Commit graph

7866 commits

Author SHA1 Message Date
Jouni Malinen
b2e2a8588d OpenSSL: Extend key_block size determination to support GCM/CCM ciphers
These ciphers do not use a separate MAC algorithm, so digest nid will be
NID_undef. In addition, the fixed_iv_length needs to be set to 4 which
is the implicit part of the IV from PRF. This is needed to fix EAP-FAST
key derivation for cases where GCM/CCM ciphers are used for TLS.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-23 20:02:45 +02:00
Jouni Malinen
1730a6a5ef nl80211: Fix couple of typos in a comment
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-23 10:24:49 +02:00
Mikael Kanstrup
307cfc3286 Strip trailing zero data in EAPOL-Key msg 1/4 when no PMKID to send
EAPOL-Key message 1/4 without PMKID KDE was sent with 22 bytes of stray
data following a zero length key data field. These 22 bytes happens to
be the exact size of an PMKID KDE. Strip these trailing bytes by
checking whether a PMKID is available and adjust pmkid_len to 0 if not.

This was seen for example in capture files created by hwsim test case
suite_b_192 but code modified to handle also the other cases without
PMKID (Suite B no-KCK, FILS without PMKID available, SAE without PMKID
available).

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sony.com>
2019-12-23 00:26:07 +02:00
Jouni Malinen
2c5ccfa607 nl80211: Initialize full channel info struct even if channel is not known
It was possible for the driver to advertise support for channels that
are not found from wpa_supplicant frequency-to-channel mapping (e.g.,
channel 182 at 5910 MHz) and that resulted in not initializing the
channel number information. Fix this by explicitly clearing the full
struct hostapd_channel_data buffer before parsing the information into
it from the driver.

This avoids some conditional jumps that could have dependent on
uninitialized values.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-23 00:01:02 +02:00
Brian Norris
e6d3aca9cf WPS: Add prefixes to public event_* functions
openssl engines may dynamically load external libraries. Our event_*()
functions happen to be named very generically, such that event_add()
collides with the libevent library (https://libevent.org/). This can
have disastrous effects (esp. when using CONFIG_WPA_TRACE, which enables
partial linking) when our SSL engines call into the WPS event_add()
instead of their intended libevent event_add().

Resolve this by providing a more unique prefix to these functions.

Rename performed via:

  sed -i -E \
    's:\<event_(add|delete_all|send_all_later|send_stop_all)\>:wps_upnp_event_\1:g' \
     $(git grep -l event_)

Tested via (among other things) hwsim '-f ap_wps' module.

Signed-off-by: Brian Norris <briannorris@chromium.org>
2019-12-22 11:24:28 +02:00
Davide Caratti
2ba6aa6045 Fix memory leak in case allocation of token fails during JSON parsing
On failure of json_alloc_token(), json_parse() can return without
freeing 'str' previously allocated by json_parse_string(). Fix this
adding proper call to os_free().

Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
2019-12-21 17:32:19 +02:00
Alexander Wetzel
78d338d1b1 DPP: Fix a memory leak on an error path
Fix a memory leak exposed by the dpp_own_config_sign_fail test.

Fixes: 52d469de11 ("DPP2: Support multiple Config Objects in Enrollee")
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2019-12-21 17:02:00 +02:00
Min Liu
1f1567d2a6 QCA vendor command for getting STA information
Add a QCA vendor subcommand QCA_NL80211_VENDOR_SUBCMD_GET_STA_INFO with
attributes defined in enum qca_wlan_vendor_attr_get_sta to get
information for a BSS in STA mode or for a peer STA in AP mode. This
vendor sub command can be used to get STA information from the driver to
userspace. The attributes defined in enum
qca_wlan_vendor_attr_get_sta_info are used to encapsulate required
information.

Signed-off-by: Min Liu <minliu@codeaurora.org>
2019-12-20 16:25:30 +02:00
Vamsi Krishna
e5620bf025 6 GHz: Select channel width using configured op_class
Use op_class to derive channel width for the operating channel when
op_class is configured by the user in both fixed channel and ACS cases.
We can avoid using ht_capab field to derive channel width especially in
the 6 GHz band in which only HE is supported.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-20 13:38:05 +02:00
Vamsi Krishna
0bfc04b8d0 Do not enable HT/VHT when operating in 6 GHz band
Only HE mode is allowed in the 6 GHz band hence do not enable HT/VHT
even if they are configured by the user.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-20 13:25:07 +02:00
Ankita Bajaj
da8570f4c9 Allow non-PCS 6 GHz channels to be excluded from ACS
Add support to exclude non-PSC 6 GHz channels from the input frequency
list to ACS. The new acs_exclude_6ghz_non_psc=1 parameter can be used by
6 GHz only APs.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-20 13:23:13 +02:00
Ankita Bajaj
59bb72642a Allow ACS channel list to be configured as frequencies (in MHz)
The channel numbers are duplicated between 2.4 GHz / 5 GHz bands and 6
GHz band. Hence, add support to configure a list of frequencies to ACS
(freqlist) instead of a list of channel numbers (chanlist). Also, both 5
GHz and 6 GHz channels are referred by HOSTAPD_MODE_IEEE80211A. The 6
GHz channels alone can be configured by using both mode and frequency
list.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-20 13:19:52 +02:00
Ankita Bajaj
5f9b4afdfa Use frequency in HT/VHT validation steps done before starting AP
Using the channel parameter for validating allowed channel combinations
is not scalable to add 6 GHz support in the future since channel numbers
are duplicated between 2.4 GHz / 5 GHz bands and 6 GHz band. Hence use
frequency field for all channel combination validation steps done before
starting AP.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-20 13:05:39 +02:00
Ankita Bajaj
59e33b4a98 ACS: Select current hw_mode based on the selected frequency
After receiving ACS offload results, select the current hw_mode based on
the frequency selected by the ACS algorithm. The current hw_mode will be
further used during other validation steps such as HT capability
validations, DFS validation, etc.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-20 12:45:03 +02:00
Ankita Bajaj
bb781c763f AP: Populate iface->freq before starting AP
Using channel field while starting AP will cause issues with the new
6GHz band as the channel numbers are duplicated between the different
bands. Populate iface->freq before starting AP so that it can be used
instead of the channel number for all validations that need to be done
while starting AP.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-20 12:42:47 +02:00
Ankita Bajaj
41cac481a8 ACS: Use frequency params in ACS (offload) completed event interface
Replace channel fields with frequency fields in ACS completed event
interface from the driver layer. Use
QCA_WLAN_VENDOR_ATTR_ACS_PRIMARY_FREQUENCY and
QCA_WLAN_VENDOR_ATTR_ACS_SECONDARY_FREQUENCY attributes if the driver
includes them in the QCA_NL80211_VENDOR_SUBCMD_DO_ACS event, otherwise
use QCA_WLAN_VENDOR_ATTR_ACS_PRIMARY_CHANNEL and
QCA_WLAN_VENDOR_ATTR_ACS_SECONDARY_CHANNEL attributes to maintain
backwards compatibility with old drivers.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-20 12:31:01 +02:00
Ankita Bajaj
840532aea5 Search through all hw_features sets in hw_get_channel_freq()
The 5 GHz channels are stored in one hw_features set with mode
HOSTAPD_MODE_IEEE80211A while the 6 GHz channels will need to stored in
a separate hw_features set (but with same mode HOSTAPD_MODE_IEEE80211A)
due to possibility of different HE capabilities being available between
the 5 GHz and 6 GHz bands.

Search through all hw_features sets whose mode is same as the input mode
while finding channel corresponding to the input frequency in
hw_get_channel_freq().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-20 12:21:45 +02:00
Ankita Bajaj
15d3568739 ACS: Add channels from all modes matching with configured hw mode
The 5 GHz channels are stored in one hw_features set with mode
HOSTAPD_MODE_IEEE80211A while the 6 GHz channels will need to stored in
a separate hw_features set (but with same mode HOSTAPD_MODE_IEEE80211A)
due to possibility of different HE capabilities being available between
the 5 GHz and 6 GHz bands.

Iterate through all hw_features sets and populate channels from all
hw_features sets whose hardware mode is matching the configured hardware
mode while preparing the channel list for ACS.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-20 12:21:41 +02:00
Ahmad Masri
996662250d P2P: Add support for EDMG channels
This allows a P2P connection over P802.11ay EDMG channels to achieve the
highest link speed that the standard allows for channel bonding (CB) up
to CB4.

Let each P2P peer add its EDMG channels to the Supported Channels IE
advertised in P2P GO negotiation. Give EDMG channels priority when peers
negotiate for operating channel.

User may add 'edmg' parameter to p2p_connect, p2p_add_group, and
p2p_invite commands to prefer an EDMG channel for the P2P link. User may
also set p2p_go_edmg=1 in wpa_supplicant configuration file to prefer
EDMG.

When EDMG is used, P2P will try to find the highest channel bonding
supported channel that matches the frequency parameter, if the devices
do not support EDMG, the P2P connection will use a legacy (1-6) 60 GHz
channel.

Signed-off-by: Ahmad Masri <amasri@codeaurora.org>
2019-12-20 00:13:08 +02:00
Ahmad Masri
f86e34168e Update operating classes and channels for the 60 GHz band
Update new channels in Channel Bonding (CB2 ... CB4) in the 60 GHz band
for different regulatory regions according to the latest draft amendment
IEEE P802.11ay/D5.0.

Signed-off-by: Ahmad Masri <amasri@codeaurora.org>
2019-12-20 00:00:52 +02:00
Ahmad Masri
a19277a28b Add EDMG bandwidth to channel frequency APIs
Add EDMG bandwidth to CHANWIDTH_ defines.

Update API ieee80211_freq_to_channel_ext() to support EDMG bandwidth
for EDMG channels.

Signed-off-by: Ahmad Masri <amasri@codeaurora.org>
2019-12-19 23:46:28 +02:00
Jouni Malinen
5a563a3d34 Avoid compiler warning on shadowing a local variable
Fixes: 7fde39fb1a ("Add sae_rejected_groups to hostapd STA control interface command")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-18 13:46:59 +02:00
Jouni Malinen
7fde39fb1a Add sae_rejected_groups to hostapd STA control interface command
This is mainly for testing purposes to be able to check which groups
a STA reports as having been rejected when using SAE H2E.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-12 23:52:36 +02:00
Jouni Malinen
5661ebd774 DPP: Configurator netRole for Enrollee
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-12 02:33:00 +02:00
Jouni Malinen
7404574458 DPP: Replace ap boolean with netRole enum in Configurator params
The netRole enum is more generic and can be extended to include new
roles (e.g., Configurator) more easily.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-12 02:33:00 +02:00
Jouni Malinen
f2c4b44b40 SAE H2E: RSNXE override in EAPOL-Key msg 3/4
This new hostapd configuration parameter rsnxe_override_eapol=<hexdump>
can be used to override RSNXE value in EAPOL-Key msg 3/4 for testing
purposes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-07 17:32:17 +02:00
Jouni Malinen
a889e9a70c SAE: Reject invalid rejected group report in SAE commit explicitly (AP)
Previously, this case was ignored silently in AP mode. While that could
be a reasonable approach for an unexpected condition, it would be fine
to reject this case explicitly as well. This makes it somewhat easier to
test unexpected SAE H2E vs. looping behavior.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-07 00:39:46 +02:00
Jouni Malinen
c88e01e1b6 SAE H2E: Fix validation of rejected groups list
check_sae_rejected_groups() returns 1, not -1, in case an enabled group
is rejected. The previous check for < 0 could not have ever triggered.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-07 00:28:13 +02:00
Jouni Malinen
918df2227e SAE: Reject unexpected Status Code in SAE commit explicitly (AP)
Previously, this case was ignored silently in AP mode. While that could
be a reasonable approach for an unexpected condition, it would be fine
to reject this case explicitly as well. This makes it somewhat easier to
test unexpected SAE H2E vs. looping behavior.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-06 17:26:57 +02:00
Ankita Bajaj
23acdd9f33 Fix memory leak in ACS offload operation
freq_list is built in allocated heap memory and it needs to be freed
before returning from this function.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-05 18:02:46 +02:00
Ankita Bajaj
e86ba912aa ACS: Remove redundant ch_list parameters from do_acs interface
Clean up do_acs interface to not pass ch_list to drivers as the same
information is available in freq_list. The channel numbers are
duplicated between 2.4 GHz and 5 GHz bands and the 6 GHz band. So, use
the QCA_WLAN_VENDOR_ATTR_ACS_CH_LIST to populate only 2.4 GHz and 5 GHz
channels to ensure backwards compatibility with old drivers which do not
have support to decode the newer QCA_WLAN_VENDOR_ATTR_ACS_FREQ_LIST
attribute.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-05 18:02:34 +02:00
Ankita Bajaj
3cf360b8e2 DFS: Don't handle DFS ops for 6 GHz channels
Skip DFS checks and CAC operation for 6 GHz channels. AFC checks
will be added for 6 GHz channels later.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-05 17:12:27 +02:00
Ankita Bajaj
ee0030e814 6 GHz: Do not check for HT capability on 6 GHz channels
HT capability check is not required when starting AP on 6 GHz band as
only HE operation mode is allowed in the 6 GHz band.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-05 17:12:27 +02:00
Jouni Malinen
e780b4bf20 DPP: Bootstrapping via NFC URI Record
This extends hostapd and wpa_supplicant DPP implementation to allow the
bootstrapping URI to be generated for and parsed from an NFC Tag with an
NFC URI Record. This is similar to the way the bootstrapping URI is used
with QR Code for unidirectional authentication.

The DPP_BOOTSTRAP_GEN command uses "type=nfc-uri" to request the URI to
be assigned for NFC URI Record. In practice, the URI is generated
identically to the QR Code case, but the internal entry maintains the
NFC-URI type.

A new command "DPP_NFC_URI <uri>" can now be used to parse the URI read
from an NFC Tag with the NFC URI Record. This is similar to the
DPP_QR_CODE command.

Other commands (mainly, DPP_LISTEN and DPP_AUTH_INIT) are used for NFC
URI in the same way as they are used for QR Code.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-05 12:37:51 +02:00
Jouni Malinen
3c0d6eb8a9 Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2019-11-08.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-05 12:36:09 +02:00
Hu Wang
38203148e9 Extend hostapd to support setband to driver via QCA vendor command
Commit 844dfeb804 ("QCA vendor command support to set band to driver")
added a vendor command to pass 'SET setband' command information to the
driver in wpa_supplicant. Add similar changes to hostapd control
interface.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-02 15:55:43 +02:00
Jouni Malinen
9f50538e13 SAE H2E: Do not use sae_h2e param in AP mode if SAE is disabled
Previously, nonzero sae_h2e parameter values were used to perform SAE
H2E specific operations (deriving PT, adding RSNXE, adding H2E-only BSS
membership selector) in AP mode even if SAE was not enabled for the
network. This could result in unexpected behavior if sae_pwe=1 or
sae_pwe=2 were set in the configuration. Fix this by making the SAE
operations conditional on SAE being actually enabled.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-11-29 00:07:57 +02:00
Jouni Malinen
181bf93363 DPP2: Report received ssid_charset as DPP-CONFOBJ-SSID-CHARSET event
This provides the SSID character set, if specified, to upper layers on
station Enrollee.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-11-28 16:39:09 +02:00
Jouni Malinen
71e2848eab DPP2: ssid64/ssid_charset in Configurator
This allows Configurator to be configured to use the ssid64 option in
the discovery object for a station Enrollee.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-11-28 16:39:09 +02:00
Jouni Malinen
57a63b1318 DPP2: Add parsing of ssid64/ssid_charset in Config Object
The discovery object is now allowed to use either the UTF-8 encoded
string ssid or base64url encoded ssid64.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-11-28 16:39:09 +02:00
Jouni Malinen
590bc64d65 DPP: Use JSON token builder helpers
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-11-28 16:39:09 +02:00
Jouni Malinen
e75ab53222 JSON: Add helper functions for building tokens
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-11-28 16:39:09 +02:00
Jouni Malinen
8e5e36a184 Clean up base64_{encode,decode} pointer types
Allow any pointer to be used as source for encoding and use char * as
the return value from encoding and input value for decoding to reduce
number of type casts needed in the callers.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-11-28 16:39:09 +02:00
Jouni Malinen
b22608423b Clean up base64_url_{encode,decode} pointer types
Allow any pointer to be used as source for encoding and use char * as
the return value from encoding and input value for decoding to reduce
number of type casts needed in the callers.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-11-27 16:09:35 +02:00
Jouni Malinen
a4255a207b Simplify base64_url_encode() prototype
There is no use case for adding padding into the base64url encoded
strings, so remove the unneeded add_pad argument that was hardcoded to 0
in all callers.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-11-27 15:35:19 +02:00
Jouni Malinen
c54227c26a DPP2: Replace connectionStatus object ssid with ssid64
The UTF-8 encoded ssid string was replaced with base64url encoded ssid64
string, so update the implementation to match.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-11-27 15:34:38 +02:00
Jouni Malinen
31b6eb417b tests: Update SAE H2E test case to match SSWU parameter z change
Update the test vector based on
11-19-1817-02-000m-hash-to-curve-changes.docx

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-11-23 17:46:15 +02:00
Jouni Malinen
0432237a4d SAE H2E: Update SSWU curve-specific parameter z values
Update the values based on
11-19-1817-02-000m-hash-to-curve-changes.docx

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-11-23 17:46:15 +02:00
Jouni Malinen
5b50265e13 WMM: Do not modify input TSPEC buffer during processing
The WMM TSPEC processor used the input buffer for processing the request
and building the response. This was fine for the FT case, but for the
WMM Action frame case, the input buffer is marked const, so it should
not really be modified. This modification could not really cause any
noticeable harm, but it can result in error reports from fuzzing and
potentially even from some static analyzers.

Fix this by marking the input arguments const more consistently (the
parsed IE was able to drop the const) and copy the const input data to a
temporary buffer for processing and modification instead of allowing the
input data to be modified.

Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19050
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-11-23 17:39:55 +02:00
Hu Wang
f3c077929f P2P: Fix listen state machine getting stuck in send_action() scheduled case
Commit 947b5a1532 ("P2P: Stop listen state if Action frame TX is
needed on another channel") added an optimization for P2P response
transmission in certain concurrent operation cases. However, it did not
take into account possibility of the driver not being in listen
state (p2p->drv_in_listen == 0) and could end up getting stuck with the
P2P state machine in a manner that made the device not listen for
following messages. This showed up in following manner in the debug log:

P2P: Starting short listen state (state=SEARCH)
P2P: Driver ended Listen state (freq=2437)
process received frame and send a response
P2P: Stop listen on 0 MHz to allow a frame to be sent immediately on 2437 MHz
P2P: Clear timeout (state=SEARCH)
--> state machine stuck

Fix this by adding drv_in_listen > 0 condition for the optimization to
stop the listen operation in send_action() resulting in scheduled TX.

Fixes: 947b5a1532 ("P2P: Stop listen state if Action frame TX is needed on another channel")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-11-13 23:59:37 +02:00
Lei Wang
530b8ee3c8 hostapd: Update DFS status in VHT80+80 mode
Update center frequency and center frequency2's DFS channel status in
VHT80+80 mode. Otherwise it will cause AP failed to start on a DFS
channel.

Tested: qca9984 with firmware ver 10.4-3.10-00047

Signed-off-by: Rick Wu <rwu@codeaurora.org>
Signed-off-by: Lei Wang <leiwa@codeaurora.org>
2019-11-10 22:54:19 +02:00
Jouni Malinen
93ba13bcfd Fix status code in SAE/DPP association PMKID mismatch (driver-AP-SME)
wpa_validate_wpa_ie() was already extended to cover these cases with
WPA_INVALID_PMKID return value, but hostapd_notif_assoc() did not have
code for mapping this into the appropriate status code
(STATUS_INVALID_PMKID) and ended up using the default
(WLAN_STATUS_INVALID_IE) instead. This caused AP SME-in-driver cases
returning incorrect status code when the AP did not have a matching
PMKSA cache entry. This could result in unexpected station behavior
where the station could continue trying to use a PMKSA cache entry that
the AP does not have and not being able to recover this.

Fix this by adding the previously missed mapping of validation errors to
status/reason codes.

Fixes: 567da5bbd0 ("DPP: Add new AKM")
Fixes: 458d8984de ("SAE: Reject request with mismatching PMKID (no PMKSA cache entry)")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-11-09 00:33:58 +02:00
Jouni Malinen
b90d2f7ffe Fix a typo in a comment
Spell NULL correctly.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-11-06 19:44:50 +02:00
Eric Caruso
bb66d46758 Move ownership of MAC address randomization mask to scan params
This array can be freed either from the scan parameters or from
clearing the MAC address randomization parameters from the
wpa_supplicant struct. To make this ownership more clear, we have
each struct own its own copy of the parameters.

Signed-off-by: Eric Caruso <ejcaruso@chromium.org>
2019-10-27 19:50:22 +02:00
Jouni Malinen
1030dec1fa JSON: Fix escaping of characters that have MSB=1 with signed char
The "\\u%04x" printf string did not really work in the correct way if
char is signed. Fix this by type casting this to unsigned char.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-10-27 19:50:22 +02:00
Mikael Kanstrup
937644aa2c nl80211: Indicate SUITE_B_192 capa only when CCMP-256/GCMP-256 supported
SUITE_B_192 AKM capability was indicated for all devices using the
nl80211 driver (without the QCA vendor specific AKM capability
indication). However, some devices can't handle Suite B 192 due to
insufficient ciphers supported. Add a check for CCMP-256 or GCMP-256
cipher support and only indicate SUITE_B_192 capability when such cipher
is supported. This allows compiling with CONFIG_SUITEB192 and still get
proper response to the 'GET_CAPABILITY key_mgmt' command. Under Android
it can also serve as a dynamic way for HAL to query platform for
WPA3-Enterprise 192-bit support.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sony.com>
2019-10-27 15:22:19 +02:00
Shiva Sankar Gajula
df3b2e22a0 nl80211: Add STA node details in AP through QCA vendor subcommand
Addi STA node details in AP through QCA vendor subcommand
QCA_NL80211_VENDOR_SUBCMD_ADD_STA_NODE vendor when processing FT
protocol roaming.

Signed-off-by: Shiva Sankar Gajula <sgajula@codeaurora.org>
2019-10-25 19:29:53 +03:00
Yu Wang
f273b2a5c7 Add QCA vendor cmd for setting BT coex chain mode
To config BT coex chain mode, add a new QCA sub command
QCA_NL80211_VENDOR_SUBCMD_BTC_CHAIN_MODE.

This new command has two attributes:
1. QCA_VENDOR_ATTR_COEX_BTC_CHAIN_MODE: u32 attribute. Indicates the
   BT coex chain mode, are 32-bit values from enum qca_btc_chain_mode.
2. QCA_VENDOR_ATTR_COEX_BTC_CHAIN_MODE_RESTART: flag attribute.
   If set, vdev should be restarted once BT coex chain mode is updated.

Signed-off-by: Yu Wang <yyuwang@codeaurora.org>
2019-10-25 19:29:53 +03:00
Ashish Kumar Dhanotiya
4dc860680c Extend QCA OEM data vendor subcmd to allow use as an event
The QCA_NL80211_VENDOR_SUBCMD_OEM_DATA command was previously defined
only to pass data blobs from user space to kernel (application to
firmware) but there was no mechanism to send the data blobs from
firmware to application. Extend this to define use of the same
subcommand and attributes as vendor events.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-25 19:29:53 +03:00
Jouni Malinen
93a1e275a7 SAE: Determine H2E vs. looping when restarting SAE auth in AP mode
If hostapd had existing STA SAE state, e.g., from a previously completed
SAE authentication, a new start of a separate SAE authentication (i.e.,
receiving of a new SAE commit) ended up using some of the previous
state. This is problematic for determining whether to H2E vs. looping
since the STA is allowed (even if not really expected to) to change
between these two alternatives. This could result in trying to use H2E
when STA was using looping to derive PWE and that would result in SAE
confirm failing.

Fix this by determining whether to use H2E or looping for the restarted
authentication based on the Status Code in the new SAE commit message
instead of previously cached state information.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-25 19:29:53 +03:00
Jouni Malinen
de580bf6c4 crypto: Remove unused crypto_bignum_sqrtmod()
This wrapper function is not used anymore, so drop it instead of trying
to figure out good way of implementing it in constant time with various
crypto libraries.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-25 19:29:53 +03:00
Jouni Malinen
9b292a48f7 SAE: Drop sqrt() alternative from SSWU (H2E)
Remove support for performing full sqrt(), i.e., only support curves
that use prime with p = 3 mod 4. In practice, this drops only group 26
with SAE H2E. This seems acceptable since there does not seem to be any
strong use case for that group taken into account the limits being
placed on acceptable prime lengths.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-25 19:29:53 +03:00
Jesus Fernandez Manzano
00ddc1cc21 common: Fix same expression checked twice in fils_key_auth_sk()
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.net>
2019-10-25 19:29:53 +03:00
Pradeep Kumar Chitrapu
327d09aa03 HE: Add 11ax info to ap mode ctrl iface STATUS command
Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
2019-10-25 19:29:53 +03:00
Jouni Malinen
d7678a0842 Fix AP Extended Capability length determination
The IE minimum length determination in hostapd_eid_ext_capab() was not
fully up to date with the hostapd_ext_capab_byte() conditions. This
could result in omitting some of the capability octets depending on
configuration. Fix this by adding the missing conditions.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-25 16:03:37 +03:00
Jimmy Chen
a592f2a9ea P2P: Continue listening next request if no post-PD operations
If there are no post-provision discovery operations, we should continue
in find mode to avoid getting the p2p_find operation stopped (stuck in
SEARCH state) unexpectedly.

Signed-off-by: Jimmy Chen <jimmycmchen@google.com>
2019-10-25 16:03:37 +03:00
Jouni Malinen
f73dd0a692 FT-SAE: Add RSNXE into FT MIC
Protect RSNXE, if present, in FT Reassociation Request/Response frames.
This is needed for SAE H2E with FT.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-18 16:20:27 +03:00
Jouni Malinen
cb99259775 Add RSNXE into (Re)Association Response frames
Add the new RSNXE into (Re)Association Response frames if any of the
capability bits is nonzero.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-18 15:49:32 +03:00
Jouni Malinen
865721c695 Merge wpa_supplicant and hostapd EAPOL-Key KDE parsers
Use a single struct definition and a single shared implementation for
parsing EAPOL-Key KDEs and IEs instead of maintaining more or less
identical functionality separately for wpa_supplicant and hostapd.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-18 13:02:27 +03:00
Jouni Malinen
898b6d58f3 SAE: Verify that STA negotiated H2E if it claims to support it
If a STA indicates support for SAE H2E in RSNXE and H2E is enabled in
the AP configuration, require H2E to be used.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-18 12:48:28 +03:00
Jouni Malinen
74866f5378 RSN: Verify RSNXE match between (Re)AssocReq and EAPOL-Key msg 2/4
If the STA advertises RSN Extension element, it has to be advertised
consistently in the unprotected ((Re)Association Request) and protected
(EAPOL-Key msg 2/4) frames. Verify that this is the case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-18 00:20:29 +03:00
Jouni Malinen
9981d5bf31 Add RSNXE into AP KDE parser
This is needed for SAE hash-to-element implementation.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-18 00:20:29 +03:00
Jouni Malinen
d3516cad7a Store a copy of Association Request RSNXE in AP mode for later use
This is needed to be able to compare the received RSNXE to a protected
version in EAPOL-Key msg 2/4.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-18 00:20:29 +03:00
Jouni Malinen
6d6c887751 SAE: Add RSNXE in Association Request and EAPOL-Key msg 2/4
Add the new RSNXE into (Re)Association Request frames and EAPOL-Key msg
2/4 when using SAE with hash-to-element mechanism enabled. This allows
the AP to verify that there was no downgrade attack when both PWE
derivation mechanisms are enabled.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-17 16:54:05 +03:00
Jouni Malinen
8401cdc8d4 Add RSNXE into IE parser
This is needed for SAE hash-to-element implementation.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-17 16:53:09 +03:00
Jouni Malinen
0b0ed907d1 WPS: Check SHA256 result success
These functions can fail in theory, so verify they succeeded before
comparing the hash values.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-15 15:41:13 +03:00
Shiva Sankar Gajula
8dda97c758 QCA vendor command for adding a STA node
Add a QCA vendor subcommand QCA_NL80211_VENDOR_SUBCMD_ADD_STA_NODE with
attributes qca_wlan_vendor_attr_add_sta_node_params to add STA peer
entries in AP mode. This vendor sub command is used in FT roaming
scenario to send STA node information from application/service to
driver/firmware. The attributes defined in enum
qca_wlan_vendor_attr_add_sta_node_params are used to deliver the
parameters.

