K and z can be derived already based on information available at the
time the PKEX Exchange Request is being processed, so move these there
from the PKEX Commit-Reveal Request processing since that matches the
DPP tech spec description close and allows PKEX exchange to be aborted
earlier if anything unexpected happens.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add limit on number of failed attempts that could have used PKEX code.
If the limit (5) is reached, drop the PKEX state (including the code)
and report this on the control interface to indicate that a new code
needs to be entered due to possible attack.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Clean up the pending PKEX exchange if Commit-Reveal Request processing
indicates a mismatch in the PKEX code. Previously, the this case was
silently ignored and the session was left in pending state that
prevented new PKEX exchanges from getting initated. Now, a new attempt
is allowed to be initiated.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Number of places writing BIGNUM values with left-padding were open
coding this helper functionality unnecessarily.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Report mismatching finite cyclic group with PKEX Exchange Response using
STATUS_BAD_GROUP and provide more detailed error report over the control
interface on the peer device when this happens.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The optional channel information was removed from the discovery object
in the DPP tech spec, so no need to maintain this TODO note anymore.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The previously used WLAN_REASON_MICHAEL_MIC_FAILURE (14) value as a
response to Authentication frame or (Re)Association Request frame is not
correct since the resp value is encoded in the Status Code (not Reason
Code) field. Status Code 14 is WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION
which is really what this value would have meant in the response frames.
There is no Michael MIC failure status code, so have to use the generic
"Unspecified failure" (1) reason code for these cases.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This cleans up dpp_pkex_rx_commit_reveal_req() a bit and makes it easier
to add protocol testing functionality to PKEX exchange similarly to the
previously added DPP Authentication case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This cleans up dpp_pkex_rx_exchange_resp() a bit and makes it easier to
add protocol testing functionality to PKEX exchange similarly to the
previously added DPP Authentication case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This cleans up dpp_pkex_rx_exchange_req() a bit and makes it easier to
add protocol testing functionality to PKEX exchange similarly to the
previously added DPP Authentication case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Indicate to upper layers if PKEX Commit-Reveal Request frame AES-SIV
decryption fails. That is a likely sign of the PKEX code mismatch
between the devices.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Build breakage was introduced by commit
d8afdb210e ('Allow EAPOL-Key messages 1/4
and 3/4 to be retransmitted for testing') for some
CONFIG_TESTING_OPTIONS=y builds without CONFIG_IEEE80211W=y.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
This provides access to the Minimum/Maximum Transmit Power Capabilitie
fileds (the nominal minimum/maximum transmit power with which the STA
is capable of transmitting in the current channel; signed integer in
units of decibels relative to 1 mW).
Signed-off-by: bhagavathi perumal s <bperumal@qti.qualcomm.com>
Handle OWE DH exchange and key setup when processing the association
event from a driver that implements AP SME.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
While most places using this should be for cases where the hw_features
functionality is required, there seem to be some paths that are getting
exposed in new OWE related operations where that might not be the case.
Add explicit NULL pointer checks to avoid dereferencing the pointer if
it is not set when operating with driver wrappers that do not provide
sufficient information.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Normally, WNM-Sleep Mode exit with management frame protection
negotiated would result in the current GTK/IGTK getting added into the
WNM-Sleep Mode Response frame. Some station implementations may have a
vulnerability that results in GTK/IGTK reinstallation based on this
frame being replayed. Add a new hostapd configuration parameter that can
be used to disable that behavior and use EAPOL-Key frames for GTK/IGTK
update instead. This would likely be only used with
wpa_disable_eapol_key_retries=1 that enables a workaround for similar
issues with EAPOL-Key. This is related to station side vulnerabilities
CVE-2017-13087 and CVE-2017-13088. To enable this AP-side workaround,
set wnm_sleep_mode_no_keys=1.
Signed-off-by: Jouni Malinen <j@w1.fi>
When strict group rekeying is in effect, every station that leaves will
cause a rekeying to happen 0.5 s after leaving. However, if a lot of
stations join/leave, the previous code could postpone this rekeying
forever, since it always re-registers the handling with a 0.5 s timeout.
Use eloop_deplete_timeout() to address that, only registering the
timeout from scratch if it wasn't pending.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
In order to test the WoWLAN GTK rekeying KRACK mitigation, add a
REKEY_GTK hostapd control interface command that can be used at certain
points of the test.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Allow the Initiator to request a different channel to be used for DPP
Authentication and DPP Configuration exchanges. This commit adds support
for this in wpa_supplicant with the optional neg_freq=<freq in MHz>
parameter in DPP_AUTH_INIT.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Process Authentication Confirm with the two failure cases defined in the
spec: STATUS_NOT_COMPATIBLE and STATUS_AUTH_FAILURE. This verifies the
{R-nonce}k2 part and reports more detailed failure reason if the message
is valid.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If Authentication Response processing fails due to R-capab
incompatibility or R-auth mismatch, send Authentication Confirm with
error status.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This extends the dpp_test mechanism to allow I-nonce, R-capab, R-auth,
and I-auth values in Authentication Response/Confirm to use incorrect
values.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, Initiator decided whether to use mutual authentication on
its own based on having own and peer bootstrapping info. This prevented
Responder from selecting not to use mutual authentication in such a
case. Fix this by allowed Initiator to fall back to non-mutual
authentication based on Responder choice if the bootstrapping mechanism
allows this (PKEX does not; it mandates use of mutual authentication).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is useful for protocol testing purposes and UI needs to display
more detailed information about DPP exchanges.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This extends the dpp_test mechanism to allow each of the required
attributes in Authentication Confirm to be omitted.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is useful for protocol testing purposes and UI needs to display
more detailed information about DPP exchanges.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This extends the dpp_test mechanism to allow each of the required
attributes in Authentication Response to be omitted.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This cleans up old dpp_auth_build_resp() (now dpp_auth_build_resp_ok())
a bit by separating initialization steps for a DPP authentication
session from the code needed to build the frame. This allows
dpp_auth_build_resp_status() to share the helper function instead of
having to maintain a duplicated message construction implementation. In
addition, this makes it easier to remove some of the attributes for
protocol testing purposes.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This extends the dpp_test mechanism to allow each of the required
attributes in Authentication Request to be omitted.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This cleans up dpp_auth_init() a bit by separating initialization steps
for a DPP authentication session from the code needed to build the
frame. In addition, this makes it easier to remove some of the
attributes for protocol testing purposes.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>