hostapd was hardcoded to use 128-bit IGTK in FT protocol (IGTK
subelement in FTE). Extend that to allow 256-bit IGTK (i.e.,
BIP-CMAC-256 and BIP-GMAC-256) to be used as well.
Signed-off-by: Jouni Malinen <j@w1.fi>
Instead of sending out a partially completed frame, abort the
association process if something unexpected happens and remove the STA
entry.
Signed-off-by: Jouni Malinen <j@w1.fi>
When support for KCK2 and KEK2 was added, both keys were derived for
FT-FILS cases, but only KCK2 was actually used. Add similar changes to
use KEK2 to protect GTK/IGTK in FTE with using FT-FILS AKMs.
This fixes AES key wrapping to use the correct key. The change is not
backwards compatible.
Fixes: 2f37387812 ("FILS: Add more complete support for FT-FILS use cases")
Signed-off-by: Jouni Malinen <j@w1.fi>
When building an RRB message, a failure in wpa_ft_rrb_lin() calls could
have resulted in trying to free an uninitialized pointer. Fix this by
initializing *packet to NULL before going through the initial steps.
Signed-off-by: Jouni Malinen <j@w1.fi>
SHA384-based FT AKM uses longer keys, so the RRB receive processing for
push and pull response messages needs to be able to accept variable
length PMK-R1.
Signed-off-by: Jouni Malinen <j@w1.fi>
The MIC field is now a variable length field, so make FTE generation in
hostapd aware of the two different field lengths.
Signed-off-by: Jouni Malinen <j@w1.fi>
The MIC field is now a variable length field, so make FTE generation in
wpa_supplicant aware of the two different field lengths.
Signed-off-by: Jouni Malinen <j@w1.fi>
This defines key lengths for SHA384-based FT AKM and handles writing and
parsing for RSNE AKMs with the new value.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new label string for TLS-Exporter was taken into use for MSK
derivation, but it was missed from EMSK deriation in the server side
implementation.
Signed-off-by: Jouni Malinen <j@w1.fi>
The label strings used for deriving Key_Material with TLS v1.3 were
changed, so update the implementation to match the new values.
Signed-off-by: Jouni Malinen <j@w1.fi>
New WPA_DRIVER_FLAGS have been added but corresponding lookup
strings for driver_flags command were never added. Add the
missing strings.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sony.com>
If time_advertisement=2 is included in hostapd configuration, but
time_zone is unset, the previous implementation tried to write the Time
Zone element into management frames. This resulted in segmentation fault
when trying to dereference a NULL pointer. Fix that by skipping addition
of this element when time_zone parameter is not set.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Add mesh type to nl80211 channel switch request, so mesh is able to send
the request to kernel drivers.
Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
This allows a single BSS/SSID to be used for both data connection and
OSU. In wpa_supplicant configuration, the current proto=OSEN
key_mgmt=OSEN combination is now allowing both the old separate OSEN
BSS/IE and the new RSN-OSEN to be used.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This allows a single BSS/SSID to be used for both data connection and
OSU. Instead of hostapd configuration osen=1, wpa_key_mgmt=OSEN (or more
likely, wpa_key_mgmt=WPA-EAP OSEN) is used to enable this new option.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Before calling HW macsec driver API, be_to_host16() should be used to
reverse the SCI port byte order. This was broken as part of the mka API
changes.
Fixes: 8ebfc7c2ba ("mka: Pass full structures down to macsec drivers' transmit SC ops")
Signed-off-by: xiaofeis <xiaofeis@codeaurora.org>
Run through the hunting-and-pecking loop 40 times to mask the time
necessary to find PWE. The odds of PWE not being found in 40 loops is
roughly 1 in 1 trillion.
Signed-off-by: Dan Harkins <dharkins@lounge.org>
Aborty processing if ID exchange processing is entered twice
unexpectedly. This avoids memory leaks in the function.
Signed-off-by: Jouni Malinen <j@w1.fi>
These changes add support for salted password databases to EAP-pwd per
RFC 8146. This commits introduces the framework for enabling this and
the actual salting mechanisms are introduced in the following commits.
Signed-off-by: Dan Harkins <dharkins@lounge.org>
There is no need to do this during the ID exchange, so move PWE
deriation into the following commit exchange in preparation for adding
support for salted passwords.
