Commit graph

7860 commits

Author SHA1 Message Date
Jouni Malinen
812d52ae27 OpenSSL: Support EC key from private_key blob
Try to parse the private_key blob as an ECPrivateKey in addition to the
previously supported RSA and DSA.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-16 18:24:23 +03:00
Jouni Malinen
4b834df5e0 OpenSSL: Support PEM encoded chain from client_cert blob
Allow a chain of certificates to be configured through a client_cert
blob.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-16 18:24:23 +03:00
Jouni Malinen
68ac45d53c GAS server: Support comeback delay from the request handler
Allow GAS request handler function to request comeback delay before
providing the response.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-15 23:56:06 +03:00
Jouni Malinen
608adae5ba JSON: Add base64 helper functions
These functions are similar to the base64url helpers but with the base64
(not url) alphabet.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-15 20:19:19 +03:00
Jouni Malinen
c7e6dbdad8 base64: Add no-LF variant for encoding
base64_encode_no_lf() is otherwise identical to base64_encode(), but it
does not add line-feeds to split the output.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-15 20:18:12 +03:00
Jouni Malinen
6dc2c0118a Update DFS terminology in attribute value documentation
Use "client device" as the term for the device that operates under a
guidance of the device responsible for enforcing DFS rules.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-11 21:53:24 +03:00
Muna Sinada
621745917f Allow HE-without-VHT to add the Channel Switch Wrapper element
Modify the check for VHT to include an option for HE in
hostapd_eid_wb_chsw_wrapper() and its callers to allow the Channel
Switch Wrapper element with the Wide Bandwidth Channel Switch subelement
to be included in Beacon and Probe Response frames when AP is operating
in HE mode without VHT.

Signed-off-by: Muna Sinada <msinada@codeaurora.org>
2020-06-11 00:56:45 +03:00
Muna Sinada
d51b1b7a66 Move hostapd_eid_wb_chsw_wrapper() to non-VHT-specific file
Move hostapd_eid_wb_chsw_wrapper() from VHT specific ieee802_11_vht.c to
ieee802_11.c since this can be used for both HE and VHT. This commit
does not change any functionality to enable the HE use case, i.e., the
function is just moved as-is.

Signed-off-by: Muna Sinada <msinada@codeaurora.org>
2020-06-11 00:53:26 +03:00
Rajkumar Manoharan
1f72bbbefb AP: Reject association request upon invalid HE capabilities
Operation in the 6 GHz band mandates valid HE capabilities element in
station negotiation. Reject association request upon receiving invalid
or missing HE elements.

Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
2020-06-10 21:34:38 +03:00
Rajkumar Manoharan
088bef1786 AP: Restrict Vendor VHT to 2.4 GHz only
Vendor VHT IE is used only on the 2.4 GHz band. Restrict the use of
vendor VHT element to 2.4 GHz. This will ensure that invalid/wrong user
configuration will not impact beacon data in other than the 2.4 GHz
band.

Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
2020-06-10 21:30:50 +03:00
Rajkumar Manoharan
6a34bd3007 HE: Use device HE capability instead of HT/VHT for 6 GHz IEs
Previously, 6 GHz Band Capability element was derived from HT and VHT
capabilities of the device. Removes such unnecessary dependency by
relying directly on the HE capability.

In addition, clean up the struct ieee80211_he_6ghz_band_cap definition
to use a 16-bit little endian field instead of two 8-bit fields to match
the definition in P802.11ax.

Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
2020-06-10 21:23:24 +03:00
Rajkumar Manoharan
9272ebae83 nl80211: Fetch HE 6 GHz capability from the driver
Read mode specific HE 6 GHz capability from phy info. This is needed
for futher user config validation and IE construction.

Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
2020-06-10 21:14:56 +03:00
Jouni Malinen
f25c51a9f4 Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2020-05-31.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-06-10 21:12:44 +03:00
Jouni Malinen
518be614f1 SAE-PK: Advertise RSNXE capability bit in STA mode
Set the SAE-PK capability bit in RSNXE when sending out (Re)Association
Request frame for a network profile that allows use of SAE-PK.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-10 12:47:07 +03:00
Jouni Malinen
a77d6d2203 SAE-PK: Update SAE confirm IE design
Move the FILS Public Key element and the FILS Key Confirmation element
to be separate IEs instead of being encapsulated within the SAE-PK
element. This is also removing the unnecessary length field for the
fixed-length EncryptedModifier.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-10 12:47:07 +03:00
Jouni Malinen
363dbf1ece SAE-PK: Remove requirement of SAE group matching SAE-PK (K_AP) group
This was clarified in the draft specification to not be a mandatory
requirement for the AP and STA to enforce, i.e., matching security level
is a recommendation for AP configuration rather than a protocol
requirement.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-10 12:46:49 +03:00
Jouni Malinen
2e80aeae4a WPS UPnP: Support build on OS X
Define MAC address fetching for OS X (by reusing the existing FreeBSD
implementation) to allow full compile testing of the WPS implementation
on a more BSD-like platform.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-09 12:48:13 +03:00
Jouni Malinen
f119f8a04a WPS UPnP: Fix FreeBSD build
struct ifreq does not include the ifr_netmask alternative on FreeBSD, so
replace that more specific name with ifr_addr that works with both Linux
and FreeBSD.

Fixes: 5b78c8f961 ("WPS UPnP: Do not allow event subscriptions with URLs to other networks")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-09 12:43:53 +03:00
Subrat Dash
411e42673f Move local TX queue parameter parser into a common file
This allows the same implementation to be used for wpa_supplicant as
well.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-09 00:17:39 +03:00
Jouni Malinen
85aac526af WPS UPnP: Handle HTTP initiation failures for events more properly
While it is appropriate to try to retransmit the event to another
callback URL on a failure to initiate the HTTP client connection, there
is no point in trying the exact same operation multiple times in a row.
Replve the event_retry() calls with event_addr_failure() for these cases
to avoid busy loops trying to repeat the same failing operation.

These potential busy loops would go through eloop callbacks, so the
process is not completely stuck on handling them, but unnecessary CPU
would be used to process the continues retries that will keep failing
for the same reason.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-08 17:14:45 +03:00
Jouni Malinen
f7d268864a WPS UPnP: Fix event message generation using a long URL path
More than about 700 character URL ended up overflowing the wpabuf used
for building the event notification and this resulted in the wpabuf
buffer overflow checks terminating the hostapd process. Fix this by
allocating the buffer to be large enough to contain the full URL path.
However, since that around 700 character limit has been the practical
limit for more than ten years, start explicitly enforcing that as the
limit or the callback URLs since any longer ones had not worked before
and there is no need to enable them now either.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-08 17:12:20 +03:00
Jouni Malinen
5b78c8f961 WPS UPnP: Do not allow event subscriptions with URLs to other networks
The UPnP Device Architecture 2.0 specification errata ("UDA errata
16-04-2020.docx") addresses a problem with notifications being allowed
to go out to other domains by disallowing such cases. Do such filtering
for the notification callback URLs to avoid undesired connections to
external networks based on subscriptions that any device in the local
network could request when WPS support for external registrars is
enabled (the upnp_iface parameter in hostapd configuration).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-08 17:12:20 +03:00
Jouni Malinen
e30dcda3b1 SAE-PK: Fix FILS Public Key element Key Type for ECDSA
Use value 2 to point to RFC 5480 which describes the explicit
indicatiotion of the public key being in compressed form.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-08 17:11:06 +03:00
Jouni Malinen
4c3fbb2346 SAE-PK: Check minimum password length more accurate
Get the Sec value from the password to check the minimum length based on
the used Sec.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-08 17:11:06 +03:00
Jouni Malinen
43a191b890 tests: Remove too short SAE-PK passwords
This is in preparation of implementation changes to check SAE-PK
password length more accurately based on the Sec value.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-08 17:11:06 +03:00
Jouni Malinen
4ff0df39eb SAE-PK: Testing functionality to allow behavior overrides
The new sae_commit_status and sae_pk_omit configuration parameters and
an extra key at the end of sae_password pk argument can be used to
override SAE-PK behavior for testing purposes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-08 15:21:18 +03:00
Jouni Malinen
0c4ffce464 Allow transition_disable updates during the lifetime of a BSS
This is mainly for testing purposes to allow more convenient checking of
station behavior when a transition mode is disabled.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-07 17:06:52 +03:00
Jouni Malinen
215b4d8a72 FT: Do not add PMKID to the driver for FT-EAP if caching is disabled
wpa_supplicant disables PMKSA caching with FT-EAP by default due to
known interoperability issues with APs. This is allowed only if the
network profile is explicitly enabling caching with
ft_eap_pmksa_caching=1. However, the PMKID for such PMKSA cache entries
was still being configured to the driver and it was possible for the
driver to build an RSNE with the PMKID for SME-in-driver cases. This
could result in hitting the interop issue with some APs.

