Commit graph

6303 commits

Author SHA1 Message Date
Jouni Malinen
9e834fc648 EAP-SIM/AKA: Separate identity for MK derivation
This allows a separate configuration parameter (imsi_identity) to be
used in EAP-SIM/AKA/AKA' profiles to override the identity used in MK
derivation for the case where the identity is expected to be from the
last AT_IDENTITY attribute (or EAP-Response/Identity if AT_IDENTITY was
not used). This may be needed to avoid sending out an unprotected
permanent identity information over-the-air and if the EAP-SIM/AKA
server ends up using a value based on the real IMSI during the internal
key derivation operation (that does not expose the data to others).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2018-01-21 11:28:53 +02:00
Jouni Malinen
b6b5e3554a DPP: Get rid of compiler warnings on signed/unsigned comparison
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-01-21 11:24:33 +02:00
Jouni Malinen
630ea13346 DPP: Track M.x/N.x/L.x availability for ke derivation
This prevents an issue where duplicated Authentication Response frame
could have resulted in deriving a new ke value after M.x had already
been cleared. This would result in the following configuration exchange
failing. This could happen since many driver do not filter out
retransmitted Public Action frames and link layer. Furthermore, this
could have been used as a denial-of-service attack agains the DPP
exchange.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-21 11:13:01 +02:00
Sunil Dutt
c103c0b516 Extend NUD Stats to collect the data packet statistics
This commit extends the existing QCA vendor specific NUD_STATS_GET/SET
interface to also collect the statistics of the data packets. The
intention here is to get more comprehensive information to detect the
network unreachability.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-12 23:07:15 +02:00
Jouni Malinen
5d5ee699a5 Copy WLAN-Reason-Code value from Access-Reject to Deauthentication
This makes hostapd use the WLAN-Reason-Code value from Access-Reject
when disconnecting a station due to IEEE 802.1X authentication failure.
If the RADIUS server does not include this attribute, the default value
23 (IEEE 802.1X authentication failed) is used. That value was the
previously hardcoded reason code.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-12 20:55:33 +02:00
Jouni Malinen
f75ed556c8 RADIUS: Add WLAN-Reason-Code attribute to Access-Reject
Make the RADIUS server in hostapd add WLAN-Reason-Code attribute to all
Access-Reject messages generated based on EAP-Failure from the EAP
server. For now, the reason code value is set to 23 (IEEE 802.1X
authentication failed). This can be extending in future commits to cover
addition failure reasons.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-12 20:45:12 +02:00
Jouni Malinen
feba5848be Replace RSNE group key management mismatch status/reason codes
Use "cipher out of policy" value instead of invalid group cipher (which
is for the group data frame cipher) and management frame policy
violation (which is used for MFPC/MFPR mismatch).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-12 01:12:00 +02:00
Sunil Dutt
9cc8303d32 Add QCA vendor command to get the WLAN MAC information
This commit introduces a QCA vendor command that provides the current
information of WLAN hardware MAC and its associated WLAN netdev
interfaces.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-12 00:50:45 +02:00
Jouni Malinen
fd92095491 DPP: Report reception of Config Request to upper layers
This is mainly for protocol testing purposes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-12 00:50:45 +02:00
Jouni Malinen
80f71b71d5 DPP: Authentication exchange retries and channel iteration in hostapd
This extends hostapd with previoiusly implemented wpa_supplicant
functionality to retry DPP Authentication Request/Response and to
iterate over possible negotiation channels.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-08 05:19:05 +02:00
Jouni Malinen
c5cc7a59ac Report offchannel RX frame frequency to hostapd
Not all code paths for management frame RX reporting delivered the
correct frequency for offchannel RX cases. This is needed mainly for
Public Action frame processing in some special cases where AP is
operating, but an exchange is done on a non-operational channel. For
example, DPP Initiator role may need to do this.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-08 03:37:48 +02:00
Jouni Malinen
b7ed94834d GnuTLS: Add option to build with libnettle instead of libgcrypt
GnuTLS-based builds can now be done using either libnettle or libgcrypt
for crypto functionality:

CONFIG_TLS=gnutls
CONFIG_CRYPTO=nettle

CONFIG_TLS=gnutls
CONFIG_CRYPTO=gnutls

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-29 17:13:57 +02:00
Jouni Malinen
c36d822418 GnuTLS: Suite B validation
This allows OpenSSL-style configuration of Suite B parameters to be used
in the wpa_supplicant network profile. 128-bit and 192-bit level
requirements for ECDHE-ECDSA cases are supported. RSA >=3K case is
enforced using GnuTLS %PROFILE_HIGH special priority string keyword.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-28 22:33:12 +02:00
Jouni Malinen
dd227e67ab GnuTLS: Add support for disabling TLS versions
This extends GnuTLS support for tls_disable_v1_{0,1,2}=1 flags in the
phase1 network profile parameter in wpa_supplicant.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-28 22:33:12 +02:00
Jouni Malinen
5d292fcfbd GnuTLS: Implement tls_get_cipher()
Provide OpenSSL-style name for the negotiated cipher suite.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-28 22:33:12 +02:00
Jouni Malinen
5791d2117c GnuTLS: Make debug prints clearer for cert/key parsing
Indicate more clearly when the parsing succeeds to avoid ending the
debug prints with various internal GnuTLS internal error messages even
when the parsing actually succeeded in the end.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-28 22:33:12 +02:00
Jouni Malinen
622d4d49e2 GnuTLS: Add TEST_FAIL() to crypto routines for testing purposes
This allows number of hwsim test cases for local error conditions to be
executed with GnuTLS-based builds.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-28 22:33:12 +02:00
Jouni Malinen
f8697e8109 GnuTLS: Implement tls_get_version()
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-28 22:33:06 +02:00
Jouni Malinen
133f8d09fc GnuTLS: Implement HMAC functions using libgcrypt
Replace the internal HMAC MD5, SHA-1, and SHA256 implementations with
the ones from libgcrypt and also add the SHA384 and SHA512 versions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-27 23:35:26 +02:00
Jouni Malinen
85c12a62ee GnuTLS: Implement sha{256,384,512}_vector() using libgcrypt
Replace the internal SHA256 implementation with the one from libgcrypt
and also add the SHA384 and SHA512 versions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-27 23:21:37 +02:00
Jouni Malinen
cc3e7bfc3c GnuTLS: Use a helper function for hash functions
Use a shared helper function instead of implementing practically same
sequence separately for each hash function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-27 23:13:51 +02:00
Jouni Malinen
02b38d0ad5 Fix MFP-enabled test for disallowed TKIP
The test against use of TKIP was done only in MFP-required
(ieee80211w=2) configuration. Fix this to check the pairwise cipher for
MFP-enabled (ieee80211w=1) case as well.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-27 18:38:12 +02:00
Jouni Malinen
ba3d435fe4 SAE: Add option to require MFP for SAE associations
The new hostapd.conf parameter sae_require_pmf=<0/1> can now be used to
enforce negotiation of MFP for all associations that negotiate use of
SAE. This is used in cases where SAE-capable devices are known to be
MFP-capable and the BSS is configured with optional MFP (ieee80211w=1)
for legacy support. The non-SAE stations can connect without MFP while
SAE stations are required to negotiate MFP if sae_require_mfp=1.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-27 18:27:58 +02:00
Jouni Malinen
c4fc7e31c7 SAE: Set special Sc value when moving to Accepted state
Set Sc to 2^16-1 when moving to Accepted state per IEEE Std 802.11-2016,
12.4.8.6.5 (Protocol instance behavior - Confirmed state). This allows
the peer in Accepted state to silently ignore unnecessary
retransmissions of the Confirm message.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-27 12:19:08 +02:00
Jouni Malinen
abcbd0604c SAE: Add Rc variable and peer send-confirm validation
This implements the behavior described in IEEE Std 802.11-2016,
12.4.8.6.6 (Protocol instance behavior - Accepted state) to silently
discard received Confirm message in the Accepted state if the new
message does not use an incremented send-confirm value or if the special
2^16-1 value is used. This avoids unnecessary processing of
retransmitted Confirm messages.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-27 12:19:08 +02:00
Jouni Malinen
9249afc8e1 SAE: Print state changes in debug log
This makes it easier to follow state changes in SAE protocol instances.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-27 00:07:42 +02:00
Jouni Malinen
d8b841eba8 SAE: Make dot11RSNASAESync configurable
The new hostapd.conf parameter sae_sync (default: 5) can now be used to
configure the dot11RSNASAESync value to specify the maximum number of
synchronization errors that are allowed to happen prior to
disassociation of the offending SAE peer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-26 12:46:22 +02:00
Sean Parkinson
04b1bcc5f3 EAP-pwd: Use abstract crypto API
This makes it easier to use EAP-pwd with other crypto libraries than
OpenSSL.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2017-12-24 21:40:21 +02:00
Sean Parkinson
0c3d49afd8 EAP-EKE: Use abstract crypto API
This makes it easier to use EAP-pwd with other crypto libraries.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2017-12-24 17:38:17 +02:00
Sean Parkinson
c335507c8d Enhance crypto abstract API for DH
The patch offers alternate implementations of some functions using the
abstract cryptographic API.

