items
This can be more convenient for testing Multiple BSSID functionality.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-07 15:03:11 +02:00
Jouni Malinen
9da196adf9 VLAN: Warn about interface name truncation
Add more snprintf checks to make it clearer if some of the ifname
constructions would end up being too long.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-03 12:44:11 +02:00
Jouni Malinen
8fc6d88465 OWE: Fix association rejection behavior
If association failed for any non-OWE specific reason, the previous
implementation tried to add the OWE related IEs into the (Re)Association
Response frame. This is not needed and could actually result in
dereferencing a NULL pointer. Fix this by adding those OWE related IEs
only for successful association and only if the RSN state machine has
been initialized.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-02 20:21:21 +02:00
Jouni Malinen
e22c23382f DPP: Apply testing configuration option to signing of own config
Previous implementation had missed this case of setting configurator
parameters.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-02 00:26:21 +02:00
Jouni Malinen
e0785ebbbd Use more consistent Action frame RX handling in both AP mode paths
Both handle_action() and hostapd_action_rx() are used for processing
received Action frames depending on what type of driver architecture is
used (MLME in hostapd vs. driver) and which build options were used to
build hostapd. These functions had a bit different sequence for checking
the frame and printing debug prints. Make those more consistent by
checking that the frame includes the category-specific action field and
some payload. Add a debug print for both functions to make it easier to
see which path various Action frames use.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-01 20:30:09 +02:00
Jouni Malinen
ff50101139 FT: Check session_timeout pointer consistently
Avoid smatch warning on this even thought the only caller of the
function uses a non-NULL pointer in all cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-30 21:28:19 +02:00
Jouni Malinen
0227028444 EAP DB: Use NULL to clear a pointer
Avoid a sparse warning from use of a plain integer.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-30 21:28:19 +02:00
Jouni Malinen
3d1d469195 Fix indentation level
This gets rid of smatch warnings about inconsistent indenting.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-30 21:28:19 +02:00
Jouni Malinen
a00d65e79f DPP: Reject invalid no-psk/pass legacy configurator parameters
Instead of going through the configuration exchange, reject invalid
legacy configurator parameters explicitly. Previously, configuring
legacy (psk/sae) parameters without psk/pass resulted in a config object
that used a zero length passphrase. With this change, that config object
is not sent and instead, either the initialization attempts is rejected
or the incoming initialization attempt is ignored.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-30 17:14:49 +02:00
Jouni Malinen
04924b28b5 OWE: Fix a compiler warning in non-testing build
The new conf variable was used only within the CONFIG_TESTING_OPTIONS
block and as such, added a warning about unused variable into
non-testing builds. Fix that by using that variable outside the
conditional block as well.

Fixes: a22e235fd0 ("OWE: Add testing RSNE for OWE assoc response with driver SME/MLME")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-27 20:49:53 +02:00
Jouni Malinen
6e7b4c45fa Fix hostapd config file reloading with BSS addition/removal
BSS additional/removal cases were not considered at all in the previous
implementation of hostapd configuration file reloading on SIGHUP. Such
changes resulted in num_bss values getting out of sync in runtime data
and configuration data and likely dereferencing of freed memory (e.g.,
when removing a BSS).

Fix this by forcing a full disable/enable sequence for the interface if
any BSS entry is added/removed or if an interface name changes between
the old and the new configuration.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-11-26 00:51:38 +02:00
Jouni Malinen
adbce7443d HS 2.0: Update HS2.0 AP version RADIUS attribute Version field
Use HS20_VERSION macro to determine if R3 should be indicated instead of
R2.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-09 23:38:31 +02:00
Jouni Malinen
ab3ab50757 HS 2.0: Fix Terms and Conditions URL handling
Do not try to determine the length of the T&C Server URL before checking
that the URL is available. This got broken in a change to move the
handling to the AS. hostapd could potentially have hit a NULL pointer
dereference if the authentication server sent an unconsistent set of T&C
information.

Fixes: d4e39c51f8 ("HS 2.0: Move Terms and Conditions Server URL generation from AP to AS")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-30 19:15:11 +02:00
Ankita Bajaj
0f0aa2a640 OCE: Move OCE checks to IE formation from hostapd initialization
Earlier, the OCE flags were checked during hostapd initialization. This
doesn't address few cases like for example when the interface is added
from control interface. Move the OCE flag checks to the functions that
are forming the MBO/OCE IEs to cover all the different paths for
enabling a BSS. Also use macros as appropriate for readability.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-30 15:43:01 +02:00
Jouni Malinen
d514b50265 WNM: Collocated Interference Reporting
Add support for negotiating WNM Collocated Interference Reporting. This
allows hostapd to request associated STAs to report their collocated
interference information and wpa_supplicant to process such request and
reporting. The actual values (Collocated Interference Report Elements)
are out of scope of hostapd and wpa_supplicant, i.e., external
components are expected to generated and process these.