Signed-off-by: Shiva Sankar Gajula <sgajula@codeaurora.org>
2019-10-15 15:39:22 +03:00
Subrat Dash
b41dc61afa Add a new QCA vendor attribute to carry device info for OEM data
The OEM data binary blobs from application/service will be routed to the
appropriate device based on this attribute value. This optional
attribute is used to specify whether the device type is virtual or
physical. This attribute can be omitted when the command is for a
virtual device.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-15 15:39:22 +03:00
Edayilliam Jayadev
bf185bfd5d QCA vendor attributes to indicate BW-based agile spectral capability
Some chipsets don't have the capability to run agile spectral scan with
160/80+80 MHz modes. Add separate agile spectral scanning capability
flags for 160, 80+80, and non-160 MHz modes to cover such cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-15 15:39:22 +03:00
Sunil Dutt
1317ea2c0e nl80211: Allow external auth based on SAE/FT-SAE key mgmt
In the SME-in-driver case, wpa_supplicant used only the selected SAE
auth_alg value as the trigger for enabling external authentication
support for SAE. This prevented the driver from falling back to full SAE
authentication if PMKSA caching was attempted (Open auth_alg selected)
and the cached PMKID had been dropped.

Enable external auth based on SAE/FT-SAE key_mgmt, rather than doing
this based on SAE auth_alg, so that the driver can go through full SAE
authentication in cases where PMKSA caching is attempted and it fails.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-15 15:39:22 +03:00
Dedy Lansky
cdb5774f42 FST: Update FST about MAC address change
Notify FST module upon MAC address change. FST module will update the
Multiband IE accordingly.

Signed-off-by: Dedy Lansky <dlansky@codeaurora.org>
2019-10-15 15:39:22 +03:00
Andrei Otcheretianski
49e95ee1ee AP: Publish only HE capabilities and operation IEs on 6 GHz band
When operating on the 6 GHz band, add 6 GHz Operation Information inside
the HE Operation element and don't publish HT/VHT IEs.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>

- Replace HOSTAPD_MODE_IEEE80211AX mode checks with is_6ghz_op_class()

Signed-off-by: Vamsi Krishna <vamsin@codeaurora.org>
2019-10-15 15:39:22 +03:00
Andrei Otcheretianski
d7c2c5c98c AP: Add initial support for 6 GHz band
Add support for new hardware mode for 6 GHz band. 6 GHz operation is
defined in IEEE P802.11ax/D4.3. 6 GHz band adds global operating classes
131-135 that define channels in frequency range from 5940 MHz to 7105
MHz.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>

- Remove HOSTAPD_MODE_IEEE80211AX mode
- Replace check for HOSTAPD_MODE_IEEE80211AX with is_6ghz_freq()
- Move center_idx_to_bw_6ghz() to ieee802_11_common.c file

Signed-off-by: Vamsi Krishna <vamsin@codeaurora.org>
2019-10-15 15:39:22 +03:00
Liangwei Dong
a5b2faa714 AP: Add op_class config item to specify 6 GHz channels uniquely
Add hostapd config option "op_class" for fixed channel selection along
with existing "channel" option. "op_class" and "channel" config options
together can specify channels across 2.4 GHz, 5 GHz, and 6 GHz bands
uniquely.

Signed-off-by: Liangwei Dong <liangwei@codeaurora.org>
Signed-off-by: Vamsi Krishna <vamsin@codeaurora.org>
2019-10-15 15:39:22 +03:00
Jouni Malinen
032c8264d4 SAE: Check that peer's rejected groups are not enabled in AP
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-15 15:39:22 +03:00
Jouni Malinen
a5dc2a5c1a SAE: H2E version of SAE commit message handling for AP
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-15 15:39:22 +03:00
Jouni Malinen
43b20b4370 SAE: Derive H2E PT in AP when starting the AP
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-15 15:39:22 +03:00
Jouni Malinen
146889e3ca RSN: Verify RSNXE match between Beacon/ProbeResp and EAPOL-Key msg 3/4
If the AP advertises RSN Extension element, it has to be advertised
consistently in the unprotected (Beacon and Probe Response) and
protected (EAPOL-Key msg 3/4) frames. Verify that this is the case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-15 15:39:22 +03:00
Jouni Malinen
3134bb13a8 SAE: Advertise Extended RSN Capabilities when H2E is enabled
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-15 15:39:22 +03:00
Jouni Malinen
cc0da0ff4c SAE: Advertise BSS membership selector for H2E-only case
If hostapd is configured to enable only the hash-to-element version of
SAE PWE derivation (sae_pwe=1), advertise BSS membership selector to
indicate this.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-15 15:39:22 +03:00
Jouni Malinen
a36e13a7cd SAE: Add sae_pwe configuration parameter for hostapd
This parameter can be used to specify which PWE derivation mechanism(s)
is enabled. This commit is only introducing the new parameter; actual
use of it will be address in separate commits.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-15 15:39:22 +03:00
Jouni Malinen
af4487148a tests: Module test for SAE hash-to-element crypto routines
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-15 15:39:22 +03:00
Jouni Malinen
cf84246ebb SAE: Add Rejected Groups element into H2E Commit
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-15 15:39:22 +03:00
Jouni Malinen
efd4285299 SAE: Hash algorithm selection for H2E KCK/CN()
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-15 15:39:19 +03:00
Jouni Malinen
aeb022f8e5 SAE: Implement hash-to-element PT/PWE crypto routines
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-15 15:01:53 +03:00
Jouni Malinen
ecd7114072 SAE: Parse Rejected Groups element from H2E SAE commit
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-14 19:38:41 +03:00
Jouni Malinen
86f6084862 SAE: Tell sae_parse_commit() whether H2E is used
This will be needed to help parsing the received SAE commit.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-14 19:38:41 +03:00
Jouni Malinen
316156739c SAE: H2E protocol defines
These are the defined values/identifiers for SAE hash-to-element
mechanism from IEEE P802.11-REVmd/D3.0.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-14 19:38:41 +03:00
Jouni Malinen
1766e608ba wolfSSL: Fix crypto_bignum_sub()
The initial crypto wrapper implementation for wolfSSL seems to have
included a copy-paste error in crypto_bignum_sub() implementation that
was identical to crypto_bignum_add() while mp_sub() should have been
used instead of mp_add().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-14 19:38:41 +03:00
Jouni Malinen
2a1c84f4e5 crypto: Add more bignum/EC helper functions
These are needed for implementing SAE hash-to-element.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-14 19:38:41 +03:00
Jouni Malinen
9c08bfbd91 DPP: Fix confusing debug entry from Configurator
The logic for displaying the message about no configuration being
available for the Enrollee was reversed when support for multiple Config
Objects was added. This was supposed to be shown only if the first
Config Object fails (i.e., when no configuration is available); not when
second attempt fails (since the first one had already been successful in
that case).

Fixes: 7eb06a3369 ("DPP2: Allow multiple Config Objects to be build on Configurator")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-11 13:04:42 +03:00
Jouni Malinen
f7fe055224 SAE: Allow AP behavior for SAE Confirm to be configured
hostapd is by default waiting STA to send SAE Confirm before sending the
SAE Confirm. This can now be configured with sae_confirm_immediate=1
resulting in hostapd sending out SAE Confirm immediately after sending
SAE Commit.

These are the two different message sequences:

sae_confirm_immediate=0
STA->AP: SAE Commit
AP->STA: SAE Commit
STA->AP: SAE Confirm
AP->STA: SAE Confirm
STA->AP: Association Request
AP->STA: Association Response

sae_confirm_immediate=1
STA->AP: SAE Commit
AP->STA: SAE Commit
AP->STA: SAE Confirm
STA->AP: SAE Confirm
STA->AP: Association Request
AP->STA: Association Response

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-10 15:38:26 +03:00
Alexei Avshalom Lazar
f6f8c6ade9 AP: Show EDMG channel info in STATUS output
Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
2019-10-07 17:20:41 +03:00
Alexei Avshalom Lazar
241dd76cfd hostapd: Check EDMG configuration against capability
Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
2019-10-07 17:20:41 +03:00
Alexei Avshalom Lazar
dc3457cc4a hostapd: Check usability of EDMG channel
Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
2019-10-07 17:02:12 +03:00
Alexei Avshalom Lazar
bebd91e9c4 Add EDMG parameters to set_freq functions
This updates the frequency parameter setting functions to include
argument for EDMG.

Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
2019-10-07 16:59:23 +03:00
Alexei Avshalom Lazar
fdd0fef2c6 EDMG: Helper functions for parameter encoding/checking
Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
2019-10-07 16:59:21 +03:00
Alexei Avshalom Lazar
5c5ff22efc hostapd: Add EDMG channel configuration parameters
Add two new configuration parameters for hostapd:
enable_edmg: Enable EDMG capability for AP mode in the 60 GHz band
edmg_channel: Configure channel bonding for AP mode in the 60 GHz band

Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
2019-10-07 16:46:29 +03:00
Alexei Avshalom Lazar
dda5d9e315 nl80211: Add support for EDMG channels
IEEE P802.11ay defines Enhanced Directional Multi-Gigabit (EDMG) STA and
AP which allow channel bonding of 2 channels and more.

nl80211 provides the driver's EDMG capabilities from the kernel
using two new attributes:
NL80211_BAND_ATTR_EDMG_CHANNELS - bitmap field that indicates the 2.16
GHz channel(s) that are supported by the driver.
NL80211_BAND_ATTR_EDMG_BW_CONFIG - represents the channel bandwidth
configurations supported by the driver.
The driver's EDMG capabilities are stored inside struct hostapd_hw_modes.

As part of the connect request and starting AP, EDMG parameters are
passed as part of struct hostapd_freq_params.

The EDMG parameters are sent to the kernel by using two new attributes:
NL80211_ATTR_WIPHY_EDMG_CHANNEL and NL80211_ATTR_WIPHY_EDMG_BW_CONFIG
which specify channel and bandwidth configuration for the driver to use.

This implementation is limited to CB2 (channel bonding of 2 channels)
and the bonded channels must be adjacent.

Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
2019-10-07 16:06:04 +03:00
Alexei Avshalom Lazar
a19913c170 IEEE P802.11ay/D4.0 defines for EDMG
Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
2019-10-07 16:06:01 +03:00
Jouni Malinen
b719a1568a DPP2: Parse AKM suite selector version of akm node
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-01 14:21:51 +03:00
Jouni Malinen
68fea96038 DPP2: Allow Configurator to use AKM suite selectors in Config Object
The new use_akm_selector=1 value to Configurator parameters can now be
used to request a list of AKM suite selectors to be used in the
Configuration Object if the Enrollee supports version 2 or newer.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-01 14:21:51 +03:00
Jouni Malinen
52d469de11 DPP2: Support multiple Config Objects in Enrollee
Process all received DPP Configuration Object attributes from
Configuration Result in Enrollee STA case. If wpa_supplicant is
configured to add networks automatically, this results in one network
being added for each included Configuration Object.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-01 14:21:51 +03:00
Jouni Malinen
7eb06a3369 DPP2: Allow multiple Config Objects to be build on Configurator
Special @CONF-OBJ-SEP@ string can now be used as a DPP configuration
string value to split the string into two different components to
configure two Config Objects for an Enrollee.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-01 14:21:51 +03:00
Jouni Malinen
99918e069a DPP: Cleaned up netrole indication for config object building
Include netrole as part of struct dpp_configuration to make config
object building more flexible.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-01 14:21:51 +03:00
Jouni Malinen
e0d22c842a FILS+FT: Fix MFPR flag in RSNE during FILS exchange for FT
Commit e820cf952f ("MFP: Add MFPR flag into station RSN IE if 802.11w
is mandatory") added indication of MFPR flag in non-FT cases and was
further extended to cover FT protocol in commit ded56f2faf ("FT: Fix
MFPR flag in RSNE during FT protocol"). Similar fix is needed for
FILS+FT as well.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-01 14:21:51 +03:00
Jouni Malinen
722c7d1958 wlantest: Process VLAN tagged Data frames
This allows Data frames to be fully processed for the case where VLAN
tags are used on the wireless link.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-20 23:54:05 +03:00
Alexander Wetzel
83b83b461d nl80211: Migrate to current netlink key message format
Linux 2.6.32 (December 2009) introduced alternate netlink messages
for setting and installing keys, deprecating the older ones.

To allow hostapd/wpa_supplicant to use new features only provided via
the new API this patch migrates all netlink messages to the current ones.

Since the nl80211 driver was sometimes already using the new format this
is only unifying the netlink API usage and not changing the minimal
kernel requirement.

The following netlink attributes have been retired for key installs:

  NL80211_ATTR_KEY_DATA
  NL80211_ATTR_KEY_TYPE
  NL80211_ATTR_KEY_SEQ
  NL80211_ATTR_KEY_IDX
  NL80211_ATTR_KEY_CIPHER
  NL80211_ATTR_KEY_DEFAULT
  NL80211_ATTR_KEY_DEFAULT_MGMT
  NL80211_ATTR_KEY_DEFAULT_TYPES

And replaced by the following attributes nested in NL80211_ATTR_KEY:

  NL80211_KEY_DATA
  NL80211_KEY_TYPE
  NL80211_KEY_SEQ
  NL80211_KEY_IDX
  NL80211_KEY_CIPHER
  NL80211_KEY_DEFAULT
  NL80211_KEY_DEFAULT_MGMT
  NL80211_KEY_DEFAULT_TYPES

When getting Michael MIC failure notifications or querying a key
sequence number the kernel continues to use the old attributes:
  NL80211_ATTR_KEY_TYPE
  NL80211_ATTR_KEY_SEQ
  NL80211_ATTR_KEY_IDX

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2019-09-19 12:48:37 +03:00
Alexander Wetzel
7a4b01c879 AP: Provide correct keyid to wpa_send_eapol() for EAPOL-Key msg 3/4
PTKINITNEGOTIATING in the WPA state machine calls wpa_send_eapol() and
hands over the GTK instead of the PTK keyid.

Besides a confusing debug message this does not have any negative side
effects: The variable is only set to a wrong value when using WPA2 but
then it's not used.

With this patch PTKINITNEGOTIATING sets the PTK keyid unconditionally to
zero for EAPOL-Key msg 3/4 and differentiates more obviously between GTK
and PTK keyids.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2019-09-19 12:34:21 +03:00
Roy Marples
a3ebf71751 BSD: Add support for route(4) message filtering
hostapd is only interested in RTM_IEEE80211.
wpa_supplicant is only interested in RTM_IEEE80211, RTM_IFINFO and
RTM_IFANNOUNCE.

This supports the NetBSD RO_MSGFILTER interface and the alternative
DragonFlyBSD/OpenBSD interface ROUTE_MSGFILTER.

Signed-off-by: Roy Marples <roy@marples.name>
2019-09-19 12:16:49 +03:00
Neo Jou
d9286d0997 ACS: Stop before scan if no channels in chanlist are available
When we set "channel=0" in hostapd.conf to enable ACS function, and set
a wrong channel list, e.g., chanlist=222-999 on purpose, hostapd would
still start ACS process to compute the ideal channel, even when there
are no available channels with such configuration.

Though there is no problem since hostapd fails to initialize interface,
it spends time going through the scan and the debug log entries may make
it more difficult to tell what was behind the failure.

Thus, check if there are any available channels in acs_request_scan(),
and return -1 if no available channel, then it will fail at acs_init(),
without doing ACS computation. It will show the following in the log:
    Could not select hw_mode and channel. (-3)
    wlan0: interface state UNINITIALIZED->DISABLED

Then we can know the setting is incorrect already in
hostapd_select_hw_mode(), instead of waiting for scan callback function
to know if the setting is ok for ACS or not. This can save time and help
to tell if the setting is correct at the initial function at the first.
This will also allow the ENABLE control interface command to return FAIL
when adding an interface dynamically.

Signed-off-by: Neo Jou <neojou@gmail.com>
2019-09-19 12:09:47 +03:00
Jouni Malinen
f32aa244ef DPP: Debug print configRequest bandSupport on Configurator
Go through the received bandSupport JSON array and print its contents in
the debug log. This information might be exposed to upper layer
configuration generation/use somehow in the future.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-19 00:21:47 +03:00
Jouni Malinen
8f8c423a51 DPP: Add bandSupport JSON array into config request
Indicate supported global operating classes when wpa_supplicant is
operating as an Enrollee.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-19 00:21:47 +03:00
Thomas Winter
6d3dc9ba1e mka: Check OLPN for exhaustion on SAKuse decode
Most of the time is spent in the CP state machine RETIRE state where LKI
is not set and OKI is the currently used SAK so OLPN needs to be checked
for PN exhaustion.

hostapd/wpa_supplicant implemented an interpretation of the standard as
described in a proposed amendment titled "MKA pending PN exhastion"
which was deemed to be wrong. This amendment was included in IEEE Std
802.1Xck-2018.

Signed-off-by: Thomas Winter <Thomas.Winter@alliedtelesis.co.nz>
2019-09-19 00:21:47 +03:00
Thomas Winter
84851007d9 mka: Check OLPN for exhaustion on SAKuse encode
Most of the time is spent in the CP state machine RETIRE state where LKI
is not set and OKI is the currently used SAK, so OLPN needs to be
checked for PN exhaustion.

hostapd/wpa_supplicant implemented an interpretation of the standard as
described in a proposed amendment titled "MKA pending PN exhastion"
which was deemed to be wrong. This amendment was included in IEEE Std
802.1Xck-2018.

Signed-off-by: Thomas Winter <Thomas.Winter@alliedtelesis.co.nz>
2019-09-19 00:21:47 +03:00
Thomas Winter
547ba732d3 mka: Clear out old/latest key values on CHANGE in CP state machine
The associated SAs have been deleted and the key server has changed so
there's no point in keeping the key values.

Note that this isn't specified in IEEE Std 802.1X-2010.

Signed-off-by: Thomas Winter <Thomas.Winter@alliedtelesis.co.nz>
2019-09-19 00:21:47 +03:00
Thomas Winter
536a7cfcf7 mka: Don't set newSAK to FALSE on ABANDON in CP state machine
Previously the ABANDON->RECEIVE state change was impossible and did not
match the CP state machine in IEEE Std 802.1X-2010 Figure 12-2.

Signed-off-by: Thomas Winter <Thomas.Winter@alliedtelesis.co.nz>
2019-09-19 00:21:47 +03:00
Thomas Winter
0fedfba2e2 mka: Change RECEIVE and RETIRE states to match the standard
The RECEIVE and RETIRE states were incorrect which can result in
incorrect information being advertised in SAKuse MKPDUs. Change these to
match IEEE Std 802.1X-2010, Figure 12-2 (CP state machine).

hostapd/wpa_supplicant implemented an interpretation of the standard as
described in a proposed amendment titled "MKA pending PN exhastion"
which was deemed to be wrong. This amendment was included in IEEE Std
802.1Xck-2018.

Signed-off-by: Thomas Winter <Thomas.Winter@alliedtelesis.co.nz>
2019-09-19 00:21:47 +03:00
Jouni Malinen
3f2641e7ad Fix wpa_supplicant build with CONFIG_PCSC=y
This code block with dependency on PCSC_FUNCS was missed when conf->pin
was moved to conf->cert.pin. Fix this to get rid of compilation issues
with CONFIG_PCSC=y builds.

Fixes: b99c4cadb7 ("EAP peer: Move certificate configuration params into shared struct")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-19 00:21:47 +03:00
Jouni Malinen
5a5639b068 DPP: Allow name and mudurl to be configured for Config Request
The new hostapd and wpa_supplicant configuration parameters dpp_name and
dpp_mud_url can now be used to set a specific name and MUD URL for the
Enrollee to use in the Configuration Request. dpp_name replaces the
previously hardcoded "Test" string (which is still the default if an
explicit configuration entry is not included). dpp_mud_url can
optionally be used to add a MUD URL to describe the Enrollee device.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-19 00:21:47 +03:00
Jouni Malinen
3394def5a8 More consistent SA check for unexpected Data frames
Use the same rules for dropping driver notifications for Data frames
from unassociated stations as were added for Management frame reception.
This results in more consistent behavior in sending out Deauthentication
frames with Reason Code 6/7.

This case was already checking for unexpected multicast addresses, so
there was no issue for the PMF protections for unexpected disconnection.
Anyway, better avoid unnecessary Deauthentication frames consistently.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-09-17 12:38:15 +03:00
Jouni Malinen
16ef233bf1 DPP2: Connection status result (Enrollee)
Add support for reporting connection status after provisioning if the
Configurator requests this.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-16 17:25:34 +03:00
Jouni Malinen
b10e01a795 DPP2: Connection status result (Configurator)
A new argument to the DPP_AUTH_INIT command (conn_status=1) can now be
used to set Configurator to request a station Enrollee to report
connection result after a successfully completed provisioning step. If
the peer supports this, the DPP-CONF-SENT event indicates this with a
new argument (wait_conn_status=1) and the Configurator remains waiting
for the connection result for up to 16 seconds.

Once the Enrollee reports the result, a new DPP-CONN-STATUS-RESULT event
is generated with arguments result, ssid, and channel_list indicating
what the Enrollee reported. result=0 means success while non-zero codes
are for various error cases as specified in the DPP tech spec. If no
report is received from the Enrollee, the event with "timeout" argument
is generated locally.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-16 17:13:46 +03:00
Jouni Malinen
e501a2eb59 DPP2: Connection status result defines
Add defines for the connection status result mechanism.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-15 17:03:04 +03:00
Jouni Malinen
cc8399528b DPP2: Move dpp_build_conf_result() to be within ifdef block
This is more consistent with the use of CONFIG_DPP2 since the
Configuration Result message is sent only when using version 2 or newer.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-15 16:45:16 +03:00
Jouni Malinen
3a6736fe87 DPP2: Fix a memory leak on error path for Config Result
If only one of the allocations fails, the successful allocation needs to
be freed on the error path.

Fixes: 22f90b32f1 ("DPP2: Configuration Result message generation and processing")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-15 16:30:40 +03:00
Alexei Avshalom Lazar
dc6c3be4e2 wpa_supplicant: Add support for 60 GHz band channels 5 and 6
The previous support in the 60 GHz band was for channels 1-4.
Add support for channels 5 and 6.

Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
2019-09-13 16:14:17 +03:00
Jouni Malinen
018edec9b2 Remove IAPP functionality from hostapd
IEEE Std 802.11F-2003 was withdrawn in 2006 and as such it has not been
maintained nor is there any expectation of the withdrawn trial-use
recommended practice to be maintained in the future. Furthermore,
implementation of IAPP in hostapd was not complete, i.e., only parts of
the recommended practice were included. The main item of some real use
long time ago was the Layer 2 Update frame to update bridges when a STA
roams within an ESS, but that functionality has, in practice, been moved
to kernel drivers to provide better integration with the networking
stack.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-09-11 13:11:03 +03:00
Jouni Malinen
d86d66dc07 AP: Silently ignore management frame from unexpected source address
Do not process any received Management frames with unexpected/invalid SA
so that we do not add any state for unexpected STA addresses or end up
sending out frames to unexpected destination. This prevents unexpected
sequences where an unprotected frame might end up causing the AP to send
out a response to another device and that other device processing the
unexpected response.

In particular, this prevents some potential denial of service cases
where the unexpected response frame from the AP might result in a
connected station dropping its association.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-09-11 12:28:37 +03:00
John Crispin
a84bf44388 HE: Send the AP's OBSS PD settings to the kernel
This allows us to send the OBSS PD settings to the kernel, such that the
driver can propagate them to the hardware/firmware.

Signed-off-by: John Crispin <john@phrozen.org>
2019-09-10 14:00:14 +03:00
Jouni Malinen
262b71eead Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2019-08-30.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-09-10 13:42:14 +03:00
Rosen Penev
39042d7f7c os_sleep: Use nanosleep for POSIX versions 2008 and higher
uClibc-ng optionally disabled deprecated POSIX functions like usleep,
causing compilation failures. This switches to nanosleep while retaining
support for older libcs that do not support nanosleep.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-09-09 16:45:40 +03:00
Jouni Malinen
d842e00bd6 SAE: Return result from confirm CN() operation to the caller
These functions could fail in theory, so report the result to the
caller.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-08 18:02:47 +03:00
Srinivas Dasari
0df82a3daf Correct the type/usage of QCA_ATTR_ROAM_CONTROL_SCAN_FREQ_LIST
Update the documentation of QCA_ATTR_ROAM_CONTROL_SCAN_FREQ_LIST
to make it a nested attribute to carry frequencies of type u32.
This is to be in sync with the nl80211 attribute
NL80211_ATTR_SCAN_FREQUENCIES.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-08 17:48:14 +03:00
Jouni Malinen
7d2ed8bae8 Remove CONFIG_IEEE80211W build parameter
Hardcode this to be defined and remove the separate build options for
PMF since this functionality is needed with large number of newer
protocol extensions and is also something that should be enabled in all
WPA2/WPA3 networks.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-09-08 17:33:40 +03:00
Hu Wang
0229261874 DFS offload: Fix hostapd state and CAC info in STATUS output
With DFS offloaded to the driver, hostapd state and CAC info was not
updated in DFS-CAC-START event, so STATUS output showed wrong info. Fix
this by updating the CAC related state when processing the driver event.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-02 12:29:10 +03:00
Jouni Malinen
4d78ba9900 EAP-TEAP peer: Clear Phase 2 EAP method on new Identity exchange
This is needed to allow clean transition from one inner EAP
authentication method to another one if EAP method negotiation is needed
within Phase 2.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-09-01 17:19:43 +03:00
Jouni Malinen
6816182461 EAP-TEAP peer: Add support for machine credentials using certificates
This allows EAP-TLS to be used within an EAP-TEAP tunnel when there is
an explicit request for machine credentials. The network profile
parameters are otherwise same as the Phase 1 parameters, but each one
uses a "machine_" prefix for the parameter name.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-09-01 17:19:43 +03:00
Jouni Malinen
043de65f1c EAP peer config: Move ocsp param to phase1/phase2
OCSP configuration is applicable to each instance of TLS-based
authentication and as such, the configuration might need to be different
for Phase 1 and Phase 2. Move ocsp into struct eap_peer_cert_config and
add a separate ocsp2 network profile parameter to set this for Phase 2.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-09-01 17:19:35 +03:00
Jouni Malinen
8d76e0ad7b EAP server: Configurable maximum number of authentication message rounds
Allow the previously hardcoded maximum numbers of EAP message rounds to
be configured in hostapd EAP server. This can be used, e.g., to increase
the default limits if very large X.509 certificates are used for EAP
authentication.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-09-01 17:19:35 +03:00
Jouni Malinen
b99c4cadb7 EAP peer: Move certificate configuration params into shared struct
These parameters for certificate authentication are identical for the
Phase 1 (EAP-TLS alone) and Phase 2 (EAP-TLS inside a TLS tunnel).
Furthermore, yet another copy would be needed to support separate
machine credential in Phase 2. Clean this up by moving the shared
parameters into a separate data struct that can then be used for each
need without having to define separate struct members for each use.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-09-01 17:19:31 +03:00
John Crispin
0497e41481 HE: Fix HE Capabilities element size
Set the max value of optional bytes inside the data structure. This
requires us to calculate the actually used size when copying the
HE capabilities and generating the IE.

Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Sven Eckelmann <seckelmann@datto.com>
2019-08-30 15:59:20 +03:00
Krishna Rao
a2e0cc9e09 Add nl80211 vendor ACS trigger reasons related to interference
Add the following ACS trigger reasons to enum
qca_wlan_vendor_acs_select_reason:
1) QCA_WLAN_VENDOR_ACS_SELECT_REASON_GENERIC_INTERFERENCE
       Generic, uncategorized interference found
2) QCA_WLAN_VENDOR_ACS_SELECT_REASON_80211_INTERFERENCE
       Excessive 802.11 interference found
3) QCA_WLAN_VENDOR_ACS_SELECT_REASON_CW_INTERFERENCE
       Continuous Wave (CW) interference found
4) QCA_WLAN_VENDOR_ACS_SELECT_REASON_MWO_INTERFERENCE
       Microwave Oven (MWO) interference found
5) QCA_WLAN_VENDOR_ACS_SELECT_REASON_FHSS_INTERFERENCE
       Frequency-Hopping Spread Spectrum (FHSS) interference found
6) QCA_WLAN_VENDOR_ACS_SELECT_REASON_NON_80211_FHSS_INTERFERENCE
       Non-802.11 Frequency-Hopping Spread Spectrum (FHSS) interference
       found
7) QCA_WLAN_VENDOR_ACS_SELECT_REASON_WB_INTERFERENCE
       Wideband (WB) interference found
8) QCA_WLAN_VENDOR_ACS_SELECT_REASON_NON_80211_WB_INTERFERENCE
       Non-802.11 Wideband (WB) interference found
9) QCA_WLAN_VENDOR_ACS_SELECT_REASON_JAMMER_INTERFERENCE
       Jammer interference found

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-30 15:46:18 +03:00
Jouni Malinen
69e8e7817e HS 2.0: Do not add two copies of OSEN element into Beacon/Probe Resp
OSEN element was getting added both through the Authenticator IEs
(before some non-vendor elements) and separately at the end of the
frames with other vendor elements. Fix this by removing the separate
addition of the OSEN element and by moving the Authenticator IE addition
for OSEN to match the design used with WPA so that the vendor element
gets added in the proper place in the sequence of IEs.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-30 15:41:58 +03:00
Jouni Malinen
a762ba8b1e HS 2.0 AP: Do not mandate PMF for HS 2.0 Indication in open OSU network
Even though the station is not supposed to include Hotspot 2.0
Indication element in the Association Request frame when connecting to
the open OSU BSS, some station devices seem to do so. With the strict
PMF-required-with-Hotspot-2.0-R2 interpretation, such connection
attempts were rejected. Relax this to only perform the PMF check if the
local AP configuration has PMF enabled, i.e., for the production BSS.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-30 15:22:42 +03:00
Jouni Malinen
e49ce2990f IEEE 802.1X authenticator: Coding style cleanup
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-24 19:15:25 +03:00
Jouni Malinen
31aaddc90d Clean up IEEE 802.1X authentication debug messages for EAP code
Merge the separate debug print with the text name of the EAP code into
the same debug line with the numerical value to clean up debug log.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-24 19:15:25 +03:00
Jouni Malinen
71419119f4 EAP-TEAP peer: Fix protected indication of inner EAP method failure
Need to leave EAP-TEAP methodState == MAY_CONT when marking decision =
FAIL based on inner EAP method failure since this message will be
followed by protected failure indication.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-24 16:56:41 +03:00
Jouni Malinen
93cd29d2b8 EAP-TEAP server: Add support for requiring user and machine credentials
The new eap_teap_id=5 hostapd configuration parameter value can be used
to configure EAP-TEAP server to request and require user and machine
credentials within the tunnel. This can be done either with Basic
Password Authentication or with inner EAP authentication methods.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-24 16:49:51 +03:00
Jouni Malinen
c38c62ff78 wlantest: Derive PMK-R1 and PTK for FT protocol cases
Track PMK-R0/PMK-R0-Name from the initial mobility domain association
and derive PMK-R1/PTK when the station uses FT protocol. This allows
frames from additional roaming cases to be decrypted.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-22 22:14:47 +03:00
Jouni Malinen
c41936566e EAP-TEAP peer: Add support for machine authentication
This allows a separate machine credential to be used for authentication
if the server requests Identity-Type = 2 (machine).

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-20 13:24:14 +03:00
Jouni Malinen
c724a0a16c EAP peer: Add a concept of a separate machine credential
This is an initial step in adding support for configuring separate user
and machine credentials. The new wpa_supplicant network profile
parameters machine_identity and machine_password are similar to the
existing identity and password, but explicitly assigned for the purpose
of machine authentication.

This commit alone does not change actual EAP peer method behavior as
separate commits are needed to determine when there is an explicit
request for machine authentication. Furthermore, this is only addressing
the username/password credential type, i.e., additional changes
following this design approach will be needed for certificate
credentials.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-20 13:24:14 +03:00
Jouni Malinen
9ce3bfaf47 RADIUS server: Abort startup on allocation failures
Be more consistent on checking all parameter allocation and copying
steps within radius_server_init() and abort startup if anything fails
instead of trying to continue with other parts of the configuration.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-20 02:57:58 +03:00
Jouni Malinen
fa1f0751cc RADIUS server: Use struct eap_config to avoid duplicated definitions
Use struct eap_config as-is within RADIUS server to avoid having to
duplicate all the configuration variables at each interface. This
continues cleanup on struct eap_config duplication in hostapd.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-20 02:33:12 +03:00
Jouni Malinen
a00cb1b1f5 EAP-TEAP server: Fix eap_teap_pac_no_inner configuration
This was not passed correctly to the EAP server code when using hostapd
internal EAP server.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-20 02:13:22 +03:00
Jouni Malinen
986033ff3d EAP-TEAP server: Fix Crypto-Binding check in PAC no-inner-auth case
The Crypto-Binding TLV is included without Intermediate-Result TLV in
this sequence since the server is skipping all inner authentication
methods and is only sending out Result TLV with the Crypto-Binding TLV.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-20 02:13:22 +03:00
Jouni Malinen
e54cfbb56a EAP-TEAP server: Allow a specific Identity-Type to be requested/required
The new hostapd configuration parameter eap_teap_id can be used to
configure the expected behavior for used identity type.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-20 02:13:22 +03:00
Jouni Malinen
f186ec54c3 EAP-TEAP peer: Support Identity-Type TLV
Parse the received Identity-Type TLV and report the used Identity-Type
in response if the request included this TLV. For now, only the
Identity-Type 1 (User) is supported.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-20 01:46:00 +03:00
Jouni Malinen
cc661c160a EAP-TEAP: Add parsing and generation routines for Identity-Type TLV
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-20 01:34:12 +03:00
Jouni Malinen
100b2edb28 OpenSSL: Write peer certificate chain details in debug log
This makes it more convenient to debug TLS certificate validation
issues.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-19 16:34:22 +03:00
Jouni Malinen
7eb157f1e9 EAP: Increase the maximum number of message exchanges
Allow 100 rounds of EAP messages if there is data being transmitted.
Keep the old 50 round limit for cases where only short EAP messages are
sent (i.e., the likely case of getting stuck in ACK loop).

This allows larger EAP data (e.g., large certificates) to be exchanged
without breaking the workaround for ACK loop interop issues.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-18 17:40:31 +03:00
Jouni Malinen
822e7c66ae EAP server: Use struct eap_config to avoid duplicated definitions
Use struct eap_config as-is within struct eap_sm and EAPOL authenticator
to avoid having to duplicate all the configuration variables at each
interface. Split the couple of session specific variables into a
separate struct to allow a single const struct eap_config to be used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-18 17:36:32 +03:00
Jouni Malinen
62af2b18f7 EAP-TEAP peer: Support vendor EAP method in Phase 2
The implementation was previously hardcoded to use only the non-expanded
IETF EAP methods in Phase 2. Extend that to allow vendor EAP methods
with expanded header to be used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-17 16:18:21 +03:00
Jouni Malinen
aba8dc82fc EAP-PEAP server: Support vendor EAP types in Phase 2
This was already allowed with EAP-PEAP, but EAP-TEAP was hardcoded to
use only the non-expanded EAP types. Extend that to allow vendor EAP
types to be used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-17 16:17:42 +03:00
Jouni Malinen
357c1062dc EAP-FAST peer: Support vendor EAP method in Phase 2
The implementation was previously hardcoded to use only the non-expanded
IETF EAP methods in Phase 2. Extend that to allow vendor EAP methods
with expanded header to be used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-17 16:16:55 +03:00
Jouni Malinen
f32f76231e EAP-FAST server: Support vendor EAP types in Phase 2
This was already allowed with EAP-PEAP, but EAP-FAST was hardcoded to
use only the non-expanded EAP types. Extend that to allow vendor EAP
types to be used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-17 16:15:57 +03:00
Jouni Malinen
887d8703bb EAP-PEAP peer: Support vendor EAP method in Phase 2
The implementation was previously hardcoded to allow only the Microsoft
SoH expanded EAP method in Phase 2 in addition to non-expanded EAP
methods. Extend that to allow any vendor EAP method with an expanded
header to be used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-17 16:15:02 +03:00
Jouni Malinen
f2ef4f2550 EAP peer: Allow VENDOR-TEST method in Phase 2
This allows EAP methods to be tested for support of expanded EAP headers
in Phase 2.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-17 16:14:58 +03:00
Jouni Malinen
5ddbd9e968 EAP-TTLS peer: Support vendor EAP method in Phase 2
The implementation was previously hardcoded to use only the non-expanded
IETF EAP methods in Phase 2. Extend that to allow vendor EAP methods
with expanded header to be used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-17 16:14:56 +03:00
Jouni Malinen
5e94e7f23d EAP-TTLS server: Support vendor EAP types in Phase 2
This was already allowed with EAP-PEAP, but EAP-TTLS was hardcoded to
use only the non-expanded EAP types. Extend that to allow vendor EAP
types to be used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-17 16:14:02 +03:00
Jouni Malinen
5f2301a6da Replace EapType typedef with enum eap_type
This cleans up coding style of the EAP implementation by avoiding
typedef of an enum hiding the type of the variables.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-17 11:36:20 +03:00
Jouni Malinen
76ddfae6eb EAP-TEAP server: Testing mechanism for Result TLV in a separate message
The new eap_teap_separate_result=1 hostapd configuration parameter can
be used to test TEAP exchange where the Intermediate-Result TLV and
Crypto-Binding TLV are send in one message exchange while the Result TLV
exchange in done after that in a separate message exchange.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-17 00:08:47 +03:00
Jouni Malinen
4c327146f0 EAP-TEAP peer: Allow Result TLV without Crypto-Binding TLV
If the Crypto-Binding TLV for the last EAP method has been validated
successfully in a previous message exchange with Intermediate-Result TLV
and no new EAP method has been started, Result TLV can be accepted
without an additional Crypto-Binding TLV. This allows the server to go
through additional message exchanges after inner EAP method, if needed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-17 00:08:47 +03:00
Jouni Malinen
128d46be9f EAP-TEAP: Add parsing of Error TLV
This TLV needs to be processed properly instead of NAK'ed as
unsupported.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-17 00:08:47 +03:00
Jouni Malinen
234489efd1 EAP-TEAP server: Require Intermediate-Result TLV even with Result TLV
It is not sufficient for the peer to include only the Result TLV if the
server included both the Intermediate-Result TLV and Result TLV.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-17 00:08:47 +03:00
Jouni Malinen
0f7c91f2b9 EAP-TEAP peer: Add Intermediate-Result TLV with Crypto-Binding TLV
Previously, only the Result TLV was added when writing Crypto-Binding
TLV response. This is not sufficient, since RFC 7170 require
Intermediate-Result TLV response to be included from the peer if the
server included Intermediate-Result TLV.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-16 23:11:28 +03:00
Jouni Malinen
a66e53c419 EAP-TEAP: Fix TLS-PRF for TLS ciphersuites that use SHA384
These need to be using the HMAC-based TLS-PRF with SHA384 instead of
SHA256 as the hash algorithm.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-16 21:16:44 +03:00
Jouni Malinen
52069c7eff Add TLS-PRF using HMAC with P_SHA384 for TEAP
This version of TLS PRF is needed when using TEAP with TLS ciphersuites
that are defined to use SHA384 instead of SHA256.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-16 21:16:37 +03:00
Jouni Malinen
a647a0ad75 Extend server certificate TOD policy reporting to include TOD-TOFU
The previously used single TOD policy was split into two policies:
TOD-STRICT and TOD-TOFU. Report these separately in the
CTRL-EVENT-EAP-PEER-CERT events (tod=1 for TOD-STRICT and tod=2 for
TOD-TOFU).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-16 16:40:31 +03:00
Sunil Dutt
c574a3ff18 nl80211: Request update connection params only for drivers with SME
Update Connection Params is intended for drivers that implement
internal SME and expect these updated connection params from
wpa_supplicant. Do not send this request for the drivers using
SME from wpa_supplicant.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-16 15:26:18 +03:00
Jouni Malinen
528f263c4a FT: Reject over-the-DS response with MFPC=0 if PMF is required
If FT over-the-DS case is enforced through the "FT_DS <BSSID>" control
interface command, the PMF capability check during BSS selection is not
used and that could have allowed PMF to be disabled in the over-the-DS
case even if the local network profile mandated use of PMF. Check
against this explicitly to avoid unexpected cases if the APs within the
same mobility domain are not configured consistently.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-16 13:55:26 +03:00
Jouni Malinen
ded56f2faf FT: Fix MFPR flag in RSNE during FT protocol
Commit e820cf952f ("MFP: Add MFPR flag into station RSN IE if 802.11w
is mandatory") added indication of MFPR flag in non-FT cases, but forgot
to do so for the FT protocol cases where a different function is used to
build the RSNE. Do the same change now for that FT specific case to get
consistent behavior on indicating PMF configuration state with MFPR.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-16 13:23:06 +03:00
Jouni Malinen
2ca23faf1c Make wpa_insert_pmkid() more generic
This is not used only with FT, so make the comments less confusing and
include the function in all builds to make it available for
non-FT/non-FILS builds.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-14 17:47:58 +03:00
John Crispin
05822609d1 HE: MCS size is always a minimum of 4 bytes
The MCS set always has a minimal size of 4 bytes. Without this change
HE20 failed to work.

Signed-off-by: John Crispin <john@phrozen.org>
2019-08-11 18:04:26 +03:00
Sven Eckelmann
df4f959988 nl80211: Don't force VHT channel definition with HE
HE (802.11ax) is also supported on 2.4 GHz. And the 2.4 GHz band isn't
supposed to use VHT operations. Some codepaths in wpa_supplicant will
therefore not initialize the freq->bandwidth or the freq->center_freq1/2
members. As a result, the nl80211_put_freq_params() will directly return
an error (-1) or the kernel will return an error due to the invalid
channel definition.

Instead, the channel definitions should be created based on the actual
HT/VHT/none information on 2.4 GHz.

Fixes: ad9a1bfe78 ("nl80211: Share VHT channel configuration for HE")
Signed-off-by: Sven Eckelmann <seckelmann@datto.com>
2019-08-11 18:04:26 +03:00
Rajeev Kumar Sirasanagandla
485dd425ba Add QCA vendor command for avoid frequency feature
Add vendor command QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY_EXT
and attribute qca_wlan_vendor_attr_avoid_frequency_ext to send structured
avoid frequency data.

This new command is alternative to existing command
QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY since existing command is
using stream of bytes instead of structured data using vendor attributes.

Signed-off-by: Rajeev Kumar Sirasanagandla <rsirasan@codeaurora.org>
2019-08-09 19:52:24 +03:00
Rajeev Kumar Sirasanagandla
6ae1247bfa Update QCA vendor attributes for 6 GHz band support
As a part of P802.11ax amendment, 6 GHz band operation is added.

Since the 6 GHz channel numbers are overlapping with existing 2.4 GHz
and 5 GHz channel numbers, use frequency to identify unique channel
operation instead of channel number. Channel frequency is unique across
bands.

In the existing QCA vendor interface, wherever missing, add frequency
attributes to identify unique channel operation. In addition, add
comments to document some of the previously missed attributes/values.

Note: If both channel and frequency attributes are present in vendor
command/event and
(a) If both the driver and user-space application supports 6 GHz band
then channel related attributes are deprecated and use frequency
attributes.
(b) If either driver or user-space application or both doesn't
support 6 GHz band then use channel attributes.

Signed-off-by: Rajeev Kumar Sirasanagandla <rsirasan@codeaurora.org>
2019-08-09 19:52:24 +03:00
Rajeev Kumar Sirasanagandla
aa23ece3de Add QCA vendor channel attribute to restart AP
Add QCA_WLAN_VENDOR_ATTR_SAP_CONFIG_CHANNEL attribute in
enum qca_wlan_vendor_attr_sap_config to use with vendor command
QCA_NL80211_VENDOR_SUBCMD_SET_SAP_CONFIG.

This new attribute is used to restart AP on given channel.

Signed-off-by: Rajeev Kumar Sirasanagandla <rsirasan@codeaurora.org>
2019-08-09 19:52:23 +03:00
Rajeev Kumar Sirasanagandla
85508ecf67 Add QCA vendor command to configure ACS policy
Add a QCA vendor sub command QCA_NL80211_VENDOR_SUBCMD_ACS_POLICY
with attributes enum qca_wlan_vendor_attr_acs_config and
enum qca_acs_dfs_mode to configure ACS policy.

Signed-off-by: Rajeev Kumar Sirasanagandla <rsirasan@codeaurora.org>
2019-08-09 19:52:23 +03:00
Srinivas Dasari
2395fdb67b Add QCA vendor attributes to enhance roaming configuration
This enhances the existing vendor command QCA_NL80211_VENDOR_SUBCMD_ROAM
with the following configurations:
1. Set/get/clear roam control
2. Set/get the channels on which the roaming has to be triggered.
3. Set/get the roam scan period.
4. Configure the triggers for roaming.
5. Configure the candidate selection criteria.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-08 23:52:06 +03:00
Sunil Dutt
1425caac28 Rename qca_wlan_vendor_attr_roam_subcmd to represent subcmds
qca_wlan_vendor_attr_roam_subcmd is an enum associated with the
attribute QCA_WLAN_VENDOR_ATTR_ROAMING_SUBCMD. It represents different
sub command values and these are not the attributes. Hence, rename the
enum to qca_wlan_vendor_roaming_subcmd. Accordingly, the members of this
enum are also renamed to suite the usage.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-08 18:45:08 +03:00
Sunil Dutt
f131196319 Document the attributes used by QCA_NL80211_VENDOR_SUBCMD_ROAM
This commit documents the attributes used by
QCA_NL80211_VENDOR_SUBCMD_ROAM.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-08 18:45:04 +03:00
Jouni Malinen
fa1d5ec182 The master branch is now used for v2.10 development
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-07 17:51:53 +03:00
Jouni Malinen
ca8c2bd28a Preparations for v2.8 release
Update the version number for the build and also add the ChangeLog
entries for both hostapd and wpa_supplicant to describe main changes
between v2.7 and v2.8.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-07 16:25:25 +03:00
Jouni Malinen
d776bf8c66 EAP-TEAP peer: Fix fragmentation of final message
Need to update methodState/decision when completing transmission of
fragmented last Phase 2 message.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-07 01:11:54 +03:00
Jouni Malinen
1c7e61a35a wolfssl: Avoid void pointer arithmetic
This is a compiler specific extension and not compliant with the C
standard.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-06 13:12:37 +03:00
Jouni Malinen
7122a02fa5 SAE: Fix order_len for FFC groups
The KCK, PMK, and PMKID derivation fix broke SAE key derivation for all
FFC groups. Fix that by setting sae->tmp->order_len for FFC groups (it
was only set for ECC groups).

Fixes: ac734a342e ("SAE: Fix KCK, PMK, and PMKID derivation for groups 22, 23, 24")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-05 16:52:20 +03:00
Jouni Malinen
d001fe31ab OpenSSL: Handle EVP_PKEY_derive() secret_len changes for ECDH
It looks like EVP_PKEY_derive() may change the returned length of the
buffer from the initial length determination (NULL buffer) to the
fetching of the value. Handle this by updating the secret length based
on the second call instead of the first one. This fixes some cases where
ECDH result has been used with extra data (zeros in the end) with OWE or
FILS PFS.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-04 15:03:08 +03:00
Jouni Malinen
29ef1c5ee4 DPP: Use a common helper function for ECDH operations
This replaces the separately implemented ECDH operations with a single
helper function to avoid code duplication. In addition, this introduces
a workaround for strange OpenSSL behavior where the first
EVP_PKEY_derive(NULL) call to learn the size of the output shared secret
returns unexpectedly large buffer (72 octets when expected 32 octets for
group 19). It is not known what is causing this, but such behavior seems
to be showing up every now and then at least when running hwsim test
cases under UML and apparently mainly (only?) in the sigma_dut
controller cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-04 12:10:20 +03:00
Jouni Malinen
ac734a342e SAE: Fix KCK, PMK, and PMKID derivation for groups 22, 23, 24
IEEE Std 802.11-2016 is not exactly clear on the encoding of the bit
string that is needed for KCK, PMK, and PMKID derivation, but it seems
to make most sense to encode the (commit-scalar + peer-commit-scalar)
mod r part as a bit string by zero padding it from left to the length of
the order (in full octets).

The previous implementation used the length of the prime (in full
octets). This would work for KCK/PMK, but this results in deriving all
zero PMKIDs for the groups where the size of the order is smaller than
the size of the prime. This is the case for groups 22, 23, and 24.
However, those groups have been marked as being unsuitable for use with
SAE, so this fix should not really have a practical impact anymore.
Anyway, better fix it and document this clearly in the implementation
taken into account the unclarity of the standard in this area.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-03 17:00:39 +03:00
Jouni Malinen
c65168ccd2 OpenSSL: Fix crypto_bignum_to_bin() with padlen == 0
The earlier change to add support for BN_bn2binpad() and
BN_bn2bin_padded() broke this function for cases where no padding is
used (padlen == 0). Those would have always failed after the changes and
the function would return -1. There are no such cases in the current
hostap.git, so this did not have any real issues, but anyway, better fix
this function to match its documentation.

Fixes: 1e237903f5 ("OpenSSL: Use BN_bn2binpad() or BN_bn2bin_padded() if available")
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-03 16:28:02 +03:00
Arend van Spriel
cb28bd52e1 nl80211: Use separate flag for 4-way handshake offload
Commit d896874f86 ("nl80211: Indicate 802.1X 4-way handshake offload
in connect") used the req_key_mgmt_offload flag to indicate to the
driver that it should offload the 802.1X handshake. However, this field
was existing and used for a different offload API. This causes
wpa_supplicant to send a connect request without the WANT_1X_HS flag and
the subsequent set-pmk is rejected causing the connection to fail. Fix
that by introducing a new flag req_handshake_offload so the offloads are
no longer entangled.

Fixes: d896874f86 ("nl80211: Indicate 802.1X 4-way handshake offload in connect")
Reported-by: Stefan Wahren <wahrenst@gmx.net>
Tested-by: Stefan Wahren <wahrenst@gmx.net>
Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
2019-08-01 15:52:48 +03:00
Jouni Malinen
6bb11c7a40 EAP-SIM/AKA server: Allow pseudonym/fast reauth to be disabled
The new hostapd configuration option eap_sim_id can now be used to
disable use of pseudonym and/or fast reauthentication with EAP-SIM,
EAP-AKA, and EAP-AKA'.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-01 10:36:11 +03:00
Jouni Malinen
c1b2365214 EAP-SIM/AKA: Do not allow anonymous@realm "pseudonym" to be cleared
If the EAP-SIM/AKA server does not provide a new pseudonym and the
locally configured "pseudonym" in anonymous_identity is actually an
anonymous identitity instead of a real EAP-SIM/AKA pseudonym, do not
clear the anonymous_identity network profile parameter. This is needed
to avoid forgetting the anonymous identity when going through
EAP-SIM/AKA authentication and then reverting back to using IMSI-based
(e.g., encrypted) identity.

Fixes: 4df4133917 ("EAP-SIM/AKA: Add support for anonymous@realm")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-31 22:33:04 +03:00
Brian Norris
3b726df827 nl80211: Missing sysctl flags aren't fatal
The relevant flags were only added in Linux 4.6, so we shouldn't
complain because they're missing. Also, they're always missing if a
device is being removed (e.g., 'iw dev wlan0 del', or if the device is
in the process of resetting itself). So kill those 2 birds with 1 stone:
if we can't find the file, just silently skip it.

Also, we probably should *actually* propagate the error if we had a
write failure.

Signed-off-by: Brian Norris <briannorris@chromium.org>
2019-07-30 20:01:13 +03:00
Terry Burton
f4111ff3d1 Extra RADIUS request attributes from SQLite
Add an SQLite table for defining per station MAC address version of
radius_auth_req_attr/radius_acct_req_attr information. Create the
necessary table and index where this doesn't exist. Select attributes
from the table keyed by station MAC address and request type (auth or
acct), parse and apply to a RADIUS message.

Add radius_req_attr_sqlite hostapd config option for SQLite database
file. Open/close RADIUS attribute database for a lifetime of a BSS and
invoke functions to add extra attributes during RADIUS auth and
accounting request generation.

Signed-off-by: Terry Burton <tez@terryburton.co.uk>
2019-07-30 19:58:09 +03:00
Terry Burton
74707def8f Move hostapd_parse_radius_attr() into ap_config.c
We will want to parse RADIUS attributes in config file format when
retrieving them from an SQLite database.

Signed-off-by: Terry Burton <tez@terryburton.co.uk>
2019-07-30 19:42:48 +03:00
Jouni Malinen
1e5ea68d1f mka: Accept last two used MNs in Peers List of a received MKPDU
Previously, check for local MI,MN in a peer's Peers List accepted only
the cases that include the last used MN from an MKPDU sent by the local
device. This was problematic since it was possible to synchronize MKPDU
transmission between two devices in a way that made them always miss the
last MKPDU from the other device before filling in the Peers List.

Relax this matching requirement of "acceptably recent MN" to mean both
the last used MN and the one used just before it (i.e., copied from
either of the last two MKPDUs sent by the local device) are accepted.

While this might help in some real world scenarios in making the
protocol converge more quickly, the main help from this is to fix
consistent hwsim test cases failures in macsec_psk_ns when using UML
with time travel option which happened to practically guarantee the
inconvenient timing of MKPDU transmission/reception that ended up with
the MKPDU processing to see MI,MN with MN being the last used MN minus
1.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-29 17:05:40 +03:00
Jouni Malinen
876c5eaa6d dragonfly: Disable use of groups using Brainpool curves
Disable groups that use Brainpool curves for now since they leak more
timing information due to the prime not being close to a power of two.
This removes use of groups 28, 29, and 30 from SAE and EAP-pwd.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-07-27 23:36:27 +03:00
Sunil Dutt
968520da8f nl80211: Add WMM parameters while updating TDLS peer entry
The AP mode fix for removing NL80211_ATTR_STA_WME from
NL80211_CMD_SET_STATION did not consider the TDLS case and that resulted
in incorrectly removing WMM parameters from TDLS STA entry updates. Fix
this by considering the WPA_STA_TDLS_PEER flag similarly to the other
update parameters.

Fixes: 6d14b98fc6 ("nl80211: Do not add WMM parameters when updating an existing STA entry")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-26 15:42:22 +03:00
Jouni Malinen
fe2e1edf43 EAP-SIM server: Avoid void pointer arithmetic
This is a compiler specific extension and not compliant with the C
standard.

Fixes: 1c16b257a0 ("EAP-SIM: Add Session-Id derivation during fast-reauth")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-24 19:35:14 +03:00
Jouni Malinen
cfc9ebea03 EAP-AKA server: Avoid void pointer arithmetic
This is a compiler specific extension and not compliant with the C
standard.

Fixes: 5eefa8115b ("EAP-AKA: Add Session-Id derivation during fast-reauth")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-24 19:34:11 +03:00
Jouni Malinen
bd04140435 trace: Avoid void pointer arithmetic
This is a compiler specific extension and not compliant with the C
standard.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-24 19:33:06 +03:00
Jouni Malinen
fc03ea2c1f DPP: Avoid void pointer arithmetic
This is a compiler specific extension and not compliant with the C
standard.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-24 19:32:52 +03:00
Jouni Malinen
d1b1f9fa9a Report WPA/RSN protocol and AKM suite selector in STA MIB
The new "wpa" and "AKMSuiteSelector" entries in hostapd "STA <addr>"
control interface output can be used to determine the negotiated WPA/RSN
protocol and AKM suite of an associated station.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-24 12:58:49 +03:00
Jouni Malinen
43aafef8df Add missed wpa_akm_to_suite() selectors
These SAE, OWE, DPP, and OSEN AKM suite selectors were covered in the
reverse conversion in rsn_key_mgmt_to_bitfield(), but were missing from
wpa_akm_to_suite(). Add them to make AKM suite selector reporting more
accurate in RADIUS Accounting messages (and future users of this
function).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-24 12:48:44 +03:00
Jouni Malinen
bfb6a482f6 dragonfly: SAE/EAP-pwd min PWE derivation iteration count to shared code
Use a shared function to determine the k parameter, i.e., the minimum
number of iterations of the PWE derivation loop, for SAE and EAP-pwd.
This makes it easier to fine-tune the parameter based on the negotiated
group, if desired.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-23 21:21:30 +03:00
Jouni Malinen
226da33d75 EAP-pwd peer: Configurable set of groups with reduced default
Make the EAP-pwd peer use same default set of allowed groups as the SAE
implementation in wpa_supplicant uses, i.e., the groups 19-21 using NIST
curves P-256, P-384, and P-521. Previously, all groups that were
supported by the crypto library were allowed. In practice, this change
disables use of the Brainpool curves (groups 28-30) with recent OpenSSL
versions.

The default set of groups can be overridden with a new phase1 network
profile parameter, eap_pwd_groups=<list of allowed ranges>. For example,
phase1="eap_pwd_groups=0-65535" would restore previous behavior of
allowing all implemented groups to be used while eap_pwd_groups=19,20
would enable only the groups using NIST curves P-256 and P-384 to be
used.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-23 13:16:59 +03:00
Paul Zhang
6a4406c015 Add QCA vendor attributes for ELNA bypass
Add attributes QCA_WLAN_VENDOR_ATTR_CONFIG_ELNA_BYPASS under
the enum qca_wlan_vendor_attr_config to support set and get
the ELNA bypass.

