Commit graph

12381 commits

Author SHA1 Message Date
Jouni Malinen
5f0e165e80 crypto: Add return value to DES and AES encrypt/decrypt
These operations may fail with some crypto wrappers, so allow the
functions to report their results to the caller.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-28 11:23:54 +02:00
Ashwini Patil
dca4b503f1 MBO: Fix minimum length check on non_pref_chan configuration
The reason detail field in non_pref_chan attribute was removed
from MBO draft v0.0_r25. Also oper_class can be 1 character for
few country codes (e.g., country code-UK, channel number-1). So the
shortest channel configuration is 7 characters.

This was missed in the earlier commit
4a83d4b686 ('MBO: Do not add reason_detail
in non_pref_chan attr (STA)') that took care of other changes related to
removal of the reason detail.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-26 12:26:22 +02:00
Peng Xu
5b9f46df0e hostapd: Get channel number from frequency based on other modes as well
When getting the channel number from a frequency, all supported modes
should be checked rather than just the current mode. This is needed when
hostapd switches to a channel in different band.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-26 12:24:03 +02:00
Jouni Malinen
4c8836f139 FILS: Fix fils_hlp.c build with older netinet/udp.h definitions
The __FAVOR_BSD macro was previously used in netinet/udp.h to select
between two different names of the variables in struct udphdr. Define
that to force the versions with the uh_ prefix. In addition, use the
same style consistently within fils_hlp.c.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-26 12:18:29 +02:00
Jouni Malinen
c4bb39707f Fix AES-SIV build dependencies
aes-siv.c needs functions from aes-ctr.c and aes-omac1.c, so set
NEED_AES_CTR=y and NEED_AES_OMAC1=y if NEED_AES_SIV is defined. This
fixes some build configuration combinations where either of those
dependencies were not pulled in through other parameters. For example,
some CONFIG_FILS=y cases were impacted.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-26 12:05:40 +02:00
Jouni Malinen
694a3a0d64 mesh: Fix CONFIG_MESH=y build without CONFIG_IEEE80211W=y
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-26 12:05:40 +02:00
Jouni Malinen
47e148592d tests: AP with open mode and use for SELECT_NETWORK freq parameter
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-26 12:05:40 +02:00
Jouni Malinen
88a447556e Fix SELECT_NETWORK freq parameter
This functionality was originally added in commit
204c9ac4ee ('Extend select_network command
with freq= to reduce scan time') re-using wpa_s->manual_scan_freqs and
MANUAL_SCAN_REQ. That got broken when commit
35d403096e ('Set NORMAL_SCAN_REQ on
SELECT_NETWORK/ENABLE_NETWORK') started overriding wpa_s->scan_req for
SELECT_NETWORK.

Fix this by adding a new scan frequency list specifically for
SELECT_NETWORK so that this does not need to depend on any specific
wpa_s->scan_req value.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-26 12:05:40 +02:00
Saurav Babu
d02989f2e4 D-Bus: Notify mesh capability if driver supports it
Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
2017-02-26 12:05:40 +02:00
Jouni Malinen
361afb4f0f tests: FILS SK using ERP with SIM
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-26 12:05:40 +02:00
Jouni Malinen
360f8ad4ef tests: FILS SK using ERP and AP going away
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-26 12:05:40 +02:00
Jouni Malinen
57a2aacabf Add option to disable broadcast deauth in hostapd on AP start/stop
The new broadcast_deauth parameter can be used to disable sending of the
Deauthentication frame whenever AP is started or stopped. The default
behavior remains identical to the past behavior (broadcast_deauth=1).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-26 12:05:40 +02:00
Jouni Malinen
21ed24f5ad hostapd: Fix potential mesh-related change from impacting non-mesh cases
Commit 01e2231fdc ('hostapd: Skip some
configuration steps for mesh cases') removed some operations based on
hapd->iface->mconf being NULL. This was within #ifdef CONFIG_MESH, so it
should not impact hostapd, but it can impact AP mode with
wpa_supplicant. That does not sound intentional, so make these
conditional on hapd->conf->mesh being enabled.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-26 12:05:40 +02:00
Jouni Malinen
659ff34023 tests: FILS PMKSA caching with Cache Identifier and external management
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-26 12:05:40 +02:00
Jouni Malinen
b7286c1b5d FILS: External management of PMKSA cache entry with Cache Identifier
The PMKSA_GET and PMKSA_ADD commands can now use an optional extra
parameter to fetch and add PMKSA cache entries with the FILS Cache
Identifier.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-26 12:05:40 +02:00
Jouni Malinen
22c54cd738 tests: FILS Cache Identifier for PMKSA caching
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-26 12:05:40 +02:00
Jouni Malinen
869af30728 FILS: Use FILS Cache Identifier to extend PMKSA applicability
This allows PMKSA cache entries for FILS-enabled BSSs to be shared
within an ESS when the BSSs advertise the same FILS Cache Identifier
value.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-26 12:05:40 +02:00
Jouni Malinen
6bb32582df tests: Extend PMKSA output parser to handle FILS Cache Identifier
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-21 12:51:48 +02:00
Jouni Malinen
6aea02e579 SME: Clear portValid on starting authentication to fix FILS
The ft_completed for FILS authentication case in
wpa_supplicant_event_assoc() depends on something having cleared
portValid so that setting it TRUE ends up authorizing the port. This
clearing part did not happen when using FILS authentication during a
reassociation within an ESS. Fix this by clearing portValid in
sme_send_authentication() just before the keys are cleared (i.e., the
old connection would not be usable anyway).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-21 12:51:48 +02:00
Jouni Malinen
ba9774bd76 FILS: Fix BSSID in reassociation case
The RSN supplicant implementation needs to be updated to use the new
BSSID whenever doing FILS authentication. Previously, this was only done
when notifying association and that was too late for the case of
reassociation. Fix this by providing the new BSSID when calling
fils_process_auth(). This makes PTK derivation use the correct BSSID.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-21 12:26:57 +02:00
Jouni Malinen
7eace3787c FILS: Find PMKSA cache entries on AP based on FILS Cache Identifier
This allows PMKSA cache entries to be shared between all the BSSs
operated by the same hostapd process when those BSSs use the same FILS
Cache Identifier value.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-21 12:18:58 +02:00
Badrish Adiga H R
128f6a98b3 mka: Fix the order of operations in secure channel deletion
The correct order of deleting a secure channel is to purge all the
secure associations in the channel before actually deleting the secure
channel.