This work was done in preparation for the changes to allow hostap to be
compiled with the wolfSSL cryptography and TLS library.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2017-12-24 17:38:10 +02:00
Jouni Malinen
0e02f2a9fa crypto: Implement new crypto API functions for DH
This implements crypto_dh_init() and crypto_dh_derive_secret() using
os_get_random() and crypto_mod_exp() for all crypto_*.c wrappers that
include crypto_mod_exp() implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-24 17:36:04 +02:00
Jouni Malinen
eac084cb38 OpenSSL: Implement new crypto API functions
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-24 17:35:41 +02:00
Sean Parkinson
23ff5d73df Enhance crypto abstract API
Add more crypto_*() wrappers to enable use of other crypto libraries
than OpenSSL.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2017-12-24 17:35:38 +02:00
Sean Parkinson
441e8bfbb4 Fix copy-paste errors in function comments
Use correct function names for the documentation.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2017-12-24 17:03:07 +02:00
Jouni Malinen
47e966abac DH: Remove trailing whitespace
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-24 17:02:53 +02:00
Jouni Malinen
3546ef5104 EAP-pwd: Remove trailing empty line
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-23 17:27:15 +02:00
Peng Xu
61536b5f41 Add new QCA vendor attribute for getting preferred channel
A new vendor attribute QCA_WLAN_VENDOR_ATTR_GET_WEIGHED_PCL is added for
getting preferred channels with weight value and a flag to indicate how
the channels should be used in P2P negotiation process.

Signed-off-by: Peng Xu <pxu@qti.qualcomm.com>
2017-12-22 20:34:51 +02:00
Jouni Malinen
1a2cb20d5b Fix couple of QCA_NL80211_VENDOR_SUBCMD_GET_SAR_LIMITS comments
Copy-paste errors in the command name (set vs. the new get).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-22 18:57:47 +02:00
Sunil Dutt
2fca2d2144 Vendor parameter for forcing RSNE override
Indicates the driver to use the RSNE as-is from the connect interface.
Exclusively used for the scenarios where the device is used as a testbed
device with special functionality and not recommended for production.
This helps driver to not validate the RSNE passed from user space and
thus allow arbitrary IE data to be used for testing purposes.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-22 18:43:55 +02:00
Jeff Johnson
2d942ec4ac Define a QCA vendor command to retrieve SAR Power limits
Previously commit c79238b6a4 ('Define a
QCA vendor command to configure SAR Power limits') implemented a vendor
command interface to allow a userspace entity to dynamically control the
SAR power limits. Now implement a command to retrieve the current SAR
power limits.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-15 20:55:15 +02:00
vamsi krishna
d98038bb05 FILS: Driver configuration to disable/enable FILS features
The new disable_fils parameter can be used to disable FILS functionality
in the driver. This is currently removing the FILS Capability bit in
Extended Capabilities and providing a callback to the driver wrappers.
driver_nl80211.c implements this using a QCA vendor specific command for
now.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-15 20:52:17 +02:00
Bhagavathi Perumal S
af832aa998 hostapd: Add average channel utilization in STATUS
This allows external programs to get the average channel utilization.
The average channel utilization is calculated and reported through
STATUS command. Users need to configure chan_util_avg_period and
bss_load_update_period in hostapd config to get the average channel
utilization.