Signed-off-by: Paul Zhang <paulz@codeaurora.org>
2019-07-22 20:48:43 +03:00
Srinivas Dasari
176c133e91 Add a vendor attribute to configure disconnect IEs
Add a new vendor attribute QCA_WLAN_VENDOR_ATTR_DISCONNECT_IES
to configure disconnect IEs to the driver. Driver shall fill
these IEs in disassoc/deauth frame.
These IEs are expected to be considered only for the next
immediate disconnection (disassoc/deauth frame) originated by
the DUT, irrespective of the entity (user space/driver/firmware)
triggering the disconnection.
The host drivers are not expected to use the IEs set through
this interface for further disconnections after the first immediate
disconnection initiated post the configuration.
If the IEs are also updated through cfg80211 interface (after the
enhancement to cfg80211_disconnect), host driver is expected to
take the union of IEs from both of these interfaces and send in
further disassoc/deauth frames.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-19 14:49:14 +03:00
Paul Zhang
123895228d Add QCA vendor command to support OEM data
Add a QCA vendor sub command QCA_NL80211_VENDOR_SUBCMD_OEM_DATA
with attributes qca_wlan_vendor_attr_oem_data_params to support
OEM data. It is used to send OEM data binary blobs from
application/service to firmware. The attributes defined in enum
qca_wlan_vendor_attr_oem_data_params are used to deliver the
parameters.

Signed-off-by: Paul Zhang <paulz@codeaurora.org>
2019-07-19 14:47:18 +03:00
Jouni Malinen
b8491ae5ac OpenSSL: Fix build with LibreSSL and BoringSSL
The new certificate chain debug dumps used functions that are not
available with LibreSSL or BoringSSL.

Fixes: 857edf4bf4 ("OpenSSL: More debug prints of configured ciphers and certificates")
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-07-13 22:49:46 +03:00
Jouni Malinen
7456cf57d3 OpenSSL: Fix TLS_CONN_TEAP_ANON_DH build with some library versions
The OPENSSL_VERSION_NUMBER ifdef block left out the local variable that
is needed with all versions. In addition, SSL_set_security_level() is
not available with LibreSSL or BoringSSL.

Fixes: 3ec65a8e38 ("OpenSSL: Allow anon-DH cipher suites to be added for TEAP")
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-07-13 22:49:22 +03:00
Jouni Malinen
20f1cfc5b2 OpenSSL: Fix build with OpenSSL 1.0.2 and 1.1.0 and LibreSSL
The tls_connection_get_cipher_suite() implementation used
SSL_CIPHER_get_protocol_id which was added in OpenSSL 1.1.1. Need to use
compatibility code with older versions.

Fixes: 94714ec341 ("OpenSSL: Add tls_connection_get_cipher_suite()")
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-07-13 22:49:08 +03:00
Jouni Malinen
36ec588165 EAP-TLS server: Add application data to indicate end of v1.3 handshake
This adds an encrypted version of a one octet application data payload
to the end of the handshake when TLS v1.3 is used to indicate explicit
termination of the handshake (either after Finished message or after the
optional NewSessionTicket message). The current
draft-ietf-emu-eap-tls13-05 defines this to be a zero length payload,
but since that is not allowed by OpenSSL, use a one octet payload
instead for now with hopes of getting the draft specification updated
instead of having to modify OpenSSL for this.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-07-13 16:29:39 +03:00
Jouni Malinen
4e2e1eeb5f EAP-TLS peer: Handle possible application data at the end
EAP-TLS with TLS 1.3 uses an empty application data record from the
server to indicate end of the exchange, so EAP-TLS peer will need to
check for this special case and finish the exchange with an empty
EAP-TLS (ACK) so that the server can send out EAP-Success.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-07-12 23:38:05 +03:00
Jouni Malinen
0ef509f15e OpenSSL: Parse msg_callback inner content type into debug messages
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-07-12 22:42:13 +03:00
Jouni Malinen
8b57a37808 OpenSSL: disable TLS 1.3 middlebox compatibility
This will hopefully not be needed for EAP-TLS use cases since there
should not really be a middlebox that looks at the TLS layer details in
case of EAP authentication.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-07-12 22:29:33 +03:00
Jouni Malinen
e2722bf81d OpenSSL: Allow two server certificates/keys to be configured on server
hostapd EAP server can now be configured with two separate server
certificates/keys to enable parallel operations using both RSA and ECC
public keys. The server will pick which one to use based on the client
preferences for the cipher suite (in the TLS ClientHello message). It
should be noted that number of deployed EAP peer implementations do not
filter out the cipher suite list based on their local configuration and
as such, configuration of alternative types of certificates on the
server may result in interoperability issues.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-07-12 18:13:10 +03:00
Jouni Malinen
857edf4bf4 OpenSSL: More debug prints of configured ciphers and certificates
This adds TLS server mode debug prints to make it easier to see what
exactly has been configured in OpenSSL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-07-11 22:40:08 +03:00
Ervin Oro
7ad9e36d4a Add Type-Code context to EAP-TLS 1.3 exported Key_Material and Method-Id
Change to require the Type-Code in context for Key_Material and
Method-Id has now been published as draft-ietf-emu-eap-tls13-04.
https://tools.ietf.org/html/draft-ietf-emu-eap-tls13-04#section-2.3

Signed-off-by: Ervin Oro <ervin.oro@aalto.fi>
2019-07-11 13:11:59 +03:00
Jouni Malinen
0ed57c5ea8 EAP-TEAP server and peer implementation (RFC 7170)
This adds support for a new EAP method: EAP-TEAP (Tunnel Extensible
Authentication Protocol). This should be considered experimental since
RFC 7170 has number of conflicting statements and missing details to
allow unambiguous interpretation. As such, there may be interoperability
issues with other implementations and this version should not be
deployed for production purposes until those unclear areas are resolved.

This does not yet support use of NewSessionTicket message to deliver a
new PAC (either in the server or peer implementation). In other words,
only the in-tunnel distribution of PAC-Opaque is supported for now. Use
of the NewSessionTicket mechanism would require TLS library support to
allow arbitrary data to be specified as the contents of the message.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-07-09 16:56:02 +03:00
Jouni Malinen
fd7778b5ed Return success/failure result from tls_prf_sha256()
The hash functions used within this function could fail in theory, so
provide the result to the caller.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-07-09 16:38:32 +03:00
Jouni Malinen
3ec65a8e38 OpenSSL: Allow anon-DH cipher suites to be added for TEAP
Add a new TLS_CONN_* flag to provide a higher level mechanism for adding
(instead of fully replacing) allowed list of TLS ciphersuites for TEAP
provisioning purposes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-07-09 16:38:32 +03:00
Jouni Malinen
94714ec341 OpenSSL: Add tls_connection_get_cipher_suite()
This can be used to fetch the 16-bit TLS cipher suite identifier.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-07-09 16:10:44 +03:00
Jouni Malinen
063d28ec83 OpenSSL: Reject empty cipher list in tls_connection_set_cipher_list()
Previously, this invalid call would have resulted in printing out a
string from uninitialized memory

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-07-09 16:10:44 +03:00
Jouni Malinen
3af37ece19 Add tls_get_tls_unique() to fetch "tls-unique" for channel binding
This implements "tls-unique" derivation per RFC 5929, Section 3. This
will be needed for channel binding, e.g., with EAP-TEAP.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-07-09 16:10:44 +03:00
Jouni Malinen
4eab36595e Silence static analyzer warning about null termination of a string
The buf[] array is initialized to zeros, so it was already null
terminated since the read() call did not allow the last character of the
buffer to be overwritten. Since that was apparently not enough to make
some static analyzers understand the design, use explicit null
termination after a successful read() call.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-07-07 10:07:10 +03:00
Jouni Malinen
cd803299ca EAP-pwd: Run through prf result processing even if it >= prime
This reduces differences in timing and memory access within the
hunting-and-pecking loop for ECC groups that have a prime that is not
close to a power of two (e.g., Brainpool curves).

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-07-02 22:19:38 +03:00
Jouni Malinen
147bf7b88a SAE: Run through prf result processing even if it >= prime
This reduces differences in timing and memory access within the
hunting-and-pecking loop for ECC groups that have a prime that is not
close to a power of two (e.g., Brainpool curves).

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-07-02 22:19:27 +03:00
Daisuke Niwa
4da91881cb P2P: Fix memory size for os_memmove() in p2p_check_pref_chan()
'sizeof' was not used with os_memmove() for an integer array. This lead
to an issue with part of the preferred channel list not being used.

Fixes: 79329ae0aa ("P2P: Verify local driver preferred frequencies for P2P use cases")
Signed-off-by: Daichi Ueura <daichi.ueura@sony.com>
2019-06-26 20:22:33 +03:00
Jouni Malinen
c4193b9aa5 WPS: Fix a typo in a comment (use full WPA2-Personal name)
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-06-26 20:01:34 +03:00
Sven Eckelmann
3459c54ac7 mesh: Add support for HE mode
Mesh points can partially support HE features (when requiring no
controlling STA/AP) as long as hardware supports it. The kernel just
requires support for HE mesh and wpa_supplicant can forward the peer
capabilities to the kernel for further processing.

Signed-off-by: Sven Eckelmann <seckelmann@datto.com>
2019-06-23 18:03:51 +03:00
Sven Eckelmann
29d8bd1dec nl80211: Add driver multi iftype HE capability parsing
The HE capabilities are no longer per PHY but per iftype on this
specific PHY. It is therefore no longer enough to just parse the AP
capabilities.

The he_capabilities are now duplicated to store all information for
IEEE80211_MODE_* which hostap cares about. The nl80211 driver fills in
this information when the iftype supports HE. The rest of the code still
only uses the IEEE80211_HE_AP portion but can be extended later to also
use other HE capabilities.

Signed-off-by: Sven Eckelmann <seckelmann@datto.com>
2019-06-23 18:03:51 +03:00
Andrei Otcheretianski
a00ace9fd7 AP: Simplify "i" definition in hostapd_config_free_bss()
Declare the variable only once and reuse it instead of openning
unneeded scopes.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2019-06-23 18:03:51 +03:00
Sven Eckelmann
29f8556189 HE: Fix HE capability check for PPE threshold present
The the mask for PPE threshold present in the HE phy capability byte 6 is
0x80 and not 0x6. This incorrect mask breaks the length calculation and as
result the acceptance of the HE capabilities for STAs which either:

* don't have the PPE threshold present bit set AND the Codebook Size={7,5}
  MU Feedback or the Triggered SU Beamforming feedback bit set

* do have the PPE threshold present set AND neither the Codebook Size={7,5}
  MU Feedback nor the Triggered SU Beamforming feedback bit set

Fixes: 8f5fc369e2 ("HE: Fix HE Capabilities element variable length encoding")
Signed-off-by: Sven Eckelmann <seckelmann@datto.com>
2019-06-22 20:35:26 +03:00
Jouni Malinen
e1e203c800 libtommath: Make sure fast_s_mp_mul_digs initializes the W[] array
Some compilers have started to warn about this and the use of two loops
with ix 0..pa-1 and 0..pa loop a bit suspicious, so better make sure the
array is initialized with zeros before extracting the terms from it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-06-22 18:56:44 +03:00
Jouni Malinen
702cc6da1a TLS: Move ASN.1 DER BOOLEAN validation into generic ASN.1 parsing
This does not need to be specific to X.509, so move the BOOLEAN DER
encoding validation into asn1_get_next() to make it apply for all cases
instead of having to have the caller handle this separately.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-06-22 18:56:44 +03:00
Jouni Malinen
34c1b75c82 TLS: Only allow 0xff value as TRUE for ASN.1 DER encoded BOOLEAN
While BER encoding allows any nonzero value to be used for TRUE, DER is
explicitly allowing only the value 0xff. Enforce this constraint in
X.509 parsing to be more strict with what is acceptable.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-06-22 18:27:36 +03:00
Jouni Malinen
ce11c281ad TLS: Fix X.509v3 BasicConstraints parsing
Handling of the optional pathLenConstraint after cA was not done
properly. The position after cA needs to be compared to the end of the
SEQUENCE, not the end of the available buffer, to determine whether the
optional pathLenConstraint is present. In addition, when parsing
pathLenConstraint, the length of the remaining buffer was calculated
incorrectly by not subtracting the length of the header fields needed
for cA. This could result in reading couple of octets beyond the end of
the buffer before rejecting the ASN.1 data as invalid.

Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15408
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-06-22 18:11:24 +03:00
Jouni Malinen
84db90e484 OpenSSL: Send cert event for the peer even on CA cert failure
This adds a CTRL-EVENT-EAP-PEER-CERT even for depth=0 even if a depth >
0 certificate results in peer certificate validation error. Previously,
this case resulted in the upper layers not getting any information about
the used peer certificate. Now that information is available, e.g., to
allow server certificate -based overriding of the trust to be done.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-20 23:44:51 +03:00
Jouni Malinen
09448d94a7 Avoid use of a shadowed local variable
The same len variable can be used for both needs within
ieee802_1x_get_keys() to avoid compiler warning about use of shadowed
variable.

Fixes: 0ee6885dae ("macsec: Store EAP-Key-Name as eapSessionId")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-19 01:17:54 +03:00
Liangwei Dong
ef60f0121f hostapd: Process OWE IE and update DH IE to the driver if needed
This implements the required functionality in hostapd to facilitate OWE
connection with the AP SME-in-driver cases. Stations can either send DH
IE or PMKID (in RSNE) (or both) in Association Request frame during the
OWE handshake. The drivers that use this offload mechanism do not
interpret this information and instead, pass the same to hostapd for
further processing. hostapd will either validate the PMKID obtained from
the STA or generate DH IE and further indicate the same to the driver.
The driver further sends this information in the Association Response
frame.

Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
Signed-off-by: Liangwei Dong <liangwei@codeaurora.org>
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-14 23:10:51 +03:00
Liangwei Dong
d1836e2308 nl80211: Introduce the interface to update new DH IE
This command/event interface can be used by SME based host drivers that
rely on user space (hostapd/wpa_supplicant) for DH IE
processing/generation. This interface facilitates the OWE connection
with host drivers by offloading DH IE processing to the user space
(hostapd/wpa_supplicant).

Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
Signed-off-by: Liangwei Dong <liangwei@codeaurora.org>
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-14 23:10:51 +03:00
Jouni Malinen
3539738cf5 OpenSSL: Report peer certificate before stopping due to validation issue
This is needed to allow upper layer software to learn the hash of the
server certificate for allowing user to override trust root
configuration.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-14 23:10:50 +03:00
Jouni Malinen
21f1a1e66c Report TOD policy in peer certificate events
Add tod=1 to CTRL-EVENT-EAP-PEER-CERT events if the peer certificate
includes the TOD policy in the X.509v3 Certificate Policies extension.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-14 23:10:50 +03:00
Jouni Malinen
bc0634da4a Pass full struct to peer certificate callbacks
This makes it easier to add new information to the callbacks without
having to modify each callback function type in EAPOL and EAP code every
time.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-14 23:10:50 +03:00
Jouni Malinen
a6ed414c82 TLS: Be more careful in X.509 Time parsing
sscanf() can apparently read beyond the end of the buffer even if the
maximum length of the integer is specified in the format string. Replace
this parsing mechanism with helper functions that use sscanf() with NUL
terminated string to avoid this.

Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15158
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-11 06:34:19 +03:00
Jouni Malinen
d438b4a3ce tests: Fix CFLAGS passing for new fuzzing tools
src/*/Makefile needs to allow additional CFLAGS values to be provided
from the calling Makefiles so that the clang command line arguments to
enable sanitizers consistently. In addition, it can be useful to be able
to provide CC, CFLAGS, and LDFLAGS from external setup while still
requesing LIBFUZZER=y build. Allow that by not overriding these
variables if they are already set.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-11 06:34:19 +03:00
Vamsi Krishna
9c7e4f94de Add a QCA vendor attr to disable auto resume beacon reporting
The driver automatically starts beacon reporting if it pauses the beacon
reporting for any reason other than disconnection. In specific cases,
userspace may not want the beacon reporting to be automatically resumed
after a pause. Add interface support for userspace to specify driver not
to start beacon reporting automatically after a pause.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-05 23:10:56 +03:00
Jouni Malinen
59fcb3f0b1 RADIUS server: Add EAP-Key-Name into Access-Accept
If the EAP Session-ID is available, add it into Access-Accept
(EAP-Key-Name attribute). This is needed for MACsec.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-03 20:27:44 +03:00
Jouni Malinen
b09670abfb macsec_linux: Hook QCA driver wrapper for hostapd MACsec
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-03 20:27:44 +03:00
Jouni Malinen
524dc5bf10 macsec: Do not change eapol_version for non-MACsec cases in hostapd
It is safer to maintain the old EAPOL version (2) in EAPOL frames that
are not related to MACsec and only update the version to 3 for the
MACsec specific cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-03 20:27:44 +03:00
leiwei
a93b369c17 macsec: Support IEEE 802.1X(EAP)/PSK MACsec Key Agreement in hostapd
Signed-off-by: leiwei <leiwei@codeaurora.org>
2019-06-03 20:27:44 +03:00
leiwei
a872bfcf31 macsec: Export eapSessionId
Signed-off-by: leiwei <leiwei@codeaurora.org>
2019-06-03 20:27:44 +03:00
leiwei
0ee6885dae macsec: Store EAP-Key-Name as eapSessionId
Signed-off-by: leiwei <leiwei@codeaurora.org>
2019-06-03 20:27:44 +03:00
leiwei
a90cc1c997 macsec: Note that MKA takes care of EAPOL-MKA processing
Signed-off-by: leiwei <leiwei@codeaurora.org>
2019-06-03 20:27:44 +03:00
leiwei
3e21a47eab macsec_qca: Hook QCA driver wrapper for hostapd MACsec
Signed-off-by: leiwei <leiwei@codeaurora.org>
2019-06-03 20:27:44 +03:00
leiwei
29c832d0ea macsec: Add configuration parameters for hostapd
Signed-off-by: leiwei <leiwei@codeaurora.org>
2019-06-03 20:27:44 +03:00
Jouni Malinen
a1f3f88ac7 tests: New style fuzzing tool for EAP-AKA peer processing
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-06-02 17:02:57 +03:00
Jouni Malinen
23ddc7b810 tests: New style fuzzing tool for EAP-SIM peer processing
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-06-02 16:42:41 +03:00
Shiva Krishna Pittala
1006c4be2d Add QCA vendor attributes for configuring Spectral DMA debug
Add the following vendor attributes under the enum
qca_wlan_vendor_attr_spectral_scan to support the configuration of
Spectral DMA debug.

  1. QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_DMA_RING_DEBUG
	Enable/disable debug of the Spectral DMA ring
  2. QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_DMA_BUFFER_DEBUG
	Enable/disable debug of the Spectral DMA buffers

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-31 23:06:29 +03:00
Edayilliam Jayadev
0fa0858fe7 Add QCA vendor attributes for agile spectral scan
Add QCA vendor attributes to spectral scan related vendor commands to
support agile spectral scan.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-31 23:02:46 +03:00
Hai Shalom
4df4133917 EAP-SIM/AKA: Add support for anonymous@realm
SIM-based EAP authentication with IMSI encryption requires a special EAP
Identity response: anonymous@realm. Then the server sends AKA-Identity
request which is answered with the encrypted IMSI. Add logic that
indicates if the special anonymous identity is used. Otherwise, this
field is used for storing the pseudonym.

Test: Connect to Carrier Wi-Fi, verify correct behavior from captures
Test: Connect to non IMSI encrypted EAP-AKA AP, verify pseudonym usage
Signed-off-by: Hai Shalom <haishalom@google.com>
2019-05-31 16:52:15 +03:00
Srinivas Dasari
14d85a5af7 SAE: Do not send PMKID to the driver if PMKSA caching is disabled
External auth status to the driver includes the PMKID derived as part of
SAE authentication, but this is not valid if PMKSA caching is disabled.
Drivers might not be expecting PMKID when it is not valid. Do not send
the PMKID to the driver in such cases.

Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
2019-05-31 16:52:15 +03:00
Ashok Kumar
2552a3735a SAE: Fix external_auth status in driver-SME STA case with AP SME support
A driver that uses internal AP SME may need to be able to use the
external_auth status operation in station mode, so do not skip this
solely based on drv->device_ap_sme; instead, use that condition only
when operating in AP mode.

Fix external_auth status in non SME case.

Signed-off-by: Ashok Kumar <aponnaia@codeaurora.org>
2019-05-31 16:52:15 +03:00
Hu Wang
683f86778d P2P: Send Action frame regardless if p2p_scan in progress
With radio work design, send Action frame request will be queued and
wait for p2p-scan to finish, so there is no need to delay send_action.

This change revisits the logic (added before the radio work framework)
in below commits:

3f9285f P2P: Delay send_action call if p2p_scan is in progress
f44ae20 P2P: Drop pending TX frame on new p2p_connect
9d562b7 P2P: Add p2p_unauthorize command
63a965c P2P: Fix after_scan_tx processing during ongoing operations
9a58e52 P2PS: Callback to create pending group after sending PD Response
3433721 P2P: Continue p2p_find after sending non-success Invitation Response

Signed-off-by: Hu Wang <huw@codeaurora.org>
2019-05-31 16:52:15 +03:00
Haim Dreyfuss
de6aafaa63 AP: Consider regulatory limitation when filling WMM element
In case the current channel has regulatory WMM limitations, take them
into account when filling the WMM element. Also check if the new WMM
element is different from the previous one and if so change the
parameter_set_count to imply stations to look into it.

Signed-off-by: Haim Dreyfuss <haim.dreyfuss@intel.com>
2019-05-28 23:37:25 +03:00
Haim Dreyfuss
636c02c6e9 nl80211: Add regulatory wmm_limit to hostapd_channel_data
ETSI EN 301 893 v2.1.1 (2017-05) standard defines a new channel access
mechanism that all devices (WLAN and LAA) need to comply with.
In previous versions the device was allowed by ETSI to implement
802.11 channel access mechanism based on a set of priority classes
which are taken from 802.11. According of the new standard there
might be some exceptions which require ETSI countries to follow
more restrictive rules. In such a case the AP's wmm IE need to
comply with ETSI limitation. To be able to do so the regulatory
domain passes the new limitation values if needed.
Implement this, by storing it and use it to calculate the new
WMM parameters.

This commit adds determination of regulator limitations to
NL80211_CMD_GET_WIPHY processing so that the information is available
for upper layer implementation to use later when constructing WMM
element.

Signed-off-by: Haim Dreyfuss <haim.dreyfuss@intel.com>
2019-05-28 18:54:05 +03:00
Pradeep Kumar Chitrapu
c36109e4d9 nl80211: Add support to probe specific mesh link by injecting frames
Add support for injecting frames to a given mesh peer, bypassing the
mpath table lookup using PROBE_MESH_LINK command. This helps to send
data frames over unexercised direct mesh path, which is not selected as
next_hop node. This can be helpful in measuring link metrics.

Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
2019-05-28 14:32:23 +03:00
Jouni Malinen
4087957814 Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2019-04-26.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-28 14:31:29 +03:00
Johannes Berg
b6f8b5a964 nl80211: Update freq only when CSA completes
In the case of the ap_csa_disable test, I frequently see
failures due to the kernel *not* having switched, but the
CSA-STARTED event having been processed, and thus the
frequency having been updated already.

This is wrong at least for AP mode, the frequency we store
for this case internally in nl80211 should only be updated
when the channel switch completes, otherwise we end up in
a situation where the switch is aborted and the kernel is
thus on the old channel, but the internal information has
been updated and every subsequent mgmt-frame TX fails due
to being tagged with the wrong channel.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-05-28 13:48:21 +03:00
Santtu Lakkala
8ba809f67b OpenSSL: Allow ca_cert_blob in PEM format
GnuTLS backend already accepts CA cert blobs in both DER and PEM
formats. Implement similar trial-and-error handling in OpenSSL backend.

Signed-off-by: Santtu Lakkala <santtu.lakkala@jolla.com>
2019-05-28 13:39:01 +03:00
Johannes Berg
d5d156bd92 AP: add station with basic rates configuration
When a new station is added, let it have some supported rates
(they're empty without this change), using the basic rates
that it must support to connect.

This, together with the kernel-side changes for client-side,
lets us finish the complete auth/assoc handshake with higher
rates than the mandatory ones, without any further config.

However, the downside to this is that a broken station that
doesn't check the basic rates are supported before it tries
to connect will possibly not get any response to its auth
frame.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-05-28 13:33:00 +03:00
John Crispin
4f3f33804a HE: Make the basic NSS/MCS configurable
Add a config option to allow setting a custom Basic NSS/MCS set. As a
default we use single stream HE-MCS 0-7.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:45:04 +03:00
John Crispin
63e1940432 HE: Verify supported capabilities
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:42:40 +03:00
John Crispin
0cd5b4ee30 HE: Enable channel switch similarly to VHT
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:42:14 +03:00
John Crispin
958cb34886 HE: Enable DFS similarly to VHT
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:41:49 +03:00
John Crispin
1d2c45ecfc HE: Enable ACS similarly to VHT
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:41:23 +03:00
John Crispin
8b18d2b24e HE: Disable HE on channel 14
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:40:59 +03:00
John Crispin
de21d1d6e2 HE: Handle HE capability in neighbor DB
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:40:33 +03:00
John Crispin
88005ee98d HE: Pass in HE information into hostapd_set_freq_params()
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:33:59 +03:00
John Crispin
ad9a1bfe78 nl80211: Share VHT channel configuration for HE
Set operating channel bandwidth and center frequencies using the same
attributes for VHT and HE.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:03:39 +03:00
John Crispin
78d35b16de HE: Add AP mode MLME/SME handling for HE stations
Process HE information in (Re)Association Request frames and add HE
elements into (Re)Association Response frames when HE is enabled in the
BSS.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:40:48 +03:00
John Crispin
8f5fc369e2 HE: Fix HE Capabilities element variable length encoding
The HE Capibilities element has dynamic size due to the variable length
and optional fields at the end. Mask out the channel width capabilities
that are less than the configured. Only add the MCS/NSS sets for the
announced channel widths and also add the PPET elements.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:30:23 +03:00
John Crispin
0dbc894f46 HE: Fix HE Capabilities indication from driver
The PPE Thresholds information in the end of the HE Capabilities element
is optional and of variable length. struct he_ppe_threshold was not
really used correctly for encoding this, so remove it and just reserve
enough space for the information.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:30:23 +03:00
John Crispin
05b28306f5 HE: Add HE channel management configuration options
These are symmetric with the VHT ones.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:30:05 +03:00
John Crispin
c6b7ac077f HE: Add helpers for getting the channel width parameters
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:30:05 +03:00
John Crispin
39b9d059cd HE: Remove vht_ prefix from acs_adjust_vht_center_freq()
This is used for both VHT and HE, so remove the misleading prefix.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:30:05 +03:00
John Crispin
7118a697f4 HE: Remove vht_ prefix from seg0/seg1_idx in DFS
These are used for both VHT and HE, so remove the misleading prefix.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:30:05 +03:00
John Crispin
f428332d32 HE: Remove vht_ prefix from bw/seg0/seg1_idx in CSA fallback
These are used for both VHT and HE, so remove the misleading prefix.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:30:05 +03:00
John Crispin
f200631c35 HE: Remove vht_ prefix from CSA/bandwidth
Bandwidth is used for both VHT and HE here.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:30:05 +03:00
John Crispin
b04e43086b HE: Remove vht_ prefix from shared set_freq argument
oper_chwidth is used for both VHT and HE here.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:30:05 +03:00
John Crispin
464dcfd030 HE: Remove VHT_ prefix from CHANWITDH_* define
The bandwidth values are shared between VHT and HE mode so remove the
VHT specific prefix.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:27:49 +03:00
John Crispin
846e8396ab HE: Mask out the beamforming capabilities if they are not configured
These bits might be set by the capabilities read from the kernel, so
mask them out if beamforming is not enabled in the local configuration.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:27:41 +03:00
John Crispin
59d9c3a145 nl80211: Allow HE Capability to be set for a STA
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:27:41 +03:00
John Crispin
289a9cf7ae HE: Add HE Operation element to element parser
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:27:41 +03:00
Jouni Malinen
d70776098d VHT: Remove copying of VHT Operation element from (Re)Assoc Req
This copying attempt was added incorrectly since that element is never
actually present in (Re)Association Request frames. It is only valid to
copy that element from the mesh peering frames.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-26 18:03:40 +03:00
Jouni Malinen
ce362f885f FILS: Explicitly clear plaintext buffer for Assoc Resp
This buffer may contain GTK and IGTK, so better clear it explicitly from
heap memory before freeing the buffer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-26 16:11:56 +03:00
Jouni Malinen
31bc66e4d1 More forceful clearing of stack memory with keys
gcc 8.3.0 was apparently clever enough to optimize away the previously
used os_memset() to explicitly clear a stack buffer that contains keys
when that clearing happened just before returning from the function.
Since memset_s() is not exactly portable (or commonly available yet..),
use a less robust mechanism that is still pretty likely to prevent
current compilers from optimizing the explicit clearing of the memory
away.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-26 16:11:56 +03:00
Jouni Malinen
7d43c7b2d6 nl80211: Write event name in debug log for ignored events
This makes it easier to understand debug logs from systems that have
multiple interfaces.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-25 21:37:23 +03:00
Jouni Malinen
baf8ab8cec RADIUS server: Do not close fd=0 in error cases
Initialize auth_sock and acct_sock to -1 to avoid radius_server_deinit()
attempting to close fd=0 if anything fails in setting up the RADIUS
server.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-25 19:10:08 +03:00
Mohit Sethi
5eefa8115b EAP-AKA: Add Session-Id derivation during fast-reauth
The Session-Id derivation for EAP-AKA in RFC 5247 only explained how the
Session-Id is derived for regular authentication. Jouni reported it as
an errata with text explaining how to derive it during fast
reauthentication.

