Commit graph

7004 commits

Author SHA1 Message Date
John Crispin
b04e43086b HE: Remove vht_ prefix from shared set_freq argument
oper_chwidth is used for both VHT and HE here.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:30:05 +03:00
John Crispin
464dcfd030 HE: Remove VHT_ prefix from CHANWITDH_* define
The bandwidth values are shared between VHT and HE mode so remove the
VHT specific prefix.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:27:49 +03:00
John Crispin
846e8396ab HE: Mask out the beamforming capabilities if they are not configured
These bits might be set by the capabilities read from the kernel, so
mask them out if beamforming is not enabled in the local configuration.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:27:41 +03:00
John Crispin
59d9c3a145 nl80211: Allow HE Capability to be set for a STA
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:27:41 +03:00
John Crispin
289a9cf7ae HE: Add HE Operation element to element parser
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:27:41 +03:00
Jouni Malinen
d70776098d VHT: Remove copying of VHT Operation element from (Re)Assoc Req
This copying attempt was added incorrectly since that element is never
actually present in (Re)Association Request frames. It is only valid to
copy that element from the mesh peering frames.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-26 18:03:40 +03:00
Jouni Malinen
ce362f885f FILS: Explicitly clear plaintext buffer for Assoc Resp
This buffer may contain GTK and IGTK, so better clear it explicitly from
heap memory before freeing the buffer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-26 16:11:56 +03:00
Jouni Malinen
31bc66e4d1 More forceful clearing of stack memory with keys
gcc 8.3.0 was apparently clever enough to optimize away the previously
used os_memset() to explicitly clear a stack buffer that contains keys
when that clearing happened just before returning from the function.
Since memset_s() is not exactly portable (or commonly available yet..),
use a less robust mechanism that is still pretty likely to prevent
current compilers from optimizing the explicit clearing of the memory
away.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-26 16:11:56 +03:00
Jouni Malinen
7d43c7b2d6 nl80211: Write event name in debug log for ignored events
This makes it easier to understand debug logs from systems that have
multiple interfaces.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-25 21:37:23 +03:00
Jouni Malinen
baf8ab8cec RADIUS server: Do not close fd=0 in error cases
Initialize auth_sock and acct_sock to -1 to avoid radius_server_deinit()
attempting to close fd=0 if anything fails in setting up the RADIUS
server.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-25 19:10:08 +03:00
Mohit Sethi
5eefa8115b EAP-AKA: Add Session-Id derivation during fast-reauth
The Session-Id derivation for EAP-AKA in RFC 5247 only explained how the
Session-Id is derived for regular authentication. Jouni reported it as
an errata with text explaining how to derive it during fast
reauthentication.

This patch now exports the Session-Id for EAP-AKA during fast
reauthentication based on this Session-Id = 0x17 || NONCE_S || MAC
construction.

Also documented by Alan Dekok in draft-dekok-emu-eap-session-id.

Signed-off-by: Mohit Sethi <mohit.sethi@aalto.fi>
2019-05-25 17:17:00 +03:00
Mohit Sethi
1c16b257a0 EAP-SIM: Add Session-Id derivation during fast-reauth
The Session-Id derivation for EAP-SIM in RFC 5247 only explained how the
Session-Id is derived for regular authentication. Jouni reported it as
an errata with text explaining how to derive it during fast
reauthentication.

This patch now exports the Session-Id for EAP-SIM during fast
reauthentication based on this Session-Id = 0x12 || NONCE_S || MAC
construction.

Signed-off-by: Mohit Sethi <mohit.sethi@aalto.fi>
2019-05-25 17:05:03 +03:00
Jouni Malinen
312ec34e40 UBSan: Avoid dependency on undefined behavior in internal AES operation
The rcons[] and Td4s[] array values need to be type cast explicitly to
u32 for the left shift 24 operation to be defined due to the implicit
conversion to int not handling the case where MSB would become 1 without
depending on UB.

Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14929
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-25 01:51:12 +03:00
Jouni Malinen
5bad612311 WNM: Fix bounds checking in SSID List element matching
The IE header length check was off-by-one and that could allow the loop
to read one octet beyond the end of the buffer before breaking out in
the second check.

Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14927
Fixes: 0a66ce3c49 ("WNM: Add support for SSID List element matching")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-25 01:29:47 +03:00
Jouni Malinen
b1aee7a622 DPP: Fix bootstrapping URI parser to handle channel list for an opclass
The bootstrapping URI format for DPP was extended during protocol design
to allow a list of channels without having to repeat the same operating
class information for each channel. That change was not included in the
initial implementation of the parser and a channel-list like
"C:81/1,6,11" would not be understood correctly (i.e., only the longer
"C:81/1,81/6,81/11" form would have been parsed correctly).

Fix this by extending the parser to accept both the shorter and longer
form for a list of channels within a single operating class.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-23 01:34:24 +03:00
Jouni Malinen
69afb6b395 FILS: Verify RSNE match between Beacon/Probe Response and (Re)AssocResp
IEEE Std 802.11ai-2016 requires the FILS STA to do this check, but this
was missing from the initial implementation. The AP side behavior was
not described properly in 802.11ai due to a missing change in the
(Re)Association Response frame format tables which has resulted in some
deployed devices not including the RSNE.

For now, use an interoperability workaround to ignore the missing RSNE
and only check the payload of the element if it is present in the
protected frame. In other words, enforce this validation step only with
an AP that implements FILS authentication as described in REVmd while
allowing older implementations to skip this check (and the protection
against downgrade attacks). This workaround may be removed in the future
if it is determined that most deployed APs can be upgraded to add RSNE
into the (Re)Association Response frames.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-23 00:34:43 +03:00
Jouni Malinen
831d8c9cf5 FILS: Add RSNE into (Re)Association Response frame
This AP behavior was missing from IEEE Std 802.11ai-2016, but it is
needed for the RSNE validation to work correctly and for a FILS STA to
be able to perform the mandatory check for RSNE matching when processing
the (Re)Association Response frame (as described in 802.11ai). REVmd
will be updating the standard to cover this AP case, so prepare the
implementation to match that. Without this, a FILS STA might reject
association whenever using FILS authentication.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-23 00:34:43 +03:00
Jouni Malinen
e3b39e62c2 OpenSSL: Fix a memory leak in OCSP handling
If OCSP_resp_find_status() fails with the first OCSP_CERTID, the
generation of the second OCSP_CERTID ended up leaking memory. Fix this
by freeing the previously allocated OCSP_CERTID on that code path.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 21:08:53 +03:00
Jouni Malinen
6602d9e3a6 DPP: Fix a memory leak in testing sequence
Do not allow auth->own_protocol_key to be overridden without having
freed the previously stored key in case a test sequence in
dpp_proto_auth_conf_replaced_by_resp is used.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 20:38:10 +03:00
Jouni Malinen
c5622b43cd DPP: Fix a memory leak on duplicate Authentication Response
Do not allow auth->peer_protocol_key to be overridden without having
freed the previously stored key in case two Authentication Response
messages are received.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 20:25:10 +03:00
Jouni Malinen
1cdfe8d23f DPP: Fix a memory leak in PKEX Qi/Qr derivation
The result of EC_GROUP_dup() needs to be freed, so do so within the
derivation functions for all error cases and in the callers for success
cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 19:59:21 +03:00
Jouni Malinen
51dc146f3e EAP-PAX server: Avoid debug prints of uninitialized memory in error cases
Use a separate error case handler for eap_pax_mac() failures and memcmp
to avoid wpa_hexdump() calls for the (mainly theoretical) local error
cases in deriving the MAC.

