Commit graph

255 commits

Author SHA1 Message Date
Veerendranath Jakkam
5ecb45a41c OCV: Use more granular error codes for OCI validation failures
Enhance the return values of ocv_verify_tx_params with enum to indicate
different OCI verification failures to caller.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-09-11 15:23:28 +03:00
Jouni Malinen
0c4ffce464 Allow transition_disable updates during the lifetime of a BSS
This is mainly for testing purposes to allow more convenient checking of
station behavior when a transition mode is disabled.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-07 17:06:52 +03:00
Jouni Malinen
661e661186 OCV: Allow OCI channel to be overridden for testing (AP)
Add hostapd configuration parameters oci_freq_override_* to allow the
OCI channel information to be overridden for various frames for testing
purposes. This can be set in the configuration and also updated during
the runtime of a BSS.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-30 00:04:53 +03:00
Jouni Malinen
5a7bcb7725 OSEN: Do not send the actual BIGTK to OSEN STAs
OSEN STAs are not authenticated, so do not send the actual BIGTK for
them so that they cannot generate forged protected Beacon frames. This
means that OSEN STAs cannot enable beacon protection.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-29 21:25:02 +03:00
Jouni Malinen
a998337895 WNM: Do not expose GTK/IGTK in WNM Sleep Mode Response frame in OSEN
Do not include the actual GTK/IGTK value in WNM Sleep Mode Response
frame if WNM Sleep Mode is used in OSEN or in a network where use of GTK
is disabled. This was already the case for the EAPOL-Key cases of
providing GTK/IGTK, but the WNM Sleep Mode exit case was missed.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-29 21:04:40 +03:00
Jouni Malinen
a3556d5813 OCV: Report validation errors for EAPOL-Key messages in AP mode
Add the OCV-FAILURE control interface event to notify upper layers of
OCV validation issues in EAPOL-Key msg 2/4 and group 2/2.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-25 19:09:12 +03:00
Jouni Malinen
52579be860 OCV: Move "OCV failed" prefix to callers
Make reporting of OCV validation failure reasons more flexible by
removing the fixed prefix from ocv_verify_tx_params() output in
ocv_errorstr so that the caller can use whatever prefix or encapsulation
that is most appropriate for each case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-25 18:34:59 +03:00
Jouni Malinen
d9532eb70f Debug print PMK-R0/R1 and PMKR0/R1Name in the helper functions
There is no need to have all callers debug print these separately.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-23 21:45:29 +03:00
Jouni Malinen
12c8eacf73 DPP: Allow version number to be overridden for testing purposes
"SET dpp_version_override <ver>" can now be used to request
wpa_supplicant and hostapd to support a subset of DPP versions. In
practice, the only valid case for now is to fall back from DPP version 2
support to version 1 in builds that include CONFIG_DPP2=y.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 00:37:45 +03:00
Jouni Malinen
9561925b4d DPP2: Detect PFS downgrade attack while processing EAPOL-Key msg 2/4
Do not allow association to continue if the local configuration enables
PFS and the station indicates it supports PFS, but PFS was not
negotiated for the association.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 00:37:44 +03:00
Jouni Malinen
b11a12401a DPP2: Add DPP KDE into EAPOL-Key msg 3/4 when using DPP AKM
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 00:37:44 +03:00
Jouni Malinen
a803ba4f9d Use more specific reason codes for 4-way handshake timeouts
IEEE 802.11 defines reason codes for indicating 4-way handshake and
group key handshake timeouts. Use those reason codes instead of the more
generic one for these particular cases in the Authenticator state
machine.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-29 13:00:53 +03:00
Jouni Malinen
56024a233a WPA auth: Convert Boolean to C99 bool
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-24 17:06:50 +03:00
Jouni Malinen
a6c689d354 FT: Testing override for RSNXE Used subfield in FTE (AP)
Allow hostapd to be requested to override the RSNXE Used subfield in FT
reassociation case for testing purposes with "ft_rsnxe_used=<0/1/2>"
where 0 = no override, 1 = override to 1, and 2 = override to 0.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-16 23:39:57 +03:00
Jouni Malinen
d867e11811 FT: Remove and re-add STA entry after FT protocol success with PMF
Allow STA entry to be removed and re-added to the driver with PMF is
used with FT. Previously, this case resulted in cfg80211 rejecting STA
entry update after successful FT protocol use if the association had not
been dropped and it could not be dropped for the PMF case in
handle_auth().