Fix this by skipping PMKID configuration to the driver fot FT-EAP AKM if
ft_eap_pmksa_caching=1 is not used in the network profile so that the
driver and wpa_supplicant behavior are in sync for this.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-06 16:48:57 +03:00
Min Liu
5cf91afeeb QCA vendor attribute for dynamic bandwidth adjustment
Define QCA vendor attribute in SET(GET)_WIFI_CONFIGURATION to
dynamically configure capabilities for dynamic bandwidth adjustment.

Signed-off-by: Min Liu <minliu@codeaurora.org>
2020-06-06 15:18:13 +03:00
Min Liu
1a28589b28 QCA vendor attributes for setting channel width
Define QCA vendor attribute in SET(GET)_WIFI_CONFIGURATION to
dynamically configure capabilities for channel width.

Signed-off-by: Min Liu <minliu@codeaurora.org>
2020-06-06 15:18:13 +03:00
Tanmay Garg
63653307df Add support for indicating missing driver AKM capability flags
Add support for missing driver AKM capability flags from the list of
RSN_AUTH_KEY_MGMT_* flags and make these available through the
'GET_CAPABILITY key_mgmt' control interface command.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-06 15:18:13 +03:00
Veerendranath Jakkam
18f3f99ac4 Add vendor attributes to configure testing functionality for FT/OCV/SAE
Add new QCA vendor attributes to configure RSNXE Used (FTE), ignore CSA,
and OCI frequency override with QCA vendor command
QCA_NL80211_VENDOR_SUBCMD_WIFI_TEST_CONFIGURATION for STA testbed role.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-06 15:18:13 +03:00
Min Liu
e53756a64e Fix a typo vendor attribute documentation
Fix a typo in comment of enum qca_wlan_tspec_ack_policy.