This patch now exports the Session-Id for EAP-AKA during fast
reauthentication based on this Session-Id = 0x17 || NONCE_S || MAC
construction.

Also documented by Alan Dekok in draft-dekok-emu-eap-session-id.

Signed-off-by: Mohit Sethi <mohit.sethi@aalto.fi>
2019-05-25 17:17:00 +03:00
Mohit Sethi
1c16b257a0 EAP-SIM: Add Session-Id derivation during fast-reauth
The Session-Id derivation for EAP-SIM in RFC 5247 only explained how the
Session-Id is derived for regular authentication. Jouni reported it as
an errata with text explaining how to derive it during fast
reauthentication.

This patch now exports the Session-Id for EAP-SIM during fast
reauthentication based on this Session-Id = 0x12 || NONCE_S || MAC
construction.

Signed-off-by: Mohit Sethi <mohit.sethi@aalto.fi>
2019-05-25 17:05:03 +03:00
Jouni Malinen
312ec34e40 UBSan: Avoid dependency on undefined behavior in internal AES operation
The rcons[] and Td4s[] array values need to be type cast explicitly to
u32 for the left shift 24 operation to be defined due to the implicit
conversion to int not handling the case where MSB would become 1 without
depending on UB.

Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14929
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-25 01:51:12 +03:00
Jouni Malinen
5bad612311 WNM: Fix bounds checking in SSID List element matching
The IE header length check was off-by-one and that could allow the loop
to read one octet beyond the end of the buffer before breaking out in
the second check.

Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14927
Fixes: 0a66ce3c49 ("WNM: Add support for SSID List element matching")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-25 01:29:47 +03:00
Jouni Malinen
b1aee7a622 DPP: Fix bootstrapping URI parser to handle channel list for an opclass
The bootstrapping URI format for DPP was extended during protocol design
to allow a list of channels without having to repeat the same operating
class information for each channel. That change was not included in the
initial implementation of the parser and a channel-list like
"C:81/1,6,11" would not be understood correctly (i.e., only the longer
"C:81/1,81/6,81/11" form would have been parsed correctly).

Fix this by extending the parser to accept both the shorter and longer
form for a list of channels within a single operating class.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-23 01:34:24 +03:00
Jouni Malinen
69afb6b395 FILS: Verify RSNE match between Beacon/Probe Response and (Re)AssocResp
IEEE Std 802.11ai-2016 requires the FILS STA to do this check, but this
was missing from the initial implementation. The AP side behavior was
not described properly in 802.11ai due to a missing change in the
(Re)Association Response frame format tables which has resulted in some
deployed devices not including the RSNE.

For now, use an interoperability workaround to ignore the missing RSNE
and only check the payload of the element if it is present in the
protected frame. In other words, enforce this validation step only with
an AP that implements FILS authentication as described in REVmd while
allowing older implementations to skip this check (and the protection
against downgrade attacks). This workaround may be removed in the future
if it is determined that most deployed APs can be upgraded to add RSNE
into the (Re)Association Response frames.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-23 00:34:43 +03:00
Jouni Malinen
831d8c9cf5 FILS: Add RSNE into (Re)Association Response frame
This AP behavior was missing from IEEE Std 802.11ai-2016, but it is
needed for the RSNE validation to work correctly and for a FILS STA to
be able to perform the mandatory check for RSNE matching when processing
the (Re)Association Response frame (as described in 802.11ai). REVmd
will be updating the standard to cover this AP case, so prepare the
implementation to match that. Without this, a FILS STA might reject
association whenever using FILS authentication.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-23 00:34:43 +03:00
Jouni Malinen
e3b39e62c2 OpenSSL: Fix a memory leak in OCSP handling
If OCSP_resp_find_status() fails with the first OCSP_CERTID, the
generation of the second OCSP_CERTID ended up leaking memory. Fix this
by freeing the previously allocated OCSP_CERTID on that code path.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 21:08:53 +03:00
Jouni Malinen
6602d9e3a6 DPP: Fix a memory leak in testing sequence
Do not allow auth->own_protocol_key to be overridden without having
freed the previously stored key in case a test sequence in
dpp_proto_auth_conf_replaced_by_resp is used.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 20:38:10 +03:00
Jouni Malinen
c5622b43cd DPP: Fix a memory leak on duplicate Authentication Response
Do not allow auth->peer_protocol_key to be overridden without having
freed the previously stored key in case two Authentication Response
messages are received.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 20:25:10 +03:00
Jouni Malinen
1cdfe8d23f DPP: Fix a memory leak in PKEX Qi/Qr derivation
The result of EC_GROUP_dup() needs to be freed, so do so within the
derivation functions for all error cases and in the callers for success
cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 19:59:21 +03:00
Jouni Malinen
51dc146f3e EAP-PAX server: Avoid debug prints of uninitialized memory in error cases
Use a separate error case handler for eap_pax_mac() failures and memcmp
to avoid wpa_hexdump() calls for the (mainly theoretical) local error
cases in deriving the MAC.

Fixes: b3c2b5d9f7 ("EAP-PAX server: Check hash function results")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 19:02:19 +03:00
Jouni Malinen
677e120181 dragonfly: Fix a memory leak on error path
This is mostly a theoretical case, but since crypto_bignum_rand() could
fail, need to free the allocated struct crypto_bignum *tmp in such a
case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 18:55:57 +03:00
Jouni Malinen
8925d2010d OpenSSL: Fix memory leak in crypto_dh_derive_secret()
BN_clear() does not free the BIGNUM; it only clears its value. Fix this
memory leak by using the appropriate BN_clear_free() function instead.

Fixes: b11fa98bcb ("Add explicit checks for peer's DH public key")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 18:53:32 +03:00
Jouni Malinen
57ec74ea9b DPP: Fix memory leak in EC_GROUP handling
EC_GROUP_new_by_curve_name() allocates memory for the returned pointer,
so need to free this with EC_GROUP_free() before leaving the calling
functions. This was leaking memory when parsing JWK and when performing
PKEX.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 18:32:29 +03:00
Jouni Malinen
7a9ddba6f5 DPP: Fix a memory leak in key pair generation
ec_params needs to be free within dpp_gen_keypair() to avoid leaking the
allocated memory.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 18:27:06 +03:00
Jouni Malinen
f9cd1327ad OpenSSL: Fix memory leak in crypto_ecdh_init()
ec_params needs to be freed before returning from the function.
Extension of this function to support BoringSSL introduced this memory
leak and that was later extended to be the only variant and apply to
OpenSSL and LibreSSL cases as well in commit c23e87d0d1 ("OpenSSL:
Replace EVP_PKEY_paramgen() with EC_KEY_new_by_curve_name()").

Fixes: f29761297b ("BoringSSL: Implement crypto_ecdh_init()")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 12:16:03 +03:00
Paul Zhang
fb10f3bb65 Add subcmd QCA_NL80211_VENDOR_SUBCMD_INTEROP_ISSUES_AP
In practice, some APs have interop issues with the DUT. This sub command
is used to transfer the AP info between the driver and user space. This
works both as a command and event. As a command, it configures the
stored list of APs from user space to firmware; as an event, it
indicates the AP info detected by the firmware to user space for
persistent storage. The attributes defined in enum
qca_vendor_attr_interop_issues_ap are used to deliver the parameters.

Signed-off-by: Paul Zhang <paulz@codeaurora.org>
2019-05-07 13:03:51 +03:00
John Crispin
b505ef7e96 HE: Do not add SPR IE if sr_control is set to 0
If none of the sr_control bits are set, we do not neet to add the IE to
the Beacon frame.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-05 00:58:25 +03:00
Jouni Malinen
de94be0acd Enforce that IEEE 802.1X EAPOL-Key Replay Counter increases
While this should not happen in practical use cases,
wpa_get_ntp_timestamp() could return the same value when called twice in
a row quickly. Work around that case by enforcing a new Replay Counter
value based on stored last value.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-05 00:57:37 +03:00
Jeff Johnson
fd1c2ca521 Add QCA_WLAN_VENDOR_ATTR_WIFI_INFO_RADIO_INDEX
Update enum qca_wlan_vendor_attr_get_wifi_info to add support for
attribute QCA_WLAN_VENDOR_ATTR_WIFI_INFO_RADIO_INDEX. In addition
update the documentation for qca_wlan_vendor_attr_get_wifi_info and
QCA_NL80211_VENDOR_SUBCMD_GET_WIFI_INFO to fully describe the
operation of the command and the format of the attributes.

Signed-off-by: Jeff Johnson <jjohnson@codeaurora.org>
2019-05-02 17:13:46 +03:00
Vamsi Krishna
ae21cffb2c Add QCA vendor command to support beacon reporting feature
Add a QCA vendor sub command QCA_NL80211_VENDOR_SUBCMD_BEACON_REPORTING
to implement beacon reporting feature. Different operations required to
implement this feature can be specified in
QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_OP_TYPE.

Userspace requests the driver/firmware to periodically report received
Beacon frames whose BSSID matches the current connected BSS's MAC
address. If userspace requests the driver/firmware to send beacon
reports actively, the driver encapsulates the details of the beacon in
an event and sends it to userspace asynchronously. Otherwise, the driver
will only update the beacon in cfg80211 scan cache but will not send any
event to userspace.

If this command is not issued, the current behavior of the
driver/firmware is to update the cfg80211 scan cache only when there is
a scan issued by the host in progress or whenever there is a change in
IEs of the Beacon frames from the current connected BSS.

The userspace requests the driver/firmware to stop reporting beacons
when reporting is not required anymore. If the driver/firmware is not
able to receive Beacon frames because of other Wi-Fi operations such as
off-channel activities, etc., the driver/firmware sends a pause event to
userspace and stops reporting Beacon frames. The driver/firmware
indicates whether the beacon reporting automatically resumes later by
using the QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_AUTO_RESUMES flag. If
userspace doesn't want the beacon reporting to be resumed automatically,
userspace can send QCA_WLAN_VENDOR_BEACON_REPORTING_OP_STOP command to
the driver to stop beacon reporting.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-02 15:08:31 +03:00
Toke Høiland-Jørgensen
ef7217518b hostapd: Add airtime policy configuration support
This adds support to hostapd for configuring airtime policy settings for
stations as they connect to the access point. This is the userspace
component of the airtime policy enforcement system PoliFi described in
this paper: https://arxiv.org/abs/1902.03439

The Linux kernel part has been merged into mac80211 for the 5.1 dev
cycle.

The configuration mechanism has three modes: Static, dynamic and limit.
In static mode, weights can be set in the configuration file for
individual MAC addresses, which will be applied when the configured
stations connect.

In dynamic mode, weights are instead set per BSS, which will be scaled
by the number of active stations on that BSS, achieving the desired
aggregate weighing between the configured BSSes. Limit mode works like
dynamic mode, except that any BSS *not* marked as 'limited' is allowed
to exceed its configured share if a per-station fairness share would
assign more airtime to that BSS. See the paper for details on these
modes.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2019-05-02 14:57:43 +03:00
Toke Høiland-Jørgensen
6720b9482f nl80211: Station airtime weight configuration
This provides a mechanism for configuring per-STA airtime weight for
airtime policy configuration.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2019-05-02 13:28:17 +03:00
Toke Høiland-Jørgensen
58d4c23615 nl80211: Fetch STA TX/RX duration statistics
This makes per-STA TX/RX duration statistics available for airtime policy
configuration.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2019-04-30 12:34:58 +03:00
Toke Høiland-Jørgensen
1d6f63854e nl80211: Fetch STA TXQ backlog statistics
This makes per-STA TXQ backlog statistics available for airtime policy
configuration.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2019-04-30 12:34:58 +03:00
David Woodhouse
6326fa0c40 Fix ENGINE support with OpenSSL 1.1+
Commit 373c796948 ("OpenSSL: Fix compile with OpenSSL 1.1.0 and
deprecated APIs") removed a call to ENGINE_load_dynamic() for newer
versions of OpenSSL, asserting that it should happen automatically.

That appears not to be the case, and loading engines now fails because
the dynamic engine isn't present.

Fix it by calling ENGINE_load_builtin_engines(), which works for all
versions of OpenSSL. Also remove the call to ERR_load_ENGINE_strings()
because that should have happened when SSL_load_error_strings() is
called anyway.

Fixes: 373c796948 ("OpenSSL: Fix compile with OpenSSL 1.1.0 and deprecated APIs")
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2019-04-30 12:10:40 +03:00
Jouni Malinen
099224c18e nl80211: Simplify if_indices tracking
Maintain a single array (of struct with two int variables) instead of
two independent arrays (of int) for tracking know ifindexes and reasons
for having added them. The previous implementation tried to maintain two
independent arrays even though they were always required to be of
exactly same length and order. That had resulted in a bug earlier and
the code was not exactly easy to understand either, so replace this with
a single array.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-28 21:05:54 +03:00
Jouni Malinen
e6ca2f1139 nl80211: Fix handling of if_indices reallocation failure
Addition of a separate if_indices_reason array broke reallocation
failure checking. drv->if_indices or drv->if_indices_reason could not be
NULL in the place where this check was moved to. Fix that by maintaining
knowledge of reallocation failure in a separate local variable.

Fixes: 732b1d20ec ("nl80211: Clean up ifidx properly if interface in a bridge is removed")
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-28 20:52:10 +03:00
Jouni Malinen
b93a0ce7bd DPP2: Check conn->ctrl more consistently
There is no point in checking this pointer against NULL after it has
been dereferenced. Move the check to the beginning of the function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-28 20:28:46 +03:00
Jouni Malinen
a7b7ce82f4 FT: Allow cached XXKey/MPMK to be used if new XXKey is not available
This allows authenticator side to complete FT initial mobility domain
association using FT-EAP with PMKSA caching.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-28 15:52:43 +03:00
Jouni Malinen
64f4809371 FT: Store XXKey/MPMK in PMKSA cache instead of MSK (authenticator)
When completing FT initial mobility domain association with EAP, store
XXKey/MPMK in the PMKSA cache instead of MSK. The previously stored MSK
was of no use since it could not be used as the XXKey for another FT
initial mobility domain association using PMKSA caching.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-28 15:52:08 +03:00
Jouni Malinen
0c46b1a516 FT: Allow cached XXKey/MPMK to be used if new XXKey is not available
This allows supplicant side to complete FT initial mobility domain
association using FT-EAP with PMKSA caching.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-28 15:50:51 +03:00
Jouni Malinen
16c511449d FT: Store XXKey/MPMK in PMKSA cache instead of MSK (supplicant)
When completing FT initial mobility domain association with EAP, store
XXKey/MPMK in the PMKSA cache instead of MSK. The previously stored MSK
was of no use since it could not be used as the XXKey for another FT
initial mobility domain association using PMKSA caching.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-28 15:48:58 +03:00
Jouni Malinen
e0e15fc236 Remove unused crypto_bignum_bits()
This wrapper function is not needed anymore.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-26 17:43:45 +03:00
Jouni Malinen
73338db029 Share common SAE and EAP-pwd functionality: own scalar generation
Use a shared helper function for deriving rand, mask, and own scalar.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-26 17:33:44 +03:00
Jouni Malinen
c3805fb623 Ignore channel switch event if AP interface is not yet ready
It is apparently possible to somehow trigger the driver to report a
channel switch event during ACS operation when the interface information
is not yet complete. hapd->iface->current_mode could be NULL in that
case and that would result in process termination due to NULL pointer
dereference.

It should not really be possible to trigger a channel switch during ACS
is running (i.e., before the AP mode operation has been started), but
since that has been seen in an arbitrary test sequence with interface
start/stop operations with various parameters (both valid and invalid),
better prevent a crash here by ignoring the unexpected event instead of
trying to process it.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-26 16:24:31 +03:00
Jouni Malinen
eb314e8af2 Verify that channel info is available in hostapd_hw_get_channel()
Unexpected CHAN_SWITCH command could get this function using a NULL
pointer if the channel switch was requested while the interface was
already disabled.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-26 16:17:59 +03:00
Jouni Malinen
b9058266f0 Clear cached extended_capa pointers on hapd_deinit() call
driver->hapd_deinit() is going to free the memory that the cached
pointers are pointing to, so clear the pointers to avoid possibility of
dereferencing used memory. It seemed to be possible to hit a code path
using those fields by issuing a CHAN_SWITCH command on disabled hostapd
interface in some cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-26 16:15:15 +03:00
Hu Wang
6afde52a78 Indicate ieee80211ax configuration in hostapd STATUS output
This adds a ieee80211ax=0/1 line to the STATUS output to indicate
the configuration of ieee80211ax, which similar to ieee80211n and
ieee80211ac.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-26 15:06:30 +03:00
Jouni Malinen
e6f9eab90e HE: Fix HE Operation element byte order on bigendian CPUs
The first four octets of the element were used as a host byte order u32.
That is not correct on bigendian CPUs, so handle byte swapping needs
properly. Mark the he_oper_params field as le32 to explicitly indicate
the byte order and swap the generated params content based on CPU byte
order.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 23:57:47 +03:00
John Crispin
3869c159d9 HE: Fix HE operation field size
The current code will always use the size required when all optional
elements are present. This will cause the Linux kernel to consider the
field to be malformed if the elements are not actually flagged as being
present.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-04-25 23:51:04 +03:00
Jouni Malinen
17749e948a Share common SAE and EAP-pwd functionality: is_quadratic_residue
Use a shared helper function for the blinded mechanism of determining
the Legendre symbol.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 23:49:49 +03:00
Jouni Malinen
a9615b1b88 Share common SAE and EAP-pwd functionality: random 1..p-1 creation
Use a shared helper function to create a random value in 1..p-1 range
for is_quadratic_residue().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 23:49:49 +03:00
Jouni Malinen
6c9543fcb7 Share common SAE and EAP-pwd functionality: random qr/qnr creation
Use a shared helper function to create random qr/qnr values.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 23:49:49 +03:00
Jouni Malinen
2b84ca4dd9 Share common SAE and EAP-pwd functionality: suitable groups
Start sharing common SAE and EAP-pwd functionality by adding a new
source code file that can be included into both. This first step is
bringing in a shared function to check whether a group is suitable.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 23:49:49 +03:00
Jouni Malinen
ff229da309 Share a single buf_shift_right() implementation
Move the identical function used by both SAE and EAP-pwd to
src/utils/common.c to avoid duplicated implementation.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 23:49:43 +03:00
Jouni Malinen
1e237903f5 OpenSSL: Use BN_bn2binpad() or BN_bn2bin_padded() if available
This converts crypto_bignum_to_bin() to use the OpenSSL/BoringSSL
functions BN_bn2binpad()/BN_bn2bin_padded(), when available, to avoid
differences in runtime and memory access patterns depending on the
leading bytes of the BIGNUM value.

OpenSSL 1.0.2 and LibreSSL do not include such functions, so those cases
are still using the previous implementation where the BN_num_bytes()
call may result in different memory access pattern.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 19:24:32 +03:00
Jouni Malinen
7958223fdc EAP-pwd: Use const_time_memcmp() for pwd_value >= prime comparison
This reduces timing and memory access pattern differences for an
operation that could depend on the used password.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 19:07:05 +03:00
Jouni Malinen
8e14b030e5 SAE: Use const_time_memcmp() for pwd_value >= prime comparison
This reduces timing and memory access pattern differences for an
operation that could depend on the used password.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 18:52:34 +03:00
John Crispin
2ec71488b5 HE: Add Spatial Reuse Parameter Set element to the Beacon frames
SPR allows us to detect OBSS overlaps and allows us to do adaptive CCA
thresholds. For this to work the AP needs to broadcast the element
first.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-04-25 12:15:36 +03:00
John Crispin
2fde3caa3a HE: Properly populate Beacon template prior to sending it to the kernel
Properly populate the the HE Capabilities element with the info read
from the kernel.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-04-25 12:00:51 +03:00
John Crispin
7cac255632 HE: Fix Operation Parameters order
According to P802.11ax/D4.0 9.4.2.238 (HE Operation element) the BSS
Color Information field is located after the HE Operation Parameters
field. Fix the ordering of the bit masks/offsets for fields in these 3+1
octets used as a single 32-bit value. With these changes, Wireshark 3.2
is able to properly parse and display Beacon frames.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-04-25 11:55:39 +03:00
John Crispin
83f30fabe3 HE: Disable TXOP duration-based RTS if he_rts_threshold is not set
IEEE P802.11ax/D4.0 9.4.2.243 "HE Operation element" indicates that the
special value 1023 in the TXOP Duration RTS Threshold field is used to
indicate that TXOP duration-based RTS is disabled. Use that value as the
default instead of the previously used value 0 which would really mean
threshold of 0 usec. Furthermore, the previous implementation did not
allow values larger than 255 to be used for this field while the field
is actually 10 bits in size.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-04-25 11:43:59 +03:00
John Crispin
5b3940d0c2 nl80211: Add driver HE capabilities parsing support
Add code to parse NL80211_BAND_ATTR_IFTYPE_DATA when reading the band
info. This is needed to find out about the local HE capabilities in AP
mode.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-04-25 11:43:59 +03:00
Jouni Malinen
1b90aae929 nl80211: Remove QCA vendor specific HE capability handling
The QCA_NL80211_VENDOR_SUBCMD_GET_HE_CAPABILITIES attributes are not
up-to-date with the latest P802.11ax/D4.0 capabilities and would need to
be updated or replaced. Since the variables from this functionality were
not used for anything in practice, it is easier to simply remove this
functionality completely to avoid issues with upcoming updates to use
upstream nl80211 information to determine HE capabilities.

This is practically reverting the commit ca1ab9db2a ("hostapd: Get
vendor HE capabilities").

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 11:43:59 +03:00
Omer Dagan
95f556f3c7 Make channel switch started event available over control interface
This makes it easier to upper layer components to manage operating
channels in cases where the same radio is shared for both station and AP
mode virtual interfaces.

Signed-off-by: Omer Dagan <omer.dagan@tandemg.com>
2019-04-22 22:08:07 +03:00
Alex Khouderchah
9c95124418 Add 802.11 status code strings
Logs involving IEEE 802.11 Status Codes output the Status Code value,
but do not provide any explanation of what the value means. This change
provides a terse explanation of each status code using the latter part
of the Status Code #define names.

Signed-off-by: Alex Khouderchah <akhouderchah@chromium.org>
2019-04-22 22:08:07 +03:00
Jouni Malinen
4be17ffbd9 Replace int status/reason_code with u16 variable
These cases are for the IEEE 802.11 Status Code and Reason Code and
those fields are unsigned 16 bit values, so use the more appropriate
type consistently. This is mainly to document the uses and to make the
source code easier to understand.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-22 22:08:07 +03:00
Alex Khouderchah
cfde99a84b Add 802.11 reason code strings into wpa_supplicant messages
Logs involving IEEE 802.11 Reason Codes output the Reason Code value,
but do not provide any explanation of what the value means. This change
provides a terse explanation of each Reason Code using the latter part
of the reason code #define names.

Signed-off-by: Alex Khouderchah <akhouderchah@chromium.org>
2019-04-22 22:08:05 +03:00
Jouni Malinen
e00f780e2b DPP2: hostapd as TCP Relay
The new hostapd configuration parameter dpp_controller can now be used
with the following subparameter values: ipaddr=<IP address>
pkhash=<hexdump>. This adds a new Controller into the configuration
(i.e., more than one can be configured) and all incoming DPP exchanges
that match the specified Controller public key hash are relayed to the
particular Controller.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-22 21:08:59 +03:00
Jouni Malinen
88a78bdde4 DPP2: Protocol exchange over TCP using Controller/Relay
Add initial implementation of DPP-over-TCP. This adds the general TCP
encapsulation routines into the shared src/common/dpp.c implementation.
That functionality will be exposed through hostapd and wpa_supplicant in
the following commits.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-22 21:08:59 +03:00
Jouni Malinen
9ffec2e854 DPP: Make pkhash available in bootstrapping info
This can be helpful for testing DPP2 Controller functionality (get
pkhash from Controller to Relay).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-21 23:14:37 +03:00
Jouni Malinen
2ed2b52ff5 DPP: Add configuration structure to dpp_global_init()
This can be used to provide configurable parameter to the global DPP
context. This initial commit introduces the msg_ctx context pointer for
wpa_msg().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-21 21:35:32 +03:00
Jouni Malinen
516ccede8f The master branch is now used for v2.9 development
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-21 17:04:07 +03:00
Jouni Malinen
6396282430 Preparations for v2.8 release
Update the version number for the build and also add the ChangeLog
entries for both hostapd and wpa_supplicant to describe main changes
between v2.7 and v2.8.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-21 10:10:22 +03:00
Jouni Malinen
fa52bc8b98 EAP-PAX server: Fix message length checks for MSGDUMP level hexdump
EAP-PAX server implementation could end up reading beyond the end of the
buffer if MSGDUMP level debugging was enabled and a message without the
ICV field was received. Fix this by using more strict message length
validation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-20 00:27:15 +03:00
Jouni Malinen
b3c2b5d9f7 EAP-PAX server: Check hash function results
While these local failure cases are mostly theoretical, it is better to
check for the errors explicitly.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-20 00:27:15 +03:00
Jouni Malinen
a3be79a142 EAP-GPSK server: Fix memory freeing on error path
Allocated struct wpabuf was freed with incorrect freeing function. Fix
this by using the appropriate function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-19 17:08:27 +03:00
Jouni Malinen
848718ddde EAP-SAKE: Report hash function failures to callers
While this is mostly theoretical, the hash functions can fail and it is
better for the upper layer code to explicitly check for such failures.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-19 16:52:01 +03:00
Jouni Malinen
24b06511e2 EAP-SAKE server: Fix memory freeing on error path
Allocated struct wpabuf was freed with incorrect freeing function. Fix
this by using the appropriate function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-19 16:44:38 +03:00
Jouni Malinen
b583ed38df FT: Derive PTK properly for rekeying with FT protocol
Do not try to derive a PMK-R0 and PMK-R1 again for the case where an
association was started with FT protocol and PTK is rekeyed using 4-way
handshake. Instead, use the previously derived PMK-R1 to allow a new PTK
to be derived.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-19 11:45:13 +03:00
Jouni Malinen
fb1dee221b FT: Do not add bogus PMKID in msg 1/4 for FT protocol PTK rekeying
Do not try to derive a PMKID for EAPOL-key msg 1/4 when going through
4-way handshake to rekey PTK during an association that was started
through FT protocol.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-19 01:12:30 +03:00
Jouni Malinen
8a576f5ea5 FT: Maintain PMK-R1 for a connected STA
This is needed to allow PTK rekeying to be performed through 4-way
handshake in an association started through FT protocol.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-19 01:12:30 +03:00
Jouni Malinen
09ab81b9e8 WPA: Clear authenticator keys for a STA on deinit/disconnection
Do not leave keys in heap memory after they are no longer needed.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-19 01:12:30 +03:00
Jouni Malinen
f006c13c14 WPA: Stop WPA statement on STA disassociation
This is needed to avoid leaving some timers (e.g., for PTK rekeying)
running afrer a STA has disassociated.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-19 01:12:29 +03:00
Jouni Malinen
d178ab0d57 FT: Start PTK rekey timer on FT protocol completion
This is needed to trigger PTK rekeying properly for associations started
with FT protocol.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-19 01:12:29 +03:00
Jouni Malinen
267c366f38 FT: Remove unused pmk argument from wpa_auth_derive_ptk_ft()
FT rules for PTK derivation do not use PMK. Remove the unused argument
to the PTK derivation function.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-19 01:05:47 +03:00
Jouni Malinen
0a1a82db92 FT: Allow 4-way handshake for PTK rekeying to continue without PMK/PMKID
There is no PMK/PMKID when going through 4-way handshake during an
association started with FT protocol, so need to allow the operation to
proceed even if there is no selected PMKSA cache entry in place.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-19 01:05:41 +03:00
Jouni Malinen
a40bd06e9b FILS: Fix PTK rekeying
The PMK and PMKID information from FILS ERP and FILS PMKSA caching needs
to be stored within struct wpa_state_machine for PTK to work. Without
this, PTK derivation would fail and attempt to go through rekeying would
result in disconnection. Furthermore, wpa_rekey_ptk() timer needs to be
started at the completion of FILS association since the place where it
was done for non-FILS cases at the end of 4-way handshake is not reached
when FILS authentication is used.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-18 21:55:39 +03:00
Jouni Malinen
c8931afe24 nl80211: Check nla_put_flag() failure for ext auth
All nla_put*() operations should be verified to succeed, so check this
recently added one for NL80211_ATTR_EXTERNAL_AUTH_SUPPORT.

