This adds a counter and adds sequence numbering to FT RRB packets. The
sequence number is checked against r0kh/r1kh sequence number cache.
Special attention is needed in case the remote AP reboots and thus loses
its state. I prefer it to recover automatically even without synchronized
clocks. Therefore an identifier called dom is generated randomly along the
initial sequence number. If the dom transmitted does not match or the
sequence number is not in the range currently expected, the sender is asked
for a fresh confirmation of its currently used sequence numbers. The packet
that triggered this is cached and processed again later.
Additionally, in order to ensure freshness, the remote AP includes an
timestamp with its messages. It is then verified that the received
messages are indeed fresh by comparing it to the older timestamps
received and the time elapsed since then. Therefore FT_RRB_TIMESTAMP is
no longer needed.
This assigns new OUI 00:13:74 vendor-specific subtype 0x0001 subtypes:
4 (SEQ_REQ) and 5 (SEQ_RESP).
This breaks backward compatibility, i.e., hostapd needs to be updated
on all APs at the same time to allow FT to remain functional.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
This updates the AP-to-AP keys to the longer form and OOM test case
functions to match the new implementation.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Convert FT RRB into a new TLV based format. Use AES-SIV as AEAD cipher
to protect the messages.
This needs at least 32 byte long keys. These can be provided either
by a config file change or letting a KDF derive the 32 byte key used
from the 16 byte key given.
This breaks backward compatibility, i.e., hostapd needs to be updated on
all APs at the same time to allow FT to remain functional.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Replace the previously used extension of IEEE 802.11 managed Ethertype
89-0d (originally added for Remote Request/Response in IEEE 802.11r)
with Ethertype 88-b7 (OUI Extended EtherType) for FT inter-AP
communication. The new design uses a more properly assigned identifier
for the messages.
This assigns the OUI 00:13:74 vendor-specific subtype 0x0001 for the new
hostapd AP-to-AP communication purposes. Subtypes 1 (PULL), 2 (RESP),
and 3 (PUSH) are also assigned in this commit for the R0KH-R1KH
protocol.
This breaks backward compatibility, i.e., hostapd needs to be updated on
all APs at the same time to allow FT to remain functional.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
The cfg80211 connect command extension to allow roaming request from
user space while connect was added to the kernel, so uncomment the
previously commented out TODO item to verify this behavior.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If the driver provides input on MBO transition candidate handling, the
target value in get_mbo_transition_candidate() can be NULL if the driver
provided BSSID is not found in the wpa_supplicant BSS table. And later
it would be dereferenced. Fix this by adding an explicit check before
dereferencing the pointer.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The check for erp->keyname_nai within eap_erp_get_key() is apparently
too difficult for some static analyzers to notice. Add an explicit check
for os_strchr() return value being non-NULL to avoid false reports.
Signed-off-by: Jouni Malinen <j@w1.fi>
These functions can potentially be called with ie == NULL and ie_len ==
0. Check explitcitly for the ie == NULL case to avoid confusing
memcpy(dst, NULL, 0) calls.
Signed-off-by: Jouni Malinen <j@w1.fi>
wpa_supplicant build with MBO enabled failed in CONFIG_WNM=y was not
specified explicitly. Add the WNM dependency automatically to avoid
needing explicit addition in build configuration.
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit 941caed980 ('MBO: Add MBO
ANQP-element processing on AP') changed the design by using the
rx_anqp_vendor_specific() function to process all ANQP vendor specific
elements. However, the caller for this was within ifdef CONFIG_HS20
block. Fix this by calling the function even in CONFIG_HS20=y is not
included in the build. This fixes CONFIG_MBO=y builds without
CONFIG_HS20=y.
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit 34f2851902 ('MBO: Parse MBO
ANQP-element on STA') started using the type variable outside
CONFIG_HS20 block, but forgot to remove the ifdef from the variable
declaration.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was apparently possible for the P2P_FIND operation to terminate
before the peer device was found. Increase the timeout to avoid this.
Signed-off-by: Jouni Malinen <j@w1.fi>
Disconnection due to DISABLE_NETWORK while being connected was resulting
in the AP getting blacklisted. Avoid this by setting own_disconnect_req
on a disconnect request due to DISABLE_NETWORK similarly to the
SELECT_NETWORK disconnection case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When starting AP in HT40 mode and both HT40+ and HT40- options are
specified in hostapd.conf, select a valid secondary channel for the AP
automatically.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds a string "FILS_HLP_SENT" to connect event when HLP is sent
as part of ASSOC/CONNECT request.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
ieee802_1x_kay_move_live_peer() did not check
ieee802_1x_kay_get_potential_peer() result explicitly and a static
analyzer reported a warning about the possible NULL result. This cannot
really happen in practice since the only caller of
ieee802_1x_kay_move_live_peer() verifies that the specific peer entry is
available. Anyway, it is easy to silence the false warning by adding an
explicit check here and cover any other potential case if another caller
is added.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Allow this function to be called from outside ieee802_11.c and with the
final steps replaced through a callback function.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This function does not need the frame header, so pass in only the IE
area to make it easier to share this for driver-based AP SME handling.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is used with partial AP SME in driver cases to enable FILS
association (AES-SIV) processing.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is needed to allow the driver SME to perform the needed AES-SIV
operations during FILS association.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This makes it easier to add more parameters without having to change the
callback function prototype.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This will be used to determine what type of operations to use for STA
authentication and association.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit defines an attribute
QCA_WLAN_VENDOR_ATTR_EXTERNAL_ACS_EVENT_POLICY to signify the preferred
channel list policy for external ACS.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If the uuid configuration parameter is not set, wpa_supplicant generates
an UUID automatically to allow WPS operations to proceed. This was
previously always using an UUID generated from the MAC address. This
commit adds an option to use a random UUID instead. The type of the
automatically generated UUID is set with the auto_uuid parameter: 0 =
based on MAC address (default; old behavior), 1 = random UUID.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
While responding to EAPOL-Key message 1/2 with EAPOL-Key message 2/2
when using FILS AKM suites the ENCRYPTED bit is not set in key info of
2/2 which causes AP to drop 2/2. Fix this by setting the ENCRYPTED bit
since FILS AKM based connection uses AEAD encryption/decryption.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
GTK rekeying was rejected if a prior 4-way handshake is not done.
Fix this by allowing GTK rekey to happen in case of a FILS connection
since it does not involve a 4-way handshake.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add a new PMKSA cache entry within wpa_supplicant if a driver event from
offloaded FILS shared key authentication indicates a new PMKSA entry was
created.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This keeps the internal ERP information within wpa_supplicant in sync
with the driver when offloading FILS shared key authentication.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Update the internal fils_completed state when offloading FILS shared key
authentication to the driver.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add FILS/ERP parameters into the driver connect command to support FILS
shared key authentication offload.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This was already done in sme_send_authentication() for the case where
wpa_supplicant SME is used. Similar change is needed for driver-SME to
allow FILS authentication to be offloaded to the driver.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Michael Braun