Signed-off-by: Min Liu <minliu@codeaurora.org>
2020-06-06 15:18:13 +03:00
Sunil Dutt
960e8e5334 QCA vendor attribute to configure NSS
Defines the attribute in SET(GET)_WIFI_CONFIGURATION to dynamically
configure NSS.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-06 15:18:13 +03:00
Jouni Malinen
cc22fb1b86 SAE: Move H2E and PK flags to main sae_data
This maintains knowledge of whether H2E or PK was used as part of the
SAE authentication beyond the removal of temporary state needed during
that authentication. This makes it easier to use information about which
kind of SAE authentication was used at higher layer functionality.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-06 15:18:13 +03:00
Jouni Malinen
40240735bd WPS UPnP: Do not update Beacon frames unnecessarily on subscription removal
There is no need to update the WPS IE in Beacon frames when a
subscription is removed if that subscription is not for an actual
selected registrar. For example, this gets rids of unnecessary driver
operations when a subscription request gets rejected when parsing the
callback URLs.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-04 23:53:55 +03:00
Jouni Malinen
c85b39ec50 SAE-PK: Increment the minimum password length to 9
While this is not explicitly defined as the limit, lambda=8 (i.e., 9
characters with the added hyphen) is needed with Sec=5 to reach the
minimum required resistance to preimage attacks, so use this as an
implicit definition of the password length constraint.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-04 23:53:55 +03:00
Jouni Malinen
2c7b5a2c5f tests: Skip too short SAE-PK passwords in positive testing
Lambda >= 12 is needed with Sec = 2, so drop the shorter password
lengths in the sae_pk and module_wpa_supplicant test cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-04 23:53:33 +03:00
Jouni Malinen
d777156e1f SAE-PK: Determine hash algorithm from K_AP group instead of SAE group
While the current implementation forces these groups to be same, that is
not strictly speaking necessary and the correct group to use here is
K_AP, not the SAE authentication group.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-03 17:30:36 +03:00
Jouni Malinen
20ccf97b3d SAE-PK: AP functionality
This adds AP side functionality for SAE-PK. The new sae_password
configuration parameters can now be used to enable SAE-PK mode whenever
SAE is enabled.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-02 23:25:22 +03:00
Jouni Malinen
00e4fbdcc5 tests: Module test for SAE-PK
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-02 23:25:22 +03:00
Jouni Malinen
6b9e99e571 SAE-PK: Extend SAE functionality for AP validation
This adds core SAE functionality for a new mode of using SAE with a
specially constructed password that contains a fingerprint for an AP
public key and that public key being used to validate an additional
signature in SAE confirm from the AP.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-02 23:25:22 +03:00
Jouni Malinen
b6dcbd01a6 SAE-PK: Identifier definitions
Add the assigned identifiers for SAE-PK elements and fields.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-02 17:56:45 +03:00
Jouni Malinen
aed01b82d3 OpenSSL: Additional EC functionality for SAE-PK
These will be needed for implementing SAE-PK ECDSA signing and signature
verification operations.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-02 17:56:45 +03:00
Jouni Malinen
8c1f61e820 OCV: Report OCI validation failures with OCV-FAILURE messages (STA)
Convert the previously used text log entries to use the more formal
OCV-FAILURE prefix and always send these as control interface events to
allow upper layers to get information about unexpected operating channel
mismatches.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-30 00:24:15 +03:00
Jouni Malinen
661e661186 OCV: Allow OCI channel to be overridden for testing (AP)
Add hostapd configuration parameters oci_freq_override_* to allow the
OCI channel information to be overridden for various frames for testing
purposes. This can be set in the configuration and also updated during
the runtime of a BSS.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-30 00:04:53 +03:00
Jouni Malinen
d10a57f6e9 DPP2: Derive a separate key for enveloped data
Derive a new key from bk to be used as the password for PBKDF2 instead
of using ke for this.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-29 21:42:33 +03:00
Jouni Malinen
32d3360f33 DPP: Fix a typo in a comment
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-29 21:35:26 +03:00
Jouni Malinen
5a7bcb7725 OSEN: Do not send the actual BIGTK to OSEN STAs
OSEN STAs are not authenticated, so do not send the actual BIGTK for
them so that they cannot generate forged protected Beacon frames. This
means that OSEN STAs cannot enable beacon protection.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-29 21:25:02 +03:00
Jouni Malinen
2d6cc0e670 FT: Do not expose GTK/IGTK in FT Reassociation Response frame in OSEN
Do not include the actual GTK/IGTK value in FT protocol cases in OSEN or
with DGAF disabled (Hotspot 2.0). This was already the case for the
EAPOL-Key cases of providing GTK/IGTK, but the FT protocol case was
missed. OSEN cannot really use FT, so that part is not impacted, but it
would be possible to enable FT in a Hotspot 2.0 network that has DGAF
disabled.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-29 21:25:02 +03:00
Jouni Malinen
a998337895 WNM: Do not expose GTK/IGTK in WNM Sleep Mode Response frame in OSEN
Do not include the actual GTK/IGTK value in WNM Sleep Mode Response
frame if WNM Sleep Mode is used in OSEN or in a network where use of GTK
is disabled. This was already the case for the EAPOL-Key cases of
providing GTK/IGTK, but the WNM Sleep Mode exit case was missed.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-29 21:04:40 +03:00
Hu Wang
d578e890eb OWE: Skip beacon update of transition BSS if it is not yet enabled
When a single hostapd process manages both the OWE and open BSS for
transition mode, owe_transition_ifname can be used to clone the
transition mode information (i.e., BSSID/SSID) automatically. When both
BSSs use ACS, the completion of ACS on the 1st BSS sets state to
HAPD_IFACE_ENABLED and the OWE transition mode information is updated
for all the other BSSs. However, the 2nd BSS is still in the ACS phase
and the beacon update messes up the state for AP startup and prevents
proper ACS competion.

