GnuTLS-based builds can now be done using either libnettle or libgcrypt
for crypto functionality:
CONFIG_TLS=gnutls
CONFIG_CRYPTO=nettle
CONFIG_TLS=gnutls
CONFIG_CRYPTO=gnutls
Signed-off-by: Jouni Malinen <j@w1.fi>
Replace the internal HMAC MD5, SHA-1, and SHA256 implementations with
the ones from libgcrypt and also add the SHA384 and SHA512 versions.
Signed-off-by: Jouni Malinen <j@w1.fi>
Replace the internal SHA256 implementation with the one from libgcrypt
and also add the SHA384 and SHA512 versions.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new hostapd.conf parameter sae_require_pmf=<0/1> can now be used to
enforce negotiation of MFP for all associations that negotiate use of
SAE. This is used in cases where SAE-capable devices are known to be
MFP-capable and the BSS is configured with optional MFP (ieee80211w=1)
for legacy support. The non-SAE stations can connect without MFP while
SAE stations are required to negotiate MFP if sae_require_mfp=1.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new hostapd.conf parameter sae_sync (default: 5) can now be used to
configure the dot11RSNASAESync value to specify the maximum number of
synchronization errors that are allowed to happen prior to
disassociation of the offending SAE peer.
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows external programs to get the average channel utilization.
The average channel utilization is calculated and reported through
STATUS command. Users need to configure chan_util_avg_period and
bss_load_update_period in hostapd config to get the average channel
utilization.
Signed-off-by: Bhagavathi Perumal S <bperumal@qti.qualcomm.com>
Do not update the configuration parameter before having verified the
value to be in the valid range.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Now that hostapd exposes the DPP_LISTEN and DPP_STOP_LISTEN commands
similarly to wpa_supplicant, expose these through proper hostapd_cli
commands as well to match wpa_cli functionality.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Wpa_supplicant's random pool is not necessary on Android. Randomness
is already provided by the entropymixer service which ensures
sufficient entropy is maintained across reboots. Commit b410eb1913
'Initialize /dev/urandom earlier in boot' seeds /dev/urandom with
that entropy before either wpa_supplicant or hostapd are run.
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Configurator signing its own Connector was previously supported only in
wpa_supplicant. This commit extends that to hostapd to allow an AP
acting as a Configurator to self-configure itself.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This moves the Configurator and Bootstrapping Information data from
struct hostapd_data (per-BSS) to struct hapd_interfaces (per-hostapd
process). This allows the information to be maintained over interface
restarts and shared between interfaces.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows external applications to get event indication for Probe
Request frames. Extend ctrl iface cmd "ATTACH" to enable this event on
per-request basis. For example, user has to send ctrl iface cmd "ATTACH
probe_rx_events=1" to enable the Probe Request frame events.
Signed-off-by: bhagavathi perumal s <bperumal@qti.qualcomm.com>
The new hostapd configuration parameter group_cipher can now be used to
override the automatic cipher selection based on enabled pairwise
ciphers. It should be noted that selecting an unexpected group cipher
can result in interoperability issues and this new capability is mainly
for testing purposes.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, this command stopped listen operation immediately, but if
there was an ongoing authentication exchange, a new listen operation was
started. This is not really expected behavior, so stop the
authentication exchange first with this command to avoid restarting
listen operation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is an initial step in allowing non-operating channel operations
with DPP when hostapd is the Responder. For now, this is only used for
specifying role=configurator/enrollee and qr=mutual cases similarly to
the wpa_supplicant configuration for in Responder role. Request to use a
non-operating channel will be rejected.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Normally, WNM-Sleep Mode exit with management frame protection
negotiated would result in the current GTK/IGTK getting added into the
WNM-Sleep Mode Response frame. Some station implementations may have a
vulnerability that results in GTK/IGTK reinstallation based on this
frame being replayed. Add a new hostapd configuration parameter that can
be used to disable that behavior and use EAPOL-Key frames for GTK/IGTK
update instead. This would likely be only used with
wpa_disable_eapol_key_retries=1 that enables a workaround for similar
issues with EAPOL-Key. This is related to station side vulnerabilities
CVE-2017-13087 and CVE-2017-13088. To enable this AP-side workaround,
set wnm_sleep_mode_no_keys=1.
