The previous eapol_sm_notify_cached() implementation forced the port
to be authorized when receiving EAPOL-Key msg 1/4 that included a
matching PMKID in cases when PMKSA caching is used. This is too early
since the port should really be authorized only after the PTK has been
configured which is the case when PMKSA caching is not used.
Fix this by using the EAPOL supplicant PAE state machine to go through
the AUTHENTICATING and AUTHENTICATED states instead of forcing a jump
to AUTHENTICATED without performing full state machine steps. This can
be achieved simply by marking eapSuccess TRUE at least with the current
version of EAP and EAPOL state machines (the earlier commits in this
function seemed to indicate that this may have not been that easy in
the older versions due to the hacks needed here).
This addresses an issue with nl80211-based driver interface when the
driver depends on the STA Authorized flag being used to prevent
unprotected frames from being accepted (both TX and RX) prior to PTK
configuration.
Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
If the driver indicates support for multi-channel concurrency, change
the p2p_connect behavior to not force the current operating channel, but
instead, just mark it as preferred for GO Negotiation. This change
applies only for the case when the freq parameter is not used with the
p2p_connect command.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
There was an issue with EAPOL frame exchanges in a multi-BSS
configuration when a station switches between the BSSes controlled by
the same hostapd process. When processing the EAPOL packet, the array of
virtual APs (iface->bss) is searched looking for the station that sent
the packet in order to identify which signal context should be used
during processing. The first match of the station in its list gets used
in the ieee802_1x_receive() function. However, even after a station has
disassociated, it remains in the list of stations pending an inactivity
timeout. This leads to the wrong hapd context (one where the station had
already disassociated) being used in some cases (if the current/active
bss entry appears in the list after one where the station has just
disassociated from) for EAPOL processing.
Fix this by checking the WLAN_STA_ASSOC flag before assuming the right
hapd context was found for the given station.
Signed-hostap: David Bird <dbird@powercloudsystems.com>
intended-for: hostap-1
This uses the recent cfg80211 changes to allow SAE authentication to be
implemented with the nl80211 driver interface.
Signed-hostap: Jouni Malinen <j@w1.fi>
P2P includes two use cases where one of the devices is going to start a
group and likely change channels immediately after processing a frame.
This operation may be fast enough to make the device leave the current
channel before the peer has completed layer 2 retransmission of the
frame in case the ctrl::ack frame was lost. This can result in the peer
not getting TX status success notification.
For GO Negotiation Confirm frame, p2p_go_neg_conf_cb() has a workaround
that ignores the TX status failure and will continue with the group
formation with the assumption that the peer actually received the frame
even though we did not receive ctrl::ack. For Invitation Response frame
to re-invoke a persistent group, no such workaround is used in
p2p_invitation_resp_cb(). Consequently, TX status failure due to lost
ctrl::ack frame results in one of the peers not starting the group.
Increase the likelihood of layer 2 retransmission getting acknowledged
and ctrl::ack being received by waiting a short duration after having
processed the GO Negotiation Confirm and Invitation Response frames for
the re-invocation case. For the former, use 20 ms wait since this case
has been worked around in deployed devices. For the latter, use 50 ms
wait to get even higher likelihood of getting ctrl::ack through since
deployed devices (and the current wpa_supplicant implementation) do not
have a workaround to ignore TX status failure.
20 ms is long enough to include at least couple of retries and that
should increase likelihood of getting ctrl::ack through quite a bit. The
longer 50 ms wait is likely to include full set of layer 2 retries.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 458cb30191 broke LEAP since it
rejects EAP-Success packet that is used within LEAP and this frame does
not have a payload. Fix LEAP by relaxing the generic EAP packet
validation if LEAP has been negotiated.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, WPS Registrar allowed multiple wildcard PINs to be
configured. This can get confusing since these PINs get assigned to any
Enrollee that does not have a specific PIN and as such, cannot really be
used with different PIN values in reasonable ways. To avoid confusion
with multiple enabled PINs, invalidate any previously configured
wildcard PIN whenever adding a new one.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
While the existing code already addresses TLS Message Length validation
for both EAP-TLS peer and server side, this adds explicit checks and
rejection of invalid messages in the functions handling reassembly. This
does not change externally observable behavior in case of EAP server.