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-04 21:53:10 +03:00
Alexander Wetzel
3f88d2ba0d AP: Drop not needed condition to delete PTK ID 1
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-29 21:15:16 +03:00
Jouni Malinen
7b156a3c5a wpa_auth: Use printf format %zu instead of type casts
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-28 19:54:10 +02:00
Jouni Malinen
f83d3491b9 wpa_auth: Do not split strings into multiple lines
Avoid unnecessary splitting of long string constants into multiple
lines.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-28 19:48:32 +02:00
Jouni Malinen
9385f03feb wpa_auth: Coding style cleanup for pointer is NULL comparisons
Use !ptr instead of ptr == NULL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-28 19:36:00 +02:00
Jouni Malinen
62e12afcf1 wpa_auth: Clean up pointer dereferences
Use local variables to avoid sm->wpa_auth->conf type of dereferences
where multiple instances within a function can be cleaned up.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-28 19:29:12 +02:00
Jouni Malinen
82cc0b0cc2 Allow hostapd AP to advertise Transition Disable KDE
The new hostapd configuration parameter transition_disable can now be
used to configure the AP to advertise that use of a transition mode is
disabled. This allows stations to automatically disable transition mode
by disabling less secure network profile parameters.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-26 00:12:41 +02:00
Alexander Wetzel
862aac1fcd AP: Support Extended Key ID
Support Extended Key ID in hostapd according to IEEE Std 802.11-2016.

Extended Key ID allows to rekey pairwise keys without the otherwise
unavoidable MPDU losses on a busy link. The standard is fully backward
compatible, allowing an AP to serve STAs with and without Extended Key
ID support in the same BSS.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-23 11:43:10 +02:00
Jouni Malinen
51d1924bd8 FT: Set the new RSNXE Used subfield in FT reassociation
This is a workaround needed to keep FT protocol backwards compatible for
the cases where either the AP or the STA uses RSNXE, but the other one
does not. This commit adds setting of the new field to 1 in
Reassociation Request/Response frame during FT protocol when the STA/AP
uses RSNXE in other frames. This mechanism is described in 20/332r3.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-20 21:23:48 +02:00
Jouni Malinen
4d64fd37b7 Allow RSNE in EAPOL-Key msg 3/4 to be replaced for testing purposes
The new hostapd configuration parameter rsne_override_eapol can now be
used similarly to the previously added rsnxe_override_eapol to override
(replace contents or remove) RSNE in EAPOL-Key msg 3/4. This can be used
for station protocol testing to verify sufficient checks for RSNE
modification between the Beacon/Probe Response frames and EAPOL-Key msg
3/4.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-07 16:45:52 +02:00
Jouni Malinen
9128b67269 Extend hostapd rsnxe_override_eapol to allow IE removal
Previous implementation was determining whether the override value was
set based on its length being larger than zero. Replace this with an
explicit indication of whether the parameter is set to allow zero length
replacement, i.e., remove of RSNXE from EAPOL-Key msg 3/4.

In addition, move IE replacement into a more generic helper function to
allow this to be used with other IEs as well.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-07 16:39:36 +02:00
Hu Wang
0a76a0b965 OWE: Fix PTK derivation workaround for interoperability
The initial implementation of the PTK derivation workaround for
interoperability with older OWE implementations forced
WPA_KEY_MGMT_PSK_SHA256 to be used for all of PTK derivation. While that
is needed for selecting which hash algorithm to use, this was also
changing the length of the PTK components and by doing so, did not
actually address the backwards compatibility issue.