If 2nd BSS is not yet enabled (e.g., in ACS), skip beacon update and
defer OWE transition information cloning until the BSS is enabled.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-26 16:23:39 +03:00
Sachin Ahuja
88436baaac Add a vendor attribute to get OEM data
Add an attribute QCA_WLAN_VENDOR_ATTR_OEM_DATA_RESPONSE_EXPECTED
to get the response for the queried data.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-25 23:40:01 +03:00
Sunil Dutt
3f9a89ca1c Vendor attributes for configuring LDPC, TX STBC, RX STBC
Defines the attributes in SET(GET)_WIFI_CONFIGURATION to dynamically
configure capabilities: LDPC, TX STBC, RX STBC.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-25 23:34:37 +03:00
Jouni Malinen
8ee0bc622a OCV: Disconnect STAs that do not use SA Query after CSA
Verify that all associated STAs that claim support for OCV initiate an
SA Query after CSA. If no SA Query is seen within 15 seconds,
deauthenticate the STA.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-25 21:57:04 +03:00
Jouni Malinen
01ceb88c77 OCV: Report validation errors for (Re)Association Request frames
Add the OCV-FAILURE control interface event to notify upper layers of
OCV validation issues in FT and FILS (Re)Association Request frames.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-25 20:46:32 +03:00
Jouni Malinen
a3556d5813 OCV: Report validation errors for EAPOL-Key messages in AP mode
Add the OCV-FAILURE control interface event to notify upper layers of
OCV validation issues in EAPOL-Key msg 2/4 and group 2/2.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-25 19:09:12 +03:00
Jouni Malinen
d52067a5b6 OCV: Report validation errors for SA Query Request/Response in AP mode
Add a new OCV-FAILURE control interface event to notify upper layers of
OCV validation issues. This commit adds this for SA Query processing in
AP mode.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-25 18:42:00 +03:00
Jouni Malinen
52579be860 OCV: Move "OCV failed" prefix to callers
Make reporting of OCV validation failure reasons more flexible by
removing the fixed prefix from ocv_verify_tx_params() output in
ocv_errorstr so that the caller can use whatever prefix or encapsulation
that is most appropriate for each case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-25 18:34:59 +03:00
Vamsi Krishna
2d118f557a OCV: Add support to override channel info OCI element (STA)
To support the STA testbed role, the STA has to use specified channel
information in OCI element sent to the AP in EAPOL-Key msg 2/4, SA Query
Request, and SA Query Response frames. Add override parameters to use
the specified channel while populating OCI element in all these frames.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-25 18:01:44 +03:00
Jouni Malinen
c2080e8657 Clear current PMKSA cache selection on association/roam
It was possible for the RSN state machine to maintain old PMKSA cache
selection (sm->cur_pmksa) when roaming to another BSS based on
driver-based roaming indication. This could result in mismatching state
and unexpected behavior, e.g., with not generating a Suite B PMKSA cache
entry.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-25 16:25:50 +03:00
Jouni Malinen
d9532eb70f Debug print PMK-R0/R1 and PMKR0/R1Name in the helper functions
There is no need to have all callers debug print these separately.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-23 21:45:29 +03:00
Min Liu
5ab8ad4cfe Vendor attributes for ssetting TX A-MSDU and RX A-MSDU parameters
Define QCA vendor attributes for SET(GET)_WIFI_CONFIGURATION to
dynamically configure capabilities for TX A-MSDU and RX A-MSDU.

Signed-off-by: Min Liu <minliu@codeaurora.org>
2020-05-21 00:53:20 +03:00
Min Liu
f7a904a283 QCA vendor command for adding and deleting TSPEC
Add a QCA vendor subcommand QCA_NL80211_VENDOR_SUBCMD_CONFIG_TSPEC
to add and delete TSPEC in STA mode.
The attributes defined in enum qca_wlan_vendor_attr_config_tspec
are used to encapsulate required information.