Fixes: b3c2b5d9f7 ("EAP-PAX server: Check hash function results")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 19:02:19 +03:00
Jouni Malinen
677e120181 dragonfly: Fix a memory leak on error path
This is mostly a theoretical case, but since crypto_bignum_rand() could
fail, need to free the allocated struct crypto_bignum *tmp in such a
case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 18:55:57 +03:00
Jouni Malinen
8925d2010d OpenSSL: Fix memory leak in crypto_dh_derive_secret()
BN_clear() does not free the BIGNUM; it only clears its value. Fix this
memory leak by using the appropriate BN_clear_free() function instead.

Fixes: b11fa98bcb ("Add explicit checks for peer's DH public key")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 18:53:32 +03:00
Jouni Malinen
57ec74ea9b DPP: Fix memory leak in EC_GROUP handling
EC_GROUP_new_by_curve_name() allocates memory for the returned pointer,
so need to free this with EC_GROUP_free() before leaving the calling
functions. This was leaking memory when parsing JWK and when performing
PKEX.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 18:32:29 +03:00
Jouni Malinen
7a9ddba6f5 DPP: Fix a memory leak in key pair generation
ec_params needs to be free within dpp_gen_keypair() to avoid leaking the
allocated memory.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 18:27:06 +03:00
Jouni Malinen
f9cd1327ad OpenSSL: Fix memory leak in crypto_ecdh_init()
ec_params needs to be freed before returning from the function.
Extension of this function to support BoringSSL introduced this memory
leak and that was later extended to be the only variant and apply to
OpenSSL and LibreSSL cases as well in commit c23e87d0d1 ("OpenSSL:
Replace EVP_PKEY_paramgen() with EC_KEY_new_by_curve_name()").

Fixes: f29761297b ("BoringSSL: Implement crypto_ecdh_init()")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 12:16:03 +03:00
Paul Zhang
fb10f3bb65 Add subcmd QCA_NL80211_VENDOR_SUBCMD_INTEROP_ISSUES_AP
In practice, some APs have interop issues with the DUT. This sub command
is used to transfer the AP info between the driver and user space. This
works both as a command and event. As a command, it configures the
stored list of APs from user space to firmware; as an event, it
indicates the AP info detected by the firmware to user space for
persistent storage. The attributes defined in enum
qca_vendor_attr_interop_issues_ap are used to deliver the parameters.

Signed-off-by: Paul Zhang <paulz@codeaurora.org>
2019-05-07 13:03:51 +03:00
John Crispin
b505ef7e96 HE: Do not add SPR IE if sr_control is set to 0
If none of the sr_control bits are set, we do not neet to add the IE to
the Beacon frame.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-05 00:58:25 +03:00
Jouni Malinen
de94be0acd Enforce that IEEE 802.1X EAPOL-Key Replay Counter increases
While this should not happen in practical use cases,
wpa_get_ntp_timestamp() could return the same value when called twice in
a row quickly. Work around that case by enforcing a new Replay Counter
value based on stored last value.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-05 00:57:37 +03:00
Jeff Johnson
fd1c2ca521 Add QCA_WLAN_VENDOR_ATTR_WIFI_INFO_RADIO_INDEX
Update enum qca_wlan_vendor_attr_get_wifi_info to add support for
attribute QCA_WLAN_VENDOR_ATTR_WIFI_INFO_RADIO_INDEX. In addition
update the documentation for qca_wlan_vendor_attr_get_wifi_info and
QCA_NL80211_VENDOR_SUBCMD_GET_WIFI_INFO to fully describe the
operation of the command and the format of the attributes.

Signed-off-by: Jeff Johnson <jjohnson@codeaurora.org>
2019-05-02 17:13:46 +03:00
Vamsi Krishna
ae21cffb2c Add QCA vendor command to support beacon reporting feature
Add a QCA vendor sub command QCA_NL80211_VENDOR_SUBCMD_BEACON_REPORTING
to implement beacon reporting feature. Different operations required to
implement this feature can be specified in
QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_OP_TYPE.

Userspace requests the driver/firmware to periodically report received
Beacon frames whose BSSID matches the current connected BSS's MAC
address. If userspace requests the driver/firmware to send beacon
reports actively, the driver encapsulates the details of the beacon in
an event and sends it to userspace asynchronously. Otherwise, the driver
will only update the beacon in cfg80211 scan cache but will not send any
event to userspace.