For hostapd/AP, this mechanism is enabled by setting
coloc_intf_reporting=1 in configuration. STAs are requested to perform
reporting with "COLOC_INTF_REQ <addr> <Automatic Report Enabled> <Report
Timeout>" control interface command. The received reports are indicated
as control interface events "COLOC-INTF-REPORT <addr> <dialog token>
<hexdump of report elements>".

For wpa_supplicant/STA, this mechanism is enabled by setting
coloc_intf_reporting=1 in configuration and setting Collocated
Interference Report Elements as a hexdump with "SET coloc_intf_elems
<hexdump>" control interface command. The hexdump can contain one or
more Collocated Interference Report Elements (each including the
information element header). For additional testing purposes, received
requests are reported with "COLOC-INTF-REQ <dialog token> <automatic
report enabled> <report timeout>" control interface events and
unsolicited reports can be sent with "COLOC_INTF_REPORT <hexdump>".

This commit adds support for reporting changes in the collocated
interference (Automatic Report Enabled == 1 and partial 3), but not for
periodic reports (2 and other part of 3).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-30 14:07:51 +02:00
Ilan Peer
f13aaf33fb AP: Place the WPA IE in the correct order
In case the protocol used for the BSS is WPA, the WPA vendor IE should
be placed after all the non vendor IEs. Fix this for Beacon and Probe
Response frames.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2018-10-20 11:28:29 +03:00
Sriram R
7b2ca5cf0d hostapd: Reset channel switch parameters on interface disable
Previously, when an AP interface was disabled through a control
interface DISABLE command during a channel switch window, the interface
could not be reenabled due to beacon setup failure (which validates if
CSA is in progress).

Fix this by clearing channel switch parameters while disabling the
hostapd interface.

Signed-off-by: Sriram R <srirrama@codeaurora.org>
2018-10-19 21:26:03 +03:00
Andrei Otcheretianski
68500d8159 AP: Warn about VLAN interface name truncations
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2018-10-16 12:56:04 +03:00
Sathishkumar Muruganandam
72a09d43fe Fix 5 GHz to 2.4 GHz channel switch with hostapd through DISABLE/ENABLE
When moving a 5 GHz VHT AP to 2.4 GHz band with VHT disabled through the
hostapd control interface DISABLE/reconfig/ENABLE commands, enabling of
the AP on 2.4 GHz failed due to the previously configured VHT capability
being compared with hardware VHT capability on 2.4 GHz band:

hw vht capab: 0x0, conf vht capab: 0x33800132
Configured VHT capability [VHT_CAP_MAX_MPDU_LENGTH_MASK] exceeds max value supported by the driver (2 > 0)
ap: interface state DISABLED->DISABLED

Since VHT (ieee80211ac) config is already disabled for the 2.4 GHz band,
add fix this by validating vht_capab only when VHT is enabled.

Fixes: c781eb8428 ("hostapd: Verify VHT capabilities are supported by driver")
Signed-off-by: Sathishkumar Muruganandam <murugana@codeaurora.org>
2018-10-16 00:50:40 +03:00
Ashok Kumar
edb28006c4 PMF: Do not start SA Query procedure if there is no association
Previous implementation ended up triggering PMF check for previous
association and SA Query procedure incorrectly in cases where there is a
STA entry in hostapd, but that STA is not in associated state. This
resulted in undesired temporary rejection of the association with status
code 30.

This ended up breaking OWE group negotiation when PMF is in use since
the check for the OWE group would have happened only after this earlier
PMF check and rejection (i.e., the station got status code 30 instead of
the expected 77).

For example, when the AP is configured with OWE group 21 and a station
tries groups 19, 20, and 21 (in this sequence), the first two
Association Request frames should be rejected with status code 77.
However, only the first one got that status code while the second one
got status code 30 due to that issue with PMF existing association
check.

Furthermore, hostapd was continuing with SA Query procedure with
unencrypted Action frames in this type of case even though there was no
existing association (and obviously, not an encryption key either).

Fix this by checking that the STA entry is in associated state before
initiating SA Query procedure based on the PMF rules.

Signed-off-by: Ashok Kumar <aponnaia@codeaurora.org>
2018-10-16 00:33:20 +03:00
Hauke Mehrtens
74eebe93d0 SAE: Do not ignore option sae_require_mfp
Without this patch sae_require_mfp is always activate, when ieee80211w
is set to optional all stations negotiating SAEs are being rejected when
they do not support PMF. With this patch hostapd only rejects these
stations in case sae_require_mfp is set to some value and not null.