Fixes: 236e793e7b ("nl80211: External authentication in driver-based AP SME mode")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-18 21:55:39 +03:00
Jouni Malinen
6151c9b900 EAP-pwd server: Remove unused srandom() call
Commit 4b16c15bbc ("EAP-pwd server: Use os_get_random() for
unpredictable token") replaced use of os_random(), i.e., of random(),
with os_get_random(), but forgot to remove the now unused srandom()
call. Clean up the implementation and remove that unneeded code.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-17 13:24:37 +03:00
Jouni Malinen
d2d1a324ce EAP-pwd peer: Fix reassembly buffer handling
Unexpected fragment might result in data->inbuf not being allocated
before processing and that could have resulted in NULL pointer
dereference. Fix that by explicitly checking for data->inbuf to be
available before using it.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-17 13:24:37 +03:00
Jouni Malinen
fe76f487e2 EAP-pwd server: Fix reassembly buffer handling
data->inbuf allocation might fail and if that were to happen, the next
fragment in the exchange could have resulted in NULL pointer
dereference. Unexpected fragment with more bit might also be able to
trigger this. Fix that by explicitly checking for data->inbuf to be
available before using it.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-17 02:23:31 +03:00
Jouni Malinen
a9d224f560 EAP-pwd server: Fix a memory leak on error path
eap_pwd_h_final() needs to be called to free the value from
eap_pwd_h_init() even in error cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-17 01:48:40 +03:00
Jouni Malinen
90ee1bf5f1 EAP-MSCHAPv2: Propagate GetAsymetricStartKey() failures up from getKey()
Report failure from getKey() if MSK cannot be derived due to unexpected
sha1_vector() local failure.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-16 21:21:35 +03:00
Jouni Malinen
824cb5a530 RSN: Ignore IGTK configuration errors with swapped KeyID values
There are number of deployed APs with broken PMF implementation where
the IGTK KDE uses swapped bytes in the KeyID field (0x0400 and 0x0500
instead of 4 and 5). Such APs cannot be trusted to implement BIP
correctly or provide a valid IGTK, so do not try to configure this key
with swapped KeyID bytes. Instead, continue without configuring the IGTK
so that the driver can drop any received group-addressed robust
management frames due to missing keys.

Normally, this error behavior would result in us disconnecting, but
there are number of deployed APs with this broken behavior, so as an
interoperability workaround, allow the connection to proceed.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-16 19:31:34 +03:00
Jouni Malinen
dfdabd917a RSN: Report completion only after IGTK configuration
Previously wpa_supplicant_key_neg_complete() was called before the
attempt to configure the IGTK received from the authenticator. This
could resulted in somewhat surprising sequence of events if IGTK
configuration failed since completion event would be followed by
immediate disconnection event. Reorder these operations so that
completion is reported only if GTK and IGTK are configurated
successfully.

Furthermore, check for missing GTK KDE in case of RSN and handle that
with an explicit disconnection instead of waiting for the AP to deliver
the GTK later.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-16 19:31:08 +03:00
Ilan Peer
323a51cc01 nl80211: Handle NL80211_CMD_PROBE_CLIENT command response
When processing the NL80211_CMD_PROBE_CLIENT command response, the
nl80211 layer in the kernel sends a response containing the cookie
associated with the client probe request. This response was not handled
by driver_nl80211.c when sending the command, and it was mistakenly
handled as an asynchronous event. This incorrect event did not include
the MAC/ACK attributes, so it was ignored in practice, but nevertheless,
the command response should not be processed as an event.

Fix this by reading the response as part of the sending the command
flow.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2019-04-16 01:53:18 +03:00
Jouni Malinen
28f19a3ae5 nl80211: More detailed PROBE_CLIENT debug print
Include the MAC address of the peer, knowledge of whether the poll was
ACKed, and cookie into the debug message to make this more useful.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-16 01:52:34 +03:00
Jouni Malinen
0be8b9238f mka: Avoid memory leak in unexpected case in RECEIVE
It looks like it is possible for the RECEIVE state to leak memory where
a previously allocated sm->lki is moved to sm->oki while sm->oki is
pointing to not yet freed entry. It is not clear how this can be
triggered, but it has come up in hwsim testing under heavy load.

Free sm->oki if it is still set in RECEIVE before replacing it with
sm->lki to avoid this memory leak.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-15 22:50:06 +03:00
Jouni Malinen
10cf866bac mesh: Fix operations after SAE state machine removing the STA
It is possible for the SAE state machine to remove the STA and free the
sta pointer in the mesh use cases. handle_auth_sae() could have
dereferenced that pointer and used freed memory in some cases. Fix that
by explicitly checking whether the STA was removed.

Fixes: bb598c3bdd ("AP: Add support for full station state")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-15 22:09:12 +03:00
Jouni Malinen
153d4c501a mesh: Fix SAE reauthentication processing
ap_free_sta() frees the sta entry, so sta->addr cannot be used after
that call. Fix the sequence of these two calls to avoid use of freed
memory to determine which PMKSA cache entry to remove.

Fixes: 9f2cf23e2e ("mesh: Add support for PMKSA caching")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-15 21:57:58 +03:00
Jouni Malinen
c5fff8bbd2 nl80211: Update assoc_freq and bss->freq based on real association info
Move event.assoc_info.freq selection to be after the
nl80211_get_assoc_ssid() call so that the current cfg80211 information
on the operating channel can be used should anything unexpected have
happened between the association request and completion of association.
Furthermore, update bss->freq based on assoc_freq to make that
information a bit more useful for station mode. It was already updated
after channel switches during association, but not at the beginning of
association.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-14 12:40:45 +03:00
Jouni Malinen
091c227714 nl80211: Clear bss->freq on station mode disconnection
This fixes some issues where bss->freq could have been used to replace
the current operating channel when sending out a management frame.
bss->freq has not been consistently used to track the current operating
channel in station mode, so it should not be trusted for this type of
uses. Clearing it makes this a bit more robust by at least avoiding the
cases of information from past association being used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-14 12:33:37 +03:00
Jouni Malinen
cb5db189ed Remove the unused crypto_ec_cofactor() function
All users of this wrapper function were removed, so the wrapper can be
removed as well.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-13 18:28:05 +03:00
Jouni Malinen
8b093db2c3 EAP-pwd: Remove unused checks for cofactor > 1 cases
None of the ECC groups supported in the implementation had a cofactor
greater than 1, so these checks are unreachable and for all cases, the
cofactor is known to be 1. Furthermore, RFC 5931 explicitly disallow use
of ECC groups with cofactor larger than 1, so this checks cannot be
needed for any curve that is compliant with the RFC.

Remove the unneeded group cofactor checks to simplify the
implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-13 18:28:05 +03:00
Jouni Malinen
92e1b96c26 EAP-pwd: Disallow ECC groups with a prime under 256 bits
Based on the SAE implementation guidance update to not allow ECC groups
with a prime that is under 256 bits, reject groups 25, 26, and 27 in
EAP-pwd.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-13 18:28:05 +03:00
Jouni Malinen
6fe3ee722d tests: EAP-pwd local failure in crypto_bignum_rand()
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-13 18:28:05 +03:00
Jouni Malinen
6570949b2c OpenSSL: Fix server side openssl_ecdh_curves configuration with 1.0.2
It looks like SSL_CTX_set1_curves_list() command alone is not sufficient
to enable ECDH curve selection with older OpenSSL versions for TLS
server, so enable automatic selection first and specify the exact list
of curves after that.

This fixes failures in openssl_ecdh_curves test case when hostapd uses
OpenSSL 1.0.2.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-13 18:28:05 +03:00
Jouni Malinen
52b1cb5d73 tests: crypto_hash_finish() failure in eap_pwd_kdf()
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-13 12:53:42 +03:00
Ryo ONODERA
8f36c84a27 bsd: Fix a typo in error message
When SIOCG80211 failed, show error message with SIOCG80211
instead of SIOCS80211.

Signed-off-by: Ryo ONODERA <ryo@tetera.org>
2019-04-13 11:26:25 +03:00
Jouni Malinen
dd1a8cef4c Remove unnecessary copying of SSID and BSSID for external_auth
The external authentication command and event does not need to copy the
BSSID/SSID values into struct external_auth since those values are used
before returning from the call. Simplify this by using const u8 * to
external data instead of the array with a copy of the external data.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-12 20:43:26 +03:00
Srinivas Dasari
4ffb0fefe4 hostapd: Support external authentication offload in AP mode
Extend commit 5ff39c1380 ("SAE: Support external authentication
offload for driver-SME cases") to support external authentication
with drivers that implement AP SME by notifying the status of
SAE authentication to the driver after SAE handshake as the
driver acts as a pass through for the SAE Authentication frames.

Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
2019-04-12 20:33:35 +03:00
Srinivas Dasari
236e793e7b nl80211: External authentication in driver-based AP SME mode
This extends driver interface to nl80211 by introducing the following
changes,
1. Register for Authenication frames in driver-based AP SME mode.
2. Advertise NL80211_ATTR_EXTERNAL_AUTH_SUPPORT in set_ap when
   offloaded SAE authentication is supported.
3. Extend the NL80211_CMD_EXTERNAL_AUTH interface to also send PMKID
   so that the drivers can respond to the PMKSA cached connection
   attempts from the stations avoiding the need to contact user space
   for all PMKID-based connections.
4. Send external auth status to driver only if it is a driver based
   SME solution.

Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
2019-04-12 20:29:56 +03:00
nakul kachhwaha
2ab19f4be9 Reset beacon_set_done on disabling interface
beacon_set_done did not get reset to zero on disabling interface using
DISABLE control interface command and the subsequent ENABLE command will
caused configuration of Beacon/Probe Response/Association Response frame
IEs twice. The unnecessary two step configuration can be avoided by
resetting beacon_set_done on DISABLE so that ENABLE can bring up the
interface in a single step with fully updated IEs.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-12 20:18:09 +03:00
Jouni Malinen
89bbe6f87a EAP-pwd: Get rid of unnecessary allocation of temporary buffer
Binary presentations of element and scalar can be written directly to
the allocated commit message buffer instead of having to first write
them into temporary buffers just to copy them to the actual message
buffer.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-09 17:11:15 +03:00
Jouni Malinen
4396f74a36 EAP-pwd: Enforce 1 < rand,mask < r and rand+mask mod r > 1
RFC 5931 has these conditions as MUST requirements, so better follow
them explicitly even if the rand,mask == 0 or rand+mask == 0 or 1 cases
are very unlikely to occur in practice while generating random values
locally.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-09 17:11:15 +03:00
Jouni Malinen
72056f69aa tests: Module tests for const_time_*() functions
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-09 17:11:15 +03:00
Jouni Malinen
16d4f10691 EAP-pwd: Check element x,y coordinates explicitly
This adds an explicit check for 0 < x,y < prime based on RFC 5931,
2.8.5.2.2 requirement. The earlier checks might have covered this
implicitly, but it is safer to avoid any dependency on implicit checks
and specific crypto library behavior. (CVE-2019-9498 and CVE-2019-9499)

Furthermore, this moves the EAP-pwd element and scalar parsing and
validation steps into shared helper functions so that there is no need
to maintain two separate copies of this common functionality between the
server and peer implementations.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-09 17:11:15 +03:00
Mathy Vanhoef
8ad8585f91 EAP-pwd client: Verify received scalar and element
When processing an EAP-pwd Commit frame, the server's scalar and element
(elliptic curve point) were not validated. This allowed an adversary to
bypass authentication, and act as a rogue Access Point (AP) if the
crypto implementation did not verify the validity of the EC point.

Fix this vulnerability by assuring the received scalar lies within the
valid range, and by checking that the received element is not the point
at infinity and lies on the elliptic curve being used. (CVE-2019-9499)

The vulnerability is only exploitable if OpenSSL version 1.0.2 or lower
is used, or if LibreSSL or wolfssl is used. Newer versions of OpenSSL
(and also BoringSSL) implicitly validate the elliptic curve point in
EC_POINT_set_affine_coordinates_GFp(), preventing the attack.

Signed-off-by: Mathy Vanhoef <mathy.vanhoef@nyu.edu>
2019-04-09 17:11:15 +03:00
Mathy Vanhoef
d63edfa902 EAP-pwd server: Detect reflection attacks
When processing an EAP-pwd Commit frame, verify that the peer's scalar
and elliptic curve element differ from the one sent by the server. This
prevents reflection attacks where the adversary reflects the scalar and
element sent by the server. (CVE-2019-9497)

The vulnerability allows an adversary to complete the EAP-pwd handshake
as any user. However, the adversary does not learn the negotiated
session key, meaning the subsequent 4-way handshake would fail. As a
result, this cannot be abused to bypass authentication unless EAP-pwd is
used in non-WLAN cases without any following key exchange that would
require the attacker to learn the MSK.

Signed-off-by: Mathy Vanhoef <mathy.vanhoef@nyu.edu>
2019-04-09 17:11:15 +03:00
Mathy Vanhoef
70ff850e89 EAP-pwd server: Verify received scalar and element
When processing an EAP-pwd Commit frame, the peer's scalar and element
(elliptic curve point) were not validated. This allowed an adversary to
bypass authentication, and impersonate any user if the crypto
implementation did not verify the validity of the EC point.

Fix this vulnerability by assuring the received scalar lies within the
valid range, and by checking that the received element is not the point
at infinity and lies on the elliptic curve being used. (CVE-2019-9498)

The vulnerability is only exploitable if OpenSSL version 1.0.2 or lower
is used, or if LibreSSL or wolfssl is used. Newer versions of OpenSSL
(and also BoringSSL) implicitly validate the elliptic curve point in
EC_POINT_set_affine_coordinates_GFp(), preventing the attack.

Signed-off-by: Mathy Vanhoef <mathy.vanhoef@nyu.edu>
2019-04-09 17:11:15 +03:00
Jouni Malinen
ac8fa9ef19 SAE: Fix confirm message validation in error cases
Explicitly verify that own and peer commit scalar/element are available
when trying to check SAE confirm message. It could have been possible to
hit a NULL pointer dereference if the peer element could not have been
parsed. (CVE-2019-9496)

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-09 17:11:15 +03:00
Jouni Malinen
cff138b074 SAE: Use constant time operations in sae_test_pwd_seed_ffc()
Try to avoid showing externally visible timing or memory access
differences regardless of whether the derived pwd-value is smaller than
the group prime.

This is related to CVE-2019-9494.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-09 17:11:15 +03:00
Jouni Malinen
f8f20717f8 SAE: Use const_time selection for PWE in FFC
This is an initial step towards making the FFC case use strictly
constant time operations similarly to the ECC case.
sae_test_pwd_seed_ffc() does not yet have constant time behavior,
though.

This is related to CVE-2019-9494.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-09 17:11:15 +03:00
Jouni Malinen
90839597cc SAE: Mask timing of MODP groups 22, 23, 24
These groups have significant probability of coming up with pwd-value
that is equal or greater than the prime and as such, need for going
through the PWE derivation loop multiple times. This can result in
sufficient timing different to allow an external observer to determine
how many rounds are needed and that can leak information about the used
password.

Force at least 40 loop rounds for these MODP groups similarly to the ECC
group design to mask timing. This behavior is not described in IEEE Std
802.11-2016 for SAE, but it does not result in different values (i.e.,
only different timing), so such implementation specific countermeasures
can be done without breaking interoperability with other implementation.

Note: These MODP groups 22, 23, and 24 are not considered sufficiently
strong to be used with SAE (or more or less anything else). As such,
they should never be enabled in runtime configuration for any production
use cases. These changes to introduce additional protection to mask
timing is only for completeness of implementation and not an indication
that these groups should be used.

This is related to CVE-2019-9494.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-09 17:11:15 +03:00
Jouni Malinen
362704dda0 SAE: Avoid branches in is_quadratic_residue_blind()
Make the non-failure path in the function proceed without branches based
on r_odd and in constant time to minimize risk of observable differences
in timing or cache use. (CVE-2019-9494)

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-09 17:11:15 +03:00
Jouni Malinen
6513db3e96 SAE: Minimize timing differences in PWE derivation
The QR test result can provide information about the password to an
attacker, so try to minimize differences in how the
sae_test_pwd_seed_ecc() result is used. (CVE-2019-9494)

Use heap memory for the dummy password to allow the same password length
to be used even with long passwords.

Use constant time selection functions to track the real vs. dummy
variables so that the exact same operations can be performed for both QR
test results.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-09 17:11:15 +03:00
Jouni Malinen
aaf65feac6 EAP-pwd: Use constant time and memory access for finding the PWE
This algorithm could leak information to external observers in form of
timing differences or memory access patterns (cache use). While the
previous implementation had protection against the most visible timing
differences (looping 40 rounds and masking the legendre operation), it
did not protect against memory access patterns between the two possible
code paths in the masking operations. That might be sufficient to allow
an unprivileged process running on the same device to be able to
determine which path is being executed through a cache attack and based
on that, determine information about the used password.

Convert the PWE finding loop to use constant time functions and
identical memory access path without different branches for the QR/QNR
cases to minimize possible side-channel information similarly to the
changes done for SAE authentication. (CVE-2019-9495)

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-09 17:11:15 +03:00
Jouni Malinen
c93461c1d9 OpenSSL: Use constant time selection for crypto_bignum_legendre()
Get rid of the branches that depend on the result of the Legendre
operation. This is needed to avoid leaking information about different
temporary results in blinding mechanisms.

This is related to CVE-2019-9494 and CVE-2019-9495.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-09 17:11:15 +03:00
Jouni Malinen
6e34f618d3 Add helper functions for constant time operations
These functions can be used to help implement constant time operations
for various cryptographic operations that must minimize externally
observable differences in processing (both in timing and also in
internal cache use, etc.).

This is related to CVE-2019-9494 and CVE-2019-9495.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-09 17:11:15 +03:00
Jouni Malinen
d42c477cc7 OpenSSL: Use constant time operations for private bignums
This helps in reducing measurable timing differences in operations
involving private information. BoringSSL has removed BN_FLG_CONSTTIME
and expects specific constant time functions to be called instead, so a
bit different approach is needed depending on which library is used.

The main operation that needs protection against side channel attacks is
BN_mod_exp() that depends on private keys (the public key validation
step in crypto_dh_derive_secret() is an exception that can use the
faster version since it does not depend on private keys).

crypto_bignum_div() is currently used only in SAE FFC case with not
safe-prime groups and only with values that do not depend on private
keys, so it is not critical to protect it.

crypto_bignum_inverse() is currently used only in SAE FFC PWE
derivation. The additional protection here is targeting only OpenSSL.
BoringSSL may need conversion to using BN_mod_inverse_blinded().

This is related to CVE-2019-9494 and CVE-2019-9495.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-09 17:11:15 +03:00
Jouni Malinen
242e857285 Extend domain_match and domain_suffix_match to allow list of values
These wpa_supplicant network profile parameters could be used to specify
a single match string that would be used against the dNSName items in
subjectAltName or CN. There may be use cases where more than one
alternative match string would be useful, so extend these to allow a
semicolon delimited list of values to be used (e.g.,
"example.org;example.com"). If any of the specified values matches any
of the dNSName/CN values in the server certificate, consider the
certificate as meeting this requirement.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-09 16:24:38 +03:00
Jouni Malinen
dcc0ccd5b0 wolfSSL: Fix dNSName matching with domain_match and domain_suffix_match
Incorrect gen->type value was used to check whether subjectAltName
contained dNSName entries. This resulted in all domain_match and
domain_suffix_match entries failing to find a match and rejecting the
server certificate. Fix this by checking against the correct type
definition for dNSName.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-09 16:24:38 +03:00
Jouni Malinen
83f13e4ff6 tests: Fix build without CONFIG_SAE
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-09 16:24:38 +03:00
Jouni Malinen
3580ed8266 RADIUS server: Accept ERP keyName-NAI as user identity
Previously the EAP user database had to include a wildcard entry for ERP
to work since the keyName-NAI as User-Name in Access-Request would not
be recognized without such wildcard entry (that could point to any EAP
method). This is not ideal, so add a separate check to allow any stored
ERP keyName-NAI to be used for ERP without any requirement for the EAP
user database to contain a matching entry.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-09 00:10:20 +03:00
Jouni Malinen
bbde461d7e Fix a typo in the Multiple BSSID Index element ID define
This was not used anywhere, so just rename the define to fix the typo.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-08 23:42:12 +03:00
Jouni Malinen
1326cb7653 DPP: Fix a regression in non-DPP, non-OpenSSL builds
Inclusion of common/dpp.h into hostapd/main.c brought in an undesired
unconditional dependency on OpenSSL header files even for builds where
DPP is not enabled. Fix this by making the dpp.h contents, and in
particular the inclusion of openssl/x509.h, conditional on CONFIG_DPP.

Fixes: 87d8435cf9 ("DPP: Common configurator/bootstrapping data management")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-08 18:13:19 +03:00
Jouni Malinen
db54db11ae SAE: Reject unsuitable groups based on REVmd changes
The rules defining which DH groups are suitable for SAE use were
accepted into IEEE 802.11 REVmd based on this document:
https://mentor.ieee.org/802.11/dcn/19/11-19-0387-02-000m-addressing-some-sae-comments.docx

Enforce those rules in production builds of wpa_supplicant and hostapd.
CONFIG_TESTING_OPTIONS=y builds can still be used to select any o the
implemented groups to maintain testing coverage.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-08 18:11:00 +03:00
Andrei Otcheretianski
6bb9d9a8db AP: Avoid NULL use with snprintf string
identity_buf may be NULL here. Handle this case explicitly by printing
"N/A" instead relying on snprintf converting this to "(null)" or some
other value based on unexpected NULL pointer.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2019-04-06 18:49:26 +03:00
Ilan Peer
277fa92b37 crypto: Fix unreachable code in tls_prf_sha1_md5()
While commit 1c156e783d ("Fixed tls_prf() to handle keys with
odd length") added support for keys with odd length, the function
never reached this code as the function would return earlier in
case the key length was odd. Fix this by removing the first check
for the key length.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2019-04-06 17:00:07 +03:00
Jouni Malinen
3d93e26e66 tests: SAE test vector from IEEE P802.11-REVmd/D2.1, Annex J.10
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-06 13:26:15 +03:00
Sunil Dutt
e5711b6181 Add a QCA vendor attribute to carry the reason for roaming
This commit introduces an attribute
QCA_WLAN_VENDOR_ATTR_ROAM_AUTH_REASON to carry the roam reason code
through QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH event.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-05 21:15:16 +03:00
Ankita Bajaj
005585d602 nl80211: Add SAE, FT-SAE, FT-EAP-SHA384 AKMs in connect request
This is needed for full MAC drivers that use NL80211_CMD_CONNECT
for issuing connect request.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-05 21:02:37 +03:00
Jouni Malinen
bd23daa8e6 DPP: Move GAS encapsulation into dpp_build_conf_req()
Avoid duplicated code in each user of dpp_build_conf_req() by moving the
common encapsulation case into this helper function.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-03 19:10:47 +03:00
Jouni Malinen
253ce212ee Add AKM info in the debug message noting PMKSA caching entry addition
This is useful for debugging issues where an expected PMKSA cache entry
is not found.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-27 04:02:19 +02:00
vamsi krishna
6fe3f0f798 FT-SAE: Use PMK as XXKey in AP when SAE PMKSA caching is used
When connected using FT-SAE key mgmt, use PMK from PMKSA cache as XXKey
for PMK-R0 and PMK-R1 derivations. This fixes an issue where FT key
hierarchy could not be established due to missing (not yet configured)
XXKey when using SAE PMKSA caching for the initial mobility domain
association.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-27 04:01:26 +02:00
Jouni Malinen
6d14b98fc6 nl80211: Do not add WMM parameters when updating an existing STA entry
In the case of the driver not supporting full AP mode STA state (i.e.,
not adding a STA entry before association), the QoS parameters are not
allowed to be modified when going through (re)association exchange for a
STA entry that has not been removed from the kernel. cfg80211 would
reject such command to update STA flags, so do not add the WMM parameter
in this case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-27 03:14:02 +02:00
Jouni Malinen
2ffd8076de FT/RRB: Pad RRB messages to at least minimum Ethernet frame length
Ethernet frames have minimum length of 64 octets and shorter frames may
end up getting arbitrary padding in the end. This would result in the
FT/RRB receiver rejecting the frame as an incorrectly protected one.
Work around this by padding the message so that it is never shorter than
the minimum Ethernet frame.

Unfortunately, this padding is apparently not enough with all Ethernet
devices and it is still possible to see extra two octet padding at the
end of the message even if larger frames are used (e.g., showed up with
128 byte frames). For now, work around this by trying to do AES-SIV
decryption with two octets shorter frame (ignore last two octets) if the
first attempt fails.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-26 22:50:17 +02:00
Jouni Malinen
555c93e2d8 FT/RRB: Add more debug prints for RRB message encryption/decryptiom
This is needed to make it easier to understand what could be going wrong
in RRB communication.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-26 22:50:17 +02:00
Jouni Malinen
87d8435cf9 DPP: Common configurator/bootstrapping data management
Merge the practically copy-pasted implementations in wpa_supplicant and
hostapd into a single shared implementation in dpp.c for managing
configurator and boostrapping information. This avoid unnecessary code
duplication and provides a convenient location for adding new global DPP
data.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-24 17:29:45 +02:00
Jouni Malinen
08dc8efd29 Fix memcpy regression in PMK handling
The memcpy calls added for exposing the PMK from wpa_auth module could
end up trying to copy the same memory buffer on top of itself.
Overlapping memory areas are not allowed with memcpy, so this could
result in undefined behavior. Fix this by making the copies conditional
on the updated value actually coming from somewhere else.

Fixes: b08c9ad0c7 ("AP: Expose PMK outside of wpa_auth module")
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-23 12:44:42 +02:00
Jouni Malinen
130444738b FILS: Fix KEK2 derivation for FILS+FT
The offset update for copying KEK2 from the extended PTK was overriding
the offset instead of incrementing it (a likely copy-paste error from
the first offset assignment based on KCK). This resulted in KEK2 being
set to incorrect segment of PTK. Fix this by updating the offset
properly so that KEK2 is copied from the correct place at the end of the
PTK.

Fixes: 2f37387812 ("FILS: Add more complete support for FT-FILS use cases")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-20 22:26:56 +02:00
Jouni Malinen
bf84e78cbc OpenSSL: Fix build with current BoringSSL
SSL_use_certificate_chain_file() is not available in the current
BoringSSL even though the defined OPENSSL_VERSION_NUMBER is large enough
to claim that this function would be present in the OpenSSL API.