Signed-off-by: Dan Harkins <dharkins@lounge.org>
These changes add support for salted password databases to EAP-pwd per
RFC 8146. This commits introduces the framework for enabling this and
the salting mechanisms based on SHA-1, SHA256, and SHA512 hash
algorithms.
Signed-off-by: Dan Harkins <dharkins@lounge.org>
This commit adds a new vendor command attribute
QCA_WLAN_VENDOR_ATTR_CONFIG_GTX in
QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION to enable/disable green
Tx power saving feature.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Move enum fst_reason to be a top level type, since it is used as
argument in the function fst_reason_name() and having it as nested
type caused a compile error when fst_ctrl_aux.h was included from
a C++ source file.
Signed-off-by: Lior David <liord@codeaurora.org>
This extends the SAE implementation in both infrastructure and mesh BSS
cases to allow an optional Password Identifier to be used. This uses the
mechanism added in P802.11REVmd/D1.0. The Password Identifier is
configured in a wpa_supplicant network profile as a new string parameter
sae_password_id. In hostapd configuration, the existing sae_password
parameter has been extended to allow the password identifier (and also a
peer MAC address) to be set. In addition, multiple sae_password entries
can now be provided to hostapd to allow multiple per-peer and
per-identifier passwords to be set.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add NAN attributes to communicate IPv6 address, port, and protocol
between wifihal and host driver.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The n argument to this function is number of bits, not bytes, to shift.
As such, need to use mp_rshb() instead of mp_rshd(). This fixes EAP-pwd
with P-521 curve.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Previously, hostapd CHAN_SWITCH command did not effect VHT configuration
for the following:
When VHT is currently disabled (ieee80211ac=0),
1. hostapd_cli -p /var/run/hostapd chan_switch 10 5180 \
sec_channel_offset=1 center_freq1=5190 bandwidth=40 ht
====> Comes up in HT40
2. hostapd_cli -p /var/run/hostapd chan_switch 10 5765 \
sec_channel_offset=-1 center_freq1=5775 bandwidth=40 vht
====> Comes up in HT40
3. hostapd_cli -p /var/run/hostapd chan_switch 10 5200 center_freq1=5200 \
bandwidth=20 vht
====> Comes up in HT20
When VHT is currently enabled (ieee80211ac=1),
1. hostapd_cli -p /var/run/hostapd chan_switch 10 5180 \
sec_channel_offset=1 center_freq1=5190 bandwidth=40 ht
====> Comes up in VHT40
2. hostapd_cli -p /var/run/hostapd chan_switch 10 5200 center_freq1=5200 \
bandwidth=20 ht
====> Comes up in VHT20
This is since VHT config from chan_switch is processed only for
bandwidths 80 and above (80P80, 160) and for VHT20, VHT40 cases, only
NLA chan type and chan width are updated.
There is no NL attribute for determining if it is HT or VHT for
bandwidths 20 & 40 and currently they are updated as HT20, HT40 (+ or -
depending on offset). Same is notified back via
NL80211_CMD_CH_SWITCH_NOTIFY.
Instead of adding new NL attribute for tracking HT/VHT enabled config,
we are adding new hostapd VHT config parameter to save the chan_switch
config and use only for chan_switch case of VHT20 and VHT40.
Tested with all combinations of chan_switch (noHT->20->40->80->) HT/VHT
and confirmed to be working.
Signed-off-by: Sathishkumar Muruganandam <murugana@codeaurora.org>
When the channel time is zero the interference factor calculation falls
under divide by zero operation which results in invalid (NaN =
not-a-number) interference factor value. This leads to wrong ideal
channel selection in ACS during the scenario described below.
Scenario:
In VHT80 mode, the channel 36 (first channel) gets the channel time as
zero which causes the interfactor factor to be an invalid number (NaN).
Any operations (like addition, mulitplication, divide, etc.) with NaN
value results in a NaN value, so that average factor for the primary
channel 36 got the invalid value (NaN). Since channel 36 is the first
channel, ideal factor is assigned as NaN in the first iteration. The
following iteration condition check (factor < ideal_factor) with a NaN
value fail for all other primary channels. This results in channel 36
being chosen as the ideal channel in ACS which holds a NaN value.