Fix this by forcing SHA256 as the hash algorithm in PTK derivation
without changing the PTK length calculation for OWE when
owe_ptk_workaround is enabled.

Fixes: 65a44e849a ("OWE: PTK derivation workaround in AP mode")
Fixes: 8b138d2826 ("OWE: PTK derivation workaround in STA mode")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-06 21:44:31 +02:00
Alexander Wetzel
1a7963e36f AP: Allow PTK rekeying without Ext KeyID to be disabled as a workaround
Rekeying a pairwise key using only keyid 0 (PTK0 rekey) has many broken
implementations and should be avoided when using or interacting with
one. The effects can be triggered by either end of the connection and
range from hardly noticeable disconnects over long connection freezes up
to leaking clear text MPDUs.

To allow affected users to mitigate the issues, add a new hostapd
configuration option "wpa_deny_ptk0_rekey" to replace all PTK0 rekeys
with disconnection. This requires the station to reassociate to get
connected again and as such, can result in connectivity issues as well.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-02-23 12:22:49 +02:00
Jouni Malinen
16889aff40 Add BIGTK KDE and subelement similarly to IGTK
This provides the BIGTK updates to associated stations similarly to
IGTK.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-17 23:48:24 +02:00
Jouni Malinen
555dcd75ce Generate BIGTK and rekey it with IGTK
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-17 23:48:24 +02:00
Jouni Malinen
65a44e849a OWE: PTK derivation workaround in AP mode
Initial OWE implementation used SHA256 when deriving the PTK for all OWE
groups. This was supposed to change to SHA384 for group 20 and SHA512
for group 21. The new owe_ptk_workaround parameter can be used to enable
workaround for interoperability with stations that use SHA256 with
groups 20 and 21. By default, only the appropriate hash function is
accepted. When workaround is enabled (owe_ptk_workaround=1), the
appropriate hash function is tried first and if that fails, SHA256-based
PTK derivation is attempted. This workaround can result in reduced
security for groups 20 and 21, but is required for interoperability with
older implementations. There is no impact to group 19 behavior.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-24 00:47:41 +02:00
Alexander Wetzel
a919a26035 Introduce and add key_flag
Add the new set_key() parameter "key_flag" to provide more specific
description of what type of a key is being configured. This is needed to
be able to add support for "Extended Key ID for Individually Addressed
Frames" from IEEE Std 802.11-2016. In addition, this may be used to
replace the set_tx boolean eventually once all the driver wrappers have
moved to using the new key_flag.

The following flag are defined:

  KEY_FLAG_MODIFY
    Set when an already installed key must be updated.
    So far the only use-case is changing RX/TX status of installed
    keys. Must not be set when deleting a key.

  KEY_FLAG_DEFAULT
    Set when the key is also a default key. Must not be set when
    deleting a key. (This is the replacement for set_tx.)

  KEY_FLAG_RX
    The key is valid for RX. Must not be set when deleting a key.

  KEY_FLAG_TX
    The key is valid for TX. Must not be set when deleting a key.

  KEY_FLAG_GROUP
    The key is a broadcast or group key.

  KEY_FLAG_PAIRWISE
    The key is a pairwise key.

  KEY_FLAG_PMK
    The key is a Pairwise Master Key (PMK).

Predefined and needed flag combinations so far are:

  KEY_FLAG_GROUP_RX_TX
    WEP key not used as default key (yet).

  KEY_FLAG_GROUP_RX_TX_DEFAULT
    Default WEP or WPA-NONE key.

  KEY_FLAG_GROUP_RX
    GTK key valid for RX only.

  KEY_FLAG_GROUP_TX_DEFAULT
    GTK key valid for TX only, immediately taking over TX.