For EAP peer, this starts rejecting invalid messages instead of
addressing them by reallocating the buffer (i.e., ignoring TLS Message
Length in practice).
Signed-hostap: Jouni Malinen <j@w1.fi>
EAP-TLS/PEAP/TTLS/FAST server implementation did not validate TLS
Message Length value properly and could end up trying to store more
information into the message buffer than the allocated size if the first
fragment is longer than the indicated size. This could result in hostapd
process terminating in wpabuf length validation. Fix this by rejecting
messages that have invalid TLS Message Length value.
This would affect cases that use the internal EAP authentication server
in hostapd either directly with IEEE 802.1X or when using hostapd as a
RADIUS authentication server and when receiving an incorrectly
constructed EAP-TLS message. Cases where hostapd uses an external
authentication are not affected.
Thanks to Timo Warns for finding and reporting this issue.
Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
This replaces the previously used bogus test data in SAE messages with
the first real field. The actual SAE authentication mechanism is still
missing and the Scaler, Element, and Confirm fields are not included.
Signed-hostap: Jouni Malinen <j@w1.fi>
Channel frequency for 60 GHz band do not fit into 'short int', as was
used. Expand it to 'int'
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
These values are used with WAPI and CCX and reserving the definitions
here reduces the number of merge conflicts with repositories that
include these functions.
Signed-hostap: Jouni Malinen <j@w1.fi>
This introduces new AKM for SAE and FT-SAE and adds the initial parts
for going through the SAE Authentication frame exchange. The actual SAE
algorithm and new fields in Authentication frames are not yet included
in this commit and will be added separately. This version is able to
complete a dummy authentication with the correct authentication
algorithm and transaction values to allow cfg80211/mac80211 drivers to
be tested (all the missing parts can be handled with
hostapd/wpa_supplicant changes).
Signed-hostap: Jouni Malinen <j@w1.fi>
This allows hostapd_cli and wpa_cli all_sta command to be used to
display connected time (in seconds) of each station in AP mode.
Signed-hostap: Raja Mani <rmani@qca.qualcomm.com>
Commit 6b56cc2d97 added clearing of the
p2p->pending_action_state too early in this function. This should not
be done if we are going to silently ignore the frame due to dialog
token mismatch. Fix this by moving the code around to check the dialog
token first.
This issue resulted in PD Request retries getting stopped too early if
the peer is sending out an unexpected PD Response (e.g., because of it
being excessively slow with the response so that the response is
received only after the next TX attempt with a new dialog token).
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Make Invitation process for re-invoking a persistent group behave
similarly to GO Negotiation as far as channel negotiation is concerned.
The Operating Channel value (if present) is used as a starting point if
the local device does not have a forced operating channel (e.g., due to
concurrent use). Channel lists from devices are then compared to check
that the selected channel is in the intersection. If not, channel is
selected based on GO Negotiation channel rules (best channel preferences
etc.). Invitation Request is rejected if no common channel can be
selected.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
As long as WLAN_STA_ASSOC_REQ_OK is set in sta->flags, Class 3 frames do
not trigger a disassoc/deauth. If it is still set even after the assoc
response tx has already failed, it may take somewhat longer for clients
to realize that the connection wasn't fully established.
Signed-hostap: Felix Fietkau <nbd@openwrt.org>
This avoids extra latency caused by establishing an aggregation session
and makes the initial connection attempt more reliable
Signed-hostap: Felix Fietkau <nbd@openwrt.org>
This patch fixes an issue where removing a WDS VLAN interface also
removed the main AP interface from the same bridge.
Signed-hostap: Felix Fietkau <nbd@openwrt.org>
This is a generic AES CCM implementation that can be used for other
purposes than just implementing CCMP, so it fits better in a separate
file in src/crypto.
Signed-hostap: Jouni Malinen <j@w1.fi>
Now that the internal AES implementation supports 256-bit keys, enable
use of the TLS cipher suites that use AES-256 regardless of which crypto
implementation is used.
Signed-hostap: Jouni Malinen <j@w1.fi>
AES uses the same 128-bit block size with 128, 192, 256 bit keys, so use
the fixed block size definition instead of trying to dynamically set the
block size based on key length. This fixes use of 192-bit and 256-bit
AES keys with crypto_cipher_*() API when using the internal AES
implementation.