Signed-off-by: Min Liu <minliu@codeaurora.org>
2020-05-21 00:48:11 +03:00
Kiran Kumar Lokere
82867456e9 Vendor attributes to configure PMF protection and disassoc Tx for testing
Add new QCA vendor attributes to configure misbehavior for PMF
protection for Management frames and to inject Disassociation frames.

These attributes are used for testing purposes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-21 00:35:54 +03:00
Vamsi Krishna
e5e2757455 Add QCA vendor interface support to configure PHY modes
Add an attribute that can be used with
QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION vendor command to
configure different PHY modes to the driver/firmware.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-21 00:33:55 +03:00
Sunil Dutt
db0d0b84af nl80211: Control the registration for RRM frame with driver_param
wpa_supplicant registered to process the Radio Measurement Request
frames unconditionally. This would prevent other location based
applications from handling these frames. Enable such a use case by
allowing wpa_supplicant to be configured not to register to process
these frames. This can now be done by adding "no_rrm=1" to the
driver_param configuration parameter.

In addition, wpa_driver_nl80211_init() does not have the provision to
take driver_params. Hence, resubscribe again with cfg80211 when this
driver parameter "no_rrm=1" is set after the initial setup steps.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-21 00:30:54 +03:00
Rajkumar Manoharan
dd2daf0848 HE: Process HE 6 GHz band capab from associating HE STA
Process HE 6 GHz band capabilities in (Re)Association Request frames and
pass the information to the driver.

Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
2020-05-17 17:22:34 +03:00
Rajkumar Manoharan
db603634a9 HE: Add 6 GHz Band Capabilities element in Beacon and response frames
Construct HE 6 GHz Band Capabilities element (IEEE 802.11ax/D6.0,
9.4.2.261) from HT and VHT capabilities and add it to Beacon, Probe
Response, and (Re)Association Response frames when operating on the 6
GHz band.

Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
2020-05-17 16:47:18 +03:00
Rajkumar Manoharan
88911a0aa4 HE: Add HE 6 GHz Band Capabilities into ieee802_11_parse_elems()
Handle 6 GHz band capability element parsing for association.

Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
2020-05-17 16:38:00 +03:00
Rajkumar Manoharan
b2c0b83c66 HE: Remove VHT Operation Information from HE Operation element
The VHT Operation Information subfield is conditonally present, so do
not hardcoded it in struct ieee80211_he_operation. These members of the
struct are not currently used, so these can be removed without impact to
functionality.

Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
2020-05-17 16:32:49 +03:00
Rajkumar Manoharan
e297a5bfda HE: Define 6 GHz band capability elements
Defines IEEE P802.11ax/D6.0, 9.4.2.261 HE 6 GHz Band Capabilities
element and 6 GHz Operation Information field of HE Operation element
(IEEE P802.11ax/D6.0, Figure 9-787k).

Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
2020-05-17 16:24:08 +03:00
neo_jou
025ab330b4 ACS: Channel selection based freqlist
When doing ACS, check freqlist also if it is specified.

Signed-off-by: neojou <neojou@gmail.com>
2020-05-17 01:31:19 +03:00
Jouni Malinen
4ae3f39720 Add a helper function for recognizing BIP enum wpa_alg values
Use a shared wpa_alg_bip() function for this and fix the case in
nl_add_key() to cover all BIP algorithms. That fix does not change any
behavior since the function is not currently used with any BIP
algorithm, but it is better to avoid surprises should it ever be needed
with IGTK.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-17 01:31:19 +03:00
Jouni Malinen
d3cab56c04 Rename WPA_ALG_IGTK to use the correct cipher name for BIP
IGTK is the key that is used a BIP cipher. WPA_ALG_IGTK was the
historical name used for this enum value when only the AES-128-CMAC
based BIP algorithm was supported. Rename this to match the style used
with the other BIP options.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-17 01:31:19 +03:00
Johannes Berg
bd1aebbd08 hostapd: Extend RESET_PN for BIGTK
Extend the RESET_PN command to allow resetting the BIGTK PN
for testing.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-05-17 01:31:16 +03:00
Jouni Malinen
df49c53f4a Fix a typo in a comment
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-16 22:12:46 +03:00
Jouni Malinen
eb595b3e3a wolfssl: Fix crypto_bignum_rand() implementation
The previous implementation used mp_rand_prime() to generate a random
value in range 0..m. That is insanely slow way of generating a random
value since mp_rand_prime() is for generating a random _prime_ which is
not what is needed here. Replace that implementation with generationg of
a random value in the requested range without doing any kind of prime
number checks or loops to reject values that are not primes.