Signed-off-by: Jouni Malinen <j@w1.fi>
In order to test the WoWLAN GTK rekeying KRACK mitigation, add a
REKEY_GTK hostapd control interface command that can be used at certain
points of the test.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Add a generic mechanism for configuring the DPP implementation to behave
in particular different (mostly incorrect) ways for protocol testing
purposes. The new dpp_test parameter can be set to a non-zero integer to
indicate a specific behavior. This is only available in
CONFIG_TESTING_OPTIONS=y builds.
This commit include cases for an extra attribute being added after the
Wrapped Data attribute and Initiator/Responder capabilities having an
unexpected zero capability.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows hostapd testing functionality to be forced to send out a
plaintext EAPOL-Key frame with the RESEND_* command. That can be useful
in seeing how the station behaves if an unencrypted EAPOL frame is
received when TK is already configured.
This is not really perfect since there is no convenient way of sending
out a single unencrypted frame in the current nl80211 design. The
monitor interface could likely still do this, but that's not really
supposed to be used anymore. For now, clear and restore TK during this
operation. The restore part is not really working correctly, though,
since it ends up clearing the TSC value on the AP side and that shows up
as replay protection issues on the station. Anyway, this is sufficient
to generate sniffer captures to analyze station behavior.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds a new hostapd configuration parameter
wpa_disable_eapol_key_retries=1 that can be used to disable
retransmission of EAPOL-Key frames that are used to install
keys (EAPOL-Key message 3/4 and group message 1/2). This is
similar to setting wpa_group_update_count=1 and
wpa_pairwise_update_count=1, but with no impact to message 1/4
retries and with extended timeout for messages 4/4 and group
message 2/2 to avoid causing issues with stations that may use
aggressive power saving have very long time in replying to the
EAPOL-Key messages.
This option can be used to work around key reinstallation attacks
on the station (supplicant) side in cases those station devices
cannot be updated for some reason. By removing the
retransmissions the attacker cannot cause key reinstallation with
a delayed frame transmission. This is related to the station side
vulnerabilities CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,
CVE-2017-13080, and CVE-2017-13081.
This workaround might cause interoperability issues and reduced
robustness of key negotiation especially in environments with
heavy traffic load due to the number of attempts to perform the
key exchange is reduced significantly. As such, this workaround
is disabled by default (unless overridden in build
configuration). To enable this, set the parameter to 1.
It is also possible to enable this in the build by default by
adding the following to the build configuration:
CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1
Signed-off-by: Jouni Malinen <j@w1.fi>
The new hostapd control interface command SET_KEY can be used to request
an arbitrary key to be configured to the driver.
This functionality is for testing purposes and included only in builds
with CONFIG_TESTING_OPTIONS=y.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new hostapd control interface commands "RESEND_M1 <addr>" and
"RESEND_M3 <addr>" can be used to request a retransmission of the 4-Way
Handshake messages 1/4 and 3/4 witht he same or modified ANonce (in M1).
This functionality is for testing purposes and included only in builds
with CONFIG_TESTING_OPTIONS=y.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new hostapd control interface command "RESEND_GROUP_M1 <addr>" can
be used to request a retransmission of the Group Key Handshake message
1/2 for the current GTK.
This functionality is for testing purposes and included only in builds
with CONFIG_TESTING_OPTIONS=y.
Signed-off-by: Jouni Malinen <j@w1.fi>
This can be used to test replay protection. The "RESET_PN" command in
wpa_supplicant and "RESET_PN <addr>" command in hostapd resets the local
counters to zero for the last configured key. For hostapd, the address
parameter specifies which STA this operation is for or selects GTK
("ff:ff:ff:ff:ff:ff") or IGTK ("ff:ff:ff:ff:ff:ff IGTK").
This functionality is for testing purposes and included only in builds
with CONFIG_TESTING_OPTIONS=y.
Signed-off-by: Jouni Malinen <j@w1.fi>
This was originally added to allow the IEEE 802.11 protocol to be
tested, but there are no known fully functional implementations based on
this nor any known deployments of PeerKey functionality. Furthermore,
PeerKey design in the IEEE Std 802.11-2016 standard has already been
marked as obsolete for DLS and it is being considered for complete
removal in REVmd.
This implementation did not really work, so it could not have been used
in practice. For example, key configuration was using incorrect
algorithm values (WPA_CIPHER_* instead of WPA_ALG_*) which resulted in
mapping to an invalid WPA_ALG_* value for the actual driver operation.