Signed-hostap: Jouni Malinen <j@w1.fi>
This is otherwise identical to aes_gcm_ae() but does not use the
plain/crypt pointers since no data is encrypted.
Signed-hostap: Jouni Malinen <j@w1.fi>
This adds 192-bit and 256-bit key support to the internal AES
implementation and extends the AES-GCM functions to accept key length to
enable longer AES key use.
Signed-hostap: Jouni Malinen <j@w1.fi>
This is a generic AES GCM and GMAC implementation that can be used for
other purposes than just implementing GCMP, so it fits better in a
separate file in src/crypto.
Signed-hostap: Jouni Malinen <j@w1.fi>
The conf doesn't contain any basic rates in some cases. Most notably,
when starting a P2P GO in 5 GHz. Use the iface rates which are
initialized in hostapd_prepare_rates() to the conf rates or set to
default values if no conf values exist. This fixes a bug introduced in
commit e5693c4775.
Signed-hostap: Arik Nemtsov <arik@wizery.com>
Commit e5693c4775 added a copy of the
determined basic rate set into struct hostapd_iface, but did not
actually copy the terminating -1 value. This could be problematic if
something were to actually try to use this list since would be no way to
know what is the last entry in the list. Fix this by copying the
terminating value.
Signed-hostap: Jouni Malinen <j@w1.fi>
This driver_op can now be used in station mode, too, to fetch
information about the connection with the AP, so allow this to be used
even if wpa_supplicant is built without AP mode support.
Signed-hostap: Jouni Malinen <j@w1.fi>
The group matching should be done by comparing the P2P Interface Address
(which the group_bssid here is) to the group's BSSID and not the group
ID (which uses P2P Device Address and would have also needed the SSID).
Though, it should be noted that this case cannot really happen since a
GO in an active group would never be invited to join another group in
its GO role (i.e., if it receives an Invitation Request, it will reply
in P2P Device role). As such, this fix does not really change any
observable behavior, but anyway, it is good to keep the implementation
here consistent with the Invitation Request case.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
When building the Invitation Request for WFD use cases, match the BSSID,
i.e., P2P Interface Address, of the group on the GO to avoid using
information from another group should the device be operating multiple
concurrent groups as GO.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Use the anonymous_identity field to store EAP-SIM/AKA pseudonym identity
so that this can be maintained between EAP sessions (e.g., after
wpa_supplicant restart) even if fast re-authentication data was cleared.
Signed-hostap: Jouni Malinen <j@w1.fi>
The EAP-SIM/AKA code is already validating the prefix and the following
lookup would not find matches if the prefix is incorrect, so there is no
need for the extra checks here.
Signed-hostap: Jouni Malinen <j@w1.fi>
If EAP-Response/Identity includes a known pseudonym or re-auth username,
skip the AKA/Identity exchange since we already know the permanent
username of the peer.
Signed-hostap: Jouni Malinen <j@w1.fi>
RFC 4186, chapter 6.3.3 mandates that EAP-Failure is used only after
Client-Error and Notification messages. Convert the direct jumps to the
FAILURE state with a notification round before sending out EAP-Failure.
Signed-hostap: Jouni Malinen <j@w1.fi>
The AT_NONCE_S value needs to be used in AT_MAC calculation for
SIM/Re-authentication response even if re-authentication is rejected
with AT_COUNTER_TOO_SMALL.
Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
If the peer rejects re-authentication with AT_COUNTER_TOO_SMALL, fall
back to full authentication to allow the authentication session to be
completed.
Signed-hostap: Jouni Malinen <j@w1.fi>
These fields are used only as the search key, so the value is already
known and does not need to be copied from the database.
Signed-hostap: Jouni Malinen <j@w1.fi>
Store permanent username (i.e., including prefix character) instead of
IMSI in the SQLite DB. Convert the string to a string since the EAP-AKA
prefix can start with zero. This cleans up the field names since the
value was already with the prefix included instead of just IMSI. In
addition, this explicitly removes some theoretical cases where the
different identity types could have been mixed.
Signed-hostap: Jouni Malinen <j@w1.fi>
Since the EAP-SIM/AKA identities are ASCII strings, there is no need to
use more complex way for storing and passing them. In addition, be more
strict about enforcing username (i.e., no realm part) to be used in the
EAP-SIM DB API. Similarly, require specific username type instead of any
of the types to be used as the key in the pseudonym and reauth
operations. This allows simpler lookup operations to be used.