Logs:
ACS: Survey analysis for channel 36 (5180 MHz)
ACS: 1: min_nf=-103 interference_factor=nan nf=0 time=0 busy=0 rx=0
ACS: 2: min_nf=-103 interference_factor=0.615385 nf=-102 time=13 busy=8 rx=0
ACS: 3: min_nf=-103 interference_factor=2.45455 nf=0 time=22 busy=16 rx=0
ACS: 4: min_nf=-103 interference_factor=0.785714 nf=-103 time=42 busy=33 rx=0
ACS: 5: min_nf=-103 interference_factor=nan nf=0 time=0 busy=0 rx=0
ACS: * interference factor average: nan
...
ACS: * channel 36: total interference = nan
..
ACS: * channel 149: total interference = 5.93174e-21
..
ACS: Ideal channel is 36 (5180 MHz) with total interference factor of nan
Signed-off-by: Karthikeyan Periyasamy <periyasa@codeaurora.org>
Over time a number of style issues have crept into qca-vendor.h,
so fix most of them. There are some identifiers and comments which
exceed 80 columns, but these are left as-is for readability.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This can be used to determine which mechanism to use for configuring
country code from trusted sources.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add a new wifi test config QCA vendor attribute to configure Tx
beamformee in the driver. This is used for testbed configuration.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The first two parameters to readlink() are marked restricted and at
least gcc 8.2 warns about used the same pointer for then, so avoid this
by using separate buffers for the pathname and response buffer.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Reword the comments to make gcc 8.1 recognize these as designed cases
and not trigger implicit-fallthrough warnings.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Implement tls_connection_get_eap_fast_key() using cryptographic
primitives as wolfSSL implements different spec.
Signed-off-by: Sean Parkinson <sean@wolfssl.com>
Depend on proper wolfSSL configuration instead of trying to define these
build configuration values externally.
Signed-off-by: Sean Parkinson <sean@wolfssl.com>
Use the correct intermediate result from mp_sqrmod() in the following
mp_mulmod() call (t is not initialized here; it is used only after this
step).
Signed-off-by: Sean Parkinson <sean@wolfssl.com>
Provide full uncompressed DER data length to wc_ecc_import_point_der()
even though a compressed form is used here. In addition, use
ECC_POINT_COMP_* defined values to make this more readable.
Signed-off-by: Sean Parkinson <sean@wolfssl.com>
The current EAP peer implementation is not yet ready for the TLS v1.3
changes with EAP-TTLS, EAP-PEAP, and EAP-FAST, so disable TLS v1.3 for
this EAP method for now.
While the current EAP-TLS implementation is more or less complete for
TLS v1.3, there has been no interoperability testing with other
implementations, so disable for by default for now until there has been
chance to confirm that no significant interoperability issues show up
with TLS version update. tls_flags=[ENABLE-TLSv1.3] configuration
parameter can be used to enable TLS v1.3 (assuming the TLS library
supports it; e.g., when using OpenSSL 1.1.1).
Signed-off-by: Jouni Malinen <j@w1.fi>
The current EAP peer implementation is not yet ready for the TLS v1.3
changes with EAP-TTLS, EAP-PEAP, and EAP-FAST, so disable TLS v1.3 for
this EAP method for now.
While the current EAP-TLS implementation is more or less complete for
TLS v1.3, there has been no interoperability testing with other
implementations, so disable for by default for now until there has been
chance to confirm that no significant interoperability issues show up
with TLS version update. phase1="tls_disable_tlsv1_3=0" configuration
parameter can be used to enable TLS v1.3 (assuming the TLS library
supports it; e.g., when using OpenSSL 1.1.1).
Signed-off-by: Jouni Malinen <j@w1.fi>
This may be needed to avoid interoperability issues with the new
protocol version and significant changes for EAP use cases in both key
derivation and handshake termination.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes this more easily available throughout the handshake
processing, if needed, compared to having to pass through the function
argument through the full path from
tls_connection{,_server}_handshake().
Signed-off-by: Jouni Malinen <j@w1.fi>
The EAP session cannot be marked fully completed on sending Client
Finished with TLS v1.3 since the server may still send NewSessionTicket
before EAP-Success.