  KEY_FLAG_PAIRWISE_RX_TX
    Pairwise key immediately becoming the active pairwise key.

  KEY_FLAG_PAIRWISE_RX
    Pairwise key not yet valid for TX. (Only usable with Extended Key ID
    support.)

  KEY_FLAG_PAIRWISE_RX_TX_MODIFY
    Enable TX for a pairwise key installed with KEY_FLAG_PAIRWISE_RX.

  KEY_FLAG_RX_TX
    Not a valid standalone key type and can only used in combination
    with other flags to mark a key for RX/TX.

This commit is not changing any functionality. It just adds the new
key_flag to all hostapd/wpa_supplicant set_key() functions without using
it, yet.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-01-09 12:38:36 +02:00
Jouni Malinen
8d84c75f7c Allow testing override for GTK/IGTK RSC from AP to STA
The new hostapd gtk_rsc_override and igtk_rsc_override configuration
parameters can be used to set an override value for the RSC that the AP
advertises for STAs for GTK/IGTK. The contents of those parameters is a
hexdump of the RSC in little endian byte order.

This functionality is available only in CONFIG_TESTING_OPTIONS=y builds.
This can be used to verify that stations implement initial RSC
configuration correctly for GTK/ and IGTK.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-04 13:05:26 +02:00
Mikael Kanstrup
307cfc3286 Strip trailing zero data in EAPOL-Key msg 1/4 when no PMKID to send
EAPOL-Key message 1/4 without PMKID KDE was sent with 22 bytes of stray
data following a zero length key data field. These 22 bytes happens to
be the exact size of an PMKID KDE. Strip these trailing bytes by
checking whether a PMKID is available and adjust pmkid_len to 0 if not.

This was seen for example in capture files created by hwsim test case
suite_b_192 but code modified to handle also the other cases without
PMKID (Suite B no-KCK, FILS without PMKID available, SAE without PMKID
available).

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sony.com>
2019-12-23 00:26:07 +02:00
Jouni Malinen
f2c4b44b40 SAE H2E: RSNXE override in EAPOL-Key msg 3/4
This new hostapd configuration parameter rsnxe_override_eapol=<hexdump>
can be used to override RSNXE value in EAPOL-Key msg 3/4 for testing
purposes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-07 17:32:17 +02:00
Jouni Malinen
74866f5378 RSN: Verify RSNXE match between (Re)AssocReq and EAPOL-Key msg 2/4
If the STA advertises RSN Extension element, it has to be advertised
consistently in the unprotected ((Re)Association Request) and protected
(EAPOL-Key msg 2/4) frames. Verify that this is the case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-18 00:20:29 +03:00
Jouni Malinen
d3516cad7a Store a copy of Association Request RSNXE in AP mode for later use
This is needed to be able to compare the received RSNXE to a protected
version in EAPOL-Key msg 2/4.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-18 00:20:29 +03:00
Alexander Wetzel
7a4b01c879 AP: Provide correct keyid to wpa_send_eapol() for EAPOL-Key msg 3/4
PTKINITNEGOTIATING in the WPA state machine calls wpa_send_eapol() and
hands over the GTK instead of the PTK keyid.

Besides a confusing debug message this does not have any negative side
effects: The variable is only set to a wrong value when using WPA2 but
then it's not used.