Signed-off-by: Bhagavathi Perumal S <bperumal@qti.qualcomm.com>
2017-12-12 00:48:27 +02:00
Bhagavathi Perumal S
802c0fd0c3 hostapd: Update BSS load update period dynamically
Recalculate the timeout value for each event instead of calculating this
once and then not allowing the timeout configuration to be changed
without fully stopping and restarting the interface.

This allows the bss_load_update_period configuration parameter to be
modified while a BSS continues operating.

Signed-off-by: Bhagavathi Perumal S <bperumal@qti.qualcomm.com>
2017-12-12 00:48:25 +02:00
Jouni Malinen
778d87054e Fix error handling in bss_load_update_period parser
Do not update the configuration parameter before having verified the
value to be in the valid range.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-12 00:46:21 +02:00
Jouni Malinen
04ded82efa OWE: Fix error case handling with drivers that implement AP SME
owe_auth_req_process() can return NULL in error cases, but the caller
was not prepared for this. The p pointer cannot be overridden in such
cases since that would result in buffer length (p - buf) overflows. Fix
this by using a temporary variable to check the return value before
overriding p so that the hostapd_sta_assoc() ends up using correct
length for the IE buffer.

Fixes: 33c8bbd8ca ("OWE: Add AP mode handling of OWE with drivers that implement SME")
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-11 13:41:10 +02:00
Jouni Malinen
c23e87d0d1 OpenSSL: Replace EVP_PKEY_paramgen() with EC_KEY_new_by_curve_name()
The BoringSSL version of crypto_ecdh_init() and dpp_gen_keypair() works
fine with OpenSSL as well, so use that same implementation for both to
avoid unnecessary maintanence of multiple versions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-10 23:49:39 +02:00
Jouni Malinen
7641d485db BoringSSL: Use EC_KEY_new_by_curve_name() to simplify implementation
There is no need to go through EC_GROUP_new_by_curve_name(),
EC_KEY_new(), and EC_KEY_set_group() when a single call to
EC_KEY_new_by_curve_name() takes care of all that.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-10 23:41:29 +02:00
Jouni Malinen
a5da39607d Revert "BoringSSL: Add DPP special cases regardless of claimed version number"
This reverts commit 5548453a2d since
BoringSSL added ECDSA_SIG_set0() and ECDSA_SIG_get0() in commit
8dc226ca8f1ef60737e1c1bf8cfcabf51d4068c7 ('Add some missing OpenSSL
1.1.0 accessors.') and updated X509_ALGOR_get0() prototype to match
OpenSSL 1.1.0 changes in commit e3b2a5d30d309091cab3e6a19dee7323c40d968d
('Const-correct X509_ALGOR_get0.').

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-10 23:27:04 +02:00
Jouni Malinen
0f30844722 Revert "BoringSSL: Define RSA_bits() helper"
This reverts commit 3cfbd3b0f6 since
BoringSSL added RSA_bits() in commit
8dc226ca8f1ef60737e1c1bf8cfcabf51d4068c7 ('Add some missing OpenSSL
1.1.0 accessors.').

