sae_check_confirm_pk() and sae_write_confirm_pk() were using different
checks for determining whether SAE-PK was used. It was apparently
possible to miss the checks in sae_write_confirm_pk() in some AP cases
where SAE H2E is being used. Fix this by checking sae->pk in the
write-confirm case similarly to the way this was done in check-confirm.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Debug logs did not make it clear whether the failure happens when
checking a received SAE confirm or when writing own SAE confirm. Those
cases have different checks on when to go through SAE-PK processing, so
it is useful to make this part clear in the debug log.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Verify AES-CTR encryption implementation against the test vectors in
NIST SP 800-38a. This implementations was already tested against AES SIV
and EAX mode test vectors, but this adds more explicit testing against
published CTR mode test vectors.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Use the "tmp_disallow" name more consistently so that both the core
wpa_supplicant functionality (struct wpa_bss_tmp_disallowed) and the
wpa_driver_ops callback have more similar names.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Introduce a new attribute QCA_WLAN_VENDOR_ATTR_CONFIG_UDP_QOS_UPGRADE
to configure access category override for UDP frames.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Introduces a vendor command to get the currently enabled band(s)
through QCA_NL80211_VENDOR_SUBCMD_GETBAND.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Also introduce a new attribute QCA_WLAN_VENDOR_ATTR_SETBAND_MASK to
carry this new bitmask enum. This attribute shall consider the bitmask
combinations to define the respective band combinations and substitutes
QCA_WLAN_VENDOR_ATTR_SETBAND_VALUE. The old attribute use remains same
as before.
In addition, document the previously undocumented, but defined,
QCA_NL80211_VENDOR_SUBCMD_SETBAND.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The NL80211_ATTR_VLAN_ID attribute expects non-zero values, but vlan_id
with value 0 has been set in VLAN offload case. Due to this, station
connection failure is observed if the driver advertises VLAN_OFFLOAD
support:
nl80211: NL80211_ATTR_STA_VLAN (addr=8c:fd:f0:22:19:15 ifname=wlan0
vlan_id=0) failed: -34 (Result not representable)
wlan0: STA 8c:fd:f0:22:19:15 IEEE 802.11: could not bind the STA
entry to vlan_id=0
Fix this by setting only non-zero values.
Fixes: 0f903f37dc ("nl80211: VLAN offload support")
Signed-off-by: Seevalamuthu Mariappan <seevalam@codeaurora.org>
40/80 MHz bandwidth setting was being rejected due to incorrect sanity
check on the channel index. Fix that for the bandwidths larger than 20
MHz.
Fixes: d7c2c5c98c ("AP: Add initial support for 6 GHz band")
Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
The 0..3 value decoded from the password was not incremented to the
actual 2..5 range for Sec. This resulted in not properly detecting the
minimum password length.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The channel numbering/center frequencies was changed in IEEE
P802.11ax/D6.1. The center frequencies of the channels were shifted by
10 MHz. Also, a new operating class 136 was defined with a single
channel 2. Add required support to change the channelization as per IEEE
P802.11ax/D6.1.
Signed-off-by: Wu Gao<wugao@codeaurora.org>
Signed-off-by: Vamsi Krishna <vamsin@codeaurora.org>
Check if nl80211 control port TX status is available in the kernel and
enable control port TX if so. With this feature, nl80211 control path is
able to provide the same feature set as nl80211 (management) + AF_PACKET
socket (control) before.
For debugging and testing, this can explicitly be disabled with
the driver parameter control_port_ap=0.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
The kernel commit "mac80211: support control port TX status reporting"
seems to be delivering the TX status events for EAPOL frames over
control port using NL80211_CMD_FRAME_TX_STATUS due to incorrect check on
whether the frame is a Management or Data frame. Use the pending cookie
value from EAPOL TX operation to detect this incorrect behavior and
redirect the event internally to allow it to be used to get full TX
control port functionality available for AP mode.