Signed-off-by: Jouni Malinen <j@w1.fi>
With TLS v1.3, the Finished message from the client can require
fragmentation. Postpone key derivation and marking of the EAP session
fully completed until all the fragments of that last message are sent to
avoid losing all the subsequent fragments.
Signed-off-by: Jouni Malinen <j@w1.fi>
This value is going to be used only with a helper function that takes it
in as a const value, so use the same style here to simplify callers in
upcoming TLS v1.3 changes.
Signed-off-by: Jouni Malinen <j@w1.fi>
OpenSSL 1.1.1 added cases where ClientHello generation may fail due to
"no ciphers available". There is no point in sending out the resulting
TLS Alert message to the server since the server does not know what to
do with it before ClientHello. Instead, simply terminate the TLS
handshake locally and report EAP failure to avoid getting stuck waiting
for a timeout.
Signed-off-by: Jouni Malinen <j@w1.fi>
OpenSSL started reporting failures from
EC_POINT_set_affine_coordinates_GFp() similarly to BoringSSL, so use the
same workaround to enable this protocol testing case.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new SQLite table pending_tc is used to maintain a list of sessions
that need to accept Terms and Conditions. This information can be used
on an external Terms and Conditions server to map the incoming MAC
address information into user identity.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add commands to allow an AP to configure filtering rules to capture
frames from stations that are active on the operating channel, but
not associated to this AP. Operations include add/delete the filter
and get the statistics information of the unassociated stations.
Signed-off-by: Karthikeyan Periyasamy <periyasa@codeaurora.org>
Allow hostapd RADIUS authentication server with SQLite EAP user DB to be
used for testing Terms and Conditions functionality. This could be used
for the HO AAA part of functionality (merging HO AAA and SP AAA into a
single component to avoid separate RADIUS proxy in testing setup).
A T&C server with HTTPS processing is needed to allow this to be used
for full over-the-air testing. This commit adds sufficient functionality
to allow hwsim test cases to cover the RADIUS server part.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Extend RADIUS DAS to support CoA-Request packets for the case where the
HS 2.0 Terms And Conditions filtering VSA is used to remove filtering.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Mark a channel as required DFS based on regulatory information received
from the driver/kernel rather than deciding based on hardcoded
boundaries on the frequency. Previously few channels were being marked
as requiring DFS even though they were non-DFS in a particular country.
If the driver does not provide channel list information, fall back to
the previously used frequency-based determination.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Extend wpa_supplicant WNM-Notification RX handling to parse and process
received Terms and Conditions Acceptance notifications. If PMF is
enabled for the association, this frame results in control interface
indication (HS20-T-C-ACCEPTANCE <URL>) to get upper layers to guide the
user through the required acceptance steps.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This extends hostapd Access-Accept processing to check if the RADIUS
server indicated that Terms and Conditions Acceptance is required. The
new hs20_t_c_server_url parameter is used to specify the server URL
template that the STA is requested to visit.
This commit does not enable any kind of filtering, i.e., only the part
of forwarding a request from Access-Accept to the STA using
WNM-Notification is covered.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This extends hostapd with two new configuration parameters
(hs20_t_c_filename and hs20_t_c_timestamp) that can be used to specify
that the Terms and Conditions attributes are to be added into all
Access-Request messages for Hotspot 2.0 STAs.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This allows user to get event indication when a new interface is
added/removed for 4addr WDS STA and also WDS STA ifname is informed
through the STA command.
Signed-off-by: Bhagavathi Perumal S <bperumal@codeaurora.org>
While it is unlikely that FILS would be used without PMF or SAE in the
build, it is possible to generate such a build and as such, it would be
good for the KDF selection to work properly. Add CONFIG_FILS as an
independent condition for the SHA256-based KDF. Previously, this
combination would have resulted in failure to derive keys and terminated
key management exchange.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
When AP initialization is completed in a callback (e.g., OBSS scan),
wpa_supplicant_deinit_ap() is not called in case of failure. Fix this by
calling setup_complete_cb in case of failure, too, which in turn calls
wpa_supplicant_deinit_ap() if needed.
Signed-off-by: Tova Mussai <tova.mussai@intel.com>
Add WPA FT auth to connect params in case of a re-connection to ESS
supporting FT when FT was used in the first connect.