If this command is not issued, the current behavior of the
driver/firmware is to update the cfg80211 scan cache only when there is
a scan issued by the host in progress or whenever there is a change in
IEs of the Beacon frames from the current connected BSS.

The userspace requests the driver/firmware to stop reporting beacons
when reporting is not required anymore. If the driver/firmware is not
able to receive Beacon frames because of other Wi-Fi operations such as
off-channel activities, etc., the driver/firmware sends a pause event to
userspace and stops reporting Beacon frames. The driver/firmware
indicates whether the beacon reporting automatically resumes later by
using the QCA_WLAN_VENDOR_ATTR_BEACON_REPORTING_AUTO_RESUMES flag. If
userspace doesn't want the beacon reporting to be resumed automatically,
userspace can send QCA_WLAN_VENDOR_BEACON_REPORTING_OP_STOP command to
the driver to stop beacon reporting.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-02 15:08:31 +03:00
Toke Høiland-Jørgensen
ef7217518b hostapd: Add airtime policy configuration support
This adds support to hostapd for configuring airtime policy settings for
stations as they connect to the access point. This is the userspace
component of the airtime policy enforcement system PoliFi described in
this paper: https://arxiv.org/abs/1902.03439

The Linux kernel part has been merged into mac80211 for the 5.1 dev
cycle.

The configuration mechanism has three modes: Static, dynamic and limit.
In static mode, weights can be set in the configuration file for
individual MAC addresses, which will be applied when the configured
stations connect.

In dynamic mode, weights are instead set per BSS, which will be scaled
by the number of active stations on that BSS, achieving the desired
aggregate weighing between the configured BSSes. Limit mode works like
dynamic mode, except that any BSS *not* marked as 'limited' is allowed
to exceed its configured share if a per-station fairness share would
assign more airtime to that BSS. See the paper for details on these
modes.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2019-05-02 14:57:43 +03:00
Toke Høiland-Jørgensen
6720b9482f nl80211: Station airtime weight configuration
This provides a mechanism for configuring per-STA airtime weight for
airtime policy configuration.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2019-05-02 13:28:17 +03:00
Toke Høiland-Jørgensen
58d4c23615 nl80211: Fetch STA TX/RX duration statistics
This makes per-STA TX/RX duration statistics available for airtime policy
configuration.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2019-04-30 12:34:58 +03:00
Toke Høiland-Jørgensen
1d6f63854e nl80211: Fetch STA TXQ backlog statistics
This makes per-STA TXQ backlog statistics available for airtime policy
configuration.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2019-04-30 12:34:58 +03:00
David Woodhouse
6326fa0c40 Fix ENGINE support with OpenSSL 1.1+
Commit 373c796948 ("OpenSSL: Fix compile with OpenSSL 1.1.0 and
deprecated APIs") removed a call to ENGINE_load_dynamic() for newer
versions of OpenSSL, asserting that it should happen automatically.

That appears not to be the case, and loading engines now fails because
the dynamic engine isn't present.

Fix it by calling ENGINE_load_builtin_engines(), which works for all
versions of OpenSSL. Also remove the call to ERR_load_ENGINE_strings()
because that should have happened when SSL_load_error_strings() is
called anyway.

Fixes: 373c796948 ("OpenSSL: Fix compile with OpenSSL 1.1.0 and deprecated APIs")
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2019-04-30 12:10:40 +03:00
Jouni Malinen
099224c18e nl80211: Simplify if_indices tracking
Maintain a single array (of struct with two int variables) instead of
two independent arrays (of int) for tracking know ifindexes and reasons
for having added them. The previous implementation tried to maintain two
independent arrays even though they were always required to be of
exactly same length and order. That had resulted in a bug earlier and
the code was not exactly easy to understand either, so replace this with
a single array.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-28 21:05:54 +03:00
Jouni Malinen
e6ca2f1139 nl80211: Fix handling of if_indices reallocation failure
Addition of a separate if_indices_reason array broke reallocation
failure checking. drv->if_indices or drv->if_indices_reason could not be
NULL in the place where this check was moved to. Fix that by maintaining
knowledge of reallocation failure in a separate local variable.

