Commit graph

6954 commits

Author SHA1 Message Date
Jouni Malinen
e6f9eab90e HE: Fix HE Operation element byte order on bigendian CPUs
The first four octets of the element were used as a host byte order u32.
That is not correct on bigendian CPUs, so handle byte swapping needs
properly. Mark the he_oper_params field as le32 to explicitly indicate
the byte order and swap the generated params content based on CPU byte
order.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 23:57:47 +03:00
John Crispin
3869c159d9 HE: Fix HE operation field size
The current code will always use the size required when all optional
elements are present. This will cause the Linux kernel to consider the
field to be malformed if the elements are not actually flagged as being
present.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-04-25 23:51:04 +03:00
Jouni Malinen
17749e948a Share common SAE and EAP-pwd functionality: is_quadratic_residue
Use a shared helper function for the blinded mechanism of determining
the Legendre symbol.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 23:49:49 +03:00
Jouni Malinen
a9615b1b88 Share common SAE and EAP-pwd functionality: random 1..p-1 creation
Use a shared helper function to create a random value in 1..p-1 range
for is_quadratic_residue().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 23:49:49 +03:00
Jouni Malinen
6c9543fcb7 Share common SAE and EAP-pwd functionality: random qr/qnr creation
Use a shared helper function to create random qr/qnr values.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 23:49:49 +03:00
Jouni Malinen
2b84ca4dd9 Share common SAE and EAP-pwd functionality: suitable groups
Start sharing common SAE and EAP-pwd functionality by adding a new
source code file that can be included into both. This first step is
bringing in a shared function to check whether a group is suitable.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 23:49:49 +03:00
Jouni Malinen
ff229da309 Share a single buf_shift_right() implementation
Move the identical function used by both SAE and EAP-pwd to
src/utils/common.c to avoid duplicated implementation.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 23:49:43 +03:00
Jouni Malinen
1e237903f5 OpenSSL: Use BN_bn2binpad() or BN_bn2bin_padded() if available
This converts crypto_bignum_to_bin() to use the OpenSSL/BoringSSL
functions BN_bn2binpad()/BN_bn2bin_padded(), when available, to avoid
differences in runtime and memory access patterns depending on the
leading bytes of the BIGNUM value.

OpenSSL 1.0.2 and LibreSSL do not include such functions, so those cases
are still using the previous implementation where the BN_num_bytes()
call may result in different memory access pattern.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 19:24:32 +03:00
Jouni Malinen
7958223fdc EAP-pwd: Use const_time_memcmp() for pwd_value >= prime comparison
This reduces timing and memory access pattern differences for an
operation that could depend on the used password.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 19:07:05 +03:00
Jouni Malinen
8e14b030e5 SAE: Use const_time_memcmp() for pwd_value >= prime comparison
This reduces timing and memory access pattern differences for an
operation that could depend on the used password.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 18:52:34 +03:00
John Crispin
2ec71488b5 HE: Add Spatial Reuse Parameter Set element to the Beacon frames
SPR allows us to detect OBSS overlaps and allows us to do adaptive CCA
thresholds. For this to work the AP needs to broadcast the element
first.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-04-25 12:15:36 +03:00
John Crispin
2fde3caa3a HE: Properly populate Beacon template prior to sending it to the kernel
Properly populate the the HE Capabilities element with the info read
from the kernel.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-04-25 12:00:51 +03:00
John Crispin
7cac255632 HE: Fix Operation Parameters order
According to P802.11ax/D4.0 9.4.2.238 (HE Operation element) the BSS
Color Information field is located after the HE Operation Parameters
field. Fix the ordering of the bit masks/offsets for fields in these 3+1
octets used as a single 32-bit value. With these changes, Wireshark 3.2
is able to properly parse and display Beacon frames.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-04-25 11:55:39 +03:00
John Crispin
83f30fabe3 HE: Disable TXOP duration-based RTS if he_rts_threshold is not set
IEEE P802.11ax/D4.0 9.4.2.243 "HE Operation element" indicates that the
special value 1023 in the TXOP Duration RTS Threshold field is used to
indicate that TXOP duration-based RTS is disabled. Use that value as the
default instead of the previously used value 0 which would really mean
threshold of 0 usec. Furthermore, the previous implementation did not
allow values larger than 255 to be used for this field while the field
is actually 10 bits in size.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-04-25 11:43:59 +03:00
John Crispin
5b3940d0c2 nl80211: Add driver HE capabilities parsing support
Add code to parse NL80211_BAND_ATTR_IFTYPE_DATA when reading the band
info. This is needed to find out about the local HE capabilities in AP
mode.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-04-25 11:43:59 +03:00
Jouni Malinen
1b90aae929 nl80211: Remove QCA vendor specific HE capability handling
The QCA_NL80211_VENDOR_SUBCMD_GET_HE_CAPABILITIES attributes are not
up-to-date with the latest P802.11ax/D4.0 capabilities and would need to
be updated or replaced. Since the variables from this functionality were
not used for anything in practice, it is easier to simply remove this
functionality completely to avoid issues with upcoming updates to use
upstream nl80211 information to determine HE capabilities.