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-10 23:22:05 +02:00
Jouni Malinen
a2c442be25 OpenSSL: Allow cipher list to be overridden for tls_suiteb=1 case
This allows wpa_supplicant configuration with phase1="tls_suiteb=1" to
use openssl_ciphers="ECDHE-RSA-AES256-GCM-SHA384" to further limit the
possible TLS cipher suites when using Suite B with RSA >3K keys. This
combination disables use of DHE and as such, mandates ECDHE to be used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-10 21:16:26 +02:00
Jouni Malinen
e5c7c2f28e Fix ap-mgmt-fuzzer build
Add src/ap/eth_p_oui.o into libap.a to be able to link ap-mgmt-fuzzer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-09 18:41:55 +02:00
David Benjamin
63942cf0f3 OpenSSL: Avoid SSL*_use_default_passwd_cb()
These functions are a bit awkward to use for one-off file loads, as
suggested by the tls_clear_default_passwd_cb() logic. There was also
some historical mess with OpenSSL versions and either not having per-SSL
settings, having per-SSL settings but ignoring them, and requiring the
per-SSL settings.

Instead, loading the key with the lower-level functions seems a bit
tidier and also allows abstracting away trying both formats, one after
another.

Signed-off-by: David Benjamin <davidben@google.com>
2017-12-09 18:29:08 +02:00
David Benjamin
149143e31d OpenSSL: Remove unnecessary os_strdup() from password callback
There's no need to make an extra copy of private_key_passwd for
SSL_{CTX_,}set_default_passwd_cb().

Signed-off-by: David Benjamin <davidben@google.com>
2017-12-09 18:09:10 +02:00
Paul Zhang
9b0de99fac Add new QCA vendor attribute for WLAN Latency Module (WLM)
A new vendor attribute QCA_WLAN_VENDOR_ATTR_CONFIG_LATENCY_LEVEL is added
for vendor sub-command QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION.
This attribute is for setting the level of WLM.

Signed-off-by: Paul Zhang <paulz@qti.qualcomm.com>
2017-12-08 14:15:19 +02:00
Jouni Malinen
055cd39788 tests: DPP P-256 test vectors
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-07 13:35:19 +02:00
Jouni Malinen
f55269753c DPP: Allow protocol key to be overridden for testing purposes
This can be used for various testing needs.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-05 23:53:08 +02:00
Jouni Malinen
402c8e00b7 WPS: Map GCMP-256 and CCMP-256 to AES encryption type
This is needed to allow a credential to be built for GCMP-256/CCMP-256
networks that do not enable GCMP-128/CCMP-128.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-02 12:00:45 +02:00
Shiva Sankar Gajula
a2660890a5 WPS: Allow WPS to be enabled in CCMP-256 and GCMP-256 only cases
Extend the check against WPA/TKIP only configuration by adding CCMP-256
and GCMP-256 to the list of allowed ciphers. This is needed to allow WPS
to be enabled in AP configurations where neither CCMP-128 nor GCMP-128
are enabled.

Signed-off-by: Shiva Sankar Gajula <sgajula@qti.qualcomm.com>
2017-12-02 12:00:44 +02:00
Jouni Malinen
163fc3d562 DPP: Indicate to upper layers whether mutual authentication was used
DPP Responder selects whether mutual authentication is used. This commit
adds information about that selection to upper layers (ctrl_iface event
DPP-AUTH-DIRECTION mutual=<0/1>) on the Initiator side.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-02 12:00:44 +02:00
Jouni Malinen
34603767b8 DPP: Extend protocol testing to allow exchange termination
This extends dpp_test functionality to allow DPP exchanges to be stopped
when receiving a specified message.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-02 12:00:44 +02:00
Jouni Malinen
963d3149ab nl80211: Fix NL80211_MESHCONF_AUTO_OPEN_PLINKS encoding
This nl80211 attribute uses NLA_U8 policy in cfg80211 and wpa_supplicant
needs to use same size when writing the attribute.