Fixes: 732b1d20ec ("nl80211: Clean up ifidx properly if interface in a bridge is removed")
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-28 20:52:10 +03:00
Jouni Malinen
b93a0ce7bd DPP2: Check conn->ctrl more consistently
There is no point in checking this pointer against NULL after it has
been dereferenced. Move the check to the beginning of the function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-28 20:28:46 +03:00
Jouni Malinen
a7b7ce82f4 FT: Allow cached XXKey/MPMK to be used if new XXKey is not available
This allows authenticator side to complete FT initial mobility domain
association using FT-EAP with PMKSA caching.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-28 15:52:43 +03:00
Jouni Malinen
64f4809371 FT: Store XXKey/MPMK in PMKSA cache instead of MSK (authenticator)
When completing FT initial mobility domain association with EAP, store
XXKey/MPMK in the PMKSA cache instead of MSK. The previously stored MSK
was of no use since it could not be used as the XXKey for another FT
initial mobility domain association using PMKSA caching.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-28 15:52:08 +03:00
Jouni Malinen
0c46b1a516 FT: Allow cached XXKey/MPMK to be used if new XXKey is not available
This allows supplicant side to complete FT initial mobility domain
association using FT-EAP with PMKSA caching.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-28 15:50:51 +03:00
Jouni Malinen
16c511449d FT: Store XXKey/MPMK in PMKSA cache instead of MSK (supplicant)
When completing FT initial mobility domain association with EAP, store
XXKey/MPMK in the PMKSA cache instead of MSK. The previously stored MSK
was of no use since it could not be used as the XXKey for another FT
initial mobility domain association using PMKSA caching.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-28 15:48:58 +03:00
Jouni Malinen
e0e15fc236 Remove unused crypto_bignum_bits()
This wrapper function is not needed anymore.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-26 17:43:45 +03:00
Jouni Malinen
73338db029 Share common SAE and EAP-pwd functionality: own scalar generation
Use a shared helper function for deriving rand, mask, and own scalar.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-26 17:33:44 +03:00
Jouni Malinen
c3805fb623 Ignore channel switch event if AP interface is not yet ready
It is apparently possible to somehow trigger the driver to report a
channel switch event during ACS operation when the interface information
is not yet complete. hapd->iface->current_mode could be NULL in that
case and that would result in process termination due to NULL pointer
dereference.

It should not really be possible to trigger a channel switch during ACS
is running (i.e., before the AP mode operation has been started), but
since that has been seen in an arbitrary test sequence with interface
start/stop operations with various parameters (both valid and invalid),
better prevent a crash here by ignoring the unexpected event instead of
trying to process it.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-26 16:24:31 +03:00
Jouni Malinen
eb314e8af2 Verify that channel info is available in hostapd_hw_get_channel()
Unexpected CHAN_SWITCH command could get this function using a NULL
pointer if the channel switch was requested while the interface was
already disabled.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-26 16:17:59 +03:00
Jouni Malinen
b9058266f0 Clear cached extended_capa pointers on hapd_deinit() call
driver->hapd_deinit() is going to free the memory that the cached
pointers are pointing to, so clear the pointers to avoid possibility of
dereferencing used memory. It seemed to be possible to hit a code path
using those fields by issuing a CHAN_SWITCH command on disabled hostapd
interface in some cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-26 16:15:15 +03:00
Hu Wang
6afde52a78 Indicate ieee80211ax configuration in hostapd STATUS output
This adds a ieee80211ax=0/1 line to the STATUS output to indicate
the configuration of ieee80211ax, which similar to ieee80211n and
ieee80211ac.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-26 15:06:30 +03:00