Signed-hostap: Jouni Malinen <j@w1.fi>
Since we always request an identity in the request, the response
has to include AT_IDENTITY. This allows the AKA/Identity response
processing to be simplified a bit.
Signed-hostap: Jouni Malinen <j@w1.fi>
There is no need to use eap_sim_db_identity_known() here since a new
AKA/Identity message is built only if the identity in the previous
response was not recognized. The first round is always used to request
AT_ANY_ID_REQ to meet the RFC 4187 recommendation on EAP method specific
identity request.
Signed-hostap: Jouni Malinen <j@w1.fi>
Since we always request an identity in the request, the response
has to include AT_IDENTITY. This allows the SIM/Start response
processing to be simplified a bit.
Signed-hostap: Jouni Malinen <j@w1.fi>
There is no need to use eap_sim_db_identity_known() here since a new
SIM/Start message is built only if the identity in the previous response
was not recognized. The first round will always request AT_ANY_ID_REQ to
meet the RFC 4186 recommendation on EAP method specific identity request
being used.
Signed-hostap: Jouni Malinen <j@w1.fi>
The reauth_id prefix can be used to determine which AKA version is used,
so there is no need to store the aka_prime information in a separate
field.
Signed-hostap: Jouni Malinen <j@w1.fi>
If hostapd is built and configured to use SQLite database, store
EAP-SIM/AKA reauth data into the database to allow this to persist
over hostapd restarts.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This allows hostapd to use an SQLite database for storing EAP-SIM/AKA
pseudonyms over process restarts. CONFIG_SQLITE=y build option adds
support for this and the SQLite database file is specified in eap_sib_db
configuration parameter.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Try to share most of the cipher information like key and RSC lengths and
suite selector conversions, etc. in wpa_common.c to avoid having similar
code throughout the WPA implementation for handling cipher specific
behavior.
Signed-hostap: Jouni Malinen <j@w1.fi>
wpa_cli p2p_serv_disc_req command can now be used to request WSD
request to be sent to specified or all peers who support WSD.
format: wifi-display <list of roles> <list of subelements>
examples:
p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [source] 2,3,4,5
p2p_serv_disc_req 02:01:02:03:04:05 wifi-display [pri-sink] 3
p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [sec-source] 2
p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [source+sink] 2,3,4,5
p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [source][pri-sink] 2,3,4,5
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This commit adds control interface commands and internal storage of
Wi-Fi Display related configuration. In addition, WFD IE is now added
to various P2P frames, Probe Request/Response, and (Re)Association
Request/Response frames. WFD subelements from peers are stored in the
P2P peer table.
Following control interface commands are now available:
SET wifi_display <0/1>
GET wifi_display
WFD_SUBELEM_SET <subelem> [hexdump of length+body]
WFD_SUBELEM_GET <subelem>
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This allows both hostapd and wpa_supplicant to be used to derive and
configure keys for GCMP. This is quite similar to CCMP key
configuration, but a different cipher suite and somewhat different rules
are used in cipher selection. It should be noted that GCMP is not
included in default parameters at least for now, so explicit
pairwise/group configuration is needed to enable it. This may change in
the future to allow GCMP to be selected automatically in cases where
CCMP could have been used.
This commit does not included changes to WPS or P2P to allow GCMP to be
used.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Use the NL80211_IFACE_COMB_NUM_CHANNELS value > 1 as a trigger for
enabling support for P2P multichannel channel concurrency. This does not
handle all possible details of enforcing driver capabilities, but it is
a good first step for allowing nl80211 drivers to enable multichannel
concurrency.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The new gas_request and gas_response_get commands can be used to request
arbitary GAS queries to be performed. These can be used with ANQP or
with other (including vendor specific) advertisement protocols.
