Previously, only the SME-in-wpa_supplicant case was supported. This
extends that to cover the drivers that implement SME internally (e.g.,
through the cfg80211 Connect command).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The Key MIC field value got truncated for all cases and incorrect HMAC
hash algorithm was used for the SHA512 cases.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This extends OWE support in wpa_supplicant to allow DH groups 20 and 21
to be used in addition to the mandatory group 19 (NIST P-256). The group
is configured using the new network profile parameter owe_group.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This extends OWE support in hostapd to allow DH groups 20 and 21 to be
used in addition to the mandatory group 19 (NIST P-256).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This extends the helper functions for determining OWE key lengths and
Key MIC values to support other DH curves beyond the mandatory group 19.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is not normally done in RSN, but RFC 8110 seems to imply that AP
has to include OWE AKM in the RSNE within these frames. So, add the RSNE
to (Re)Association Response frames when OWE is being negotiated.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add support for using the OWE Transition Mode element to determine the
hidden SSID for an OWE BSS that is used in transition mode.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
sm->pmk_len was not set when deriving the PMK as part of OWE key
generation. This depending on wpa_sm_set_pmk_from_pmksa() call resetting
the value to the default. While this worked for many cases, this is not
correct and can have issues with network profile selection based on
association information. For example, the OWE transition mode cases
would hit an issue here.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new owe_transition_bssid and owe_transition_ssid parameters can be
used to configure hostapd to advertise the OWE Transition Mode element.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This covers the case where 4-address Data frames are exchanged between
an AP and an associated station.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Replace vendor-specific elements for HE capabilities and HE operation
elements with the P802.11ax defined element values. This version is
based on P802.11ax/D1.4.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds new wpa_supplicant configuration parameters (go_interworking,
go_access_network_type, go_internet, go_venue_group, go_venue_type) to
add a possibility of configuring the P2P GO to advertise Interworking
element.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
These allow external programs to fetch the TX and RX rate information
and signal strength for a specific STA through the hostapd control
interface command "STA <addr>". The values of these attributes are
filled in the response of nl80211 command NL80211_CMD_GET_STATION.
Signed-off-by: bhagavathi perumal s <bperumal@qti.qualcomm.com>
Commit 84751b98c1 ('WPS: Allow wildcard
UUID PIN to be used twice') relaxed the constraints on how many time a
wildcard PIN can be used to allow two attempts. However, it did this in
a way that could result in concurrent attempts resulting in the wildcard
PIN being invalidated even without the second attempt actually going as
far as trying to use the PIN and a WPS protocol run.
wildcard_uuid is a flag/counter set for wildcard PINs and it is
incremented whenever the PIN is retrieved by wps_registrar_get_pin().
Eventually it causes the wildcard PIN to be released, effectively
limiting the number of registration attempts with a wildcard PIN.
With the previous implementation, when the PIN is in use and locked
(PIN_LOCKED), it is not returned from wps_registrar_get_pin() but
wildcard_uuid is still incremented which can cause the PIN to be
released earlier and stations will have fewer registration attempts with
it. Fix this scenario by only incrementing wildcard_uuid if the PIN is
actually going to be returned and used.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
Update the default scan IEs when OCE is enabled/disabled to the
driver/firmware, so that the correct IEs will be sent out by the
driver/firmware in Probe Request frames.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The previous versions expired, so need to re-sign these to fix number of
the EAP test cases. In addition, add a shell script (update.sh) and the
needed CA files to automate this full update process.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add 802.11ax channel property flags for use with external ACS (QCA
vendor command). Use the remaining available bits in
qca_wlan_vendor_channel_prop_flags for the first few 11ax flags. Then
add qca_wlan_vendor_channel_prop_flags_2 as a continuation of
qca_wlan_vendor_channel_prop_flags and add the remaining 11ax flags
there. Note that qca_wlan_vendor_channel_prop_flags_ext is not used
since it is currently not intended for holding such information. Rather
it is meant for holding additional control information related to
features such as DFS, CSA, etc.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new wpa_supplicant network parameter group_mgmt can be used to
specify which group management ciphers (AES-128-CMAC, BIP-GMAC-128,
BIP-GMAC-256, BIP-CMAC-256) are allowed for the network. If not
specified, the current behavior is maintained (i.e., follow what the AP
advertises). The parameter can list multiple space separate ciphers.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
ieee802_1x_kay_decode_mkpdu() calls ieee802_1x_mka_i_in_peerlist()
before body_len has been checked on all segments.
ieee802_1x_kay_decode_mkpdu() and ieee802_1x_mka_i_in_peerlist() might
continue and thus underflow left_len even if it finds left_len to small
(or before checking).
Additionally, ieee802_1x_mka_dump_peer_body() might perform out of bound
reads in this case.