Signed-off-by: Ahmad Masri <amasri@codeaurora.org>
Add MDE (mobility domain element) to Association Request frame IEs in
the driver assoc params. wpa_supplicant will add MDE only if the network
profile allows FT, the selected AP supports FT, and the mobility domain
ID matches.
Signed-off-by: Ahmad Masri <amasri@codeaurora.org>
This extends hostapd processing of (Re)Association Request frames to
store a local copy of the Consortium OI within the Roaming Consortium
Selection element, if present, and then add that in HS 2.0 Roaming
Consortium attribute into RADIUS Access-Request messages.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This extends hostapd Hotspot 2.0 implementation to allow operator icons
to be made available. The existing hs20_icon parameter is used to define
the icons and the new operator_icon parameter (zero or more entries) is
used to specify which of the available icons are operator icons. The
operator icons are advertised in the Operator Icon Metadata ANQP-element
while the icon data can be fetched using the same mechanism (icon
request/binary file) that was added for the OSU Providers icons.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This extends wpa_supplicant Hotspot 2.0 ANQP routines to allow the
Operator Icon Metadata ANQP-element to be fetched with "ANQP_GET <bssid>
hs20:12". The result is available in the new hs20_operator_icon_metadata
entry in the "BSS <bssid>" output.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The Linux 4.9 kernel, at least, can return EEXIST when trying to auth a
station that already exists.
We have seen this bug in multiple places, but it is difficult to
reproduce. Here is a link to someone else that appears to have hit this
issue: https://github.com/greearb/ath10k-ct/issues/18
Signed-off-by: Ben Greear <greearb@candelatech.com>
At least LibreSSL v2.7.2 indicates support for OpenSSL API 1.1.0, but it
does not apparently use const ASN1_OBJECT * with X509_ALGOR_get0(). Use
the older non-const version here with LibreSSL to fix compilation.
Signed-off-by: Jouni Malinen <j@w1.fi>
LibreSSL v2.7 claims an OPENSSL_VERSION_NUMBER value that would indicate
that SSL_OP_NO_TLSv1_3 is available, but that does not seem to be the
case with LibreSSL. As such, skip this step based on whether
SSL_OP_NO_TLSv1_3 is defined to avoid build issues.
Signed-off-by: Jouni Malinen <j@w1.fi>
pmksa_cache stubs have not been updated when function prototypes have
been modified in commit 852b2f2738 (SAE: Only allow SAE AKMP for PMKSA
caching attempts). Add new function parameter int akmp to stubs of
pmksa_cache_get() and pmksa_cache_set_current() as well to fix build.
Fixes: 852b2f2738 ("SAE: Only allow SAE AKMP for PMKSA caching attempts")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Explicitly check the PMKSA cache entry to have matching SAE AKMP for the
case where determining whether to use PMKSA caching instead of new SAE
authentication. Previously, only the network context was checked, but a
single network configuration profile could be used with both WPA2-PSK
and SAE, so should check the AKMP as well.
Signed-off-by: Jouni Malinen <j@w1.fi>
This gives more protection against unexpected behavior if RSN supplicant
code ends up trying to use sm->pmk[] with a stale value. Couple of the
code paths did not clear sm->pmk_len explicitly in cases where the old
PMK is being removed, so cover those cases as well to make sure these
will result in PMK-to-PTK derivation failures rather than use of
incorrect PMK value if such a code path could be reached somehow.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add a new wifi test config attribute to configure HE LTF in the
driver. This is used for testbed configuration.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
If there is no explicit wmm_enabled parameter in the configuration
(i.e., conf->wmm_enabled == -1), the configuration reload path needs to
initialize conf->wmm_enabled based on iconf->ieee80211n in
hostapd_reload_bss() similarly to what is done in the initial startup
case in hostapd_setup_bss().
This fixes issues with RSN capabilities being set incorrectly when WMM
is supposed to get enabled and unexpectedly enabling WMM when it is not
supposed to be enabled (HT disabled). Either of these issues could show
up when asking hostapd to reload the configuration file (and when that
file does not set wmm_enabled explicitly).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This ensures a session timeout configured on R0KH either using
RADIUS-based ACL or 802.1X authentication is copied over to the new
R1KH.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
This is needed to allow the remaining session time to be computed for FT
(when sending PMK-R1 to another AP).