gas_request <BSSID> <AdvProtoID> [Query]
gas_response_get <addr> <dialog token> [offset,length]
For example, ANQP query for Capability list in interactive wpa_cli
session:
> gas_request 02:00:00:00:01:00 00 000102000101
<3>GAS-RESPONSE-INFO addr=02:00:00:00:01:00 dialog_token=0
status_code=0 resp_len=32
> gas_response_get 02:00:00:00:01:00 00
01011c00010102010501070108010c01dddd0c00506f9a110200020304050607
> gas_response_get 02:00:00:00:01:00 00 0,10
01011c00010102010501
> gas_response_get 02:00:00:00:01:00 00 10,10
070108010c01dddd0c00
> gas_response_get 02:00:00:00:01:00 00 20,10
506f9a11020002030405
> gas_response_get 02:00:00:00:01:00 00 30,2
0607
It should be noted that the maximum length of the response buffer is
currently 4096 bytes which allows about 2000 bytes of the response data
to be fetched with a single gas_response_get command. If the response is
longer, it can be fetched in pieces as shown in the example above.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The new vendor_elements parameter in hostapd.conf can be used to add new
vendor specific element(s) into Beacon and Probe Response frames.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Maintain state of WPS APs during iteration to find the correct AP for
WPS PIN operation when no specific BSSID is specified. This information
can be used for optimizing the order in which the APs are tried. This
commit is only adding the collection of the information and more
detailed debug information to make debug logs more helpful in figuring
out how the AP selection order could be improved.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
If 4-way handshake fails due to likely PSK failure or if EAP
authentication fails, disable the network block temporarily. Use longer
duration if multiple consecutive failures are seen.
Signed-hostap: Jouni Malinen <j@w1.fi>
Replace the Venue Name specific data structure and parser with a
generic mechanism that can be used with other fields that use the
same format.
Signed-hostap: Jouni Malinen <j@w1.fi>
The anqp_3gpp_cell_net parameter can be used to configure hostapd
to advertise 3GPP Cellular Network ANQP information.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
These function pointers are going to be the same for each interface so
there is no need to keep them in struct hostapd_iface. Moving them to
struct hapd_interfaces makes it easier to add interfaces at run time.
Signed-hostap: Jouni Malinen <j@w1.fi>
The driver_test.c data structures had been changed to use a separate
BSS structure, but the P2P commands were not using the new design.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 488f4a7108 configures a timer
before p2p_send_action(). This may result in the timer getting fired
earlier to the off channel transmission of the frame and thus another PD
request being retransmitted. This shall lead to the new PD request with
an incremented dialog token being transmitted. For the cases where the
later PD request might not be transmitted as the host driver is busy
transmitting the earlier frame, the received PD response could be
dropped for the dialog token mismatch. Remove the timer configuration to
avoid this behavior.
Signed-hostap: Sunil Dutt Undekari <duttus@codeaurora.org>
intended-for: hostap-1
Previously, all station mode scan operations were either skipped or
delayed while any P2P operation was in progress. To make concurrent
operations easier to use, reduce this limitation by allowing a scan
operation to be completed in the middle of a p2p_find. In addition,
allow station mode association to be completed. When the station mode
operation is run to its completion (scan results not acted on,
connection to an AP completed, connection failed), resume the p2p_find
operation.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
A new optional delay=<search delay in milliseconds> parameter can now be
used with p2p_find command to request an extra delay between search
iterations. This can be used, e.g., to make p2p_find friendlier to
concurrent operations by avoiding it from taking 100% of the radio
resources.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This EAP type uses a vendor specific expanded EAP header to encapsulate
EAP-TLS with a configuration where the EAP server does not authenticate
the EAP peer. In other words, this method includes only server
authentication. The peer is configured with only the ca_cert parameter
(similarly to other TLS-based EAP methods). This method can be used for
cases where the network provides free access to anyone, but use of RSN
with a securely derived unique PMK for each station is desired.
The expanded EAP header uses the hostapd/wpa_supplicant vendor
code 39068 and vendor type 1 to identify the UNAUTH-TLS method.
Signed-hostap: Jouni Malinen <j@w1.fi>
The previous implementation was able to re-open the connection to an
external program (e.g., hlr_auc_gw) when needed, but required the
connection to be available during startup. Extend this to allow the
initial failure, so that hlr_auc_gw can be started after hostapd.
Signed-hostap: Jouni Malinen <j@w1.fi>
Explicitly validate seed_len to skip memset call with zero length of
copied data at the end of the buffer. This is not really needed, but it
makes the code a bit easier for static analyzers. This is identical to
the commit a9ea17491a but for the OpenSSL
version of the function.