Signed-off-by: Badrish Adiga H R <badrish.adigahr@gmail.com>
2017-02-20 22:15:04 +02:00
Saurav Babu
213eb18851 dbus: Set mode to mesh in bss properties when mesh is supported
Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
2017-02-20 22:14:19 +02:00
Jouni Malinen
c7c964cd46 tests: RSN pre-authentication failure to add a PMKSA entry
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-20 13:31:59 +02:00
Jouni Malinen
21fda4ee72 RSN: Fix pre-authentication EAPOL-Start startPeriod configuration
The RSN pre-authentication case ended up ignoring the initial
startPeriod value and delayed EAPOL-Start message by two seconds. Fix
this by forcing the first EAPOL-Start message to be sent when running
pre-authentication.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-20 12:48:04 +02:00
Jouni Malinen
d62391fec9 tests: RSN pre-authentication processing on AP
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-20 11:47:07 +02:00
Purushottam Kushwaha
3f23260da8 nl80211: Notify reason for connection timeout failure
This adds reason for timeout in event CTRL-EVENT-ASSOC-REJECT whenever
connection failure happens because of timeout. This extends the
"timeout" parameter in the event to include the reason, if available:
timeout=scan, timeout=auth, timeout=assoc.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-20 10:47:08 +02:00
Peng Xu
ca1ab9db2a hostapd: Get vendor HE capabilities
Allow hostapd query device HE capabilities via vendor command.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-19 17:39:33 +02:00
Peng Xu
7785c70bbb QCA vendor command for fetching HE capabilities
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-19 17:39:30 +02:00
Peng Xu
d512f406fc hostapd: Add IEEE 802.11ax HE IEs into Beacon/Probe Response frames
IEEE 802.11ax HE changes to include HE IEs in Beacon and Probe Response
frames. These elements are using vendor specific forms for now since the
IEEE 802.11ax draft is not yet finalized and the element contents is
subject to change.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-19 17:37:55 +02:00
Peng Xu
94380cb40a hostapd: Initial IEEE 802.11ax (HE) definitions
Add IEEE 802.11ax definitions for config, IEEE structures, and
constants. These are still subject to change in the IEEE process.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-19 17:37:52 +02:00
Masashi Honma
5972dc73c1 mesh: Use correct rate in VHT and HT mixed environment
Let mesh STA A be a STA which has config disable_ht=0 and disable_vht=1.
Let mesh STA B be a STA which has config disable_ht=0 and disable_vht=0.
The mesh STA A and B was connected.

Previously, the mesh STA A sent frame with VHT rate even though its VHT
was disabled. This commit fixes the issue by checking the local BSS VHT
configuration.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-02-19 16:01:17 +02:00
Masashi Honma
84ea61cffe mesh: Use correct rate in HT and legacy mixed environment
Let mesh STA A be a STA which has config disable_ht=1.
Let mesh STA B be a STA which has config disable_ht=0.
The mesh STA A and B was connected.