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Handle the special case of no PMK-R0 entry in the caller instead of
having to have wpa_ft_rrb_build_r0() aware of the possibility of pmk_r0
being NULL.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
ieee802_11_set_radius_info() might be called with a STA entry that has
already stored identity and/or radius_cui information, so make sure the
old values get freed before being replaced by the new ones.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
This uses set_vlan()/get_vlan() callbacks to fetch and configure the
VLAN of STA. Transmission of VLAN information between APs uses new TLVs.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
IEEE Std 802.11-2016, 12.7.1.7.1 indicates that the lifetime of the
PMK-R0 (and PMK-R1) is bound to the lifetime of PSK or MSK from which
the key was derived. This is currently stored in r0_key_lifetime, but
cache entries are not actually removed.
This commit uses the r0_key_lifetime configuration parameter when
wpa_auth_derive_ptk_ft() is called. This may need to be extended to use
the MSK lifetime, if provided by an external authentication server, with
some future changes. For PSK, there is no such lifetime, but it also
matters less as FT-PSK can be achieved without inter-AP communication.
The expiration timeout is then passed from R0KH to R1KH. The R1KH verifies
that the given timeout for sanity, it may not exceed the locally configured
r1_max_key_lifetime.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
FILS calls wpa_ft_store_pmk_r0() from wpa_auth.c. This is moved into a
new function wpa_ft_store_pmk_fils() in preparation of additional
information being needed.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Add a new configuration option ft_r0_key_lifetime that deprecates
r0_key_lifetime. Though, the old configuration is still accepted for
backwards compatibility.
This simplifies testing. All other items are in seconds as well. In
addition, this makes dot11FTR0KeyLifetime comment match with what got
standardized in the end in IEEE Std 802.11r-2008.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
When wpa_supplicant is running on a Linux interface that is configured in
promiscuous mode, and it is not a member of a bridge, incoming EAPOL
packets are processed regardless of the Destination Address in the frame.
As a consequence, there are situations where wpa_supplicant replies to
EAPOL packets that are not destined for it.
This behavior seems undesired (see IEEE Std 802.1X-2010, 11.4.a), and can
be avoided by attaching a BPF filter that lets the kernel discard packets
having pkt_type equal to PACKET_OTHERHOST.
Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
When locating the position of the IGTK PN in the key data, we also need
to skip the KDE header, in addition to the keyid field. This fixes
hostapd RESEND_M3 and RESEND_GROUP_M1 behavior when PMF is negotiated
for the association. Previously, the IGTK KDE ended up getting
practically hidden since zeroing of the PN ended up clearing the KDE OUI
and Type fields.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
In the current implementation, upon an EAP method failure, followed by
an EAP failure, the EAP Status is propagated up in wpa_supplicant with a
general failure parameter string "failure". This parameter is used for a
notification on the dbus.
This commit reports the EAP method failure error code in a separate
callback.
The solution in this commit is generic to all EAP methods, and can be
used by any method that need to pass its error code. However, this
commit only implements the reporting for EAP-SIM and EAP-AKA methods
where the Notification Code (in AT_NOTIFICATION) is used as the method
specific error code value.