This fixes mesh mode regression triggered by kernel commit "net:
netlink: Update attr validation to require exact length for some types"
in v4.15-rc1 that resulted in the following debug log entry when trying
to join a mesh:
nl80211: mesh join failed: ret=-22 (Invalid argument)

Fixes: 6c1664f605 ("nl80211: Add new commands to support mesh interfaces")
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-01 22:21:24 +02:00
Jouni Malinen
a2426829ce nl80211: Fix NL80211_ATTR_SMPS_MODE encoding
This nl80211 attribute uses NLA_U8 policy in cfg80211 and
hostapd/wpa_supplicant needs to use same size when writing the
attribute.

This fixes AP mode regression triggered by kernel commit "net: netlink:
Update attr validation to require exact length for some types" in
v4.15-rc1 that resulted in the following debug log entry when trying to
enable beaconing:
nl80211: Beacon set failed: -34 (Numerical result out of range)

Fixes: da1080d721 ("nl80211: Advertise and configure SMPS modes")
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-01 20:22:44 +02:00
Jouni Malinen
f0a383a981 DPP: Extend dpp_test with invalid E-Nonce in Config Req
Allow an E-Nonce attribute with invalid length to be sent for protocol
testing purposes.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-30 22:01:10 +02:00
Jouni Malinen
55c6c85855 DPP: Extend dpp_test with invalid Transaction ID in Peer Disc Req
Allow a Transaction ID attribute with invalid length to be sent for
protocol testing purposes.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-30 21:56:19 +02:00
Krishna Rao
364039d223 Add QCA vendor command and attributes for RROP
Add QCA vendor command and attributes for vendor specific Representative
RF Operating Parameter (RROP) information. This information is intended
for optional use by external ACS. It provides guidance values for some
RF parameters that are used by the system during operation, so that
external ACS can utilize these to compare between channels, bands, etc.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-30 18:47:32 +02:00
Jouni Malinen
0e19300d5b nl80211: Use consistent "0x" prefix for the cookie values
One of the event message for TX status was missing 'x' from the "0x"
prefix. Add that to make the used format consistent for all cookie debug
print cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-30 12:42:58 +02:00
Jouni Malinen
f981ce7298 DPP: Do not continue if public key hash derivation fails
sha256_vector() result was ignored apart from printing out the failure
in the debug log. This is not really a normal case and it is better to
reject the full operation rather than try to continue with an incorrect
public key hash value.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-30 00:08:38 +02:00
Jouni Malinen
8a37d54ea7 DPP: Fix memory leak on dpp_auth_build_conf() error paths
The wpabuf for the message needs to be freed on the error paths.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-29 21:21:34 +02:00
Jouni Malinen
281f480c53 JSON: Fix a memory leak on an error path
If the second json_alloc_token() call failed to allocate memory,
json_parse() missed the first allocation on the error path. Assign the
root pointer earlier for that case to avoid the potential memory leak.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-29 13:22:44 +02:00
Jouni Malinen
622934128b DPP: Fix a memory leak on an error path
Need to free temporary allocations if dpp_build_conf_start() fails to
allocate memory.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-29 13:03:48 +02:00
Jouni Malinen
ed62d40116 DPP: Deinit PKEX instance on DPP_STOP_LISTEN
Previously this stopped only the DPP Authentication instance, but it is
better to clear both PKEX and Authentication.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-29 12:24:01 +02:00
Jouni Malinen
634a130a52 DPP: Clear authentication instance on configuration completion in AP
wpa_supplicant was already doing this and hostapd needs to clear
hapd->dpp_auth when completing the exchange in Configurator (GAS server)
role.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-27 20:33:43 +02:00
Jouni Malinen
d3cb7ebe1b DPP: Do not process dpp_auth_ok_on_ack multiple times
An additional TX status callback could result in processing the DPP
authentication completion another time at least with hostapd. Fix this
by clearing the dpp_auth_ok_on_ack when processing it.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-27 20:20:26 +02:00
Jouni Malinen
82feacced0 DPP: Ignore GAS server status callback for unknown response
It was possible for a timeout from an old GAS server operation to
trigger DPP configuration failure during the subsequent DPP operation.
Fix this by verifying that the status callback is for the response
generated during the same DPP Authentication/Configuration exchange.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-27 13:48:40 +02:00
Jouni Malinen
a2588be82c DPP: Add DPP_CONFIGURATOR_SIGN support to hostapd
Configurator signing its own Connector was previously supported only in
wpa_supplicant. This commit extends that to hostapd to allow an AP
acting as a Configurator to self-configure itself.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-27 13:24:20 +02:00
Jouni Malinen
7eb6bfb45d DPP: Move hostapd Configurator/bootstrap data into global context
This moves the Configurator and Bootstrapping Information data from
struct hostapd_data (per-BSS) to struct hapd_interfaces (per-hostapd
process). This allows the information to be maintained over interface
restarts and shared between interfaces.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-27 13:24:20 +02:00
Jouni Malinen
73f21929a7 DPP: Auto-generate Initiator bootstrapping info if needed
Instead of using the all-zeros Initiator Bootstrapping Key Hash when no
local bootstrapping key is configuref for the Initiator, automatically
generate a temporary bootstrapping key for the same curve that the
Responder uses. If the Responder indicates that it wants to do mutual
authentication, provide the URI for the auto-generated bootstrapping key
in the DPP-RESPONSE-PENDING event for upper layers to display the QR
Code.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-26 17:41:22 +02:00
Sriram R
725a953aea nl80211: Filter global events based on wiphy
Avoid same interface processing nl80211 events when at least one of
IFIDX, WDEV, or WIPHY index attribute is available in the nl80211 event
message.