Signed-off-by: Jouni Malinen <j@w1.fi>
Allow custom ack handler to be registered and use the ext ack handler
for TX control port to fetch the cookie information. If these cookies
are not supported by the current kernel, a value of 0 is returned.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
In order to retransmit faster in AP mode, hostapd can handle TX status
notifications. When using nl80211, this is currently only possible with
socket control messages. Add support for receiving such events directly
over nl80211 and detecting, if this feature is supported.
This finally allows for a clean separation between management/control
path (over nl80211) and in-kernel data path.
A follow up commit enables the feature in AP mode.
Control port TX status contains the original frame content for matching
with the current hostapd code. Furthermore, a cookie is included, which
allows for matching against outstanding cookies in the future. This
commit only prints the cookie value for debugging purposes on TX status
receive.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
This is a preliminary patch for using extack cookies for TX control port
handling. Custom ack handler arguments for send_and_recv() and friends
is introduced therefore. This commit does not actually use the provided
values, i.e., that will be added in a separate commit.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
eap_teap_auth=2 can now be used to configure hostapd to skip Phase 2 if
the peer can be authenticated based on client certificate during Phase
1.
Signed-off-by: Jouni Malinen <j@w1.fi>
The EAP-TEAP server may skip Phase 2 if the client authentication could
be completed during Phase 1 based on client certificate. Handle this
similarly to the case of PAC use.
Signed-off-by: Jouni Malinen <j@w1.fi>
These are needed for EAP-TEAP server and client side implementation to
allow Phase 2 to be skipped based on client certificate use during Phase
1.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add events for within-ESS reassociation. This allows us to monitor roam
events, both skipped and allowed, in tests.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
This allows the DPP_CA_SET command to be targeting a specific DPP-CST
event in cases where the Configurator did not receive the bootstrapping
information for the peer.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Make Configurator wait for CSR (i.e., another Config Request) when using
DPP over TCP similarly to the over Public Action frame case.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This was previously covered for the DPP over Public Action frames, but
the DPP over TCP case was missed.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Parse the received CSR, verify that it has been signed correctly, and
verify that the challengePassword is present and matches the derived cp.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The low level ECDSA interface is not available in BoringSSL and has been
deprecetated in OpenSSL 3.0, so move to using a higher layer EVP-based
interface for performing the ECDSA sign/verify operations.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add initial Enrollee functionality for provisioning enterprise (EAP-TLS)
configuration object. This commit is handling only the most basic case
and a number of TODO items remains to handle more complete CSR
generation and config object processing.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Try to parse the private_key blob as an ECPrivateKey in addition to the
previously supported RSA and DSA.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
base64_encode_no_lf() is otherwise identical to base64_encode(), but it
does not add line-feeds to split the output.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Use "client device" as the term for the device that operates under a
guidance of the device responsible for enforcing DFS rules.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Modify the check for VHT to include an option for HE in
hostapd_eid_wb_chsw_wrapper() and its callers to allow the Channel
Switch Wrapper element with the Wide Bandwidth Channel Switch subelement
to be included in Beacon and Probe Response frames when AP is operating
in HE mode without VHT.
Signed-off-by: Muna Sinada <msinada@codeaurora.org>
Move hostapd_eid_wb_chsw_wrapper() from VHT specific ieee802_11_vht.c to
ieee802_11.c since this can be used for both HE and VHT. This commit
does not change any functionality to enable the HE use case, i.e., the
function is just moved as-is.
Signed-off-by: Muna Sinada <msinada@codeaurora.org>
Operation in the 6 GHz band mandates valid HE capabilities element in
station negotiation. Reject association request upon receiving invalid
or missing HE elements.
Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
Vendor VHT IE is used only on the 2.4 GHz band. Restrict the use of
vendor VHT element to 2.4 GHz. This will ensure that invalid/wrong user
configuration will not impact beacon data in other than the 2.4 GHz
band.
Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
Previously, 6 GHz Band Capability element was derived from HT and VHT
capabilities of the device. Removes such unnecessary dependency by
relying directly on the HE capability.
In addition, clean up the struct ieee80211_he_6ghz_band_cap definition
to use a 16-bit little endian field instead of two 8-bit fields to match
the definition in P802.11ax.
Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
Read mode specific HE 6 GHz capability from phy info. This is needed
for futher user config validation and IE construction.
Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
Set the SAE-PK capability bit in RSNXE when sending out (Re)Association
Request frame for a network profile that allows use of SAE-PK.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Move the FILS Public Key element and the FILS Key Confirmation element
to be separate IEs instead of being encapsulated within the SAE-PK
element. This is also removing the unnecessary length field for the
fixed-length EncryptedModifier.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This was clarified in the draft specification to not be a mandatory
requirement for the AP and STA to enforce, i.e., matching security level
is a recommendation for AP configuration rather than a protocol
requirement.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Define MAC address fetching for OS X (by reusing the existing FreeBSD
implementation) to allow full compile testing of the WPS implementation
on a more BSD-like platform.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
struct ifreq does not include the ifr_netmask alternative on FreeBSD, so
replace that more specific name with ifr_addr that works with both Linux
and FreeBSD.
Fixes: 5b78c8f961 ("WPS UPnP: Do not allow event subscriptions with URLs to other networks")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
While it is appropriate to try to retransmit the event to another
callback URL on a failure to initiate the HTTP client connection, there
is no point in trying the exact same operation multiple times in a row.
Replve the event_retry() calls with event_addr_failure() for these cases
to avoid busy loops trying to repeat the same failing operation.
These potential busy loops would go through eloop callbacks, so the
process is not completely stuck on handling them, but unnecessary CPU
would be used to process the continues retries that will keep failing
for the same reason.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
More than about 700 character URL ended up overflowing the wpabuf used
for building the event notification and this resulted in the wpabuf
buffer overflow checks terminating the hostapd process. Fix this by
allocating the buffer to be large enough to contain the full URL path.
However, since that around 700 character limit has been the practical
limit for more than ten years, start explicitly enforcing that as the
limit or the callback URLs since any longer ones had not worked before
and there is no need to enable them now either.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The UPnP Device Architecture 2.0 specification errata ("UDA errata
16-04-2020.docx") addresses a problem with notifications being allowed
to go out to other domains by disallowing such cases. Do such filtering
for the notification callback URLs to avoid undesired connections to
external networks based on subscriptions that any device in the local
network could request when WPS support for external registrars is
enabled (the upnp_iface parameter in hostapd configuration).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Use value 2 to point to RFC 5480 which describes the explicit
indicatiotion of the public key being in compressed form.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is in preparation of implementation changes to check SAE-PK
password length more accurately based on the Sec value.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The new sae_commit_status and sae_pk_omit configuration parameters and
an extra key at the end of sae_password pk argument can be used to
override SAE-PK behavior for testing purposes.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is mainly for testing purposes to allow more convenient checking of
station behavior when a transition mode is disabled.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
wpa_supplicant disables PMKSA caching with FT-EAP by default due to
known interoperability issues with APs. This is allowed only if the
network profile is explicitly enabling caching with
ft_eap_pmksa_caching=1. However, the PMKID for such PMKSA cache entries
was still being configured to the driver and it was possible for the
driver to build an RSNE with the PMKID for SME-in-driver cases. This
could result in hitting the interop issue with some APs.
Fix this by skipping PMKID configuration to the driver fot FT-EAP AKM if
ft_eap_pmksa_caching=1 is not used in the network profile so that the
driver and wpa_supplicant behavior are in sync for this.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Define QCA vendor attribute in SET(GET)_WIFI_CONFIGURATION to
dynamically configure capabilities for dynamic bandwidth adjustment.
Signed-off-by: Min Liu <minliu@codeaurora.org>
Define QCA vendor attribute in SET(GET)_WIFI_CONFIGURATION to
dynamically configure capabilities for channel width.