This is practically reverting the commit ca1ab9db2a ("hostapd: Get
vendor HE capabilities").

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 11:43:59 +03:00
Omer Dagan
95f556f3c7 Make channel switch started event available over control interface
This makes it easier to upper layer components to manage operating
channels in cases where the same radio is shared for both station and AP
mode virtual interfaces.

Signed-off-by: Omer Dagan <omer.dagan@tandemg.com>
2019-04-22 22:08:07 +03:00
Alex Khouderchah
9c95124418 Add 802.11 status code strings
Logs involving IEEE 802.11 Status Codes output the Status Code value,
but do not provide any explanation of what the value means. This change
provides a terse explanation of each status code using the latter part
of the Status Code #define names.

Signed-off-by: Alex Khouderchah <akhouderchah@chromium.org>
2019-04-22 22:08:07 +03:00
Jouni Malinen
4be17ffbd9 Replace int status/reason_code with u16 variable
These cases are for the IEEE 802.11 Status Code and Reason Code and
those fields are unsigned 16 bit values, so use the more appropriate
type consistently. This is mainly to document the uses and to make the
source code easier to understand.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-22 22:08:07 +03:00
Alex Khouderchah
cfde99a84b Add 802.11 reason code strings into wpa_supplicant messages
Logs involving IEEE 802.11 Reason Codes output the Reason Code value,
but do not provide any explanation of what the value means. This change
provides a terse explanation of each Reason Code using the latter part
of the reason code #define names.