With this patch PTKINITNEGOTIATING sets the PTK keyid unconditionally to
zero for EAPOL-Key msg 3/4 and differentiates more obviously between GTK
and PTK keyids.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2019-09-19 12:34:21 +03:00
Jouni Malinen
7d2ed8bae8 Remove CONFIG_IEEE80211W build parameter
Hardcode this to be defined and remove the separate build options for
PMF since this functionality is needed with large number of newer
protocol extensions and is also something that should be enabled in all
WPA2/WPA3 networks.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-09-08 17:33:40 +03:00
Jouni Malinen
d1b1f9fa9a Report WPA/RSN protocol and AKM suite selector in STA MIB
The new "wpa" and "AKMSuiteSelector" entries in hostapd "STA <addr>"
control interface output can be used to determine the negotiated WPA/RSN
protocol and AKM suite of an associated station.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-24 12:58:49 +03:00
Jouni Malinen
ce362f885f FILS: Explicitly clear plaintext buffer for Assoc Resp
This buffer may contain GTK and IGTK, so better clear it explicitly from
heap memory before freeing the buffer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-26 16:11:56 +03:00
Jouni Malinen
31bc66e4d1 More forceful clearing of stack memory with keys
gcc 8.3.0 was apparently clever enough to optimize away the previously
used os_memset() to explicitly clear a stack buffer that contains keys
when that clearing happened just before returning from the function.
Since memset_s() is not exactly portable (or commonly available yet..),
use a less robust mechanism that is still pretty likely to prevent
current compilers from optimizing the explicit clearing of the memory
away.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-26 16:11:56 +03:00
Jouni Malinen
64f4809371 FT: Store XXKey/MPMK in PMKSA cache instead of MSK (authenticator)
When completing FT initial mobility domain association with EAP, store
XXKey/MPMK in the PMKSA cache instead of MSK. The previously stored MSK
was of no use since it could not be used as the XXKey for another FT
initial mobility domain association using PMKSA caching.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-28 15:52:08 +03:00
Jouni Malinen
b583ed38df FT: Derive PTK properly for rekeying with FT protocol
Do not try to derive a PMK-R0 and PMK-R1 again for the case where an
association was started with FT protocol and PTK is rekeyed using 4-way
handshake. Instead, use the previously derived PMK-R1 to allow a new PTK
to be derived.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-19 11:45:13 +03:00
Jouni Malinen
fb1dee221b FT: Do not add bogus PMKID in msg 1/4 for FT protocol PTK rekeying
Do not try to derive a PMKID for EAPOL-key msg 1/4 when going through
4-way handshake to rekey PTK during an association that was started
through FT protocol.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-19 01:12:30 +03:00
Jouni Malinen
8a576f5ea5 FT: Maintain PMK-R1 for a connected STA
This is needed to allow PTK rekeying to be performed through 4-way
handshake in an association started through FT protocol.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-19 01:12:30 +03:00
Jouni Malinen
09ab81b9e8 WPA: Clear authenticator keys for a STA on deinit/disconnection
Do not leave keys in heap memory after they are no longer needed.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-19 01:12:30 +03:00
Jouni Malinen
d178ab0d57 FT: Start PTK rekey timer on FT protocol completion
This is needed to trigger PTK rekeying properly for associations started
with FT protocol.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-19 01:12:29 +03:00
Jouni Malinen
267c366f38 FT: Remove unused pmk argument from wpa_auth_derive_ptk_ft()
FT rules for PTK derivation do not use PMK. Remove the unused argument
to the PTK derivation function.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-19 01:05:47 +03:00
Jouni Malinen
a40bd06e9b FILS: Fix PTK rekeying
The PMK and PMKID information from FILS ERP and FILS PMKSA caching needs
to be stored within struct wpa_state_machine for PTK to work. Without
this, PTK derivation would fail and attempt to go through rekeying would
result in disconnection. Furthermore, wpa_rekey_ptk() timer needs to be
started at the completion of FILS association since the place where it
was done for non-FILS cases at the end of 4-way handshake is not reached
when FILS authentication is used.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-18 21:55:39 +03:00
vamsi krishna
6fe3f0f798 FT-SAE: Use PMK as XXKey in AP when SAE PMKSA caching is used
When connected using FT-SAE key mgmt, use PMK from PMKSA cache as XXKey
for PMK-R0 and PMK-R1 derivations. This fixes an issue where FT key
hierarchy could not be established due to missing (not yet configured)
XXKey when using SAE PMKSA caching for the initial mobility domain
association.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-27 04:01:26 +02:00