Fall back to using SSL_use_certificate_file() with BoringSSL to fix the
build.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-19 18:24:09 +02:00
Jouni Malinen
b750dde64d OWE: Move Association Response frame IE addition to appropriate place
This code was after the FILS handling that would have encrypted the
frame. While FILS and OWE are never used together, the OWE handling
should really be before the FILS handling since no IEs can be added
after the FILS encryption step. In addition, the Diffie-Hellman
Parameter element is not a Vendor Specific element, so it should be
before some of the Vendor Specific elements even though it is not
defined in IEEE 802.11.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-18 18:32:31 +02:00
Jouni Malinen
10ec6a5f38 DPP2: PFS for PTK derivation
Use Diffie-Hellman key exchange to derivate additional material for
PMK-to-PTK derivation to get PFS. The Diffie-Hellman Parameter element
(defined in OWE RFC 8110) is used in association frames to exchange the
DH public keys. For backwards compatibility, ignore missing
request/response DH parameter and fall back to no PFS in such cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-18 18:32:31 +02:00
Jouni Malinen
ecacd9ccd4 DPP2: Extend wpa_pmk_to_ptk() to support extra Z.x component in context
DPP allows Diffie-Hellman exchange to be used for PFS in PTK derivation.
This requires an additional Z.x (x coordinate of the DH shared secret)
to be passed to wpa_pmk_to_ptk(). This commit adds that to the function
and updates all the callers to pass NULL,0 for that part in preparation
of the DPP specific changes to start using this.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-18 01:31:31 +02:00
Jouni Malinen
16a4e931f0 OWE: Allow Diffie-Hellman Parameter element to be included with DPP
The previous OWE implementation on the AP side rejected any
(Re)Association Request frame with the Diffie-Hellman Parameter element
if AKM was not OWE. This breaks compatibility with DPP PFS, so relax
that rule to allow DPP AKM to be used as well. While this commit alone
does not add support for PFS, this allows interoperability between
non-PFS implementation on the AP and a newer PFS implementation on the
STA.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-18 00:27:11 +02:00
Jouni Malinen
808bdb308f Add TEST_FAIL() to aes_encrypt_init() with internal crypto
This is needed for the hwsim test cases ap_wpa2_eap_psk_oom and
ap_wpa2_eap_sim_oom.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-16 18:52:09 +02:00
Jouni Malinen
32f4760664 TLS: Add support for RFC 5705 TLS exporter context with internal TLS
Use the provided context, if any, to generate the seed for TLS PRF.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-16 18:52:09 +02:00
Ervin Oro
a916ff5cd8 Add support for an optional context parameter to TLS exporter
Allow an additional context value to be passed to TLS exporter as
specified in RFC 5705 section 4.

This does not yet implement it for the internal TLS implementation.
However, as currently nothing uses context yet, this will not break
anything right now. WolfSSL maintainers also stated that they are not
going to add context support yet, but would look into it if/when this is
required by a published draft or a standard.

Signed-off-by: Ervin Oro <ervin.oro@aalto.fi>
2019-03-16 18:52:09 +02:00
Jouni Malinen
18015fc8a4 DPP2: Support new legacy+DPP config object credentials
This allows devices supporting DPP protocol version 2 or newer to
provision networks that enable both the legacy (PSK/SAE) and DPP
credentials.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-16 18:52:06 +02:00
Jouni Malinen
9305c2332b DPP: Clean up configuration parsing
Share a single parsing implementation for both hostapd and
wpa_supplicant to avoid code duplication. In addition, clean up the
implementation to be more easily extensible.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-16 17:29:59 +02:00
Jouni Malinen
c675397cc3 OpenSSL: Fix build with OpenSSL 1.0.2
X509_get_subject_name() in OpenSSL 1.0.2 does not mark its argument as a
const pointer, so need to type cast this to avoid a build warning.

Fixes: 841205a1ce ("OpenSSL: Add 'check_cert_subject' support for TLS server")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-15 00:33:33 +02:00
Jouni Malinen
ff5f54e159 SAE: Reduce queue wait time for pending Authentication frames
The queue_len * 50 ms wait time was too large with the retransmission
timeouts used in the mesh case for SAE. The maximum wait of 750 ms was
enough to prevent successful completion of authentication after having
hit the maximum queue length. While the previous commit is enough to
allow this to complete successfully in couple of retries, it looks like
a smaller wait time should be used here even if it means potentially
using more CPU.

Drop the processing wait time to queue_len * 10 ms so that the maximum
wait time is 150 ms if the queue is full.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-15 00:31:09 +02:00
Jouni Malinen
5e3a759cd4 SAE: Improved queuing policy for pending authentication frames
The previous design of simply queuing all SAE commit messages was not
exactly good at allowing recovery from a flooding state if the valid
peer used frequent retransmissions of the SAE message. This could
happen, e.g., with mesh BSSs using SAE. The frequent retransmissions and
restarts of SAE authentication combined with SAE confirm messages
bypassing the queue ended up in not being able to finish SAE exchange
successfully.

Fix this by modifying the queuing policy to queue SAE confirm messages
if there is a queued SAE commit message from the same peer so that the
messages within the same exchange do not get reordered. In addition,
replace queued SAE commit/confirm message if a new matching message is
received from the same peer STA. This is useful for the case where the
peer restarts SAE more quickly than the local end has time to process
the queued messages.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-15 00:31:09 +02:00
Jouni Malinen
67b3bcc954 DPP2: Testing option for Config Object rejction
Add a new testing option to force Enrollee to reject the receive Config
Object.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-15 00:31:09 +02:00
Jouni Malinen
22f90b32f1 DPP2: Configuration Result message generation and processing
Use this new message from Enrollee to Configurator to indicate result of
the config object provisioning if both devices support protocol version
2 or newer.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-15 00:31:09 +02:00
Jouni Malinen
673631b8a3 More robust timer_tick_enabled tracking
Do not set sm->timer_tick_enabled if the eloop_register_timeout() call
fails so that the next attempt to enable the timer in
eapol_enable_timer_tick() can try to recover from unexpected eloop
failures. This should not really be needed in practical use cases, but
certain out-of-memory test cases can trigger allocation failure in
eloop_register_timeout() and if that happens, the previous EAPOL
supplicant state machine implementation got pretty much completely stuck
for any operation needing the timer.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-13 23:33:41 +02:00
Jouni Malinen
b5e57699af FILS+FT: STA mode validation of PMKR1Name in initial MD association
Verify that the AP uses matching PMKR1Name in (Re)Association Response
frame when going through FT initial mobility domain association using
FILS. Thise step was missing from the initial implementation, but is
needed to match the IEEE 802.11ai requirements for explicit confirmation
of the FT key hierarchy (similarly to what is done in FT 4-way handshake
when FILS is not used).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-13 19:15:13 +02:00
Jouni Malinen
3653663933 FILS+FT: AP mode processing of PMKR1Name in initial MD association
Derive PMKR1Name during the FILS authentication step, verify that the
station uses matching PMKR1Name in (Re)Association Request frame, and
add RSNE[PMKR1Name] into (Re)Association Response frame when going
through FT initial mobility domain association using FILS. These steps
were missed from the initial implementation, but are needed to match the
IEEE 802.11ai requirements for explicit confirmation of the FT key
hierarchy (similarly to what is done in FT 4-way handshake when FILS is
not used).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-13 19:15:06 +02:00
Jouni Malinen
aabbdb818d FILS: Do not try to add PMKSA cache entry if caching is disabled
This gets rid of a confusing error message "FILS: Failed to add PMKSA
cache entry based on ERP" for cases where PMKSA caching is disabled in
hostapd (disable_pmksa_caching=1). Functionality remains unchanged,
i.e., no cache entry was added before this change either.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-13 16:34:48 +02:00
Arif Hussain
02bde9581f Vendor attribute to enable or disable TWT request support
Add a new QCA vendor attribute for testing purposes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-13 14:56:59 +02:00
vamsi krishna
4efade3157 nl80211: Clear keys from heap memory before freeing it for get_seqnum
NL80211_CMD_GET_KEY response may return the actual key in addition to
the last used sequence number that we need. That might result in a key
being left in unused heap memory after the buffer is freed.

Explicitly clear the message payload with the possibly included key
material from heap memory before returning from the handler function
(and having libnl free the nlmsg) when key information is obtained from
the driver using the NL80211_CMD_GET_KEY command.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-13 14:54:18 +02:00
vamsi krishna
c6ec9759c5 nl80211: Exclude PMK when sending NL80211_CMD_DEL_PMKSA explicitly
Add a check in nl80211 driver layer to not include PMK while sending
NL80211_CMD_DEL_PMKSA explicitly. Though it is taken care already in
supplicant layer by setting the pmk_len to zero, it would be good
to have a check in nl80211 layer in order to avoid future accidental
inclusions of keying material in commands that do not need them.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-13 13:22:40 +02:00
Jouni Malinen
0b4a906de1 DPP2: Protocol version indication
Send out the new Protocol Version attribute in Authentication
Request/Response messages and determine the peer version based on this
attribute.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-13 13:22:37 +02:00
Jouni Malinen
bf0021ede3 Allow fragmentation/RTS threshold to be disabled explicitly
hostapd configuration parameters fragm_threshold and rts_threshold were
documented to disable the threshold with value -1 and not change driver
configuration if the parameter is not included. However, -1 was mapped
into not changing the driver value, so the explicit disabling part did
not work.

Replace the default values for these to be -2 so that explicitly set
configuration value -1 can be distinguished from the case of not
including the parameter. Map the -1 value to a driver request to disable
the threshold. Ignore any error from this operation just in case to
avoid breaking functionality should some drivers not accept the (u32) -1
value as a threshold value request to disable the mechanism.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-12 17:15:08 +02:00
stonez
48102f65ef Add a vendor subcommand QCA_NL80211_VENDOR_SUBCMD_MPTA_HELPER_CONFIG
This subcommand is used to update Zigbee state and specified WLAN
durations to enhance success ratio of Zigbee joining network. The
attributes defined in enum qca_mpta_helper_vendor_attr are used to
deliver these parameters to the driver.

Signed-off-by: stonez <stonez@codeaurora.org>
2019-03-12 13:00:24 +02:00
Amir Patel
f10a4af1bd Add QCA vendor command/event and attributes for peer rate statistics
Peer rate statistics is per-peer cached data in the driver. These
statistics needs to be flushed to a user space application on
synchronous/asynchronous events. This command is used as an event from
the driver to flush per-peer cached statistics to the application.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-12 12:42:58 +02:00
Jouni Malinen
56a33496fe Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2019-01-25.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-12 00:23:45 +02:00
Jared Bents
841205a1ce OpenSSL: Add 'check_cert_subject' support for TLS server
This patch added 'check_cert_subject' support to match the value of
every field against the DN of the subject in the client certificate. If
the values do not match, the certificate verification will fail and will
reject the user.

This option allows hostapd to match every individual field in the right
order, also allow '*' character as a wildcard (e.g OU=Development*).

Note: hostapd will match string up to 'wildcard' against the DN of the
subject in the client certificate for every individual field.

Signed-off-by: Paresh Chaudhary <paresh.chaudhary@rockwellcollins.com>
Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-11 14:09:45 +02:00
Jouni Malinen
0173423f41 Use char pointers for EAP configuration parameters without length
These parameters were using the u8*/len style types even though they
were used as char* strings without an explicit length field. Make this
char* instead of u8* to avoid confusion and unnecessary type casting.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-11 14:09:45 +02:00
Jouni Malinen
cd6a5866eb Remove forgotten os_strncpy() implementations
This was replaced with os_strlcpy() long time ago.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-10 15:56:51 +02:00
Jouni Malinen
ca9efe113c roboswitch: Check some read operation results
This gets rid of some static analyzer warnings about uninitialized
variables being used in comparisons or write operations.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-09 18:56:48 +02:00
Jouni Malinen
4d379be4a9 Clarify AP mode Action frame handling
Include only one of hostapd_mgmt_rx() and hostapd_action_rx() functions
in the build. Previously, NEED_AP_MLME builds (i.e., cases where hostapd
AP MLME implementation is included) included both of these functions and
both were tried in sequence. In addition to being difficult to
understand, that could result in unexpected behavior if
hostapd_mgmt_rx() rejected a frame and return 0 to allow
hostapd_action_rx() to attempt to process the frame.

All the operations included in hostapd_action_rx() are supposed to be
available through the hostapd_mgmt_rx() call in handle_action() and
those should result in the exact same Category/Action-based handler
function to be called in the end. As such, this should not result in
different behavior. And if there is a difference, that would be pointing
at a hidden bug that would need to be fixed anyway. Furthermore, builds
without NEED_AP_MLME would not have any difference in behavior or
contents of the binary either.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-09 12:51:34 +02:00
Jouni Malinen
cc833a236c Minor cleanup to return after WNM Action frame handling
There is no need to go through the following handler calls in
hostapd_action_rx() after having found the matching WLAN_ACTION_WNM
handler.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-09 12:43:20 +02:00
Jouni Malinen
700b3f395e Move SA Query frame length check to the shared handler function
Check the length in the common handler functions instead of both
callers.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-09 12:41:49 +02:00
Jouni Malinen
002edb6303 Fix AP MLME in driver handling of FT and SA Query Action frames
hostapd_action_rx() was pointing at incorrect field (Action vs.
Category) for the wpa_ft_action_rx() call and the length check for SA
Query Action frames. This resulted in those frames getting dropped as
invalid (FT) or ignored as truncated (SA Query). Fix this by pointing to
the correct place at the beginning of the frame body.

This issue had a long history. These were broken during cleanup in
commit dbfb8e82ff ("Remove unnecessary EVENT_RX_ACTION") which
actually fixed the initial reason for the error accidentally. It was
just that that error was needed to cancel out another earlier error..

One of the errors came from misuse of the EVENT_RX_ACTION API in commit
deca6eff74 ("atheros: Add new IEEE 802.11r driver_ops"). That pointed
struct rx_action data/len to cover the Action frame from the Category
field to the end of the frame body while the API was documented to cover
Action field to the end of the frame body. This error was cancelled by
another error in commit 88b32a99d3 ("FT: Add FT AP support for drivers
that manage MLME internally") that called wpa_ft_action_rx() with the
struct rx_action::data field as the second argument. That argument needs
to point to the Category field, but that struct rx_action field was
supposed to point to the Action field.

Number of the Action frame handlers added into hostapd_action_rx() had
been fixed more or less accidentally after this in various other
commits, but the FT and SA Query handlers had ended up maintaining the
incorrect operations. This is now fixing those.

This seems to fix at least some cases of FT-over-DS with drivers that
use driver-based AP MLME. Such drivers might use internal SA Query
processing, so it is not clear whether that part actually fixes any real
issues.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-09 12:41:43 +02:00
Masashi Honma
1e653daa31 EAP-pwd server: Fix memory leak with salted passwords
The struct hostapd_eap_user changes with a new allocated variable were
not covered in the RADIUS server code. Fix this by using eap_user_free()
instead of custom memory freeing operation in radius_server.c.

The hwsim tests with salted password (ap_wpa2_eap_pwd_salt_sha1,
ap_wpa2_eap_pwd_salt_sha256, ap_wpa2_eap_pwd_salt_sha512) triggered
these memory leaks.

Fixes: d52ead3db7 ("EAP-pwd server: Add support for salted password databases")
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-03-08 16:59:27 +02:00
Jouni Malinen
96d6dfa8e4 SAE: Add Finite Cyclic Group field in status code 77 response
Copy the Finite Cyclic Group field value from the request to the
response Authentication frame if we end up rejecting the request due to
unsupported group.

IEEE Std 802.11-2016 has conflicting statements about this behavior.
Table 9-36 (Presence of fields and elements in Authentication frames)
indicates that the Finite Cyclic Group field is only included with
status code values 0 (success) and 76 (anti-clogging token request)
while SAE protocol description implying that the Finite Cyclic Group
field is set to the rejected group (12.4.8.6.3 and 12.4.8.6.4).

The standard language needs to cleaned up to describe this
unambiguously, but since it looks safe to add the field into the
rejection case and since there is desire to have the field present to be
able to implement what exactly is stated in 12.4.8.6.4, it looks
reasonable to move ahead with the AP mode implementation change. There
is no change in wpa_supplicant for now to modify its behavior based on
whether this field is present, i.e., wpa_supplicant will continue to
work with both the old and new hostapd behavior for SAE group
negotiation.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-08 16:21:03 +02:00
Jouni Malinen
fda7660106 EAP-pwd: Fix a memory leak in hunting-and-pecking loop
tmp2 (y^2) was derived once in each iteration of the loop and only freed
after all the loop iterations. Fix this by freeing the temporary value
during each iteration.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-07 00:27:12 +02:00
Jouni Malinen
fc30f99b34 WPS: Allow AP SAE configuration to be added automatically for PSK
The new hostapd configuration parameter wps_cred_add_sae=1 can be used
to request hostapd to add SAE configuration whenever WPS is used to
configure the AP to use WPA2-PSK and the credential includes a
passphrase (instead of PSK). This can be used to enable WPA3-Personal
transition mode with both SAE and PSK enabled and PMF enabled for PSK
and required for SAE associations.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-06 21:52:43 +02:00
Sunil Dutt
b9cd4f5e75 Vendor feature capability for TWT (Target Wake Time)
Add a new QCA vendor specific feature capability indication for the
device to indicate the support of TWT.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-06 14:13:33 +02:00
Sunil Dutt
877502a6a7 Vendor attribute to indicate a set_blacklist of BSSID only as a hint
The current/default behavior of set blacklist BSSID QCA vendor command
is a mandate to the driver - do not consider this BSSID for connect/roam
till reset.

There are use cases where this need not be a mandate and thus could
provide the flexibility for the driver to consider this BSSID if there
are no better ones. Such use cases can use this new flag attribute to
only hint the blacklist of a BSSID to the driver.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-06 14:09:15 +02:00
Kiran Kumar Lokere
a9247bcdf2 Vendor attribute to configure HE testbed default capabilities
Add a new QCA vendor attribute for testing purposes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-06 14:04:28 +02:00
Kiran Kumar Lokere
8a7510cc0d Vendor attribute to configure support to enable VHT in 2.4G band
Add a new QCA vendor attribute for testing purposes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-06 14:03:56 +02:00
Kiran Kumar Lokere
8919ec616b Vendor attribute to configure HE OMI UL MU data disable
Add a new QCA vendor attribute for testing purposes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-06 14:02:37 +02:00
Jouni Malinen
f214361581 SAE: Reuse previously generated PWE on a retry with the same STA
Do not start SAE authentication from scratch if a STA starts a new
attempt for the same group while we still have previously generated PWE
available. Instead, use the previously generated PWE as-is and skip
anti-clogging token exchange since the heavy processing is already
completed. This saves unnecessary processing on the AP side in case the
STA failed to complete authentication on the first attempt (e.g., due to
heavy SAE load on the AP causing a timeout) and makes it more likely for
a valid STA to be able to complete SAE authentication during a DoS
attack.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-06 13:07:20 +02:00
Jouni Malinen
fd83089120 SAE: Reuse previously generated PWE on a retry with the same AP
Do not start SAE authentication from scratch when the AP requests
anti-clogging token to be used. Instead, use the previously generated
PWE as-is if the retry is for the same AP and the same group. This saves
unnecessary processing on the station side in case the AP is under heavy
SAE authentiation load.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-06 13:07:11 +02:00
Jouni Malinen
a9af1da0b5 SAE: Enforce single use for anti-clogging tokens
Add a 16-bit token index into the anti-clogging token. This can be used
to enforce only a single use of each issued anti-clogging token request.
The token value is now token-index |
last-30-octets-of(HMAC-SHA256(sae_token_key, STA-MAC-address |
token-index)), i.e., the first two octets of the SHA256 hash value are
replaced with the token-index and token-index itself is protected as
part of the HMAC context data.

Track the used 16-bit token index values and accept received tokens only
if they use an index value that has been requested, but has not yet been
used. This makes it a bit more difficult for an attacker to perform DoS
attacks against the heavy CPU operations needed for processing SAE
commit since the attacker cannot simply replay the same frame multiple
times and instead, needs to request each token separately.

While this does not add significant extra processing/CPU need for the
attacker, this can be helpful in combination with the queued processing
of SAE commit messages in enforcing more delay during flooding of SAE
commit messages since the new anti-clogging token values are not
returned before the new message goes through the processing queue.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-06 13:07:03 +02:00
Jouni Malinen
ff9f40aee1 SAE: Process received commit message through a queue
This allows better control of processing new SAE sessions so that other
operations can be given higher priority during bursts of SAE requests,
e.g., during a potential DoS attack. The receive commit messages are
queued (up to maximum of 15 entries) and processed from eloop callback.
If the queue has multiple pending entries, more wait time is used to go
through the each new entry to reduce heavy CPU load from SAE processing.

Enable anti-clogging token use also based on the pending commit message
queue and not only based on the already started sessions.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-06 13:06:50 +02:00
Jouni Malinen
941bad5ef4 SAE: Enable only group 19 by default in AP mode
Change the AP mode default for SAE to enable only the group 19 instead
of enabling all ECC groups that are supported by the used crypto library
and the SAE implementations. The main reason for this is to avoid
enabling groups that are not as strong as the mandatory-to-support group
19 (i.e., groups 25 and 26). In addition, this disables heavier groups
by default.

In addition, add a warning about MODP groups 1, 2, 5, 22, 23, and 24
based on "MUST NOT" or "SHOULD NOT" categorization in RFC 8247. All the
MODP groups were already disabled by default and would have needed
explicit configuration to be allowed.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-05 17:21:41 +02:00
Jouni Malinen
b11fa98bcb Add explicit checks for peer's DH public key
Pass the group order (if known/specified) to crypto_dh_derive_secret()
(and also to OpenSSL DH_generate_key() in case of Group 5) and verify
that the public key received from the peer meets 1 < pubkey < p and
pubkey^q == 1 mod p conditions.

While all these use cases were using only ephemeral DH keys, it is
better to use more explicit checks while deriving the shared secret to
avoid unexpected behavior.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-05 17:05:03 +02:00
Jouni Malinen
4a9531a755 bignum: Fix documentation for bignum_cmp_d()
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-05 16:10:33 +02:00
Jouni Malinen
bb05d03606 Fix a regression from VLAN assignment using WPA/WPA2 passphrase/PSK
This extension of VLAN assignment code had a bug in one of the code
paths where vlan_id could have been left uninitialized. This could
result in SAE authentication getting rejected in cases where VLAN
assignment is not used if the uninitialized stack memory had nonzero
value.

Fixes: dbfa691df4 ("VLAN assignment based on used WPA/WPA2 passphrase/PSK")
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-25 19:48:49 +02:00
Jouni Malinen
429ed54a3d UBSan: Avoid a warning on signed left shift
Use unsigned 1 (1U) instead of signed (1) when doing left shift that
could potentially need to use all bits of the 32-bit unsigned variable.

radius_server.c:2254:14: runtime error: left shift of 1 by 31 places cannot be represented in type 'int'

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-25 19:48:49 +02:00
Jouni Malinen
b3957edbe9 UBSan: Split loop index decrementation into a separate step
Avoid an unnecessary unsigned integer overflow warning due to loop index
j-- use.

hostapd.c:661:10: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'unsigned int'

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-25 19:48:49 +02:00
Jouni Malinen
5ac13f6d00 atheros: Avoid clang compiler warning on address of array check
ie.wps_ie is an array, so there is no point in checking whether it is
NULL.

driver_atheros.c:1221:9: error: address of array 'ie.wps_ie' will
      always evaluate to 'true' [-Werror,-Wpointer-bool-conversion]

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-25 19:48:49 +02:00
Jouni Malinen
aaa6b14984 Avoid compiler warning about potentially unaligned pointer value
(&mgmt->u.deauth.reason_code + 1) is not exactly clean and now that we
have the u8 variable[] member in the struct after this field, use that
directly to avoid clang compiler warning:
ctrl_iface_ap.c:454:18: error: taking address of packed member
      'reason_code' of class or structure 'ieee80211_mgmt::(anonymous
      union)::(anonymous)' may result in an unaligned pointer value
      [-Werror,-Waddress-of-packed-member]

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-25 19:48:49 +02:00
Jouni Malinen
cce974d367 UBSan: Define FST LLT macros without integer overflow
FST_MAX_LLT_MS definition depended on undefined behavior with unsigned
integer overflow. Avoid that and also optimize the
FST_LLT_{MS_TO_VAL,VAL_TO_MS} macros to handle larger values without
overflowing 32-bit unsigned integers.

fst_session.c:1274:52: runtime error: unsigned integer overflow: 4294967295 * 32 cannot be represented in type 'unsigned int'

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-25 19:48:49 +02:00
Jouni Malinen
9140caf5fb UBSan: Avoid integer overflow in a loop index counter
Split the check and decrementation into separate steps to avoid an
unnecessary UBSan warning.

hostapd.c:1895:14: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'size_t' (aka 'unsigned long')

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-25 19:48:49 +02:00
Jouni Malinen
8fc22fdde6 UBSan: Avoid NULL pointer dereferences on an error path
hapd->conf might be NULL in case initialized failed, so better be
prepared for that when debug printing interface name in the deinit path.

hostapd.c:312:54: runtime error: member access within null pointer of type 'struct hostapd_bss_config'
hostapd.c:351:29: runtime error: member access within null pointer of type 'struct hostapd_bss_config'
hostapd.c:2158:18: runtime error: member access within null pointer of type 'struct hostapd_bss_config'

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-25 19:48:49 +02:00
Jouni Malinen
43216777e5 UBSan: Avoid unsigned integer overflow in base64 encoding
Add a constraint on the base64 encoded buffer length to avoid an integer
overflow in the output length calculation.

common.c:1087:16: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'size_t' (aka 'unsigned long')

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-25 19:48:49 +02:00
Jouni Malinen
fed7d8fcba UBSan: Avoid unsigned integer overflow in utf8_{,un}escape()
Split the if/while loop condition into two independent steps so that
in_size-- happens only in the case in_size is nonzero. This gets rid of
unnecessary UBSan warnings.

common.c:1087:16: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'size_t' (aka 'unsigned long')
common.c:1076:16: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'size_t' (aka 'unsigned long')
common.c:1119:16: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'size_t' (aka 'unsigned long')

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-25 19:48:49 +02:00
Jouni Malinen
a9377bc380 UBSan: Avoid memcpy(ptr, NULL, 0)
This results in an UBSan warning that can be avoided easily.

os_unix.c:524:3: runtime error: null pointer passed as argument 2, which is declared to never be null

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-25 19:48:49 +02:00
Jouni Malinen
5a23c2528a UBSan: Avoid an unsigned integer overflow warning
ext_supp_rates_len would be 0 here, so decrementing it by 2 will result
in unsigned integer overflow even if that result is not actually used
anywhere. Avoid that to get rid of the UBSan warning.

tdls.c:1597:27: runtime error: unsigned integer overflow: 0 - 2 cannot be represented in type 'unsigned long'

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-25 19:48:49 +02:00
Jouni Malinen
abde4eba45 UBSan: Pack MACsec peer id structure
This is needed to avoid an UBSan warning and since this struct is used
as part of a message construction, it needs to be packed anyway to
guarantee correct functionality.

ieee802_1x_kay.c:1021:3: runtime error: member access within misaligned address 0x0000031921e2 for type 'struct ieee802_1x_mka_peer_id', which requires 4 byte alignment

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-25 19:48:49 +02:00
Jouni Malinen
1b85cad29c UBSan: Use typecast to avoid unsigned integer overflow
iface->num_bss is unsigned integer, so need to explicit typecast it to
unsigned before decrementation by one even when the result is stored in
an unsigned integer.

../src/ap/hostapd.c:2185:26: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'unsigned long'

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-25 19:48:46 +02:00
Jouni Malinen
3b6b3ae581 Modify dl_list_for_each() to not use unaligned access with WPA_TRACE
UBSan testing with WPA_TRACE=y ended up hitting an unaligned access for
struct os_alloc_trace in os_program_deinit() because of the
dl_list_for_each() design that looked like dereferencing the member
element of the list head which is something that does not exist.

Get the first entry from the list using dl_list_first() so that the
empty list special case is covefred and compare item pointers instead of
struct dl_list pointers to check whether the end of the loop has been
reached.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-25 19:42:34 +02:00
Jouni Malinen
1415d4b82d Multi-AP: Avoid memcpy(ptr, NULL, 0) in WPS Registrar initialization
This can result in compiler warnings due to the unexpected NULL pointer
as a source memory even when the length of the copied data is 0.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-23 11:37:20 +02:00
Lior David
2c129a1b71 Fix cipher suite selector default value in RSNE for DMG
According to IEEE Std 802.11-2016, 9.4.2.25 when fields of an RSNE are
not included, the default values are used. The cipher suite defaults
were hardcoded to CCMP in the previous implementation, but the default
is actually different for DMG: GCMP (per 9.4.2.25.2).

It is not possible to find out from the RSNE if the network is non-DMG
or DMG, so callers of wpa_parse_wpa_ie_rsn() need to handle this case
based on context, which can be different for each caller.

In order to fix this issue, add flags to the wpa_ie_data indicating
whether pairwise/group ciphers were included in the RSNE. Callers can
check these flags and fill in the appropriate ciphers. The
wpa_parse_wpa_ie_rsn() function still initializes the ciphers to CCMP by
default so existing callers will not break. This change also fixes some
callers which need to handle the DMG network case.

Signed-off-by: Lior David <liord@codeaurora.org>
2019-02-21 12:42:24 +02:00
Jiani Liu
239794018e Add new QCA vendor attributes for coex configuration
Signed-off-by: Jiani Liu <jianil@codeaurora.org>
2019-02-21 12:24:45 +02:00
Arun Kumar Khandavalli
d939a8cb49 Add a vendor attribute for specifying ethernet protocol type
This new QCA vendor attribute adds provision to specify the
ethernet protocol id from userspace to the packets which are
offloaded to the driver/firmware (e.g., IPv4, IPv6).