Fix this by checking left_len and aborting if too small early.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
In fils_hlp_finish_assoc() the station is already added to the
driver so it is not needed to check the 'added_unassociated'
flag.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
The FILS features on STA needs to be disabled for testing purposes to
verify the APUT behavior with non-FILS STAs. Add a QCA vendor attribute
for doing so.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Update these comments based on IEEE Std 802.11-2016 to get rid of the
already resolved TODO comment regarding duplicated N_KEY use. The
implementation does not need any changes since it was already following
the fixed version in the current standard.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
There was a race condition on the sequence where iface.AbortScan() is
immediately followed by iface.Scan(). If the driver event
(NL80211_CMD_SCAN_ABORTED) arrived after the following new scan request,
the D-Bus operation failed. This is not what this test case is trying to
check, so wait for an indication of the previous scan having terminated
properly before issuing the next scan.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add checking for NULL req_ies when FILS processing a driver ASSOC event
in hostapd_notif_assoc(). This was already done in number of old code
paths, but the newer FILS path did not handle this. Though, it is
unlikely that this code path would be reachable in practice since this
is all within sta->auth_alg == WLAN_AUTH_FILS_* check.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Reject a DHE handshake if the server uses a DH prime that does not have
sufficient length to meet the Suite B 192-bit level requirement (<= 3k
(3072) bits).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The hostapd.conf tls_flags=[SUITEB-NO-ECDH] and wpa_supplicant network
profile phase1="tls_suiteb_no_ecdh=1" can now be used to configure Suite
B RSA constraints with ECDHE disabled. This is mainly to allow
the DHE TLS cipher suite to be tested.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Reject a peer certificate chain if it includes an RSA public key that
does not use sufficient key length to meet the Suite B 192-bit level
requirement (<= 3k (3072) bits).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds phase1 parameter tls_suiteb=1 into wpa_supplicant
configuration to allow TLS library (only OpenSSL supported for now) to
use Suite B 192-bit level rules with RSA when using >= 3k (3072) keys.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new psk=<hexdump> can be used as an alternative to pass=<passphrase>
when configuring the DPP Configurator with a legacy network parameters.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
These control interface event messages can be used to allow hostapd AP
to be configured for legacy WPA2-Personal configuration with DPP.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
While the Suite B AKM is not really going to be used with CCMP-128 or
GCMP-128 cipher, this corner case could be fixed if it is useful for
some testing purposes. Allow that special case to skip the HMAC-SHA1
check based on CCMP/GCMP cipher and use the following AKM-defined check
instead.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, wowlan_triggers were updated in kernel only during startup.
Also update it whenever it is set from the control interface.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This part is missing from IEEE Std 802.11ai-2016, but the lack of DHss
here means there would not be proper PFS for the case where PMKSA
caching is used with FILS SK+PFS authentication. This was not really the
intent of the FILS design and that issue was fixed during REVmd work
with the changes proposed in
https://mentor.ieee.org/802.11/dcn/17/11-17-0906-04-000m-fils-fixes.docx
that add DHss into FILS-Key-Data (and PTK, in practice) derivation for
the PMKSA caching case so that a unique ICK, KEK, and TK are derived
even when using the same PMK.
Note: This is not backwards compatible, i.e., this breaks PMKSA caching
with FILS SK+PFS if only STA or AP side implementation is updated.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
IEEE Std 802.11ai-2016 had missed a change in the Pairwise key hierarchy
clause (12.7.1.3 in IEEE Std 802.11-2016) and due to that, the previous
implementation ended up using HMAC-SHA-1 -based PMKID derivation. This
was not really the intent of the FILS design and that issue was fixed
during REVmd work with the changes proposed in
https://mentor.ieee.org/802.11/dcn/17/11-17-0906-04-000m-fils-fixes.docx
that change FILS cases to use HMAC-SHA-256 and HMAC-SHA-384 based on the
negotiated AKM.
Update the implementation to match the new design. This changes the
rsn_pmkid() function to take in the more generic AKMP identifier instead
of a boolean identifying whether SHA256 is used.
Note: This is not backwards compatible, i.e., this breaks PMKSA caching
based on the initial ERP key hierarchy setup if only STA or AP side
implementation is updated. PMKSA caching based on FILS authentication
exchange is not impacted by this, though.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, the code that writes mesh_rssi_threshold to a network block
always executes, but the code that reads it from network block and the
code that initializes it to a default value in a new network block are
inside #ifdef CONFIG_MESH. As a result when writing a config file it
will write mesh_rssi_threshold (since it has a non-default value) and
later fail to read the network block.
Fix this by moving the write code under #ifdef CONFIG_MESH as well.
Note, network blocks which already have mesh_rssi_threshold because of
the bug will still fail to read after the fix.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>