Signed-off-by: Min Liu <minliu@codeaurora.org>
Add support for missing driver AKM capability flags from the list of
RSN_AUTH_KEY_MGMT_* flags and make these available through the
'GET_CAPABILITY key_mgmt' control interface command.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add new QCA vendor attributes to configure RSNXE Used (FTE), ignore CSA,
and OCI frequency override with QCA vendor command
QCA_NL80211_VENDOR_SUBCMD_WIFI_TEST_CONFIGURATION for STA testbed role.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This maintains knowledge of whether H2E or PK was used as part of the
SAE authentication beyond the removal of temporary state needed during
that authentication. This makes it easier to use information about which
kind of SAE authentication was used at higher layer functionality.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
There is no need to update the WPS IE in Beacon frames when a
subscription is removed if that subscription is not for an actual
selected registrar. For example, this gets rids of unnecessary driver
operations when a subscription request gets rejected when parsing the
callback URLs.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
While this is not explicitly defined as the limit, lambda=8 (i.e., 9
characters with the added hyphen) is needed with Sec=5 to reach the
minimum required resistance to preimage attacks, so use this as an
implicit definition of the password length constraint.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Lambda >= 12 is needed with Sec = 2, so drop the shorter password
lengths in the sae_pk and module_wpa_supplicant test cases.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
While the current implementation forces these groups to be same, that is
not strictly speaking necessary and the correct group to use here is
K_AP, not the SAE authentication group.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This adds AP side functionality for SAE-PK. The new sae_password
configuration parameters can now be used to enable SAE-PK mode whenever
SAE is enabled.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This adds core SAE functionality for a new mode of using SAE with a
specially constructed password that contains a fingerprint for an AP
public key and that public key being used to validate an additional
signature in SAE confirm from the AP.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Convert the previously used text log entries to use the more formal
OCV-FAILURE prefix and always send these as control interface events to
allow upper layers to get information about unexpected operating channel
mismatches.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add hostapd configuration parameters oci_freq_override_* to allow the
OCI channel information to be overridden for various frames for testing
purposes. This can be set in the configuration and also updated during
the runtime of a BSS.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
OSEN STAs are not authenticated, so do not send the actual BIGTK for
them so that they cannot generate forged protected Beacon frames. This
means that OSEN STAs cannot enable beacon protection.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Do not include the actual GTK/IGTK value in FT protocol cases in OSEN or
with DGAF disabled (Hotspot 2.0). This was already the case for the
EAPOL-Key cases of providing GTK/IGTK, but the FT protocol case was
missed. OSEN cannot really use FT, so that part is not impacted, but it
would be possible to enable FT in a Hotspot 2.0 network that has DGAF
disabled.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Do not include the actual GTK/IGTK value in WNM Sleep Mode Response
frame if WNM Sleep Mode is used in OSEN or in a network where use of GTK
is disabled. This was already the case for the EAPOL-Key cases of
providing GTK/IGTK, but the WNM Sleep Mode exit case was missed.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
When a single hostapd process manages both the OWE and open BSS for
transition mode, owe_transition_ifname can be used to clone the
transition mode information (i.e., BSSID/SSID) automatically. When both
BSSs use ACS, the completion of ACS on the 1st BSS sets state to
HAPD_IFACE_ENABLED and the OWE transition mode information is updated
for all the other BSSs. However, the 2nd BSS is still in the ACS phase
and the beacon update messes up the state for AP startup and prevents
proper ACS competion.
If 2nd BSS is not yet enabled (e.g., in ACS), skip beacon update and
defer OWE transition information cloning until the BSS is enabled.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add an attribute QCA_WLAN_VENDOR_ATTR_OEM_DATA_RESPONSE_EXPECTED
to get the response for the queried data.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Verify that all associated STAs that claim support for OCV initiate an
SA Query after CSA. If no SA Query is seen within 15 seconds,
deauthenticate the STA.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add the OCV-FAILURE control interface event to notify upper layers of
OCV validation issues in FT and FILS (Re)Association Request frames.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add the OCV-FAILURE control interface event to notify upper layers of
OCV validation issues in EAPOL-Key msg 2/4 and group 2/2.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add a new OCV-FAILURE control interface event to notify upper layers of
OCV validation issues. This commit adds this for SA Query processing in
AP mode.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