Previously, a same interface processes events when ifidx and wdev id
attribute were not available in the nl80211 message. This is extended to
check the presence of wiphy index attribute as well since some radar
notifications include only WIPHY index attrbute in the nl80211 message.

Signed-off-by: Sriram R <srirrama@qti.qualcomm.com>
2017-11-26 12:42:56 +02:00
Bhagavathi Perumal S
0bd7f104c1 hostapd: Add supported rate information into STATUS and STA
These allow external programs to determine supported legacy, HT, and VHT
rates of an interface or a STA.

Signed-off-by: Bhagavathi Perumal S <bperumal@qti.qualcomm.com>
2017-11-25 13:25:09 +02:00
Jouni Malinen
1489fcf87d FILS: Do not leave error value in left counter
If fils_decrypt_assoc() were to fail on the AP side, the previous
implementation could have continued through the response generation
using left = -1. That could have resulted in unexpected processing if
this value were to be used as the length of the remaining (unencrypted)
IEs. Fix this by not updating left in the failure case.

Fixes: 78815f3dde ("FILS: Decrypt Association Request elements and check Key-Auth (AP)")
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-24 12:26:38 +02:00
Jouni Malinen
beae255a72 WPA: Check wpa_eapol_key_mic() result on TX
Verify that nothing unexpected happened with EAPOL-Key Key MIC
calculation when transmitting EAPOL-Key frames from the Authenticator.
This should not be able to happen in practice, but if if it does, there
is no point in sending out the frame without the correct Key MIC value.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-24 12:13:26 +02:00
Jouni Malinen
acc555f9e6 DPP: Allow PKEX x/X and y/Y keypairs to be overridden
This is for testing purposes to allow a test vector with specific values
to be generated.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-24 01:41:50 +02:00
Jouni Malinen
d722c50d0a DPP: Print more interim EC_POINT results into debug log
This makes it easier to debug issues related to DPP/PKEX EC operations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-24 01:02:59 +02:00
Jouni Malinen
2bdc47a945 DPP: Allow PKEX own/peer MAC addresses to be overridden
This is for testing purposes to allow a test vector with specific values
to be generated.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-23 23:47:52 +02:00
Jouni Malinen
af4103e5e9 DPP: Provide peer_mac to PKEX Initiator through function argument
Avoid unnecessary direct write to a struct dpp_pkex member from outside
dpp.c.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-23 23:32:33 +02:00
Jouni Malinen
918a2ac40f DPP: Work around missing EVP_PKEY_CTX_set_ec_param_enc()
This allows compilation with older OpenSSL 1.0.1.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-23 20:31:12 +02:00
Jouni Malinen
3ca4be1eaa DPP: Remove compiler warnings about signed/unsigned comparisons
These timestamp comparisons did not use matching signedness.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-23 20:31:12 +02:00
Jouni Malinen
116454f460 DPP: Fix error return value in dpp_auth_conf_rx()
Commit 03abb6b541 ('DPP: Reject unexpected
Req/Resp message based on Auth/PKEX role') used incorrect type of error
value (NULL vs. -1). Fix that.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-23 20:20:39 +02:00
Hu Wang
63dc0f9c4d hostapd: Disassoc STA without WPA/RSN IE if AP proto is WPA/RSN
With the AP proto configured being WPA/RSN and SME in the
driver, the previous implementation in hostapd is to not
process hostapd_notif_assoc() due to "No WPA/RSN IE from STA",
if the (Re)Association Request frame is without the WPA/RSN IEs.