As such, the derived key could not have been successfully set for the
link.
Since there are bugs in this implementation and there does not seem to
be any future for the PeerKey design with DLS (TDLS being the future for
DLS), the best approach is to simply delete all this code to simplify
the EAPOL-Key handling design and to get rid of any potential issues if
these code paths were accidentially reachable.
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows ext_mgmt_frame_handling=1 cases with hostapd to process TX
status events based on external processing. This is useful for increased
test coverage of management frame processing.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new sae_password hostapd configuration parameter can now be used to
set the SAE password instead of the previously used wpa_passphrase
parameter. This allows shorter than 8 characters and longer than 63
characters long passwords to be used. In addition, this makes it
possible to configure a BSS with both WPA-PSK and SAE enabled to use
different passphrase/password based on which AKM is selected.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new hostapd configuration parameter owe_groups can be used to
specify a subset of the allowed DH groups as a space separated list of
group identifiers.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The owe_transition_bssid and owe_transition_ssid parameters can now be
replace with owe_transition_ifname to clone the BSSID/SSID information
automatically in case the same hostapd process manages both the OWE and
open BSS for transition mode.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This extends OWE support in hostapd to allow DH groups 20 and 21 to be
used in addition to the mandatory group 19 (NIST P-256).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new owe_transition_bssid and owe_transition_ssid parameters can be
used to configure hostapd to advertise the OWE Transition Mode element.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The hostapd.conf tls_flags=[SUITEB-NO-ECDH] and wpa_supplicant network
profile phase1="tls_suiteb_no_ecdh=1" can now be used to configure Suite
B RSA constraints with ECDHE disabled. This is mainly to allow
the DHE TLS cipher suite to be tested.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new sae_commit_override=<hexdump> parameter can be used to force
hostapd to override SAE commit message fields for testing purposes. This
is included only in CONFIG_TESTING_OPTIONS=y builds.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Allow hostapd to be configured to perform SAE reflection attack for SAE
testing purposes with sae_reflection_attack=1 configuration parameter.
This is included only in CONFIG_TESTING_OPTIONS=y builds.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
hostapd allows arbitrary AP PIN to be used in WPS. This means that
setting ap_pin to a zero length string ends up enabling AP PIN so that
external registrars can use this specific zero lenth ap_pin value. There
are apparently some APs that have used this invalid configuration with
unintended results. While the proper fix for that is to fix the
component that generates the invalid configuration, hostapd can also
reject such values since the likelihood of a real world use case for
zero length AP PIN (Device Password) is minimal.
Start interpreting zero length ap_pin parameter value as a request to
"unset" the previously set value in hostapd.conf (or if not previously
set, leave it unset). With this, a hostapd.conf file including the
"ap_pin=" line will end up getting interpretted just like that same file
with the ap_pin parameter completely removed, i.e., with AP PIN being
disabled.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, CONFIG_WNM enabled build that supports WNM for both
station mode and AP mode. However, in most wpa_supplicant cases only
station mode WNM is required and there is no need for AP mode WNM.
Add support to differentiate between station mode WNM and AP mode
WNM in wpa_supplicant builds by adding CONFIG_WNM_AP that should be
used when AP mode WNM support is required in addition to station mode
WNM. This allows binary size to be reduced for builds that require
only the station side WNM functionality.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Add a build option to select different default ciphers for OpenSSL
instead of the hardcoded default "DEFAULT:!EXP:!LOW".
This new option is useful on distributions where the security level
should be consistent for all applications, as in Fedora [1]. In such
cases the new configuration option would be set to "" or
"PROFILE=SYSTEM" to select the global crypto policy by default.
[1] https://fedoraproject.org/wiki/Changes/CryptoPolicy
Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
Add OCE IE in Beacon, Probe Response, and (Re)Association Response
frames if OCE is enabled in the configuration.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This extends the hostapd control interface to support the
DPP_BOOTSTRAP_INFO command that was recently added for wpa_supplicant.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The default value for GTK rekeying period was previously hardcoded to
600 seconds for all cases. Leave that short value only for TKIP as group
cipher while moving to the IEEE 802.11 default value of 86400 seconds
(once-per-day) for CCMP/GCMP.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This updates the previously copied implementation to be up-to-date with
the more recent wpa_supplicant changes.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