Fixes ba3d435fe4 ("SAE: Add option to require MFP for SAE associations")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-10-14 20:13:16 +03:00
Jouni Malinen
dc1b1c8db7 Drop logging priority for handle_auth_cb no-STA-match messages
This message was printed and MSG_INFO level which would be more
reasonable for error cases where hostapd has accepted authentication.
However, this is not really an error case for the cases where
authentication was rejected (e.g., due to MAC ACL). Drop this to use
MSG_DEBUG level.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-10-14 20:03:55 +03:00
Jouni Malinen
6588f71222 Reduce undesired logging of ACL rejection events from AP mode
When Probe Request frame handling was extended to use MAC ACL through
ieee802_11_allowed_address(), the MSG_INFO level log print ("Station
<addr> not allowed to authenticate") from that function ended up getting
printed even for Probe Request frames. That was not by design and it can
result in excessive logging and MSG_INFO level if MAC ACL is used.

Fix this by printing this log entry only for authentication and
association frames. In addition, drop the priority of that log entry to
MSG_DEBUG since this is not really an unexpected behavior in most MAC
ACL use cases.

Fixes: 92eb00aec2 ("Extend ACL check for Probe Request frames")
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-10-14 19:57:22 +03:00
Jouni Malinen
18003b315b AS: Add an event_cb() callback handler
This provides debug log information on TLS events on the server side.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-11 12:12:30 +03:00
Jouni Malinen
cad810a98f HS 2.0: OSU Provider NAI List advertisement
Extend hostapd to allow the new OSU Provider NAI List ANQP-element to be
advertised in addition to the previously used OSU Providers list
ANQP-element. The new osu_nai2 configurator parameter option is used to
specify the OSU_NAI value for the shared BSS (Single SSID) case while
osu_nai remains to be used for the separate OSU BSS.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-05 20:49:42 +03:00
Andreas Tobler
b5ebe5dd5b hostapd: Send an event before throwing a station on re-authentication
If you modify the WLAN-STA-AUTHORIZED bit in sta->flags, you have to
call the ap_sta_set_authorized() function to make sure the corresponding
event is sent over the control interface. Otherwise we leak entries in
the event history.

Signed-off-by: Andreas Tobler <andreas.tobler@cloudguard.ch>
2018-09-02 12:48:32 +03:00
Chaitanya T K
410e2dd1d6 OWE: Fix build error in AP code without CONFIG_IEEE80211W=y
When CONFIG_OWE is enabled but none of 11R/11W/FILS are enabled hostapd
(and wpa_supplicant with AP mode support) build failed. Fix this by
adding OWE to the list of conditions for including the local variables.

Signed-off-by: Chaitanya T K <chaitanya.mgit@gmail.com>
2018-09-02 12:38:16 +03:00
Purushottam Kushwaha
20f612d998 DPP: Set group id through DPP_AUTH_INIT or dpp_configurator_params
This enhances DPP_AUTH_INIT, DPP_CONFIGURATOR_SIGN, and SET
dpp_configurator_params to allow optional setting of the DPP groupId
string for a Connector. If the value is not set, the previously wildcard
value ("*") is used by default.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-30 23:34:00 +03:00
Hu Wang
567df5501c Re-configure WEP keys on hostapd interface re-enable
This allows WEP mode AP to be re-enabled automatically after external
ifconfig down + up on netdev used by hostapd.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-21 18:50:12 +03:00
Jouni Malinen
c6e1a9a0b3 Clarify the TODO comment regarding PMKID KDE in EAPOL-Key msg 1/4
Make it clear that the consideration should be only for the IBSS case
and in infrastructure BSS case, PMKID KDE should not be added due to
risks involved with exposing this to stations that do not know the
passphrase.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-10 13:51:04 +03:00
Jouni Malinen
d4e39c51f8 HS 2.0: Move Terms and Conditions Server URL generation from AP to AS
This makes it more convenient to generate the URL in a way that
interoperates between different vendors. The AP is simply copying the
already constructed URL as-is from Access-Accept to WNM-Notification.
This means that the HO AAA can generate the URL in a manner that works
for the associated T&C Server without having to coordinate with each AP.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-06-21 20:50:54 +03:00
Jouni Malinen
3a8dd390c9 SAE: Allow authentication restart on AP
In the infrastructure BSS case, the AP needs to clear pending SAE state
if a new Commit message is received when already in Committed state.
This allows the non-AP STA to negotiate a new group if it ends up trying
to go through SAE authentication again before the AP side has removed
the previous STA entry.

This fixes an issue where a kernel update changed something in SAE
timing or authentication sequence and started failing the
sae_bignum_failure hwsim test case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-06-20 13:04:31 +03:00
Martin Willi
4a0e011560 AP: Fix HT 20/40 co-ex transition timer cancellation on iface removal
When removing an interface, hostapd_bss_deinit() frees all associated
STAs. If any of the stations is 40MHz intolerant, the cleanup invokes
ht40_intolerant_remove(), that in turn registers a 20->40MHz transition
timer for the last station (ap_ht2040_timeout() function). That timer is
never canceled; once it executes, the interface is gone, most likely
resulting in a segfault when referencing it.