Signed-off-by: Alex Khouderchah <akhouderchah@chromium.org>
2019-04-22 22:08:05 +03:00
Jouni Malinen
e00f780e2b DPP2: hostapd as TCP Relay
The new hostapd configuration parameter dpp_controller can now be used
with the following subparameter values: ipaddr=<IP address>
pkhash=<hexdump>. This adds a new Controller into the configuration
(i.e., more than one can be configured) and all incoming DPP exchanges
that match the specified Controller public key hash are relayed to the
particular Controller.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-22 21:08:59 +03:00
Jouni Malinen
88a78bdde4 DPP2: Protocol exchange over TCP using Controller/Relay
Add initial implementation of DPP-over-TCP. This adds the general TCP
encapsulation routines into the shared src/common/dpp.c implementation.
That functionality will be exposed through hostapd and wpa_supplicant in
the following commits.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-22 21:08:59 +03:00
Jouni Malinen
9ffec2e854 DPP: Make pkhash available in bootstrapping info
This can be helpful for testing DPP2 Controller functionality (get
pkhash from Controller to Relay).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-21 23:14:37 +03:00
Jouni Malinen
2ed2b52ff5 DPP: Add configuration structure to dpp_global_init()
This can be used to provide configurable parameter to the global DPP
context. This initial commit introduces the msg_ctx context pointer for
wpa_msg().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-21 21:35:32 +03:00
Jouni Malinen
516ccede8f The master branch is now used for v2.9 development
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-21 17:04:07 +03:00
Jouni Malinen
6396282430 Preparations for v2.8 release
Update the version number for the build and also add the ChangeLog
entries for both hostapd and wpa_supplicant to describe main changes
between v2.7 and v2.8.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-21 10:10:22 +03:00
Jouni Malinen
fa52bc8b98 EAP-PAX server: Fix message length checks for MSGDUMP level hexdump
EAP-PAX server implementation could end up reading beyond the end of the
buffer if MSGDUMP level debugging was enabled and a message without the
ICV field was received. Fix this by using more strict message length
validation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-20 00:27:15 +03:00
Jouni Malinen
b3c2b5d9f7 EAP-PAX server: Check hash function results
While these local failure cases are mostly theoretical, it is better to
check for the errors explicitly.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-20 00:27:15 +03:00
Jouni Malinen
a3be79a142 EAP-GPSK server: Fix memory freeing on error path
Allocated struct wpabuf was freed with incorrect freeing function. Fix
this by using the appropriate function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-19 17:08:27 +03:00
Jouni Malinen
848718ddde EAP-SAKE: Report hash function failures to callers
While this is mostly theoretical, the hash functions can fail and it is
better for the upper layer code to explicitly check for such failures.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-19 16:52:01 +03:00
Jouni Malinen
24b06511e2 EAP-SAKE server: Fix memory freeing on error path
Allocated struct wpabuf was freed with incorrect freeing function. Fix
this by using the appropriate function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-19 16:44:38 +03:00
Jouni Malinen
b583ed38df FT: Derive PTK properly for rekeying with FT protocol
Do not try to derive a PMK-R0 and PMK-R1 again for the case where an
association was started with FT protocol and PTK is rekeyed using 4-way
handshake. Instead, use the previously derived PMK-R1 to allow a new PTK
to be derived.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-19 11:45:13 +03:00
Jouni Malinen
fb1dee221b FT: Do not add bogus PMKID in msg 1/4 for FT protocol PTK rekeying
Do not try to derive a PMKID for EAPOL-key msg 1/4 when going through
4-way handshake to rekey PTK during an association that was started
through FT protocol.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-19 01:12:30 +03:00
Jouni Malinen
8a576f5ea5 FT: Maintain PMK-R1 for a connected STA
This is needed to allow PTK rekeying to be performed through 4-way
handshake in an association started through FT protocol.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-19 01:12:30 +03:00
Jouni Malinen
09ab81b9e8 WPA: Clear authenticator keys for a STA on deinit/disconnection
Do not leave keys in heap memory after they are no longer needed.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-19 01:12:30 +03:00
Jouni Malinen
f006c13c14 WPA: Stop WPA statement on STA disassociation
This is needed to avoid leaving some timers (e.g., for PTK rekeying)
running afrer a STA has disassociated.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-19 01:12:29 +03:00
Jouni Malinen
d178ab0d57 FT: Start PTK rekey timer on FT protocol completion
This is needed to trigger PTK rekeying properly for associations started
with FT protocol.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-19 01:12:29 +03:00
Jouni Malinen
267c366f38 FT: Remove unused pmk argument from wpa_auth_derive_ptk_ft()
FT rules for PTK derivation do not use PMK. Remove the unused argument
to the PTK derivation function.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-19 01:05:47 +03:00
Jouni Malinen
0a1a82db92 FT: Allow 4-way handshake for PTK rekeying to continue without PMK/PMKID
There is no PMK/PMKID when going through 4-way handshake during an
association started with FT protocol, so need to allow the operation to
proceed even if there is no selected PMKSA cache entry in place.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-19 01:05:41 +03:00
Jouni Malinen
a40bd06e9b FILS: Fix PTK rekeying
The PMK and PMKID information from FILS ERP and FILS PMKSA caching needs
to be stored within struct wpa_state_machine for PTK to work. Without
this, PTK derivation would fail and attempt to go through rekeying would
result in disconnection. Furthermore, wpa_rekey_ptk() timer needs to be
started at the completion of FILS association since the place where it
was done for non-FILS cases at the end of 4-way handshake is not reached
when FILS authentication is used.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-18 21:55:39 +03:00
Jouni Malinen
c8931afe24 nl80211: Check nla_put_flag() failure for ext auth
All nla_put*() operations should be verified to succeed, so check this
recently added one for NL80211_ATTR_EXTERNAL_AUTH_SUPPORT.