Previously, the mesh STA A sent frame with HT rate even though its HT
was disabled. This commit fixes the issue by checking the local BSS HT
configuration.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-02-19 16:01:17 +02:00
Masashi Honma
025c6a47fb VHT: Remove a redundant check
This check is already done in ibss_mesh_setup_freq().

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-02-19 16:01:17 +02:00
Masashi Honma
a7a638c2c4 hw_features: Move VHT capabilities checks to common
This allows the previous AP-specific functions to be use for IBSS/mesh
setup in wpa_supplicant.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-02-19 15:53:05 +02:00
Jouni Malinen
e01cf2afc9 Define eapol_sm_get_eap_proxy_imsi() only with CONFIG_EAP_PROXY=y
This function is called only from locations within ifdef
CONFIG_EAP_PROXY, so there is no need to try to cover the not-defined
case here and the function can simply be removed completely if
CONFIG_EAP_PROXY=y is not used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-19 12:28:33 +02:00
Jouni Malinen
a8e25deeb8 FT: Merge similar error paths to use common steps
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-19 12:23:21 +02:00
Jouni Malinen
c89422864f tests: WPA2-PSK-FT AP Reassociation Request frame processing
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-19 11:55:51 +02:00
Jouni Malinen
fd7205fabe tests: WPA2-PSK-FT AP and RIC
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-18 21:39:01 +02:00
Jouni Malinen
c6c41f6ea6 FT: Support addition of RIC elements into Reassociation Request frame
The new "SET ric_ies <hexdump>" control interface command can now be
used to request wpa_supplicant to add the specified RIC elements into
Reassociation Request frame when using FT protocol. This is mainly for
testing purposes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-18 21:39:01 +02:00
Jouni Malinen
ecbdc1a1fc Mark RSN msg 1/2 key data debug dump as key material
This debug print can include GTK and IGTK, so use wpa_hexdump_key()
instead of wpa_hexdump() for it to avoid undesired exposure of keys in
debug log.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-18 21:39:01 +02:00
Jouni Malinen
209527aeed tests: Renew expired server certificates
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-18 21:39:01 +02:00
Jouni Malinen
834c5d6816 FILS: Fix PMK length for initial connection with FILS SHA384 AKM
While the FILS authentication cases were already using the proper PMK
length (48 octets instead of the old hardcoded 32 octet), the initial
association case had not yet been updated to cover the new FILS SHA384
AKM and ended up using only a 32-octet PMK. Fix that to use 48-octet PMK
when using FILS SHA384 AKM.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-16 22:15:29 +02:00
Jouni Malinen
e491389ebc FILS: Fix ifdef for PTK derivation with SHA384-based AKM
sha384_prf() is used both with Suite B and FILS, so add CONFIG_FILS as
another alternative to building in this functionality.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-16 22:15:29 +02:00
Jouni Malinen
2e555f9cb0 tests: Add HMAC-SHA256 and HMAC-SHA384 test vectors from RFC 4231
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-16 22:15:29 +02:00
Jouni Malinen
62944f7d2c Add HMAC-SHA384 with internal crypto
This is a copy of the internal HMAC-SHA256 implementation with the hash
block size and output length updated to match SHA384 parameters.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-16 22:15:29 +02:00
Jouni Malinen
aeecd4eaec OpenSSL: Fix hmac_sha384_vector() implementation
The output length was incorrect (32 from the copy-pasted SHA256
version). Fix this to return the correct number of octets (48) for
SHA384. This fixes incorrect key derivation in FILS when using the
SHA384-based AKM.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-16 20:59:06 +02:00
Jouni Malinen
dd8f02349b tests: Enable SO_REUSEADDR for FILS HLP testing sockets
This is needed to avoid "Address already in use" issues in some test
sequences.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-16 20:59:06 +02:00
Purushottam Kushwaha
5db32adc99 browser-wpadebug: Send HTTP response with HTTP/1.1 header
HTTP response was previously sent as a plaintext without the HTTP header
on port 12345. By default Android webview/Chrome assumes plaintext as
HTTP/0.9 data. Android webview/Chrome has removed support of HTTP/0.9
request/response on non-standard ports, i.e., other than port 80. This
results in error while opening URL 'http://localhost:12345/'.

Fix this by prefixing the HTTP response with the HTTP/1.1 header.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-16 13:35:44 +02:00
Jouni Malinen
ee4b99e741 tests: WNM BSS Transition Management with RSN
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-16 13:33:45 +02:00