Enhance that to disassociate such station provided the AP is not using
WPS.

Signed-off-by: Hu Wang <huw@codeaurora.org>
2017-11-23 20:12:34 +02:00
bhagavathi perumal s
cc79e06f00 hostapd: Add wpa_msg_ctrl() to report Probe Request frames from STA
This allows external applications to get event indication for Probe
Request frames. Extend ctrl iface cmd "ATTACH" to enable this event on
per-request basis. For example, user has to send ctrl iface cmd "ATTACH
probe_rx_events=1" to enable the Probe Request frame events.

Signed-off-by: bhagavathi perumal s <bperumal@qti.qualcomm.com>
2017-11-23 20:12:34 +02:00
Jouni Malinen
248264c622 DPP: Stop Authentication Request attempts if no response after ACK
If unicast Authentication Request frame is used and the peer ACKs such a
frame, but does not reply within the two second limit, there is no need
to continue trying to retransmit the request frames since the peer was
found, but not responsive.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-23 00:22:13 +02:00
Jouni Malinen
e3a5882b3e DPP: Add SAE credential support to Configurator
The new conf={sta,ap}-{sae,psk-sae} parameter values can now be used to
specify that the legacy configuration object is for SAE.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-22 21:24:08 +02:00
Jouni Malinen
5dd745b738 DPP: Add akm=sae and akm=psk+sae support in Enrollee role
This allows DPP to be used for enrolling credentials for SAE networks in
addition to the legacy PSK (WPA-PSK) case. In addition, enable FT-PSK
and FT-SAE cases automatically.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-22 21:23:51 +02:00
Jouni Malinen
a444673957 DPP: Protocol testing capability to send invalid I-Nonce in Auth Req
Extend dpp_test to cover one more invalid behavior.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-22 16:23:42 +02:00
Jouni Malinen
00d2d13db2 DPP: Retry PKEX Exchange Request frame up to five times
Retransmit the PKEX Exchange Request frame if no response from a peer is
received. This makes the exchange more robust since this frame is sent
to a broadcast address and has no link layer retries.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-22 15:54:35 +02:00
Jouni Malinen
ab0375508d TDLS: Add testing capability to send TPK M2 twice
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-21 00:48:52 +02:00
Jouni Malinen
4b8de0c929 DPP: Protocol testing for invalid Peer Discovery Req/Resp values
Extend dpp_test to allow more invalid attribute values to be written
into Peer Discovery Request/Response frames.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 17:15:02 +02:00
Jouni Malinen
f9cf7d03f1 DPP: Protocol testing for invalid Config Attrib Object value
Extend dpp_test to cover a case where Config Attrib Object value is
invalid in Configuration Request frame.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 14:13:20 +02:00
Jouni Malinen
3f35ec2dc3 DPP: Protocol testing for invalid DPP Status value
Extend dpp_test to cover cases where DPP Status value is invalid in
Authentication Response/Confirm frames.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 14:13:16 +02:00
Jouni Malinen
9efa531499 DPP: Use helper functions to build Bootstrap Key Hash attributes
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 12:41:57 +02:00