While hostapd_interface_deinit() cancels the transition timer, it does
so before cleaning up STAs. Move the cancellation after STA cleanup to
cancel any timer that was registered during that operation.

Signed-off-by: Martin Willi <martin@strongswan.org>
2018-06-12 21:45:10 +03:00
Jouni Malinen
c3e4f40cd6 FT: Derive PMKR0Name/PMKR1Name using SHA-384 with AKM 00-0F-AC:13
The AKM 00-0F-AC:13 is supposed to use cryptographic algorithms
consistently, but the current IEEE 802.11 standard is not doing so for
the key names: PMKID (uses SHA-1), PMKR0Name/PMKR1Name (uses SHA-256).
The PMKID case was already implemented with SHA-384 and this commit
replaces use of SHA-256 with SHA-384 for PMKR0Name/PMKR1Name derivation
to be consistent in SHA-384. While this is not compliant with the
current IEEE 802.11 standard, this is clearly needed to meet CNSA Suite
requirements. Matching change is being proposed in REVmd to get the IEEE
802.11 standard to meet the use case requirements.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-06-06 23:59:46 +03:00
Jouni Malinen
e8d08cf378 SAE: Do not drop STA entry on reauthentication in infrastructure BSS
A new SAE Commit message should not be allowed to drop an existing STA
entry since the sender of that Commit message cannot be authenticated
before receiving the Confirm message. This is important in particular
when PMF is used since this would provide a potential new path for
forcing a connection to be dropped.

Fix this by allowing a new SAE Authentication instance to be started
when the old instance is in Accepted state and the new Commit message
does not use the same peer-scalar value (checked in
sae_parse_commit_scalar()). When PMF is used, the AP will use SA Query
procedure when receiving the (Re)Association Request frame. In theory,
that step could be skipped in case of SAE Authentication since the
non-AP STA is demonstrating knowledge of the password. Anyway, there is
no allowance for that exception in the IEEE 802.11 standard, so at least
for now, leave this using SA Query procedure just like any other PMF
case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-06-06 01:22:01 +03:00
Jouni Malinen
ff168f8c23 FT: Support 256-bit IGTK in AP case
hostapd was hardcoded to use 128-bit IGTK in FT protocol (IGTK
subelement in FTE). Extend that to allow 256-bit IGTK (i.e.,
BIP-CMAC-256 and BIP-GMAC-256) to be used as well.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 21:50:36 +03:00
Jouni Malinen
2cf36d6085 FT: Handle AssocResp generation failures as fatal errors
Instead of sending out a partially completed frame, abort the
association process if something unexpected happens and remove the STA
entry.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 21:50:36 +03:00
Jouni Malinen
657b4c45a9 FILS: Fix KEK2 use in FT-FILS use cases
When support for KCK2 and KEK2 was added, both keys were derived for
FT-FILS cases, but only KCK2 was actually used. Add similar changes to
use KEK2 to protect GTK/IGTK in FTE with using FT-FILS AKMs.

This fixes AES key wrapping to use the correct key. The change is not
backwards compatible.

Fixes: 2f37387812 ("FILS: Add more complete support for FT-FILS use cases")
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 21:04:54 +03:00
Jouni Malinen
661afb2edd FT: Fix RRB error path handling
When building an RRB message, a failure in wpa_ft_rrb_lin() calls could
have resulted in trying to free an uninitialized pointer. Fix this by
initializing *packet to NULL before going through the initial steps.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 20:16:37 +03:00
Jouni Malinen
3d9cd08410 FT: Add support for variable length PMK-R1 receiving in RRB
SHA384-based FT AKM uses longer keys, so the RRB receive processing for
push and pull response messages needs to be able to accept variable
length PMK-R1.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 20:16:37 +03:00
Jouni Malinen
a7968ea568 FT: FTE generation for SHA384-based AKM on AP
The MIC field is now a variable length field, so make FTE generation in
hostapd aware of the two different field lengths.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 20:16:37 +03:00
Jouni Malinen
9a33737a0b FT: FTE parsing for SHA384-based AKM
The MIC field is now a variable length field, so make the FTE parser
aware of the two different field lengths.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 19:29:53 +03:00
Jouni Malinen
994eac7e61 FT: PMK-R0 derivation using SHA384-based AKM
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 19:29:53 +03:00
Jouni Malinen
9f12271b2a FT: XXKey derivation for SHA384-based AKM
XXKey is the first 384 bits of MSK when using the SHA384-based FT AKM.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 19:29:52 +03:00