This speeds up SAE and EAP-pwd routines by couple of orders of
magnitude..

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-16 21:02:17 +03:00
Jouni Malinen
6a28c4dbc1 wolfssl: Fix compiler warnings on size_t printf format use
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-16 21:01:51 +03:00
Jouni Malinen
f2dbaa8ace SAE: Fix a typo in a comment
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-16 21:01:32 +03:00
Petr Štetiar
3e1a130107 nl80211: Change AKM suite limit from warning to debug print
Commit dd74ddd0df ("nl80211: Handle AKM suite selectors for AP
configuration") added warning log message "nl80211: Not enough room for
all AKM suites (num_suites=X > NL80211_MAX_NR_AKM_SUITES)" which in some
cases fills logs every 3 seconds, so fix this by increasing the log
message level to debug.

Reported-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Ref: https://patchwork.ozlabs.org/project/openwrt/patch/20200504130757.12736-1-ynezz@true.cz/#2429246
Fixes: dd74ddd0df ("nl80211: Handle AKM suite selectors for AP configuration")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
2020-05-16 15:51:11 +03:00
Jouni Malinen
5a04a76aa2 Ignore Management frames while AP interface is not fully enabled
It is possible for drivers to report received Management frames while AP
is going through initial setup (e.g., during ACS or DFS CAC). hostapd
and the driver is not yet ready for actually sending out responses to
such frames at this point and as such, it is better to explicitly ignore
such received frames rather than try to process them and have the
response (e.g., a Probe Response frame) getting dropped by the driver as
an invalid or getting out with some incorrect information.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-16 12:16:34 +03:00
Jouni Malinen
c82535edd6 Move deauthentication at AP start to be after beacon configuration
This allows nl80211-based drivers to get the frame out. The old earlier
location resulted in the driver operation getting rejected before the
kernel was not ready to transmit the frame in the BSS context of the AP
interface that has not yet been started.

While getting this broadcast Deauthentication frame transmitted at the
BSS start is not critical, it is one more chance of getting any
previously associated station notified of their previous association not
being valid anymore had they missed previous notifications in cases
where the AP is stopped and restarted.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-16 11:38:09 +03:00
Jouni Malinen
094c8a6218 Remove unnecessary key clearing at AP start with nl80211
cfg80211 takes care of key removal when link/association is lost, so
there is no need to explicitly clear old keys when starting AP.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-16 11:28:03 +03:00
Jouni Malinen
04030e8c0d nl80211: Remove AP mode interface from bridge for STA-mode-scan
Linux bridging code does not allow a station mode WLAN interface in a
bridge and this prevents the AP mode scan workaround from working if the
AP interface is in a bridge and scanning can be only done by moving to
STA mode. Extend this workaround to remove the interface from the bridge
temporarily for the duration of the scan, i.e., for the same duration as
the interface needs to be moved into the station.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-15 21:23:50 +03:00
Jouni Malinen
98e4b38403 DPP2: Chirping in hostapd Enrollee
Add a new hostapd control interface command "DPP_CHIRP own=<BI ID>
iter=<count>" to request chirping, i.e., sending of Presence
Announcement frames, to be started. This follows the model of similar
wpa_supplicant functionality from commit 562f77144c ("DPP2: Chirping
in wpa_supplicant Enrollee"). The hostapd case requires the AP to be
started without beaconing, i.e., with start_disabled=1 in hostapd
configuration, to allow iteration of channels needed for chirping.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-13 17:59:05 +03:00
Jouni Malinen
95471fc3e8 Handle hostapd_for_each_interface() at the process termination
Clean struct hapd_interfaces pointers and interface count during
deinitialization at the end of theh ostapd process termination so that a
call to hostapd_for_each_interface() after this does not end up
dereferencing freed memory. Such cases do not exist before this commit,
but can be added after this, e.g., for DPP needs.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-13 17:39:01 +03:00
Jouni Malinen
99809c7a44 nl80211: Disable offchannel-ok in AP mode only if beaconing
When hostapd is started without beaconing (start_disabled=1), Public
Action frame transmission command through nl80211 needs to allow
offchannel operations regardless of the operating channel configuration.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-13 17:09:52 +03:00
Jouni Malinen
0f58c88fc3 DPP2: Fix CONFIG_DPP2=y build with OpenSSL 1.0.2
This file needs the EVP_PKEY_get0_EC_KEY() compatibility wrapper just
like other DPP source code files using this function.