Fixes: 236e793e7b ("nl80211: External authentication in driver-based AP SME mode")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-18 21:55:39 +03:00
Jouni Malinen
6151c9b900 EAP-pwd server: Remove unused srandom() call
Commit 4b16c15bbc ("EAP-pwd server: Use os_get_random() for
unpredictable token") replaced use of os_random(), i.e., of random(),
with os_get_random(), but forgot to remove the now unused srandom()
call. Clean up the implementation and remove that unneeded code.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-17 13:24:37 +03:00
Jouni Malinen
d2d1a324ce EAP-pwd peer: Fix reassembly buffer handling
Unexpected fragment might result in data->inbuf not being allocated
before processing and that could have resulted in NULL pointer
dereference. Fix that by explicitly checking for data->inbuf to be
available before using it.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-17 13:24:37 +03:00
Jouni Malinen
fe76f487e2 EAP-pwd server: Fix reassembly buffer handling
data->inbuf allocation might fail and if that were to happen, the next
fragment in the exchange could have resulted in NULL pointer
dereference. Unexpected fragment with more bit might also be able to
trigger this. Fix that by explicitly checking for data->inbuf to be
available before using it.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-17 02:23:31 +03:00
Jouni Malinen
a9d224f560 EAP-pwd server: Fix a memory leak on error path
eap_pwd_h_final() needs to be called to free the value from
eap_pwd_h_init() even in error cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-17 01:48:40 +03:00
Jouni Malinen
90ee1bf5f1 EAP-MSCHAPv2: Propagate GetAsymetricStartKey() failures up from getKey()
Report failure from getKey() if MSK cannot be derived due to unexpected
sha1_vector() local failure.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-16 21:21:35 +03:00
Jouni Malinen
824cb5a530 RSN: Ignore IGTK configuration errors with swapped KeyID values
There are number of deployed APs with broken PMF implementation where
the IGTK KDE uses swapped bytes in the KeyID field (0x0400 and 0x0500
instead of 4 and 5). Such APs cannot be trusted to implement BIP
correctly or provide a valid IGTK, so do not try to configure this key
with swapped KeyID bytes. Instead, continue without configuring the IGTK
so that the driver can drop any received group-addressed robust
management frames due to missing keys.

Normally, this error behavior would result in us disconnecting, but
there are number of deployed APs with this broken behavior, so as an
interoperability workaround, allow the connection to proceed.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-16 19:31:34 +03:00
Jouni Malinen
dfdabd917a RSN: Report completion only after IGTK configuration
Previously wpa_supplicant_key_neg_complete() was called before the
attempt to configure the IGTK received from the authenticator. This
could resulted in somewhat surprising sequence of events if IGTK
configuration failed since completion event would be followed by
immediate disconnection event. Reorder these operations so that
completion is reported only if GTK and IGTK are configurated
successfully.

Furthermore, check for missing GTK KDE in case of RSN and handle that
with an explicit disconnection instead of waiting for the AP to deliver
the GTK later.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-16 19:31:08 +03:00
Ilan Peer
323a51cc01 nl80211: Handle NL80211_CMD_PROBE_CLIENT command response
When processing the NL80211_CMD_PROBE_CLIENT command response, the
nl80211 layer in the kernel sends a response containing the cookie
associated with the client probe request. This response was not handled
by driver_nl80211.c when sending the command, and it was mistakenly
handled as an asynchronous event. This incorrect event did not include
the MAC/ACK attributes, so it was ignored in practice, but nevertheless,
the command response should not be processed as an event.

Fix this by reading the response as part of the sending the command
flow.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2019-04-16 01:53:18 +03:00
Jouni Malinen
28f19a3ae5 nl80211: More detailed PROBE_CLIENT debug print
Include the MAC address of the peer, knowledge of whether the poll was
ACKed, and cookie into the debug message to make this more useful.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-16 01:52:34 +03:00