Signed-hostap: Jouni Malinen <j@w1.fi>
Commit bfc62fe133 moved the code that
using crypto/random.h, but forgot to remove the inclusion of that header
file.
Signed-hostap: Jouni Malinen <j@w1.fi>
All the TNC base64 operations are within tncs.c, so there is no point in
including base64.h into eap_server_tnc.c.
Signed-hostap: Jouni Malinen <j@w1.fi>
All the other places processing EVENT_RX_MGMT events assume that the
event data is included, so not much point in verifying that here.
Signed-hostap: Jouni Malinen <j@w1.fi>
Use an explicit pointer to the beginning of the buffer and a flag
to indicate whether that is to external data or not. This avoids
a branch whenever accessing the buffer and helps some static
analyzers to understand the wpabuf memory uses better.
Signed-hostap: Jouni Malinen <j@w1.fi>
If the os_malloc() call for the User-Name value fails in EAP-TTLS
server, the inner MSCHAPv2 processing could have tried to dereference a
NULL pointer. Avoid this by handling this cleanly as an internal error
and reject the authentication attempt.
Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
Commit c9e08af24f removed the only user of
the special case MD5 use that would be allowed in FIPS mode in
tls_prf_sha1_md5(). Commit 271dbf1594
removed the file from the build, but left the implementation into the
repository. To clean things up even further, remove this functionality
completely since it is not expected to be needed for FIPS mode anymore.
Signed-hostap: Jouni Malinen <j@w1.fi>
This allows User-Name and Chargeable-User-Identity attributes to be
passed from Access-Accept into Accounting messages even when IEEE 802.1X
is not used.
Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
The mechanism to figure out key block size based on ssl->read_hash
does not seem to work with OpenSSL 1.0.1, so add an alternative
mechanism to figure out the NAC key size that seems to work at
least with the current OpenSSL 1.0.1 releases.
Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
Some deployed authentication servers seem to be unable to handle the TLS
Session Ticket extension (they are supposed to ignore unrecognized TLS
extensions, but end up rejecting the ClientHello instead). As a
workaround, disable use of TLS Sesson Ticket extension for EAP-TLS,
EAP-PEAP, and EAP-TTLS (EAP-FAST uses session ticket, so any server that
supports EAP-FAST does not need this workaround).
Signed-hostap: Jouni Malinen <j@w1.fi>
tls_disable_session_ticket=1 in phase1/phase2 can now be used to disable
use of TLS Session Ticket extension (which is enabled by default in
recent OpenSSL versions). This can be used to work around issues with
broken authentication servers that do not ignore unrecognized TLS
extensions properly.
Signed-hostap: Jouni Malinen <j@w1.fi>
This can be used to implement workaround for authentication servers that
do not handle TLS extensions in ClientHello properly.
Signed-hostap: Jouni Malinen <j@w1.fi>
The PKCS5_PBKDF2_HMAC_SHA1() function in OpenSSL 0.9.7 did not mark
the salt parameter const even though it was not modified. Hide the
compiler warning with a type cast when an old OpenSSL version is
used.
Signed-hostap: Jouni Malinen <j@w1.fi>
When CONFIG_FIPS=y is used, do not include MD5 in the build and disable
EAPOL-Key frames that use MD5 (WPA/TKIP and dynamic WEP with IEEE
802.1X).
Signed-hostap: Jouni Malinen <j@w1.fi>
Only allow the TLS library keying material exporter functionality to be
used for MSK derivation with TLS-based EAP methods to avoid exporting
internal TLS keys from the library.
Signed-hostap: Jouni Malinen <j@w1.fi>
Use SSL_export_keying_material() if possible, i.e., if OpenSSL is
version 1.0.1 or newer and if client random value is used first. This
allows MSK derivation with TLS-based EAP methods (apart from EAP-FAST)
without exporting the master key from OpenSSL.
Signed-hostap: Jouni Malinen <j@w1.fi>
Previously, CONFIG_EAP_MSCHAPV2=y was assumed to be set for
CONFIG_EAP_TTLS=y. Avoid this dependency by making including the
MSCHAPv2 parts in EAP-TTLS conditionally.
Signed-hostap: Jouni Malinen <j@w1.fi>
In theory, the SHA1 operation may fail (e.g., if SHA1 becomes disallowed
in some security policies), so better check the return code from
challenge_hash().