Signed-off-by: Ahmed ElArabawy <arabawy@google.com>
When connecting to a WPA-EAP network and the MAC address is changed
just before the association (for example by NetworkManager, which sets
a random MAC during scans), the authentication sometimes fails in the
following way ('####' logs added by me):
wpa_supplicant logs:
wlan0: WPA: RX message 1 of 4-Way Handshake from 02:00:00:00:01:00 (ver=1)
RSN: msg 1/4 key data - hexdump(len=22): dd 14 00 0f ac 04 d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23
WPA: PMKID in EAPOL-Key - hexdump(len=22): dd 14 00 0f ac 04 d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23
RSN: PMKID from Authenticator - hexdump(len=16): d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23
wlan0: RSN: no matching PMKID found
EAPOL: Successfully fetched key (len=32)
WPA: PMK from EAPOL state machines - hexdump(len=32): [REMOVED]
#### WPA: rsn_pmkid():
#### WPA: aa - hexdump(len=6): 02 00 00 00 01 00
#### WPA: spa - hexdump(len=6): 66 20 cf ab 8c dc
#### WPA: PMK - hexdump(len=32): b5 24 76 4f 6f 50 8c f6 a1 2e 24 b8 07 4e 9a 13 1b 94 c4 a8 1f 7e 22 d6 ed fc 7d 43 c7 77 b6 f7
#### WPA: computed PMKID - hexdump(len=16): ea 73 67 b1 8e 5f 18 43 58 24 e8 1c 47 23 87 71
RSN: Replace PMKSA entry for the current AP and any PMKSA cache entry that was based on the old PMK
nl80211: Delete PMKID for 02:00:00:00:01:00
wlan0: RSN: PMKSA cache entry free_cb: 02:00:00:00:01:00 reason=1
RSN: Added PMKSA cache entry for 02:00:00:00:01:00 network_ctx=0x5630bf85a270
nl80211: Add PMKID for 02:00:00:00:01:00
wlan0: RSN: PMKID mismatch - authentication server may have derived different MSK?!
hostapd logs:
WPA: PMK from EAPOL state machine (MSK len=64 PMK len=32)
WPA: 02:00:00:00:00:00 WPA_PTK entering state PTKSTART
wlan1: STA 02:00:00:00:00:00 WPA: sending 1/4 msg of 4-Way Handshake
#### WPA: rsn_pmkid():
#### WPA: aa - hexdump(len=6): 02 00 00 00 01 00
#### WPA: spa - hexdump(len=6): 02 00 00 00 00 00
#### WPA: PMK - hexdump(len=32): b5 24 76 4f 6f 50 8c f6 a1 2e 24 b8 07 4e 9a 13 1b 94 c4 a8 1f 7e 22 d6 ed fc 7d 43 c7 77 b6 f7
#### WPA: computed PMKID - hexdump(len=16): d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23
WPA: Send EAPOL(version=1 secure=0 mic=0 ack=1 install=0 pairwise=1 kde_len=22 keyidx=0 encr=0)
That's because wpa_supplicant computed the PMKID using the wrong (old)
MAC address used during the scan. wpa_supplicant updates own_addr when
the interface goes up, as the MAC can only change while the interface
is down. However, drivers don't report all interface state changes:
for example the nl80211 driver may ignore a down-up cycle if the down
message is processed later, when the interface is already up. In such
cases, wpa_supplicant (and in particular, the EAP state machine) would
continue to use the old MAC.
Add a new driver event that notifies of MAC address changes while the
interface is active.
Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
hostap code is used by the Moonshot software (an implementation of the
GSS EAP mechanism - RFC 7055), and those definitions are required but
missing.
Signed-off-by: Alejandro Perez <alex.perez-mendez@jisc.ac.uk>
Add generic DFS offload support using the nl80211 feature that was
recently added to the mac80211-next tree. This uses the already
available DFS offload infrastructure that was previously used with
vendor specific definitions and just sets necessary flags (DFS_OFFLOAD
ext_feature) and forawrds CAC_STARTED event for processing.
Signed-off-by: Dmitry Lebed <lebed.dmitry@gmail.com>
The new venue_url parameter can now be used to set the Venue URL ANQP
information instead of having to construct the data and use
anqp_elem=277:<hexdump> to set the raw value.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This extends the original IEEE Std 802.11ai-2016 functionality with the
changes added in REVmd to describe how additional keys are derived to
protect the FT protocol using keys derived through FILS authentication.
This allows key_mgmt=FT-FILS-SHA256 to be used with FT protocol since
the FTE MIC can now be calculated following the changes in REVmd. The
FT-FILS-SHA384 case is still unsupported (it needs support for variable
length MIC field in FTE).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Derive PMK-R1 locally if the derived PMKR1Name is not found from the
local cache, but the request is for a key that was originally generated
locally (R0KH-ID matches) and the PMKR0Name is found in the local cache.
This was apparently not hit in the previously used FT sequences, but
this is useful to have available if a PMK-R1 entry is dropped from the
local cache before PMK-R0.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
If the requested key is not available locally, there is no point in
trying to send a pull request back to self for the key.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The previous implementation ended up defaulting to using PRF-SHA1 for
deriving PTK from PMK when SAE was used. This is not correct since the
SAE AKM is defined to be using SHA-256 -based KDF instead. Fix that.