Fixes: 21c612017b ("DPP: Move configurator backup into a separate source code file")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-12 21:02:39 +03:00
Veerendranath Jakkam
b67bedf2e3 nl80211: Fetch information on supported AKMs from the driver
The driver can advertise supported AKMs per wiphy and/or per interface.
Populate per interface supported AKMs based on the driver advertisement
in the following order of preference:
1. AKM suites advertised by NL80211_ATTR_IFTYPE_AKM_SUITES
2. AKM suites advertised by NL80211_ATTR_AKM_SUITES
If neither of these is available:
3. AKMs support is assumed as per legacy behavior.

In addition, extend other driver interface wrappers to set the
per-interface values based on the global capability indication.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-05-12 16:57:17 +03:00
Veerendranath Jakkam
6fffb320fc nl80211: Remove QCA vendor specific AKM capability handling
Since this functionality was not used for anything in practice, it is
easier to simply remove this functionality completely to avoid potential
conflicts in using the kernel tree upstream commit ab4dfa20534e
("cfg80211: Allow drivers to advertise supported AKM suites").

This is practically reverting the commit 8ec7c99ee4 ("nl80211: Fetch
supported AKM list from the driver").

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-05-12 16:41:22 +03:00
Jouni Malinen
db59827a3c DPP2: Extend TCP encapsulation case to support Configurator as Initiator
This allows DPP_AUTH_INIT to be used with tcp_addr=<dst> argument and
Configurator parameters to perform Configurator initiated DPP
provisioning over TCP. Similarly, DPP_CONTROLLER_START can now be used
to specify Configurator/Enrollee roles and extend Controller to work in
Enrollee role.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-12 14:48:49 +03:00
Jouni Malinen
890ae336c0 DPP2: Clean up CONFIG_DPP2 use with configurator connectivity IE
Avoid duplicated return statement in CONFIG_DPP2=y builds.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 17:30:26 +03:00
Jouni Malinen
7f20a3ebda DPP2: Reconfiguration support in Controller
Add handling of Reconfiguration messages in Controller.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 17:26:11 +03:00
Jouni Malinen
6dcb8aaf13 DPP2: Reconfig Announcement relaying from AP to Controller
Recognize the Reconfig Announcement message type and handle it similarly
to the Presence Announcement in the Relay, i.e., send it to the first
Controller if the local Configurator does not have matching C-sign-key.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 17:26:11 +03:00
Jouni Malinen
3b4f7dfaa1 DPP2: Fix Presence Announcement processing in Controller
Use the new struct dpp_authentication instance when setting Configurator
parameters for authentication exchange triggered by Presence
Announcement. conn->auth is NULL here and would cause dereferencing of a
NULL pointer if dpp_configurator_params is set.

Fixes: fa5143feb3 ("DPP2: Presence Announcement processing in Controller")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 17:26:11 +03:00
Jouni Malinen
5e2d877cc4 DPP: Mark internal-to-file functions static
These functions are not used outside dpp_crypto.c anymore.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 17:26:11 +03:00
Jouni Malinen
3aaf269f67 DPP: Move TCP encapsulation into a separate source code file
This continues splitting dpp.c into smaller pieces.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 17:26:11 +03:00
Jouni Malinen
21c612017b DPP: Move configurator backup into a separate source code file
This continues splitting dpp.c into smaller pieces.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 17:26:11 +03:00
Jouni Malinen
fdbbb74064 DPP: Move authentication functionality into a separate source code file
This continues splitting dpp.c into smaller pieces.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 17:26:11 +03:00