Signed-hostap: Jouni Malinen <j@w1.fi>
Do not leave the tls_global context allocated if the global OpenSSL
initialization fails. This was possible in case of FIPS builds if
the FIPS mode cannot be initialized.
Signed-hostap: Jouni Malinen <j@w1.fi>
Increase GO config timeout if HT40 is used since it takes some time
to scan channels for coex purposes before the BSS can be started.
Signed-hostap: Jouni Malinen <j@w1.fi>
Add optional "ht40" argument for p2p_group_add command to enable 40 MHz
in 5GHz band. This configures the secondary channel, when HT support is
enabled and if the HW supports 40 MHz channel width.
Signed-hostap: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
This function can be used as a wrapper for os_realloc(ptr, nmemb * size)
when a reallocation is used for an array. The main benefit over
os_realloc() is in having an extra check to catch integer overflows in
multiplication. This is similar to the os_zalloc() to os_calloc() move.
Signed-hostap: Jouni Malinen <j@w1.fi>
This function can be used as a wrapper for os_zalloc(nmemb * size) when
an allocation is used for an array. The main benefit over os_zalloc() is
in having an extra check to catch integer overflows in multiplication.
Signed-hostap: Jouni Malinen <j@w1.fi>
Multiple memcmps of nonces were actually comparing only the first byte
instead of all 16 bytes. [Bug 462]
Signed-hostap: Eyal Shapira <eyal@wizery.com>
intended-for: hostap-1
There is no need to mandate admission control (ACM=1) by default, so
clear that flag in the case the configuration file does not specify
wmm_ac_{vo,vi}_acm value. This gets closer to the values mentioned
in the sample hostapd.conf file and reduces the need to specify WMM
parameters in the configuration file for most common use cases.
Signed-hostap: Jouni Malinen <j@w1.fi>
p2p_set_timeout() calls in GO Neg Req/Resp TX callbacks used timeout of
100 ms which is the value given in the P2P specification for GO
Negotiation, but this was actually shorter than the
wait-for-offchannel-TX value (200 ms) used for the driver call. In
addition, it looks like some devices (e.g., Galaxy Nexus with JB image)
can take longer time to reply to GO Negotiation Response (somewhere
between 200 and 250 ms has been observed).
Increase the wait-for-GO-Neg-Resp timeout from 100 ms to 200 ms if GO
Negotiation Request frame was acknowledged (this matches with the
offchannel wait timeout that used previously). The no-ack case is left
at 100 ms since we use GO Negotiation Request frame also to discover
whether the peer is on its Listen channel.
Increase the wait-for-GO-Neg-Conf timeout from 100 ms to 250 ms (and
increase the offchannel wait timeout to matching 250 ms) as a workaround
for devices that take over 200 ms to reply to GO Negotiation Response.
Signed-hostap: Jouni Malinen <j@w1.fi>
The commit b5fd8b1833
"VHT: Do not allow use of TKIP with VHT" introduced
an off-by-one regression: a WPA/RSN 11n AP would no
longer accept stations to connect, instead it would
produce a bogus error message:
... Station tried to use TKIP with HT association.
Signed-hostapd: Christian Lamparter <chunkeey@googlemail.com>
cur_pmksa was left to NULL during the initial association. This can
result in unexpected behavior, e.g., in expiring PMKSA cache entries
since the current entry is not locked in that case. Fix this by updated
cur_pmksa when adding the initial PMKSA entry during msg 1/4 processing.
Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
If the PMKSA cache is full (i.e., 32 candidates have been seen in scan
results and have not yet expired) then any additional entries can
potentially evict the current/active entry (if it is the oldest entry),
which triggers a pointless local deauthentication. The supplicant
shouldn't replace the current/active entry if it is still valid, but
instead the oldest entry that is *not* the current/active one.
Signed-hostap: Dan Williams <dcbw@redhat.com>
intended-for: hostap-1
When using multiple VLANs, GKeyDoneStations counter is not updated
properly since wpa_auth_for_each_sta() call in wpa_group_setkeys() ends
up iterating through all STAs and not just the STAs of a specific
wpa_group (VLAN). Consequently, GTK rekeying gets initialized multiple
times if more than a single group state machine exists. Fix this by
iterating only through the STAs in the specific wpa_group.
Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
intended-for: hostap-1
CONFIG_VLAN_NETLINK=y build option can now be used to replace the
ioctl()-based interface for creating and removing VLAN interfaces
with netlink-based interface.
Signed-hostap: M. Braun <michael-dev@fami-braun.de>
Commit a11241fa11 removed the 802.11b rate
enabling/disabling code from wpa_driver_nl80211_set_mode() and while
doing that, removed the only place where drv->disabled_11b_rates was
set. Fix this by updating the flag in nl80211_disable_11b_rates(). In
addition, re-enable the 802.11b rates when changing to non-P2P mode.
Signed-hostap: Jouni Malinen <j@w1.fi>
Right now 11b rates are masked out while creating a P2P interface,
but this is always failing as the interface is down. Most drivers
allow to configure rates only when the interface is UP and running.
So let us disable 11b rates when interface type is changed into a
P2P type and it is UP and running.
Signed-hostap: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
These validation steps are already done in the EAP parsing code and in
the EAP methods, but the additional check is defensive programming and
can make the validation of received EAP messages more easier to
understand.
Signed-hostap: Jouni Malinen <j@w1.fi>
These checks would not really be needed since eapol_sm_rx_eapol()
validates the length fields. Anyway, these makes it more obvious to
anyone reviewing the code that there are no integer underflow issues in
processKey().
Signed-hostap: Jouni Malinen <j@w1.fi>
These checks would not really be needed since radius_msg_parse()
validates the attribute header fields. Anyway, these makes it more
obvious to anyone reviewing the code that there are no integer underflow
issues in the functions processing RADIUS attributes.
Signed-hostap: Jouni Malinen <j@w1.fi>
This simplifies the implementation by using the buffer type to which the
returned data will be converted anyway. This avoids one memory
allocation for each processed RADIUS message.
Signed-hostap: Jouni Malinen <j@w1.fi>
Couple of functions did not verify that nla_put_nested() succeeded. Fix
these by checking the return value and handling error cases cleanly.
Signed-hostap: Jouni Malinen <j@w1.fi>
The new ssid2 parameter can be used as an alternative mechanism for
configuring SSID for hostapd. It uses the same formats that
wpa_supplicant uses in the configuration file for strings.
Signed-hostap: Jouni Malinen <j@w1.fi>
Instead of masking out non-ASCII characters with underscores, espace the
SSID data using rules compatible with printf.
Signed-hostap: Jouni Malinen <j@w1.fi>
This can be used to build ASCII strings from binary data that is
more likely to use ASCII (i.e., text format is more natural
option than hexdump, but there is possibility of some non-ASCII
characters).
Signed-hostap: Jouni Malinen <j@w1.fi>
When CONFIG_CTRL_IFACE=udp-remote is used, print user frendly PS in
wpa_cli. E.g.,
localhost/wlan0>
192.168.1.1/p2p-wlan-0-0>
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
wpa_cli can be used now as a client for remote access to ctrl_interface
of wpa_supplicant when UDP and remote options are used.
You can simply run:
wpa_cli -i <hostname>:[port]
wpa_cli -i <IP>:[port]
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Add new option for ctrl iface: CONFIG_CTRL_IFACE=udp-remote. This
enables remote access to control interface via UDP port(s). This should
be used for testing purpose only since there is no authentication or
access control on the commands.
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
This bit is set in the code path that handles keys and certs from places
other than OpenSSL authentication engines. Setting this bit causes
authentication to fail when the server provides certificates that don't
match the client certificate authority.
Commit 05ab9712b9 added support for
fetching WPA PSK from an external RADIUS server and changed
hostapd_wpa_auth_get_psk() to always return the RADIUS supplied PSK (if
set) and ignore the prev_psk parameter for iteration. Fix this by
appending the RADIUS supplied PSK to the list iterated by
hostapd_get_psk and thus returning NULL when prev_psk == sta->psk
(RADIUS).
Signed-hostap: M. Braun <michael-dev@fami-braun.de>
This allows the password parameter for EAP methods to be fetched
from an external storage.
Following example can be used for developer testing:
ext_password_backend=test:pw1=password|pw2=testing
network={
key_mgmt=WPA-EAP
eap=TTLS
identity="user"
password=ext:pw1
ca_cert="ca.pem"
phase2="auth=PAP"
}
Signed-hostap: Jouni Malinen <j@w1.fi>