Note: This change is not backwards compatible. Both the AP and station
side implementations will need to be updated at the same time to
maintain functionality.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Previously, the association that used SAE authentication ended up
recalculating the PMKID for EAPOL-Key msg 1/4 using incorrect
PMK-to-PMKID derivation instead of using the previously derived PMKID
from SAE. The correct PMKID was used only when going through PMKSA
caching exchange with a previously derived PMKSA from SAE.
Fix this by storing the SAE PMKID into the state machine entry for the
initial SAE authentication case when there is no explicit PMKSA entry
attached to the station.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Previously, matching PMKSA cache entry ended up clearing XXKey. However,
that XXKey is needed in the specific case where FT-SAE goes through the
initial mobility domain association with SAE authentication. FT-SAE
worked previously since the hostapd side generation of the particular
PMKID value in msg 1/4 was broken, but once that PMKID is fixed,
wpa_supplicant will need this fix to allow FT-SAE to be used.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
When processing 20/40 BSS Coexistence Management frames that do not
explicitly require 40 MHz to be disabled, check whether the reported
channels in 20/40 BSS Intolerant Channel Report element match the
current primary channel. If so, allow 40 MHz operation to continue. This
makes the during-operation updates for 20/40 Operation Permitted more
consistent with the scans during initial BSS startup.
The received 20/40 BSS Intolerant Channel Report channels are to be used
in the OT set in the during-operation determination and the P == OT_i
exception was ignored in the previous implementation which could result
in the AP first starting with 40 MHz and then dropping to 20 MHz on
first received 20/40 BSS Coexistence Management frame even though there
was no change in the neighboring BSSs.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This extends 20/40 BSS Coexistence Management frame processing to
iterate over all the included 20/40 BSS Intolerant Channel Report
elements instead of using only the first one.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The 20 MHz BSS Width Request field is set to 1 only for intra-BSS
reports. As such, ignore the frame if such a claim is made by a
transmitter that is not currently associated with the AP.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This makes it easier to understand what kind of information a STA is
reporting about 20/40 MHz coexistence requirements.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Ignore hostapd_event_sta_low_ack for a station which has agreed to
steering by checking the agreed_to_steer flag. This flag will be set
whenever a station accepts the BSS transition request from the AP.
Without this ignoring of the LOW_ACK event, the steering in-progress
might be affected due to disassociation. In this way AP will allow some
time (two seconds) for the station to move away and reset the flag after
the timeout.
Co-Developed-by: Tamizh Chelvam <tamizhr@codeaurora.org>
Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
Signed-off-by: Tamizh chelvam <tamizhr@codeaurora.org>
Add an event callback for EVENT_STATION_OPMODE_CHANGED to allow
user/application to get the notification whenever there is a change in a
station's HT/VHT op mode.
The new events:
STA-OPMODE-MAX-BW-CHANGED <addr> <20(no-HT)|20|40|80|80+80|160>
STA-OPMODE-SMPS-MODE-CHANGED <addr> <automatic|off|dynamic|static>
STA-OPMODE-N_SS-CHANGED <addr> <N_SS>
Signed-off-by: Tamizh chelvam <tamizhr@codeaurora.org>
The nl80211 driver can report STA_OPMODE notification event as soon as
it receives an HT/VHT Action frame about modification of station's SMPS
mode/bandwidth/RX NSS. Add support to parse such events.
Signed-off-by: Tamizh chelvam <tamizhr@codeaurora.org>
This allows external application to get last ACK signal strength of the
last transmitted frame if the driver makes this information
(NL80211_STA_INFO_ACK_SIGNAL) available.
Signed-off-by: Bhagavathi Perumal S <bperumal@codeaurora.org>
Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org>
Check wpa_auth_write_assoc_resp_owe() return value to keep static
analyzers happier. The code path where this could happen is not really
reachable due to the separate hapd->conf->own_ie_override check and
wpa_auth_write_assoc_resp_owe() returning NULL only in an error case in
the override path. Furthermore, clean up the pointer return value to use
a proper pointer (NULL vs. 0).
Signed-off-by: Ashok Ponnaiah <aponnaia@codeaurora.org>