Signed-off-by: Arun Kumar Khandavalli <akhandav@codeaurora.org>
2019-02-21 12:18:19 +02:00
Davina Lu
66819b07b5 hostapd: Support Multi-AP backhaul STA onboarding with WPS
The Wi-Fi Alliance Multi-AP Specification v1.0 allows onboarding of a
backhaul STA through WPS. To enable this, the WPS Registrar offers a
different set of credentials (backhaul credentials instead of fronthaul
credentials) when the Multi-AP subelement is present in the WFA vendor
extension element of the WSC M1 message.

Add new configuration options to specify the backhaul credentials for
the hostapd internal registrar: multi_ap_backhaul_ssid,
multi_ap_backhaul_wpa_psk, multi_ap_backhaul_wpa_passphrase. These are
only relevant for a fronthaul SSID, i.e., where multi_ap is set to 2 or
3. When these options are set, pass the backhaul credentials instead of
the normal credentials when the Multi-AP subelement is present.

Ignore the Multi-AP subelement if the backhaul config options are not
set. Note that for an SSID which is fronthaul and backhaul at the same
time (i.e., multi_ap == 3), this results in the correct credentials
being sent anyway.

The security to be used for the backaul BSS is fixed to WPA2PSK. The
Multi-AP Specification only allows Open and WPA2PSK networks to be
configured. Although not stated explicitly, the backhaul link is
intended to be always encrypted, hence WPA2PSK.

To build the credentials, the credential-building code is essentially
copied and simplified. Indeed, the backhaul credentials are always
WPA2PSK and never use per-device PSK. All the options set for the
fronthaul BSS WPS are simply ignored.

Signed-off-by: Davina Lu <ylu@quantenna.com>
Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Marianna Carrera <marianna.carrera.so@quantenna.com>
2019-02-18 22:35:41 +02:00
Davina Lu
83ebf55865 wpa_supplicant: Support Multi-AP backhaul STA onboarding with WPS
The Wi-Fi Alliance Multi-AP Specification v1.0 allows onboarding of a
backhaul STA through WPS. To enable this, the backhaul STA needs to add
a Multi-AP IE to the WFA vendor extension element in the WSC M1 message
that indicates it supports the Multi-AP backhaul STA role. The Registrar
(if it support Multi-AP onboarding) will respond to that with a WSC M8
message that also contains the Multi-AP IE, and that contains the
credentials for the backhaul SSID (which may be different from the SSID
on which WPS is performed).

Introduce a new parameter to wpas_wps_start_pbc() and allow it to be
set via control interface's new multi_ap=1 parameter of WPS_PBC call.
multi_ap_backhaul_sta is set to 1 in the automatically created SSID.
Thus, if the AP does not support Multi-AP, association will fail and
WPS will be terminated.

Only wps_pbc is supported.

This commit adds the multi_ap argument only to the control socket
interface, not to the D-Bus interface.

Since WPS associates with the fronthaul BSS instead of the backhaul BSS,
we should not drop association if the AP announces fronthaul-only BSS.
Still, we should only do that in the specific case of WPS. Therefore,
add a check to multi_ap_process_assoc_resp() to allow association with a
fronthaul-only BSS if and only if key_mgmt contains WPS.

Signed-off-by: Davina Lu <ylu@quantenna.com>
Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Cc: Marianna Carrera <marianna.carrera.so@quantenna.com>
2019-02-18 22:35:41 +02:00
Arnout Vandecappelle (Essensium/Mind)
56a2d788f9 WPS: Add multi_ap_subelem to wps_build_wfa_ext()
The Multi-AP specification adds a new subelement to the WFA extension
element in the WPS exchange. Add an additional parameter to
wps_build_wfa_ext() to add this subelement. The subelement is only added
if the parameter is nonzero. Note that we don't reuse the existing
MULTI_AP_SUB_ELEM_TYPE definition here, but rather define a new
WFA_ELEM_MULTI_AP, to make sure the enum of WFA subelement types for WPS
vendor extension remains complete.

For now, all callers set the multi_ap_subelem parameter to 0.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-02-18 20:30:26 +02:00
Arnout Vandecappelle (Essensium/Mind)
bfcdac1c8b Multi-AP: Don't reject backhaul STA on fronthaul BSS
The Multi-AP specification only specifies that information elements have
to be added to the Association Request and Association Response frame;
it doesn't specify anything about what should be done in case they are
missing. Previously, we rejected non-backhaul associations on a
backhaul-only BSS, and non-fronthaul associations on a fronthaul-only
BSS.

However, this makes WPS fail when fronthaul and backhaul are separate
SSIDs. Indeed, WPS for the backhaul link is performed on the *fronthaul*
SSID. Thus, the Association Request frmae used for WPS *will* contain
the Multi-AP IE indicating a backhaul STA. Rejecting that association
makes WPS fail.

Therefore, accept a multi-AP backhaul STA Association Request frame on a
fronthaul-only BSS. Still issue a warning about it, but only at level
DEBUG intead of INFO. Also change the condition checking to make it
clearer.

While we're at it, also fix the handling of unexpected bits in the
Multi-AP IE. 4 bits are reserved in the specification, so these
certainly have to be ignored. The specification also doesn't say that
setting one of the other bits is not allowed. Therefore, only report
unexpected values in the Multi-AP IE, don't reject because of it. Note
that a malformed IE (containing more than one byte) still triggers a
rejection.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-02-18 20:21:01 +02:00
Jouni Malinen
2fae58fdc1 Fix wpa_psk_file parser error case handling
str_token() can return NULL for the name if the remaining token contains
only the delimiter. Fix this to avoid NULL pointer dereference with a
corner case of an invalid value used in the configuration.

Fixes: ec5c39a557 ("AP: Allow identifying which passphrase station used with wpa_psk_file")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-18 18:41:32 +02:00
Jouni Malinen
b0e91e3877 SAE: VLAN assignment based on SAE Password Identifier
The new sae_password parameter [|vlanid=<VLAN ID>] can now be used to
assign stations to a specific VLAN based on which SAE Password
Identifier they use. This is similar to the WPA2-Enterprise case where
the RADIUS server can assign stations to different VLANs and the
WPA2-Personal case where vlanid parameter in wpa_psk_file is used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-17 17:24:23 +02:00
Jouni Malinen
947b5a1532 P2P: Stop listen state if Action frame TX is needed on another channel
This speeds up P2P responses to frames received on an operating channel
in case there is an ongoing P2P listen operation on another channel.
This is applicable to drivers that support multiple channels in
concurrently.

This addresses an issue showing up in the
p2ps_channel_active_go_and_station_different_mcc test case where the
Provision Discovery Request frame can be received on the operating
channel of a group instead of the Listen channel. The response was
delayed until the listen operation timed out and this took too long time
for the peer to receive the response.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-17 16:53:03 +02:00
Jouni Malinen
b3e8ca65a6 P2P: Fix a typo in a debug message
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-17 16:24:34 +02:00
Qun Zhang
31ee2992c7 Add QCA vendor subcmd/attribute to check wlan firmware state
Allow user space applications to check whether wlan firmware is alive
through an nl80211 vendor command.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-15 02:09:41 +02:00
Jouni Malinen
ccaf774767 Add HE Capabilities into ieee802_11_parse_elems()
This is needed to determine whether an association negotiated use of HE.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-15 02:09:41 +02:00
Jouni Malinen
5d68c0acd2 nl80211: (Re)Association Request frame IEs from association event
Process NL80211_ATTR_REQ_IE from the NL80211_CMD_ASSOCIATE event to
allow request IEs to be made available for the SME-in-wpa_supplicant
case similarly to how this is done with SME-in-driver with
NL80211_CMD_CONNECT.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-15 02:09:41 +02:00
Jouni Malinen
dbfa691df4 VLAN assignment based on used WPA/WPA2 passphrase/PSK
Extend wpa_psk_file to allow an optional VLAN ID to be specified with
"vlanid=<VLAN ID>" prefix on the line. If VLAN ID is specified and the
particular wpa_psk_file entry is used for a station, that station is
bound to the specified VLAN. This can be used to operate a single
WPA2-Personal BSS with multiple VLANs based on the used passphrase/PSK.
This is similar to the WPA2-Enterprise case where the RADIUS server can
assign stations to different VLANs.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-14 13:36:54 +02:00
Jouni Malinen
f3a841bbff Do not disassociate not-associated STA on timeout
If the ap_handle_timer() timeout is reached for a not-associated STA, do
not default to disassociating that STA first since Disassociation frame
is not really appropriate to send to a STA that is not in associated
state. Instead, skip directly to deauthentication and STA entry removal.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-11 17:42:53 +02:00
Jouni Malinen
91205c8eb4 OpenSSL: Fix uninitialized variable in CRL reloading corner case
The flags variable needs to be initialized to 0 if check_crl is 0 in
the updated configuration.

Fixes: 159a7fbdea ("crl_reload_interval: Add CRL reloading support")
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-11 14:02:17 +02:00
Jouni Malinen
092a19222b Use for_each_element() in ieee802_11_parse_elems()
Use the new iteration macro to simplify the impelmentation and make it
more consistent with other IE parsers.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-11 13:51:11 +02:00
Johannes Berg
b50a638965 common: Use for_each_element_id/_extid for get_ie/get_ie_ext/get_vendor_ie
Simplifications based on the new iteration macros.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-02-11 13:37:22 +02:00
Johannes Berg
b644797429 common: Use for_each_element_id() in mb_ies_info_by_ies()
The change is bigger because here we need to catch the error
condition if the last element doesn't fit.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-02-11 13:37:22 +02:00
Johannes Berg
9008048f0f common: Use for_each_element_id() in ieee802_11_vendor_ie_concat()
Simple cleanup using the new iteration helper macro.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-02-11 13:37:22 +02:00
Johannes Berg
eb84238df6 common: Use for_each_element() in ieee802_11_ie_count()
Simple cleanup using the new macros.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-02-11 13:37:22 +02:00
Johannes Berg
0e0c31bdc5 common: Add strongly typed element iteration macros
Rather than always iterating elements from frames with pure
u8 pointers, add a type "struct element" that encapsulates
the id/datalen/data format of them.

Then, add the element iteration macros
 * for_each_element
 * for_each_element_id
 * for_each_element_extid

which take, as their first 'argument', such a structure and
iterate through a given u8 array interpreting it as elements.

While at it also add
 * for_each_subelement
 * for_each_subelement_id
 * for_each_subelement_extid

which instead of taking data/length just take an outer element
and use its data/datalen.

Also add for_each_element_completed() to determine if any of
the loops above completed, i.e., it was able to parse all of
the elements successfully and no data remained.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-02-11 13:37:22 +02:00
Jouni Malinen
525923b1d7 tests: EAPOL-Key fuzzing tool
Add test-eapol program that can be used for fuzzing the EAPOL-Key
Supplicant and Authenticator implementations. This tool can write
Supplicant or Authenticator messages into a file as an initialization
step and for the fuzzing step, that file (with potential modifications)
can be used to replace the internally generated message contents.

The TEST_FUZZ=y build parameter is used to make a special build where a
hardcoded random number generator and hardcoded timestamp are used to
force deterministic behavior for the EAPOL-Key operations. This will
also make the implementation ignore Key MIC and AES keywrap errors to
allow processing of modified messages to continue further.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-11 02:35:29 +02:00
Jouni Malinen
02a0a23939 RSN: Do not start preauthentication timer without candidates
There is no need to schedule the postponed RSN preauthentication start
if there are no candidates. Avoid wasting eloop resources for this.

This is most useful for fuzz testing of the 4-way handshake
implementation to avoid getting stuck waiting for this unnecessary one
second time when using eloop to coordinate the Authenticator and
Supplicant state machines.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-11 02:35:29 +02:00
Jouni Malinen
1e5506588d JSON: Fix string parsing when \\ escape is at the end of buffer
This would have resulted in reading one octet past the end of the buffer
before rejecting the string.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-11 02:35:29 +02:00
Jouni Malinen
0dedcb3154 JSON: Fix parsing of a number from the end of the buffer
Avoid reading one octet past the end of the buffer when parsing a number
that is at the very end of the buffer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-11 02:35:29 +02:00
Jouni Malinen
79fa1b4530 tests: JSON parser fuzzer
test-json can be used for fuzz testing the JSON parser implementation in
src/utils/json.c.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-11 02:35:29 +02:00
Jouni Malinen
62269c8d8d TLS: Fix X.509 certificate name conversion into empty string
If none of the supported name attributes are present, the name string
was nul terminated only at the end. Add an explicit nul termination at
the end of the last written (or beginning of the buffer, if nothing is
written) to avoid writing uninitialized data to debug log.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-11 02:35:29 +02:00
Jouni Malinen
3eae9766b7 TLS: Fix ASN.1 parsing with no room for the header
Explicitly check the remaining buffer length before trying to read the
ASN.1 header values. Attempt to parse an ASN.1 header when there was not
enough buffer room for it would have started by reading one or two
octets beyond the end of the buffer before reporting invalid data at the
following explicit check for buffer room.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-11 02:35:29 +02:00
Jouni Malinen
fbc2123a14 TLS: Fix AlertDescription for missing partial processing case
tlsv1_record_receive() did not return error here and as such, &alert was
not set and must not be used. Report internal error instead to avoid use
of uninitialized memory.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-11 02:35:29 +02:00
Jouni Malinen
1ac9c020b5 tests: TLS fuzzing tool
Add test-tls program that can be used for fuzzing the internal TLS
client and server implementations. This tool can write client or server
messages into a file as an initialization step and for the fuzzing step,
that file (with potential modifications) can be used to replace the
internally generated message contents.

The TEST_FUZZ=y build parameter is used to make a special build where a
hardcoded random number generator and hardcoded timestamp are used to
force deterministic behavior for the TLS operations.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-11 02:35:29 +02:00
Jouni Malinen
f3cca8b1ea TLS server: Check credentials have been configured before using them
Allow ServerHello to be built without local credential configuration.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-10 01:43:50 +02:00
Jouni Malinen
19dd7a736e TLS server: Local failure information on verify_data mismatch
Mark connection state FAILED in this case even though TLS Alert is not
sent.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-10 01:43:50 +02:00
Jouni Malinen
f08ab18bf9 TLS server: Add internal callbacks get_failed, get_*_alerts
These can be used to implement cleaner termination of the handshake in
case of failures.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-10 01:43:50 +02:00
Jouni Malinen
b642ab4062 TLS server: More complete logging of ClientHello decode errors
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-10 01:43:50 +02:00
Jouni Malinen
fdd8a2f0b8 TLS client: Fix peer certificate event checking for probing
conn->cred might be NULL here, so check for that explicitly before
checking whether conn->cred->cert_probe is set. This fixes a potential
NULL pointer dereference when going through peer certificates with
event_cb functionality enabled.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-10 01:43:50 +02:00
Jouni Malinen
e5bffe1aa9 OpenSSL: Add more handshake message names to debug
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-10 01:43:50 +02:00
Jouni Malinen
21cd8f8319 nl80211: Use wpa_ssid_txt() for debug messages more consistently
Print the SSID with printf escaping instead of wpa_hexdump_ascii()
format to clean up the debug log a bit. This was already done for number
of SSID debug prints.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-10 01:43:50 +02:00
Purushottam Kushwaha
f2a6ac63ee P2P: Update find_start timer only when p2p_scan is started.
p2p->find_start timer was updated on each p2p_find call irrespective of
p2p_find being successful/failed/rejected. For cases where p2p_find was
in progress/pending, another call to p2p_find would be rejected but
p2p->find_start timer would still be updated.

p2p->find_start is maintained in wpa_supplicant to reject the kernel
scan entries before the p2p->find_start time. In above scenario, some of
the scan entries could be discarded even if the Probe Respons frame(s)
were received during the last scan/p2p_find.

This commit changes this to update the p2p->find_start timer only when
call to p2p_find is successful, i.e., a new scan is actually started.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-07 11:56:35 +02:00
Jouni Malinen
c4e90da6d0 MBO: Move the WNM-Notification subtype definitions to common location
Do not use a separate enum for MBO WNM-Notification Request frame
subtype values since these share the same number space with the Hotspot
2.0 ones.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-06 19:10:17 +02:00
Jouni Malinen
105b14f54b HS 2.0: Update the T&C Acceptance subtype value
The previously used value 2 was already assigned for another purpose
(MBO non-preferred channel report), so the newer T&C Acceptable
definition needs to be updated with a unique value.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-06 19:10:17 +02:00
Jouni Malinen
6110753b18 nl80211: Clear PMKID add command message buffer
This command has now been extended to include PMK for offload needs, so
the message buffer needs to be cleared explicitly after use to avoid
leaving such material in heap memory unnecessarily.

Fixes: 061a3d3d53 ("nl80211: Add support for FILS Cache Identifier in add/remove_pmkid()")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-05 23:34:30 +02:00
Jouni Malinen
0fa33e05b4 nl80211: Clear connect command message buffer
This command can include keys (WEP or PSK for offload), so the message
buffer needs to be cleared explicitly after use to avoid leaving such
material in heap memory unnecessarily.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-05 23:34:30 +02:00
Jouni Malinen
b14e8ea1d2 nl80211: Request kernel to trim off payload of netlink requests from acks
We do not need such payload in the acknowledgment, so adding it uses
resources unnecessarily. Furthermore, the original request can include
key material (e.g., NL80211_ATTR_PMK). libnl does not explicitly clear
this received message buffer and it would be inconvenient for
wpa_supplicant/hostapd to try to clear it with the current libnl design
where a duplicated buffer is actually passed to the callback. This means
that keys might be left unnecessarily in heap memory. Avoid this by
requesting the kernel not to copy back the request payload.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-05 23:34:30 +02:00
Jouni Malinen
789b48bb48 EAP peer: Clear temporary message buffers before freeing
These buffers in TLS-based EAP methods might contain keys or password
(e.g., when using TTLS-PAP or PEAP-GTC), so clear them explicitly to
avoid leaving such material into heap memory unnecessarily.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-05 23:34:30 +02:00
Jouni Malinen
d05dda61d8 PEAP: Explicitly clear temporary keys from memory when using CMK
The case of PEAPv0 with crypto binding did not clear some of the
temporary keys from stack/heap when those keys were not needed anymore.
Clear those explicitly to avoid unnecessary caching of keying material.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-02 00:01:29 +02:00
Jouni Malinen
4e1cd3468e EAP-PEAP: Derive EMSK and use 128-octet derivation for MSK
Derive EMSK when using EAP-PEAP to enable ERP. In addition, change the
MSK derivation for EAP-PEAP to always derive 128 octets of key material
instead of the 64 octets to cover just the MSK. This is needed with the
PRF used in TLS 1.3 since the output length is mixed into the PRF
context.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-01 23:52:28 +02:00
Purushottam Kushwaha
59fa205388 P2P: Allow the avoid channels for P2P discovery/negotiation
The avoid channels are notified through
QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY allow minimal traffic, so
enhance the P2P behavior accordingly by considering these avoid
frequencies for P2P discovery/negotiation as long as they are not in
disallowed frequencies list.

Additionally, do not return failure when none of social channels are
available as operation channel, rather, mark the op_channel/op_reg_class
to 0 as this would anyway get selected during the group formation in
p2p_prepare_channel.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-01-30 12:15:19 +02:00
Jouni Malinen
e34cd9f06e WNM: Fix WNM-Sleep Mode Request bounds checking
ieee802_11_rx_wnmsleep_req() might have been called for a short frame
that has no more payload after the Public Action field, i.e., with len
== 0. The bounds checking for the payload length was done only for the
information elements while the one octet Dialog Token field was read
unconditionally. In the original implementation, this could have
resulted in reading one octet beyond the end of the received frame data.

This case has not been reachable after the commit e0785ebbbd ("Use
more consistent Action frame RX handling in both AP mode paths"), but it
is better to address the specific issue in ieee802_11_rx_wnmsleep_req()
as well for additional protection against accidential removal of the
check and also to have something that can be merged into an older
version (pre-v2.7) if desired. The comments below apply for such older
versions where the case could have been reachable.

Depending on driver interface specific mechanism used for fetching the
frame, this could result in reading one octet beyond the end of a
stack/hash buffer or reading an uninitialized octet from within a
buffer. The actual value that was read as the Dialog Token field is not
used since the function returns immediately after having read this value
when there is no information elements following the field.

This issue was initially added in commit d32d94dbf4 ("WNM: Add
WNM-Sleep Mode implementation for AP") (with CONFIG_IEEE80211V=y build
option) and it remained in place during number of cleanup and fix
changes in this area and renaming of the build parameter to
CONFIG_WNM=y. The impacted function was not included in any default
build without one of the these optional build options being explicitly
enabled. CONFIG_WNM=y is still documented as "experimental and not
complete implementation" in hostapd/defconfig. In addition, commit
114f2830d2 ("WNM: Ignore WNM-Sleep Mode Request in wnm_sleep_mode=0
case") made this function exit before the impact read if WNM-Sleep Mode
support was not explicitly enabled in runtime configuration
(wnm_sleep_mode=1 in hostapd.conf). Commit e0785ebbbd ("Use more
consistent Action frame RX handling in both AP mode paths") made this
code unreachable in practice.

Add an explicit check that the frame has enough payload before reading
the Dialog Token field in ieee802_11_rx_wnmsleep_req().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-01-28 14:58:17 +02:00
Jared Bents
159a7fbdea crl_reload_interval: Add CRL reloading support
This patch adds a new flag 'crl_reload_interval' to reload CRL
periodically. This can be used to reload ca_cert file and the included
CRL information on every new TLS session if difference between the last
reload and the current time in seconds is greater than
crl_reload_interval.

This reloading is used for cases where check_crl is 1 or 2 and the CRL
is included in the ca_file.

Signed-off-by: Paresh Chaudhary <paresh.chaudhary@rockwellcollins.com>
Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
2019-01-27 18:45:07 +02:00
Michal Kazior
ec5c39a557 AP: Allow identifying which passphrase station used with wpa_psk_file
It is now possible to optionally specify keyid for
each wpa_psk_file entry:

 keyid=something 00:00:00:00:00:00 secretpassphrase

When station connects and the passphrase it used
has an associated keyid it will be appended to the
AP-STA-CONNECTED event string:

 wlan0: AP-STA-CONNECTED 00:36:76:21:dc:7b keyid=something

It's also possible to retrieve it through the control interface:

 $ hostapd_cli all_sta
 Selected interface 'ap0'
 00:36:76:21:dc:7b
 ...
 keyid=something

New hostapd is able to read old wpa_psk_file. However, old hostapd will
not be able to read the new wpa_psk_file if it includes keyids.

Signed-off-by: Michal Kazior <michal@plume.com>
2019-01-26 17:52:04 +02:00
Michal Kazior
b08c9ad0c7 AP: Expose PMK outside of wpa_auth module
This doesn't change any behavior on its own. It's going to be used to
expose per-station keyids and allow reloading passphrases in runtime.

Signed-off-by: Michal Kazior <michal@plume.com>
2019-01-26 17:52:04 +02:00
Jouni Malinen
42d308635f SAE: Advertise Password Identifier use
Support the new Extended Capabilities field bits 81 and 82 to indicate
whether SAe Password Identifiers are in use.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-01-24 00:20:49 +02:00
stonez
fff8da8ace Add a vendor attribution to transfer EVM information
This new QCA vendor attribute indicates the EVM value in netlink.

Signed-off-by: stonez <stonez@codeaurora.org>

:100644 100644 ad5dac2... ede4fc8... M	src/common/qca-vendor.h
2019-01-21 12:28:05 +02:00
Stefan Strogin
67d35396cb Fix build with LibreSSL
When using LibreSSL build fails with:

../src/crypto/tls_openssl.o: in function `tls_connection_client_cert':
../src/crypto/tls_openssl.c:2817: undefined reference to `SSL_use_certificate_chain_file'
collect2: error: ld returned 1 exit status
make: *** [Makefile:1901: wpa_supplicant] Error 1

There is no such function in LibreSSL.

Signed-off-by: Stefan Strogin <stefan.strogin@gmail.com>
2019-01-12 15:26:07 +02:00
Peng Xu
5a3319ab1b P2P: Add 802.11ax support for P2P GO
An optional parameter "he" is added to p2p_connect, p2p_group_add, and
p2p_invite to enable 11ax HE support. The new p2p_go_he=1 configuration
parameter can be used to request this to be enabled by default.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-01-12 13:09:39 +02:00
Sunil Dutt
9da1641a4c Clarify documentation of avoid channels expectations
The vendor command QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY was defined
to carry the list of avoid frequencies that aim to avoid any
interference with other coexistencies. This recommendation was followed
strictly by trying to prevent WLAN traffic on the impacted channels.

This commit refines the expectation of the interface by defining this
avoid channel list to allow minimal traffic but not heavier one. For
example, P2P may still be able to use avoid list frequencies for P2P
discovery and GO negotiation if the actual group can be set up on a not
impact channel.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-01-12 12:39:36 +02:00
Siva Mullati
11ce7a1bc3 HE: Add MU EDCA Parameter Set element (AP)
Add support for configuring parameters for the MU EDCA Parameter Set
element per IEEE P802.11ax/D3.0.

Signed-off-by: Siva Mullati <siva.mullati@intel.com>
2019-01-08 17:22:43 +02:00
Jouni Malinen
6bcbda4082 drivers: Set CONFIG_LIBNL32=y automatically based on pkg-config
If the libnl version is not specified explicitly with CONFIG_LIBNL*, try
to check for the most likely case today with pkg-config.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-08 13:31:55 +02:00
Andrey Kartashev
41b747522e drivers: Move libnl related build flags to separate ifdef block
Fix compilation issue if we want to build wpa_supplicant without any
wireless connectivity but only with MACSec support via Linux kernel
driver.

Signed-off-by: Andrey Kartashev <a.s.kartashev@gmail.com>
2019-01-08 13:24:22 +02:00
Mike Siedzik
a07b8a70b5 mka: New MI should only be generated when peer's key is invalid
Two recent changes to MKA create a situation where a new MI is generated
every time a SAK Use parameter set is decoded.  The first change moved
invalid key detection from ieee802_1x_decode_basic_body() to
ieee802_1x_kay_decode_mpkdu():

  commit db9ca18bbf ("mka: Do not ignore MKPDU parameter set decoding failures")

The second change forces the KaY to generate a new MI when an invalid
key is detected:

  commit a8aeaf41df ("mka: Change MI if key invalid")

The fix is to move generation of a new MI from the old invalid key
detection location to the new location.

Fixes: a8aeaf41df ("mka: Change MI if key invalid")
Signed-off-by: Michael Siedzik <msiedzik@extremenetworks.com>
2019-01-08 01:12:02 +02:00
Arend van Spriel
d896874f86 nl80211: Indicate 802.1X 4-way handshake offload in connect
Upon issuing a connect request we need to indicate that we want the
driver to offload the 802.1X 4-way handshake for us. Indicate it if
the driver capability supports the offload.

Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
2019-01-08 01:12:02 +02:00
Arend van Spriel
436ee2fd93 drivers: Add separate driver flags for 802.1X and PSK 4-way HS offloads
Allow drivers to indicate support for offloading 4-way handshake for
either IEEE 802.1X (WPA2-Enterprise; EAP) and/or WPA/WPA2-PSK
(WPA2-Personal) by splitting the WPA_DRIVER_FLAGS_4WAY_HANDSHAKE flag
into two separate flags.

Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
2019-01-08 01:12:02 +02:00
Zefir Kurtisi
10de40c0c8 DFS: Restart pending CAC on interface enable
When an interface is re-enabled after it was disabled during CAC, it
won't ever get active since hostapd is waiting for a CAC_FINISHED while
kernel side is waiting for a CMD_RADAR_DETECT to start a CAC.

This commit checks for a pending CAC when an interface is enabled and if
so restarts its DFS processing.

Signed-off-by: Zefir Kurtisi <zefir.kurtisi@neratec.com>
2019-01-08 01:11:56 +02:00
Bo Chen
27ebadccfb RADIUS client: Cease endless retry for message for multiple servers
In the previous RADIUS client implementation, when there are multiple
RADIUS servers, we kept trying the next server when the current message
can not be acked. It leads to endless retry when all the RADIUS servers
are down.

Fix this by keeping a counter for the accumulated retransmit attempts
for the message, and guarantee that after all the servers failover
RADIUS_CLIENT_MAX_FAILOVER times the message will be dropped.

Another issue with the previous code was that the decision regarding
whether the server should fail over was made immediately after we send
out the message. This patch guarantees we consider whether a server
needs failover after pending ack times out.

Signed-off-by: Bo Chen<bochen@meraki.com>
2019-01-07 23:38:18 +02:00
Kiran Kumar Lokere
166ab0b780 QCA vendor commands to configure HE +HTC capability and OM control Tx
Define QCA vendor command attributes to configure HE +HTC support and
HE operating mode control transmission. This is used to configure the
testbed device.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-01-07 22:55:20 +02:00